sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

shadow-native: allow for setting password in clear text 

Allow user to set password in clear text. This is convenient when
we're building out an image.

This feature is mainly used by useradd.bbclass and extrausers.bbclass.

This patch adds a new option '-P' to useradd, usermod, groupadd and groupmod
commands provided by shadow-native. The shadow package on target and in SDK
will not be affected.

[YOCTO #5365]

(From OE-Core rev: 31dee7946340bf0f1e94e4e714191d3d6ca3bf6a)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Chen Qi 2013-11-16 15:27:47 +08:00 committed by Richard Purdie
parent 1034518fa7
commit 7b58b5feaa
2 changed files with 209 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch Normal file
View File

@ -0,0 +1,208 @@
Upstream-Status: Inappropriate [OE specific]
Allow for setting password in clear text.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
src/Makefile.am | 8 ++++----
src/groupadd.c | 8 +++++++-
src/groupmod.c | 9 ++++++++-
src/useradd.c | 9 +++++++--
src/usermod.c | 10 ++++++++--
5 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 6a3b4c5..1ffdbc6 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -76,10 +76,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
@@ -99,9 +99,9 @@ su_SOURCES = \
suauth.c
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
vipw_LDADD = $(LDADD) $(LIBSELINUX)
install-am: all-am
diff --git a/src/groupadd.c b/src/groupadd.c
index 66b38de..3157486 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -124,6 +124,7 @@ static void usage (void)
(void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
" (non-unique) GID\n"), stderr);
(void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), stderr);
+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear text password for the new group\n"), stderr);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
(void) fputs (_(" -r, --system create a system account\n"), stderr);
(void) fputs ("\n", stderr);
@@ -388,13 +389,14 @@ static void process_flags (int argc, char **argv)
{"key", required_argument, NULL, 'K'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
{"system", no_argument, NULL, 'r'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "fg:hK:op:R:r", long_options,
+ getopt_long (argc, argv, "fg:hK:op:P:R:r", long_options,
&option_index)) != -1) {
switch (c) {
case 'f':
@@ -446,6 +448,10 @@ static void process_flags (int argc, char **argv)
pflg = true;
group_passwd = optarg;
break;
+ case 'P':
+ pflg = true;
+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ break;
case 'R':
if ('/' != optarg[0]) {
fprintf (stderr,
diff --git a/src/groupmod.c b/src/groupmod.c
index 27eb159..17acbc3 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -127,6 +127,8 @@ static void usage (void)
(void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), stderr);
(void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
" PASSWORD\n"), stderr);
+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this (clear text)\n"
+ " PASSWORD\n"), stderr);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
(void) fputs ("\n", stderr);
exit (E_USAGE);
@@ -348,11 +350,12 @@ static void process_flags (int argc, char **argv)
{"new-name", required_argument, NULL, 'n'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "g:hn:op:R:",
+ getopt_long (argc, argv, "g:hn:op:P:R:",
long_options, &option_index)) != -1) {
switch (c) {
case 'g':
@@ -376,6 +379,10 @@ static void process_flags (int argc, char **argv)
group_passwd = optarg;
pflg = true;
break;
+ case 'P':
+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ pflg = true;
+ break;
case 'R':
if ('/' != optarg[0]) {
fprintf (stderr,
diff --git a/src/useradd.c b/src/useradd.c
index 2102630..390909c 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -716,6 +716,7 @@ static void usage (void)
(void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
" (non-unique) UID\n"), stderr);
(void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr);
+ (void) fputs (_(" -P, --clear-password PASSWORD clear text password of the new account\n"), stderr);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
(void) fputs (_(" -r, --system create a system account\n"), stderr);
(void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr);
@@ -1035,6 +1036,7 @@ static void process_flags (int argc, char **argv)
{"no-user-group", no_argument, NULL, 'N'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
{"system", no_argument, NULL, 'r'},
{"shell", required_argument, NULL, 's'},
@@ -1047,9 +1049,9 @@ static void process_flags (int argc, char **argv)
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:",
+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:UZ:",
#else
- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U",
+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:U",
#endif
long_options, NULL)) != -1) {
switch (c) {
@@ -1214,6 +1216,9 @@ static void process_flags (int argc, char **argv)
}
user_pass = optarg;
break;
+ case 'P': /* set clear text password */
+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ break;
case 'R':
/* no-op since we handled this in process_root_flag() earlier */
break;
diff --git a/src/usermod.c b/src/usermod.c
index 8363597..f4c1cee 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -325,6 +325,7 @@ static void usage (void)
" new location (use only with -d)\n"
" -o, --non-unique allow using duplicate (non-unique) UID\n"
" -p, --password PASSWORD use encrypted password for the new password\n"
+ " -P, --clear-password PASSWORD use clear text password for the new password\n"
" -R --root CHROOT_DIR directory to chroot into\n"
" -s, --shell SHELL new login shell for the user account\n"
" -u, --uid UID new UID for the user account\n"
@@ -950,6 +951,7 @@ static void process_flags (int argc, char **argv)
{"move-home", no_argument, NULL, 'm'},
{"non-unique", no_argument, NULL, 'o'},
{"password", required_argument, NULL, 'p'},
+ {"clear-password", required_argument, NULL, 'P'},
{"root", required_argument, NULL, 'R'},
#ifdef WITH_SELINUX
{"selinux-user", required_argument, NULL, 'Z'},
@@ -961,9 +963,9 @@ static void process_flags (int argc, char **argv)
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UZ:",
#else
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U",
#endif
long_options, NULL)) != -1) {
switch (c) {
@@ -1055,6 +1057,10 @@ static void process_flags (int argc, char **argv)
user_pass = optarg;
pflg = true;
break;
+ case 'P':
+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
+ pflg = true;
+ break;
case 'R':
/* no-op since we handled this in process_root_flag() earlier */
break;
--
1.7.9.5

1
meta/recipes-extended/shadow/shadow.inc
View File

@ -32,6 +32,7 @@ SRC_URI_append_class-native = " \
file://disable-syslog.patch \
file://useradd.patch \
file://add_root_cmd_groupmems.patch \
file://allow-for-setting-password-in-clear-text.patch \
"
SRC_URI_append_class-nativesdk = " \
file://add_root_cmd_options.patch \