Same fixes as applied to usermod: refuse to unlock an account when it

would result in a passwordless account.

ChangeLog

@@ -3,6 +3,7 @@
 	* NEWS, src/usermod.c: Refuse to unlock an account when it would
 	result in a passwordless account.  Based on Openwall's patch
 	shadow-4.0.4.1-owl-usermod-unlock.diff.
+	* NEWS, src/passwd.c: Likewise.
 
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 

NEWS

@@ -21,7 +21,7 @@ shadow-4.0.18.1 -> shadow-4.0.18.2					UNRELEASED
   (i.e. lookup in the local database for an user with an @). Thanks to
   Mike Frysinger for the patch.
 - Add support for uClibc with no l64a().
-- userdel/usermod: Fix infinite loop caused by erroneous group file
+- userdel, usermod: Fix infinite loop caused by erroneous group file
   containing two entries with the same name. (The fix strategy differs
   from 
   (https://bugzilla.redhat.com/show_bug.cgi?id=240915)
@@ -41,7 +41,7 @@ shadow-4.0.18.1 -> shadow-4.0.18.2					UNRELEASED
   were always missing.
 - su: Avoid terminating the PAM library in the forked child. This is done
   later in the parent after closing the PAM session.
-- usermod: Refuse to unlock an account when it would result in a
+- passwd, usermod: Refuse to unlock an account when it would result in a
   passwordless account.
 
 *** documentation:

src/passwd.c

@@ -438,8 +438,16 @@ static char *update_crypt_pw (char *cp)
 	if (dflg)
 		cp = "";	/* XXX warning: const */
 
-	if (uflg && *cp == '!')
+	if (uflg && *cp == '!') {
-		cp++;
+		if (cp[1] == '\0') {
+			fprintf (stderr,
+				 _("%s: unlocking the user would result in a passwordless account.\n"
+				   "You should set a password with usermod -p to unlock this user account.\n"),
+				 Prog);
+		} else {
+			cp++;
+		}
+        }
 
 	if (lflg && *cp != '!') {
 		char *newpw = xmalloc (strlen (cp) + 2);