diff --git a/ChangeLog b/ChangeLog index 387aa271..17e66d70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ * NEWS, src/usermod.c: Refuse to unlock an account when it would result in a passwordless account. Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff. + * NEWS, src/passwd.c: Likewise. 2007-11-17 Nicolas François diff --git a/NEWS b/NEWS index 91faa6fc..f267accf 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,7 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED (i.e. lookup in the local database for an user with an @). Thanks to Mike Frysinger for the patch. - Add support for uClibc with no l64a(). -- userdel/usermod: Fix infinite loop caused by erroneous group file +- userdel, usermod: Fix infinite loop caused by erroneous group file containing two entries with the same name. (The fix strategy differs from (https://bugzilla.redhat.com/show_bug.cgi?id=240915) @@ -41,7 +41,7 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED were always missing. - su: Avoid terminating the PAM library in the forked child. This is done later in the parent after closing the PAM session. -- usermod: Refuse to unlock an account when it would result in a +- passwd, usermod: Refuse to unlock an account when it would result in a passwordless account. *** documentation: diff --git a/src/passwd.c b/src/passwd.c index dbe1a2db..30e3e9b4 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -438,8 +438,16 @@ static char *update_crypt_pw (char *cp) if (dflg) cp = ""; /* XXX warning: const */ - if (uflg && *cp == '!') - cp++; + if (uflg && *cp == '!') { + if (cp[1] == '\0') { + fprintf (stderr, + _("%s: unlocking the user would result in a passwordless account.\n" + "You should set a password with usermod -p to unlock this user account.\n"), + Prog); + } else { + cp++; + } + } if (lflg && *cp != '!') { char *newpw = xmalloc (strlen (cp) + 2);