account. Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff
+2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
+
+ * NEWS, src/usermod.c: Refuse to unlock an account when it would
+ result in a passwordless account. Based on Openwall's patch
+ shadow-4.0.4.1-owl-usermod-unlock.diff.
+
2007-11-17 Nicolas François <nicolas.francois@centraliens.net>
* src/userdel.c (path_prefix): Make sure that the prefix is the
were always missing.
- su: Avoid terminating the PAM library in the forked child. This is done
later in the parent after closing the PAM session.
+- usermod: Refuse to unlock an account when it would result in a
+ passwordless account.
*** documentation:
- Generate the translated manpages from PO at build time.
} else if (Uflg && pw_pass[0] == '!') {
char *s;
+ if (pw_pass[1] == '\0') {
+ fprintf (stderr,
+ _("%s: unlocking the user would result in a passwordless account.\n"
+ "You should set a password with usermod -p to unlock this user account.\n"),
+ Prog);
+ return pw_pass;
+ }
+
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "updating password",
user_newname, user_newid, 0);
projects / shadow / commitdiff