summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-01-12 14:22:34 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-01-12 14:22:34 +0000
commit5f8cecd4f40f9e41420af148df54dcea08ae7a12 (patch)
tree5b04db353a616c931f883dc927dbb83a54664399
parentdb90ab2a256b0dad50a915e45d7086083a939273 (diff)
downloadaports-5f8cecd4f40f9e41420af148df54dcea08ae7a12.tar.bz2
aports-5f8cecd4f40f9e41420af148df54dcea08ae7a12.tar.xz
Revert "main/acf-core: backport password salt support and acfpasswd tool"
-rw-r--r--main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch99
-rw-r--r--main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch89
-rw-r--r--main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch37
-rw-r--r--main/acf-core/APKBUILD27
4 files changed, 4 insertions, 248 deletions
diff --git a/main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch b/main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch
deleted file mode 100644
index 405ff0c66..000000000
--- a/main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From a55d954939799cd35efffa896cebaa17d7393e7f Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Thu, 12 Jan 2012 11:21:20 +0100
-Subject: [PATCH] acfpasswd: new tool to set passwords from comman line
-
-This tool allows users to set/reset an ACF password from command line.
-
-It also allows user to syncronize the ACF password with the system
-password so the ACF password becomes same as shell login password. This
-requires that the username exists in both /etc/acf/passwd and /etc/shadow
-
-diff --git a/bin/acfpasswd b/bin/acfpasswd
-new file mode 100644
-index 0000000..e25b966
---- /dev/null
-+++ b/bin/acfpasswd
-@@ -0,0 +1,79 @@
-+#!/bin/sh
-+
-+# tool for managing the ACF passwords
-+
-+passwdfile=${ACFPASSWD:-/etc/acf/passwd}
-+shadow=${SHADOW:-/etc/shadow}
-+
-+usage() {
-+ echo "usage: acfpasswd [-s] USER"
-+ echo ""
-+ exit 1
-+}
-+
-+die() {
-+ echo "$@" >&2
-+ exit 1
-+}
-+
-+find_user_or_die() {
-+ local user="$1"
-+ grep -q "^${user}:" "$passwdfile" \
-+ || die "user '$user' was not found in $passwdfile"
-+}
-+
-+set_pw_hash() {
-+ local user="$1"
-+ local pwhash="$2"
-+ # use : as sed separator since its guaranteed to no be valid in shadow
-+ sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile"
-+}
-+
-+syncpasswd() {
-+ local user="$1"
-+ local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \
-+ $shadow) || exit
-+ find_user_or_die "$user"
-+ [ -z "$pwhash" ] && die "user '$user' was not found in $shadow"
-+ set_pw_hash "$user" "$pwhash"
-+ exit
-+}
-+
-+sync_with_system=
-+while getopts "hs" opt; do
-+ case "$opt" in
-+ h) usage;;
-+ s) sync_with_system=yes;;
-+ esac
-+done
-+
-+shift $(($OPTIND - 1))
-+
-+user="$1"
-+[ -z "$user" ] && usage
-+
-+[ -n "$sync_with_system" ] && syncpasswd "$user"
-+
-+# set password for given user
-+find_user_or_die "$user"
-+tries=0
-+while true; do
-+ echo -n "Enter new ACF password for $user (will not echo): "
-+ hash=$(mkpasswd -m sha | tail -n1)
-+ salt=$(echo "$hash" | cut -d$ -f3)
-+ echo ""
-+ echo -n "Re-enter the ACF password (will not echo): "
-+ hash2=$(mkpasswd -S "$salt" -m sha | tail -n1)
-+ echo ""
-+ [ "$hash" = "$hash2" ] && break
-+ echo -n "The entered passwords does not match. "
-+ tries=$(( $tries + 1))
-+ if [ $tries -gt 3 ]; then
-+ die "ACF password was NOT changed"
-+ else
-+ echo "Please try again."
-+ fi
-+done
-+
-+set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed."
