* NEWS, src/chpasswd.c: Create a shadow entry if the password is

set to 'x' in passwd and there are no entry in shadow for the user. * NEWS, src/chgpasswd.c: Create a gshadow entry if the password is set to 'x' in group and there are no entry in gshadow for the group.
2011-07-28 15:17:28 +00:00 · 2011-07-28 15:17:28 +00:00 · 75fa697526
commit 75fa697526
parent 771a3624f5
3 changed files with 67 additions and 6 deletions
--- a/7
+++ b/7
@ -16,11 +16,18 @@ shadow-4.1.4.3 -> shadow-4.1.5					UNRELEASED
    configure options.
  * Added diagnosis for lock failures.

+-chgpasswd
+  * When the gshadow file exists but there are no gshadow entries, an entry
+    is created if the password is changed and group requires a
+    shadow entry.
 -chpasswd
  * PAM enabled versions: restore the -e option to allow restoring
    passwords without knowing those passwords. Restore together the -m
    and -c options. (These options were removed in shadow-4.1.4 on PAM
    enabled versions)
+  * When the shadow file exists but there are no shadow entries, an entry
+    is created if the password is changed and passwd requires a
+    shadow entry.
 - faillog
  * The -l, -m, -r, -t options only act on the existing users, unless -a is
    specified.
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@ -478,7 +478,28 @@ int main (int argc, char **argv)
 		}
 #ifdef SHADOWGRP
 		if (is_shadow_grp) {
+			/* The gshadow entry should be updated if the
+			 * group entry has a password set to 'x'.
+			 * But on the other hand, if there is already both
+			 * a group and a gshadow password, it's preferable
+			 * to update both.
+			 */
 			sg = sgr_locate (name);
+
+			if (   (NULL == sp)
+			    && (strcmp (pw->pw_passwd,
+			                SHADOW_PASSWD_STRING) == 0)) {
+				static char *empty = NULL;
+				/* If the password is set to 'x' in
+				 * group, but there are no entries in
+				 * gshadow, create one.
+				 */
+				newsg.sg_namp   = name;
+				/* newsg.sg_passwd = NULL; will be set later */
+				newsg.sg_adm    = &empty;
+				newsg.sg_mem    = dup_list (gr->gr_mem);
+				sg = &newsg;
+			}
 		} else {
 			sg = NULL;
 		}
@ -492,9 +513,10 @@ int main (int argc, char **argv)
 		if (NULL != sg) {
 			newsg = *sg;
 			newsg.sg_passwd = cp;
-		} else
+		}
 #endif
-		{
+		if (   (NULL == sg)
+		    || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			newgr = *gr;
 			newgr.gr_passwd = cp;
 		}
@ -513,9 +535,10 @@ int main (int argc, char **argv)
 				errors++;
 				continue;
 			}
-		} else
+		}
 #endif
-		{
+		if (   (NULL == sg)
+		    || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			if (gr_update (&newgr) == 0) {
 				fprintf (stderr,
 				         _("%s: line %d: failed to prepare the new %s entry '%s'\n"),
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@ -44,6 +44,7 @@
 #endif				/* USE_PAM */
 #include "defines.h"
 #include "nscd.h"
+#include "getdef.h"
 #include "prototypes.h"
 #include "pwio.h"
 #include "shadowio.h"
@ -499,7 +500,32 @@ int main (int argc, char **argv)
 			continue;
 		}
 		if (is_shadow_pwd) {
+			/* The shadow entry should be updated if the
+			 * passwd entry has a password set to 'x'.
+			 * But on the other hand, if there is already both
+			 * a passwd and a shadow password, it's preferable
+			 * to update both.
+			 */
 			sp = spw_locate (name);
+
+			if (   (NULL == sp)
+			    && (strcmp (pw->pw_passwd,
+			                SHADOW_PASSWD_STRING) == 0)) {
+				/* If the password is set to 'x' in
+				 * passwd, but there are no entries in
+				 * shadow, create one.
+				 */
+				newsp.sp_namp  = name;
+				/* newsp.sp_pwdp  = NULL; will be set later */
+				/* newsp.sp_lstchg= 0;    will be set later */
+				newsp.sp_min   = getdef_num ("PASS_MIN_DAYS", -1);
+				newsp.sp_max   = getdef_num ("PASS_MAX_DAYS", -1);
+				newsp.sp_warn  = getdef_num ("PASS_WARN_AGE", -1);
+				newsp.sp_inact = -1;
+				newsp.sp_expire= -1;
+				newsp.sp_flag  = SHADOW_SP_FLAG_UNSET;
+				sp = &newsp;
+			}
 		} else {
 			sp = NULL;
 		}
@ -518,7 +544,10 @@ int main (int argc, char **argv)
 				 * password change */
 				newsp.sp_lstchg = -1;
 			}
-		} else {
+		}
+
+		if (   (NULL == sp)
+		    || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			newpw = *pw;
 			newpw.pw_passwd = cp;
 		}
@ -536,7 +565,9 @@ int main (int argc, char **argv)
 				errors++;
 				continue;
 			}
-		} else {
+		}
+		if (   (NULL == sp)
+		    || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			if (pw_update (&newpw) == 0) {
 				fprintf (stderr,
 				         _("%s: line %d: failed to prepare the new %s entry '%s'\n"),