1 Star 0 Fork 7

Xinlong-Chen/pam

forked from OpenCloudOS Stream/pam 
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
add-sm3-support.patch 6.03 KB
一键复制 编辑 原始数据 按行查看 历史
ZoeDong 提交于 2023-08-02 14:27 . Bump version to 1.5.3
From 67d62819fe4f6394c3db4eed843ece9c4adcaefc Mon Sep 17 00:00:00 2001
From: zoedong <[email protected]>
Date: Tue, 1 Aug 2023 17:15:02 +0800
Subject: [PATCH] add sm3 support
---
modules/pam_unix/pam_unix.8 | 9 ++++++++-
modules/pam_unix/pam_unix.8.xml | 16 +++++++++++++++-
modules/pam_unix/passverify.c | 5 ++++-
modules/pam_unix/support.c | 4 ++--
modules/pam_unix/support.h | 6 ++++--
5 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
index 438717f..2c80148 100644
--- a/modules/pam_unix/pam_unix.8
+++ b/modules/pam_unix/pam_unix.8
@@ -201,9 +201,16 @@ When a user changes their password next, encrypt it with the yescrypt algorithm\
function\&.
.RE
.PP
+\fBsm3\fR
+.RS 4
+When a user changes their password next, encrypt it with the SM3 algorithm\&. The SM3 algorithm must be supported by the
+\fBcrypt\fR(3)
+function\&.
+.RE
+.PP
rounds=n
.RS 4
-Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to
+Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, yescrypt and SM3 password hashing algorithms to
\fIn\fR\&.
.RE
.PP
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index dfc0427..fbd32e0 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -366,6 +366,20 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ sm3
+ </term>
+ <listitem>
+ <para>
+ When a user changes their password next,
+ encrypt it with the SM3 algorithm. The
+ SM3 algorithm must be supported by the <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> function.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
rounds=n
@@ -373,7 +387,7 @@
<listitem>
<para>
Set the optional number of rounds of the SHA256, SHA512,
- blowfish, gost-yescrypt, and yescrypt password hashing
+ blowfish, gost-yescrypt, yescrypt and SM3 password hashing
algorithms to
<replaceable>n</replaceable>.
</para>
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 81b10d8..1aee153 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -445,6 +445,8 @@ PAMH_ARG_DECL(char * create_password_hash,
algoid = "$5$";
} else if (on(UNIX_SHA512_PASS, ctrl)) {
algoid = "$6$";
+ } else if (on(UNIX_SM3_PASS, ctrl)) {
+ algoid = "$sm3$";
} else { /* must be crypt/bigcrypt */
char tmppass[9];
char *hashed;
@@ -492,7 +494,8 @@ PAMH_ARG_DECL(char * create_password_hash,
on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" :
on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
- on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
+ on(UNIX_SHA512_PASS, ctrl) ? "sha512" :
+ on(UNIX_SM3_PASS, ctrl) ? "sm3" : algoid);
if(sp) {
pam_overwrite_string(sp);
}
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 043273d..4052868 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -99,7 +99,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
free (val);
/* read number of rounds for crypt algo */
- if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
+ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl) || on(UNIX_SM3_PASS, ctrl))) {
val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS");
if (val) {
@@ -194,7 +194,7 @@ unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
} else if (on(UNIX_BLOWFISH_PASS, ctrl)) {
if (*rounds < 4 || *rounds > 31)
*rounds = 5;
- } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+ } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl) || on(UNIX_SM3_PASS, ctrl)) {
if ((*rounds < 1000) || (*rounds == INT_MAX)) {
/* don't care about bogus values */
*rounds = 0;
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 8105400..b5712b5 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -101,10 +101,11 @@ typedef struct {
#define UNIX_GOST_YESCRYPT_PASS 31 /* new password hashes will use gost-yescrypt */
#define UNIX_YESCRYPT_PASS 32 /* new password hashes will use yescrypt */
#define UNIX_NULLRESETOK 33 /* allow empty password if password reset is enforced */
+#define UNIX_SM3_PASS 34 /* new password hashes will use SM3 */
/* -------------- */
-#define UNIX_CTRLS_ 34 /* number of ctrl arguments defined */
+#define UNIX_CTRLS_ 35 /* number of ctrl arguments defined */
-#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl))
+#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl)&&off(UNIX_SM3_PASS,ctrl))
static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
{
@@ -145,6 +146,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
/* UNIX_GOST_YESCRYPT_PASS */ {"gost_yescrypt", _ALL_ON_^(015660420000ULL), 04000000000, 1},
/* UNIX_YESCRYPT_PASS */ {"yescrypt", _ALL_ON_^(015660420000ULL), 010000000000, 1},
/* UNIX_NULLRESETOK */ {"nullresetok", _ALL_ON_, 020000000000, 0},
+/* UNIX_SM3_PASS */ {"sm3", _ALL_ON_^(015660420000ULL), 040000000000, 1},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
--
2.41.0
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/xinlong-chen/pam.git
[email protected]:xinlong-chen/pam.git
xinlong-chen
pam
pam
master

搜索帮助