Let's add three defines for the 3 special cases of passwords.
Some of our tools used different values for the "locked"/"invalid" case,
let's settle on using "!*" which means the password is both locked *and*
invalid.
Other tools like to use "!!" for this case, which however is less than
ideal I think, since the this could also be a considered an entry with
an empty password, that can be enabled again by unlocking it twice.
bool is_nologin_shell(const char *shell);
int is_this_me(const char *username);
+
+/* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */
+#define PASSWORD_LOCKED_AND_INVALID "!*"
+
+/* A password indicating "look in shadow file, please!" for "struct passwd"'s .pw_passwd */
+#define PASSWORD_SEE_SHADOW "x"
+
+/* A password indicating "hey, no password required for login" */
+#define PASSWORD_NONE ""
return r;
if (arg_root_password && arg_root_password_is_hashed) {
- password = "x";
+ password = PASSWORD_SEE_SHADOW;
hashed_password = arg_root_password;
} else if (arg_root_password) {
r = hash_password(arg_root_password, &_hashed_password);
if (r < 0)
return log_error_errno(r, "Failed to hash password: %m");
- password = "x";
+ password = PASSWORD_SEE_SHADOW;
hashed_password = _hashed_password;
} else if (arg_delete_root_password)
- password = hashed_password = "";
+ password = hashed_password = PASSWORD_NONE;
else
- password = hashed_password = "!";
+ password = hashed_password = PASSWORD_LOCKED_AND_INVALID;
r = write_root_passwd(etc_passwd, password, arg_root_shell);
if (r < 0)
static const struct passwd root_passwd = {
.pw_name = (char*) "root",
- .pw_passwd = (char*) "x", /* see shadow file */
+ .pw_passwd = (char*) PASSWORD_SEE_SHADOW,
.pw_uid = 0,
.pw_gid = 0,
.pw_gecos = (char*) "Super User",
static const struct passwd nobody_passwd = {
.pw_name = (char*) NOBODY_USER_NAME,
- .pw_passwd = (char*) "*", /* locked */
+ .pw_passwd = (char*) PASSWORD_LOCKED_AND_INVALID,
.pw_uid = UID_NOBODY,
.pw_gid = GID_NOBODY,
.pw_gecos = (char*) "User Nobody",
static const struct group root_group = {
.gr_name = (char*) "root",
.gr_gid = 0,
- .gr_passwd = (char*) "x", /* see shadow file */
+ .gr_passwd = (char*) PASSWORD_SEE_SHADOW,
.gr_mem = (char*[]) { NULL },
};
static const struct group nobody_group = {
.gr_name = (char*) NOBODY_GROUP_NAME,
.gr_gid = GID_NOBODY,
- .gr_passwd = (char*) "*", /* locked */
+ .gr_passwd = (char*) PASSWORD_LOCKED_AND_INVALID,
.gr_mem = (char*[]) { NULL },
};
#include "strv.h"
#include "user-record-nss.h"
#include "user-record.h"
+#include "user-util.h"
#include "userdb-glue.h"
#include "userdb.h"
.pw_name = buffer,
.pw_uid = hr->uid,
.pw_gid = user_record_gid(hr),
- .pw_passwd = (char*) "x", /* means: see shadow file */
+ .pw_passwd = (char*) PASSWORD_SEE_SHADOW,
};
assert(buffer);
*gr = (struct group) {
.gr_name = strcpy(p, g->group_name),
.gr_gid = g->gid,
- .gr_passwd = (char*) "x", /* means: see shadow file */
+ .gr_passwd = (char*) PASSWORD_SEE_SHADOW,
.gr_mem = array,
};
.pw_gecos = i->description,
/* "x" means the password is stored in the shadow file */
- .pw_passwd = (char*) "x",
+ .pw_passwd = (char*) PASSWORD_SEE_SHADOW,
/* We default to the root directory as home */
.pw_dir = i->home ?: (char*) "/",
struct spwd n = {
.sp_namp = i->name,
- .sp_pwdp = (char*) "!*", /* lock this password, and make it invalid */
+ .sp_pwdp = (char*) PASSWORD_LOCKED_AND_INVALID,
.sp_lstchg = lstchg,
.sp_min = -1,
.sp_max = -1,
struct group n = {
.gr_name = i->name,
.gr_gid = i->gid,
- .gr_passwd = (char*) "x",
+ .gr_passwd = (char*) PASSWORD_SEE_SHADOW,
};
r = putgrent_with_members(&n, group);
ORDERED_HASHMAP_FOREACH(i, todo_gids) {
struct sgrp n = {
.sg_namp = i->name,
- .sg_passwd = (char*) "!*",
+ .sg_passwd = (char*) PASSWORD_LOCKED_AND_INVALID,
};
r = putsgent_with_members(&n, gshadow);
projects / thirdparty / systemd.git / commitdiff
