manager or system manager can be always set. It would be better to reject
them when parsing config.
-* userdbctl: "Password OK: yes" is shown even when there are no passwords
- or the password is locked.
-
* Jun 01 09:43:02 krowka systemd[1]: Unit user@1000.service has alias user@.service.
Jun 01 09:43:02 krowka systemd[1]: Unit user@6.service has alias user@.service.
Jun 01 09:43:02 krowka systemd[1]: Unit user-runtime-dir@6.service has alias user-runtime-dir@.service.
const char *get_home_root(void);
+static inline bool hashed_password_is_locked_or_invalid(const char *password) {
+ return password && password[0] != '$';
+}
+
/* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */
#define PASSWORD_LOCKED_AND_INVALID "!*"
break;
}
- printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
- break;
+ if (strv_isempty(hr->hashed_password)) {
+ if (hr->incomplete) /* Record might be incomplete, due to privs */
+ break;
+ printf(" Password OK: %sno%s (none set)\n", ansi_highlight(), ansi_normal());
+ break;
+ }
+ if (strv_contains(hr->hashed_password, "")) {
+ printf(" Password OK: %sno%s (empty set)\n", ansi_highlight_red(), ansi_normal());
+ break;
+ }
+ bool has_valid_passwords = false;
+ char **p;
+ STRV_FOREACH(p, hr->hashed_password)
+ if (!hashed_password_is_locked_or_invalid(*p)) {
+ has_valid_passwords = true;
+ break;
+ }
+ if (has_valid_passwords)
+ printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
+ else
+ printf(" Password OK: %sno%s (locked)\n", ansi_highlight(), ansi_normal());
}
-
if (uid_is_valid(hr->uid))
printf(" UID: " UID_FMT "\n", hr->uid);
if (gid_is_valid(hr->gid)) {