From a39ad350cc564b3b46e6f75e2f9d1f26f646861e Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 12 Oct 2023 11:50:23 +0000 Subject: automatic import of shadow --- .gitignore | 1 + backport-Added-control-character-check.patch | 45 ++ ...orrectly-handle-illegal-system-file-in-tz.patch | 55 ++ backport-Explicitly-override-only-newlines.patch | 55 ++ backport-Fix-off-by-one-mistakes.patch | 74 ++ backport-Fix-typos-in-length-calculations.patch | 32 + backport-Overhaul-valid_field.patch | 61 ++ backport-Prevent-out-of-boundary-access.patch | 56 ++ backport-Read-whole-line-in-yes_or_no.patch | 67 ++ ...sswd-fix-segfault-in-command-line-options.patch | 36 + ...rt-commonio-free-removed-database-entries.patch | 39 + backport-run_parts-for-groupadd-and-groupdel.patch | 127 ++++ ...-disconnect-to-free-libsemanage-internals.patch | 76 ++ ...radd-check-if-subid-range-exists-for-user.patch | 41 ++ chpasswd | 5 + gpl-2.0.txt | 339 +++++++++ newusers | 5 + ...ow-Remove-encrypted-passwd-for-useradd-gr.patch | 133 ++++ shadow-add-sm3-crypt-support.patch | 782 +++++++++++++++++++++ shadow-bsd.txt | 32 + shadow-utils.login.defs | 306 ++++++++ shadow-utils.useradd | 8 + shadow.spec | 355 ++++++++++ sources | 1 + usermod-unlock.patch | 65 ++ 25 files changed, 2796 insertions(+) create mode 100644 backport-Added-control-character-check.patch create mode 100644 backport-Correctly-handle-illegal-system-file-in-tz.patch create mode 100644 backport-Explicitly-override-only-newlines.patch create mode 100644 backport-Fix-off-by-one-mistakes.patch create mode 100644 backport-Fix-typos-in-length-calculations.patch create mode 100644 backport-Overhaul-valid_field.patch create mode 100644 backport-Prevent-out-of-boundary-access.patch create mode 100644 backport-Read-whole-line-in-yes_or_no.patch create mode 100644 backport-chgpasswd-fix-segfault-in-command-line-options.patch create mode 100644 backport-commonio-free-removed-database-entries.patch create mode 100644 backport-run_parts-for-groupadd-and-groupdel.patch create mode 100644 backport-semanage-disconnect-to-free-libsemanage-internals.patch create mode 100644 backport-useradd-check-if-subid-range-exists-for-user.patch create mode 100644 chpasswd create mode 100644 gpl-2.0.txt create mode 100644 newusers create mode 100644 shadow-Remove-encrypted-passwd-for-useradd-gr.patch create mode 100644 shadow-add-sm3-crypt-support.patch create mode 100644 shadow-bsd.txt create mode 100644 shadow-utils.login.defs create mode 100644 shadow-utils.useradd create mode 100644 shadow.spec create mode 100644 sources create mode 100644 usermod-unlock.patch diff --git a/.gitignore b/.gitignore index e69de29..62e64a7 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/shadow-4.13.tar.xz diff --git a/backport-Added-control-character-check.patch b/backport-Added-control-character-check.patch new file mode 100644 index 0000000..79d074e --- /dev/null +++ b/backport-Added-control-character-check.patch @@ -0,0 +1,45 @@ +From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001 +From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com> +Date: Thu, 23 Mar 2023 23:39:38 +0000 +Subject: [PATCH] Added control character check + +Added control character check, returning -1 (to "err") if control characters are present. +--- + lib/fields.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index 640be931..fb51b582 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -21,9 +21,9 @@ + * + * The supplied field is scanned for non-printable and other illegal + * characters. +- * + -1 is returned if an illegal character is present. +- * + 1 is returned if no illegal characters are present, but the field +- * contains a non-printable character. ++ * + -1 is returned if an illegal or control character is present. ++ * + 1 is returned if no illegal or control characters are present, ++ * but the field contains a non-printable character. + * + 0 is returned otherwise. + */ + int valid_field (const char *field, const char *illegal) +@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal) + } + + if (0 == err) { +- /* Search if there are some non-printable characters */ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { + if (!isprint (*cp)) { + err = 1; ++ } ++ if (!iscntrl (*cp)) { ++ err = -1; + break; + } + } +-- +2.27.0 + diff --git a/backport-Correctly-handle-illegal-system-file-in-tz.patch b/backport-Correctly-handle-illegal-system-file-in-tz.patch new file mode 100644 index 0000000..5355ec7 --- /dev/null +++ b/backport-Correctly-handle-illegal-system-file-in-tz.patch @@ -0,0 +1,55 @@ +From 37ae2320809cb16afa9dacd8e5ea317ae216ee36 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Fri, 27 Jan 2023 11:57:51 +0000 +Subject: [PATCH] Correctly handle illegal system file in tz + +If the file referenced by ENV_TZ has a zero length string, then an out +of boundary write occurs. Also the result can be wrong because it is +assumed that the file will always end with a newline. + +Only override a newline character with '\0' to avoid these cases. + +This cannot be considered to be security relevant because login.defs +and its contained references to system files should be trusted to begin +with. + +Proof of Concept: + +1. Compile shadow's su with address sanitizer and --without-libpam + +2. Setup your /etc/login.defs to contain ENV_TZ=/etc/tzname + +3. Prepare /etc/tzname to contain a '\0' byte at the beginning + +`python -c "print('\x00')" > /etc/tzname` + +4. Use su + +`su -l` + +You can see the following output: + +`tz.c:45:8: runtime error: index 18446744073709551615 out of bounds for type 'char [8192]'` + +Signed-off-by: Samanta Navarro +--- + libmisc/tz.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libmisc/tz.c b/libmisc/tz.c +index f3f5733e..9f3a41f2 100644 +--- a/libmisc/tz.c ++++ b/libmisc/tz.c +@@ -42,7 +42,8 @@ + + strcpy (tzbuf, def_tz); + } else { +- tzbuf[strlen (tzbuf) - 1] = '\0'; ++ /* Remove optional trailing '\n'. */ ++ tzbuf[strcspn (tzbuf, "\n")] = '\0'; + } + + if (NULL != fp) { +-- +2.27.0 + diff --git a/backport-Explicitly-override-only-newlines.patch b/backport-Explicitly-override-only-newlines.patch new file mode 100644 index 0000000..a1fc8c6 --- /dev/null +++ b/backport-Explicitly-override-only-newlines.patch @@ -0,0 +1,55 @@ +From ffc480c2e93f05266e4b130229877ad13f71a8c0 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Mon, 30 Jan 2023 11:53:47 +0000 +Subject: [PATCH] Explicitly override only newlines + +Override only newlines with '\0' to avoid undesired truncation of +actual line content. + +Signed-off-by: Samanta Navarro +--- + lib/port.c | 6 +++--- + libmisc/console.c | 3 ++- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/lib/port.c b/lib/port.c +index 0bea2ef4..90eb1498 100644 +--- a/lib/port.c ++++ b/lib/port.c +@@ -130,8 +130,8 @@ static struct port *getportent (void) + again: + + /* +- * Get the next line and remove the last character, which +- * is a '\n'. Lines which begin with '#' are all ignored. ++ * Get the next line and remove optional trailing '\n'. ++ * Lines which begin with '#' are all ignored. + */ + + if (fgets (buf, (int) sizeof buf, ports) == 0) { +@@ -149,7 +149,7 @@ static struct port *getportent (void) + * TTY devices. + */ + +- buf[strlen (buf) - 1] = 0; ++ buf[strcspn (buf, "\n")] = 0; + + port.pt_names = ttys; + for (cp = buf, j = 0; j < PORT_TTY; j++) { +diff --git a/libmisc/console.c b/libmisc/console.c +index bc024eba..63d3ceb3 100644 +--- a/libmisc/console.c ++++ b/libmisc/console.c +@@ -71,7 +71,8 @@ static bool is_listed (const char *cfgin, const char *tty, bool def) + */ + + while (fgets (buf, (int) sizeof (buf), fp) != NULL) { +- buf[strlen (buf) - 1] = '\0'; ++ /* Remove optional trailing '\n'. */ ++ buf[strcspn (buf, "\n")] = '\0'; + if (strcmp (buf, tty) == 0) { + (void) fclose (fp); + return true; +-- +2.27.0 + diff --git a/backport-Fix-off-by-one-mistakes.patch b/backport-Fix-off-by-one-mistakes.patch new file mode 100644 index 0000000..fe11716 --- /dev/null +++ b/backport-Fix-off-by-one-mistakes.patch @@ -0,0 +1,74 @@ +From 587ce83e3ff4bea64ac028149ac9b66df37f688c Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar +Date: Fri, 16 Dec 2022 00:52:27 +0100 +Subject: [PATCH] Fix off-by-one mistakes + +The buffers have a size of 512 (see xmalloc() above), which is what +snprintf(3) expects. + +Link: +Signed-off-by: Alejandro Colomar +--- + src/groupmod.