diff --git a/ChangeLog b/ChangeLog index 60275309..43e04ecc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2007-11-17 Nicolas François + + * src/newgrp.c: Do not give an indication that the group has no + password. + * src/newgrp.c: Do not only bail on syslog if the password is not + valid. Also give an indication to the user on stderr. + 2007-11-17 Nicolas François Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff: diff --git a/src/newgrp.c b/src/newgrp.c index bc0ddb44..26c9dc25 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -377,16 +377,6 @@ int main (int argc, char **argv) * of the tests above. */ if (getuid () != 0 && needspasswd) { - if (grp->gr_passwd[0] == '\0') { - /* - * there is no password, print out "No password." - * and give up - */ - sleep (1); - fputs (_("No password.\n"), stderr); - goto failure; - } - /* * get the password from her, and set the salt for * the decryption from the group file. @@ -402,11 +392,13 @@ int main (int argc, char **argv) cpasswd = pw_encrypt (cp, grp->gr_passwd); strzero (cp); - if (strcmp (cpasswd, grp->gr_passwd) != 0) { + if (grp->gr_passwd[0] == '\0' || + strcmp (cpasswd, grp->gr_passwd) != 0) { SYSLOG ((LOG_INFO, "Invalid password for group `%s' from `%s'", group, name)); sleep (1); + fputs (_("Invalid password."), stderr); goto failure; } }