newusers, liboobs uses crypt insted of md5, intrepid installer doesn't use sha512

Bug #51551 reported by Daniel Robitaille on 2006-07-02
24
Affects Status Importance Assigned to Milestone
liboobs (Ubuntu)
Medium
Kees Cook
migration-assistant (Ubuntu)
Medium
Unassigned
shadow (Ubuntu)
Medium
Kees Cook
user-setup (Ubuntu)
Medium
Evan

Bug Description

Binary package hint: passwd

initially sent to the ubuntu-users mailing list when reported by the user using reportbug

---------- Forwarded message ----------
From: "Dr. Markus Waldeck" <email address hidden>
To: Ubuntu Bug Tracking System <email address hidden>
Date: Sat, 01 Jul 2006 08:24:34 -0400
Subject: passwd: newusers uses crypt insted of md5
Package: passwd
Version: 1:4.0.3-30.7ubuntu16
Severity: normal

MD5 passwords are activated via pam

/etc/pam.d/common-password:
password required pam_unix.so nullok obscure min=4 max=8 md5

If I use newusers to generate them they will receive a "crypt"ed
password!

I could not figure out why debcoof claims: passwd/md5: false

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages passwd depends on:
ii libc6 2.3.5-1ubuntu8 GNU C Library: Shared libraries an
ii libpam-modules 0.76-22 Pluggable Authentication Modules f
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii login 1:4.0.3-30.7ubuntu16 System login tools

-- debconf information:
 passwd/password-mismatch:
 passwd/root-password-crypted: false
* passwd/username: waldeck
 passwd/password-empty:
* passwd/make-user: true
 passwd/md5: false
 passwd/title:
 passwd/root-password-empty:
 passwd/user-password-crypted: false
* passwd/shadow: true
 passwd/username-bad:
* passwd/user-fullname: mw

Xeno Campanoli (xeno) wrote :

I confirm that I just demonstrated this behavior exists on my Feisty install on my laptop. I made a user ubu3, and it's password in shadow does NOT being with $1$.

Xeno Campanoli (xeno) wrote :

I used this input file:

root@radioflyer:/home/xeno/shop/ubtest# cat newusers
ubu3::::Ubuntu Test User 3:/home/ubu3:/bin/bash
---snip---
newusers newusers
and I got the following password line which clearly doesn't have a hash beginning with $1$:
ubu3:8xhfvFsxMIXh2:13671:0:99999:7:::
---snip---
xc

Changed in shadow:
status: Unconfirmed → Confirmed
Xeno Campanoli (xeno) wrote :

I guess I could mention that I got the comment about $1$ from the shadow man page. the newusers man page describes the input file being just like a passwd file entry with a few things left out, but all the columns there. That's probably all that's needed to repro this from the interface viewpoint. pam.d does have a newusers entry on my system:

root@radioflyer:/etc/pam.d# cat newusers
# The PAM configuration file for the Shadow 'newusers' service
#

# This allows root to add users with a batch file without being
# prompted for a password
auth sufficient pam_rootok.so

# checks for account validity
account required pam_permit.so
---snip---

Colin Watson (cjwatson) wrote :

Mm, yes. From the code, it looks like simply nobody ever implemented MD5 hashes in newusers.

Changed in shadow:
importance: Undecided → Medium
Colin Watson (cjwatson) wrote :

Or, at least, it only works if PAM is compiled out and MD5_CRYPT_ENAB=yes in /etc/login.defs. It doesn't look like it's implemented in the PAM case.

The debian 4.1.0-1 version fixed this (MD5_CRYPT_ENAB can be set to yes).

Note that the prefered solution would be to define ENCRYPT_METHOD to MD5.
(ENCRYPT_METHOD was introduced in 4.1.0 to allow new password encryption methods).

Kees Cook (kees) wrote :

I'd like to set ENCRYPT_METHOD to SHA512 by default to match the changes made in PAM for Intrepid. Additionally, this will require that ubiquity not call "chpasswd" with the "-m" flag, which overrides the /etc/login.defs setting. (This may need to change in d-i as well?)

Kees Cook (kees) wrote :

./d-i/source/migration-assistant/ma-script-utils: $chroot $ROOT chpasswd -m <<EOF
./d-i/source/user-setup/user-setup-apply: $chroot $ROOT chpasswd $OPTS <<EOF

(In the latter case, the OPTS can be blank, '-e' does the right thing)

Changed in ubiquity:
status: New → Triaged
Changed in shadow:
status: Confirmed → Triaged
Changed in ubiquity:
importance: Undecided → Medium
Colin Watson (cjwatson) on 2008-10-25
Changed in migration-assistant:
importance: Undecided → Medium
status: New → Triaged
Kees Cook (kees) on 2008-10-28
Changed in liboobs:
status: New → Triaged
Kees Cook (kees) wrote :

Yet-Another-Password-Writing-Implementation found in liboobs/system-tools-backends. *sigh* see bug 287134.

