1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
From b311b645f9447f7e765b0e418d3f37c32e2702e1 Mon Sep 17 00:00:00 2001
From: liuxin <liuxin264@huawei.com>
Date: Mon, 7 Nov 2022 19:07:50 +0800
Subject: [PATCH] support use sm3 crypt user password
---
po/zh_CN.po | 5 ++++
pyanaconda/core/users.py | 5 +++-
pyanaconda/ui/gui/spokes/root_password.glade | 15 ++++++++++++
pyanaconda/ui/gui/spokes/root_password.py | 16 ++++++++++++-
pyanaconda/ui/gui/spokes/user.glade | 16 ++++++++++++-
pyanaconda/ui/gui/spokes/user.py | 14 ++++++++++-
.../pyanaconda_tests/test_crypt_password.py | 23 +++++++++++++++++++
7 files changed, 90 insertions(+), 4 deletions(-)
create mode 100644 tests/unit_tests/pyanaconda_tests/test_crypt_password.py
diff --git a/po/zh_CN.po b/po/zh_CN.po
index e31f0b2..8f48aad 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -7640,3 +7640,8 @@ msgstr "开始安装到硬盘"
#~ msgstr[0] ""
#~ "<b>%(count)d 个磁盘;容量 %(size)s;空闲空间 %(free)s</b> (包括未分区及文"
#~ "件系统内的部分)"
+
+#: pyanaconda/ui/gui/spokes/root_password.glade:215
+#: pyanaconda/ui/gui/spokes/user.glade:278
+msgid "Use SM3 to encrypt the password"
+msgstr "使用SM3算法加密密码"
diff --git a/pyanaconda/core/users.py b/pyanaconda/core/users.py
index c2d14e2..649fad6 100644
--- a/pyanaconda/core/users.py
+++ b/pyanaconda/core/users.py
@@ -38,7 +38,7 @@ from pyanaconda.anaconda_loggers import get_module_logger
log = get_module_logger(__name__)
-def crypt_password(password):
+def crypt_password(password, algo=None):
"""Crypt a password.
Process a password with appropriate salted one-way algorithm.
@@ -51,6 +51,9 @@ def crypt_password(password):
# so we need to generate the setting ourselves
b64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
setting = "$y$j9T$" + "".join(sr().choice(b64) for _sc in range(24))
+
+ if algo == "sm3":
+ setting = crypt.METHOD_SM3
# and try to compute the password hash using our yescrypt setting
try:
diff --git a/pyanaconda/ui/gui/spokes/root_password.glade b/pyanaconda/ui/gui/spokes/root_password.glade
index f710439..53bc90c 100644
--- a/pyanaconda/ui/gui/spokes/root_password.glade
+++ b/pyanaconda/ui/gui/spokes/root_password.glade
@@ -328,6 +328,21 @@ The root user (also known as super user) has complete access to the entire syste
<property name="position">1</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="passwd_sm3">
+ <property name="label" translatable="yes">Use SM3 to encrypt the password</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="halign">start</property>
+ <property name="draw_indicator">True</property>
+ <signal name="clicked" handler="on_sm3_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="position">3</property>
+ </packing>
+ </child>
</object>
</child>
</object>
diff --git a/pyanaconda/ui/gui/spokes/root_password.py b/pyanaconda/ui/gui/spokes/root_password.py
index f2e389d..062f59d 100644
--- a/pyanaconda/ui/gui/spokes/root_password.py
+++ b/pyanaconda/ui/gui/spokes/root_password.py
@@ -68,6 +68,8 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
NormalSpoke.__init__(self, *args)
GUISpokeInputCheckHandler.__init__(self)
self._users_module = USERS.get_proxy()
+ # sm3 password method
+ self._passwd_method_sm3 = False
def initialize(self):
NormalSpoke.initialize(self)
@@ -83,6 +85,9 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
self._root_password_ssh_login_override.set_no_show_all(True)
self._revealer = self.builder.get_object("password_revealer")
+ # sm3 object
+ self._passwd_method_button = self.builder.get_object("passwd_sm3")
