|
|
673c78 |
From a1dfd3c737f7dad832b0f6ec975bcc5c9cc80ffe Mon Sep 17 00:00:00 2001
|
|
|
673c78 |
From: Karel Zak <kzak@redhat.com>
|
|
|
673c78 |
Date: Wed, 24 Aug 2022 12:20:25 +0200
|
|
|
673c78 |
Subject: lslogins: support more password methods
|
|
|
673c78 |
|
|
|
673c78 |
* detect more hashing methods
|
|
|
673c78 |
|
|
|
673c78 |
* don't care about hash size
|
|
|
673c78 |
|
|
|
673c78 |
* follow crypt(5) when check for valid chars
|
|
|
673c78 |
|
|
|
673c78 |
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2094216
|
|
|
673c78 |
Upstream: http://github.com/util-linux/util-linux/commit/2b9373e06243d5adf93d627916a5421b34a7e63f
|
|
|
673c78 |
Reported-by: Radka Skvarilova <rskvaril@redhat.com>
|
|
|
673c78 |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
673c78 |
---
|
|
|
673c78 |
login-utils/lslogins.c | 66 +++++++++++++++++++++++++++---------------
|
|
|
673c78 |
1 file changed, 42 insertions(+), 24 deletions(-)
|
|
|
673c78 |
|
|
|
673c78 |
diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
|
|
|
673c78 |
index 56431212d..22e3cd23e 100644
|
|
|
673c78 |
--- a/login-utils/lslogins.c
|
|
|
673c78 |
+++ b/login-utils/lslogins.c
|
|
|
673c78 |
@@ -598,7 +598,7 @@ static int get_nprocs(const uid_t uid)
|
|
|
673c78 |
}
|
|
|
673c78 |
#endif
|
|
|
673c78 |
|
|
|
673c78 |
-static const char *get_pwd_method(const char *str, const char **next, unsigned int *sz)
|
|
|
673c78 |
+static const char *get_pwd_method(const char *str, const char **next)
|
|
|
673c78 |
{
|
|
|
673c78 |
const char *p = str;
|
|
|
673c78 |
const char *res = NULL;
|
|
|
673c78 |
@@ -606,32 +606,50 @@ static const char *get_pwd_method(const char *str, const char **next, unsigned i
|
|
|
673c78 |
if (!p || *p++ != '$')
|
|
|
673c78 |
return NULL;
|
|
|
673c78 |
|
|
|
673c78 |
- if (sz)
|
|
|
673c78 |
- *sz = 0;
|
|
|
673c78 |
-
|
|
|
673c78 |
switch (*p) {
|
|
|
673c78 |
case '1':
|
|
|
673c78 |
res = "MD5";
|
|
|
673c78 |
- if (sz)
|
|
|
673c78 |
- *sz = 22;
|
|
|
673c78 |
break;
|
|
|
673c78 |
case '2':
|
|
|
673c78 |
- p++;
|
|
|
673c78 |
- if (*p == 'a' || *p == 'y')
|
|
|
673c78 |
+ switch(*(p+1)) {
|
|
|
673c78 |
+ case 'a':
|
|
|
673c78 |
+ case 'y':
|
|
|
673c78 |
+ p++;
|
|
|
673c78 |
res = "Blowfish";
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ case 'b':
|
|
|
673c78 |
+ p++;
|
|
|
673c78 |
+ res = "bcrypt";
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ }
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ case '3':
|
|
|
673c78 |
+ res = "NT";
|
|
|
673c78 |
break;
|
|
|
673c78 |
case '5':
|
|
|
673c78 |
res = "SHA-256";
|
|
|
673c78 |
- if (sz)
|
|
|
673c78 |
- *sz = 43;
|
|
|
673c78 |
break;
|
|
|
673c78 |
case '6':
|
|
|
673c78 |
res = "SHA-512";
|
|
|
673c78 |
- if (sz)
|
|
|
673c78 |
- *sz = 86;
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ case '7':
|
|
|
673c78 |
+ res = "scrypt";
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ case 'y':
|
|
|
673c78 |
+ res = "yescrypt";
