Initial import, version 4.2.1

author: Mattias Andrée 2015-12-13 15:37:23 +0100
committer: Mattias Andrée 2015-12-13 15:37:23 +0100
commit: b5e7ab30ace8fe0b34d0401315cef15f3c22f818 (patch)
tree: 8a8ac89bf2a90a78a67a65e08e311d7e8e814032 /0001-Use-libpassphrase-when-entering-passwords.patch
download: aur-shadow-libpassphrase.tar.gz
1 files changed, 460 insertions, 0 deletions
diff --git a/0001-Use-libpassphrase-when-entering-passwords.patch b/0001-Use-libpassphrase-when-entering-passwords.patch
new file mode 100644
index 000000000000..226f4b5d7891
--- /dev/null
+++ b/0001-Use-libpassphrase-when-entering-passwords.patch
@@ -0,0 +1,460 @@
+From d5074436f7d8f9666fe1e6aac6d732ea62d182c8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mattias=20Andr=C3=A9e?= <maandree@member.fsf.org>
+Date: Sat, 5 Dec 2015 21:09:45 +0100
+Subject: [PATCH 1/2] Use libpassphrase when entering passwords.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+libpassphrase can be compiled so that it can display
+the strength of the password, including telling the
+user that she is using a common passphrase.
+
+As a bonus, libpassphrase can be configured to do
+something else then just be slient without echoes.
+
+Signed-off-by: Mattias Andrée <maandree@member.fsf.org>
+---
+ ChangeLog          | 10 ++++++++
+ README             |  1 +
+ lib/Makefile.am    |  6 +++--
+ lib/pwauth.c       |  6 +++--
+ lib/xgetpass.c     | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ lib/xgetpass.h     | 35 ++++++++++++++++++++++++++++
+ libmisc/pam_pass.c | 40 +++++++++++++++++++++++++++++++-
+ src/gpasswd.c      |  6 +++--
+ src/newgrp.c       |  4 +++-
+ src/passwd.c       |  8 ++++---
+ src/sulogin.c      |  6 +++--
+ 11 files changed, 176 insertions(+), 13 deletions(-)
+ create mode 100644 lib/xgetpass.c
+ create mode 100644 lib/xgetpass.h
+
+diff --git a/ChangeLog b/ChangeLog
+index 23cd5ae..bc43385 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,13 @@
++2015-12-05  Mattias Andrée  <maandree@member.fsf.org>
++
++	* lib/xgetpass.c: Add ability to use libpassphrase>=1449331105 instead of getpass.
++	* libmisc/pam_pass.c: Use xgetpass instead of misc_conv when entering (not retyping) the new password.
++	* lib/pwauth.c: Replace getpass with xgetpass.
++	* src/gpasswd.c: Likewise.
++	* src/newgrp.c: Likewise.
++	* src/passwd.c: Likewise.
++	* src/sulogin.c: Likewise.
