/etc/shadow /usr/bin/passwd 详解(1)

格式详解(https://linuxize.com/post/etc-shadow-file/)

mark:$6$.n.:17736:0:99999:7:::
[--] [----] [---] - [---] ----
|      |      |   |   |   |||+-----------> 9. Unused
|      |      |   |   |   ||+------------> 8. Expiration date
|      |      |   |   |   |+-------------> 7. Inactivity period
|      |      |   |   |   +--------------> 6. Warning period
|      |      |   |   +------------------> 5. Maximum password age
|      |      |   +----------------------> 4. Minimum password age
|      |      +--------------------------> 3. Last password change
|      +---------------------------------> 2. Encrypted Password
+----------------------------------------> 1. Username
  1. Username. The string you type when you log into the system. The user account that exist on the system.

  2. Encrypted Password. The password is using the $type$salt$hashed format. $type is the method cryptographic hash algorithm and can have the following values:

    • $1$ – MD5
    • $2a$ – Blowfish
    • $2y$ – Eksblowfish
    • $5$ – SHA-256
    • $6$ – SHA-512

    If the password field contains an asterisk (*) or exclamation point (!), the user will not be able to login to the system using password authentication. Other login methods like key-based authentication or switching to the user are still allowed.

    In older Linux systems, the user’s encrypted password was stored in the /etc/passwd file.

  3. Last password change. This is the date when the password was last changed. The number of days is counted since January 1, 1970 (epoch date).

  4. Minimum password age. The number of days that must pass before the user password can be changed. Typically it is set to zero, which means that there is no minimum password age.

  5. Maximum password age. The number of days after the user password must be changed. By default, this number is set to 99999.

  6. Warning period. The number of days before the password expires during which the user is warned that the password must be changed.

  7. Inactivity period. The number of days after the user password expires before the user account is disabled. Typically this field is empty.

  8. Expiration date. The date when the account was disabled. It is represented as an epoch date.

  9. Unused. This field is ignored. It is reserved for future use.

源码查找

        通过passwd命令探查在centos7下 口令杂凑的计算过程

        查看命令位置

命令输出
which passwd/usr/bin/passwd

        查看命令的安装包信息

        

命令输出
yum provides passwd

        passwd-0.79-6.el7.x86_64 : An utility for setting or changing passwords using PAM
        Repo        : base

        passwd-0.79-4.el7.x86_64 : An utility for setting or changing passwords using PAM
        Repo        : @anaconda

   下载命令源码

命令备注

wget   https://vault.centos.org/7.5.1804/os/Source/SPackages/passwd-0.79-4.el7.src.rpm   ./

http下载

rpm2cpio *.src.rpm|cpio -iv转换成tar包后解压

        浏览passwd源码,passwd依赖于PAM模块(The Linux-PAM Application Developers' Guide).主要调用过程 pam_start -> pam_chauthtok -> pam_end。其中pam_chauthtok,执行修改密码操作。浏览官方源码包 Index of /7.5.1804/os/Source/SPackages确定PAM版本。

命令备注

 wget https://vault.centos.org/7.5.1804/os/Source/SPackages/pam-1.1.8-22.el7.src.rpm

http下载pam源码

rpm2cpio *.src.rpm|cpio -iv转换成tar包后解压

        解压浏览源码,pam_start 先是加载了认证模块的配置文件 /etc/pam.d/passwd 根据配置文件加载多个动态库相同符号名的符号.查看配置文件,涉及多个动态库加载。

命令输出
cat /etc/pam.d/passwd #%PAM-1.0
        auth       include      system-auth
        account    include      system-auth
        password   substack     system-auth
        -password   optional    pam_gnome_keyring.so use_authtok
        password   substack     postlogin
cat /etc/pam.d/system-auth

 #%PAM-1.0
        # This file is auto-generated.
        # User changes will be destroyed the next time authconfig is run.
        auth        required      pam_env.so
        auth        sufficient    pam_fprintd.so
        auth        sufficient    pam_unix.so nullok try_first_pass
        auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
        auth        required      pam_deny.so

        account     required      pam_unix.so
        account     sufficient    pam_localuser.so
        account     sufficient    pam_succeed_if.so uid < 1000 quiet
        account     required      pam_permit.so

        password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3         authtok_type=
        password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
        password    required      pam_deny.so

        session     optional      pam_keyinit.so revoke
        session     required      pam_limits.so
        -session     optional      pam_systemd.so
        session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
        session     required      pam_unix.so

        继续跟踪源码 pam_start -> _pam_init_handlers  -> _pam_parse_conf_file ->_pam_add_handler ->_pam_load_module,确定符号名"pam_sm_chauthtok",_pam_dlsym,其中加载生效的动态是pam_pwquality.so。继续跟踪,pam_chauthtok -> _pam_dispatch -> _pam_dispatch_aux -> h->func, "pam_sm_chauthtok" -> create_password_hash -> crypt, (libcrypt.so).

其中crypt加密函数是libcrypt.so的符号。 属于glibc一部分。

        继续下载glibc源码 Index of /gnu/glibc

        

命令输出

 wget http://ftp.gnu.org/gnu/glibc/glibc-2.17.tar.gz

http下载匹配glibc版本

        解压查看源码:

        crypt -> __sha512_crypt -> {...}

        1)盐值有前缀 $6$ 但不参与运算。

        2) __sha512_crypt 不是简单的 先杂凑口令后杂凑盐值,而是一系列sha512 操作。

        3)最终的杂凑值是经过b64 编码。编码字符如下:

                "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"

        输出的字符数为ceil(64/6)*8=88 ,编码即没有按顺序,而且编码最后一个字符编码为两个字符。最终输出字符数为86.

        b64_from_24bit (alt_result[0], alt_result[21], alt_result[42], 4);

        b64_from_24bit (alt_result[22], alt_result[43], alt_result[1], 4);

        b64_from_24bit (alt_result[44], alt_result[2], alt_result[23], 4);

        b64_from_24bit (alt_result[3], alt_result[24], alt_result[45], 4);

        b64_from_24bit (alt_result[25], alt_result[46], alt_result[4], 4);

        b64_from_24bit (alt_result[47], alt_result[5], alt_result[26], 4);

        b64_from_24bit (alt_result[6], alt_result[27], alt_result[48], 4);

        b64_from_24bit (alt_result[28], alt_result[49], alt_result[7], 4);

        b64_from_24bit (alt_result[50], alt_result[8], alt_result[29], 4);

        b64_from_24bit (alt_result[9], alt_result[30], alt_result[51], 4);

        b64_from_24bit (alt_result[31], alt_result[52], alt_result[10], 4);

        b64_from_24bit (alt_result[53], alt_result[11], alt_result[32], 4);

        b64_from_24bit (alt_result[12], alt_result[33], alt_result[54], 4);

        b64_from_24bit (alt_result[34], alt_result[55], alt_result[13], 4);

        b64_from_24bit (alt_result[56], alt_result[14], alt_result[35], 4);

        b64_from_24bit (alt_result[15], alt_result[36], alt_result[57], 4);

        b64_from_24bit (alt_result[37], alt_result[58], alt_result[16], 4);

        b64_from_24bit (alt_result[59], alt_result[17], alt_result[38], 4);

        b64_from_24bit (alt_result[18], alt_result[39], alt_result[60], 4);

        b64_from_24bit (alt_result[40], alt_result[61], alt_result[19], 4);

        b64_from_24bit (alt_result[62], alt_result[20], alt_result[41], 4);

        b64_from_24bit (0, 0, alt_result[63], 2);

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值