shared/{user,group}-record-nss: adjust filtering of "valid" passwords

We would reject various passwords that glibc accepts, for example ""
or any descrypted password. Accounts with empty password are definitely
useful, for example for testing or in scenarios where a password is not
needed. Also, using weak encryption methods is probably not a good idea,
it's not the job of our nss helpers to decide that: they should just
faithfully forward whatever data is there.

Also rename the function to make it more obvious that the returned answer
is not in any way certain.

(cherry picked from commit 8f796e40a561bd9200fde3c8885e6255a2dd4250)

diff --git a/src/shared/group-record-nss.c b/src/shared/group-record-nss.c
index 5c4fae865aefa0700d038598819c4d1b0f0f7a48..b018a46e18e0185d8ab2597d5b39ef95eeba1180 100644 (file)
--- a/src/shared/group-record-nss.c
+++ b/src/shared/group-record-nss.c
@@ -37,7 +37,7 @@ int nss_group_to_group_record(
         g->gid = grp->gr_gid;
 
         if (sgrp) {
-                if (hashed_password_valid(sgrp->sg_passwd)) {
+                if (looks_like_hashed_password(sgrp->sg_passwd)) {
                         g->hashed_password = strv_new(sgrp->sg_passwd);
                         if (!g->hashed_password)
                                 return -ENOMEM;

diff --git a/src/shared/libcrypt-util.c b/src/shared/libcrypt-util.c
index f41685ae45010931381e7a53be05c523342c5c6f..bf6605508af4d05494fc403022d17d402691743c 100644 (file)
--- a/src/shared/libcrypt-util.c
+++ b/src/shared/libcrypt-util.c
@@ -74,13 +74,18 @@ int make_salt(char **ret) {
 #endif
 }
 
-bool hashed_password_valid(const char *s) {
-
-        /* Returns true if the specified string is a 'valid' hashed UNIX password, i.e. if starts with '$' or
-         * with '!$' (the latter being a valid, yet locked password). */
-
-        if (isempty(s))
+bool looks_like_hashed_password(const char *s) {
+        /* Returns false if the specified string is certainly not a hashed UNIX password. crypt(5) lists
+         * various hashing methods. We only reject (return false) strings which are documented to have
+         * different meanings.
+         *
+         * In particular, we allow locked passwords, i.e. strings starting with "!", including just "!",
+         * i.e. the locked empty password. See also fc58c0c7bf7e4f525b916e3e5be0de2307fef04e.
+         */
+        if (!s)
                 return false;
 
-        return STARTSWITH_SET(s, "$", "!$");
+        s += strspn(s, "!"); /* Skip (possibly duplicated) locking prefix */
+
+        return !STR_IN_SET(s, "x", "*");
 }

diff --git a/src/shared/libcrypt-util.h b/src/shared/libcrypt-util.h
index 93f0e13ffbe7554047601cb40a70c3a339ac7de5..8a860ceb0d853dccbcd6aa4445c79ca90d86f23a 100644 (file)
--- a/src/shared/libcrypt-util.h
+++ b/src/shared/libcrypt-util.h
@@ -19,4 +19,4 @@
 
 int make_salt(char **ret);
 
-bool hashed_password_valid(const char *s);
+bool looks_like_hashed_password(const char *s);

diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c
index b27a12c55d06bd15e2ad732c009eb066cb03e179..b4c35b8a53208bf10c5fba2951e990be714f1876 100644 (file)
--- a/src/shared/user-record-nss.c
+++ b/src/shared/user-record-nss.c
@@ -66,7 +66,7 @@ int nss_passwd_to_user_record(
         hr->uid = pwd->pw_uid;
         hr->gid = pwd->pw_gid;
 
-        if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
+        if (spwd && looks_like_hashed_password(spwd->sp_pwdp)) {
                 strv_free_erase(hr->hashed_password);
                 hr->hashed_password = strv_new(spwd->sp_pwdp);
                 if (!hr->hashed_password)