diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-12 11:50:23 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-12 11:50:23 +0000 |
| commit | a39ad350cc564b3b46e6f75e2f9d1f26f646861e (patch) | |
| tree | 2c862b9103baa1192a30703077647caeac8d638c /shadow-Remove-encrypted-passwd-for-useradd-gr.patch | |
| parent | 9db7dc8abcf40be92578f61ae05c86ba78c65866 (diff) | |
automatic import of shadowopeneuler22.03_LTS
Diffstat (limited to 'shadow-Remove-encrypted-passwd-for-useradd-gr.patch')
| -rw-r--r-- | shadow-Remove-encrypted-passwd-for-useradd-gr.patch | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/shadow-Remove-encrypted-passwd-for-useradd-gr.patch b/shadow-Remove-encrypted-passwd-for-useradd-gr.patch new file mode 100644 index 0000000..07b29c1 --- /dev/null +++ b/shadow-Remove-encrypted-passwd-for-useradd-gr.patch @@ -0,0 +1,133 @@ +From 280a8474ad87f44f9620eeac75cbf8a34b5edc2f Mon Sep 17 00:00:00 2001 +From: xiongshenglan <xiongshenglan@huawei.com> +Date: Thu, 27 Jul 2023 09:30:16 +0800 +Subject: [PATCH] shadow: Remove encrypted passwd for + useradd-groupadd-groupmod-usermod + +Remove encrypted passwd for useradd/groupadd/groupmod/usermod +In groupadd/useradd, p parameter does not meet password complexity checks. Do +not satisfy security requirements. + +Signed-off-by: xiongshenglan <xiongshenglan@huawei.com> +--- + src/groupadd.c | 4 ++++ + src/groupmod.c | 4 ++++ + src/useradd.c | 4 ++++ + src/usermod.c | 4 ++++ + 4 files changed, 16 insertions(+) + +diff --git a/src/groupadd.c b/src/groupadd.c +index d7f68b1..9b7a521 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -125,7 +125,9 @@ static /*@noreturn@*/void usage (int status) + (void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), usageout); + (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" + " (non-unique) GID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); ++#endif + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DI directory prefix\n"), usageout); +@@ -459,10 +461,12 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': + pflg = true; + group_passwd = optarg; + break; ++#endif + case 'r': + rflg = true; + break; +diff --git a/src/groupmod.c b/src/groupmod.c +index acd6f35..f9dcabd 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -139,8 +139,10 @@ static void usage (int status) + (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); + (void) fputs (_(" -n, --new-name NEW_GROUP change the name to NEW_GROUP\n"), usageout); + (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" + " PASSWORD\n"), usageout); ++#endif + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout); +@@ -449,10 +451,12 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': + group_passwd = optarg; + pflg = true; + break; ++#endif + case 'R': /* no-op, handled in process_root_flag () */ + break; + case 'P': /* no-op, handled in process_prefix_flag () */ +diff --git a/src/useradd.c b/src/useradd.c +index 89abd5e..e5ba3dd 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -907,7 +907,9 @@ static void usage (int status) + " the user\n"), usageout); + (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" + " (non-unique) UID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); ++#endif + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); +@@ -1366,6 +1368,7 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': /* set encrypted password */ + if (!VALID (optarg)) { + fprintf (stderr, +@@ -1375,6 +1378,7 @@ static void process_flags (int argc, char **argv) + } + user_pass = optarg; + break; ++#endif + case 'r': + rflg = true; + break; +diff --git a/src/usermod.c b/src/usermod.c +index ca8db92..509a50b 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -384,7 +384,9 @@ static /*@noreturn@*/void usage (int status) + (void) fputs (_(" -m, --move-home move contents of the home directory to the\n" + " new location (use only with -d)\n"), usageout); + (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); ++#endif + (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -r, --remove remove the user from only the supplemental GROUPS\n" + " mentioned by the -G option without removing\n" +@@ -1121,10 +1123,12 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': + user_pass = optarg; + pflg = true; + break; ++#endif + case 'r': + rflg = true; + break; +-- +2.12.3 + |