summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--installclass.py4
-rw-r--r--iw/auth_gui.py7
-rw-r--r--kickstart.py10
-rw-r--r--textw/userauth_text.py7
-rw-r--r--users.py72
5 files changed, 69 insertions, 31 deletions
diff --git a/installclass.py b/installclass.py
index 38c52cc5d..0e9822959 100644
--- a/installclass.py
+++ b/installclass.py
@@ -283,7 +283,7 @@ class BaseInstallClass:
def setRootPassword(self, id, pw, isCrypted = 0):
id.rootPassword.set(pw, isCrypted)
- def setAuthentication(self, id, useShadow, useMd5,
+ def setAuthentication(self, id, useShadow, salt,
useNIS = 0, nisDomain = "", nisBroadcast = 0,
nisServer = "",
useLdap = 0, useLdapauth = 0, ldapServer = "",
@@ -295,7 +295,7 @@ class BaseInstallClass:
enableCache = 0):
id.auth.useShadow = useShadow
- id.auth.useMD5 = useMd5
+ id.auth.salt = salt
id.auth.useNIS = useNIS
id.auth.nisDomain = nisDomain
diff --git a/iw/auth_gui.py b/iw/auth_gui.py
index 3287a35a6..6669322da 100644
--- a/iw/auth_gui.py
+++ b/iw/auth_gui.py
@@ -65,7 +65,10 @@ class AuthWindow (InstallWindow):
if not self.__dict__.has_key("md5"):
return None
- self.auth.useMD5 = self.md5.get_active ()
+ if self.md5.get_active ():
+ self.auth.salt = 'md5'
+ else:
+ self.auth.salt = None
self.auth.useShadow = self.shadow.get_active ()
self.auth.useNIS = self.nis.get_active ()
@@ -104,7 +107,7 @@ class AuthWindow (InstallWindow):
self.nisDomain = gtk.Entry ()
self.nisServer = gtk.Entry ()
- self.md5.set_active (self.auth.useMD5)
+ self.md5.set_active (self.auth.salt == 'md5')
self.shadow.set_active (self.auth.useShadow)
self.nis.set_active (self.auth.useNIS)
diff --git a/kickstart.py b/kickstart.py
index c4d5d6ae6..d88f46f5a 100644
--- a/kickstart.py
+++ b/kickstart.py
@@ -224,7 +224,7 @@ class KickstartBase(BaseInstallClass):
def doAuthconfig(self, id, args):
(args, extra) = isys.getopt(args, '',
[ 'useshadow', 'enableshadow',
- 'enablemd5',
+ 'enablemd5', 'passalgo=',
'enablenis', 'nisdomain=', 'nisserver=',
'enableldap', 'enableldapauth', 'ldapserver=', 'ldapbasedn=',
'enableldaptls',
@@ -235,7 +235,7 @@ class KickstartBase(BaseInstallClass):
useShadow = 0
- useMd5 = 0
+ salt = None
useNis = 0
nisServer = ""
@@ -270,7 +270,9 @@ class KickstartBase(BaseInstallClass):
elif (str == '--useshadow') or (str == '--enableshadow'):
useShadow = 1
elif (str == '--enablemd5'):
- useMd5 = 1
+ salt = 'md5'
+ elif (str == '--passalgo') and (arg in ('md5', 'sha256', 'sha512')):
+ salt = arg
elif (str == '--nisserver'):
nisServer = arg
elif (str == '--nisdomain'):
@@ -311,7 +313,7 @@ class KickstartBase(BaseInstallClass):
if useNis and not nisServer: nisBroadcast = 1
- self.setAuthentication(id, useShadow, useMd5,
+ self.setAuthentication(id, useShadow, salt,
useNis, nisDomain, nisBroadcast, nisServer,
useLdap, useLdapauth, ldapServer,
ldapBasedn, useLdaptls,
diff --git a/textw/userauth_text.py b/textw/userauth_text.py
index 5a7a2e776..2395c67f8 100644
--- a/textw/userauth_text.py
+++ b/textw/userauth_text.py
@@ -338,7 +338,7 @@ class AuthConfigWindow:
"authconfig", 1, 10)
self.shadow = Checkbox (_("Use Shadow Passwords"), auth.useShadow)
toplevel.add (self.shadow, 0, 0, (0, 0, 0, 0), anchorLeft = 1)
- self.md5 = Checkbox (_("Enable MD5 Passwords"), auth.useMD5)
+ self.md5 = Checkbox (_("Enable MD5 Passwords"), auth.salt == 'md5')
toplevel.add (self.md5, 0, 1, (0, 0, 0, 1), anchorLeft = 1)
# nis support
@@ -443,7 +443,10 @@ class AuthConfigWindow:
result = toplevel.runOnce ()
- auth.useMD5 = self.md5.value ()
+ if self.md5.value ():
+ self.auth.salt = 'md5'
+ else:
+ self.auth.salt = None
auth.useShadow = self.shadow.value ()
auth.useNIS = self.nis.selected ()
auth.nisDomain = self.nisDomain.value ()
diff --git a/users.py b/users.py
index 11ad49933..164117797 100644
--- a/users.py
+++ b/users.py
@@ -23,6 +23,29 @@ from flags import flags
from rhpl.log import log
+def fixLuserConf(instPath, saltname='md5'):
+ """Fix up libuser.conf for instPath."""