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/groupmod.c b/src/groupmod.c +index 006eca1c..828c7c0b 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -554,13 +554,13 @@ static void prepare_failure_reports (void) + #endif + info_passwd.audit_msg = xmalloc (512); + +- (void) snprintf (info_group.audit_msg, 511, ++ (void) snprintf (info_group.audit_msg, 512, + "changing %s; ", gr_dbname ()); + #ifdef SHADOWGRP +- (void) snprintf (info_gshadow.audit_msg, 511, ++ (void) snprintf (info_gshadow.audit_msg, 512, + "changing %s; ", sgr_dbname ()); + #endif +- (void) snprintf (info_passwd.audit_msg, 511, ++ (void) snprintf (info_passwd.audit_msg, 512, + "changing %s; ", pw_dbname ()); + + info_group.action = info_group.audit_msg +@@ -573,16 +573,16 @@ static void prepare_failure_reports (void) + + strlen (info_passwd.audit_msg); + + (void) snprintf (info_group.action, +- 511 - strlen (info_group.audit_msg), ++ 512 - strlen (info_group.audit_msg), + "group %s/%lu", + group_name, (unsigned long int) group_id); + #ifdef SHADOWGRP + (void) snprintf (info_gshadow.action, +- 511 - strlen (info_group.audit_msg), ++ 512 - strlen (info_group.audit_msg), + "group %s", group_name); + #endif + (void) snprintf (info_passwd.action, +- 511 - strlen (info_group.audit_msg), ++ 512 - strlen (info_group.audit_msg), + "group %s/%lu", + group_name, (unsigned long int) group_id); + +@@ -617,13 +617,13 @@ static void prepare_failure_reports (void) + strncat (info_group.action, ", new gid: ", + 511 - strlen (info_group.audit_msg)); + (void) snprintf (info_group.action+strlen (info_group.action), +- 511 - strlen (info_group.audit_msg), ++ 512 - strlen (info_group.audit_msg), + "%lu", (unsigned long int) group_newid); + + strncat (info_passwd.action, ", new gid: ", + 511 - strlen (info_passwd.audit_msg)); + (void) snprintf (info_passwd.action+strlen (info_passwd.action), +- 511 - strlen (info_passwd.audit_msg), ++ 512 - strlen (info_passwd.audit_msg), + "%lu", (unsigned long int) group_newid); + } + info_group.audit_msg[511] = '\0'; +-- +2.27.0 + diff --git a/backport-Fix-typos-in-length-calculations.patch b/backport-Fix-typos-in-length-calculations.patch new file mode 100644 index 0000000..8d339ad --- /dev/null +++ b/backport-Fix-typos-in-length-calculations.patch @@ -0,0 +1,32 @@ +From ed69feaaff3c86745390c9839ecfc4b8f9706075 Mon Sep 17 00:00:00 2001 +From: Alejandro Colomar +Date: Fri, 16 Dec 2022 01:08:12 +0100 +Subject: [PATCH] Fix typos in length calculations + +Link: +Signed-off-by: Alejandro Colomar +--- + src/groupmod.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/groupmod.c b/src/groupmod.c +index 7802e5b1..8c219194 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -578,11 +578,11 @@ static void prepare_failure_reports (void) + group_name, (unsigned long int) group_id); + #ifdef SHADOWGRP + (void) snprintf (info_gshadow.action, +- 512 - strlen (info_group.audit_msg), ++ 512 - strlen (info_gshadow.audit_msg), + "group %s", group_name); + #endif + (void) snprintf (info_passwd.action, +- 512 - strlen (info_group.audit_msg), ++ 512 - strlen (info_passwd.audit_msg), + "group %s/%lu", + group_name, (unsigned long int) group_id); + +-- +2.27.0 + diff --git a/backport-Overhaul-valid_field.patch b/backport-Overhaul-valid_field.patch new file mode 100644 index 0000000..7573d17 --- /dev/null +++ b/backport-Overhaul-valid_field.patch @@ -0,0 +1,61 @@ +From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 31 Mar 2023 14:46:50 +0200 +Subject: [PATCH] Overhaul valid_field() + +e5905c4b ("Added control character check") introduced checking for +control characters but had the logic inverted, so it rejects all +characters that are not control ones. + +Cast the character to `unsigned char` before passing to the character +checking functions to avoid UB. + +Use strpbrk(3) for the illegal character test and return early. +--- + lib/fields.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +diff --git a/lib/fields.c b/lib/fields.c +index fb51b582..53929248 100644 +--- a/lib/fields.c ++++ b/lib/fields.c +@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal) + + /* For each character of field, search if it appears in the list + * of illegal characters. */ ++ if (illegal && NULL != strpbrk (field, illegal)) { ++ return -1; ++ } ++ ++ /* Search if there are non-printable or control characters */ + for (cp = field; '\0' != *cp; cp++) { +- if (strchr (illegal, *cp) != NULL) { ++ unsigned char c = *cp; ++ if (!isprint (c)) { ++ err = 1; ++ } ++ if (iscntrl (c)) { + err = -1; + break; + } + } + +- if (0 == err) { +- /* Search if there are non-printable or control characters */ +- for (cp = field; '\0' != *cp; cp++) { +- if (!isprint (*cp)) { +- err = 1; +- } +- if (!iscntrl (*cp)) { +- err = -1; +- break; +- } +- } +- } +- + return err; + } + +-- +2.27.0 + diff --git a/backport-Prevent-out-of-boundary-access.patch b/backport-Prevent-out-of-boundary-access.patch new file mode 100644 index 0000000..321b616 --- /dev/null +++ b/backport-Prevent-out-of-boundary-access.patch @@ -0,0 +1,56 @@ +From 8e0ad48c21bd7d5506ff44eb4c04f796b80045ce Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Mon, 30 Jan 2023 11:54:49 +0000 +Subject: [PATCH] Prevent out of boundary access + +If lines start with '\0' then it is possible to trigger out of +boundary accesses. + +Check if indices are valid before accessing them. + +Signed-off-by: Samanta Navarro +--- + src/login_nopam.c | 4 ++-- + src/suauth.c | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/login_nopam.c b/src/login_nopam.c +index b09cffe4..18072a43 100644 +--- a/src/login_nopam.c ++++ b/src/login_nopam.c +@@ -100,7 +100,7 @@ int login_access (const char *user, const char *from) + int end; + lineno++; + end = (int) strlen (line) - 1; +- if (line[end] != '\n') { ++ if (line[0] == '\0' || line[end] != '\n') { + SYSLOG ((LOG_ERR, + "%s: line %d: missing newline or line too long", + TABLE, lineno)); +@@ -320,7 +320,7 @@ static bool from_match (const char *tok, const char *string) + if (strchr (string, '.') == NULL) { + return true; + } +- } else if ( (tok[(tok_len = strlen (tok)) - 1] == '.') /* network */ ++ } else if ( (tok[0] != '\0' && tok[(tok_len = strlen (tok)) - 1] == '.') /* network */ + && (strncmp (tok, resolve_hostname (string), tok_len) == 0)) { + return true; + } +diff --git a/src/suauth.c b/src/suauth.c +index 2641d334..d68a3340 100644 +--- a/src/suauth.c ++++ b/src/suauth.c +@@ -68,8 +68,9 @@ int check_su_auth (const char *actual_id, + + while (fgets (temp, sizeof (temp), authfile_fd) != NULL) { + lines++; ++ endline = strlen(temp) - 1; + +- if (temp[endline = strlen (temp) - 1] != '\n') { ++ if (temp[0] == '\0' || temp[endline] != '\n') { + SYSLOG ((LOG_ERR, + "%s, line %d: line too long or missing newline", + SUAUTHFILE, lines)); +-- +2.27.0 + diff --git a/backport-Read-whole-line-in-yes_or_no.patch b/backport-Read-whole-line-in-yes_or_no.patch new file mode 100644 index 0000000..c70a8b8 --- /dev/null +++ b/backport-Read-whole-line-in-yes_or_no.patch @@ -0,0 +1,67 @@ +From 0c83b981053b65c9bab4f1c2e60d004e920f8faf Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Fri, 27 Jan 2023 11:53:57 +0000 +Subject: [PATCH] Read whole line in yes_or_no + +Do not stop after 79 characters. Read the complete line to avoid +arbitrary limitations. + +Proof of Concept: + +``` +cat > passwd-poc << EOF +root:x:0:0:root:/root:/bin/bash +root:x:0:0:root:/root:/bin/bash +root:x:0:0:root:/root:/bin/bash +EOF +python -c "print(80*'y')" | pwck passwd-poc +``` + +Two lines should still be within the file because we agreed only once +to remove a duplicated line. + +Signed-off-by: Samanta Navarro +Reviewed-by: Alejandro Colomar +Reviewed-by: Serge Hallyn + +Conflict: NA +Reference: https://github.com/shadow-maint/shadow/commit/0c83b981053b65c9bab4f1c2e60d004e920f8faf +--- + libmisc/yesno.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/libmisc/yesno.c b/libmisc/yesno.c +index 1a1a3714..d8847e40 100644 +--- a/libmisc/yesno.c ++++ b/libmisc/yesno.c +@@ -28,7 +28,8 @@ + */ + bool yes_or_no (bool read_only) + { +- char buf[80]; ++ int c; ++ bool result; + + /* + * In read-only mode all questions are answered "no". +@@ -46,11 +47,13 @@ bool yes_or_no (bool read_only) + /* + * Get a line and see what the first character is. + */ ++ c = fgetc(stdin); + /* TODO: use gettext */ +- if (fgets (buf, (int) sizeof buf, stdin) == buf) { +- return buf[0] == 'y' || buf[0] == 'Y'; +- } ++ result = (c == 'y' || c == 'Y'); ++ ++ while (c != '\n' && c != EOF) ++ c = fgetc(stdin); + +- return false; ++ return result; + } + +-- +2.27.0 + diff --git a/backport-chgpasswd-fix-segfault-in-command-line-options.patch b/backport-chgpasswd-fix-segfault-in-command-line-options.patch new file mode 100644 index 0000000..db47426 --- /dev/null +++ b/backport-chgpasswd-fix-segfault-in-command-line-options.patch @@ -0,0 +1,36 @@ +From 53a17c1742a4b5fcf9280fd6dd85fc77588535c2 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux +Date: Wed, 21 Jun 2023 15:12:43 +0200 +Subject: [PATCH] chgpasswd: fix segfault in command-line options + +Using the --sha-rounds option without first giving a crypt method via the --crypt-method option results in comparisons with a NULL pointer and thus make chgpasswd segfault: + +$ chgpasswd -s 1 +zsh: segmentation fault chgpasswd -s 1 + +Current patch add a sanity check before these comparisons to ensure there is a defined encryption method. +--- + src/chgpasswd.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/chgpasswd.c b/src/chgpasswd.c +index fe4055d8..7b773e2f 100644 +--- a/src/chgpasswd.c ++++ b/src/chgpasswd.c +@@ -186,6 +186,13 @@ static void process_flags (int argc, char **argv) + case 's': + sflg = true; + bad_s = 0; ++ ++ if (!crypt_method) { ++ fprintf (stderr, ++ _("%s: no crypt method defined\n"), ++ Prog); ++ usage (E_USAGE); ++ } + #if defined(USE_SHA_CRYPT) + if ( ( ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512"))) + && (0 == getlong(optarg, &sha_rounds)))) { +-- +2.20.1 + diff --git a/backport-commonio-free-removed-database-entries.patch b/backport-commonio-free-removed-database-entries.patch new file mode 100644 index 0000000..13322f7 --- /dev/null +++ b/backport-commonio-free-removed-database-entries.patch @@ -0,0 +1,39 @@ +From a8dd8ce6c9a5f6e69ed4e9fa7b0c0976bb4ba332 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Sat, 1 Apr 2023 13:36:51 +0200 +Subject: [PATCH] commonio: free removed database entries + +Free the actual struct of the removed entry. + +Example userdel report: + + Direct leak of 40 byte(s) in 1 object(s) allocated from: + #0 0x55b230efe857 in reallocarray (./src/userdel+0xda857) + #1 0x55b230f6041f in mallocarray ./lib/./alloc.h:97:9 + #2 0x55b230f6041f in commonio_open ./lib/commonio.c:563:7 + #3 0x55b230f39098 in open_files ./src/userdel.c:555:6 + #4 0x55b230f39098 in main ./src/userdel.c:1189:2 + #5 0x7f9b48c64189 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 + +Conflict: NA +Reference: https://github.com/shadow-maint/shadow/commit/a8dd8ce6c9a5f6e69ed4e9fa7b0c0976bb4ba332 +--- + lib/commonio.