!62 chpasswd fix function problem with R parameter

From: @yunjia_w 
Reviewed-by: @zhengxiaoxiaoGitee, @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee

backport-chpasswd-add-get_salt-for-generating-salt-value.patch

@@ -0,0 +1,117 @@
+From 6d1b10b9e516bd88fa34392395b0a7c6e6f54fd7 Mon Sep 17 00:00:00 2001
+From: juyin <zhuyan34@huawei.com>
+Date: Thu, 31 Mar 2022 16:45:19 +0800
+Subject: [PATCH] chpasswd: add get_salt for generating salt value
+ 
+The function that generates the salt value is extracted separately, and it is more convenient to modify it later.
+ 
+Reference: https://github.com/shadow-maint/shadow/commit/a026154c6fca7c7e5d6d0723e0cc29d6cd9fa00a
+Conflict: The EulerOS supports SM3. As a result, the patch is different.
+---
+ src/chpasswd.c | 73 +++++++++++++++++++++++++++-----------------------
+ 1 file changed, 39 insertions(+), 34 deletions(-)
+ 
+diff --git a/src/chpasswd.c b/src/chpasswd.c
+index 5dfb995..708f973 100644
+--- a/src/chpasswd.c
++++ b/src/chpasswd.c
+@@ -430,12 +430,54 @@ static void close_files (void)
+ 	pw_locked = false;
+ }
+ 
++static const char *get_salt(void)
++{
++	if (   !eflg
++		&& (   (NULL == crypt_method)
++			|| (0 != strcmp (crypt_method, "NONE")))) {
++		void *arg = NULL;
++
++		if (md5flg) {
++			crypt_method = "MD5";
++		}
++#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
++		if (sflg) {
++#if defined(USE_SHA_CRYPT)
++			if (   (0 == strcmp (crypt_method, "SHA256"))
++				|| (0 == strcmp (crypt_method, "SHA512"))) {
++				arg = &sha_rounds;
++			}
++#endif				/* USE_SHA_CRYPT */
++#if defined(USE_BCRYPT)
++			if (0 == strcmp (crypt_method, "BCRYPT")) {
++				arg = &bcrypt_rounds;
++			}
++#endif				/* USE_BCRYPT */
++#if defined(USE_YESCRYPT)
++			if (0 == strcmp (crypt_method, "YESCRYPT")) {
++				arg = &yescrypt_cost;
++			}
++#endif				/* USE_YESCRYPT */
++#if defined(USE_SM3_CRYPT)
++			if (0 == strcmp (crypt_method, "SM3")) {
++				arg = &sm3_rounds;
++			}
++#endif				/* USE_SM3_CRYPT */
++		}
++#endif
++		return crypt_make_salt (crypt_method, arg);
++	}
++
++	return NULL;
++}
++
+ int main (int argc, char **argv)
+ {
+ 	char buf[BUFSIZ];
+ 	char *name;
+ 	char *newpwd;
+ 	char *cp;
++	const char *salt;
+ 
+ #ifdef USE_PAM
+ 	bool use_pam = true;
+@@ -545,40 +587,8 @@ int main (int argc, char **argv)
+ 		const struct passwd *pw;
+ 		struct passwd newpw;
+ 
+-		if (   !eflg
+-		    && (   (NULL == crypt_method)
+-		        || (0 != strcmp (crypt_method, "NONE")))) {
+-			void *arg = NULL;
+-			const char *salt;
+-			if (md5flg) {
+-				crypt_method = "MD5";
+-			}
+-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
+-			if (sflg) {
+-#if defined(USE_SHA_CRYPT)
+-				if (   (0 == strcmp (crypt_method, "SHA256"))
+-					|| (0 == strcmp (crypt_method, "SHA512"))) {
+-					arg = &sha_rounds;
+-				}
+-#endif				/* USE_SHA_CRYPT */
+-#if defined(USE_BCRYPT)
+-				if (0 == strcmp (crypt_method, "BCRYPT")) {
+-					arg = &bcrypt_rounds;
+-				}
+-#endif				/* USE_BCRYPT */
+-#if defined(USE_YESCRYPT)
+-				if (0 == strcmp (crypt_method, "YESCRYPT")) {
+-					arg = &yescrypt_cost;
+-				}
+-#endif				/* USE_YESCRYPT */
+-#if defined(USE_SM3_CRYPT)
+-				if (0 == strcmp (crypt_method, "SM3")) {
+-					arg = &sm3_rounds;
+-				}
+-#endif				/* USE_SM3_CRYPT */
+-			}
+-#endif
+-			salt = crypt_make_salt (crypt_method, arg);
++		salt = get_salt();
++		if (salt) {
+ 			cp = pw_encrypt (newpwd, salt);
+ 			if (NULL == cp) {
+ 				fprintf (stderr,
+-- 
+2.33.0