+ fn = "%s/etc/libuser.conf" % (instPath,)
+ if not os.access(fn, os.F_OK):
+ return
+
+ if not saltname:
+ saltname = "des"
+
+ fd = open(fn, "r")
+ buf = []
+ for l in fd.readlines():
+ line = l
+ if line.startswith("crypt_style = "):
+ line = "crypt_style = %s\n" % (saltname,)
+ buf.append(line)
+
+ fd.close()
+ os.rename(fn, fn + ".anaconda")
+ fd = open(fn, "w")
+ fd.writelines(buf)
+ fd.close()
+
class Accounts:
def __repr__(self):
return "<Type Accounts>"
@@ -39,7 +62,7 @@ class Accounts:
def writeKScommands(self, f, auth):
for (account, name, password) in self.users:
- crypted = cryptPassword(password, auth.useMD5)
+ crypted = cryptPassword(password, auth.salt)
f.write("/usr/sbin/useradd %s\n" % (account));
f.write("chfn -f '%s' %s\n" % (name, account))
@@ -61,7 +84,7 @@ class Accounts:
iutil.execWithRedirect(argv[0], argv, root = instPath,
stdout = None)
- setPassword(instPath, account, password, auth.useMD5)
+ setPassword(instPath, account, password, auth.salt)
def __init__(self):
self.users = []
@@ -99,35 +122,40 @@ class RootPassword(Password):
def write(self, instPath, auth):
pure = self.getPure()
if pure:
- setPassword(instPath, "root", pure, auth.useMD5)
+ setPassword(instPath, "root", pure, auth.salt)
else:
setPassword(instPath, "root", self.getCrypted (),
- auth.useMD5, alreadyCrypted = 1)
+ auth.salt, alreadyCrypted = 1)
def writeKS(self, f, auth):
pure = self.getPure()
if pure:
- f.write("rootpw --iscrypted %s\n" %(cryptPassword(pure, auth.useMD5)))
+ f.write("rootpw --iscrypted %s\n" %(cryptPassword(pure, auth.salt)))
else:
f.write("rootpw --iscrypted %s\n" %(self.getCrypted()))
-def cryptPassword(password, useMD5):
- if useMD5:
- salt = "$1$"
- saltLen = 8
- else:
- salt = ""
- saltLen = 2
+# These are explained in crypt/crypt-entry.c in glibc's code. The prefixes
+# we use for the different crypt salts:
+# $1$ MD5
+# $5$ SHA256
+# $6$ SHA512
+def cryptPassword(password, salt=None):
+ salts = {'md5': '$1$', 'sha256': '$5$', 'sha512': '$6$', None: ''}
+ saltstr = salts[salt]
+ saltlen = 2
+
+ if salt in ('md5', 'sha256', 'sha512'):
+ saltlen = 16
- for i in range(saltLen):
- salt = salt + whrandom.choice (string.letters +
- string.digits + './')
+ for i in range(saltlen):
+ saltstr = saltstr + whrandom.choice (string.letters +
+ string.digits + './')
- return crypt.crypt (password, salt)
+ return crypt.crypt (password, saltstr)
-def setPassword(instPath, account, password, useMD5, alreadyCrypted = 0):
+def setPassword(instPath, account, password, salt = None, alreadyCrypted = 0):
if not alreadyCrypted:
- password = cryptPassword(password, useMD5)
+ password = cryptPassword(password, salt)
devnull = os.open("/dev/null", os.O_RDWR)
@@ -139,7 +167,7 @@ def setPassword(instPath, account, password, useMD5, alreadyCrypted = 0):
class Authentication:
def __init__ (self):
self.useShadow = 1
- self.useMD5 = 1
+ self.salt = 'md5'
self.useNIS = 0
self.nisDomain = ""
@@ -182,8 +210,8 @@ class Authentication:
else:
args.append ("--disableshadow")
- if self.useMD5:
- args.append ("--enablemd5")
+ if self.salt:
+ args.append ("--passalgo=%s" % (self.salt,))
else:
args.append ("--disablemd5")
@@ -266,3 +294,5 @@ class Authentication:
except RuntimeError, msg:
log ("Error running %s: %s", args, msg)
+ fixLuserConf(instPath, saltname=self.salt)
+
generated by cgit (git 2.34.1) at 2025-05-25 16:11:38 +0000