dcavalca / rpms / util-linux

Forked from rpms/util-linux 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0155-lslogins-fix-password-verification.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic-beta c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   05ad7918e5d3cda2b0e48933251e9fb3bb3c5c3a
  2.   SOURCES
  3.   0155-lslogins-fix-password-verification.patch
Blob History Raw
05ad79 
From f769cb435c4db2e7f6d11e14fe87a1c81e0912fe Mon Sep 17 00:00:00 2001
05ad79 
From: Karel Zak <kzak@redhat.com>
05ad79 
Date: Wed, 23 May 2018 12:43:26 +0200
05ad79 
Subject: [PATCH 155/173] lslogins: fix password verification
05ad79
05ad79 
Let's follow the standard $id$salt$encrypted password format in
05ad79 
verification code.
05ad79
05ad79 
The current code is useless and for example PWD-LOCK column is always
05ad79 
FALSE.
05ad79
05ad79 
Upstream: http://github.com/karelzak/util-linux/commit/214fbec40abf0432b8e7968f05024ee76d11b3c7
05ad79 
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1581611
05ad79 
Signed-off-by: Karel Zak <kzak@redhat.com>
05ad79 
---
05ad79 
 login-utils/lslogins.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++---
05ad79 
 1 file changed, 74 insertions(+), 4 deletions(-)
05ad79
05ad79 
diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
05ad79 
index d7a24b1fb..041053625 100644
05ad79 
--- a/login-utils/lslogins.c
05ad79 
+++ b/login-utils/lslogins.c
05ad79 
@@ -541,14 +541,84 @@ static int get_nprocs(const uid_t uid)
05ad79 
 	return nprocs;
05ad79 
 }
05ad79
05ad79 
+static const char *get_pwd_method(const char *str, const char **next, unsigned int *sz)
05ad79 
+{
05ad79 
+	const char *p = str;
05ad79 
+	const char *res = NULL;
05ad79 
+
05ad79 
+	if (!p || *p++ != '$')
05ad79 
+		return NULL;
05ad79 
+
05ad79 
+	if (sz)
05ad79 
+		*sz = 0;
05ad79 
+
05ad79 
+	switch (*p) {
05ad79 
+	case '1':
05ad79 
+		res = "MD5";
05ad79 
+		if (sz)
05ad79 
+			*sz = 22;
05ad79 
+		break;
05ad79 
+	case '2':
05ad79 
+		p++;
05ad79 
+		if (*p == 'a' || *p == 'y')
05ad79 
+			res = "Blowfish";
05ad79 
+		break;
05ad79 
+	case '5':
05ad79 
+		res = "SHA-256";
05ad79 
+		if (sz)
05ad79 
+			*sz = 43;
05ad79 
+		break;
05ad79 
+	case '6':
05ad79 
+		res = "SHA-512";
05ad79 
+		if (sz)
05ad79 
+			*sz = 86;
05ad79 
+		break;
05ad79 
+	default:
05ad79 
+		return NULL;
05ad79 
+	}
05ad79 
+	p++;
05ad79 
+
05ad79 
+	if (!*p || *p != '$')
05ad79 
+		return NULL;
05ad79 
+	if (next)
05ad79 
+		*next = ++p;
05ad79 
+	return res;
05ad79 
+}
05ad79 
+
05ad79 
+#define is_valid_pwd_char(x)	(isalnum((unsigned char) (x)) || (x) ==  '.' || (x) == '/')
05ad79 
+
05ad79 
 static int valid_pwd(const char *str)
05ad79 
 {
05ad79 
-	const char *p;
05ad79 
+	const char *p = str;
05ad79 
+	unsigned int sz = 0, n;
05ad79 
+
05ad79 
+	/* $id$ */
05ad79 
+	if (get_pwd_method(str, &p, &sz) == NULL)
05ad79 
+		return 0;
05ad79 
+	if (!*p)
05ad79 
+		return 0;
05ad79
05ad79 
-	for (p = str; p && *p; p++)
05ad79 
-		if (!isalnum((unsigned int) *p))
05ad79 
+	/* salt$ */
05ad79 
+	for (; p && *p; p++) {
05ad79 
+		if (*p == '$') {
05ad79 
+			p++;
05ad79 
+			break;
05ad79 
+		}
05ad79 
+		if (!is_valid_pwd_char(*p))
05ad79 
 			return 0;
05ad79 
-	return p > str ? 1 : 0;
05ad79 
+	}
05ad79 
+	if (!*p)
05ad79 
+		return 0;
05ad79 
+
05ad79 
+	/* encrypted */
05ad79 
+	for (n = 0; p && *p; p++, n++) {
05ad79 
+		if (!is_valid_pwd_char(*p))
05ad79 
+			return 0;
05ad79 
+	}
05ad79 
+
05ad79 
+	if (sz && n != sz)
05ad79 
+		return 0;
05ad79 
+	return 1;
05ad79 
 }
05ad79
05ad79 
 static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const char *username)
05ad79 
--
05ad79 
2.14.4
05ad79

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation