From 19ad6dc524bcf963d2c0725a36329cb1176533b4 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Thu, 2 Mar 2023 14:54:37 +0100
Subject: login: T5039: Support hashing rounds in `encrypted-password` values

Since glibc 2.7, the SHA-256 and SHA-512 implementations support
a user-supplied number of hashing rounds, defaulting to 5000.  If
the "$id$" characters in the salt are followed by "rounds=xxx$",
where xxx is an integer, then the result has the form

      $id$rounds=yyy$salt$encrypted

where yyy is the number of hashing rounds actually used.  The
number of rounds actually used is 1000 if xxx is less than 1000,
999999999 if xxx is greater than 999999999, and is equal to xxx
otherwise.
---
 interface-definitions/system-login.xml.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index e71a647ef..b00741ffe 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -29,8 +29,8 @@
                         <regex>(\*|\!)</regex>
                         <regex>[a-zA-Z0-9\.\/]{13}</regex>
                         <regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex>
-                        <regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
-                        <regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
+                        <regex>\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
+                        <regex>\$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
                       </constraint>
                       <constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage>
                     </properties>
-- 
cgit v1.2.3