++
+ 2014-05-09  Christian Perrier  <bubulle@debian.org>
+ 
+ 	* Include patches only included in Debian for 4.2
+diff --git a/README b/README
+index e531de6..5c27142 100644
+--- a/README
++++ b/README
+@@ -87,6 +87,7 @@ Leonard N. Zubkoff <lnz@dandelion.com>
+ Luca Berra <bluca@www.polimi.it>
+ Lukáš Kuklínek <lkukline@redhat.com>
+ Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
++Mattias Andrée <maandree@member.fsf.org>
+ Marc Ewing <marc@redhat.com>
+ Martin Bene <mb@sime.com>
+ Martin Mares <mj@gts.cz>
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index 6db86cd..3fa3817 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -5,7 +5,7 @@ DEFS =
+ 
+ noinst_LTLIBRARIES = libshadow.la
+ 
+-libshadow_la_LDFLAGS = -version-info 0:0:0
++libshadow_la_LDFLAGS = -version-info 0:0:0 -lpassphrase
+ 
+ libshadow_la_SOURCES = \
+ 	commonio.c \
+@@ -53,7 +53,9 @@ libshadow_la_SOURCES = \
+ 	shadowio.h \
+ 	shadowmem.c \
+ 	spawn.c \
+-	utent.c
++	utent.c \
++	xgetpass.c \
++	xgetpass.h
+ 
+ if WITH_TCB
+ libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
+diff --git a/lib/pwauth.c b/lib/pwauth.c
+index 9e24fbf..6775465 100644
+--- a/lib/pwauth.c
++++ b/lib/pwauth.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+  * Copyright (c) 2003 - 2006, Tomasz Kłoczko
+  * Copyright (c) 2008 - 2009, Nicolas François
++ * Copyright (c) 2015       , Mattias Andrée
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -45,6 +46,7 @@
+ #include "defines.h"
+ #include "pwauth.h"
+ #include "getdef.h"
++#include "xgetpass.h"
+ #ifdef SKEY
+ #include <skey.h>
+ #endif
+@@ -161,7 +163,7 @@ int pw_auth (const char *cipher,
+ #endif
+ 
+ 		snprintf (prompt, sizeof prompt, cp, user);
+-		clear = getpass (prompt);
++		clear = xgetpass (prompt, 0);
+ 		if (NULL == clear) {
+ 			static char c[1];
+ 
+@@ -194,7 +196,7 @@ int pw_auth (const char *cipher,
+ 	 * -- AR 8/22/1999
+ 	 */
+ 	if ((0 != retval) && ('\0' == input[0]) && use_skey) {
+-		clear = getpass (prompt);
++		clear = xgetpass (prompt, 0);
+ 		if (NULL == clear) {
+ 			static char c[1];
+ 
+diff --git a/lib/xgetpass.c b/lib/xgetpass.c
+new file mode 100644
+index 0000000..a44ffc0
+--- /dev/null
++++ b/lib/xgetpass.c
+@@ -0,0 +1,67 @@
++/*
++ * Copyright (c) 2015       , Mattias Andrée
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the copyright holders or contributors may not be used to
++ *    endorse or promote products derived from this software without
++ *    specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include <config.h>
++
++#ident "$Id$"
++
++#include <unistd.h>
++#include <passphrase.h>
++#include <fcntl.h>
++#include <errno.h>
++#include <stdio.h>
++
++char *xgetpass (const char *prompt, int is_new)
++{
++	int fd, saved_errno;
++	char *pass;
++
++	fd = open ("/dev/tty", O_RDWR);
++	if (-1 == fd) {
++		return NULL;
++	}
++
++	passphrase_disable_echo1 (fd);
++	fprintf (stderr, "%s", prompt);
++	fflush (stderr);
++	pass = passphrase_read2 (fd, is_new
++	                         ? PASSPHRASE_READ_NEW |
++	                           PASSPHRASE_READ_SCREEN_FREE
++	                         : PASSPHRASE_READ_EXISTING);
++	saved_errno = errno;
++	passphrase_reenable_echo1 (fd);
++	errno = saved_errno;
++	return pass;
++
++	/*
++	return getpass (prompt);
++	(void) is_new;
++	*/
++}
++
+diff --git a/lib/xgetpass.h b/lib/xgetpass.h
+new file mode 100644
+index 0000000..b1abbb0
+--- /dev/null
++++ b/lib/xgetpass.h
+@@ -0,0 +1,35 @@
++/*
++ * Copyright (c) 2015       , Mattias Andrée
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the copyright holders or contributors may not be used to
++ *    endorse or promote products derived from this software without
++ *    specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++/*