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/commonio.c b/lib/commonio.c +index 40e62298..a0449c83 100644 +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -1060,6 +1060,8 @@ int commonio_remove (struct commonio_db *db, const char *name) + db->ops->free (p->eptr); + } + ++ free(p); ++ + return 1; + } + +-- +2.27.0 + diff --git a/backport-run_parts-for-groupadd-and-groupdel.patch b/backport-run_parts-for-groupadd-and-groupdel.patch new file mode 100644 index 0000000..43c175b --- /dev/null +++ b/backport-run_parts-for-groupadd-and-groupdel.patch @@ -0,0 +1,127 @@ +From 4e1f674c41724dd96ad2c3a0c02ac9f6666697ba Mon Sep 17 00:00:00 2001 +From: ed neville +Date: Mon, 27 Mar 2023 20:23:03 +0100 +Subject: [PATCH] run_parts for groupadd and groupdel + +run_parts currently exists in useradd and userdel, this commit mirrors +the functionality with groupadd and groupdel + +Hook for group{add,del} to include killing processes that have group +membership that would no longer exist to avoid membership ID reuse. + +Conflict: NA +Reference: https://github.com/shadow-maint/shadow/commit/4e1f674c41724dd96ad2c3a0c02ac9f6666697ba +--- + .../groupdel-pre.d/01-kill_group_procs.sh | 26 +++++++++++++++++++ + src/groupadd.c | 11 ++++++++ + src/groupdel.c | 11 ++++++++ + 3 files changed, 48 insertions(+) + create mode 100644 etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh + +diff --git a/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh +new file mode 100644 +index 00000000..10db5279 +--- /dev/null ++++ b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh +@@ -0,0 +1,26 @@ ++#!/bin/sh ++ ++PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ++GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group` ++ ++if [ "${GROUPID}" = "" ]; then ++ exit 0 ++fi ++ ++for status in /proc/*/status; do ++ # either this isn't a process or its already dead since expanding the list ++ [ -f "$status" ] || continue ++ ++ tbuf=${status%/status} ++ pid=${tbuf#/proc/} ++ case "$pid" in ++ "$$") continue;; ++ [0-9]*) :;; ++ *) continue ++ esac ++ ++ grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue ++ ++ kill -9 "$pid" || echo "cannot kill $pid" 1>&2 ++done ++ +diff --git a/src/groupadd.c b/src/groupadd.c +index 31142101..2eda1c68 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -34,6 +34,7 @@ + #include "sgroupio.h" + #endif + #include "shadowlog.h" ++#include "run_part.h" + + /* + * exit status values +@@ -603,6 +604,11 @@ int main (int argc, char **argv) + + check_perms (); + ++ if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name, ++ "groupadd")) { ++ exit(1); ++ } ++ + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif +@@ -621,6 +627,11 @@ int main (int argc, char **argv) + + grp_update (); + close_files (); ++ if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name, ++ "groupadd")) { ++ exit(1); ++ } ++ + + nscd_flush_cache ("group"); + sssd_flush_cache (SSSD_DB_GROUP); +diff --git a/src/groupdel.c b/src/groupdel.c +index fdccf5e1..bae4367b 100644 +--- a/src/groupdel.c ++++ b/src/groupdel.c +@@ -32,6 +32,7 @@ + #include "sgroupio.h" + #endif + #include "shadowlog.h" ++#include "run_part.h" + /* + * Global variables + */ +@@ -461,6 +462,11 @@ int main (int argc, char **argv) + group_busy (group_id); + } + ++ if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name, ++ "groupdel")) { ++ exit(1); ++ } ++ + /* + * Do the hard stuff - open the files, delete the group entries, + * then close and update the files. +@@ -471,6 +477,11 @@ int main (int argc, char **argv) + + close_files (); + ++ if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name, ++ "groupdel")) { ++ exit(1); ++ } ++ + nscd_flush_cache ("group"); + sssd_flush_cache (SSSD_DB_GROUP); + +-- +2.27.0 + diff --git a/backport-semanage-disconnect-to-free-libsemanage-internals.patch b/backport-semanage-disconnect-to-free-libsemanage-internals.patch new file mode 100644 index 0000000..94a0722 --- /dev/null +++ b/backport-semanage-disconnect-to-free-libsemanage-internals.patch @@ -0,0 +1,76 @@ +From 7078ed1e0b8a197aa9e5103986bce927abef87a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Sat, 1 Apr 2023 14:11:06 +0200 +Subject: [PATCH] semanage: disconnect to free libsemanage internals + +Destroying the handle does not actually disconnect, see [1]. +Also free the key on user removal. + +[1]: https://github.com/SELinuxProject/selinux/blob/e9072e7d45f4559887d11b518099135cbe564163/libsemanage/src/direct_api.c#L330 + +Example adduser leak: + + Direct leak of 1008 byte(s) in 14 object(s) allocated from: + #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae) + #1 0x7fb5cfffad09 in dbase_file_init src/database_file.c:170:45 + + Direct leak of 392 byte(s) in 7 object(s) allocated from: + #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae) + #1 0x7fb5cfffc929 in dbase_policydb_init src/database_policydb.c:187:27 + + Direct leak of 144 byte(s) in 2 object(s) allocated from: + #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae) + #1 0x7fb5cfffb519 in dbase_join_init src/database_join.c:249:28 + + [...] + +Conflict: NA +Reference: https://github.com/shadow-maint/shadow/commit/7078ed1e0b8a197aa9e5103986bce927abef87a4 +--- + lib/semanage.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/semanage.c b/lib/semanage.c +index 5d336b08..d412186c 100644 +--- a/lib/semanage.c ++++ b/lib/semanage.c +@@ -97,6 +97,8 @@ static semanage_handle_t *semanage_init (void) + return handle; + + fail: ++ if (handle) ++ semanage_disconnect (handle); + semanage_handle_destroy (handle); + return NULL; + } +@@ -156,7 +158,7 @@ done: + + + static int semanage_user_add (semanage_handle_t *handle, +- semanage_seuser_key_t *key, ++ const semanage_seuser_key_t *key, + const char *login_name, + const char *seuser_name) + { +@@ -279,6 +281,8 @@ int set_seuser (const char *login_name, const char *seuser_name) + + done: + semanage_seuser_key_free (key); ++ if (handle) ++ semanage_disconnect (handle); + semanage_handle_destroy (handle); + return ret; + } +@@ -353,6 +357,9 @@ int del_seuser (const char *login_name) + + ret = 0; + done: ++ semanage_seuser_key_free (key); ++ if (handle) ++ semanage_disconnect (handle); + semanage_handle_destroy (handle); + return ret; + } +-- +2.27.0 + diff --git a/backport-useradd-check-if-subid-range-exists-for-user.patch b/backport-useradd-check-if-subid-range-exists-for-user.patch new file mode 100644 index 0000000..62c172f --- /dev/null +++ b/backport-useradd-check-if-subid-range-exists-for-user.patch @@ -0,0 +1,41 @@ +From e0524e813a3bae2891b33a66f35876841c11cee7 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Mon, 24 Oct 2022 10:46:36 +0200 +Subject: [PATCH 1/4] useradd: check if subid range exists for user + +Check if a user already has a subid range before assigning one. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012929 + +Signed-off-by: Iker Pedrosa + +Reference: https://github.com/shadow-maint/shadow/commit/e0524e813a3bae2891b33a66f35876841c11cee7 +Conflict: NA +--- + src/useradd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 7ea0a9c4..e784d602 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2188,14 +2188,14 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count) + fail_exit (E_PW_UPDATE); + } + #ifdef ENABLE_SUBIDS +- if (is_sub_uid && ++ if (is_sub_uid && !local_sub_uid_assigned(user_name) && + (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), + Prog, sub_uid_dbname ()); + fail_exit (E_SUB_UID_UPDATE); + } +- if (is_sub_gid && ++ if (is_sub_gid && !local_sub_gid_assigned(user_name) && + (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), +-- +2.12.3 + diff --git a/chpasswd b/chpasswd new file mode 100644 index 0000000..15c4663 --- /dev/null +++ b/chpasswd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# This tool only uses the password stack. +password substack system-auth +-password optional pam_gnome_keyring.so use_authtok +password substack postlogin diff --git a/gpl-2.0.txt b/gpl-2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/gpl-2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/newusers b/newusers new file mode 100644 index 0000000..15c4663 --- /dev/null +++ b/newusers @@ -0,0 +1,5 @@ +#%PAM-1.0 +# This tool only uses the password stack. +password substack system-auth +-password optional pam_gnome_keyring.so use_authtok +password substack postlogin diff --git a/shadow-Remove-encrypted-passwd-for-useradd-gr.patch b/shadow-Remove-encrypted-passwd-for-useradd-gr.patch new file mode 100644 index 0000000..07b29c1 --- /dev/null +++ b/shadow-Remove-encrypted-passwd-for-useradd-gr.patch @@ -0,0 +1,133 @@ +From 280a8474ad87f44f9620eeac75cbf8a34b5edc2f Mon Sep 17 00:00:00 2001 +From: xiongshenglan +Date: Thu, 27 Jul 2023 09:30:16 +0800 +Subject: [PATCH] shadow: Remove encrypted passwd for + useradd-groupadd-groupmod-usermod + +Remove encrypted passwd for useradd/groupadd/groupmod/usermod +In groupadd/useradd, p parameter does not meet password complexity checks. Do +not satisfy security requirements. + +Signed-off-by: xiongshenglan +--- + src/groupadd.c | 4 ++++ + src/groupmod.c | 4 ++++ + src/useradd.c | 4 ++++ + src/usermod.c | 