diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-28 16:23:16 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-09-02 10:58:34 +0200 |
| commit | aee20dfbd8e286b1e20290ef070cf1061d79f8c7 (patch) | |
| tree | 8ed714227094ab12b109cc5911df6c20e41002ff /src/shared/user-record-nss.c | |
| parent | 5933d77afe2c15283f696ad2a7a44a2643cd8c69 (diff) | |
| download | systemd-aee20dfbd8e286b1e20290ef070cf1061d79f8c7.tar.gz | |
shared/{user,group}-record-nss: adjust filtering of "valid" passwords
We would reject various passwords that glibc accepts, for example ""
or any descrypted password. Accounts with empty password are definitely
useful, for example for testing or in scenarios where a password is not
needed. Also, using weak encryption methods is probably not a good idea,
it's not the job of our nss helpers to decide that: they should just
faithfully forward whatever data is there.
Also rename the function to make it more obvious that the returned answer
is not in any way certain.
(cherry picked from commit 8f796e40a561bd9200fde3c8885e6255a2dd4250)
Diffstat (limited to 'src/shared/user-record-nss.c')
| -rw-r--r-- | src/shared/user-record-nss.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c index b27a12c55d..b4c35b8a53 100644 --- a/src/shared/user-record-nss.c +++ b/src/shared/user-record-nss.c @@ -66,7 +66,7 @@ int nss_passwd_to_user_record( hr->uid = pwd->pw_uid; hr->gid = pwd->pw_gid; - if (spwd && hashed_password_valid(spwd->sp_pwdp)) { + if (spwd && looks_like_hashed_password(spwd->sp_pwdp)) { strv_free_erase(hr->hashed_password); hr->hashed_password = strv_new(spwd->sp_pwdp); if (!hr->hashed_password) |