From e9f07e4582f7977395d5c26d41e3fc97ed9e077c Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Tue, 19 Sep 2023 03:19:34 +0000 Subject: automatic import of anaconda --- support-use-sm3-crypt-user-password.patch | 234 ++++++++++++++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 support-use-sm3-crypt-user-password.patch (limited to 'support-use-sm3-crypt-user-password.patch') diff --git a/support-use-sm3-crypt-user-password.patch b/support-use-sm3-crypt-user-password.patch new file mode 100644 index 0000000..9fc3cbe --- /dev/null +++ b/support-use-sm3-crypt-user-password.patch @@ -0,0 +1,234 @@ +From b311b645f9447f7e765b0e418d3f37c32e2702e1 Mon Sep 17 00:00:00 2001 +From: liuxin +Date: Mon, 7 Nov 2022 19:07:50 +0800 +Subject: [PATCH] support use sm3 crypt user password + +--- + po/zh_CN.po | 5 ++++ + pyanaconda/core/users.py | 5 +++- + pyanaconda/ui/gui/spokes/root_password.glade | 15 ++++++++++++ + pyanaconda/ui/gui/spokes/root_password.py | 16 ++++++++++++- + pyanaconda/ui/gui/spokes/user.glade | 16 ++++++++++++- + pyanaconda/ui/gui/spokes/user.py | 14 ++++++++++- + .../pyanaconda_tests/test_crypt_password.py | 23 +++++++++++++++++++ + 7 files changed, 90 insertions(+), 4 deletions(-) + create mode 100644 tests/unit_tests/pyanaconda_tests/test_crypt_password.py + +diff --git a/po/zh_CN.po b/po/zh_CN.po +index e31f0b2..8f48aad 100644 +--- a/po/zh_CN.po ++++ b/po/zh_CN.po +@@ -7640,3 +7640,8 @@ msgstr "开始安装到硬盘" + #~ msgstr[0] "" + #~ "%(count)d 个磁盘;容量 %(size)s;空闲空间 %(free)s (包括未分区及文" + #~ "件系统内的部分)" ++ ++#: pyanaconda/ui/gui/spokes/root_password.glade:215 ++#: pyanaconda/ui/gui/spokes/user.glade:278 ++msgid "Use SM3 to encrypt the password" ++msgstr "使用SM3算法加密密码" +diff --git a/pyanaconda/core/users.py b/pyanaconda/core/users.py +index c2d14e2..649fad6 100644 +--- a/pyanaconda/core/users.py ++++ b/pyanaconda/core/users.py +@@ -38,7 +38,7 @@ from pyanaconda.anaconda_loggers import get_module_logger + log = get_module_logger(__name__) + + +-def crypt_password(password): ++def crypt_password(password, algo=None): + """Crypt a password. + + Process a password with appropriate salted one-way algorithm. +@@ -51,6 +51,9 @@ def crypt_password(password): + # so we need to generate the setting ourselves + b64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + setting = "$y$j9T$" + "".join(sr().choice(b64) for _sc in range(24)) ++ ++ if algo == "sm3": ++ setting = crypt.METHOD_SM3 + + # and try to compute the password hash using our yescrypt setting + try: +diff --git a/pyanaconda/ui/gui/spokes/root_password.glade b/pyanaconda/ui/gui/spokes/root_password.glade +index f710439..53bc90c 100644 +--- a/pyanaconda/ui/gui/spokes/root_password.glade ++++ b/pyanaconda/ui/gui/spokes/root_password.glade +@@ -328,6 +328,21 @@ The root user (also known as super user) has complete access to the entire syste + 1 + + ++ ++ ++ Use SM3 to encrypt the password ++ True ++ False ++ start ++ True ++ ++ ++ ++ False ++ True ++ 3 ++ ++ + + + +diff --git a/pyanaconda/ui/gui/spokes/root_password.py b/pyanaconda/ui/gui/spokes/root_password.py +index f2e389d..062f59d 100644 +--- a/pyanaconda/ui/gui/spokes/root_password.py ++++ b/pyanaconda/ui/gui/spokes/root_password.py +@@ -68,6 +68,8 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + NormalSpoke.__init__(self, *args) + GUISpokeInputCheckHandler.