Added sha-512 authorization fix

3 months ago · 95a0e87271
parent 4c51952ee3
commit 95a0e87271
3 changed files with 21 additions and 8 deletions
--- a/bin/v-get-user-salt
+++ b/bin/v-get-user-salt
@ -36,7 +36,8 @@ json_list() {
        "METHOD": "'$method'",
        "SALT": "'$salt'",
        "TIME": "'$time'",
-        "DATE": "'$date'"
+        "DATE": "'$date'",
+        "ROUND":"'$round'"
        }'
 	echo '}'
 }
@ -45,17 +46,18 @@ json_list() {
 shell_list() {
 	echo "METHOD:         $method"
 	echo "SALT:           $salt"
+	echo "ROUND:          $round"
 }

 # PLAIN list function
 plain_list() {
-	echo -e "$method\t$salt"
+	echo -e "$method\t$salt\t$round"
 }

 # CSV list function
 csv_list() {
-	echo "METHOD,SALT"
-	echo "$method, $salt"
+	echo "METHOD,SALT,ROUND"
+	echo "$method, $salt, $round"
 }

 #----------------------------------------------------------#
@ -81,6 +83,11 @@ shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)

 if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'; then
 	salt=$(echo "$shadow" | cut -f 3 -d \$)
+	round=""
+	if [[ "$salt" =~ ^rounds= ]]; then
+		round=$salt
+		salt=$(echo "$shadow" | cut -f 4 -d \$)
+	fi
 	method=$(echo "$shadow" | cut -f 2 -d \$)
 	if [ "$method" = "y" ]; then
 		method='yescrypt'
--- a/src/rpm/hestia/hestia.spec
+++ b/src/rpm/hestia/hestia.spec
@ -2,7 +2,7 @@
 %global _hardened_build 1

 Name:              hestia
-Version:           1.9.2
+Version:           1.9.3
 Release:           1%{dist}
 Summary:           Hestia Control Panel
 Group:             System Environment/Base
@ -184,8 +184,9 @@ fi
 %{_tmpfilesdir}/%{name}.conf

 %changelog
-* Sun Jan 05 2025 Alexey Berezhok <a@bayrepo.ru> - 1.9.2-1
+* Sun Jan 05 2025 Alexey Berezhok <a@bayrepo.ru> - 1.9.3-1
 - Added minor fixes
+- Added authorization fix for rhel 9.5

 * Mon Dec 30 2024 Alexey Berezhok <a@bayrepo.ru> - 1.9.1-1
 - Added port specification ofor local services on domain editing
--- a/web/login/index.php
+++ b/web/login/index.php
@ -145,13 +145,18 @@ function authenticate_user($user, $password, $twofa = "") {
 		} else {
 			$salt = $pam[$user]["SALT"];
 			$method = $pam[$user]["METHOD"];
+			$round = $pam[$user]["ROUND"];

 			if ($method == "md5") {
 				$hash = crypt($password, '$1$' . $salt . '$');
 			}
 			if ($method == "sha-512") {
-				$hash = crypt($password, '$6$rounds=5000$' . $salt . '$');
-				$hash = str_replace('$rounds=5000', "", $hash);
+				if ($round == "") {
+					$hash = crypt($password, '$6$rounds=5000$' . $salt . '$');
+					$hash = str_replace('$rounds=5000', "", $hash);
+				} else {
+					$hash = crypt($password, '$6$' . $round . '$' . $salt . '$');
+				}
 			}
 			if ($method == "yescrypt") {
 				$fp = tmpfile();