+
# Install the password checks:
# - Has a password been specified?
# - If a password has been specified and there is data in the confirm box, do they match?
@@ -179,9 +184,15 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
return not self._users_module.CheckAdminUserExists()
def apply(self):
+
+ if self._passwd_method_sm3 is True:
+ algo = "sm3"
+ else:
+ algo = None
+
if self.root_enabled and self.password:
# Set the root password.
- self._users_module.SetCryptedRootPassword(crypt_password(self.password))
+ self._users_module.SetCryptedRootPassword(crypt_password(self.password, algo))
# Unlock the root account.
self._users_module.SetRootAccountLocked(False)
@@ -330,3 +341,6 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
self._revealer.set_reveal_child(unlocked)
if unlocked:
self.password_entry.grab_focus()
+
+ def on_sm3_clicked(self, button):
+ self._passwd_method_sm3 = self._passwd_method_button.get_active()
diff --git a/pyanaconda/ui/gui/spokes/user.glade b/pyanaconda/ui/gui/spokes/user.glade
index 4783a9f..2e844fa 100644
--- a/pyanaconda/ui/gui/spokes/user.glade
+++ b/pyanaconda/ui/gui/spokes/user.glade
@@ -277,6 +277,20 @@
<property name="top-attach">3</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="passwd_sm3">
+ <property name="label" translatable="yes">Use SM3 to encrypt the password</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="halign">start</property>
+ <property name="draw_indicator">True</property>
+ <signal name="clicked" handler="on_sm3_clicked" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">8</property>
+ </packing>
+ </child>
<child>
<!-- n-columns=3 n-rows=3 -->
<object class="GtkGrid" id="grid2">
@@ -324,7 +338,7 @@
</object>
<packing>
<property name="left-attach">1</property>
- <property name="top-attach">8</property>
+ <property name="top-attach">9</property>
</packing>
</child>
<child>
diff --git a/pyanaconda/ui/gui/spokes/user.py b/pyanaconda/ui/gui/spokes/user.py
index 5b16443..cb62873 100644
--- a/pyanaconda/ui/gui/spokes/user.py
+++ b/pyanaconda/ui/gui/spokes/user.py
@@ -261,6 +261,8 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
self._users_module = USERS.get_proxy()
self._password_is_required = True
+ # sm3 password method
+ self._passwd_method_sm3 = False
def initialize(self):
NormalSpoke.initialize(self)
@@ -294,6 +296,9 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
self._password_bar = self.builder.get_object("password_bar")
self._password_label = self.builder.get_object("password_label")
+ # sm3 object
+ self._passwd_method_button = self.builder.get_object("passwd_sm3")
+
# Install the password checks:
# - Has a password been specified?
# - If a password has been specified and there is data in the confirm box, do they match?
@@ -470,7 +475,11 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
if self.password_required:
if self.password:
self.password_kickstarted = False
- self.user.password = crypt_password(self.password)
+ if self._passwd_method_sm3 is True:
+ algo = "sm3"
+ else:
+ algo = None
+ self.user.password = crypt_password(self.password, algo)
self.user.is_crypted = True
self.remove_placeholder_texts()
@@ -696,3 +705,6 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
NormalSpoke.on_back_clicked(self, button)
else:
log.info("Return to hub prevented by password checking rules.")
+
+ def on_sm3_clicked(self, button):
+ self._passwd_method_sm3 = self._passwd_method_button.get_active()
diff --git a/tests/unit_tests/pyanaconda_tests/test_crypt_password.py b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py
new file mode 100644
index 0000000..c2e1e4c
--- /dev/null
+++ b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py
@@ -0,0 +1,23 @@
+from pyanaconda.core.users import crypt_password
+import unittest
+import crypt
+import os
+
+@unittest.skipIf(os.geteuid() != 0, "user creation must be run as root")
+class CryptPasswordTest(unittest.TestCase):
+ def setUp(self):
+ pass
+
+ def tearDown(self):
+ pass
+
+ def test_crypt_password(self):
+ origin_password = "password"
+ encrypted = crypt_password(origin_password, "sm3")
+ self.assertTrue(encrypted.startswith("$sm3$"))
+
+ encrypted = crypt_password(origin_password)
+ self.assertTrue(encrypted.startswith("$6$"))
+
+if __name__ == '__main__':
+ unittest.main()
--
2.27.0
|
