[Pkg-shadow-commits] r2883 - in upstream/trunk: . src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Sat May 9 21:20:54 UTC 2009
Author: nekral-guest
Date: 2009-05-09 21:20:54 +0000 (Sat, 09 May 2009)
New Revision: 2883
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/grpck.c
upstream/trunk/src/pwck.c
Log:
* src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2009-05-09 17:03:49 UTC (rev 2882)
+++ upstream/trunk/ChangeLog 2009-05-09 21:20:54 UTC (rev 2883)
@@ -1,5 +1,12 @@
2009-05-09 Nicolas François <nicolas.francois at centraliens.net>
+ * src/pwck.c: Warn if an user has an entry in passwd and shadow,
+ and the password field in passwd is not 'x'.
+ * src/grpck.c: Warn if a group has an entry in group and gshadow,
+ and the password field in group is not 'x'.
+
+2009-05-09 Nicolas François <nicolas.francois at centraliens.net>
+
* man/login.defs.d/ENCRYPT_METHOD.xml,
man/login.defs.d/MD5_CRYPT_ENAB.xml,
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2009-05-09 17:03:49 UTC (rev 2882)
+++ upstream/trunk/NEWS 2009-05-09 21:20:54 UTC (rev 2883)
@@ -14,6 +14,9 @@
policy in a central place. The -c/--crypt-method, -e/--encrypted,
-m/--md5 and -s/--sha-rounds options are no more supported on PAM
enabled systems.
+- grpck
+ * Warn if a group has an entry in group and gshadow, and the password
+ field in group is not 'x'.
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
@@ -25,6 +28,9 @@
* Change the passwords using PAM. This permits to define the password
policy in a central place. The -c/--crypt-method and -s/--sha-rounds
options are no more supported on PAM enabled systems.
+- pwck
+ * Warn if an user has an entry in passwd and shadow, and the password
+ field in passwd is not 'x'.
*** translation
- Updated Czech translation
Modified: upstream/trunk/src/grpck.c
===================================================================
--- upstream/trunk/src/grpck.c 2009-05-09 17:03:49 UTC (rev 2882)
+++ upstream/trunk/src/grpck.c 2009-05-09 21:20:54 UTC (rev 2883)
@@ -627,6 +627,15 @@
compare_members_lists (grp->gr_name,
grp->gr_mem, sgr->sg_mem,
grp_file, sgr_file);
+
+ /* The group entry has a gshadow counterpart.
+ * Make sure no passwords are in group.
+ */
+ if (strcmp (grp->gr_passwd, SHADOW_PASSWD_STRING) != 0) {
+ printf (_("group %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
+ grp->gr_name, sgr_file, grp_file);
+ *errors += 1;
+ }
}
}
#endif
Modified: upstream/trunk/src/pwck.c
===================================================================
--- upstream/trunk/src/pwck.c 2009-05-09 17:03:49 UTC (rev 2882)
+++ upstream/trunk/src/pwck.c 2009-05-09 21:20:54 UTC (rev 2883)
@@ -497,6 +497,15 @@
exit (E_CANTUPDATE);
}
}
+ } else {
+ /* The passwd entry has a shadow counterpart.
+ * Make sure no passwords are in passwd.
+ */
+ if (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) != 0) {
+ printf (_("user %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
+ pwd->pw_name, spw_file, pwd_file);
+ *errors += 1;
+ }
}
}
}
More information about the Pkg-shadow-commits
mailing list