25899fefb0
- unlock also passwords locked with passwd -l - prevent breaking user entry by entering a password containing colon - fix possible DoS when locking the database files for update - properly use login.defs from the chroot in useradd
40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
|
|
--- shadow-4.2.1/src/usermod.c.unlock 2014-12-01 15:14:58.000000000 +0100
|
|
+++ shadow-4.2.1/src/usermod.c 2015-08-27 14:31:50.899712180 +0200
|
|
@@ -455,9 +455,12 @@ static char *new_pw_passwd (char *pw_pas
|
|
strcat (buf, pw_pass);
|
|
pw_pass = buf;
|
|
} else if (Uflg && pw_pass[0] == '!') {
|
|
- char *s;
|
|
+ char *s = pw_pass;
|
|
|
|
- if (pw_pass[1] == '\0') {
|
|
+ while ('!' == *s)
|
|
+ ++s;
|
|
+
|
|
+ if (*s == '\0') {
|
|
fprintf (stderr,
|
|
_("%s: unlocking the user's password would result in a passwordless account.\n"
|
|
"You should set a password with usermod -p to unlock this user's password.\n"),
|
|
@@ -471,12 +474,15 @@ static char *new_pw_passwd (char *pw_pas
|
|
user_newname, (unsigned int) user_newid, 1);
|
|
#endif
|
|
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
|
|
- s = pw_pass;
|
|
- while ('\0' != *s) {
|
|
- *s = *(s + 1);
|
|
- s++;
|
|
- }
|
|
+ memmove (pw_pass, s, strlen (s) + 1);
|
|
} else if (pflg) {
|
|
+ if (strchr (user_pass, ':') != NULL) {
|
|
+ fprintf (stderr,
|
|
+ _("%s: The password field cannot contain a colon character.\n"),
|
|
+ Prog);
|
|
+ return pw_pass;
|
|
+
|
|
+ }
|
|
#ifdef WITH_AUDIT
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
"updating-password",
|