!36 Correct popt memory handling

From: @fly_fzc Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
Correct popt memory handling
2024-09-18 08:24:19 +00:00 · 2024-09-18 15:24:59 +08:00 · 2024-04-30 01:22:17 +00:00 · 2024-04-29 17:31:05 +08:00 · 2023-02-09 06:48:42 +00:00 · 2023-02-09 12:41:36 +08:00
5 changed files with 2325 additions and 26 deletions
--- a/add-sm3-crypt-support.patch
+++ b/add-sm3-crypt-support.patch
@ -0,0 +1,630 @@
+From 3e3f03313cc2a08efe7a7c64bf1d5cdd7333569d Mon Sep 17 00:00:00 2001
+From: lujie42 <lujie42@huawei.com>
+Date: Fri, 29 Oct 2021 15:56:12 +0800
+Subject: [PATCH] add sm3 crypt support
+
+Signed-off-by: lujie42 <lujie42@huawei.com>
+---
+ Makefile.in             |   8 +
+ docs/libuser.conf.5.in  |   4 +-
+ lib/util.c              |   4 +-
+ tests/files_sm3.conf.in |  25 +++
+ tests/sm3_test          |  43 +++++
+ tests/sm3_test.py       | 446 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 6 files changed, 527 insertions(+), 3 deletions(-)
+ create mode 100644 tests/files_sm3.conf.in
+ create mode 100755 tests/sm3_test
+ create mode 100755 tests/sm3_test.py
+
+diff --git a/Makefile.in b/Makefile.in
+index 6633313..0952d0f 100644
+--- a/Makefile.in
+++ b/Makefile.in
+@@ -928,6 +928,7 @@ EXTRA_DIST = \
+ 	tests/config_login.defs tests/config_login2.defs \
+ 	tests/config_override.conf.in tests/config_test.py \
+ 	tests/config_test.sh \
+	tests/files_sm3.conf.in tests/sm3_test tests/sm3_test.py \
+ 	tests/default_pw.conf.in tests/default_pw_test tests/default_pw_test.py \
+ 	tests/files.conf.in tests/files_test tests/files_test.py \
+ 	tests/fs.conf.in tests/fs_test tests/fs_test.py \
+@@ -2390,6 +2391,13 @@ tests/fs_test.log: tests/fs_test
+ 	--log-file $$b.log --trs-file $$b.trs \
+ 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tests/sm3_test.log: tests/sm3_test
+	@p='tests/sm3_test'; \
+	b='tests/sm3_test'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+ tests/files_test.log: tests/files_test
+ 	@p='tests/files_test'; \
+ 	b='tests/files_test'; \
+diff --git a/docs/libuser.conf.5.in b/docs/libuser.conf.5.in
+index 2af0828..cf74b4f 100644
+--- a/docs/libuser.conf.5.in
+++ b/docs/libuser.conf.5.in
+@@ -68,7 +68,7 @@ The algorithm to use for password encryption when creating new passwords.
+ The current algorithm may be retained
+ when changing a password of an existing user, depending on the application.
+ 
+-Possible values are \fBdes\fR, \fBmd5\fR, \fBblowfish\fR,
+Possible values are \fBdes\fR, \fBmd5\fR, \fBblowfish\fR, \fBsm3\fR,
+ .B sha256
+ and \fBsha512\fR, all case-insensitive.
+ Unrecognized values are treated as \fBdes\fR.
+@@ -80,7 +80,7 @@ These variables specify an inclusive range of hash rounds used when
+ .B crypt_style
+ is
+ .B sha256
+-or \fBsha512\fR.
+or \fBsha512\fR or \fBsm3\fR.
+ A number of hash rounds is chosen from this interval randomly.
+ A larger number of rounds makes password checking, and brute-force attempts
+ to guess the password by reversing the hash, more CPU-intensive.
