[Pkg-shadow-commits] r1386 - in upstream/trunk: . src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Nov 17 22:02:22 UTC 2007 

Author: nekral-guest
Date: 2007-11-17 22:02:22 +0000 (Sat, 17 Nov 2007)
New Revision: 1386

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/usermod.c
Log:
Refuse to unlock an account when it would result in a passwordless
account.  Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2007-11-17 21:24:06 UTC (rev 1385)
+++ upstream/trunk/ChangeLog	2007-11-17 22:02:22 UTC (rev 1386)
@@ -1,5 +1,11 @@
 2007-11-17  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, src/usermod.c: Refuse to unlock an account when it would
+	result in a passwordless account.  Based on Openwall's patch
+	shadow-4.0.4.1-owl-usermod-unlock.diff.
+
+2007-11-17  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/userdel.c (path_prefix): Make sure that the prefix is the
 	name of a directory (not only the beginning of a directory).
 	Openwall patch shadow-4.0.4.1-owl-userdel-path_prefix.diff.

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2007-11-17 21:24:06 UTC (rev 1385)
+++ upstream/trunk/NEWS	2007-11-17 22:02:22 UTC (rev 1386)
@@ -41,6 +41,8 @@
   were always missing.
 - su: Avoid terminating the PAM library in the forked child. This is done
   later in the parent after closing the PAM session.
+- usermod: Refuse to unlock an account when it would result in a
+  passwordless account.
 
 *** documentation:
 - Generate the translated manpages from PO at build time.

Modified: upstream/trunk/src/usermod.c
===================================================================
--- upstream/trunk/src/usermod.c	2007-11-17 21:24:06 UTC (rev 1385)
+++ upstream/trunk/src/usermod.c	2007-11-17 22:02:22 UTC (rev 1386)
@@ -326,6 +326,14 @@
 	} else if (Uflg && pw_pass[0] == '!') {
 		char *s;
 
+		if (pw_pass[1] == '\0') {
+			fprintf (stderr,
+				 _("%s: unlocking the user would result in a passwordless account.\n"
+				   "You should set a password with usermod -p to unlock this user account.\n"),
+				 Prog);
+			return pw_pass;
+		}
+
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "updating password",
 			      user_newname, user_newid, 0);

More information about the Pkg-shadow-commits mailing list