diff options
author | Pigmy-penguin <88971276+Pigmy-penguin@users.noreply.github.com> | 2022-01-06 17:01:38 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-01-07 15:55:31 +0100 |
commit | c33d10d230d5f8eeb1123fea76a1a11a8e03e0b2 (patch) | |
tree | abe4ecb80012b14a8a3cde5476a5c8787fe17272 | |
parent | 4c0ed19c520a8944f68f613edc3acbd0471dcc81 (diff) | |
download | systemd-c33d10d230d5f8eeb1123fea76a1a11a8e03e0b2.tar.gz |
userdbctl: fix "Password OK" shown even when password is empty or locked (#21308)
userdbctl: fix "Password OK" shown even when password is empty or locked
(cherry picked from commit cd933f14bd70d8311799972ca71280a733eb1d6a)
-rw-r--r-- | TODO | 3 | ||||
-rw-r--r-- | src/basic/user-util.h | 4 | ||||
-rw-r--r-- | src/shared/user-record-show.c | 24 |
3 files changed, 25 insertions, 6 deletions
@@ -4,9 +4,6 @@ Bugfixes: manager or system manager can be always set. It would be better to reject them when parsing config. -* userdbctl: "Password OK: yes" is shown even when there are no passwords - or the password is locked. - * Jun 01 09:43:02 krowka systemd[1]: Unit user@1000.service has alias user@.service. Jun 01 09:43:02 krowka systemd[1]: Unit user@6.service has alias user@.service. Jun 01 09:43:02 krowka systemd[1]: Unit user-runtime-dir@6.service has alias user-runtime-dir@.service. diff --git a/src/basic/user-util.h b/src/basic/user-util.h index ab1ce48b2d..bc76de6b41 100644 --- a/src/basic/user-util.h +++ b/src/basic/user-util.h @@ -114,6 +114,10 @@ int is_this_me(const char *username); const char *get_home_root(void); +static inline bool hashed_password_is_locked_or_invalid(const char *password) { + return password && password[0] != '$'; +} + /* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */ #define PASSWORD_LOCKED_AND_INVALID "!*" diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c index 5335e64070..7c2751f3a7 100644 --- a/src/shared/user-record-show.c +++ b/src/shared/user-record-show.c @@ -132,10 +132,28 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) { break; } - printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal()); - break; + if (strv_isempty(hr->hashed_password)) { + if (hr->incomplete) /* Record might be incomplete, due to privs */ + break; + printf(" Password OK: %sno%s (none set)\n", ansi_highlight(), ansi_normal()); + break; + } + if (strv_contains(hr->hashed_password, "")) { + printf(" Password OK: %sno%s (empty set)\n", ansi_highlight_red(), ansi_normal()); + break; + } + bool has_valid_passwords = false; + char **p; + STRV_FOREACH(p, hr->hashed_password) + if (!hashed_password_is_locked_or_invalid(*p)) { + has_valid_passwords = true; + break; + } + if (has_valid_passwords) + printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal()); + else + printf(" Password OK: %sno%s (locked)\n", ansi_highlight(), ansi_normal()); } - if (uid_is_valid(hr->uid)) printf(" UID: " UID_FMT "\n", hr->uid); if (gid_is_valid(hr->gid)) { |