[Pkg-shadow-commits] r1386 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Nov 17 22:02:22 UTC 2007
Author: nekral-guest
Date: 2007-11-17 22:02:22 +0000 (Sat, 17 Nov 2007)
New Revision: 1386
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/usermod.c
Log:
Refuse to unlock an account when it would result in a passwordless
account. Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-11-17 21:24:06 UTC (rev 1385)
+++ upstream/trunk/ChangeLog 2007-11-17 22:02:22 UTC (rev 1386)
@@ -1,5 +1,11 @@
2007-11-17 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, src/usermod.c: Refuse to unlock an account when it would
+ result in a passwordless account. Based on Openwall's patch
+ shadow-4.0.4.1-owl-usermod-unlock.diff.
+
+2007-11-17 Nicolas François <nicolas.francois at centraliens.net>
+
* src/userdel.c (path_prefix): Make sure that the prefix is the
name of a directory (not only the beginning of a directory).
Openwall patch shadow-4.0.4.1-owl-userdel-path_prefix.diff.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2007-11-17 21:24:06 UTC (rev 1385)
+++ upstream/trunk/NEWS 2007-11-17 22:02:22 UTC (rev 1386)
@@ -41,6 +41,8 @@
were always missing.
- su: Avoid terminating the PAM library in the forked child. This is done
later in the parent after closing the PAM session.
+- usermod: Refuse to unlock an account when it would result in a
+ passwordless account.
*** documentation:
- Generate the translated manpages from PO at build time.
Modified: upstream/trunk/src/usermod.c
===================================================================
--- upstream/trunk/src/usermod.c 2007-11-17 21:24:06 UTC (rev 1385)
+++ upstream/trunk/src/usermod.c 2007-11-17 22:02:22 UTC (rev 1386)
@@ -326,6 +326,14 @@
} else if (Uflg && pw_pass[0] == '!') {
char *s;
+ if (pw_pass[1] == '\0') {
+ fprintf (stderr,
+ _("%s: unlocking the user would result in a passwordless account.\n"
+ "You should set a password with usermod -p to unlock this user account.\n"),
+ Prog);
+ return pw_pass;
+ }
+
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "updating password",
user_newname, user_newid, 0);
More information about the Pkg-shadow-commits
mailing list