4 ++++ + 4 files changed, 16 insertions(+) + +diff --git a/src/groupadd.c b/src/groupadd.c +index d7f68b1..9b7a521 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -125,7 +125,9 @@ static /*@noreturn@*/void usage (int status) + (void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), usageout); + (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" + " (non-unique) GID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); ++#endif + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DI directory prefix\n"), usageout); +@@ -459,10 +461,12 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': + pflg = true; + group_passwd = optarg; + break; ++#endif + case 'r': + rflg = true; + break; +diff --git a/src/groupmod.c b/src/groupmod.c +index acd6f35..f9dcabd 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -139,8 +139,10 @@ static void usage (int status) + (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); + (void) fputs (_(" -n, --new-name NEW_GROUP change the name to NEW_GROUP\n"), usageout); + (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" + " PASSWORD\n"), usageout); ++#endif + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout); +@@ -449,10 +451,12 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': + group_passwd = optarg; + pflg = true; + break; ++#endif + case 'R': /* no-op, handled in process_root_flag () */ + break; + case 'P': /* no-op, handled in process_prefix_flag () */ +diff --git a/src/useradd.c b/src/useradd.c +index 89abd5e..e5ba3dd 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -907,7 +907,9 @@ static void usage (int status) + " the user\n"), usageout); + (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" + " (non-unique) UID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); ++#endif + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); +@@ -1366,6 +1368,7 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': /* set encrypted password */ + if (!VALID (optarg)) { + fprintf (stderr, +@@ -1375,6 +1378,7 @@ static void process_flags (int argc, char **argv) + } + user_pass = optarg; + break; ++#endif + case 'r': + rflg = true; + break; +diff --git a/src/usermod.c b/src/usermod.c +index ca8db92..509a50b 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -384,7 +384,9 @@ static /*@noreturn@*/void usage (int status) + (void) fputs (_(" -m, --move-home move contents of the home directory to the\n" + " new location (use only with -d)\n"), usageout); + (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); ++#endif + (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -r, --remove remove the user from only the supplemental GROUPS\n" + " mentioned by the -G option without removing\n" +@@ -1121,10 +1123,12 @@ static void process_flags (int argc, char **argv) + case 'o': + oflg = true; + break; ++#ifndef CONFIG_SHADOW_REMOVE_POPTION + case 'p': + user_pass = optarg; + pflg = true; + break; ++#endif + case 'r': + rflg = true; + break; +-- +2.12.3 + diff --git a/shadow-add-sm3-crypt-support.patch b/shadow-add-sm3-crypt-support.patch new file mode 100644 index 0000000..bfb5184 --- /dev/null +++ b/shadow-add-sm3-crypt-support.patch @@ -0,0 +1,782 @@ +From d7fa75bbd22a08b4e0b8c7e3ccab588c87d23835 Mon Sep 17 00:00:00 2001 +From: root +Date: Wed, 29 Dec 2021 16:05:56 +0800 +Subject: [PATCH] shadow add sm3 crypt support + +--- + configure.ac | 9 ++++ + etc/login.defs | 17 ++++++++ + lib/encrypt.c | 3 ++ + lib/getdef.c | 4 ++ + libmisc/obscure.c | 3 ++ + libmisc/salt.c | 106 +++++++++++++++++++++++++++++++++++++++++++--- + src/chgpasswd.c | 48 +++++++++++++++------ + src/chpasswd.c | 46 ++++++++++++++------ + src/newusers.c | 61 +++++++++++++++++++------- + src/passwd.c | 7 ++- + 10 files changed, 254 insertions(+), 50 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 924254a..dde1de8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -274,6 +274,9 @@ AC_ARG_WITH(libcrack, + AC_ARG_WITH(sha-crypt, + [AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])], + [with_sha_crypt=$withval], [with_sha_crypt=yes]) ++AC_ARG_WITH(sm3-crypt, ++ [AS_HELP_STRING([--with-sm3-crypt], [allow the SM3 password encryption algorithms @<:@default=yes@:>@])], ++ [with_sm3_crypt=$withval], [with_sm3_crypt=yes]) + AC_ARG_WITH(bcrypt, + [AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])], + [with_bcrypt=$withval], [with_bcrypt=no]) +@@ -307,6 +310,11 @@ if test "$with_sha_crypt" = "yes"; then + AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms]) + fi + ++AM_CONDITIONAL(USE_SM3_CRYPT, test "x$with_sm3_crypt" = "xyes") ++if test "$with_sm3_crypt" = "yes"; then ++ AC_DEFINE(USE_SM3_CRYPT, 1, [Define to allow the SM3 password encryption algorithms]) ++fi ++ + AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes") + if test "$with_bcrypt" = "yes"; then + AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm]) +@@ -752,6 +760,7 @@ echo " tcb support (incomplete): $with_tcb" + echo " shadow group support: $enable_shadowgrp" + echo " S/Key support: $with_skey" + echo " SHA passwords encryption: $with_sha_crypt" ++echo " SM3 passwords encryption: $with_sm3_crypt" + echo " bcrypt passwords encryption: $with_bcrypt" + echo " yescrypt passwords encryption: $with_yescrypt" + echo " nscd support: $with_nscd" +diff --git a/etc/login.defs b/etc/login.defs +index 114dbcd..fd310b7 100644 +--- a/etc/login.defs ++++ b/etc/login.defs +@@ -353,6 +353,23 @@ CHFN_RESTRICT rwh + #SHA_CRYPT_MIN_ROUNDS 5000 + #SHA_CRYPT_MAX_ROUNDS 5000 + ++# ++# Only works if ENCRYPT_METHOD is set to SM3. ++# ++# Define the number of SM3 rounds. ++# With a lot of rounds, it is more difficult to brute-force the password. ++# However, more CPU resources will be needed to authenticate users if ++# this value is increased. ++# ++# If not specified, the libc will choose the default number of rounds (5000), ++# which is orders of magnitude too low for modern hardware. ++# The values must be within the 1000-999999999 range. ++# If only one of the MIN or MAX values is set, then this value will be used. ++# If MIN > MAX, the highest value will be used. ++# ++#SM3_CRYPT_MAX_ROUNDS 5000 ++#SM3_CRYPT_MIN_ROUNDS 5000 ++ + # + # Only works if ENCRYPT_METHOD is set to BCRYPT. + # +diff --git a/lib/encrypt.c b/lib/encrypt.c +index c84a255..11b301b 100644 +--- a/lib/encrypt.c ++++ b/lib/encrypt.c +@@ -52,6 +52,9 @@ + case '6': + method = "SHA512"; + break; ++ case 's': // salt = $sm3$... ++ method = "SM3"; ++ break; + case 'y': + method = "YESCRYPT"; + break; +diff --git a/lib/getdef.c b/lib/getdef.c +index dcd1fe7..9a8089a 100644 +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -102,6 +102,10 @@ static struct itemdef def_table[] = { + {"SHA_CRYPT_MAX_ROUNDS", NULL}, + {"SHA_CRYPT_MIN_ROUNDS", NULL}, + #endif ++#ifdef USE_SM3_CRYPT ++ {"SM3_CRYPT_MAX_ROUNDS", NULL}, ++ {"SM3_CRYPT_MIN_ROUNDS", NULL}, ++#endif + #ifdef USE_BCRYPT + {"BCRYPT_MAX_ROUNDS", NULL}, + {"BCRYPT_MIN_ROUNDS", NULL}, +diff --git a/libmisc/obscure.c b/libmisc/obscure.c +index 3daaa95..644259d 100644 +--- a/libmisc/obscure.c ++++ b/libmisc/obscure.c +@@ -246,6 +246,9 @@ static /*@observer@*//*@null@*/const char *obscure_msg ( + || (strcmp (result, "SHA256") == 0) + || (strcmp (result, "SHA512") == 0) + #endif ++#ifdef USE_SM3_CRYPT ++ || (strcmp (result, "SM3") == 0) ++#endif + #ifdef USE_BCRYPT + || (strcmp (result, "BCRYPT") == 0) + #endif +diff --git a/libmisc/salt.c b/libmisc/salt.c +index e5f633a..df4b328 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c +@@ -63,6 +63,17 @@ + #define SHA_ROUNDS_MAX 999999999 + #endif + ++#ifdef USE_SM3_CRYPT ++/* Fixed salt len for sm3 crypt. */ ++#define SM3_CRYPT_SALT_SIZE 16 ++/* Default number of rounds if not explicitly specified. */ ++#define SM3_ROUNDS_DEFAULT 5000 ++/* Minimum number of rounds. */ ++#define SM3_ROUNDS_MIN 1000 ++/* Maximum number of rounds. */ ++#define SM3_ROUNDS_MAX 999999999 ++#endif ++ + #ifdef USE_YESCRYPT + /* + * Default number of base64 characters used for the salt. +@@ -95,13 +106,17 @@ static long read_random_bytes (void); + #if !USE_XCRYPT_GENSALT + static /*@observer@*/const char *gensalt (size_t salt_size); + #endif /* !USE_XCRYPT_GENSALT */ +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_SM3_CRYPT) + static long shadow_random (long min, long max); +-#endif /* USE_SHA_CRYPT || USE_BCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_SM3_CRYPT*/ + #ifdef USE_SHA_CRYPT + static /*@observer@*/unsigned long SHA_get_salt_rounds (/*@null@*/const int *prefered_rounds); + static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long rounds); + #endif /* USE_SHA_CRYPT */ ++#ifdef USE_SM3_CRYPT ++static /*@observer@*/const unsigned long SM3_get_salt_rounds (/*@null@*/int *prefered_rounds); ++static /*@observer@*/void SM3_salt_rounds_to_buf (char *buf, unsigned long rounds); ++#endif + #ifdef USE_BCRYPT + static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds); + static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long rounds); +@@ -195,7 +210,7 @@ end: + return randval; + } + +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_SM3_CRYPT) + /* + * Return a random number between min and max (both included). + * +@@ -217,7 +232,7 @@ static long shadow_random (long min, long max) + } + return ret; + } +-#endif /* USE_SHA_CRYPT || USE_BCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_SM3_CRYPT*/ + + #ifdef USE_SHA_CRYPT + /* Return the the rounds number for the SHA crypt methods. */ +@@ -293,6 +308,80 @@ static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long round + } + #endif /* USE_SHA_CRYPT */ + ++#ifdef USE_SM3_CRYPT ++/* Return the the rounds number for the SM3 crypt methods. */ ++static /*@observer@*/const unsigned long SM3_get_salt_rounds (/*@null@*/int *prefered_rounds) ++{ ++ unsigned long rounds; ++ ++ if (NULL == prefered_rounds) { ++ long min_rounds = getdef_long ("SM3_CRYPT_MIN_ROUNDS", -1); ++ long max_rounds = getdef_long ("SM3_CRYPT_MAX_ROUNDS", -1); ++ ++ if ((-1 == min_rounds) && (-1 == max_rounds)) { ++ rounds = SM3_ROUNDS_DEFAULT; ++ } ++ else { ++ if (-1 == min_rounds) { ++ min_rounds = max_rounds; ++ } ++ ++ if (-1 == max_rounds) { ++ max_rounds = min_rounds; ++ } ++ ++ if (min_rounds > max_rounds) { ++ max_rounds = min_rounds; ++ } ++ ++ rounds = (unsigned long) shadow_random (min_rounds, max_rounds); ++ } ++ } else if (0 == *prefered_rounds) { ++ rounds = SM3_ROUNDS_DEFAULT; ++ } else { ++ rounds = (unsigned long) *prefered_rounds; ++ } ++ ++ /* Sanity checks. The libc should also check this, but this ++ * protects against a rounds_prefix overflow. */ ++ if (rounds < SM3_ROUNDS_MIN) { ++ rounds = SM3_ROUNDS_MIN; ++ } ++ ++ if (rounds > SM3_ROUNDS_MAX) { ++ rounds = SM3_ROUNDS_MAX; ++ } ++ ++ return rounds; ++} ++ ++/* ++ * Fill a salt prefix specifying the rounds number for the SM3 crypt methods ++ * to a buffer. ++ */ ++static /*@observer@*/void SM3_salt_rounds_to_buf (char *buf, unsigned long rounds) ++{ ++ const size_t buf_begin = strlen (buf); ++ ++ /* Nothing to do here if SM3_ROUNDS_DEFAULT is used. */ ++ if (rounds == SM3_ROUNDS_DEFAULT) { ++ return; ++ } ++ ++ /* ++ * Check if the result buffer is long enough. ++ * We are going to write a maximum of 17 bytes, ++ * plus one byte for the terminator. ++ * rounds=XXXXXXXXX$ ++ * 00000000011111111 ++ * 12345678901234567 ++ */ ++ assert (GENSALT_SETTING_SIZE > buf_begin + 17); ++ ++ (void) snprintf (buf + buf_begin, 18, "rounds=%lu$", rounds); ++} ++#endif /* USE_SM3_CRYPT */ ++ + #ifdef USE_BCRYPT + /* Return the the rounds number for the BCRYPT method. */ + static /*@observer@*/unsigned long BCRYPT_get_salt_rounds (/*@null@*/const int *prefered_rounds) +@@ -463,7 +552,7 @@ static /*@observer@*/const char *gensalt (size_t salt_size) + * which can both be set inside the login.defs file. + * + * If meth is specified, an additional parameter can be provided. +- * * For the SHA256 and SHA512 method, this specifies the number of rounds ++ * * For the SHA256 and SHA512 and SM3 method, this specifies the number of rounds + * (if not NULL). + * * For the YESCRYPT method, this specifies the cost factor (if not NULL). + */ +@@ -515,6 +604,13 @@ static /*@observer@*/const char *gensalt (size_t salt_size) + rounds = SHA_get_salt_rounds ((int *) arg); + SHA_salt_rounds_to_buf (result, rounds); + #endif /* USE_SHA_CRYPT */ ++#ifdef USE_SM3_CRYPT ++ } else if (0 == strcmp (method, "SM3")) { ++ strcpy(result, "$sm3$"); ++ salt_len = SM3_CRYPT_SALT_SIZE; ++ rounds = SM3_get_salt_rounds ((int *) arg); ++ SM3_salt_rounds_to_buf (result, rounds); ++#endif /* USE_SM3_CRYPT */ + } else if (0 != strcmp (method, "DES")) { + fprintf (log_get_logfd(), + _("Invalid ENCRYPT_METHOD value: '%s'.\n" +diff --git a/src/chgpasswd.c b/src/chgpasswd.c +index d17acb6..9b00520 100644 +--- a/src/chgpasswd.c ++++ b/src/chgpasswd.c +@@ -39,15 +39,18 @@ + const char *Prog; + static bool eflg = false; + static bool md5flg = false; +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + static bool sflg = false; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + + static /*@null@*//*@observer@*/const char *crypt_method = NULL; + #define cflg (NULL != crypt_method) + #ifdef USE_SHA_CRYPT + static long sha_rounds = 5000; + #endif ++#ifdef USE_SM3_CRYPT ++static long sm3_rounds = 5000; ++#endif + #ifdef USE_BCRYPT + static long bcrypt_rounds = 13; + #endif +@@ -119,6 +122,9 @@ static /*@noreturn@*/void usage (int status) + #if defined(USE_YESCRYPT) + " YESCRYPT" + #endif ++#if defined(USE_SM3_CRYPT) ++ " SM3" ++ #endif + ); + (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); + (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); +@@ -126,11 +132,11 @@ static /*@noreturn@*/void usage (int status) + " the MD5 algorithm\n"), + usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) +- (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n" ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) ++ (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT, SM3\n" + " or YESCRYPT crypt algorithms\n"), + usageout); +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + (void) fputs ("\n", usageout); + + exit (status); +@@ -144,22 +150,22 @@ static /*@noreturn@*/void usage (int status) + static void process_flags (int argc, char **argv) + { + int c; +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + int bad_s; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + static struct option long_options[] = { + {"crypt-method", required_argument, NULL, 'c'}, + {"encrypted", no_argument, NULL, 'e'}, + {"help", no_argument, NULL, 'h'}, + {"md5", no_argument, NULL, 'm'}, + {"root", required_argument, NULL, 'R'}, +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + {"sha-rounds", required_argument, NULL, 's'}, +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + {NULL, 0, NULL, '\0'} + }; + while ((c = getopt_long (argc, argv, +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + "c:ehmR:s:", + #else + "c:ehmR:", +@@ -180,7 +186,7 @@ static void process_flags (int argc, char **argv) + break; + case 'R': /* no-op, handled in process_root_flag () */ + break; +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + case 's': + sflg = true; + bad_s = 0; +@@ -202,6 +208,12 @@ static void process_flags (int argc, char **argv) + bad_s = 1; + } + #endif /* USE_YESCRYPT */ ++#if defined(USE_SM3_CRYPT) ++ if (( (0 == strcmp (crypt_method, "SM3")) ++ && (0 == getlong(optarg, &sm3_rounds)))) { ++ bad_s = 1; ++ } ++#endif /* USE_SM3_CRYPT */ + if (bad_s != 0) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), +@@ -209,7 +221,7 @@ static void process_flags (int argc, char **argv) + usage (E_USAGE); + } + break; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + + default: + usage (E_USAGE); +@@ -228,7 +240,7 @@ static void process_flags (int argc, char **argv) + */ + static void check_flags (void) + { +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + if (sflg && !cflg) { + fprintf (stderr, + _("%s: %s flag is only allowed with the %s flag\n"), +@@ -259,6 +271,9 @@ static void check_flags (void) + #ifdef USE_YESCRYPT + && (0 != strcmp (crypt_method, "YESCRYPT")) + #endif /* USE_YESCRYPT */ ++#ifdef USE_SM3_CRYPT ++ && (0 != strcmp (crypt_method, "SM3")) ++#endif /* USE_SM3_CRYPT */ + ) { + fprintf (stderr, + _("%s: unsupported crypt method: %s\n"), +@@ -483,7 +498,7 @@ int main (int argc, char **argv) + if (md5flg) { + crypt_method = "MD5"; + } +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + if (sflg) { + #if defined(USE_SHA_CRYPT) + if ( (0 == strcmp (crypt_method, "SHA256")) +@@ -501,6 +516,11 @@ int main (int argc, char **argv) + arg = &yescrypt_cost; + } + #endif /* USE_YESCRYPT */ ++#if defined(USE_SM3_CRYPT) ++ if (0 == strcmp (crypt_method, "SM3")) { ++ arg = &sm3_rounds; ++ } ++#endif /* USE_SM3_CRYPT */ + } + #endif + salt = crypt_make_salt (crypt_method, arg); +diff --git a/src/chpasswd.c b/src/chpasswd.c +index 48d5178..9003c18 100644 +--- a/src/chpasswd.c ++++ b/src/chpasswd.c +@@ -38,7 +38,7 @@ + const char *Prog; + static bool eflg = false; + static bool md5flg = false; +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + static bool sflg = false; + #endif + +@@ -47,6 +47,9 @@ static /*@null@*//*@observer@*/const char *crypt_method = NULL; + #ifdef USE_SHA_CRYPT + static long sha_rounds = 5000; + #endif ++#ifdef USE_SM3_CRYPT ++static long sm3_rounds = 5000; ++#endif + #ifdef USE_BCRYPT + static long bcrypt_rounds = 13; + #endif +@@ -113,6 +116,9 @@ static /*@noreturn@*/void usage (int status) + #endif + #if defined(USE_YESCRYPT) + " YESCRYPT" ++#endif ++#if defined(USE_SM3_CRYPT) ++ " SM3" + #endif + ); + (void) fputs (_(" -e, --encrypted supplied passwords are encrypted\n"), usageout); +@@ -121,11 +127,11 @@ static /*@noreturn@*/void usage (int status) + " the MD5 algorithm\n"), + usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) +- (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n" ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) ++ (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT, SM3\n" + " or YESCRYPT crypt algorithms\n"), + usageout); +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + (void) fputs ("\n", usageout); + + exit (status); +@@ -139,23 +145,23 @@ static /*@noreturn@*/void usage (int status) + static void process_flags (int argc, char **argv) + { + int c; +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + int bad_s; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + static struct option long_options[] = { + {"crypt-method", required_argument, NULL, 'c'}, + {"encrypted", no_argument, NULL, 'e'}, + {"help", no_argument, NULL, 'h'}, + {"md5", no_argument, NULL, 'm'}, + {"root", required_argument, NULL, 'R'}, +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + {"sha-rounds", required_argument, NULL, 's'}, +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + {NULL, 0, NULL, '\0'} + }; + + while ((c = getopt_long (argc, argv, +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + "c:ehmR:s:", + #else + "c:ehmR:", +@@ -176,7 +182,7 @@ static void process_flags (int argc, char **argv) + break; + case 