+diff --git a/lib/util.c b/lib/util.c
+index 1b03f7d..904c586 100644
+--- a/lib/util.c
+++ b/lib/util.c
+@@ -117,7 +117,7 @@ fill_urandom(char *output, size_t length)
+ }
+ 
+ static const struct {
+-	const char initial[5];
+	const char initial[6];
+ 	char separator[2];
+ 	size_t salt_length;
+ 	gboolean sha_rounds;
+@@ -127,6 +127,7 @@ static const struct {
+ 	{"$2a$", "$", 8, FALSE },
+ 	{"$5$", "$", 16, TRUE },
+ 	{"$6$", "$", 16, TRUE },
+	{"$sm3$", "$", 16, TRUE },
+ 	{ "", "", 2 },
+ };
+ 
+@@ -234,6 +235,7 @@ lu_util_default_salt_specifier(struct lu_context *context)
+ 		{ "blowfish", "$2a$", FALSE },
+ 		{ "sha256", "$5$", TRUE },
+ 		{ "sha512", "$6$", TRUE },
+		{ "sm3", "$sm3$", TRUE },
+ 	};
+ 
+ 	const char *salt_type;
+diff --git a/tests/files_sm3.conf.in b/tests/files_sm3.conf.in
+new file mode 100644
+index 0000000..3831d0f
+--- /dev/null
+++ b/tests/files_sm3.conf.in
+@@ -0,0 +1,25 @@
+[defaults]
+# non-portable
+moduledir = @TOP_BUILDDIR@/modules/.libs
+skeleton = /etc/skel
+mailspooldir = /var/mail
+modules = files shadow
+create_modules = files shadow
+crypt_style = sm3
+
+[userdefaults]
+LU_USERNAME = %n
+LU_UIDNUMBER = 500
+LU_GIDNUMBER = %u
+
+[groupdefaults]
+LU_GROUPNAME = %n
+LU_GIDNUMBER = 500
+
+[files]
+directory = @WORKDIR@/sm3
+nonroot = yes
+
+[shadow]
+directory = @WORKDIR@/sm3
+nonroot = yes
+diff --git a/tests/sm3_test b/tests/sm3_test
+new file mode 100755
+index 0000000..bdb2034
+--- /dev/null
+++ b/tests/sm3_test
+@@ -0,0 +1,43 @@
+#!/bin/bash
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+# Description: Automated files/shadow regression tester for sm3 crypt
+# Create: 2021-07-26
+
+srcdir=$srcdir/tests
+
+workdir=$(pwd)/test_sm3
+
+trap 'status=$?; rm -rf "$workdir"; exit $status' 0
+trap '(exit 1); exit 1' 1 2 13 15
+
+rm -rf "$workdir"
+mkdir "$workdir"
+
+# Set up an the environment
+mkdir "$workdir"/sm3
+
+cat > "$workdir"/sm3/passwd <<\EOF
+empty_user::42:43:::
+EOF
+cat > "$workdir"/sm3/shadow <<\EOF
+empty_user::::::::
+EOF
+cat > "$workdir"/sm3/group <<\EOF
+empty_group::44:
+EOF
+cat > "$workdir"/sm3/gshadow <<\EOF
+empty_group:::
+EOF
+
+# Set up the client
+LIBUSER_CONF=$workdir/libuser.conf
+export LIBUSER_CONF
+sed "s|@WORKDIR@|$workdir|g; s|@TOP_BUILDDIR@|$(pwd)|g" \
+    < "$srcdir"/files_sm3.conf.in > "$LIBUSER_CONF"
+# Ugly non-portable hacks
+LD_LIBRARY_PATH=$(pwd)/lib/.libs
+export LD_LIBRARY_PATH
+PYTHONPATH=$(pwd)/python/.libs
+export PYTHONPATH
+
+workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/sm3_test.py
+diff --git a/tests/sm3_test.py b/tests/sm3_test.py
+new file mode 100755
+index 0000000..e680dd7
+--- /dev/null
+++ b/tests/sm3_test.py
+@@ -0,0 +1,446 @@
+#!/usr/bin/python
+# Copyright (c) Huawei Technologies Co., Ltd. 2021-2021. All rights reserved.
