usermod: properly return error during password manipulation

2016-02-09 11:54:02 +01:00 · 2016-02-09 11:54:02 +01:00 · 1bf254df98
parent b1dccbc445
commit 1bf254df98
2 changed files with 32 additions and 5 deletions
--- a/shadow-4.2.1-usermod-unlock.patch
+++ b/shadow-4.2.1-usermod-unlock.patch
@ -1,7 +1,7 @@
 diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
--- shadow-4.2.1/src/usermod.c.unlock	2014-12-01 15:14:58.000000000 +0100
-+++ shadow-4.2.1/src/usermod.c	2015-08-27 14:31:50.899712180 +0200
-@@ -455,9 +455,12 @@ static char *new_pw_passwd (char *pw_pas
+--- shadow-4.2.1/src/usermod.c.unlock	2016-02-03 11:54:14.977664838 +0100
+++ shadow-4.2.1/src/usermod.c	2016-02-09 11:52:08.244957222 +0100
+@@ -455,14 +455,17 @@ static char *new_pw_passwd (char *pw_pas
 		strcat (buf, pw_pass);
 		pw_pass = buf;
 	} else if (Uflg && pw_pass[0] == '!') {
@ -16,6 +16,12 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
 			fprintf (stderr,
 			         _("%s: unlocking the user's password would result in a passwordless account.\n"
 			           "You should set a password with usermod -p to unlock this user's password.\n"),
+ 			         Prog);
+-			return pw_pass;
+			return NULL;
+ 		}
+ 
+ #ifdef WITH_AUDIT
@@ -471,12 +474,15 @@ static char *new_pw_passwd (char *pw_pas
 		              user_newname, (unsigned int) user_newid, 1);
 #endif
@ -31,9 +37,27 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
 +			fprintf (stderr,
 +			         _("%s: The password field cannot contain a colon character.\n"),
 +			         Prog);
-+			return pw_pass;
+			return NULL;
 +
 +		}
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
 		              "updating-password",
+@@ -525,6 +531,8 @@ static void new_pwent (struct passwd *pw
+ 	if (   (!is_shadow_pwd)
+ 	    || (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
+ 		pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
+		if (pwent->pw_passwd == NULL)
+			fail_exit (E_PW_UPDATE);
+ 	}
+ 
+ 	if (uflg) {
+@@ -639,6 +647,8 @@ static void new_spent (struct spwd *spen
+ 	 *  + aging has been requested
+ 	 */
+ 	spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
+	if (spent->sp_pwdp == NULL)
+		fail_exit(E_PW_UPDATE);
+ 
+ 	if (pflg) {
+ 		spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.2.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
@ -254,6 +254,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*

 %changelog
+* Tue Feb  9 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-7
+- usermod: properly return error during password manipulation
+
 * Wed Feb  3 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-6
 - add possibility to clear or set lastlog record for user via lastlog