Added YP_PASSWD_HASH environment variable to set default

algorithm for hashing a new password
Resolves: #699666

yp-tools-2.12-hash.patch

@@ -0,0 +1,68 @@
+diff -up yp-tools-2.12/man/yppasswd.1.in.hash yp-tools-2.12/man/yppasswd.1.in
+--- yp-tools-2.12/man/yppasswd.1.in.hash	2011-09-09 16:18:49.469037058 +0200
++++ yp-tools-2.12/man/yppasswd.1.in	2011-09-09 16:20:19.101030930 +0200
+@@ -81,6 +81,12 @@ for authentication with the
+ .BR yppasswdd (8)
+ daemon. Subsequently, the
+ program prompts for the updated information:
++.P
++If we use shadowing passwords using passwd.adjunct, SHA-512 will be 
++used for hashing a new password by default. If we want to use MD5, 
++SHA_256 or older DES, we need to set the environment variable 
++YP_PASSWD_HASH. Possible values are "DES", "MD5", "SHA-256" and 
++"SHA-512" (value is case-insensitive).
+ .\"
+ .\"
+ .IP "\fByppasswd\fP or \fB-p\fP"
+diff -up yp-tools-2.12/src/yppasswd.c.hash yp-tools-2.12/src/yppasswd.c
+--- yp-tools-2.12/src/yppasswd.c.hash	2011-09-09 16:20:35.360029823 +0200
++++ yp-tools-2.12/src/yppasswd.c	2011-09-09 16:25:21.589010245 +0200
+@@ -514,6 +514,32 @@ create_random_salt (char *salt, int num_
+     close (fd);
+ }
+ 
++
++/*
++ * Reads environment variable YP_PASSWD_HASH and returns hash id.
++ * Possible values are MD5, SHA-256, SHA-512 and DES.
++ * If other value is set or it is not set at all, SHA-512 is used.
++ */ 
++static int
++get_env_hash_id()
++{
++  const char *v = getenv("YP_PASSWD_HASH");
++  if (!v)
++    return SHA_512;
++
++  if (!strcasecmp(v, "DES"))
++    return DES;
++
++  if (!strcasecmp(v, "SHA-256"))
++    return SHA_256;
++
++  if (!strcasecmp(v, "MD5"))
++    return MD5;
++
++  return SHA_512;
++}
++
++
+ int
+ main (int argc, char **argv)
+ {
+@@ -723,6 +749,15 @@ main (int argc, char **argv)
+ 
+       hash_id = get_hash_id (pwd->pw_passwd);
+ 
++      /* If we use passwd.adjunct, there is no magic value like $1$ in the 
++       * beginning of password, but ##username instead. Thus, SHA_512 will be 
++       * used for hashing a new password by default. If we want to use DES, 
++       * MD5 or SHA_256, we need to set the environment variable 
++       * YP_PASSWD_HASH (e.g. YP_PASSWD_HASH=DES).
++       */
++      if (strncmp(pwd->pw_passwd, "##", 2) == 0)
++        hash_id = get_env_hash_id();
++
+       /* Preserve 'rounds=<N>$' (if present) in case of SHA-2 */
+       if (hash_id == SHA_256 || hash_id == SHA_512)
+ 	{

yp-tools.spec

@@ -1,7 +1,7 @@
 Summary: NIS (or YP) client programs
 Name: yp-tools
 Version: 2.12
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 Group: System Environment/Base
 Source: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/yp-tools-%{version}.tar.bz2
@@ -9,6 +9,7 @@ Source: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/yp-tools-%{version}.tar.bz2
 Patch0: yp-tools-2.11-shadow.patch
 Patch1: yp-tools-2.12-typo.patch
 Patch2: yp-tools-2.12-gethost.patch
+Patch3: yp-tools-2.12-hash.patch
 Url: http://www.linux-nis.org/nis/yp-tools/index.html
 Requires: ypbind
 
@@ -37,6 +38,7 @@ you'll need to install the ypserv package on one machine on the network.
 %patch0 -p1 -b .shadow
 %patch1 -p1 -b .typo
 %patch2 -p1 -b .gethost
+%patch3 -p1 -b .hash
 
 %build
 %configure --disable-domainname
@@ -58,6 +60,11 @@ make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install
 /var/yp/nicknames
 
 %changelog
+* Fri Sep 09 2011 Honza Horak <hhorak@redhat.com> - 2.12-7
+- Added YP_PASSWD_HASH environment variable to set default
+  algorithm for hashing a new password
+  Resolves: #699666
+
 * Wed May 04 2011 Honza Horak <hhorak@redhat.com> - 2.12-6
 - Applied -gethost patch to check return value
   (rhbz#698619)