diff options
-rw-r--r-- | src/basic/user-util.h | 9 | ||||
-rw-r--r-- | src/firstboot/firstboot.c | 8 | ||||
-rw-r--r-- | src/nss-systemd/nss-systemd.c | 8 | ||||
-rw-r--r-- | src/nss-systemd/userdb-glue.c | 5 | ||||
-rw-r--r-- | src/sysusers/sysusers.c | 8 |
5 files changed, 24 insertions, 14 deletions
diff --git a/src/basic/user-util.h b/src/basic/user-util.h index 636c392870..fd00b47b76 100644 --- a/src/basic/user-util.h +++ b/src/basic/user-util.h @@ -111,3 +111,12 @@ int putsgent_sane(const struct sgrp *sg, FILE *stream); bool is_nologin_shell(const char *shell); int is_this_me(const char *username); + +/* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */ +#define PASSWORD_LOCKED_AND_INVALID "!*" + +/* A password indicating "look in shadow file, please!" for "struct passwd"'s .pw_passwd */ +#define PASSWORD_SEE_SHADOW "x" + +/* A password indicating "hey, no password required for login" */ +#define PASSWORD_NONE "" diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index ba0b360cc1..896c2e7b0a 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -922,20 +922,20 @@ static int process_root_args(void) { return r; if (arg_root_password && arg_root_password_is_hashed) { - password = "x"; + password = PASSWORD_SEE_SHADOW; hashed_password = arg_root_password; } else if (arg_root_password) { r = hash_password(arg_root_password, &_hashed_password); if (r < 0) return log_error_errno(r, "Failed to hash password: %m"); - password = "x"; + password = PASSWORD_SEE_SHADOW; hashed_password = _hashed_password; } else if (arg_delete_root_password) - password = hashed_password = ""; + password = hashed_password = PASSWORD_NONE; else - password = hashed_password = "!"; + password = hashed_password = PASSWORD_LOCKED_AND_INVALID; r = write_root_passwd(etc_passwd, password, arg_root_shell); if (r < 0) diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 0b716d22dd..38c214499e 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -20,7 +20,7 @@ static const struct passwd root_passwd = { .pw_name = (char*) "root", - .pw_passwd = (char*) "x", /* see shadow file */ + .pw_passwd = (char*) PASSWORD_SEE_SHADOW, .pw_uid = 0, .pw_gid = 0, .pw_gecos = (char*) "Super User", @@ -30,7 +30,7 @@ static const struct passwd root_passwd = { static const struct passwd nobody_passwd = { .pw_name = (char*) NOBODY_USER_NAME, - .pw_passwd = (char*) "*", /* locked */ + .pw_passwd = (char*) PASSWORD_LOCKED_AND_INVALID, .pw_uid = UID_NOBODY, .pw_gid = GID_NOBODY, .pw_gecos = (char*) "User Nobody", @@ -41,14 +41,14 @@ static const struct passwd nobody_passwd = { static const struct group root_group = { .gr_name = (char*) "root", .gr_gid = 0, - .gr_passwd = (char*) "x", /* see shadow file */ + .gr_passwd = (char*) PASSWORD_SEE_SHADOW, .gr_mem = (char*[]) { NULL }, }; static const struct group nobody_group = { .gr_name = (char*) NOBODY_GROUP_NAME, .gr_gid = GID_NOBODY, - .gr_passwd = (char*) "*", /* locked */ + .gr_passwd = (char*) PASSWORD_LOCKED_AND_INVALID, .gr_mem = (char*[]) { NULL }, }; diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c index 22af0fde60..0cc84bfac7 100644 --- a/src/nss-systemd/userdb-glue.c +++ b/src/nss-systemd/userdb-glue.c @@ -6,6 +6,7 @@ #include "strv.h" #include "user-record-nss.h" #include "user-record.h" +#include "user-util.h" #include "userdb-glue.h" #include "userdb.h" @@ -50,7 +51,7 @@ int nss_pack_user_record( .pw_name = buffer, .pw_uid = hr->uid, .pw_gid = user_record_gid(hr), - .pw_passwd = (char*) "x", /* means: see shadow file */ + .pw_passwd = (char*) PASSWORD_SEE_SHADOW, }; assert(buffer); @@ -184,7 +185,7 @@ int nss_pack_group_record( *gr = (struct group) { .gr_name = strcpy(p, g->group_name), .gr_gid = g->gid, - .gr_passwd = (char*) "x", /* means: see shadow file */ + .gr_passwd = (char*) PASSWORD_SEE_SHADOW, .gr_mem = array, }; diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 8d3086e209..465b2dd9f5 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -441,7 +441,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char .pw_gecos = i->description, /* "x" means the password is stored in the shadow file */ - .pw_passwd = (char*) "x", + .pw_passwd = (char*) PASSWORD_SEE_SHADOW, /* We default to the root directory as home */ .pw_dir = i->home ?: (char*) "/", @@ -551,7 +551,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char struct spwd n = { .sp_namp = i->name, - .sp_pwdp = (char*) "!*", /* lock this password, and make it invalid */ + .sp_pwdp = (char*) PASSWORD_LOCKED_AND_INVALID, .sp_lstchg = lstchg, .sp_min = -1, .sp_max = -1, @@ -682,7 +682,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char ** struct group n = { .gr_name = i->name, .gr_gid = i->gid, - .gr_passwd = (char*) "x", + .gr_passwd = (char*) PASSWORD_SEE_SHADOW, }; r = putgrent_with_members(&n, group); @@ -766,7 +766,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch ORDERED_HASHMAP_FOREACH(i, todo_gids) { struct sgrp n = { .sg_namp = i->name, - .sg_passwd = (char*) "!*", + .sg_passwd = (char*) PASSWORD_LOCKED_AND_INVALID, }; r = putsgent_with_members(&n, gshadow); |