1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
From 280a8474ad87f44f9620eeac75cbf8a34b5edc2f Mon Sep 17 00:00:00 2001
From: xiongshenglan <xiongshenglan@huawei.com>
Date: Thu, 27 Jul 2023 09:30:16 +0800
Subject: [PATCH] shadow: Remove encrypted passwd for
useradd-groupadd-groupmod-usermod
Remove encrypted passwd for useradd/groupadd/groupmod/usermod
In groupadd/useradd, p parameter does not meet password complexity checks. Do
not satisfy security requirements.
Signed-off-by: xiongshenglan <xiongshenglan@huawei.com>
---
src/groupadd.c | 4 ++++
src/groupmod.c | 4 ++++
src/useradd.c | 4 ++++
src/usermod.c | 4 ++++
4 files changed, 16 insertions(+)
diff --git a/src/groupadd.c b/src/groupadd.c
index d7f68b1..9b7a521 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -125,7 +125,9 @@ static /*@noreturn@*/void usage (int status)
(void) fputs (_(" -K, --key KEY=VALUE override /etc/login.defs defaults\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
" (non-unique) GID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
+#endif
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DI directory prefix\n"), usageout);
@@ -459,10 +461,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p':
pflg = true;
group_passwd = optarg;
break;
+#endif
case 'r':
rflg = true;
break;
diff --git a/src/groupmod.c b/src/groupmod.c
index acd6f35..f9dcabd 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -139,8 +139,10 @@ static void usage (int status)
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -n, --new-name NEW_GROUP change the name to NEW_GROUP\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
" PASSWORD\n"), usageout);
+#endif
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
(void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout);
@@ -449,10 +451,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p':
group_passwd = optarg;
pflg = true;
break;
+#endif
case 'R': /* no-op, handled in process_root_flag () */
break;
case 'P': /* no-op, handled in process_prefix_flag () */
diff --git a/src/useradd.c b/src/useradd.c
index 89abd5e..e5ba3dd 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -907,7 +907,9 @@ static void usage (int status)
" the user\n"), usageout);
(void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
" (non-unique) UID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
+#endif
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
@@ -1366,6 +1368,7 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p': /* set encrypted password */
if (!VALID (optarg)) {
fprintf (stderr,
@@ -1375,6 +1378,7 @@ static void process_flags (int argc, char **argv)
}
user_pass = optarg;
break;
+#endif
case 'r':
rflg = true;
break;
diff --git a/src/usermod.c b/src/usermod.c
index ca8db92..509a50b 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -384,7 +384,9 @@ static /*@noreturn@*/void usage (int status)
(void) fputs (_(" -m, --move-home move contents of the home directory to the\n"
" new location (use only with -d)\n"), usageout);
(void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
(void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
+#endif
(void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
(void) fputs (_(" -r, --remove remove the user from only the supplemental GROUPS\n"
" mentioned by the -G option without removing\n"
@@ -1121,10 +1123,12 @@ static void process_flags (int argc, char **argv)
case 'o':
oflg = true;
break;
+#ifndef CONFIG_SHADOW_REMOVE_POPTION
case 'p':
user_pass = optarg;
pflg = true;
break;
+#endif
case 'r':
rflg = true;
break;
--
2.12.3
|
