From 0e92da0f5f6a7fbf859f8d6048373ca84e0d42f7 Mon Sep 17 00:00:00 2001 From: ligc Date: Mon, 14 Jan 2013 14:56:44 +0000 Subject: [PATCH] for encrypted system password in passwd table, the SHA256 and SHA512 encrypted passwords could be automatically recongnized git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@14874 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- perl-xCAT/xCAT/Schema.pm | 2 +- xCAT-server/lib/perl/xCAT/Template.pm | 3 ++- xCAT-server/lib/xcat/plugins/packimage.pm | 3 ++- xCAT-server/lib/xcat/plugins/statelite.pm | 3 ++- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/perl-xCAT/xCAT/Schema.pm b/perl-xCAT/xCAT/Schema.pm index c969c2cb8..a1c01a8e9 100644 --- a/perl-xCAT/xCAT/Schema.pm +++ b/perl-xCAT/xCAT/Schema.pm @@ -711,7 +711,7 @@ passwd => { key => 'The type of component this user/pw is for. Valid values: blade (management module), ipmi (BMC), system (nodes), omapi (DHCP), hmc, ivm, cec, frame, switch.', username => 'The default userid for this type of component', password => 'The default password for this type of component', - cryptmethod => 'Indicates the method that was used to encrypt the password attribute. On AIX systems, if a value is provided for this attribute it indicates that the passwword attribute is encrypted. If the cryptmethod value is not set it indicates the password is a simple string value. On Linux systems, the cryyptmethod is not supported however the code attempts to auto-discover MD5 encrypted passowrds.', + cryptmethod => 'Indicates the method that was used to encrypt the password attribute. On AIX systems, if a value is provided for this attribute it indicates that the passwword attribute is encrypted. If the cryptmethod value is not set it indicates the password is a simple string value. On Linux systems, the cryyptmethod is not supported however the code attempts to auto-discover MD5, SHA256 and SHA512 encrypted passwords.', comments => 'Any user-written notes.', disable => "Set to 'yes' or '1' to comment out this row.", }, diff --git a/xCAT-server/lib/perl/xCAT/Template.pm b/xCAT-server/lib/perl/xCAT/Template.pm index b21b7eb78..f549689cb 100644 --- a/xCAT-server/lib/perl/xCAT/Template.pm +++ b/xCAT-server/lib/perl/xCAT/Template.pm @@ -597,7 +597,8 @@ sub genpassword { sub crydb { my $result = tabdb(@_); - unless ($result =~ /^\$1\$/) { + # 1 - MD5, 5 - SHA256, 6 - SHA512 + unless (($result =~ /^\$1\$/) || ($result =~ /^\$5\$/) || ($result =~ /^\$6\$/)) { $result = crypt($result,'$1$'.genpassword(8)); } return $result; diff --git a/xCAT-server/lib/xcat/plugins/packimage.pm b/xCAT-server/lib/xcat/plugins/packimage.pm index 6b6b1476f..e870e3610 100644 --- a/xCAT-server/lib/xcat/plugins/packimage.pm +++ b/xCAT-server/lib/xcat/plugins/packimage.pm @@ -317,7 +317,8 @@ sub process_request { my @shadents = <$shadow>; close($shadow); open($shadow,">","$rootimg_dir/etc/shadow"); - unless ($pass =~ /^\$1\$/) { + # 1 - MD5, 5 - SHA256, 6 - SHA512 + unless (($pass =~ /^\$1\$/) || ($pass =~ /^\$5\$/) || ($pass =~ /^\$6\$/)) { $pass = crypt($pass,'$1$'.xCAT::Utils::genpassword(8)); } print $shadow "root:$pass:13880:0:99999:7:::\n"; diff --git a/xCAT-server/lib/xcat/plugins/statelite.pm b/xCAT-server/lib/xcat/plugins/statelite.pm index 387b4c7f8..2972635ca 100644 --- a/xCAT-server/lib/xcat/plugins/statelite.pm +++ b/xCAT-server/lib/xcat/plugins/statelite.pm @@ -187,7 +187,8 @@ sub process_request { my @shadents = <$shadow>; close($shadow); open($shadow,">","$rootimg_dir/etc/shadow"); - unless ($pass =~ /^\$1\$/) { + # 1 - MD5, 5 - SHA256, 6 - SHA512 + unless (($pass =~ /^\$1\$/) || ($pass =~ /^\$5\$/) || ($pass =~ /^\$6\$/)) { $pass = crypt($pass,'$1$'.genpassword(8)); } print $shadow "root:$pass:13880:0:99999:7:::\n";