'R': /* no-op, handled in process_root_flag () */ + break; +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + case 's': + sflg = true; + bad_s = 0; +@@ -198,14 +204,20 @@ static void process_flags (int argc, char **argv) + bad_s = 1; + } + #endif /* USE_YESCRYPT */ +- if (bad_s != 0) { ++#if defined(USE_SM3_CRYPT) ++ if (( (0 == strcmp (crypt_method, "SM3")) ++ && (0 == getlong(optarg, &sm3_rounds)))) { ++ bad_s = 1; ++ } ++#endif /* USE_SM3_CRYPT */ ++ if (bad_s != 0) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (E_USAGE); + } + break; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + + default: + usage (E_USAGE); +@@ -224,7 +236,7 @@ static void process_flags (int argc, char **argv) + */ + static void check_flags (void) + { +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + if (sflg && !cflg) { + fprintf (stderr, + _("%s: %s flag is only allowed with the %s flag\n"), +@@ -249,6 +261,9 @@ static void check_flags (void) + &&(!IS_CRYPT_METHOD("SHA256")) + &&(!IS_CRYPT_METHOD("SHA512")) + #endif /* USE_SHA_CRYPT */ ++#ifdef USE_SM3_CRYPT ++ &&(!IS_CRYPT_METHOD("SM3")) ++#endif /* USE_SM3_CRYPT */ + #ifdef USE_BCRYPT + &&(!IS_CRYPT_METHOD("BCRYPT")) + #endif /* USE_BCRYPT */ +@@ -422,6 +437,11 @@ static const char *get_salt(void) + arg = &yescrypt_cost; + } + #endif /* USE_YESCRYPT */ ++#if defined(USE_SM3_CRYPT) ++ if (IS_CRYPT_METHOD("SM3")) { ++ arg = &sm3_rounds; ++ } ++#endif /* USE_SM3_CRYPT */ + } + #endif + return crypt_make_salt (crypt_method, arg); +diff --git a/src/newusers.c b/src/newusers.c +index deeb361..149670e 100644 +--- a/src/newusers.c ++++ b/src/newusers.c +@@ -58,12 +58,15 @@ static bool rflg = false; /* create a system account */ + #ifndef USE_PAM + static /*@null@*//*@observer@*/char *crypt_method = NULL; + #define cflg (NULL != crypt_method) +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_SM3_CRYPT) + static bool sflg = false; + #endif + #ifdef USE_SHA_CRYPT + static long sha_rounds = 5000; + #endif /* USE_SHA_CRYPT */ ++#ifdef USE_SM3_CRYPT ++static long sm3_rounds = 5000; ++#endif /* USE_SM3_CRYPT */ + #ifdef USE_BCRYPT + static long bcrypt_rounds = 13; + #endif /* USE_BCRYPT */ +@@ -129,6 +132,9 @@ static void usage (int status) + #endif + #if defined(USE_YESCRYPT) + " YESCRYPT" ++#endif ++#if defined(USE_SM3_CRYPT) ++ " SM3" + #endif + ); + #endif /* !USE_PAM */ +@@ -136,11 +142,11 @@ static void usage (int status) + (void) fputs (_(" -r, --system create system accounts\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + #ifndef USE_PAM +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) +- (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT\n" ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) ++ (void) fputs (_(" -s, --sha-rounds number of rounds for the SHA, BCRYPT, SM3\n" + " or YESCRYPT crypt algorithms\n"), + usageout); +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + #endif /* !USE_PAM */ + (void) fputs ("\n", usageout); + +@@ -436,6 +442,13 @@ static int update_passwd (struct passwd *pwd, const char *password) + } + } + #endif /* USE_YESCRYPT */ ++#if defined(USE_SM3_CRYPT) ++ if (sflg) { ++ if (0 == strcmp (crypt_method, "SM3")) { ++ crypt_arg = &sm3_rounds; ++ } ++ } ++#endif /* USE_SM3_CRYPT */ + } + + if ((NULL != crypt_method) && (0 == strcmp(crypt_method, "NONE"))) { +@@ -492,6 +505,13 @@ static int add_passwd (struct passwd *pwd, const char *password) + } + } + #endif /* USE_PAM */ ++#if defined(USE_SM3_CRYPT) ++ if (sflg) { ++ if (0 == strcmp (crypt_method, "SM3")) { ++ crypt_arg = &sm3_rounds; ++ } ++ } ++#endif /* USE_SM3_CRYPT */ + } + + /* +@@ -609,9 +629,9 @@ static void process_flags (int argc, char **argv) + { + int c; + #ifndef USE_PAM +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + int bad_s; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + #endif /* !USE_PAM */ + static struct option long_options[] = { + {"badname", no_argument, NULL, 'b'}, +@@ -622,20 +642,20 @@ static void process_flags (int argc, char **argv) + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, + #ifndef USE_PAM +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + {"sha-rounds", required_argument, NULL, 's'}, +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + #endif /* !USE_PAM */ + {NULL, 0, NULL, '\0'} + }; + + while ((c = getopt_long (argc, argv, + #ifndef USE_PAM +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + "c:bhrs:", +-#else /* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT */ ++#else /* !USE_SHA_CRYPT && !USE_BCRYPT && !USE_YESCRYPT && !USE_SM3_CRYPT */ + "c:bhr", +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + #else /* USE_PAM */ + "bhr", + #endif +@@ -658,7 +678,7 @@ static void process_flags (int argc, char **argv) + case 'R': /* no-op, handled in process_root_flag () */ + break; + #ifndef USE_PAM +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + case 's': + sflg = true; + bad_s = 0; +@@ -680,14 +700,20 @@ static void process_flags (int argc, char **argv) + bad_s = 1; + } + #endif /* USE_YESCRYPT */ +- if (bad_s != 0) { ++#if defined(USE_SM3_CRYPT) ++ if (( (0 == strcmp (crypt_method, "SM3")) ++ && (0 == getlong(optarg, &sm3_rounds)))) { ++ bad_s = 1; ++ } ++#endif /* USE_SM3_CRYPT */ ++ if (bad_s != 0) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), + Prog, optarg); + usage (EXIT_FAILURE); + } + break; +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + #endif /* !USE_PAM */ + default: + usage (EXIT_FAILURE); +@@ -721,14 +747,14 @@ static void process_flags (int argc, char **argv) + static void check_flags (void) + { + #ifndef USE_PAM +-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) ++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) || defined(USE_SM3_CRYPT) + if (sflg && !cflg) { + fprintf (stderr, + _("%s: %s flag is only allowed with the %s flag\n"), + Prog, "-s", "-c"); + usage (EXIT_FAILURE); + } +-#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ ++#endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT || USE_SM3_CRYPT */ + + if (cflg) { + if ( (0 != strcmp (crypt_method, "DES")) +@@ -738,6 +764,9 @@ static void check_flags (void) + && (0 != strcmp (crypt_method, "SHA256")) + && (0 != strcmp (crypt_method, "SHA512")) + #endif /* USE_SHA_CRYPT */ ++#ifdef USE_SM3_CRYPT ++ && (0 != strcmp (crypt_method, "SM3")) ++#endif /* USE_SM3_CRYPT */ + #ifdef USE_BCRYPT + && (0 != strcmp (crypt_method, "BCRYPT")) + #endif /* USE_BCRYPT */ +diff --git a/src/passwd.c b/src/passwd.c +index 8c6f81a..00711da 100644 +--- a/src/passwd.c ++++ b/src/passwd.c +@@ -84,7 +84,7 @@ static bool spw_locked = false; + #ifndef USE_PAM + /* + * Size of the biggest passwd: +- * $6$ 3 ++ * $sm3$ 5 + * rounds= 7 + * 999999999 9 + * $ 1 +@@ -93,7 +93,7 @@ static bool spw_locked = false; + * SHA512 123 + * nul 1 + * +- * total 161 ++ * total 163 + */ + static char crypt_passwd[256]; + static bool do_update_pwd = false; +@@ -263,6 +263,9 @@ static int new_password (const struct passwd *pw) + #ifdef USE_YESCRYPT + || (strcmp (method, "YESCRYPT") == 0) + #endif /* USE_YESCRYPT*/ ++#ifdef USE_SM3_CRYPT ++ || (strcmp (method, "SM3") == 0) ++#endif /* USE_SM3_CRYPT */ + + ) { + pass_max_len = -1; +-- +2.27.0 + diff --git a/shadow-bsd.txt b/shadow-bsd.txt new file mode 100644 index 0000000..a2c1609 --- /dev/null +++ b/shadow-bsd.txt @@ -0,0 +1,32 @@ +/* + * Copyright (c) 1990 - 1994, Julianne Frances Haugh + * Copyright (c) 1996 - 2000, Marek Michałkiewicz + * Copyright (c) 2000 - 2006, Tomasz Kłoczko + * Copyright (c) 2007 - 2011, Nicolas François + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the copyright holders or contributors may not be used to + * endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + diff --git a/shadow-utils.login.defs b/shadow-utils.login.defs new file mode 100644 index 0000000..1a04a8d --- /dev/null +++ b/shadow-utils.login.defs @@ -0,0 +1,306 @@ +# +# Please note that the parameters in this configuration file control the +# behavior of the tools from the shadow-utils component. None of these +# tools uses the PAM mechanism, and the utilities that use PAM (such as the +# passwd command) should therefore be configured elsewhere. Refer to +# /etc/pam.d/system-auth for more information. +# + +# +# Delay in seconds before being allowed another attempt after a login failure +# Note: When PAM is used, some modules may enforce a minimum delay (e.g. +# pam_unix(8) enforces a 2s delay) +# +#FAIL_DELAY 3 + +# Currently FAILLOG_ENAB is not supported + +# +# Enable display of unknown usernames when login(1) failures are recorded. +# +#LOG_UNKFAIL_ENAB no + +# Currently LOG_OK_LOGINS is not supported + +# Currently LASTLOG_ENAB is not supported + +# +# Limit the highest user ID number for which the lastlog entries should +# be updated. +# +# No LASTLOG_UID_MAX means that there is no user ID limit for writing +# lastlog entries. +# +#LASTLOG_UID_MAX + +# Currently MAIL_CHECK_ENAB is not supported + +# Currently OBSCURE_CHECKS_ENAB is not supported + +# Currently PORTTIME_CHECKS_ENAB is not supported + +# Currently QUOTAS_ENAB is not supported + +# Currently SYSLOG_SU_ENAB is not supported + +# +# Enable "syslog" logging of newgrp(1) and sg(1) activity. +# +#SYSLOG_SG_ENAB yes + +# Currently CONSOLE is not supported + +# Currently SULOG_FILE is not supported + +# Currently MOTD_FILE is not supported + +# Currently ISSUE_FILE is not supported + +# Currently TTYTYPE_FILE is not supported + +# Currently FTMP_FILE is not supported + +# Currently NOLOGINS_FILE is not supported + +# Currently SU_NAME is not