* NEWS, src/chpasswd.c: Create a shadow entry if the password is

set to 'x' in passwd and there are no entry in shadow for the
	user.
	* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is 
	set to 'x' in group and there are no entry in gshadow for the 
	group.
This commit is contained in:
nekral-guest 2011-07-28 15:17:28 +00:00
parent 771a3624f5
commit 75fa697526
3 changed files with 67 additions and 6 deletions

7
NEWS
View File

@ -16,11 +16,18 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
configure options. configure options.
* Added diagnosis for lock failures. * Added diagnosis for lock failures.
-chgpasswd
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
-chpasswd -chpasswd
* PAM enabled versions: restore the -e option to allow restoring * PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m passwords without knowing those passwords. Restore together the -m
and -c options. (These options were removed in shadow-4.1.4 on PAM and -c options. (These options were removed in shadow-4.1.4 on PAM
enabled versions) enabled versions)
* When the shadow file exists but there are no shadow entries, an entry
is created if the password is changed and passwd requires a
shadow entry.
- faillog - faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is * The -l, -m, -r, -t options only act on the existing users, unless -a is
specified. specified.

View File

@ -478,7 +478,28 @@ int main (int argc, char **argv)
} }
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp) { if (is_shadow_grp) {
/* The gshadow entry should be updated if the
* group entry has a password set to 'x'.
* But on the other hand, if there is already both
* a group and a gshadow password, it's preferable
* to update both.
*/
sg = sgr_locate (name); sg = sgr_locate (name);
if ( (NULL == sp)
&& (strcmp (pw->pw_passwd,
SHADOW_PASSWD_STRING) == 0)) {
static char *empty = NULL;
/* If the password is set to 'x' in
* group, but there are no entries in
* gshadow, create one.
*/
newsg.sg_namp = name;
/* newsg.sg_passwd = NULL; will be set later */
newsg.sg_adm = ∅
newsg.sg_mem = dup_list (gr->gr_mem);
sg = &newsg;
}
} else { } else {
sg = NULL; sg = NULL;
} }
@ -492,9 +513,10 @@ int main (int argc, char **argv)
if (NULL != sg) { if (NULL != sg) {
newsg = *sg; newsg = *sg;
newsg.sg_passwd = cp; newsg.sg_passwd = cp;
} else }
#endif #endif
{ if ( (NULL == sg)
|| (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
newgr = *gr; newgr = *gr;
newgr.gr_passwd = cp; newgr.gr_passwd = cp;
} }
@ -513,9 +535,10 @@ int main (int argc, char **argv)
errors++; errors++;
continue; continue;
} }
} else }
#endif #endif
{ if ( (NULL == sg)
|| (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (gr_update (&newgr) == 0) { if (gr_update (&newgr) == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"), _("%s: line %d: failed to prepare the new %s entry '%s'\n"),

View File

@ -44,6 +44,7 @@
#endif /* USE_PAM */ #endif /* USE_PAM */
#include "defines.h" #include "defines.h"
#include "nscd.h" #include "nscd.h"
#include "getdef.h"
#include "prototypes.h" #include "prototypes.h"
#include "pwio.h" #include "pwio.h"
#include "shadowio.h" #include "shadowio.h"
@ -499,7 +500,32 @@ int main (int argc, char **argv)
continue; continue;
} }
if (is_shadow_pwd) { if (is_shadow_pwd) {
/* The shadow entry should be updated if the
* passwd entry has a password set to 'x'.
* But on the other hand, if there is already both
* a passwd and a shadow password, it's preferable
* to update both.
*/
sp = spw_locate (name); sp = spw_locate (name);
if ( (NULL == sp)
&& (strcmp (pw->pw_passwd,
SHADOW_PASSWD_STRING) == 0)) {
/* If the password is set to 'x' in
* passwd, but there are no entries in
* shadow, create one.
*/
newsp.sp_namp = name;
/* newsp.sp_pwdp = NULL; will be set later */
/* newsp.sp_lstchg= 0; will be set later */
newsp.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
newsp.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
newsp.sp_warn = getdef_num ("PASS_WARN_AGE", -1);
newsp.sp_inact = -1;
newsp.sp_expire= -1;
newsp.sp_flag = SHADOW_SP_FLAG_UNSET;
sp = &newsp;
}
} else { } else {
sp = NULL; sp = NULL;
} }
@ -518,7 +544,10 @@ int main (int argc, char **argv)
* password change */ * password change */
newsp.sp_lstchg = -1; newsp.sp_lstchg = -1;
} }
} else { }
if ( (NULL == sp)
|| (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
newpw = *pw; newpw = *pw;
newpw.pw_passwd = cp; newpw.pw_passwd = cp;
} }
@ -536,7 +565,9 @@ int main (int argc, char **argv)
errors++; errors++;
continue; continue;
} }
} else { }
if ( (NULL == sp)
|| (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (pw_update (&newpw) == 0) { if (pw_update (&newpw) == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"), _("%s: line %d: failed to prepare the new %s entry '%s'\n"),