summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPigmy-penguin <88971276+Pigmy-penguin@users.noreply.github.com>2022-01-06 17:01:38 +0100
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2022-01-07 15:55:31 +0100
commitc33d10d230d5f8eeb1123fea76a1a11a8e03e0b2 (patch)
treeabe4ecb80012b14a8a3cde5476a5c8787fe17272
parent4c0ed19c520a8944f68f613edc3acbd0471dcc81 (diff)
downloadsystemd-c33d10d230d5f8eeb1123fea76a1a11a8e03e0b2.tar.gz
userdbctl: fix "Password OK" shown even when password is empty or locked (#21308)
userdbctl: fix "Password OK" shown even when password is empty or locked (cherry picked from commit cd933f14bd70d8311799972ca71280a733eb1d6a)
-rw-r--r--TODO3
-rw-r--r--src/basic/user-util.h4
-rw-r--r--src/shared/user-record-show.c24
3 files changed, 25 insertions, 6 deletions
diff --git a/TODO b/TODO
index 51903c4521..47ae975b3e 100644
--- a/TODO
+++ b/TODO
@@ -4,9 +4,6 @@ Bugfixes:
manager or system manager can be always set. It would be better to reject
them when parsing config.
-* userdbctl: "Password OK: yes" is shown even when there are no passwords
- or the password is locked.
-
* Jun 01 09:43:02 krowka systemd[1]: Unit user@1000.service has alias user@.service.
Jun 01 09:43:02 krowka systemd[1]: Unit user@6.service has alias user@.service.
Jun 01 09:43:02 krowka systemd[1]: Unit user-runtime-dir@6.service has alias user-runtime-dir@.service.
diff --git a/src/basic/user-util.h b/src/basic/user-util.h
index ab1ce48b2d..bc76de6b41 100644
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@@ -114,6 +114,10 @@ int is_this_me(const char *username);
const char *get_home_root(void);
+static inline bool hashed_password_is_locked_or_invalid(const char *password) {
+ return password && password[0] != '$';
+}
+
/* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */
#define PASSWORD_LOCKED_AND_INVALID "!*"
diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c
index 5335e64070..7c2751f3a7 100644
--- a/src/shared/user-record-show.c
+++ b/src/shared/user-record-show.c
@@ -132,10 +132,28 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {
break;
}
- printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
- break;
+ if (strv_isempty(hr->hashed_password)) {
+ if (hr->incomplete) /* Record might be incomplete, due to privs */
+ break;
+ printf(" Password OK: %sno%s (none set)\n", ansi_highlight(), ansi_normal());
+ break;
+ }
+ if (strv_contains(hr->hashed_password, "")) {
+ printf(" Password OK: %sno%s (empty set)\n", ansi_highlight_red(), ansi_normal());
+ break;
+ }
+ bool has_valid_passwords = false;
+ char **p;
+ STRV_FOREACH(p, hr->hashed_password)
+ if (!hashed_password_is_locked_or_invalid(*p)) {
+ has_valid_passwords = true;
+ break;
+ }
+ if (has_valid_passwords)
+ printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
+ else
+ printf(" Password OK: %sno%s (locked)\n", ansi_highlight(), ansi_normal());
}
-
if (uid_is_valid(hr->uid))
printf(" UID: " UID_FMT "\n", hr->uid);
if (gid_is_valid(hr->gid)) {