+# Description: sm3 crypt testcase
+# Create: 2021-07-26
+
+import crypt
+import libuser
+import os
+import os.path
+import sys
+import unittest
+
+#sm3
+crypt_flag="$sm3$"
+crypt_flag_len=5
+crypt_t="sm3"
+
+
+class Tests(unittest.TestCase):
+    def setUp(self):
+        self.a = libuser.admin()
+
+    def testSm3UserLock1(self):
+        e = self.a.initUser('user100_1')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user100_1')
+        self.a.setpassUser(e, '00as1wm0AZG56', True)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['00as1wm0AZG56'])
+        self.a.lockUser(e)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!00as1wm0AZG56'])
+
+    def testSm3UserLock2(self):
+        e = self.a.initUser('user100_2')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user100_2')
+        self.a.setpassUser(e, 'HABAG_12=%', False)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.lockUser(e)
+        del e
+        e = self.a.lookupUserByName('user100_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:2 + crypt_flag_len], '!!' + crypt_flag)
+
+    def testSm3UserUnlock1(self):
+        e = self.a.initUser('user101_1')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user101_1')
+        self.a.setpassUser(e, '!!00as1wm0AZG56', True)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!00as1wm0AZG56'])
+        self.a.unlockUser(e)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['00as1wm0AZG56'])
+
+    def testSm3UserUnlock2(self):
+        e = self.a.initUser('user101_2')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user101_2')
+        self.a.setpassUser(e, '00as1wm0AZG56', True)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['00as1wm0AZG56'])
+        self.a.unlockUser(e)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['00as1wm0AZG56'])
+
+    def testSm3UserUnlock3(self):
+        e = self.a.initUser('user101_3')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user101_3')
+        self.a.setpassUser(e, 'HABAG_12=%', False)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.lockUser(e)
+        del e
+        e = self.a.lookupUserByName('user101_3')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:2 + crypt_flag_len], '!!' + crypt_flag)
+        self.a.unlockUser(e)
+        del e
+        e = self.a.lookupUserByName('user101_3')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+
+    def testSm3UserUnlockNonempty1(self):
+        e = self.a.initUser('user102_1')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user102_1')
+        self.a.setpassUser(e, '!!00as1wm0AZG56', True)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!00as1wm0AZG56'])
+        self.a.unlockUser(e, True)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['00as1wm0AZG56'])
+
+    def testSm3UserUnlockNonempty2(self):
+        e = self.a.initUser('user102_2')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user102_2')
+        self.a.setpassUser(e, 'GJMK12#@', False)
+
+        del e
+        e = self.a.lookupUserByName('user102_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.lockUser(e)
+        del e
+        e = self.a.lookupUserByName('user102_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:2 + crypt_flag_len], '!!' + crypt_flag)
+        self.a.unlockUser(e, True)
+        del e
+        e = self.a.lookupUserByName('user102_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+
+    def testSm3UserUnlockNonempty3(self):
+        e = self.a.initUser('user102_3')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user102_3')
+        self.a.setpassUser(e, '!!', True)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!'])
+        self.assertRaises(RuntimeError, self.a.unlockUser, e, True)
+        del e
+        e = self.a.lookupUserByName('user102_3')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!'])
+
+
+    def testSm3UserSetpass1(self):
+        e = self.a.initUser('user103_1')
+        e[libuser.SHADOWPASSWORD] = '02oawyZdjhhpg'
+        e[libuser.SHADOWLASTCHANGE] = 100
+        self.a.addUser(e, False, False)
+
+        del e
+        e = self.a.lookupUserByName('user103_1')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['02oawyZdjhhpg'])
+        self.assertEqual(e[libuser.SHADOWLASTCHANGE], [100])
+        self.a.setpassUser(e, 'password', False)
+        del e
+        e = self.a.lookupUserByName('user103_1')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        crypted = crypt.crypt('password', e[libuser.SHADOWPASSWORD][0])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [crypted])
+        self.assertGreater(e[libuser.SHADOWLASTCHANGE][0], 10000)
+
+
+    def testSm3UserSetpass2(self):
+        # Forcing the non-shadow password to 'x'
+        e = self.a.initUser('user103_2')
+        e[libuser.USERPASSWORD] = '*'
+        e[libuser.SHADOWPASSWORD] = '08lnuxCM.c36E'
+        self.a.addUser(e, False, False)
+
+        del e
+        # shadow module's addUser forces USERPASSWORD to 'x'
+        e = self.a.lookupUserByName('user103_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['08lnuxCM.c36E'])
+        e[libuser.USERPASSWORD] = '*'
+        self.a.modifyUser(e, False)
+
+        del e
+        e = self.a.lookupUserByName('user103_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['*'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['08lnuxCM.c36E'])
+        self.a.setpassUser(e, 'password', False)
