* src/newgrp.c: Do not give an indication that the group has no

password.
* src/newgrp.c: Do not only bail on syslog if the password is not
  valid. Also give an indication to the user on stderr.
This commit is contained in:
nekral-guest 2007-11-17 21:03:33 +00:00
parent 225b096838
commit 1f4488f963
2 changed files with 10 additions and 11 deletions

View File

@ -1,3 +1,10 @@
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
* src/newgrp.c: Do not give an indication that the group has no
password.
* src/newgrp.c: Do not only bail on syslog if the password is not
valid. Also give an indication to the user on stderr.
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:

View File

@ -377,16 +377,6 @@ int main (int argc, char **argv)
* of the tests above.
*/
if (getuid () != 0 && needspasswd) {
if (grp->gr_passwd[0] == '\0') {
/*
* there is no password, print out "No password."
* and give up
*/
sleep (1);
fputs (_("No password.\n"), stderr);
goto failure;
}
/*
* get the password from her, and set the salt for
* the decryption from the group file.
@ -402,11 +392,13 @@ int main (int argc, char **argv)
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
if (strcmp (cpasswd, grp->gr_passwd) != 0) {
if (grp->gr_passwd[0] == '\0' ||
strcmp (cpasswd, grp->gr_passwd) != 0) {
SYSLOG ((LOG_INFO,
"Invalid password for group `%s' from `%s'",
group, name));
sleep (1);
fputs (_("Invalid password."), stderr);
goto failure;
}
}