supported + +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +MAIL_DIR /var/spool/mail +#MAIL_FILE .mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +#HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# Currently ENV_TZ is not supported + +# Currently ENV_HZ is not supported + +# +# The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +#ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin +#ENV_PATH PATH=/bin:/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a write(1) program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP as the number of such group +# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and +# set TTYPERM to either 622 or 600. +# +#TTYGROUP tty +#TTYPERM 0600 + +# Currently ERASECHAR, KILLCHAR and ULIMIT are not supported + +# Default initial "umask" value used by login(1) on non-PAM enabled systems. +# Default "umask" value for pam_umask(8) on PAM enabled systems. +# UMASK is also used by useradd(8) and newusers(8) to set the mode for new +# home directories if HOME_MODE is not set. +# 022 is the default value, but 027, or even 077, could be considered +# for increased privacy. There is no One True Answer here: each sysadmin +# must make up their mind. +UMASK 077 + +# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new +# home directories. +# If HOME_MODE is not set, the value of UMASK is used to create the mode. +#HOME_MODE 0700 + +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_MIN_LEN Minimum acceptable password length. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_MIN_LEN 5 +PASS_WARN_AGE 7 + +# Currently PASS_MIN_LEN is not supported + +# Currently SU_WHEEL_ONLY is not supported + +# Currently CRACKLIB_DICTPATH is not supported + +# +# Min/max values for automatic uid selection in useradd(8) +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +SYS_UID_MIN 201 +SYS_UID_MAX 999 +# Extra per user uids +SUB_UID_MIN 100000 +SUB_UID_MAX 600100000 +SUB_UID_COUNT 65536 + +# +# Min/max values for automatic gid selection in groupadd(8) +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +SYS_GID_MIN 201 +SYS_GID_MAX 999 +# Extra per user group ids +SUB_GID_MIN 100000 +SUB_GID_MAX 600100000 +SUB_GID_COUNT 65536 + +# +# Max number of login(1) retries if password is bad +# +#LOGIN_RETRIES 3 + +# +# Max time in seconds for login(1) +# +#LOGIN_TIMEOUT 60 + +# Currently PASS_CHANGE_TRIES is not supported + +# Currently PASS_ALWAYS_WARN is not supported + +# Currently PASS_MAX_LEN is not supported + +# Currently CHFN_AUTH is not supported + +# +# Which fields may be changed by regular users using chfn(1) - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +#CHFN_RESTRICT rwh + +# Currently LOGIN_STRING is not supported + +# Currently MD5_CRYPT_ENAB is not supported + +# +# If set to MD5, MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password (default) +# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password +# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password +# +ENCRYPT_METHOD SHA512 + +# +# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute-force the password. +# However, more CPU resources will be needed to authenticate users if +# this value is increased. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be within the 1000-999999999 range. +# +#SHA_CRYPT_MAX_ROUNDS 5000 + +# Currently SHA_CRYPT_MIN_ROUNDS is not supported + +# +# Only works if ENCRYPT_METHOD is set to BCRYPT. +# +# Define the number of BCRYPT rounds. +# With a lot of rounds, it is more difficult to brute-force the password. +# However, more CPU resources will be needed to authenticate users if +# this value is increased. +# +# If not specified, 13 rounds will be attempted. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +#BCRYPT_MIN_ROUNDS 13 +#BCRYPT_MAX_ROUNDS 31 + +# +# Only works if ENCRYPT_METHOD is set to YESCRYPT. +# +# Define the YESCRYPT cost factor. +# With a higher cost factor, it is more difficult to brute-force the password. +# However, more CPU time and more memory will be needed to authenticate users +# if this value is increased. +# +# If not specified, a cost factor of 5 will be used. +# The value must be within the 1-11 range. +# +#YESCRYPT_COST_FACTOR 5 + +# Currently CONSOLE_GROUPS is not supported + +# +# Should login be allowed if we can't cd to the home directory? +# Default is yes. +# +#DEFAULT_HOME yes + +# Currently ENVIRON_FILE is not supported + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enables userdel(8) to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + +# +# If set to a non-zero number, the shadow utilities will make sure that +# groups never have more than this number of users on one line. +# This permits to support split groups (groups split into multiple lines, +# with the same group ID, to avoid limitation of the line length in the +# group file). +# +# 0 is the default value and disables this feature. +# +#MAX_MEMBERS_PER_GROUP 0 + +# +# If useradd(8) should create home directories for users by default (non +# system users only). +# This option is overridden with the -M or -m flags on the useradd(8) +# command-line. +# +CREATE_HOME yes + +# +# Force use shadow, even if shadow passwd & shadow group files are +# missing. +# +#FORCE_SHADOW yes + +# +# Select the HMAC cryptography algorithm. +# Used in pam_timestamp module to calculate the keyed-hash message +# authentication code. +# +# Note: It is recommended to check hmac(3) to see the possible algorithms +# that are available in your system. +# +#HMAC_CRYPTO_ALGO SHA512 diff --git a/shadow-utils.useradd b/shadow-utils.useradd new file mode 100644 index 0000000..a7db290 --- /dev/null +++ b/shadow-utils.useradd @@ -0,0 +1,8 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +SHELL=/bin/bash +SKEL=/etc/skel +CREATE_MAIL_SPOOL=yes + diff --git a/shadow.spec b/shadow.spec new file mode 100644 index 0000000..e1a7176 --- /dev/null +++ b/shadow.spec @@ -0,0 +1,355 @@ +Name: shadow +Version: 4.13 +Release: 7 +Epoch: 2 +License: BSD and GPLv2+ +Summary: Tools for managing accounts and shadow password files +URL: http://pkg-shadow.alioth.debian.org/ +Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source2: shadow-utils.useradd +Source3: shadow-utils.login.defs +Source4: shadow-bsd.txt +Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt +Source6: chpasswd +Source7: newusers + +%global includesubiddir %{_includedir}/shadow + +# fix unknown item 'LASTLOG_MAX_UID' +Patch0: usermod-unlock.patch +Patch1: backport-useradd-check-if-subid-range-exists-for-user.patch +Patch2: shadow-add-sm3-crypt-support.patch +Patch3: backport-Fix-off-by-one-mistakes.patch +Patch4: backport-Fix-typos-in-length-calculations.patch +Patch5: backport-Correctly-handle-illegal-system-file-in-tz.patch +Patch6: backport-Explicitly-override-only-newlines.patch +Patch7: backport-Prevent-out-of-boundary-access.patch +Patch8: backport-Added-control-character-check.patch +Patch9: backport-Overhaul-valid_field.patch +Patch10: backport-Read-whole-line-in-yes_or_no.patch +Patch11: backport-commonio-free-removed-database-entries.patch +Patch12: backport-semanage-disconnect-to-free-libsemanage-internals.patch +Patch13: backport-run_parts-for-groupadd-and-groupdel.patch +Patch14: shadow-Remove-encrypted-passwd-for-useradd-gr.patch +Patch15: backport-chgpasswd-fix-segfault-in-command-line-options.patch + +BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel +BuildRequires: libacl-devel, libattr-devel +BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds +BuildRequires: autoconf, automake, libtool, gettext-devel, itstool, pam-devel +Requires: libselinux +Requires: audit-libs +Requires: setup +Requires(pre): coreutils +Requires(post): coreutils +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +Provides: shadow-utils = %{version}-%{release} +Obsoletes: shadow-utils < %{version}-%{release} + +%description +This package includes the necessary programs for converting plain +password files to the shadow password format and to manage user and +group accounts. + +%package subid-devel +Summary: Development package for shadow-utils-subid +License: BSD and GPLv2+ + +%description subid-devel +Development files for shadow-utils-subid. + +%package_help + +%prep +%autosetup -n shadow-%{version} -p1 + +iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 +cp -f doc/HOWTO.utf8 doc/HOWTO + +cp -a %{SOURCE4} %{SOURCE5} . + +%build +export CFLAGS="$RPM_OPT_FLAGS -fpie" +export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" + +autoreconf -fiv +%configure \ + --enable-shadowgrp \ + --enable-man \ + --with-audit \ + --with-sha-crypt \ + --with-selinux \ + --without-libcrack \ + --with-libpam \ + --enable-shared \ + --with-group-name-max-length=32 +%make_build + +%install +rm -rf $RPM_BUILD_ROOT +%make_install gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs +install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default +install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs +install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd +install -p -c -m 0644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chpasswd +install -p -c -m 0644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/newusers + +ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser +ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8 +for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do + test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8 +done + +# Remove binaries we don't use. +rm $RPM_BUILD_ROOT/%{_bindir}/chfn +rm $RPM_BUILD_ROOT/%{_bindir}/chsh +rm $RPM_BUILD_ROOT/%{_bindir}/expiry +rm $RPM_BUILD_ROOT/%{_bindir}/groups +rm $RPM_BUILD_ROOT/%{_bindir}/login +rm $RPM_BUILD_ROOT/%{_bindir}/passwd +rm $RPM_BUILD_ROOT/%{_bindir}/su +rm $RPM_BUILD_ROOT/%{_bindir}/faillog +rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd +rm $RPM_BUILD_ROOT/%{_sbindir}/nologin +rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chfn.