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        crypted = crypt.crypt('password', e[libuser.SHADOWPASSWORD][0])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [crypted])
+
+
+    def testSm3UserSetpass3(self):
+        # ':' in field value
+        e = self.a.initUser('user103_3')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user103_3')
+        self.assertNotIn(':', e[libuser.SHADOWPASSWORD][0])
+        self.assertRaises(SystemError, self.a.setpassUser, e, 'a:b', True)
+        self.a.setpassUser(e, 'a:b', False)
+        del e
+        e = self.a.lookupUserByName('user103_3')
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.assertNotIn(':', e[libuser.SHADOWPASSWORD][0])
+        crypted = crypt.crypt('a:b', e[libuser.SHADOWPASSWORD][0])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [crypted])
+
+
+    def testSm3UserRemovepass1(self):
+        e = self.a.initUser('user104_1')
+        e[libuser.SHADOWPASSWORD] = '03dgZm5nZvqOc'
+        e[libuser.SHADOWLASTCHANGE] = 100
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user104_1')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['03dgZm5nZvqOc'])
+        self.assertEqual(e[libuser.SHADOWLASTCHANGE], [100])
+        self.a.removepassUser(e)
+        del e
+        e = self.a.lookupUserByName('user104_1')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [''])
+        self.assertGreater(e[libuser.SHADOWLASTCHANGE][0], 10000)
+
+    def testSm3UserRemovepass2(self):
+        e = self.a.initUser('user104_2')
+        self.a.addUser(e, False, False)
+        del e
+        e = self.a.lookupUserByName('user104_2')
+        self.a.setpassUser(e, 'ABc123', False)
+        del e
+        e = self.a.lookupUserByName('user104_2')
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.removepassUser(e)
+        del e
+        e = self.a.lookupUserByName('user104_2')
+        self.assertEqual(e[libuser.USERPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [''])
+
+
+    def testSm3GroupLock1(self):
+        e = self.a.initGroup('group100_1')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group100_1')
+        self.a.setpassGroup(e, '04cmES7HM6wtg', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+        self.a.lockGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!04cmES7HM6wtg'])
+
+    def testSm3GroupLock2(self):
+        e = self.a.initGroup('group100_2')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group100_2')
+        self.a.setpassGroup(e, '!!04cmES7HM6wtg', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!04cmES7HM6wtg'])
+        self.a.lockGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!04cmES7HM6wtg'])
+
+    def testSm3GroupLock3(self):
+        e = self.a.initGroup('group100_3')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group100_3')
+        self.a.setpassGroup(e, 'ABc123MTK', False)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.lockGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group100_3')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:2 + crypt_flag_len], '!!' + crypt_flag)
+
+    def testSm3GroupUnlock1(self):
+        e = self.a.initGroup('group101_1')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group101_1')
+        self.a.setpassGroup(e, '!!04cmES7HM6wtg', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!04cmES7HM6wtg'])
+        self.a.unlockGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+
+    def testSm3GroupUnlock2(self):
+        e = self.a.initGroup('group101_2')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group101_2')
+        self.a.setpassGroup(e, '04cmES7HM6wtg', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+        self.a.unlockGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+
+    def testSm3GroupUnlock3(self):
+        e = self.a.initGroup('group101_3')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group101_3')
+        self.a.setpassGroup(e, 'axbc12#=', False)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.lockGroup(e)
+        self.a.unlockGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group101_3')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+
+    def testSm3GroupUnlockNonempty1(self):
+        e = self.a.initGroup('group102_1')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group102_1')
+        self.a.setpassGroup(e, '!!04cmES7HM6wtg', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!04cmES7HM6wtg'])
+        self.a.unlockGroup(e, True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+
+    def testSm3GroupUnlockNonempty2(self):
+        e = self.a.initGroup('group102_2')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group102_2')
+        self.a.setpassGroup(e, '04cmES7HM6wtg', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+        self.a.unlockGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['04cmES7HM6wtg'])
+
+    def testSm3GroupUnlockNonempty3(self):
+        e = self.a.initGroup('group102_3')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group102_3')
+        self.a.setpassGroup(e, 'a9ld3dabd', False)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        del e
+        e = self.a.lookupGroupByName('group102_3')
+        self.a.lockGroup(e)
+        self.a.unlockGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+
+    def testSm3GroupUnlockNonempty4(self):
+        e = self.a.initGroup('group102_4')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group102_4')
+        self.a.setpassGroup(e, '!!', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!'])
