235 lines
10 KiB
Diff
235 lines
10 KiB
Diff
From b311b645f9447f7e765b0e418d3f37c32e2702e1 Mon Sep 17 00:00:00 2001
|
||
From: liuxin <liuxin264@huawei.com>
|
||
Date: Mon, 7 Nov 2022 19:07:50 +0800
|
||
Subject: [PATCH] support use sm3 crypt user password
|
||
|
||
---
|
||
po/zh_CN.po | 5 ++++
|
||
pyanaconda/core/users.py | 5 +++-
|
||
pyanaconda/ui/gui/spokes/root_password.glade | 15 ++++++++++++
|
||
pyanaconda/ui/gui/spokes/root_password.py | 16 ++++++++++++-
|
||
pyanaconda/ui/gui/spokes/user.glade | 16 ++++++++++++-
|
||
pyanaconda/ui/gui/spokes/user.py | 14 ++++++++++-
|
||
.../pyanaconda_tests/test_crypt_password.py | 23 +++++++++++++++++++
|
||
7 files changed, 90 insertions(+), 4 deletions(-)
|
||
create mode 100644 tests/unit_tests/pyanaconda_tests/test_crypt_password.py
|
||
|
||
diff --git a/po/zh_CN.po b/po/zh_CN.po
|
||
index e31f0b2..8f48aad 100644
|
||
--- a/po/zh_CN.po
|
||
+++ b/po/zh_CN.po
|
||
@@ -7640,3 +7640,8 @@ msgstr "开始安装到硬盘"
|
||
#~ msgstr[0] ""
|
||
#~ "<b>%(count)d 个磁盘;容量 %(size)s;空闲空间 %(free)s</b> (包括未分区及文"
|
||
#~ "件系统内的部分)"
|
||
+
|
||
+#: pyanaconda/ui/gui/spokes/root_password.glade:215
|
||
+#: pyanaconda/ui/gui/spokes/user.glade:278
|
||
+msgid "Use SM3 to encrypt the password"
|
||
+msgstr "使用SM3算法加密密码"
|
||
diff --git a/pyanaconda/core/users.py b/pyanaconda/core/users.py
|
||
index c2d14e2..649fad6 100644
|
||
--- a/pyanaconda/core/users.py
|
||
+++ b/pyanaconda/core/users.py
|
||
@@ -38,7 +38,7 @@ from pyanaconda.anaconda_loggers import get_module_logger
|
||
log = get_module_logger(__name__)
|
||
|
||
|
||
-def crypt_password(password):
|
||
+def crypt_password(password, algo=None):
|
||
"""Crypt a password.
|
||
|
||
Process a password with appropriate salted one-way algorithm.
|
||
@@ -51,6 +51,9 @@ def crypt_password(password):
|
||
# so we need to generate the setting ourselves
|
||
b64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||
setting = "$y$j9T$" + "".join(sr().choice(b64) for _sc in range(24))
|
||
+
|
||
+ if algo == "sm3":
|
||
+ setting = crypt.METHOD_SM3
|
||
|
||
# and try to compute the password hash using our yescrypt setting
|
||
try:
|
||
diff --git a/pyanaconda/ui/gui/spokes/root_password.glade b/pyanaconda/ui/gui/spokes/root_password.glade
|
||
index f710439..53bc90c 100644
|
||
--- a/pyanaconda/ui/gui/spokes/root_password.glade
|
||
+++ b/pyanaconda/ui/gui/spokes/root_password.glade
|
||
@@ -328,6 +328,21 @@ The root user (also known as super user) has complete access to the entire syste
|
||
<property name="position">1</property>
|
||
</packing>
|
||
</child>
|
||
+ <child>
|
||
+ <object class="GtkCheckButton" id="passwd_sm3">
|
||
+ <property name="label" translatable="yes">Use SM3 to encrypt the password</property>
|
||
+ <property name="can_focus">True</property>
|
||
+ <property name="receives_default">False</property>
|
||
+ <property name="halign">start</property>
|
||
+ <property name="draw_indicator">True</property>
|
||
+ <signal name="clicked" handler="on_sm3_clicked" swapped="no"/>
|
||
+ </object>
|
||
+ <packing>
|
||
+ <property name="expand">False</property>
|
||