__init__(self) + self._users_module = USERS.get_proxy() ++ # sm3 password method ++ self._passwd_method_sm3 = False + + def initialize(self): + NormalSpoke.initialize(self) +@@ -83,6 +85,9 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + self._root_password_ssh_login_override.set_no_show_all(True) + self._revealer = self.builder.get_object("password_revealer") + ++ # sm3 object ++ self._passwd_method_button = self.builder.get_object("passwd_sm3") ++ + # Install the password checks: + # - Has a password been specified? + # - If a password has been specified and there is data in the confirm box, do they match? +@@ -179,9 +184,15 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + return not self._users_module.CheckAdminUserExists() + + def apply(self): ++ ++ if self._passwd_method_sm3 is True: ++ algo = "sm3" ++ else: ++ algo = None ++ + if self.root_enabled and self.password: + # Set the root password. +- self._users_module.SetCryptedRootPassword(crypt_password(self.password)) ++ self._users_module.SetCryptedRootPassword(crypt_password(self.password, algo)) + + # Unlock the root account. + self._users_module.SetRootAccountLocked(False) +@@ -330,3 +341,6 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler) + self._revealer.set_reveal_child(unlocked) + if unlocked: + self.password_entry.grab_focus() ++ ++ def on_sm3_clicked(self, button): ++ self._passwd_method_sm3 = self._passwd_method_button.get_active() +diff --git a/pyanaconda/ui/gui/spokes/user.glade b/pyanaconda/ui/gui/spokes/user.glade +index 4783a9f..2e844fa 100644 +--- a/pyanaconda/ui/gui/spokes/user.glade ++++ b/pyanaconda/ui/gui/spokes/user.glade +@@ -277,6 +277,20 @@ + 3 + + ++ ++ ++ Use SM3 to encrypt the password ++ True ++ False ++ start ++ True ++ ++ ++ ++ 1 ++ 8 ++ ++ + + + +@@ -324,7 +338,7 @@ + + + 1 +- 8 ++ 9 + + + +diff --git a/pyanaconda/ui/gui/spokes/user.py b/pyanaconda/ui/gui/spokes/user.py +index 5b16443..cb62873 100644 +--- a/pyanaconda/ui/gui/spokes/user.py ++++ b/pyanaconda/ui/gui/spokes/user.py +@@ -261,6 +261,8 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + + self._users_module = USERS.get_proxy() + self._password_is_required = True ++ # sm3 password method ++ self._passwd_method_sm3 = False + + def initialize(self): + NormalSpoke.initialize(self) +@@ -294,6 +296,9 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + self._password_bar = self.builder.get_object("password_bar") + self._password_label = self.builder.get_object("password_label") + ++ # sm3 object ++ self._passwd_method_button = self.builder.get_object("passwd_sm3") ++ + # Install the password checks: + # - Has a password been specified? + # - If a password has been specified and there is data in the confirm box, do they match? +@@ -470,7 +475,11 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + if self.password_required: + if self.password: + self.password_kickstarted = False +- self.user.password = crypt_password(self.password) ++ if self._passwd_method_sm3 is True: ++ algo = "sm3" ++ else: ++ algo = None ++ self.user.password = crypt_password(self.password, algo) + self.user.is_crypted = True + self.remove_placeholder_texts() + +@@ -696,3 +705,6 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler): + NormalSpoke.on_back_clicked(self, button) + else: + log.info("Return to hub prevented by password checking rules.") ++ ++ def on_sm3_clicked(self, button): ++ self._passwd_method_sm3 = self._passwd_method_button.get_active() +diff --git a/tests/unit_tests/pyanaconda_tests/test_crypt_password.py b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py +new file mode 100644 +index 0000000..c2e1e4c +--- /dev/null ++++ b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py +@@ -0,0 +1,23 @@ ++from pyanaconda.core.users import crypt_password ++import unittest ++import crypt ++import os ++ ++@unittest.skipIf(os.geteuid() != 0, "user creation must be run as root") ++class CryptPasswordTest(unittest.TestCase): ++ def setUp(self): ++ pass ++ ++ def tearDown(self): ++ pass ++ ++ def test_crypt_password(self): ++ origin_password = "password" ++ encrypted = crypt_password(origin_password, "sm3") ++ self.assertTrue(encrypted.startswith("$sm3$")) ++ ++ encrypted = crypt_password(origin_password) ++ self.assertTrue(encrypted.startswith("$6$")) ++ ++if __name__ == '__main__': ++ unittest.main() +-- +2.27.0 + -- cgit v1.2.3