+2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
+
+ * src/newgrp.c: Do not give an indication that the group has no
+ password.
+ * src/newgrp.c: Do not only bail on syslog if the password is not
+ valid. Also give an indication to the user on stderr.
+
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
* of the tests above.
*/
if (getuid () != 0 && needspasswd) {
- if (grp->gr_passwd[0] == '\0') {
- /*
- * there is no password, print out "No password."
- * and give up
- */
- sleep (1);
- fputs (_("No password.\n"), stderr);
- goto failure;
- }
-
/*
* get the password from her, and set the salt for
* the decryption from the group file.
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
- if (strcmp (cpasswd, grp->gr_passwd) != 0) {
+ if (grp->gr_passwd[0] == '\0' ||
+ strcmp (cpasswd, grp->gr_passwd) != 0) {
SYSLOG ((LOG_INFO,
"Invalid password for group `%s' from `%s'",
group, name));
sleep (1);
+ fputs (_("Invalid password."), stderr);
goto failure;
}
}
projects / shadow / commitdiff