* src/pwck.c: Warn if an user has an entry in passwd and shadow,

and the password field in passwd is not 'x'.
	* src/grpck.c: Warn if a group has an entry in group and gshadow,
	and the password field in group is not 'x'.
This commit is contained in:
nekral-guest 2009-05-09 21:20:54 +00:00
parent 6ba7fd7d13
commit a01499179f
4 changed files with 31 additions and 0 deletions

View File

@ -1,3 +1,10 @@
2009-05-09 Nicolas François <nicolas.francois@centraliens.net>
* src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
2009-05-09 Nicolas François <nicolas.francois@centraliens.net>
* man/login.defs.d/ENCRYPT_METHOD.xml,

6
NEWS
View File

@ -14,6 +14,9 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
policy in a central place. The -c/--crypt-method, -e/--encrypted,
-m/--md5 and -s/--sha-rounds options are no more supported on PAM
enabled systems.
- grpck
* Warn if a group has an entry in group and gshadow, and the password
field in group is not 'x'.
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
@ -25,6 +28,9 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
* Change the passwords using PAM. This permits to define the password
policy in a central place. The -c/--crypt-method and -s/--sha-rounds
options are no more supported on PAM enabled systems.
- pwck
* Warn if an user has an entry in passwd and shadow, and the password
field in passwd is not 'x'.
*** translation
- Updated Czech translation

View File

@ -627,6 +627,15 @@ static void check_grp_file (int *errors, bool *changed)
compare_members_lists (grp->gr_name,
grp->gr_mem, sgr->sg_mem,
grp_file, sgr_file);
/* The group entry has a gshadow counterpart.
* Make sure no passwords are in group.
*/
if (strcmp (grp->gr_passwd, SHADOW_PASSWD_STRING) != 0) {
printf (_("group %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
grp->gr_name, sgr_file, grp_file);
*errors += 1;
}
}
}
#endif

View File

@ -497,6 +497,15 @@ static void check_pw_file (int *errors, bool *changed)
exit (E_CANTUPDATE);
}
}
} else {
/* The passwd entry has a shadow counterpart.
* Make sure no passwords are in passwd.
*/
if (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) != 0) {
printf (_("user %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
pwd->pw_name, spw_file, pwd_file);
*errors += 1;
}
}
}
}