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ case 'g':
|
|
|
673c78 |
+ if (*(p + 1) == 'y') {
|
|
|
673c78 |
+ p++;
|
|
|
673c78 |
+ res = "gost-yescrypt";
|
|
|
673c78 |
+ }
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
+ case '_':
|
|
|
673c78 |
+ res = "bsdicrypt";
|
|
|
673c78 |
break;
|
|
|
673c78 |
default:
|
|
|
673c78 |
- return NULL;
|
|
|
673c78 |
+ res = "unknown";
|
|
|
673c78 |
+ break;
|
|
|
673c78 |
}
|
|
|
673c78 |
p++;
|
|
|
673c78 |
|
|
|
673c78 |
@@ -642,7 +660,10 @@ static const char *get_pwd_method(const char *str, const char **next, unsigned i
|
|
|
673c78 |
return res;
|
|
|
673c78 |
}
|
|
|
673c78 |
|
|
|
673c78 |
-#define is_valid_pwd_char(x) (isalnum((unsigned char) (x)) || (x) == '.' || (x) == '/')
|
|
|
673c78 |
+#define is_invalid_pwd_char(x) (isspace((unsigned char) (x)) || \
|
|
|
673c78 |
+ (x) == ':' || (x) == ';' || (x) == '*' || \
|
|
|
673c78 |
+ (x) == '!' || (x) == '\\')
|
|
|
673c78 |
+#define is_valid_pwd_char(x) (isascii((unsigned char) (x)) && !is_invalid_pwd_char(x))
|
|
|
673c78 |
|
|
|
673c78 |
/*
|
|
|
673c78 |
* This function do not accept empty passwords or locked accouns.
|
|
|
673c78 |
@@ -650,17 +671,16 @@ static const char *get_pwd_method(const char *str, const char **next, unsigned i
|
|
|
673c78 |
static int valid_pwd(const char *str)
|
|
|
673c78 |
{
|
|
|
673c78 |
const char *p = str;
|
|
|
673c78 |
- unsigned int sz = 0, n;
|
|
|
673c78 |
|
|
|
673c78 |
if (!str || !*str)
|
|
|
673c78 |
return 0;
|
|
|
673c78 |
|
|
|
673c78 |
/* $id$ */
|
|
|
673c78 |
- if (get_pwd_method(str, &p, &sz) == NULL)
|
|
|
673c78 |
+ if (get_pwd_method(str, &p) == NULL)
|
|
|
673c78 |
return 0;
|
|
|
673c78 |
+
|
|
|
673c78 |
if (!p || !*p)
|
|
|
673c78 |
return 0;
|
|
|
673c78 |
-
|
|
|
673c78 |
/* salt$ */
|
|
|
673c78 |
for (; *p; p++) {
|
|
|
673c78 |
if (*p == '$') {
|
|
|
673c78 |
@@ -670,17 +690,15 @@ static int valid_pwd(const char *str)
|
|
|
673c78 |
if (!is_valid_pwd_char(*p))
|
|
|
673c78 |
return 0;
|
|
|
673c78 |
}
|
|
|
673c78 |
+
|
|
|
673c78 |
if (!*p)
|
|
|
673c78 |
return 0;
|
|
|
673c78 |
-
|
|
|
673c78 |
/* encrypted */
|
|
|
673c78 |
- for (n = 0; *p; p++, n++) {
|
|
|
673c78 |
- if (!is_valid_pwd_char(*p))
|
|
|
673c78 |
+ for (; *p; p++) {
|
|
|
673c78 |
+ if (!is_valid_pwd_char(*p)) {
|
|
|
673c78 |
return 0;
|
|
|
673c78 |
+ }
|
|
|
673c78 |
}
|
|
|
673c78 |
-
|
|
|
673c78 |
- if (sz && n != sz)
|
|
|
673c78 |
- return 0;
|
|
|
673c78 |
return 1;
|
|
|
673c78 |
}
|
|
|
673c78 |
|
|
|
673c78 |
@@ -863,7 +881,7 @@ static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const c
|
|
|
673c78 |
|
|
|
673c78 |
while (p && (*p == '!' || *p == '*'))
|
|
|
673c78 |
p++;
|
|
|
673c78 |
- user->pwd_method = get_pwd_method(p, NULL, NULL);
|
|
|
673c78 |
+ user->pwd_method = get_pwd_method(p, NULL);
|
|
|
673c78 |
} else
|
|
|
673c78 |
user->pwd_method = NULL;
|
|
|
673c78 |
break;
|
|
|
673c78 |
--
|
|
|
673c78 |
2.37.2
|
|
|
673c78 |
|