diff options
Diffstat (limited to 'support-use-sm3-crypt-user-password.patch')
| -rw-r--r-- | support-use-sm3-crypt-user-password.patch | 234 |
1 files changed, 234 insertions, 0 deletions
diff --git a/support-use-sm3-crypt-user-password.patch b/support-use-sm3-crypt-user-password.patch new file mode 100644 index 0000000..9fc3cbe --- /dev/null +++ b/support-use-sm3-crypt-user-password.patch @@ -0,0 +1,234 @@ +From b311b645f9447f7e765b0e418d3f37c32e2702e1 Mon Sep 17 00:00:00 2001 +From: liuxin <liuxin264@huawei.com> +Date: Mon, 7 Nov 2022 19:07:50 +0800 +Subject: [PATCH] support use sm3 crypt user password + +--- + po/zh_CN.po | 5 ++++ + pyanaconda/core/users.py | 5 +++- + pyanaconda/ui/gui/spokes/root_password.glade | 15 ++++++++++++ + pyanaconda/ui/gui/spokes/root_password.py | 16 ++++++++++++- + pyanaconda/ui/gui/spokes/user.glade | 16 ++++++++++++- + pyanaconda/ui/gui/spokes/user.py | 14 ++++++++++- + .../pyanaconda_tests/test_crypt_password.py | 23 +++++++++++++++++++ + 7 files changed, 90 insertions(+), 4 deletions(-) + create mode 100644 tests/unit_tests/pyanaconda_tests/test_crypt_password.py + +diff --git a/po/zh_CN.po b/po/zh_CN.po +index e31f0b2..8f48aad 100644 +--- a/po/zh_CN.po ++++ b/po/zh_CN.po +@@ -7640,3 +7640,8 @@ msgstr "开始安装到硬盘" + #~ msgstr[0] "" + #~ "<b>%(count)d 个磁盘;容量 %(size)s;空闲空间 %(free)s</b> (包括未分区及文" + #~ "件系统内的部分)" ++ ++#: pyanaconda/ui/gui/spokes/root_password.glade:215 ++#: pyanaconda/ui/gui/spokes/user.glade:278 ++msgid "Use SM3 to encrypt the password" ++msgstr "使用SM3算法加密密码" +diff --git a/pyanaconda/core/users.py b/pyanaconda/core/users.py +index c2d14e2..649fad6 100644 +--- a/pyanaconda/core/users.py ++++ b/pyanaconda/core/users.py +@@ -38,7 +38,7 @@ from pyanaconda.anaconda_loggers import get_module_logger + log = get_module_logger(__name__) + + +-def crypt_password(password): ++def crypt_password(password, algo=None): + """Crypt a password. + + Process a password with appropriate salted one-way algorithm. +@@ -51,6 +51,9 @@ def crypt_password(password): + # so we need to generate the setting ourselves + b64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + setting = "$y$j9T$" + "".join(sr().choice(b64) for _sc in range(24)) ++ ++ if algo == "sm3": ++ setting = crypt.METHOD_SM3 + + # and try to compute the password hash using our yescrypt setting + try: +diff --git a/pyanaconda/ui/gui/spokes/root_password.glade b/pyanaconda/ui/gui/spokes/root_password.glade +index f710439..53bc90c 100644 +--- a/pyanaconda/ui/gui/spokes/root_password.glade ++++ b/pyanaconda/ui/gui/spokes/root_password.glade +@@ -328,6 +328,21 @@ The root user (also known as super user) has complete access to the entire syste + <property name="position">1</property> + </packing> + </child> ++ <child> ++ <object class="GtkCheckButton" id="passwd_sm3"> ++ <property name="label" translatable="yes">Use SM3 to encrypt the password</property> ++ <property name="can_focus">True</property> ++ <property name="receives_default">False</property> ++ <property name="halign">start</property> ++ <property name="draw_indicator">True</property> ++ <signal name="clicked" handler="on_sm3_clicked" swapped="no"/> ++ </object> ++ <packing> ++ <property name="expand">False</property> ++ <property name="fill">True</property> ++ <property name="position">3</property> ++ </packing> ++ </child> + </object> + </child> + </object> +diff --git a/pyanaconda/ui/gui/spokes/root_password.py b/pyanaconda/ui/gui/spokes/root_password.py +index f2e389d..062f59d 100644 +--- a/pyanaconda/ui/gui/spokes/root_password.py ++++ b/pyanaconda/ui/gui/spokes/root_password.py +@@ -68,6 +68,8 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + NormalSpoke.__init__(self, *args) + GUISpokeInputCheckHandler.__init__(self) + self._users_module = USERS.get_proxy() ++ # sm3 password method ++ self._passwd_method_sm3 = False + + def initialize(self): + NormalSpoke.initialize(self) +@@ -83,6 +85,9 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + self._root_password_ssh_login_override.set_no_show_all(True) + self._revealer = self.builder.get_object("password_revealer") + ++ # sm3 object ++ self._passwd_method_button = self.builder.get_object("passwd_sm3") ++ + # Install the password checks: + # - Has a password been specified? + # - If a password has been specified and there is data in the confirm box, do they match? +@@ -179,9 +184,15 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + