From f9de15fdcf27618a5dceb19164bad5128cc96395 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Sat, 10 Nov 2007 18:54:40 +0000
Subject: [PATCH] Don't ask for a password if there are no group passwords.
 Just directly give up. This comes from the Fedora's patch
 shadow-4.0.13-newgrpPwd.patch, and seems to be the only part with an effect.

---
 ChangeLog    |  7 +++++++
 NEWS         |  2 ++
 src/newgrp.c | 19 ++++++++++---------
 3 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7e70f78d..cdb99473 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2007-11-10  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/newgrp.c: Don't ask for a password if there are no
+	group passwords. Just directly give up. This comes from the
+	Fedora's patch shadow-4.0.13-newgrpPwd.patch, and seems to be the
+	only part with an effect.
+
 2007-11-10  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* NEWS, src/chgpasswd.c, src/chpasswd.c: Fix chpasswd and
diff --git a/NEWS b/NEWS
index 3b2449c0..681b4c98 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ shadow-4.0.18.1 -> shadow-4.0.18.2					UNRELEASED
   Thanks also to Greg Schafer <gschafer@zip.com.au>.
 - chgpasswd, chpasswd: Fix chpasswd and chgpasswd stack overflow. Based on
   Fedora's shadow-4.0.18.1-overflow.patch.
+- newgrp: Don't ask for a password if there are no group passwords. Just
+  directly give up.
 
 shadow-4.0.18.1 -> shadow-4.0.18.2					28-10-2007
 
diff --git a/src/newgrp.c b/src/newgrp.c
index 1f537441..5632bd02 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -377,6 +377,16 @@ int main (int argc, char **argv)
 	 * unless she is listed as a member.  -- JWP
 	 */
 	if (getuid () != 0 && needspasswd) {
+		if (grp->gr_passwd[0] == '\0') {
+			/*
+			 * there is no password, print out "No password."
+			 * and give up
+			 */
+			sleep (1);
+			fputs (_("No password.\n"), stderr);
+			goto failure;
+		}
+
 		/*
 		 * get the password from her, and set the salt for
 		 * the decryption from the group file.
@@ -392,15 +402,6 @@ int main (int argc, char **argv)
 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
 		strzero (cp);
 
-		if (grp->gr_passwd[0] == '\0') {
-			/*
-			 * there is no password, print out "Sorry" and give up
-			 */
-			sleep (1);
-			fputs (_("No password.\n"), stderr);
-			goto failure;
-		}
-
 		if (strcmp (cpasswd, grp->gr_passwd) != 0) {
 			SYSLOG ((LOG_INFO,
 				 "Invalid password for group `%s' from `%s'",