configure options.
* Added diagnosis for lock failures.
+-chgpasswd
+ * When the gshadow file exists but there are no gshadow entries, an entry
+ is created if the password is changed and group requires a
+ shadow entry.
-chpasswd
* PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options. (These options were removed in shadow-4.1.4 on PAM
enabled versions)
+ * When the shadow file exists but there are no shadow entries, an entry
+ is created if the password is changed and passwd requires a
+ shadow entry.
- faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is
specified.
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
+ /* The gshadow entry should be updated if the
+ * group entry has a password set to 'x'.
+ * But on the other hand, if there is already both
+ * a group and a gshadow password, it's preferable
+ * to update both.
+ */
sg = sgr_locate (name);
+
+ if ( (NULL == sp)
+ && (strcmp (pw->pw_passwd,
+ SHADOW_PASSWD_STRING) == 0)) {
+ static char *empty = NULL;
+ /* If the password is set to 'x' in
+ * group, but there are no entries in
+ * gshadow, create one.
+ */
+ newsg.sg_namp = name;
+ /* newsg.sg_passwd = NULL; will be set later */
+ newsg.sg_adm = ∅
+ newsg.sg_mem = dup_list (gr->gr_mem);
+ sg = &newsg;
+ }
} else {
sg = NULL;
}
if (NULL != sg) {
newsg = *sg;
newsg.sg_passwd = cp;
- } else
+ }
#endif
- {
+ if ( (NULL == sg)
+ || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
newgr = *gr;
newgr.gr_passwd = cp;
}
errors++;
continue;
}
- } else
+ }
#endif
- {
+ if ( (NULL == sg)
+ || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (gr_update (&newgr) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),
#endif /* USE_PAM */
#include "defines.h"
#include "nscd.h"
+#include "getdef.h"
#include "prototypes.h"
#include "pwio.h"
#include "shadowio.h"
continue;
}
if (is_shadow_pwd) {
+ /* The shadow entry should be updated if the
+ * passwd entry has a password set to 'x'.
+ * But on the other hand, if there is already both
+ * a passwd and a shadow password, it's preferable
+ * to update both.
+ */
sp = spw_locate (name);
+
+ if ( (NULL == sp)
+ && (strcmp (pw->pw_passwd,
+ SHADOW_PASSWD_STRING) == 0)) {
+ /* If the password is set to 'x' in
+ * passwd, but there are no entries in
+ * shadow, create one.
+ */
+ newsp.sp_namp = name;
+ /* newsp.sp_pwdp = NULL; will be set later */
+ /* newsp.sp_lstchg= 0; will be set later */
+ newsp.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
+ newsp.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
+ newsp.sp_warn = getdef_num ("PASS_WARN_AGE", -1);
+ newsp.sp_inact = -1;
+ newsp.sp_expire= -1;
+ newsp.sp_flag = SHADOW_SP_FLAG_UNSET;
+ sp = &newsp;
+ }
} else {
sp = NULL;
}
* password change */
newsp.sp_lstchg = -1;
}
- } else {
+ }
+
+ if ( (NULL == sp)
+ || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
newpw = *pw;
newpw.pw_passwd = cp;
}
errors++;
continue;
}
- } else {
+ }
+ if ( (NULL == sp)
+ || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
if (pw_update (&newpw) == 0) {
fprintf (stderr,
_("%s: line %d: failed to prepare the new %s entry '%s'\n"),
projects / thirdparty / shadow.git / commitdiff
