[Pkg-shadow-commits] r3453 - in upstream/trunk: . src

Thu Jul 28 15:17:28 UTC 2011

Author: nekral-guest
Date: 2011-07-28 15:17:28 +0000 (Thu, 28 Jul 2011)
New Revision: 3453

Modified:
   upstream/trunk/NEWS
   upstream/trunk/src/chgpasswd.c
   upstream/trunk/src/chpasswd.c
Log:
	* NEWS, src/chpasswd.c: Create a shadow entry if the password is
	set to 'x' in passwd and there are no entry in shadow for the
	user.
	* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is 
	set to 'x' in group and there are no entry in gshadow for the 
	group.


Modified: upstream/trunk/NEWS
===================================================================

--- upstream/trunk/NEWS	2011-07-28 14:40:56 UTC (rev 3452)
+++ upstream/trunk/NEWS	2011-07-28 15:17:28 UTC (rev 3453)
@@ -16,11 +16,18 @@
     configure options.
   * Added diagnosis for lock failures.
 
+-chgpasswd
+  * When the gshadow file exists but there are no gshadow entries, an entry
+    is created if the password is changed and group requires a
+    shadow entry.
 -chpasswd
   * PAM enabled versions: restore the -e option to allow restoring
     passwords without knowing those passwords. Restore together the -m
     and -c options. (These options were removed in shadow-4.1.4 on PAM
     enabled versions)
+  * When the shadow file exists but there are no shadow entries, an entry
+    is created if the password is changed and passwd requires a
+    shadow entry.
 - faillog
   * The -l, -m, -r, -t options only act on the existing users, unless -a is
     specified.

Modified: upstream/trunk/src/chgpasswd.c
===================================================================
--- upstream/trunk/src/chgpasswd.c	2011-07-28 14:40:56 UTC (rev 3452)
+++ upstream/trunk/src/chgpasswd.c	2011-07-28 15:17:28 UTC (rev 3453)
@@ -478,7 +478,28 @@
 		}
 #ifdef SHADOWGRP
 		if (is_shadow_grp) {
+			/* The gshadow entry should be updated if the
+			 * group entry has a password set to 'x'.
+			 * But on the other hand, if there is already both
+			 * a group and a gshadow password, it's preferable
+			 * to update both.
+			 */
 			sg = sgr_locate (name);
+
+			if (   (NULL == sp)
+			    && (strcmp (pw->pw_passwd,
+			                SHADOW_PASSWD_STRING) == 0)) {
+				static char *empty = NULL;
+				/* If the password is set to 'x' in
+				 * group, but there are no entries in
+				 * gshadow, create one.
+				 */
+				newsg.sg_namp   = name;
+				/* newsg.sg_passwd = NULL; will be set later */
+				newsg.sg_adm    = ∅
+				newsg.sg_mem    = dup_list (gr->gr_mem);
+				sg = &newsg;
+			}
 		} else {
 			sg = NULL;
 		}
@@ -492,9 +513,10 @@
 		if (NULL != sg) {
 			newsg = *sg;
 			newsg.sg_passwd = cp;
-		} else
+		}
 #endif
-		{
+		if (   (NULL == sg)
+		    || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			newgr = *gr;
 			newgr.gr_passwd = cp;
 		}
@@ -513,9 +535,10 @@
 				errors++;
 				continue;
 			}
-		} else
+		}
 #endif
-		{
+		if (   (NULL == sg)
+		    || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			if (gr_update (&newgr) == 0) {
 				fprintf (stderr,
 				         _("%s: line %d: failed to prepare the new %s entry '%s'\n"),

Modified: upstream/trunk/src/chpasswd.c
===================================================================
--- upstream/trunk/src/chpasswd.c	2011-07-28 14:40:56 UTC (rev 3452)
+++ upstream/trunk/src/chpasswd.c	2011-07-28 15:17:28 UTC (rev 3453)
@@ -44,6 +44,7 @@
 #endif				/* USE_PAM */
 #include "defines.h"
 #include "nscd.h"
+#include "getdef.h"
 #include "prototypes.h"
 #include "pwio.h"
 #include "shadowio.h"
@@ -499,7 +500,32 @@
 			continue;
 		}
 		if (is_shadow_pwd) {
+			/* The shadow entry should be updated if the
+			 * passwd entry has a password set to 'x'.
+			 * But on the other hand, if there is already both
+			 * a passwd and a shadow password, it's preferable
+			 * to update both.
+			 */
 			sp = spw_locate (name);
+
+			if (   (NULL == sp)
+			    && (strcmp (pw->pw_passwd,
+			                SHADOW_PASSWD_STRING) == 0)) {
+				/* If the password is set to 'x' in
+				 * passwd, but there are no entries in
+				 * shadow, create one.
+				 */
+				newsp.sp_namp  = name;
+				/* newsp.sp_pwdp  = NULL; will be set later */
+				/* newsp.sp_lstchg= 0;    will be set later */
+				newsp.sp_min   = getdef_num ("PASS_MIN_DAYS", -1);
+				newsp.sp_max   = getdef_num ("PASS_MAX_DAYS", -1);
+				newsp.sp_warn  = getdef_num ("PASS_WARN_AGE", -1);
+				newsp.sp_inact = -1;
+				newsp.sp_expire= -1;
+				newsp.sp_flag  = SHADOW_SP_FLAG_UNSET;
+				sp = &newsp;
+			}
 		} else {
 			sp = NULL;
 		}
@@ -518,7 +544,10 @@
 				 * password change */
 				newsp.sp_lstchg = -1;
 			}
-		} else {
+		}
+
+		if (   (NULL == sp)
+		    || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			newpw = *pw;
 			newpw.pw_passwd = cp;
 		}
@@ -536,7 +565,9 @@
 				errors++;
 				continue;
 			}
-		} else {
+		}
+		if (   (NULL == sp)
+		    || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			if (pw_update (&newpw) == 0) {
 				fprintf (stderr,
 				         _("%s: line %d: failed to prepare the new %s entry '%s'\n"),