+        self.assertRaises(RuntimeError, self.a.unlockGroup, e, True)
+        del e
+        e = self.a.lookupGroupByName('group102_4')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['!!'])
+
+    def testSm3GroupSetpass1(self):
+        e = self.a.initGroup('group103_1')
+        e[libuser.SHADOWPASSWORD] = '06aZrb3pzuu/6'
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group103_1')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['06aZrb3pzuu/6'])
+        self.a.setpassGroup(e, 'password', False)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        crypted = crypt.crypt('password', e[libuser.SHADOWPASSWORD][0])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [crypted])
+
+    def testSm3GroupSetpass2(self):
+        # Forcing the non-shadow password to 'x'
+        e = self.a.initGroup('group103_2')
+        e[libuser.GROUPPASSWORD] = '*'
+        e[libuser.SHADOWPASSWORD] = '07ZZy2Pihe/gg'
+        self.a.addGroup(e)
+        del e
+        # shadow module's addGroup forces GROUPPASSWORD to 'x'
+        e = self.a.lookupGroupByName('group103_2')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['07ZZy2Pihe/gg'])
+        e[libuser.GROUPPASSWORD] = '*'
+        self.a.modifyGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group103_2')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['*'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['07ZZy2Pihe/gg'])
+        self.a.setpassGroup(e, 'password', False)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        crypted = crypt.crypt('password', e[libuser.SHADOWPASSWORD][0])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [crypted])
+
+    def testSm3GroupSetpass3(self):
+        # Forcing the non-shadow password to 'x'
+        e = self.a.initGroup('group103_3')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group103_3')
+        self.a.setpassGroup(e, 'ad#la03/8da', True)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['ad#la03/8da'])
+
+    def testSm3GroupRemovepass1(self):
+        e = self.a.initGroup('group104_1')
+        e[libuser.SHADOWPASSWORD] = '07Js7N.eEhbgs'
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group104_1')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], ['07Js7N.eEhbgs'])
+        self.a.removepassGroup(e)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [''])
+
+    def testSm3GroupRemovepass2(self):
+        e = self.a.initGroup('group104_2')
+        self.a.addGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group104_2')
+        self.a.setpassGroup(e, 'ad#la03/8da', False)
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD][0][:crypt_flag_len], crypt_flag)
+        self.a.removepassGroup(e)
+        del e
+        e = self.a.lookupGroupByName('group104_2')
+        self.assertEqual(e[libuser.GROUPPASSWORD], ['x'])
+        self.assertEqual(e[libuser.SHADOWPASSWORD], [''])
+
+    def tearDown(self):
+        del self.a
+
+
+if __name__ == '__main__':
+    unittest.main()
+-- 
+1.8.3.1
+
--- a/backport-Correct-popt-memory-handling.patch
+++ b/backport-Correct-popt-memory-handling.patch
