diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-12 14:22:34 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-01-12 14:22:34 +0000 |
commit | 5f8cecd4f40f9e41420af148df54dcea08ae7a12 (patch) | |
tree | 5b04db353a616c931f883dc927dbb83a54664399 /main/acf-core | |
parent | db90ab2a256b0dad50a915e45d7086083a939273 (diff) | |
download | aports-5f8cecd4f40f9e41420af148df54dcea08ae7a12.tar.bz2 aports-5f8cecd4f40f9e41420af148df54dcea08ae7a12.tar.xz |
Revert "main/acf-core: backport password salt support and acfpasswd tool"
This reverts commit 6eb3bf641d021f5803123aa56c576f9006a0733d.
Diffstat (limited to 'main/acf-core')
4 files changed, 4 insertions, 248 deletions
diff --git a/main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch b/main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch deleted file mode 100644 index 405ff0c66..000000000 --- a/main/acf-core/0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch +++ /dev/null @@ -1,99 +0,0 @@ -From a55d954939799cd35efffa896cebaa17d7393e7f Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 12 Jan 2012 11:21:20 +0100 -Subject: [PATCH] acfpasswd: new tool to set passwords from comman line - -This tool allows users to set/reset an ACF password from command line. - -It also allows user to syncronize the ACF password with the system -password so the ACF password becomes same as shell login password. This -requires that the username exists in both /etc/acf/passwd and /etc/shadow - -diff --git a/bin/acfpasswd b/bin/acfpasswd -new file mode 100644 -index 0000000..e25b966 ---- /dev/null -+++ b/bin/acfpasswd -@@ -0,0 +1,79 @@ -+#!/bin/sh -+ -+# tool for managing the ACF passwords -+ -+passwdfile=${ACFPASSWD:-/etc/acf/passwd} -+shadow=${SHADOW:-/etc/shadow} -+ -+usage() { -+ echo "usage: acfpasswd [-s] USER" -+ echo "" -+ exit 1 -+} -+ -+die() { -+ echo "$@" >&2 -+ exit 1 -+} -+ -+find_user_or_die() { -+ local user="$1" -+ grep -q "^${user}:" "$passwdfile" \ -+ || die "user '$user' was not found in $passwdfile" -+} -+ -+set_pw_hash() { -+ local user="$1" -+ local pwhash="$2" -+ # use : as sed separator since its guaranteed to no be valid in shadow -+ sed -i -e "s:^${user}\:[^\:]*\::${user}\:${pwhash}\::" "$passwdfile" -+} -+ -+syncpasswd() { -+ local user="$1" -+ local pwhash=$(awk -F: -v user="$user" '$1 == user { print $2 }' \ -+ $shadow) || exit -+ find_user_or_die "$user" -+ [ -z "$pwhash" ] && die "user '$user' was not found in $shadow" -+ set_pw_hash "$user" "$pwhash" -+ exit -+} -+ -+sync_with_system= -+while getopts "hs" opt; do -+ case "$opt" in -+ h) usage;; -+ s) sync_with_system=yes;; -+ esac -+done -+ -+shift $(($OPTIND - 1)) -+ -+user="$1" -+[ -z "$user" ] && usage -+ -+[ -n "$sync_with_system" ] && syncpasswd "$user" -+ -+# set password for given user -+find_user_or_die "$user" -+tries=0 -+while true; do -+ echo -n "Enter new ACF password for $user (will not echo): " -+ hash=$(mkpasswd -m sha | tail -n1) -+ salt=$(echo "$hash" | cut -d$ -f3) -+ echo "" -+ echo -n "Re-enter the ACF password (will not echo): " -+ hash2=$(mkpasswd -S "$salt" -m sha | tail -n1) -+ echo "" -+ [ "$hash" = "$hash2" ] && break -+ echo -n "The entered passwords does not match. " -+ tries=$(( $tries + 1)) -+ if [ $tries -gt 3 ]; then -+ die "ACF password was NOT changed" -+ else -+ echo "Please try again." -+ fi -+done -+ -+set_pw_hash "$user" "$hash" && echo "ACF password for $user was changed." -+ --- -1.7.8.2 - diff --git a/main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch b/main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch deleted file mode 100644 index 5c38cc38a..000000000 --- a/main/acf-core/0001-authenticator-use-salt-and-sha-512-encryption.patch +++ /dev/null @@ -1,89 +0,0 @@ -From eb4221096cc581a41f64d7d6b99e8d5be0d470b0 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 27 Oct 2011 18:52:11 +0200 -Subject: [PATCH 1/2] authenticator: use salt and sha-512 encryption - ---- - lib/authenticator.lua | 45 +++++++++++++++++++++++++++++++++++++++++++-- - 1 files changed, 43 insertions(+), 2 deletions(-) - -diff --git a/lib/authenticator.lua b/lib/authenticator.lua -index 724b854..f3af4e3 100644 ---- a/lib/authenticator.lua -+++ b/lib/authenticator.lua -@@ -6,6 +6,8 @@ module (..., package.seeall) - require("modelfunctions") - require("format") - require("md5") -+require("posix") -+require("session") - - -- This is the sub-authenticator - -- In the future, this will be set based upon configuration -@@ -61,6 +63,45 @@ local get_id = function(self, userid) - return authstruct[userid] - end - -+-- verify a plaintextword against a hash -+-- returns: -+-- true if password matches or -+-- false if password does not match -+local verify_password = function(plaintext, pwhash) -+ --[[ -+ from man crypt(3): -+ -+ If salt is a character string starting with the characters "$id$" fol- -+ lowed by a string terminated by "$": -+ -+ $id$salt$encrypted -+ -+ then instead of using the DES machine, id identifies the encryption -+ method used and this then determines how the rest of the password -+ string is interpreted. The following values of id are supported: -+ -+ ID | Method -+ --------------------------------------------------------- -+ 1 | MD5 -+ 2a | Blowfish (not in mainline glibc; added in some -+ | Linux distributions) -+ 5 | SHA-256 (since glibc 2.7) -+ 6 | SHA-512 (since glibc 2.7) -+ ]]-- -+ local algo_salt, hash = string.match(pwhash, "^(%$%d%$[a-zA-Z0-9./]+%$)(.