Same fixes as applied to usermod: refuse to unlock an account when it

would result in a passwordless account.
This commit is contained in:
nekral-guest 2007-11-17 22:05:31 +00:00
parent 85463e754d
commit 0743a7236d
3 changed files with 13 additions and 4 deletions

View File

@ -3,6 +3,7 @@
* NEWS, src/usermod.c: Refuse to unlock an account when it would
result in a passwordless account. Based on Openwall's patch
shadow-4.0.4.1-owl-usermod-unlock.diff.
* NEWS, src/passwd.c: Likewise.
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>

4
NEWS
View File

@ -21,7 +21,7 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED
(i.e. lookup in the local database for an user with an @). Thanks to
Mike Frysinger for the patch.
- Add support for uClibc with no l64a().
- userdel/usermod: Fix infinite loop caused by erroneous group file
- userdel, usermod: Fix infinite loop caused by erroneous group file
containing two entries with the same name. (The fix strategy differs
from
(https://bugzilla.redhat.com/show_bug.cgi?id=240915)
@ -41,7 +41,7 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED
were always missing.
- su: Avoid terminating the PAM library in the forked child. This is done
later in the parent after closing the PAM session.
- usermod: Refuse to unlock an account when it would result in a
- passwd, usermod: Refuse to unlock an account when it would result in a
passwordless account.
*** documentation:

View File

@ -438,8 +438,16 @@ static char *update_crypt_pw (char *cp)
if (dflg)
cp = ""; /* XXX warning: const */
if (uflg && *cp == '!')
cp++;
if (uflg && *cp == '!') {
if (cp[1] == '\0') {
fprintf (stderr,
_("%s: unlocking the user would result in a passwordless account.\n"
"You should set a password with usermod -p to unlock this user account.\n"),
Prog);
} else {
cp++;
}
}
if (lflg && *cp != '!') {
char *newpw = xmalloc (strlen (cp) + 2);