emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

News options -c/--crypt-method -s/--sha-rounds to newusers.

Browse Source 
Document also new login.defs variables.
This commit is contained in:
nekral-guest 2007-11-23 20:24:42 +00:00
parent acba134aae
commit 1cc6fd0d16
3 changed files with 112 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2007-11-23 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/newusers.c: New options -c/--crypt-method
-s/--sha-rounds.
2007-11-23 Nicolas François <nicolas.francois@centraliens.net> 2007-11-23 Nicolas François <nicolas.francois@centraliens.net>
* src/chpasswd.c: Added crypt method: NONE. * src/chpasswd.c: Added crypt method: NONE.

5
NEWS
View File

@ -50,6 +50,11 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED
better support for split groups. Be careful when using this variable: better support for split groups. Be careful when using this variable:
not all tools support well split groups (in or out of the shadow not all tools support well split groups (in or out of the shadow
tool suite). It fixes gpasswd and chgpasswd when split groups are used. tool suite). It fixes gpasswd and chgpasswd when split groups are used.
- Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and
SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the
passwords.
- chpaswd, chgpasswd, newusers: New options -c/--crypt-method and
-s/--sha-rounds to supersede the system default encryption algorithm.
*** documentation: *** documentation:
- Generate the translated manpages from PO at build time. - Generate the translated manpages from PO at build time.

113
src/newusers.c
View File

@ -43,6 +43,7 @@
#include <pwd.h> #include <pwd.h>
#include <grp.h> #include <grp.h>
#include <fcntl.h> #include <fcntl.h>
#include <getopt.h>
#ifdef USE_PAM #ifdef USE_PAM
#include "pam_defs.h" #include "pam_defs.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
@ -57,6 +58,11 @@
* Global variables * Global variables
*/ */
static char *Prog; static char *Prog;
static int cflg = 0;
static int sflg = 0;
static char *crypt_method = NULL;
static long sha_rounds = 5000;
static int is_shadow; static int is_shadow;
@ -72,7 +78,19 @@ static int add_passwd (struct passwd *, const char *);
*/ */
static void usage (void) static void usage (void)
{ {
fprintf (stderr, _("Usage: %s [input]\n"), Prog); fprintf (stderr, _("Usage: %s [options] [input]\n"
"\n"
" -c, --crypt-method the crypt method (one of %s)\n"
"%s"
"\n"),
Prog,
#ifndef ENCRYPTMETHOD_SELECT
"NONE DES MD5", ""
#else
"NONE DES MD5 SHA256 SHA512",
_(" -s, --sha-rounds number of SHA rounds for the SHA* crypt algorithms\n")
#endif
);
exit (1); exit (1);
} }
@ -216,7 +234,19 @@ static int add_user (const char *name, const char *uid, uid_t * nuid, gid_t gid)
static void update_passwd (struct passwd *pwd, const char *passwd) static void update_passwd (struct passwd *pwd, const char *passwd)
{ {
pwd->pw_passwd = pw_encrypt (passwd, crypt_make_salt (NULL, NULL)); void *arg = NULL;
if (crypt_method != NULL) {
if (sflg)
arg = &sha_rounds;
}
if (crypt_method != NULL && 0 == strcmp(crypt_method, "NONE")) {
pwd->pw_passwd = (char *)passwd;
} else {
pwd->pw_passwd = pw_encrypt (passwd,
crypt_make_salt (crypt_method,
arg));
}
} }
/* /*
@ -301,8 +331,77 @@ int main (int argc, char **argv)
bindtextdomain (PACKAGE, LOCALEDIR); bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE); textdomain (PACKAGE);
if (argc > 1 && argv[1][0] == '-') {
int option_index = 0;
int c;
static struct option long_options[] = {
{"crypt-method", required_argument, NULL, 'c'},
{"help", no_argument, NULL, 'h'},
{"sha-rounds", required_argument, NULL, 's'},
{NULL, 0, NULL, '\0'}
};
while ((c =
getopt_long (argc, argv, "c:hs:", long_options,
&option_index)) != -1) {
switch (c) {
case 'c':
cflg = 1;
crypt_method = optarg;
break;
case 'h':
usage ();
break;
case 's':
sflg = 1;
if (!getlong(optarg, &sha_rounds)) {
fprintf (stderr,
_("%s: invalid numeric argument '%s'\n"),
Prog, optarg);
usage ();
}
break;
case 0:
/* long option */
break;
default:
usage ();
break;
}
}
}
/* validate options */
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is ONLY allowed with the %s flag\n"),
Prog, "-s", "-c");
usage (); usage ();
}
if (cflg) {
if (0 != strcmp (crypt_method, "DES") &&
0 != strcmp (crypt_method, "MD5") &&
0 != strcmp (crypt_method, "NONE") &&
#ifdef ENCRYPTMETHOD_SELECT
0 != strcmp (crypt_method, "SHA256") &&
0 != strcmp (crypt_method, "SHA512")
#endif
) {
fprintf (stderr,
_("%s: unsupported crypt method: %s\n"),
Prog, crypt_method);
usage ();
}
}
if (argv[optind] != NULL) {
if (!freopen (argv[optind], "r", stdin)) {
snprintf (buf, sizeof buf, "%s: %s", Prog, argv[1]);
perror (buf);
exit (1);
}
}
#ifdef USE_PAM #ifdef USE_PAM
retval = PAM_SUCCESS; retval = PAM_SUCCESS;
@ -340,14 +439,6 @@ int main (int argc, char **argv)
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
if (argc == 2) {
if (!freopen (argv[1], "r", stdin)) {
snprintf (buf, sizeof buf, "%s: %s", Prog, argv[1]);
perror (buf);
exit (1);
}
}
/* /*
* Lock the password files and open them for update. This will bring * Lock the password files and open them for update. This will bring
* all of the entries into memory where they may be searched for an * all of the entries into memory where they may be searched for an