*)") -+ if algo_salt ~= nil and hash ~= nil then -+ return (pwhash == posix.crypt(plaintext, algo_salt)) -+ end -+ -- fall back to old style md5 checksum -+ return (pwhash == md5.sumhexa(plaintext)) -+end -+ -+-- generate a salt string -+local mksalt = function() -+ -- use sha-512 algorithm (no 6) -+ return "$6$"..session.random_hash(96).."$" -+end -+ - --- public methods - - -- This function returns true or false, and -@@ -75,7 +116,7 @@ authenticate = function(self, userid, password) - - if not id then - errtxt = "Userid not found" -- elseif id.password ~= md5.sumhexa(password) then -+ elseif not verify_password(password, id.password) then - errtxt = "Invalid password" - end - end -@@ -110,7 +151,7 @@ write_userinfo = function(self, userinfo) - -- Username, password, roles, skin, home are allowed to not exist, just leave the same - id.userid = userinfo.userid - if userinfo.username then id.username = userinfo.username end -- if userinfo.password then id.password = md5.sumhexa(userinfo.password) end -+ if userinfo.password then id.password = posix.crypt(userinfo.password, mksalt()) end - if userinfo.roles then id.roles = table.concat(userinfo.roles, ",") end - if userinfo.skin then id.skin = userinfo.skin end - if userinfo.home then id.home = userinfo.home end --- -1.7.8.2 - diff --git a/main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch b/main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch deleted file mode 100644 index a228e97c5..000000000 --- a/main/acf-core/0002-Fixed-mksalt-to-use-correct-characters.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f41fd7182d71427d7a0adf54e55df3a3c97a667e Mon Sep 17 00:00:00 2001 -From: Ted Trask <ttrask01@yahoo.com> -Date: Thu, 27 Oct 2011 18:51:08 +0000 -Subject: [PATCH 2/2] Fixed mksalt to use correct characters - ---- - lib/authenticator.lua | 13 ++++++++++--- - 1 files changed, 10 insertions(+), 3 deletions(-) - -diff --git a/lib/authenticator.lua b/lib/authenticator.lua -index f3af4e3..43814c1 100644 ---- a/lib/authenticator.lua -+++ b/lib/authenticator.lua -@@ -96,10 +96,17 @@ local verify_password = function(plaintext, pwhash) - return (pwhash == md5.sumhexa(plaintext)) - end - ---- generate a salt string -+local b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./" -+ - local mksalt = function() -- -- use sha-512 algorithm (no 6) -- return "$6$"..session.random_hash(96).."$" -+ local file = io.open("/dev/urandom") -+ local str = "" -+ if file == nil then return nil end -+ for i = 1,16 do -+ local offset = (string.byte(file:read(1)) % 64) + 1 -+ str = str .. string.sub (b64, offset, offset) -+ end -+ return "$6$"..str.."$" - end - - --- public methods --- -1.7.8.2 - diff --git a/main/acf-core/APKBUILD b/main/acf-core/APKBUILD index becedf5d4..e9d11fc00 100644 --- a/main/acf-core/APKBUILD +++ b/main/acf-core/APKBUILD @@ -2,36 +2,17 @@ # Maintainer: Ted Trask <ttrask01@yahoo.com> pkgname=acf-core pkgver=0.13.5 -pkgrel=1 +pkgrel=0 pkgdesc="A web-based system administration interface framework" url="http://git.alpinelinux.org/cgit/acf-core" arch="noarch" license="GPL-2" install="$pkgname.post-upgrade" depends="acf-jquery acf-lib acf-skins haserl lua lua-posix lua-md5" -source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2 - 0001-authenticator-use-salt-and-sha-512-encryption.patch - 0002-Fixed-mksalt-to-use-correct-characters.patch - 0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch -" - -prepare() { - cd "$srcdir/$pkgname-$pkgver" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done -} +source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2" package() { cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" install || return 1 - # remove those lines when 'make install' installs bin/acfpasswd - [ -f "$pkgdir"/bin/acfpasswd ] && return 1 - install -Dm755 bin/acfpasswd "$pkgdir"/bin/acfpasswd + make DESTDIR="$pkgdir" install } -md5sums="2122ea39dbb6d35bc59c4eb821b4baae acf-core-0.13.5.tar.bz2 -09cd615dfb441cb9e34459daa214e3bb 0001-authenticator-use-salt-and-sha-512-encryption.patch -ea61fe424c6e85e867a947f99c01ed04 0002-Fixed-mksalt-to-use-correct-characters.patch -186de27cd4bf66454ede177ae723c321 0001-acfpasswd-new-tool-to-set-passwords-from-comman-line.patch" +md5sums="2122ea39dbb6d35bc59c4eb821b4baae acf-core-0.13.5.tar.bz2" |