-+
---
-1.7.8.2
-
diff --git a/main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch b/main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch
deleted file mode 100644
index 5c38cc38a..000000000
--- a/main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From eb4221096cc581a41f64d7d6b99e8d5be0d470b0 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Thu, 27 Oct 2011 18:52:11 +0200
-Subject: [PATCH 1/2] authenticator: use salt and sha-512 encryption
-
----
- lib/authenticator.lua | 45 +++++++++++++++++++++++++++++++++++++++++++--
- 1 files changed, 43 insertions(+), 2 deletions(-)
-
-diff --git a/lib/authenticator.lua b/lib/authenticator.lua
-index 724b854..f3af4e3 100644
---- a/lib/authenticator.lua
-+++ b/lib/authenticator.lua
-@@ -6,6 +6,8 @@ module (..., package.seeall)
- require("modelfunctions")
- require("format")
- require("md5")
-+require("posix")
-+require("session")
-
- -- This is the sub-authenticator
- -- In the future, this will be set based upon configuration
-@@ -61,6 +63,45 @@ local get_id = function(self, userid)
- return authstruct[userid]
- end
-
-+-- verify a plaintextword against a hash
-+-- returns:
-+-- true if password matches or
-+-- false if password does not match
-+local verify_password = function(plaintext, pwhash)
-+ --[[
-+ from man crypt(3):
-+
-+ If salt is a character string starting with the characters "$id$" fol-
-+ lowed by a string terminated by "$":
-+
-+ $id$salt$encrypted
-+
-+ then instead of using the DES machine, id identifies the encryption
-+ method used and this then determines how the rest of the password
-+ string is interpreted. The following values of id are supported:
-+
-+ ID | Method
-+ ---------------------------------------------------------
-+ 1 | MD5
-+ 2a | Blowfish (not in mainline glibc; added in some
-+ | Linux distributions)
-+ 5 | SHA-256 (since glibc 2.7)
-+ 6 | SHA-512 (since glibc 2.7)
-+ ]]--
-+ local algo_salt, hash = string.match(pwhash, "^(%$%d%$[a-zA-Z0-9./]+%$)(.*)")
-+ if algo_salt ~= nil and hash ~= nil then
-+ return (pwhash == posix.crypt(plaintext, algo_salt))
-+ end
-+ -- fall back to old style md5 checksum
-+ return (pwhash == md5.sumhexa(plaintext))
-+end
-+
-+-- generate a salt string
-+local mksalt = function()
-+ -- use sha-512 algorithm (no 6)
-+ return "$6$"..session.random_hash(96).."$"
-+end
-+
- --- public methods
-
- -- This function returns true or false, and
-@@ -75,7 +116,7 @@ authenticate = function(self, userid, password)
-
- if not id then
- errtxt = "Userid not found"
-- elseif id.password ~= md5.sumhexa(password) then
-+ elseif not verify_password(password, id.password) then
- errtxt = "Invalid password"
- end
- end
-@@ -110,7 +151,7 @@ write_userinfo = function(self, userinfo)
- -- Username, password, roles, skin, home are allowed to not exist, just leave the same
- id.userid = userinfo.userid
- if userinfo.username then id.username = userinfo.username end
-- if userinfo.password then id.password = md5.sumhexa(userinfo.password) end
-+ if userinfo.password then id.password = posix.crypt(userinfo.password, mksalt()) end
- if userinfo.roles then id.roles = table.concat(userinfo.roles, ",") end
- if userinfo.skin then id.skin = userinfo.skin end
- if userinfo.home then id.home = userinfo.home end
---
-1.7.8.2
-
diff --git a/main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch b/main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch
deleted file mode 100644
index a228e97c5..000000000
--- a/main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From f41fd7182d71427d7a0adf54e55df3a3c97a667e Mon Sep 17 00:00:00 2001
-From: Ted Trask <ttrask01@yahoo.com>
-Date: Thu, 27 Oct 2011 18:51:08 +0000
-Subject: [PATCH 2/2] Fixed mksalt to use correct characters
-
----
- lib/authenticator.lua | 13 ++++++++++---
- 1 files changed, 10 insertions(+), 3 deletions(-)
-
-diff --git a/lib/authenticator.lua b/lib/authenticator.lua
-index f3af4e3..43814c1 100644
---- a/lib/authenticator.lua
-+++ b/lib/authenticator.lua
-@@ -96,10 +96,17 @@ local verify_password = function(plaintext, pwhash)
- return (pwhash == md5.sumhexa(plaintext))
- end
-
---- generate a salt string
-+local b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./"
-+
- local mksalt = function()
-- -- use sha-512 algorithm (no 6)
-- return "$6$"..session.random_hash(96).."$"
-+ local file = io.open("/dev/urandom")
-+ local str = ""
-+ if file == nil then return nil end
-+ for i = 1,16 do
-+ local offset = (string.byte(file:read(1)) % 64) + 1
-+ str = str .. string.sub (b64, offset, offset)
-+ end
-+ return "$6$"..str.."$"
- end
-
- --- public methods
---
-1.7.8.2
-
diff --git a/main/acf-core/APKBUILD b/main/acf-core/APKBUILD
index becedf5d4..e9d11fc00 100644
--- a/main/acf-core/APKBUILD
+++ b/main/acf-core/APKBUILD
@@ -2,36 +2,17 @@
# Maintainer: Ted Trask <ttrask01@yahoo.com>
pkgname=acf-core
pkgver=0.13.5
-pkgrel=1
+pkgrel=0
pkgdesc="A web-based system administration interface framework"
url="http://git.alpinelinux.org/cgit/acf-core"
arch="noarch"
license="GPL-2"
install="$pkgname.post-upgrade"
depends="acf-jquery acf-lib acf-skins haserl lua lua-posix lua-md5"
-source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
- 0001-authenticator-use-salt-and-sha-512-encryption.patch
- 0002-Fixed-mksalt-to-use-correct-characters.patch
- 0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch
-"
-
-prepare() {
- cd "$srcdir/$pkgname-$pkgver"
- for i in $source; do
- case $i in
- *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
- esac
- done
-}
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
package() {
cd "$srcdir/$pkgname-$pkgver"
- make DESTDIR="$pkgdir" install || return 1
- # remove those lines when 'make install' installs bin/acfpasswd
- [ -f "$pkgdir"/bin/acfpasswd ] && return 1
- install -Dm755 bin/acfpasswd "$pkgdir"/bin/acfpasswd
+ make DESTDIR="$pkgdir" install
}
-md5sums="2122ea39dbb6d35bc59c4eb821b4baae acf-core-0.13.5.tar.bz2
-09cd615dfb441cb9e34459daa214e3bb 0001-authenticator-use-salt-and-sha-512-encryption.patch
-ea61fe424c6e85e867a947f99c01ed04 0002-Fixed-mksalt-to-use-correct-characters.patch
-186de27cd4bf66454ede177ae723c321 0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch"
+md5sums="2122ea39dbb6d35bc59c4eb821b4baae acf-core-0.13.5.tar.bz2"