+ <property name="fill">True</property>
|
||
+ <property name="position">3</property>
|
||
+ </packing>
|
||
+ </child>
|
||
</object>
|
||
</child>
|
||
</object>
|
||
diff --git a/pyanaconda/ui/gui/spokes/root_password.py b/pyanaconda/ui/gui/spokes/root_password.py
|
||
index f2e389d..062f59d 100644
|
||
--- a/pyanaconda/ui/gui/spokes/root_password.py
|
||
+++ b/pyanaconda/ui/gui/spokes/root_password.py
|
||
@@ -68,6 +68,8 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
|
||
NormalSpoke.__init__(self, *args)
|
||
GUISpokeInputCheckHandler.__init__(self)
|
||
self._users_module = USERS.get_proxy()
|
||
+ # sm3 password method
|
||
+ self._passwd_method_sm3 = False
|
||
|
||
def initialize(self):
|
||
NormalSpoke.initialize(self)
|
||
@@ -83,6 +85,9 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
|
||
self._root_password_ssh_login_override.set_no_show_all(True)
|
||
self._revealer = self.builder.get_object("password_revealer")
|
||
|
||
+ # sm3 object
|
||
+ self._passwd_method_button = self.builder.get_object("passwd_sm3")
|
||
+
|
||
# Install the password checks:
|
||
# - Has a password been specified?
|
||
# - If a password has been specified and there is data in the confirm box, do they match?
|
||
@@ -179,9 +184,15 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
|
||
return not self._users_module.CheckAdminUserExists()
|
||
|
||
def apply(self):
|
||
+
|
||
+ if self._passwd_method_sm3 is True:
|
||
+ algo = "sm3"
|
||
+ else:
|
||
+ algo = None
|
||
+
|
||
if self.root_enabled and self.password:
|
||
# Set the root password.
|
||
- self._users_module.SetCryptedRootPassword(crypt_password(self.password))
|
||
+ self._users_module.SetCryptedRootPassword(crypt_password(self.password, algo))
|
||
|
||
# Unlock the root account.
|
||
self._users_module.SetRootAccountLocked(False)
|
||
@@ -330,3 +341,6 @@ class PasswordSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler)
|
||
self._revealer.set_reveal_child(unlocked)
|
||
if unlocked:
|
||
self.password_entry.grab_focus()
|
||
+
|
||
+ def on_sm3_clicked(self, button):
|
||
+ self._passwd_method_sm3 = self._passwd_method_button.get_active()
|
||
diff --git a/pyanaconda/ui/gui/spokes/user.glade b/pyanaconda/ui/gui/spokes/user.glade
|
||
index 4783a9f..2e844fa 100644
|
||
--- a/pyanaconda/ui/gui/spokes/user.glade
|
||
+++ b/pyanaconda/ui/gui/spokes/user.glade
|
||
@@ -277,6 +277,20 @@
|
||
<property name="top-attach">3</property>
|
||
</packing>
|
||
</child>
|
||
+ <child>
|
||
+ <object class="GtkCheckButton" id="passwd_sm3">
|
||
+ <property name="label" translatable="yes">Use SM3 to encrypt the password</property>
|
||
+ <property name="can_focus">True</property>
|
||
+ <property name="receives_default">False</property>
|
||
+ <property name="halign">start</property>
|
||
+ <property name="draw_indicator">True</property>
|
||
+ <signal name="clicked" handler="on_sm3_clicked" swapped="no"/>
|
||
+ </object>
|
||
+ <packing>
|
||
+ <property name="left_attach">1</property>
|
||
+ <property name="top_attach">8</property>
|
||
+ </packing>
|
||
+ </child>
|
||
<child>
|
||
<!-- n-columns=3 n-rows=3 -->