backport-chpasswd-fix-function-problem-with-R-parameter.patch

@@ -0,0 +1,48 @@
+From 3732cf72d6f05fcd9d9f301eac84c1a61443e379 Mon Sep 17 00:00:00 2001
+From: juyin <zhuyan34@huawei.com>
+Date: Thu, 31 Mar 2022 16:48:52 +0800
+Subject: [PATCH] chpasswd: fix function problem with -R parameter
+ 
+Generating salt value depends on /dev/urandom. But after the
+function process_root_flag changed the root directory, It does
+not exist.
+ 
+So, generate salt value before changeing the directory.
+ 
+Fixes: #514
+ 
+Reference: https://github.com/shadow-maint/shadow/commit/3732cf72d6f05fcd9d9f301eac84c1a61443e379
+Conflict: NA
+---
+ src/chpasswd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+ 
+diff --git a/src/chpasswd.c b/src/chpasswd.c
+index 94e923ab..d0da14c6 100644
+--- a/src/chpasswd.c
++++ b/src/chpasswd.c
+@@ -451,10 +451,11 @@ int main (int argc, char **argv)
+ 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
+ 	(void) textdomain (PACKAGE);
+ 
+-	process_root_flag ("-R", argc, argv);
+-
+ 	process_flags (argc, argv);
+ 
++	salt = get_salt();
++	process_root_flag ("-R", argc, argv);
++
+ #ifdef USE_PAM
+ 	if (md5flg || eflg || cflg) {
+ 		use_pam = false;
+@@ -545,7 +546,6 @@ int main (int argc, char **argv)
+ 		const struct passwd *pw;
+ 		struct passwd newpw;
+ 
+-		salt = get_salt();
+ 		if (salt) {
+ 			cp = pw_encrypt (newpwd, salt);
+ 			if (NULL == cp) {
+-- 
+2.23.0
+

shadow.spec

@@ -1,6 +1,6 @@
 Name: shadow
 Version: 4.9
-Release: 6
+Release: 7
 Epoch: 2
 License: BSD and GPLv2+
 Summary: Tools for managing accounts and shadow password files
@@ -46,6 +46,8 @@ Patch26: backport-Remove-commented-out-code-and-FIXMEs.patch
 Patch27: backport-Remove-redeclared-variable.patch
 Patch28: backport-libmisc-add-check-fopen-return-value-in-read_random_.patch
 Patch29: backport-passwd-erase-password-copy-on-all-error-branches.patch
+Patch30: backport-chpasswd-add-get_salt-for-generating-salt-value.patch
+Patch31: backport-chpasswd-fix-function-problem-with-R-parameter.patch
 
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel
@@ -212,6 +214,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_mandir}/*/*
 
 %changelog
+* Tue Nov 22 2022  yunjia_w<yunjia.wang@huawei.com> - 2:4.9-7
+- chpasswd fix function problem with R parameter
+
 * Mon Oct 31 2022  yunjia_w<yunjia.wang@huawei.com> - 2:4.9-6
 - add some backport to optimize some functions