From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Thu, 28 Jul 2011 15:17:28 +0000 (+0000)
Subject: 	* NEWS, src/chpasswd.c: Create a shadow entry if the password is
X-Git-Tag: 4.1.5~140
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=75fa6975260b6f440d1f9a4cf78d761728a1724c;p=thirdparty%2Fshadow.git

	* NEWS, src/chpasswd.c: Create a shadow entry if the password is
	set to 'x' in passwd and there are no entry in shadow for the
	user.
	* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
	set to 'x' in group and there are no entry in gshadow for the
	group.
---

diff --git a/NEWS b/NEWS
index 8179326b6..46aa63c2f 100644
--- a/NEWS
+++ b/NEWS
@@ -16,11 +16,18 @@ shadow-4.1.4.3 -> shadow-4.1.5					UNRELEASED
     configure options.
   * Added diagnosis for lock failures.
 
+-chgpasswd
+  * When the gshadow file exists but there are no gshadow entries, an entry
+    is created if the password is changed and group requires a
+    shadow entry.
 -chpasswd
   * PAM enabled versions: restore the -e option to allow restoring
     passwords without knowing those passwords. Restore together the -m
     and -c options. (These options were removed in shadow-4.1.4 on PAM
     enabled versions)
+  * When the shadow file exists but there are no shadow entries, an entry
+    is created if the password is changed and passwd requires a
+    shadow entry.
 - faillog
   * The -l, -m, -r, -t options only act on the existing users, unless -a is
     specified.
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index 409ea6e0c..40ec53d47 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -478,7 +478,28 @@ int main (int argc, char **argv)
 		}
 #ifdef SHADOWGRP
 		if (is_shadow_grp) {
+			/* The gshadow entry should be updated if the
+			 * group entry has a password set to 'x'.
+			 * But on the other hand, if there is already both
+			 * a group and a gshadow password, it's preferable
+			 * to update both.
+			 */
 			sg = sgr_locate (name);
+
+			if (   (NULL == sp)
+			    && (strcmp (pw->pw_passwd,
+			                SHADOW_PASSWD_STRING) == 0)) {
+				static char *empty = NULL;
+				/* If the password is set to 'x' in
+				 * group, but there are no entries in
+				 * gshadow, create one.
+				 */
+				newsg.sg_namp   = name;
+				/* newsg.sg_passwd = NULL; will be set later */
+				newsg.sg_adm    = &empty;
+				newsg.sg_mem    = dup_list (gr->gr_mem);
+				sg = &newsg;
+			}
 		} else {
 			sg = NULL;
 		}
@@ -492,9 +513,10 @@ int main (int argc, char **argv)
 		if (NULL != sg) {
 			newsg = *sg;
 			newsg.sg_passwd = cp;
-		} else
+		}
 #endif
-		{
+		if (   (NULL == sg)
+		    || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			newgr = *gr;
 			newgr.gr_passwd = cp;
 		}
@@ -513,9 +535,10 @@ int main (int argc, char **argv)
 				errors++;
 				continue;
 			}
-		} else
+		}
 #endif
-		{
+		if (   (NULL == sg)
+		    || (strcmp (gr->gr_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			if (gr_update (&newgr) == 0) {
 				fprintf (stderr,
 				         _("%s: line %d: failed to prepare the new %s entry '%s'\n"),
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 52571a457..4dc583c7e 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -44,6 +44,7 @@
 #endif				/* USE_PAM */
 #include "defines.h"
 #include "nscd.h"
+#include "getdef.h"
 #include "prototypes.h"
 #include "pwio.h"
 #include "shadowio.h"
@@ -499,7 +500,32 @@ int main (int argc, char **argv)
 			continue;
 		}
 		if (is_shadow_pwd) {
+			/* The shadow entry should be updated if the
+			 * passwd entry has a password set to 'x'.
+			 * But on the other hand, if there is already both
+			 * a passwd and a shadow password, it's preferable
+			 * to update both.
+			 */
 			sp = spw_locate (name);
+
+			if (   (NULL == sp)
+			    && (strcmp (pw->pw_passwd,
+			                SHADOW_PASSWD_STRING) == 0)) {
+				/* If the password is set to 'x' in
+				 * passwd, but there are no entries in
+				 * shadow, create one.
+				 */
+				newsp.sp_namp  = name;
+				/* newsp.sp_pwdp  = NULL; will be set later */
+				/* newsp.sp_lstchg= 0;    will be set later */
+				newsp.sp_min   = getdef_num ("PASS_MIN_DAYS", -1);
+				newsp.sp_max   = getdef_num ("PASS_MAX_DAYS", -1);
+				newsp.sp_warn  = getdef_num ("PASS_WARN_AGE", -1);
+				newsp.sp_inact = -1;
+				newsp.sp_expire= -1;
+				newsp.sp_flag  = SHADOW_SP_FLAG_UNSET;
+				sp = &newsp;
+			}
 		} else {
 			sp = NULL;
 		}
@@ -518,7 +544,10 @@ int main (int argc, char **argv)
 				 * password change */
 				newsp.sp_lstchg = -1;
 			}
-		} else {
+		}
+
+		if (   (NULL == sp)
+		    || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			newpw = *pw;
 			newpw.pw_passwd = cp;
 		}
@@ -536,7 +565,9 @@ int main (int argc, char **argv)
 				errors++;
 				continue;
 			}
-		} else {
+		}
+		if (   (NULL == sp)
+		    || (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
 			if (pw_update (&newpw) == 0) {
 				fprintf (stderr,
 				         _("%s: line %d: failed to prepare the new %s entry '%s'\n"),