|
||
<object class="GtkGrid" id="grid2">
|
||
@@ -324,7 +338,7 @@
|
||
</object>
|
||
<packing>
|
||
<property name="left-attach">1</property>
|
||
- <property name="top-attach">8</property>
|
||
+ <property name="top-attach">9</property>
|
||
</packing>
|
||
</child>
|
||
<child>
|
||
diff --git a/pyanaconda/ui/gui/spokes/user.py b/pyanaconda/ui/gui/spokes/user.py
|
||
index 5b16443..cb62873 100644
|
||
--- a/pyanaconda/ui/gui/spokes/user.py
|
||
+++ b/pyanaconda/ui/gui/spokes/user.py
|
||
@@ -261,6 +261,8 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
|
||
|
||
self._users_module = USERS.get_proxy()
|
||
self._password_is_required = True
|
||
+ # sm3 password method
|
||
+ self._passwd_method_sm3 = False
|
||
|
||
def initialize(self):
|
||
NormalSpoke.initialize(self)
|
||
@@ -294,6 +296,9 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
|
||
self._password_bar = self.builder.get_object("password_bar")
|
||
self._password_label = self.builder.get_object("password_label")
|
||
|
||
+ # sm3 object
|
||
+ self._passwd_method_button = self.builder.get_object("passwd_sm3")
|
||
+
|
||
# Install the password checks:
|
||
# - Has a password been specified?
|
||
# - If a password has been specified and there is data in the confirm box, do they match?
|
||
@@ -470,7 +475,11 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
|
||
if self.password_required:
|
||
if self.password:
|
||
self.password_kickstarted = False
|
||
- self.user.password = crypt_password(self.password)
|
||
+ if self._passwd_method_sm3 is True:
|
||
+ algo = "sm3"
|
||
+ else:
|
||
+ algo = None
|
||
+ self.user.password = crypt_password(self.password, algo)
|
||
self.user.is_crypted = True
|
||
self.remove_placeholder_texts()
|
||
|
||
@@ -696,3 +705,6 @@ class UserSpoke(FirstbootSpokeMixIn, NormalSpoke, GUISpokeInputCheckHandler):
|
||
NormalSpoke.on_back_clicked(self, button)
|
||
else:
|
||
log.info("Return to hub prevented by password checking rules.")
|
||
+
|
||
+ def on_sm3_clicked(self, button):
|
||
+ self._passwd_method_sm3 = self._passwd_method_button.get_active()
|
||
diff --git a/tests/unit_tests/pyanaconda_tests/test_crypt_password.py b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py
|
||
new file mode 100644
|
||
index 0000000..c2e1e4c
|
||
--- /dev/null
|
||
+++ b/tests/unit_tests/pyanaconda_tests/test_crypt_password.py
|
||
@@ -0,0 +1,23 @@
|
||
+from pyanaconda.core.users import crypt_password
|
||
+import unittest
|
||
+import crypt
|
||
+import os
|
||
+
|
||
+@unittest.skipIf(os.geteuid() != 0, "user creation must be run as root")
|
||
+class CryptPasswordTest(unittest.TestCase):
|
||
+ def setUp(self):
|
||
+ pass
|
||
+
|
||
+ def tearDown(self):
|
||
+ pass
|
||
+
|
||
+ def test_crypt_password(self):
|
||
+ origin_password = "password"
|
||
+ encrypted = crypt_password(origin_password, "sm3")
|
||
+ self.assertTrue(encrypted.startswith("$sm3$"))
|
||
+
|
||
+ encrypted = crypt_password(origin_password)
|
||
+ self.assertTrue(encrypted.startswith("$6$"))
|
||
+
|
||
+if __name__ == '__main__':
|
||
+ unittest.main()
|
||
--
|
||
2.27.0
|
||
|