emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, src/chpasswd.c: Create a shadow entry if the password is

Browse Source 
set to 'x' in passwd and there are no entry in shadow for the
	user.
	* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is 
	set to 'x' in group and there are no entry in gshadow for the 
	group.
This commit is contained in:
nekral-guest
2011-07-28 15:17:28 +00:00
parent 771a3624f5
commit 75fa697526
3 changed files with 67 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
NEWS
View File

@@ -16,11 +16,18 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
configure options.
* Added diagnosis for lock failures.
-chgpasswd
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
-chpasswd
* PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options. (These options were removed in shadow-4.1.4 on PAM
enabled versions)
* When the shadow file exists but there are no shadow entries, an entry
is created if the password is changed and passwd requires a
shadow entry.
- faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is
specified.

31
src/chgpasswd.c
View File

@@ -478,7 +478,28 @@ int main (int argc, char **argv)
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
/* The gshadow entry should be updated if the
* group entry has a password set to 'x'.
* But on the other hand, if there is already both
* a group and a gshadow password, it's preferable
* to update both.
*/
sg = sgr_locate (name);
if ( (NULL == sp)
&& (strcmp (pw->pw_passwd,
SHADOW_PASSWD_STRING) == 0)) {
static char *empty = NULL;
/* If the password is set to 'x' in
* group, but there are no entries in
* gshadow, create one.
*/
newsg.sg_namp = name;
/* newsg.sg_passwd = NULL; will be set later */
newsg.sg_adm = ∅
newsg.sg_mem = dup_list (gr->gr_mem);
sg = &newsg;
}
} else {
sg = NULL;
}
@@ -492,9 +513,10 @@ int main (int argc, char **argv)
if (NULL != sg) {
newsg = *sg;
newsg.sg_passwd = cp;
} else
}
#endif
{
if ( (NULL == sg)
|| (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
newgr = *gr;
newgr.gr_passwd = cp;
}
@@ -513,9 +535,10 @@ int main (int argc, char **argv)
errors++;
continue;
}
} else
}
#endif
{
if ( (NULL == sg)
|| (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (gr_update (&newgr) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),

35
src/chpasswd.c
View File

@@ -44,6 +44,7 @@
#endif /* USE_PAM */
#include "defines.h"
#include "nscd.h"
#include "getdef.h"
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
@@ -499,7 +500,32 @@ int main (int argc, char **argv)
continue;
}
if (is_shadow_pwd) {
/* The shadow entry should be updated if the
* passwd entry has a password set to 'x'.
* But on the other hand, if there is already both
* a passwd and a shadow password, it's preferable
* to update both.
*/
sp = spw_locate (name);
if ( (NULL == sp)
&& (strcmp (pw->pw_passwd,
SHADOW_PASSWD_STRING) == 0)) {
/* If the password is set to 'x' in
* passwd, but there are no entries in
* shadow, create one.
*/
newsp.sp_namp = name;
/* newsp.sp_pwdp = NULL; will be set later */
/* newsp.sp_lstchg= 0; will be set later */
newsp.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
newsp.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
newsp.sp_warn = getdef_num ("PASS_WARN_AGE", -1);
newsp.sp_inact = -1;
newsp.sp_expire= -1;
newsp.sp_flag = SHADOW_SP_FLAG_UNSET;
sp = &newsp;
}
} else {
sp = NULL;
}
@@ -518,7 +544,10 @@ int main (int argc, char **argv)
* password change */
newsp.sp_lstchg = -1;
}
} else {
}
if ( (NULL == sp)
|| (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
newpw = *pw;
newpw.pw_passwd = cp;
}
@@ -536,7 +565,9 @@ int main (int argc, char **argv)
errors++;
continue;
}
} else {
}
if ( (NULL == sp)
|| (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (pw_update (&newpw) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),