return not self._users_module.CheckAdminUserExists() + + def apply(self): ++ ++ if self._passwd_method_sm3 is True: ++ algo = "sm3" ++ else: ++ algo = None ++ + if self.root_enabled and self.password: + # Set the root password. +- self._users_module.SetCryptedRootPassword(crypt_password(self.password)) ++ self._users_module.SetCryptedRootPassword(crypt_password(self.password, algo)) + + # Unlock the root account. + self._users_module.SetRootAccountLocked(False) +@@ -330,3 +341,6 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + self._revealer.set_reveal_child(unlocked) + if unlocked: + self.password_entry.grab_focus() ++ ++ def on_sm3_clicked(self, button): ++ self._passwd_method_sm3 = self._passwd_method_button.get_active() +diff --git a/pyanaconda/ui/gui/spokes/user.glade b/pyanaconda/ui/gui/spokes/user.glade +index 4783a9f..2e844fa 100644 +--- a/pyanaconda/ui/gui/spokes/user.glade ++++ b/pyanaconda/ui/gui/spokes/user.glade +@@ -277,6 +277,20 @@ + <property name="top-attach">3</property> + </packing> + </child> ++ <child> ++ <object class="GtkCheckButton" id="passwd_sm3"> ++ <property name="label" translatable="yes">Use SM3 to encrypt the password</property> ++ <property name="can_focus">True</property> ++ <property name="receives_default">False</property> ++ <property name="halign">start</property> ++ <property name="draw_indicator">True</property> ++ <signal name="clicked" handler="on_sm3_clicked" swapped="no"/> ++ </object> ++ <packing> ++ <property name="left_attach">1</property> ++ <property name="top_attach">8</property> ++ </packing> ++ </child> + <child> + <!-- n-columns=3 n-rows=3 --> + <object class="GtkGrid" id="grid2"> +@@ -324,7 +338,7 @@ + </object> + <packing> + <property name="left-attach">1</property> +- <property name="top-attach">8</property> ++ <property name="top-attach">9</property> + </packing> + </child> + <child> +diff --git a/pyanaconda/ui/gui/spokes/user.py b/pyanaconda/ui/gui/spokes/user.py +index 5b16443..cb62873 100644 +--- a/pyanaconda/ui/gui/spokes/user.py ++++ b/pyanaconda/ui/gui/spokes/user.py +@@ -261,6 +261,8 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + + self._users_module = USERS.get_proxy() + self._password_is_required = True ++ # sm3 password method ++ self._passwd_method_sm3 = False + + def initialize(self): + NormalSpoke.initialize(self) +@@ -294,6 +296,9 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + self._password_bar = self.builder.get_object("password_bar") + self._password_label = self.builder.get_object("password_label") + ++ # sm3 object ++ self._passwd_method_button = self.builder.get_object("passwd_sm3") ++ + # Install the password checks: + # - Has a password been specified? + # - If a password has been specified and there is data in the confirm box, do they match? +@@ -470,7 +475,11 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + if self.password_required: + if self.password: + self.password_kickstarted = False +- self.user.password = crypt_password(self.password) ++ if self._passwd_method_sm3 is True: ++ algo = "sm3" ++ else: ++ algo = None ++ self.user.password = crypt_password(self.password, algo) + self.user.is_crypted = True + self.remove_placeholder_texts() + +@@ -696,3 +705,6 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + NormalSpoke.on_back_clicked(self, button) + else: + log.info("Return to hub prevented by password checking rules.") ++ ++ def on_sm3_clicked(self, button): ++ self._passwd_method_sm3 = self._passwd_method_button.get_active() +diff --git a/tests/unit_tests/pyanaconda_tests/test_crypt_password.py b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py +new file mode 100644 +index 0000000..c2e1e4c +--- /dev/null ++++ b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py +@@ -0,0 +1,23 @@ ++from pyanaconda.core.users import crypt_password
++import unittest
++import crypt
++import os
++
++@unittest.skipIf(os.geteuid() != 0, "user creation must be run as root")
++class CryptPasswordTest(unittest.TestCase):
++ def setUp(self):
++ pass
++
++ def tearDown(self):
++ pass
++
++ def test_crypt_password(self):
++ origin_password = "password"
++ encrypted = crypt_password(origin_password, "sm3")
++ self.assertTrue(encrypted.startswith("$sm3$"))
++
++ encrypted = crypt_password(origin_password)
++ self.assertTrue(encrypted.startswith("$6$"))
++
++if __name__ == '__main__':
++ unittest.main()
+-- +2.27.0 + |