--- a/backport-tests-fix-ldap-test-for-new-Fedora.patch
+++ b/backport-tests-fix-ldap-test-for-new-Fedora.patch
@ -0,0 +1,64 @@
+From b854e3da65dbf264511579b93c0e001d9ef03371 Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Feb 23 2022 14:18:57 +0000
+Subject: tests: fix ldap test for new Fedora
+
+
+Openldap has changed in fedora and command line option -h is
+no longer available in utilities like ldapadd. Solution here is
+to switch to URI (-H)
+
+Support for bdb backend is dropped, test are using mdb backend since
+this update
+
+---
+
+diff --git a/tests/default_pw_test b/tests/default_pw_test
+index 733c85c..9c76b95 100755
+--- a/tests/default_pw_test
+++ b/tests/default_pw_test
+@@ -69,7 +69,7 @@ get_file_password() # file under $workdir/files, entry name
+ get_ldap_password() # entry filter
+ {
+     echo "Checking $1 ..." >&2
+-    ldapsearch -LLL -h 127.0.0.1 -p "$ldap_port" -x -b 'dc=libuser' "$1" \
+    ldapsearch -LLL -H ldap://127.0.0.1:$ldap_port -x -b 'dc=libuser' "$1" \
+ 	userPassword | sed -n 's/userPassword:: //p'
+ }
+ 
+@@ -103,7 +103,7 @@ for modules in \
+ 	    tests/wait_for_slapd_start "$workdir"/slapd.pid "$ldap_port"
+ 	    slapd_pid=$(cat "$workdir"/slapd.pid)
+ 	    trap 'status=$?; kill $slapd_pid; rm -rf "$workdir"; exit $status' 0
+-	    ldapadd -h 127.0.0.1 -p "$ldap_port" -f "$srcdir/ldap_skel.ldif" -x \
+	    ldapadd -H ldap://127.0.0.1:$ldap_port -f "$srcdir/ldap_skel.ldif" -x \
+ 		-D cn=Manager,dc=libuser -w password
+ 	    ;;
+     esac
+diff --git a/tests/ldap_test b/tests/ldap_test
+index 54609b1..c7ac377 100755
+--- a/tests/ldap_test
+++ b/tests/ldap_test
+@@ -56,7 +56,7 @@ slapd_pid=$(cat "$workdir"/slapd.pid)
+ trap 'status=$?; kill $slapd_pid
+ 	tests/wait_for_slapd_exit "$workdir"/slapd.pid "$ldap_port"
+ 	rm -rf "$workdir"; exit $status' 0
+-ldapadd -h 127.0.0.1 -p "$ldap_port" -f "$srcdir/ldap_skel.ldif" -x \
+ldapadd -H "ldap://127.0.0.1:$ldap_port" -f "$srcdir/ldap_skel.ldif" -x \
+     -D cn=Manager,dc=libuser -w password
+ 
+ 
+diff --git a/tests/slapd.conf.in b/tests/slapd.conf.in
+index 06ef10d..8e49a36 100644
+--- a/tests/slapd.conf.in
+++ b/tests/slapd.conf.in
+@@ -10,7 +10,7 @@ pidfile @WORKDIR@/slapd.pid
+ TLSCertificateFile @WORKDIR@/key.pem
+ TLSCertificateKeyFile @WORKDIR@/key.pem
+ 
+-database bdb
+database mdb
+ suffix "dc=libuser"
+ rootdn "cn=Manager,dc=libuser"
+ rootpw {SSHA}ABgelmLFZQ/OJzVEp3OM5MzWQ9rt3b4F
+
--- a/libuser-do-not-use-deprecated-flask.h-and-av_permissions.patch
+++ b/libuser-do-not-use-deprecated-flask.h-and-av_permissions.patch
@ -0,0 +1,78 @@
+From 29d9996dd200916db888d41196f87609bce329ff Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Apr 07 2020 11:55:38 +0000
+Subject: Do not use deprecated flask.h and av_permissions.h
+
+
+selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
+next SELinux release.
+
+Use string_to_security_class() and string_to_av_perm() to get class and
+permission values. The original hardcoded values could be invalid and are
+deprecated as the whole flask.h and av_permissions.h header files.
