rpms / yp-tools

Clone
Source Code
GIT

Blame SOURCES/yp-tools-2.12-hash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s
  1.   c8
  2.   SOURCES
  3.   yp-tools-2.12-hash.patch
Blob History Raw
5f1be0 
diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in
5f1be0 
--- yp-tools-2.12/man/yppasswd.1.in.hash	2011-09-09 16:18:49.469037058 +0200
5f1be0 
+++ yp-tools-2.12/man/yppasswd.1.in	2011-09-09 16:20:19.101030930 +0200
5f1be0 
@@ -81,6 +81,12 @@ for authentication with the
5f1be0 
 .BR yppasswdd (8)
5f1be0 
 daemon. Subsequently, the
5f1be0 
 program prompts for the updated information:
5f1be0 
+.P
5f1be0 
+If we use shadowing passwords using passwd.adjunct, SHA-512 will be
5f1be0 
+used for hashing a new password by default. If we want to use MD5,
5f1be0 
+SHA_256 or older DES, we need to set the environment variable
5f1be0 
+YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and
5f1be0 
+"SHA-512" (value is case-insensitive).
5f1be0 
 .\"
5f1be0 
 .\"
5f1be0 
 .IP "\fByppasswd\fP or \fB-p\fP"
5f1be0 
diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c
5f1be0 
--- yp-tools-2.12/src/yppasswd.c.hash	2011-09-09 16:20:35.360029823 +0200
5f1be0 
+++ yp-tools-2.12/src/yppasswd.c	2011-09-09 16:25:21.589010245 +0200
5f1be0 
@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_
5f1be0 
     close (fd);
5f1be0 
 }
5f1be0
5f1be0 
+
5f1be0 
+/*
5f1be0 
+ * Reads environment variable YP_PASSWD_HASH and returns hash id.
5f1be0 
+ * Possible values are MD5, SHA-256, SHA-512 and DES.
5f1be0 
+ * If other value is set or it is not set at all, SHA-512 is used.
5f1be0 
+ */
5f1be0 
+static int
5f1be0 
+get_env_hash_id()
5f1be0 
+{
5f1be0 
+  const char *v = getenv("YP_PASSWD_HASH");
5f1be0 
+  if (!v)
5f1be0 
+    return SHA_512;
5f1be0 
+
5f1be0 
+  if (!strcasecmp(v, "DES"))
5f1be0 
+    return DES;
5f1be0 
+
5f1be0 
+  if (!strcasecmp(v, "SHA-256"))
5f1be0 
+    return SHA_256;
5f1be0 
+
5f1be0 
+  if (!strcasecmp(v, "MD5"))
5f1be0 
+    return MD5;
5f1be0 
+
5f1be0 
+  return SHA_512;
5f1be0 
+}
5f1be0 
+
5f1be0 
+
5f1be0 
 int
5f1be0 
 main (int argc, char **argv)
5f1be0 
 {
5f1be0 
@@ -723,6 +749,15 @@ main (int argc, char **argv)
5f1be0
5f1be0 
       hash_id = get_hash_id (pwd->pw_passwd);
5f1be0
5f1be0 
+      /* If we use passwd.adjunct, there is no magic value like $1$ in the
5f1be0 
+       * beginning of password, but ##username instead. Thus, SHA_512 will be
5f1be0 
+       * used for hashing a new password by default. If we want to use DES,
5f1be0 
+       * MD5 or SHA_256, we need to set the environment variable
5f1be0 
+       * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES).
5f1be0 
+       */
5f1be0 
+      if (strncmp(pwd->pw_passwd, "##", 2) == 0)
5f1be0 
+        hash_id = get_env_hash_id();
5f1be0 
+
5f1be0 
       /* Preserve 'rounds=<N>$' (if present) in case of SHA-2 */
5f1be0 
       if (hash_id == SHA_256 || hash_id == SHA_512)
5f1be0 
 	{

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation