Skip to content

Commit

Permalink
password: use libxcrypt instead of mkpasswd
Browse files Browse the repository at this point in the history
  • Loading branch information
nikstur committed Oct 10, 2024
1 parent 35f8b65 commit f335d25
Show file tree
Hide file tree
Showing 8 changed files with 388 additions and 57 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Changelog

## 0.3.0 (unreleased)

- Userborn now calls `libxcrypt` directly via the `xcrypt` crate instead of
shelling out to `mkpasswd`. This enables us to not change the password hash
when a plaintext password is provided. We now check whether the password from
the config matches the hashed password and then re-use the salt instead of
generating a new salt. Please note that this changes nothing about the
security posture of Userborn. If you provide a plaintext password to
Userborn, there is nothing Userborn can do to protect it from leaking.

## 0.2.0

- /etc/{group,passwd,shadow} are now sorted by GID/UID. This follows the
Expand Down
6 changes: 0 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,6 @@ re-use is best illustrated by an example. Imagine the following scenario:

### Limitations to Nondestructivity

- When you provide a plaintext password in the config (which you really
shouldn't!), the hashed password is updated each time userborn runs. This can
be fixed in the future by calling `crypt()` directly (and re-using the
previos salt) instead of running `mkpasswd` in a subprocess. However, the
security gains of this would be 0 (because the password is already available
in plaintext!) and it will only suppress a single log line.
- Userborn can handle comments in the password database files but it will
silently discard them.
- Userborn will sort the password database files by GID/UID. This influences
Expand Down
17 changes: 7 additions & 10 deletions nix/packages/userborn.nix
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
{
lib,
rustPlatform,
makeBinaryWrapper,
mkpasswd,
libxcrypt,
}:

let
Expand All @@ -22,15 +21,13 @@ rustPlatform.buildRustPackage {
lockFile = ../../rust/userborn/Cargo.lock;
};

nativeBuildInputs = [ makeBinaryWrapper ];

buildInputs = [ mkpasswd ];

nativeCheckInputs = [ mkpasswd ];
nativeBuildInputs = [
rustPlatform.bindgenHook
];

postInstall = ''
wrapProgram $out/bin/userborn --prefix PATH : ${lib.makeBinPath [ mkpasswd ]}
'';
buildInputs = [
libxcrypt
];

stripAllList = [ "bin" ];

Expand Down
252 changes: 250 additions & 2 deletions rust/userborn/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions rust/userborn/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ log = "0.4.22"
serde = { version = "1.0.204", features = [ "derive" ] }
serde_json = "1.0.121"
env_logger = { version = "0.11.5", default-features = false }
xcrypt = "0.3.0"

[dev-dependencies]
indoc = "2.0.5"
Expand Down
Loading

0 comments on commit f335d25

Please sign in to comment.