[Pkg-shadow-devel] Bug#355268: passwd: config script report errors when root user is disabled

Petter Reinholdtsen pere at hungry.com
Sat Mar 4 16:00:59 UTC 2006 

Package: passwd
Version: 4.0.14-4
Severity: important
Tags: patch

When testing new LTSP on unstable, I came across this problem.  When
reconfiguring passwd, the script fail because roots password is '!',
and this value has special meaning to the test shell primitive.  The
code need to be rewritten to cope with this.

I see this problem both in version 4.0.14-4 (etch) and 4.0.14-7 (sid).

Here is a demonstration, first creating a etch chroot, then disabling
the root account and finally reconfiguring passwd.

  # debootstrap etch /opt/ltsp/test http://ftp.skolelinux.no/debian
  [...]
  # chroot /opt/ltsp/test passwd -l root
  # chroot /opt/ltsp/test dpkg-reconfigure -fnoninteractive -pcritical passwd
  Shadow passwords are now on.
  /var/lib/dpkg/info/passwd.config: line 41: [: too many arguments
  /var/lib/dpkg/info/passwd.config: line 41: [: too many arguments
  # echo $?
  30
  # 

As you can see, with a disabled root account dpkg-reconfigure fail
with exit code 30.

Here is a draft patch solving the issue.  It make sure -n is used in
front of the lone string, and insert 'x' in front of the comparison
values to make sure '!' is not alone as an argument to [.  I'm not
sure if this is the best way to solve this.  For example, why is the
grep operation repeated so many times?  Perhaps it is better to
extract it once, and then use 'case' to select what to do?

--- /opt/ltsp/test/var/lib/dpkg/info/passwd.config      2006-01-27 21:36:03.000000000 +0100
+++ /opt/ltsp/i386/var/lib/dpkg/info/passwd.config      2006-03-04 16:45:03.000000000 +0100
@@ -38,13 +38,18 @@
        fi

        if [ -e /etc/shadow ] && \
-          [ "`grep ^root: /etc/shadow | cut -d : -f 2`" -a \
-            "`grep ^root: /etc/shadow | cut -d : -f 2`" != '*' ]; then
+          [ -n "`grep ^root: /etc/shadow | cut -d : -f 2`" -a \
+            "x`grep ^root: /etc/shadow | cut -d : -f 2`" != 'x*' ]; then
                return 0
        fi

-       if [ "`grep ^root: /etc/passwd | cut -d : -f 2`" ] && \
-          [ "`grep ^root: /etc/passwd | cut -d : -f 2`" != 'x' ]; then
+       if [ -n "`grep ^root: /etc/passwd | cut -d : -f 2`" ] && \
+          [ "x`grep ^root: /etc/passwd | cut -d : -f 2`" != 'xx' ]; then
+               return 0
+       fi
+
+       if [ -n "`grep ^root: /etc/passwd | cut -d : -f 2`" ] && \
+          [ "x`grep ^root: /etc/passwd | cut -d : -f 2`" != 'x!' ]; then
                return 0
        fi

More information about the Pkg-shadow-devel mailing list