shadow: Remove encrypted passwd for useradd-groupadd-groupmod-usermod

Remove encrypted passwd for useradd/groupadd/groupmod/usermod In groupadd/useradd, p parameter does not meet password complexity checks. Do not satisfy security requirements. Signed-off-by: xiongshenglan <xiongshenglan@huawei.com>
2023-08-11 15:13:31 +08:00 · 2023-08-11 15:13:31 +08:00 · 321b447d60
commit 321b447d60
parent e024307bdc
2 changed files with 8 additions and 8 deletions
--- a/backport-shadow-Remove-encrypted-passwd-for-useradd-gr.patch
+++ b/backport-shadow-Remove-encrypted-passwd-for-useradd-gr.patch
@ -105,17 +105,17 @@ diff --git a/src/usermod.c b/src/usermod.c
 index ca8db92..509a50b 100644
 --- a/src/usermod.c
 +++ b/src/usermod.c
-@@ -435,7 +435,9 @@ static /*@noreturn@*/void usage (int status)
+@@ -384,7 +384,9 @@ static /*@noreturn@*/void usage (int status)
 	(void) fputs (_("  -m, --move-home               move contents of the home directory to the\n"
 	                "                                new location (use only with -d)\n"), usageout);
 	(void) fputs (_("  -o, --non-unique              allow using duplicate (non-unique) UID\n"), usageout);
 +#ifndef CONFIG_SHADOW_REMOVE_POPTION
 	(void) fputs (_("  -p, --password PASSWORD       use encrypted password for the new password\n"), usageout);
 +#endif
 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
 	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
- 	(void) fputs (_("  -s, --shell SHELL             new login shell for the user account\n"), usageout);
+ 	(void) fputs (_("  -r, --remove                  remove the user from only the supplemental GROUPS\n"
-@@ -1152,10 +1154,12 @@ static void process_flags (int argc, char **argv)
+ 	                "                                mentioned by the -G option without removing\n"
@@ -1121,10 +1123,12 @@ static void process_flags (int argc, char **argv)
 			case 'o':
 				oflg = true;
 				break;
@ -125,9 +125,9 @@ index ca8db92..509a50b 100644
 				pflg = true;
 				break;
 +#endif
- 			case 'R': /* no-op, handled in process_root_flag () */
+ 			case 'r':
 				rflg = true;
 				break;
 			case 'P': /* no-op, handled in process_prefix_flag () */
 -- 
 2.12.3
--- a/shadow.spec
+++ b/shadow.spec
@ -30,7 +30,7 @@ Patch10: backport-Read-whole-line-in-yes_or_no.patch
 Patch11: backport-commonio-free-removed-database-entries.patch
 Patch12: backport-semanage-disconnect-to-free-libsemanage-internals.patch
 Patch13: backport-run_parts-for-groupadd-and-groupdel.patch
-Patch14: backport-shadow-Remove-encrypted-passwd-for-useradd-gr.patch
+Patch14: shadow-Remove-encrypted-passwd-for-useradd-gr.patch
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel
@ -199,7 +199,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a}
 %changelog
 * Fri Aug 11 2023 xiongshenglan<xiongshenglan@huawei.com> - 2:4.13-6
- backport Remove encrypted passwd for useradd-groupadd-groupmod-usermod 
+- Remove encrypted passwd for useradd-groupadd-groupmod-usermod 
 * Mon Jun 19 2023 yunjia_w<yunjia.wang@huawei.com> - 2:4.13-5
 - backport patches from upstream