Changed in liboobs:
importance: Undecided → Medium
Evan (ev) on 2008-10-29
Changed in migration-assistant:
status: Triaged → Fix Committed
Changed in user-setup:
status: Triaged → Fix Released
status: Fix Released → Fix Committed
Kees Cook (kees) on 2008-11-13
Changed in liboobs:
assignee: nobody → james-w
Changed in shadow:
assignee: nobody → kees
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shadow - 1:4.1.1-5ubuntu2

---------------
shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low

  * debian/login.defs: use SHA512 by default for password crypt routine
    (LP: #51551, currently Ubuntu specific).
  * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
    encrypted passwords to stdout for tools needing encrypted passwords
    (debian bug 505640).
  * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.

 -- Kees Cook <email address hidden> Thu, 13 Nov 2008 16:43:48 -0800

Changed in shadow:
status: Triaged → Fix Released
Kees Cook (kees) wrote :

James, okay, you should be set to patch liboobs to use "chpasswd -S" to get an encrypted password (instead of doing it itself).

Kees Cook (kees) on 2008-11-24
Changed in liboobs:
milestone: none → jaunty-alpha-2
Changed in user-setup:
assignee: nobody → evand
Changed in migration-assistant:
assignee: nobody → evand
milestone: none → jaunty-alpha-2
Changed in shadow:
milestone: none → jaunty-alpha-1
Changed in user-setup:
milestone: none → jaunty-alpha-2
Kees Cook (kees) wrote :

Attached is my proposal. I've tested it and it seems to work just fine.

Changed in liboobs:
assignee: james-w → kees
status: Triaged → Fix Committed
Kees Cook (kees) wrote :

Erk, updated to catch control.in too.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package liboobs - 2.22.0-1ubuntu1

---------------
liboobs (2.22.0-1ubuntu1) jaunty; urgency=low

  * Use the passwd package to do password hashing instead of re-inventing
    the wheel (LP: #51551).
    - Add debian/patches/use-chpasswd.patch.
    - debian/control: add versioned Depend on passwd with "chpasswd -S".

 -- Kees Cook <email address hidden> Tue, 25 Nov 2008 09:51:52 -0800

Changed in liboobs:
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package user-setup - 1.23ubuntu1

---------------
user-setup (1.23ubuntu1) jaunty; urgency=low

  [ Evan Dandrea ]
  * Do not force chpasswd to md5 crypted passwords (LP: #51551).

  [ Colin Watson ]
  * Resynchronise with Debian. Remaining changes:
    - Add the initial user to the adm, dip, lpadmin, and sambashare
      groups too, and to the admin group if no root password is set. Do not
      add them to the audio, video, floppy, dip, netdev, or powerdev groups.
    - Allow the admin group to gain root privileges using sudo.
    - Default passwd/root-login to false.
    - Create the spu group on powerpc/ps3 and powerpc/cell.
    - Make is_system_user always return false if OVERRIDE_SYSTEM_USER is
      set.
    - Add preseedable passwd/auto-login question; if set to true, configure
      gdm and kdm for automatic login.
    - Ask whether the user wants to set up an encrypted private directory.
    - If passwd/allow-password-empty is preseeded to true, allow empty
      passwords.

user-setup (1.23) unstable; urgency=low

  [ Updated translations ]
  * Belarusian (be.po) by Pavel Piatruk
  * Bosnian (bs.po) by Armin Besirovic
  * Danish (da.po)
  * Croatian (hr.po) by Josip Rodin
  * Latvian (lv.po) by Peteris Krisjanis
  * Macedonian (mk.po) by Arangel Angov
  * Serbian (sr.po) by Veselin Mijušković

user-setup (1.22) unstable; urgency=low

  [ Jérémy Bobbio ]
  * Source confmodule in pre-pkgsel.d/10kdesudo.
  * As cdebconf is now fixed, on errors in root password, return to root
    password dialog (and not the one before it).
    Depends: cdebconf-udeb (>= 0.133)

  [ Updated translations ]
  * Arabic (ar.po) by Ossama M. Khayat
  * French (fr.po) by Christian Perrier
  * Kurdish (ku.po) by Erdal Ronahi
  * Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
  * Turkish (tr.po) by Mert Dirik

user-setup (1.21) unstable; urgency=low

  [ Frans Pop ]
  * user-setup-apply: avoid locale errors from perl when used in D-I.
  * Add pre-pkgsel hook script to setup kdesudo for KDE desktop installs
    without root account (#485655). Thanks to Didier Raboud for bringing up
    the subject and suggesting the solution.

  [ Colin Watson ]
  * Don't exit user-setup-apply if update-gconf-defaults fails.

  [ Updated translations ]
  * Basque (eu.po) by Iñaki Larrañaga Murgoitio
  * Finnish (fi.po) by Esko Arajärvi
  * Italian (it.po) by Milo Casagrande
  * Turkish (tr.po) by Mert Dirik
  * Simplified Chinese (zh_CN.po) by Kov Chai

 -- Colin Watson <email address hidden> Thu, 27 Nov 2008 18:32:51 +0000

Changed in user-setup:
status: Fix Committed → Fix Released
Evan (ev) on 2011-02-08
Changed in migration-assistant (Ubuntu):
assignee: Evan Dandrea (ev) → nobody
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers