From 5ca6eb3ac2c6acdf677af7b4de42bbfae5b0a60b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Honza=20Hor=C3=A1k?= Date: Fri, 9 Sep 2011 16:37:49 +0200 Subject: [PATCH] Added YP_PASSWD_HASH environment variable to set default algorithm for hashing a new password Resolves: #699666 --- yp-tools-2.12-hash.patch | 68 ++++++++++++++++++++++++++++++++++++++++ yp-tools.spec | 9 +++++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 yp-tools-2.12-hash.patch diff --git a/yp-tools-2.12-hash.patch b/yp-tools-2.12-hash.patch new file mode 100644 index 0000000..e5aaa0b --- /dev/null +++ b/yp-tools-2.12-hash.patch @@ -0,0 +1,68 @@ +diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in +--- yp-tools-2.12/man/yppasswd.1.in.hash 2011-09-09 16:18:49.469037058 +0200 ++++ yp-tools-2.12/man/yppasswd.1.in 2011-09-09 16:20:19.101030930 +0200 +@@ -81,6 +81,12 @@ for authentication with the + .BR yppasswdd (8) + daemon. Subsequently, the + program prompts for the updated information: ++.P ++If we use shadowing passwords using passwd.adjunct, SHA-512 will be ++used for hashing a new password by default. If we want to use MD5, ++SHA_256 or older DES, we need to set the environment variable ++YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and ++"SHA-512" (value is case-insensitive). + .\" + .\" + .IP "\fByppasswd\fP or \fB-p\fP" +diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c +--- yp-tools-2.12/src/yppasswd.c.hash 2011-09-09 16:20:35.360029823 +0200 ++++ yp-tools-2.12/src/yppasswd.c 2011-09-09 16:25:21.589010245 +0200 +@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_ + close (fd); + } + ++ ++/* ++ * Reads environment variable YP_PASSWD_HASH and returns hash id. ++ * Possible values are MD5, SHA-256, SHA-512 and DES. ++ * If other value is set or it is not set at all, SHA-512 is used. ++ */ ++static int ++get_env_hash_id() ++{ ++ const char *v = getenv("YP_PASSWD_HASH"); ++ if (!v) ++ return SHA_512; ++ ++ if (!strcasecmp(v, "DES")) ++ return DES; ++ ++ if (!strcasecmp(v, "SHA-256")) ++ return SHA_256; ++ ++ if (!strcasecmp(v, "MD5")) ++ return MD5; ++ ++ return SHA_512; ++} ++ ++ + int + main (int argc, char **argv) + { +@@ -723,6 +749,15 @@ main (int argc, char **argv) + + hash_id = get_hash_id (pwd->pw_passwd); + ++ /* If we use passwd.adjunct, there is no magic value like $1$ in the ++ * beginning of password, but ##username instead. Thus, SHA_512 will be ++ * used for hashing a new password by default. If we want to use DES, ++ * MD5 or SHA_256, we need to set the environment variable ++ * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES). ++ */ ++ if (strncmp(pwd->pw_passwd, "##", 2) == 0) ++ hash_id = get_env_hash_id(); ++ + /* Preserve 'rounds=$' (if present) in case of SHA-2 */ + if (hash_id == SHA_256 || hash_id == SHA_512) + { diff --git a/yp-tools.spec b/yp-tools.spec index c705a15..0b067b1 100644 --- a/yp-tools.spec +++ b/yp-tools.spec @@ -1,7 +1,7 @@ Summary: NIS (or YP) client programs Name: yp-tools Version: 2.12 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Group: System Environment/Base Source: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/yp-tools-%{version}.tar.bz2 @@ -9,6 +9,7 @@ Source: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/yp-tools-%{version}.tar.bz2 Patch0: yp-tools-2.11-shadow.patch Patch1: yp-tools-2.12-typo.patch Patch2: yp-tools-2.12-gethost.patch +Patch3: yp-tools-2.12-hash.patch Url: http://www.linux-nis.org/nis/yp-tools/index.html Requires: ypbind @@ -37,6 +38,7 @@ you'll need to install the ypserv package on one machine on the network. %patch0 -p1 -b .shadow %patch1 -p1 -b .typo %patch2 -p1 -b .gethost +%patch3 -p1 -b .hash %build %configure --disable-domainname @@ -58,6 +60,11 @@ make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install /var/yp/nicknames %changelog +* Fri Sep 09 2011 Honza Horak - 2.12-7 +- Added YP_PASSWD_HASH environment variable to set default + algorithm for hashing a new password + Resolves: #699666 + * Wed May 04 2011 Honza Horak - 2.12-6 - Applied -gethost patch to check return value (rhbz#698619)