[Pkg-shadow-commits] r3453 - in upstream/trunk: . src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Thu Jul 28 15:17:28 UTC 2011
Author: nekral-guest
Date: 2011-07-28 15:17:28 +0000 (Thu, 28 Jul 2011)
New Revision: 3453
Modified:
upstream/trunk/NEWS
upstream/trunk/src/chgpasswd.c
upstream/trunk/src/chpasswd.c
Log:
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2011-07-28 14:40:56 UTC (rev 3452)
+++ upstream/trunk/NEWS 2011-07-28 15:17:28 UTC (rev 3453)
@@ -16,11 +16,18 @@
configure options.
* Added diagnosis for lock failures.
+-chgpasswd
+ * When the gshadow file exists but there are no gshadow entries, an entry
+ is created if the password is changed and group requires a
+ shadow entry.
-chpasswd
* PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options. (These options were removed in shadow-4.1.4 on PAM
enabled versions)
+ * When the shadow file exists but there are no shadow entries, an entry
+ is created if the password is changed and passwd requires a
+ shadow entry.
- faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is
specified.
Modified: upstream/trunk/src/chgpasswd.c
===================================================================
--- upstream/trunk/src/chgpasswd.c 2011-07-28 14:40:56 UTC (rev 3452)
+++ upstream/trunk/src/chgpasswd.c 2011-07-28 15:17:28 UTC (rev 3453)
@@ -478,7 +478,28 @@
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
+ /* The gshadow entry should be updated if the
+ * group entry has a password set to 'x'.
+ * But on the other hand, if there is already both
+ * a group and a gshadow password, it's preferable
+ * to update both.
+ */
sg = sgr_locate (name);
+
+ if ( (NULL == sp)
+ && (strcmp (pw->pw_passwd,
+ SHADOW_PASSWD_STRING) == 0)) {
+ static char *empty = NULL;
+ /* If the password is set to 'x' in
+ * group, but there are no entries in
+ * gshadow, create one.
+ */
+ newsg.sg_namp = name;
+ /* newsg.sg_passwd = NULL; will be set later */
+ newsg.sg_adm = ∅
+ newsg.sg_mem = dup_list (gr->gr_mem);
+ sg = &newsg;
+ }
} else {
sg = NULL;
}
@@ -492,9 +513,10 @@
if (NULL != sg) {
newsg = *sg;
newsg.sg_passwd = cp;
- } else
+ }
#endif
- {
+ if ( (NULL == sg)
+ || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
newgr = *gr;
newgr.gr_passwd = cp;
}
@@ -513,9 +535,10 @@
errors++;
continue;
}
- } else
+ }
#endif
- {
+ if ( (NULL == sg)
+ || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (gr_update (&newgr) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),
Modified: upstream/trunk/src/chpasswd.c
===================================================================
--- upstream/trunk/src/chpasswd.c 2011-07-28 14:40:56 UTC (rev 3452)
+++ upstream/trunk/src/chpasswd.c 2011-07-28 15:17:28 UTC (rev 3453)
@@ -44,6 +44,7 @@
#endif /* USE_PAM */
#include "defines.h"
#include "nscd.h"
+#include "getdef.h"
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
@@ -499,7 +500,32 @@
continue;
}
if (is_shadow_pwd) {
+ /* The shadow entry should be updated if the
+ * passwd entry has a password set to 'x'.
+ * But on the other hand, if there is already both
+ * a passwd and a shadow password, it's preferable
+ * to update both.
+ */
sp = spw_locate (name);
+
+ if ( (NULL == sp)
+ && (strcmp (pw->pw_passwd,
+ SHADOW_PASSWD_STRING) == 0)) {
+ /* If the password is set to 'x' in
+ * passwd, but there are no entries in
+ * shadow, create one.
+ */
+ newsp.sp_namp = name;
+ /* newsp.sp_pwdp = NULL; will be set later */
+ /* newsp.sp_lstchg= 0; will be set later */
+ newsp.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
+ newsp.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
+ newsp.sp_warn = getdef_num ("PASS_WARN_AGE", -1);
+ newsp.sp_inact = -1;
+ newsp.sp_expire= -1;
+ newsp.sp_flag = SHADOW_SP_FLAG_UNSET;
+ sp = &newsp;
+ }
} else {
sp = NULL;
}
@@ -518,7 +544,10 @@
* password change */
newsp.sp_lstchg = -1;
}
- } else {
+ }
+
+ if ( (NULL == sp)
+ || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
newpw = *pw;
newpw.pw_passwd = cp;
}
@@ -536,7 +565,9 @@
errors++;
continue;
}
- } else {
+ }
+ if ( (NULL == sp)
+ || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (pw_update (&newpw) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),
More information about the Pkg-shadow-commits
mailing list