* +rm $RPM_BUILD_ROOT/%{_mandir}/man1/chsh.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chsh.* +rm $RPM_BUILD_ROOT/%{_mandir}/man1/expiry.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/expiry.* +rm $RPM_BUILD_ROOT/%{_mandir}/man1/groups.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/groups.* +rm $RPM_BUILD_ROOT/%{_mandir}/man1/login.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/login.* +rm $RPM_BUILD_ROOT/%{_mandir}/man1/passwd.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/passwd.* +rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.* +rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.* +rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.* +rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.* +rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.* +rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.* +rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.* +rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.* +rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.* +rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chfn +rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chsh +rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/login +rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/passwd +rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/su + +find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete +%find_lang shadow +for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do + dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||") + lang=$(basename $dir) +done + +# Move subid.h to its own folder +echo $(ls) +mkdir -p $RPM_BUILD_ROOT/%{includesubiddir} +install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/ + +# Remove .la files created by libsubid +rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a} + +%files -f shadow.lang +%doc NEWS doc/HOWTO README +%{!?_licensedir:%global license %%doc} +%license gpl-2.0.txt shadow-bsd.txt +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/login.defs +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd +%{_bindir}/sg +%attr(4755,root,root) %{_bindir}/chage +%attr(4755,root,root) %{_bindir}/gpasswd +%{_bindir}/lastlog +%attr(4755,root,root) %{_bindir}/newgrp +%attr(4755,root,root) %{_bindir}/newgidmap +%attr(4755,root,root) %{_bindir}/newuidmap +%{_sbindir}/adduser +%attr(0755,root,root) %{_sbindir}/user* +%attr(0755,root,root) %{_sbindir}/group* +%{_bindir}/getsubids +%{_sbindir}/grpck +%{_sbindir}/pwck +%{_sbindir}/*conv +%{_sbindir}/chpasswd +%{_sbindir}/chgpasswd +%{_sbindir}/newusers +%{_sbindir}/vipw +%{_sbindir}/vigr +%{_sysconfdir}/pam.d/chpasswd +%{_sysconfdir}/pam.d/groupmems +%{_sysconfdir}/pam.d/newusers + +%files subid-devel +%{_libdir}/libsubid.so.* +%{includesubiddir}/subid.h +%{_libdir}/libsubid.so + +%files help +%{_mandir}/*/* + +%changelog +* Wed Sep 20 2023 lvgenggeng - 2:4.13-7 +- backport patches from upstream + +* Fri Aug 11 2023 xiongshenglan - 2:4.13-6 +- Remove encrypted passwd for useradd-groupadd-groupmod-usermod + +* Mon Jun 19 2023 yunjia_w - 2:4.13-5 +- backport patches from upstream + +* Thu Apr 20 2023 yunjia_w - 2:4.13-4 +- fix CVE-2023-29383 + +* Thu Mar 23 2023 fuanan - 2:4.13-3 +- backport patches from upstream + +* Thu Feb 9 2023 yunjia_w - 2:4.13-2 +- SM3 patch is compatible with version 4.13 + +* Wed Feb 8 2023 yunjia_w - 2:4.13-1 +- update version to 4.13 + +* Thu Dec 1 2022 xiongshenglan - 2:4.9-8 +- backport useradd check if subid range exists for user + +* Tue Nov 22 2022 yunjia_w - 2:4.9-7 +- chpasswd fix function problem with R parameter + +* Mon Oct 31 2022 yunjia_w - 2:4.9-6 +- add some backport to optimize some functions + +* Tue Aug 23 2022 fushanqing - 2:4.9-5 +- remove patch 'shadow-4.1.5.1-var-lock.patch' and 'shadow-utils-fix-lock-file-residue.patch' + +* Tue Aug 2 2022 zhengxiaoxiao - 2:4.9-4 +- add-sm3-crypt-support.patch add update release to 4.9-4 + +* Mon Feb 21 2022 panxiaohe - 2:4.9-1 +- update to 4.9 +- synchronized login.defs with upstream file +- useradd: modify check ID range for system users + +* Thu Sep 30 2021 steven Y.Gui - 2:4.8.1-7 +- backport some patches to fix memory leak + +* Mon Jul 26 2021 wangchen - 2:4.8.1-6 +- delete unnecessary gdb from BuildRequires + +* Thu Apr 29 2021 Hugel - 2:4.8.1-5 +- shadow should depend on audit-libs + +* Thu Jul 9 2020 Anakin Zhang - 2:4.8.1-4 +- fix zh_CN typo + +* Sun Jun 28 2020 Anakin Zhang - 2:4.8.1-3 +- generate /var/spool/mail/$USER with the proper SELinux user identity + +* Tue May 12 2020 steven - 2:4.8.1-2 +- Enable --with-libpam config during compiling + +* Fri Apr 24 2020 steven - 2:4.8.1-1 +- Upgrade version to 4.8.1 + +* Sat Mar 21 2020 openEuler Buildteam - 2:4.7-10 +- Only package man file into shadow-help; add buildrequires of gdb + +* Tue Mar 17 2020 openEuler Buildteam - 2:4.7-9 +- Remove redundant file + +* Fri Feb 21 2020 openEuler Buildteam - 2:4.7-8 +- Remove redundant patches + +* Thu Feb 6 2020 openEuler Buildteam - 2:4.7-7 +- User name can start with an upper case letter + +* Sat Jan 18 2020 openEuler Buildteam - 2:4.7-6 +- Delete ALWAYS_SET_PATH, which has been set by security-tool + +* Thu Jan 16 2020 openEuler Buildteam - 2:4.7-5 +- Fix unknown item 'LASTLOG_MAX_UID' + +* Sun Jan 12 2020 openEuler Buildteam - 2:4.7-4 +- Delete unused patch + +* Thu Dec 19 2019 openEuler Buildteam - 2:4.7-3 +- Delete unused infomation + +* Mon Dec 16 2019 openEuler Buildteam - 2:4.7-2 +- fix invaild path + +* Thu Aug 29 2019 hexiaowen - 2:4.7-1 +- update to 4.7 + +* Tue Aug 20 2019 guoxiaoqi - 2:4.6-2.h9 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:rename patches + +* Thu Aug 8 2019 guoxiaoqi - 2:4.6-2.h8 +- Type:NA +- ID:NA +- SUG:NA +- DESC: format patches + +* Thu Aug 1 2019 Jiangchuangang - 2:4.6-2.h7 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:openEuler Debranding + +* Fri May 3 2019 lubing - 2:4.6-2.h6 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:fix lock file residue + +* Tue Mar 12 2019 yangzhuangzhuang - 2:4.6-2.h5 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:su.c: run pam_getenvlist() after setup_env + Log UID in nologin + Fix some issues found in Coverity scan. + useradd: fix segfault trying to overwrite const data with mkstemp + Fix the default mentioned in man page for SUB_UID/GID_COUNT variables. + +* Wed Mar 6 2019 hanzhijun - 2:4.6-2.h4 +- Type:bugfix +- ID:NA +- SUG:NA + DESC:shadow 4.1.5.1 var lock + +* Thu Jan 31 2019 liuqianya - 2:4.6-2.h3 +- Type:bugfix +- ID:NA +- SUG:NA + DESC:Revert"shadow 4.1.5.1 var lock" + +* Mon Jan 28 2019 liuqianya - 2:4.6-2.h2 +- Type:bugfix +- ID:NA +- SUG:NA + DESC:Revert "shadow-utils: sync patches" + +* Fri Jan 25 2019 liuqianya - 2:4.6-2.h1 +- Type:bugfix +- ID:NA +- SUG:NA + DESC:add ruserok to avoid compilation failure + hulk shadow remove passwd param for useradd + shadow 4.1.5.1 var lock + +* Sat Jul 14 2018 Jiangchuangang - 2:4.6-2 +- Package Initialization diff --git a/sources b/sources new file mode 100644 index 0000000..9256ec2 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +b1ab01b5462ddcf43588374d57bec123 shadow-4.13.tar.xz diff --git a/usermod-unlock.patch b/usermod-unlock.patch new file mode 100644 index 0000000..ff9602d --- /dev/null +++ b/usermod-unlock.patch @@ -0,0 +1,65 @@ +Index: shadow-4.5/src/usermod.c +=================================================================== +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -466,14 +466,17 @@ static char *new_pw_passwd (char *pw_pass) + strcat (buf, pw_pass); + pw_pass = buf; + } else if (Uflg && pw_pass[0] == '!') { +- char *s; ++ char *s = pw_pass; + +- if (pw_pass[1] == '\0') { ++ while ('!' == *s) ++ ++s; ++ ++ if (*s == '\0') { + fprintf (stderr, + _("%s: unlocking the user's password would result in a passwordless account.\n" + "You should set a password with usermod -p to unlock this user's password.\n"), + Prog); +- return pw_pass; ++ return NULL; + } + + #ifdef WITH_AUDIT +@@ -482,12 +485,15 @@ static char *new_pw_passwd (char *pw_pass) + user_newname, (unsigned int) user_newid, 0); + #endif + SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname)); +- s = pw_pass; +- while ('\0' != *s) { +- *s = *(s + 1); +- s++; +- } ++ memmove (pw_pass, s, strlen (s) + 1); + } else if (pflg) { ++ if (strchr (user_pass, ':') != NULL) { ++ fprintf (stderr, ++ _("%s: The password field cannot contain a colon character.\n"), ++ Prog); ++ return NULL; ++ ++ } + #ifdef WITH_AUDIT + audit_logger (AUDIT_USER_CHAUTHTOK, Prog, + "changing password", +@@ -536,6 +542,8 @@ static void new_pwent (struct passwd *pwent) + if ( (!is_shadow_pwd) + || (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) { + pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd); ++ if (pwent->pw_passwd == NULL) ++ fail_exit (E_PW_UPDATE); + } + + if (uflg) { +@@ -650,6 +658,8 @@ static void new_spent (struct spwd *spent) + * + aging has been requested + */ + spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp); ++ if (spent->sp_pwdp == NULL) ++ fail_exit(E_PW_UPDATE); + + if (pflg) { + spent->sp_lstchg = (long) gettime () / SCALE; + -- cgit v1.2.3