+
+Fixes: https://pagure.io/libuser/issue/44
+
+---
+
+diff --git a/apps/apputil.c b/apps/apputil.c
+index 1937645..7413ab5 100644
+--- a/apps/apputil.c
+++ b/apps/apputil.c
+@@ -26,8 +26,6 @@
+ #include <unistd.h>
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+-#include <selinux/av_permissions.h>
+-#include <selinux/flask.h>
+ #include <selinux/context.h>
+ #endif
+ #include "../lib/error.h"
+@@ -57,7 +55,7 @@ check_access(const char *chuser, access_vector_t access)
+ 
+ 			retval = security_compute_av(user_context,
+ 						     user_context,
+-						     SECCLASS_PASSWD,
+						     string_to_security_class("passwd"),
+  						     access, &avd);
+ 
+ 			if (retval == 0 && (avd.allowed & access) == access)
+@@ -221,19 +219,25 @@ lu_authenticate_unprivileged(struct lu_context *ctx, const char *user,
+ #ifdef WITH_SELINUX
+ 	if (is_selinux_enabled() > 0) {
+ 		/* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */
+-		if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) {
+-			security_context_t user_context;
+		if (getuid() == 0) {
+			security_class_t class;
+			access_vector_t perm;
+			class = string_to_security_class("passwd");
+			perm = string_to_av_perm(class, "chfn");
+			if (check_access(user, perm) != 0) {
+				security_context_t user_context;
+ 
+-			if (getprevcon(&user_context) < 0)
+-				user_context = NULL;
+-			/* FIXME: "change the finger info?" */
+-			fprintf(stderr,
+-				_("%s is not authorized to change the finger "
+-				  "info of %s\n"), user_context ? user_context
+-				: _("Unknown user context"), user);
+-			if (user_context != NULL)
+-				freecon(user_context);
+-			goto err;
+				if (getprevcon(&user_context) < 0)
+					user_context = NULL;
+				/* FIXME: "change the finger info?" */
+				fprintf(stderr,
+					_("%s is not authorized to change the finger "
+					  "info of %s\n"), user_context ? user_context
+					: _("Unknown user context"), user);
+				if (user_context != NULL)
+					freecon(user_context);
+				goto err;
+			}
+ 		}
+ 		/* FIXME: is this right for lpasswd? */
+ 		if (!lu_util_fscreate_from_file("/etc/passwd", NULL)) {
+
--- a/libuser.spec
+++ b/libuser.spec
@ -1,23 +1,30 @@
-Name    : libuser
-Version : 0.62
-Release : 20
-Summary : A user and group account administration library
-License : LGPLv2+
-URL     : https://pagure.io/libuser
-Source  : http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
+Name:    libuser
+Version: 0.62
+Release: 25
+Summary: A user and group account administration library
+License: LGPLv2+
+URL:     https://pagure.io/libuser
+Source:  http://releases.pagure.org/libuser/libuser-%{version}.tar.xz

-# Patch1 : this patch is from fedora.
-Patch1   :    0001-Fix-errors-with-Werror-format-security.patch
+# Patch0 : this patch is from fedora.
+Patch0:    0001-Fix-errors-with-Werror-format-security.patch
+Patch1:    0009-Check-negative-return-of-PyList_Size.patch
+Patch2:    0010-files.c-Init-char-name-to-NULL.patch
+Patch3:    0011-merge_ent_array_duplicates-Only-use-values-if-valid.patch
+Patch4:    0012-editing_open-close-fd-after-we-ve-established-its-va.patch
+Patch5:    libuser-do-not-use-deprecated-flask.h-and-av_permissions.patch
+Patch6:    backport-tests-fix-ldap-test-for-new-Fedora.patch

-Patch9000:    0009-Check-negative-return-of-PyList_Size.patch
-Patch9001:    0010-files.c-Init-char-name-to-NULL.patch
-Patch9002:    0011-merge_ent_array_duplicates-Only-use-values-if-valid.patch
-Patch9003:    0012-editing_open-close-fd-after-we-ve-established-its-va.patch
+Patch6000: backport-Correct-popt-memory-handling.patch
+
+Patch9000: add-sm3-crypt-support.patch

 BuildRequires: cyrus-sasl-devel, nscd, linuxdoc-tools, pam-devel, popt-devel, gcc
 BuildRequires: libselinux-devel, openldap-devel, python3-devel, glib2-devel, gdb
 BuildRequires: python2-devel, fakeroot, openldap-clients, openldap-servers, openssl

+Requires: pam-sm3 libxcrypt-sm3
+
 %description
 The libuser library implements a standardized interface for manipulating
 and administering user and group accounts. The library uses pluggable
@ -56,6 +63,7 @@ and group accounts.

