From: nekral-guest Date: Sat, 9 May 2009 21:20:54 +0000 (+0000) Subject: * src/pwck.c: Warn if an user has an entry in passwd and shadow, X-Git-Tag: 4.1.4~9 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a01499179fe0315423c76dedabd53c9e03324dfe;p=shadow * src/pwck.c: Warn if an user has an entry in passwd and shadow, and the password field in passwd is not 'x'. * src/grpck.c: Warn if a group has an entry in group and gshadow, and the password field in group is not 'x'. --- diff --git a/ChangeLog b/ChangeLog index b5e2b3a1..afae0aac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2009-05-09 Nicolas François + + * src/pwck.c: Warn if an user has an entry in passwd and shadow, + and the password field in passwd is not 'x'. + * src/grpck.c: Warn if a group has an entry in group and gshadow, + and the password field in group is not 'x'. + 2009-05-09 Nicolas François * man/login.defs.d/ENCRYPT_METHOD.xml, diff --git a/NEWS b/NEWS index 3b9f9438..9421fdca 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,9 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED policy in a central place. The -c/--crypt-method, -e/--encrypted, -m/--md5 and -s/--sha-rounds options are no more supported on PAM enabled systems. +- grpck + * Warn if a group has an entry in group and gshadow, and the password + field in group is not 'x'. - login * Do not trust the current utmp entry's ut_line to set PAM_TTY. This could lead to DOS attacks. @@ -25,6 +28,9 @@ shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED * Change the passwords using PAM. This permits to define the password policy in a central place. The -c/--crypt-method and -s/--sha-rounds options are no more supported on PAM enabled systems. +- pwck + * Warn if an user has an entry in passwd and shadow, and the password + field in passwd is not 'x'. *** translation - Updated Czech translation diff --git a/src/grpck.c b/src/grpck.c index ca4d72e1..15d5f9fb 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -627,6 +627,15 @@ static void check_grp_file (int *errors, bool *changed) compare_members_lists (grp->gr_name, grp->gr_mem, sgr->sg_mem, grp_file, sgr_file); + + /* The group entry has a gshadow counterpart. + * Make sure no passwords are in group. + */ + if (strcmp (grp->gr_passwd, SHADOW_PASSWD_STRING) != 0) { + printf (_("group %s has an entry in %s, but its password field in %s is not set to 'x'\n"), + grp->gr_name, sgr_file, grp_file); + *errors += 1; + } } } #endif diff --git a/src/pwck.c b/src/pwck.c index badb3b26..8bc19a47 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -497,6 +497,15 @@ static void check_pw_file (int *errors, bool *changed) exit (E_CANTUPDATE); } } + } else { + /* The passwd entry has a shadow counterpart. + * Make sure no passwords are in passwd. + */ + if (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) != 0) { + printf (_("user %s has an entry in %s, but its password field in %s is not set to 'x'\n"), + pwd->pw_name, spw_file, pwd_file); + *errors += 1; + } } } }