* src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'. * src/grpck.c: Warn if a group has an entry in group and gshadow, and the password field in group is not 'x'.
This commit is contained in:
parent
6ba7fd7d13
commit
a01499179f
@ -1,3 +1,10 @@
|
||||
2009-05-09 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/pwck.c: Warn if an user has an entry in passwd and shadow,
|
||||
and the password field in passwd is not 'x'.
|
||||
* src/grpck.c: Warn if a group has an entry in group and gshadow,
|
||||
and the password field in group is not 'x'.
|
||||
|
||||
2009-05-09 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* man/login.defs.d/ENCRYPT_METHOD.xml,
|
||||
|
6
NEWS
6
NEWS
@ -14,6 +14,9 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
|
||||
policy in a central place. The -c/--crypt-method, -e/--encrypted,
|
||||
-m/--md5 and -s/--sha-rounds options are no more supported on PAM
|
||||
enabled systems.
|
||||
- grpck
|
||||
* Warn if a group has an entry in group and gshadow, and the password
|
||||
field in group is not 'x'.
|
||||
- login
|
||||
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
|
||||
lead to DOS attacks.
|
||||
@ -25,6 +28,9 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
|
||||
* Change the passwords using PAM. This permits to define the password
|
||||
policy in a central place. The -c/--crypt-method and -s/--sha-rounds
|
||||
options are no more supported on PAM enabled systems.
|
||||
- pwck
|
||||
* Warn if an user has an entry in passwd and shadow, and the password
|
||||
field in passwd is not 'x'.
|
||||
|
||||
*** translation
|
||||
- Updated Czech translation
|
||||
|
@ -627,6 +627,15 @@ static void check_grp_file (int *errors, bool *changed)
|
||||
compare_members_lists (grp->gr_name,
|
||||
grp->gr_mem, sgr->sg_mem,
|
||||
grp_file, sgr_file);
|
||||
|
||||
/* The group entry has a gshadow counterpart.
|
||||
* Make sure no passwords are in group.
|
||||
*/
|
||||
if (strcmp (grp->gr_passwd, SHADOW_PASSWD_STRING) != 0) {
|
||||
printf (_("group %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
|
||||
grp->gr_name, sgr_file, grp_file);
|
||||
*errors += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -497,6 +497,15 @@ static void check_pw_file (int *errors, bool *changed)
|
||||
exit (E_CANTUPDATE);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
/* The passwd entry has a shadow counterpart.
|
||||
* Make sure no passwords are in passwd.
|
||||
*/
|
||||
if (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) != 0) {
|
||||
printf (_("user %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
|
||||
pwd->pw_name, spw_file, pwd_file);
|
||||
*errors += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user