 %package help
 Summary:        Documents files for %{name}
+Buildarch:      noarch
 Requires:       man, info

 %description help
@ -65,11 +73,17 @@ Man pages and other related documents for %{name}
 %setup -qc

 pushd libuser-%{version}
+%patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+
+%patch6000 -p1
+
 %patch9000 -p1
-%patch9001 -p1
-%patch9002 -p1
-%patch9003 -p1
 popd

 cp -dpR libuser-%{version} python2 || :
@ -100,16 +114,15 @@ make -C python2 install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' || :
 %find_lang %{name}

 %check
-
-#make -C python2 check || { cat python2/test-suite.log; false; }
-#LC_ALL=C.UTF-8 make -C python3 check \
-#	|| { cat python3/test-suite.log; false; }
-#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_prefix}/%{_lib}:${LD_LIBRARY_PATH}
-#export LD_LIBRARY_PATH
-#cd $RPM_BUILD_ROOT/%{python2_sitearch}
-#python2 -c "import libuser"
-#cd $RPM_BUILD_ROOT/%{python3_sitearch}
-#LC_ALL=C.UTF-8 python3 -c "import libuser"
+make -C python2 check || { cat python2/test-suite.log; false; }
+LC_ALL=C.UTF-8 make -C python3 check \
+	|| { cat python3/test-suite.log; false; }
+LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_prefix}/%{_lib}:${LD_LIBRARY_PATH}
+export LD_LIBRARY_PATH
+cd $RPM_BUILD_ROOT/%{python2_sitearch}
+python2 -c "import libuser"
+cd $RPM_BUILD_ROOT/%{python3_sitearch}
+LC_ALL=C.UTF-8 python3 -c "import libuser"

 %post
 /sbin/ldconfig
@ -151,6 +164,21 @@ make -C python2 install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' || :
 %{_mandir}/man5/*

 %changelog
+* Wed Sep 18 2024 fuanan <fuanan3@h-partners.com> - 0.62-25
+- Correct popt memory handling
+
+* Mon Apr 29 2024 fuanan <fuanan3@h-partners.com> - 0.62-24
+- Added 'Buildarch: noarch' to the help subpackage
+
+* Thu Feb 09 2023 fuanan <fuanan3@h-partners.com> - 0.62-23
+- enable make check
+
+* Fri Oct 29 2021 lujie <lujie42@huawei.com> - 0.62-22
+- add sm3 crypt support
+
+* Mon Sep 21 2020 Liquor <lirui130@huawei.com> - 0.62-21
+- do not use deprecated flask.h and av_permissions.h
+
 * Sat Mar 21 2020 chengquan<chengquan3@huawei.com> - 0.62-20
 - add necessary BuildRequires
Author	SHA1	Message	Date
openeuler-ci-bot	70dc21a167	!36 Correct popt memory handling From: @fly_fzc Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2024-09-18 08:24:19 +00:00
fly_fzc	a62e450ecd	Correct popt memory handling	2024-09-18 15:24:59 +08:00
openeuler-ci-bot	6dd6f822d3	!35 [sync] PR-28: Added 'Buildarch: noarch' to the help subpackage From: @openeuler-sync-bot Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2024-04-30 01:22:17 +00:00
fly_fzc	f60166f3a4	Added 'Buildarch: noarch' to the help subpackage (cherry picked from commit 3845c46f97ed493039ba872de9cfdf26429a5ef4)	2024-04-29 17:31:05 +08:00
openeuler-ci-bot	bc87ec34ad	!24 enable make check From: @fly_fzc Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee	2023-02-09 06:48:42 +00:00
fly_fzc	3474612528	enable make check	2023-02-09 12:41:36 +08:00
openeuler-ci-bot	1521022db7	!8 add sm3 crypt support From: @lujie42 Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001	2021-10-30 08:37:22 +00:00
lujie42	acc86d81c9	add sm3 crypt support	2021-10-29 16:05:20 +08:00
openeuler-ci-bot	8d2848a51d	!5 openEuler-libuser From: @liquor1 Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1	2020-09-21 18:30:04 +08:00
liquor	74eec9b2a1	libuser do not use deprecated flask.h and av_permissions.h	2020-09-21 17:12:25 +08:00