From 95a0e8727164d67d18a875cdd5c8b3cac8da1cab Mon Sep 17 00:00:00 2001 From: Alexey Berezhok Date: Tue, 7 Jan 2025 15:27:17 +0300 Subject: [PATCH] Added sha-512 authorization fix --- bin/v-get-user-salt | 15 +++++++++++---- src/rpm/hestia/hestia.spec | 5 +++-- web/login/index.php | 9 +++++++-- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/bin/v-get-user-salt b/bin/v-get-user-salt index d248755..a7fd8dc 100755 --- a/bin/v-get-user-salt +++ b/bin/v-get-user-salt @@ -36,7 +36,8 @@ json_list() { "METHOD": "'$method'", "SALT": "'$salt'", "TIME": "'$time'", - "DATE": "'$date'" + "DATE": "'$date'", + "ROUND":"'$round'" }' echo '}' } @@ -45,17 +46,18 @@ json_list() { shell_list() { echo "METHOD: $method" echo "SALT: $salt" + echo "ROUND: $round" } # PLAIN list function plain_list() { - echo -e "$method\t$salt" + echo -e "$method\t$salt\t$round" } # CSV list function csv_list() { - echo "METHOD,SALT" - echo "$method, $salt" + echo "METHOD,SALT,ROUND" + echo "$method, $salt, $round" } #----------------------------------------------------------# @@ -81,6 +83,11 @@ shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :) if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'; then salt=$(echo "$shadow" | cut -f 3 -d \$) + round="" + if [[ "$salt" =~ ^rounds= ]]; then + round=$salt + salt=$(echo "$shadow" | cut -f 4 -d \$) + fi method=$(echo "$shadow" | cut -f 2 -d \$) if [ "$method" = "y" ]; then method='yescrypt' diff --git a/src/rpm/hestia/hestia.spec b/src/rpm/hestia/hestia.spec index b09145b..ae0b12f 100644 --- a/src/rpm/hestia/hestia.spec +++ b/src/rpm/hestia/hestia.spec @@ -2,7 +2,7 @@ %global _hardened_build 1 Name: hestia -Version: 1.9.2 +Version: 1.9.3 Release: 1%{dist} Summary: Hestia Control Panel Group: System Environment/Base @@ -184,8 +184,9 @@ fi %{_tmpfilesdir}/%{name}.conf %changelog -* Sun Jan 05 2025 Alexey Berezhok - 1.9.2-1 +* Sun Jan 05 2025 Alexey Berezhok - 1.9.3-1 - Added minor fixes +- Added authorization fix for rhel 9.5 * Mon Dec 30 2024 Alexey Berezhok - 1.9.1-1 - Added port specification ofor local services on domain editing diff --git a/web/login/index.php b/web/login/index.php index 01bc2ca..7725088 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -145,13 +145,18 @@ function authenticate_user($user, $password, $twofa = "") { } else { $salt = $pam[$user]["SALT"]; $method = $pam[$user]["METHOD"]; + $round = $pam[$user]["ROUND"]; if ($method == "md5") { $hash = crypt($password, '$1$' . $salt . '$'); } if ($method == "sha-512") { - $hash = crypt($password, '$6$rounds=5000$' . $salt . '$'); - $hash = str_replace('$rounds=5000', "", $hash); + if ($round == "") { + $hash = crypt($password, '$6$rounds=5000$' . $salt . '$'); + $hash = str_replace('$rounds=5000', "", $hash); + } else { + $hash = crypt($password, '$6$' . $round . '$' . $salt . '$'); + } } if ($method == "yescrypt") { $fp = tmpfile();