++ *	$Id$
++ */
++
++
++char *xgetpass (const char *prompt, int is_new);
+diff --git a/libmisc/pam_pass.c b/libmisc/pam_pass.c
+index a89bb2c..93029ec 100644
+--- a/libmisc/pam_pass.c
++++ b/libmisc/pam_pass.c
+@@ -2,6 +2,7 @@
+  * Copyright (c) 1997 - 1999, Marek Michałkiewicz
+  * Copyright (c) 2001 - 2005, Tomasz Kłoczko
+  * Copyright (c) 2008       , Nicolas François
++ * Copyright (c) 2015       , Mattias Andrée
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -42,22 +43,59 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <string.h>
+ #include <sys/types.h>
+ #include "defines.h"
+ #include "pam_defs.h"
+ #include "prototypes.h"
++#include "xgetpass.h"
++
++static int xgetpass_conv (int num_msg, const struct pam_message **msg,
++			  struct pam_response **resp, void *appdata_ptr)
++{
++	struct pam_response *response;
++	static int first_enter = 0;
++	int current;
++	int saved_errno;
++
++	if ((num_msg != 1) || (msg[0]->msg_style != PAM_PROMPT_ECHO_OFF))
++		return conv.conv (num_msg, msg, resp, appdata_ptr);
++
++	response = calloc((size_t)1, sizeof(struct pam_response));
++	if (response == NULL) {
++		return PAM_CONV_ERR;
++	}
++
++	current = strchr(msg[0]->msg, '(') != NULL;
++	first_enter ^= !current;
++	response->resp_retcode = 0;
++	response->resp = xgetpass (msg[0]->msg, first_enter & !current);
++	if (response->resp == NULL) {
++		saved_errno = errno;
++		free(response);
++		errno = saved_errno;
++		return PAM_CONV_ERR;
++	}
++
++	*resp = response;
++	return PAM_SUCCESS;
++}
++
+ 
+ void do_pam_passwd (const char *user, bool silent, bool change_expired)
+ {
+ 	pam_handle_t *pamh = NULL;
+ 	int flags = 0, ret;
++	struct pam_conv conv_proper = conv;
++
++	conv_proper.conv = xgetpass_conv;
+ 
+ 	if (silent)
+ 		flags |= PAM_SILENT;
+ 	if (change_expired)
+ 		flags |= PAM_CHANGE_EXPIRED_AUTHTOK;
+ 
+-	ret = pam_start ("passwd", user, &conv, &pamh);
++	ret = pam_start ("passwd", user, &conv_proper, &pamh);
+ 	if (ret != PAM_SUCCESS) {
+ 		fprintf (stderr,
+ 			 _("passwd: pam_start() failed, error %d\n"), ret);
+diff --git a/src/gpasswd.c b/src/gpasswd.c
+index 8959a35..811a93d 100644
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+  * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+  * Copyright (c) 2007 - 2011, Nicolas François
++ * Copyright (c) 2015       , Mattias Andrée
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -46,6 +47,7 @@
+ #include "groupio.h"
+ #include "nscd.h"
+ #include "prototypes.h"
++#include "xgetpass.h"
+ #ifdef SHADOWGRP
+ #include "sgroupio.h"
+ #endif
+@@ -909,14 +911,14 @@ static void change_passwd (struct group *gr)
+ 	printf (_("Changing the password for group %s\n"), group);
+ 
+ 	for (retries = 0; retries < RETRIES; retries++) {
+-		cp = getpass (_("New Password: "));
++		cp = xgetpass (_("New Password: "), 1);
+ 		if (NULL == cp) {
+ 			exit (1);
+ 		}
+ 
+ 		STRFCPY (pass, cp);
+ 		strzero (cp);
+-		cp = getpass (_("Re-enter new password: "));
++		cp = xgetpass (_("Re-enter new password: "), 0);
+ 		if (NULL == cp) {
+ 			exit (1);
+ 		}
+diff --git a/src/newgrp.c b/src/newgrp.c
+index 49dd151..6ea3617 100644
+--- a/src/newgrp.c
++++ b/src/newgrp.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+  * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+  * Copyright (c) 2007 - 2008, Nicolas François
++ * Copyright (c) 2015       , Mattias Andrée
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -42,6 +43,7 @@
+ #include "defines.h"
+ #include "getdef.h"
+ #include "prototypes.h"
++#include "xgetpass.h"
+ /*@-exitarg@*/
+ #include "exitcodes.h"
+ 
+@@ -171,7 +173,7 @@ static void check_perms (const struct group *grp,
+ 		 * get the password from her, and set the salt for
+ 		 * the decryption from the group file.
+ 		 */
+-		cp = getpass (_("Password: "));
++		cp = xgetpass (_("Password: "), 0);
+ 		if (NULL == cp) {
+ 			goto failure;
+ 		}
+diff --git a/src/passwd.c b/src/passwd.c
+index 3424f3b..c2cac67 100644
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+  * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+  * Copyright (c) 2007 - 2011, Nicolas François
++ * Copyright (c) 2015       , Mattias Andrée
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -55,6 +56,7 @@
+ #include "pwauth.h"
+ #include "pwio.h"
+ #include "shadowio.h"
++#include "xgetpass.h"
+ 
+ /*
+  * exit status values
+@@ -237,7 +239,7 @@ static int new_password (const struct passwd *pw)
+ 	 */
+ 
+ 	if (!amroot && ('\0' != crypt_passwd[0])) {
+-		clear = getpass (_("Old password: "));
++		clear = xgetpass (_("Old password: "), 1);
+ 		if (NULL == clear) {
+ 			return -1;
+ 		}
+@@ -312,7 +314,7 @@ static int new_password (const struct passwd *pw)
+ 
+ 	warned = false;
+ 	for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) {
+-		cp = getpass (_("New password: "));
++		cp = xgetpass (_("New password: "), 1);
+ 		if (NULL == cp) {
+ 			memzero (orig, sizeof orig);
+ 			return -1;
+@@ -339,7 +341,7 @@ static int new_password (const struct passwd *pw)
+ 			warned = true;
+ 			continue;
+ 		}
+-		cp = getpass (_("Re-enter new password: "));
++		cp = xgetpass (_("Re-enter new password: "), 0);
+ 		if (NULL == cp) {
+ 			memzero (orig, sizeof orig);
+ 			return -1;
+diff --git a/src/sulogin.c b/src/sulogin.c
+index ccbf2c5..1296856 100644
+--- a/src/sulogin.c
++++ b/src/sulogin.c
+@@ -3,6 +3,7 @@
+  * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+  * Copyright (c) 2002 - 2006, Tomasz Kłoczko
+  * Copyright (c) 2007 - 2010, Nicolas François
++ * Copyright (c) 2015       , Mattias Andrée
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -43,6 +44,7 @@
+ #include "getdef.h"
+ #include "prototypes.h"
+ #include "pwauth.h"
++#include "xgetpass.h"
+ /*@-exitarg@*/
+ #include "exitcodes.h"
+ 
+@@ -202,10 +204,10 @@ static RETSIGTYPE catch_signals (unused int sig)
+ 		 */
+ 
+ 		/* get a password for root */
+-		cp = getpass (_(
++		cp = xgetpass (_(
+ "\n"
+ "Type control-d to proceed with normal startup,\n"
+-"(or give root password for system maintenance):"));
++"(or give root password for system maintenance): "), 0);
+ 		/*
+ 		 * XXX - can't enter single user mode if root password is
+ 		 * empty.  I think this doesn't happen very often :-). But
+-- 
+2.6.3
+
author	Mattias Andrée	2015-12-13 15:37:23 +0100
committer	Mattias Andrée	2015-12-13 15:37:23 +0100
commit	b5e7ab30ace8fe0b34d0401315cef15f3c22f818 (patch)
tree	8a8ac89bf2a90a78a67a65e08e311d7e8e814032 /0001-Use-libpassphrase-when-entering-passwords.patch
download	aur-shadow-libpassphrase.tar.gz