ahill/shadow
1
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2026-01-31 08:14:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ahill:master
Branches Tags
ahill:master
ahill:4.19.x
ahill:2025-12-07/4.19.0-rc1
ahill:revert-1237-test-useradd
ahill:4.15.x
ahill:4.14.x
ahill:2024-03-20/fix-logindefs-unknown-error
ahill:rust
ahill:travis
ahill:makefile
ahill:subuigid-numeric
ahill:newuidmap.root.man
ahill:su-c_tty
ahill:userns.2
ahill:4.1.4.3
ahill:v4.1.4.3
ahill:v4.1.2.2
ahill:v4.1.2.1
ahill:4.19.2
ahill:4.19.1
ahill:4.19.0
ahill:4.19.0-rc1
ahill:4.18.0
ahill:4.18.0-rc2
ahill:4.18.0-rc1
ahill:4.17.4
ahill:4.17.3
ahill:4.17.2
ahill:4.17.1
ahill:4.17.0
ahill:4.17.0-rc1
ahill:4.15.3
ahill:4.15.2
ahill:4.14.8
ahill:4.16.0
ahill:4.16.0-rc1
ahill:4.14.7
ahill:4.15.1
ahill:4.15.0
ahill:4.14.6
ahill:4.15.0-rc3
ahill:4.15.0-rc2
ahill:4.14.5
ahill:4.14.4
ahill:4.15.0-rc1
ahill:4.14.3
ahill:4.14.2
ahill:4.14.1
ahill:4.14.0
ahill:4.14.0-rc5
ahill:4.14.0-rc4
ahill:4.14.0-rc3
ahill:4.14.0-rc2
ahill:4.14.0-rc1
ahill:4.13
ahill:4.12.3
ahill:4.12.2
ahill:4.12.1
ahill:4.12
ahill:v4.11.1
ahill:v4.11
ahill:v4.10
ahill:4.10
ahill:4.9
ahill:v4.9
ahill:4.8.1
ahill:4.8
ahill:4.7
ahill:4.6
ahill:4.5
ahill:4.2.1
ahill:4.4
ahill:4.3.1
ahill:4.3.0
ahill:4.1.5.1
ahill:4.1.5
ahill:4.1.4.2
ahill:4.1.4.1
ahill:4.1.4
ahill:4.1.3.1
ahill:4.1.3
ahill:4.1.2.2
ahill:4.1.2.1
ahill:4.1.2
ahill:4.1.1
ahill:4.1.0
ahill:4.0.18.2
ahill:4.0.18.1+last_pld_cvs
ahill:4.0.18.1
ahill:4.0.18
ahill:4.0.17
ahill:4.0.16
ahill:4.0.15
ahill:4.0.14
ahill:4.0.13
ahill:4.0.12
ahill:4.0.11.1
ahill:4.0.11
ahill:4.0.10
ahill:4.0.9
ahill:4.0.8
ahill:4.0.7
ahill:4.0.6
ahill:4.0.5
ahill:4.0.4.1
ahill:4.0.4
ahill:4.0.3
ahill:4.0.2
ahill:4.0.1
ahill:4.0.0
ahill:20001016
ahill:20001012
ahill:20000902
ahill:20000826
ahill:19990827
ahill:19990709
...
compare: ahill:4.19.2
Branches Tags
ahill:master
ahill:4.19.x
ahill:2025-12-07/4.19.0-rc1
ahill:revert-1237-test-useradd
ahill:4.15.x
ahill:4.14.x
ahill:2024-03-20/fix-logindefs-unknown-error
ahill:rust
ahill:travis
ahill:makefile
ahill:subuigid-numeric
ahill:newuidmap.root.man
ahill:su-c_tty
ahill:userns.2
ahill:4.1.4.3
ahill:v4.1.4.3
ahill:v4.1.2.2
ahill:v4.1.2.1
ahill:4.19.2
ahill:4.19.1
ahill:4.19.0
ahill:4.19.0-rc1
ahill:4.18.0
ahill:4.18.0-rc2
ahill:4.18.0-rc1
ahill:4.17.4
ahill:4.17.3
ahill:4.17.2
ahill:4.17.1
ahill:4.17.0
ahill:4.17.0-rc1
ahill:4.15.3
ahill:4.15.2
ahill:4.14.8
ahill:4.16.0
ahill:4.16.0-rc1
ahill:4.14.7
ahill:4.15.1
ahill:4.15.0
ahill:4.14.6
ahill:4.15.0-rc3
ahill:4.15.0-rc2
ahill:4.14.5
ahill:4.14.4
ahill:4.15.0-rc1
ahill:4.14.3
ahill:4.14.2
ahill:4.14.1
ahill:4.14.0
ahill:4.14.0-rc5
ahill:4.14.0-rc4
ahill:4.14.0-rc3
ahill:4.14.0-rc2
ahill:4.14.0-rc1
ahill:4.13
ahill:4.12.3
ahill:4.12.2
ahill:4.12.1
ahill:4.12
ahill:v4.11.1
ahill:v4.11
ahill:v4.10
ahill:4.10
ahill:4.9
ahill:v4.9
ahill:4.8.1
ahill:4.8
ahill:4.7
ahill:4.6
ahill:4.5
ahill:4.2.1
ahill:4.4
ahill:4.3.1
ahill:4.3.0
ahill:4.1.5.1
ahill:4.1.5
ahill:4.1.4.2
ahill:4.1.4.1
ahill:4.1.4
ahill:4.1.3.1
ahill:4.1.3
ahill:4.1.2.2
ahill:4.1.2.1
ahill:4.1.2
ahill:4.1.1
ahill:4.1.0
ahill:4.0.18.2
ahill:4.0.18.1+last_pld_cvs
ahill:4.0.18.1
ahill:4.0.18
ahill:4.0.17
ahill:4.0.16
ahill:4.0.15
ahill:4.0.14
ahill:4.0.13
ahill:4.0.12
ahill:4.0.11.1
ahill:4.0.11
ahill:4.0.10
ahill:4.0.9
ahill:4.0.8
ahill:4.0.7
ahill:4.0.6
ahill:4.0.5
ahill:4.0.4.1
ahill:4.0.4
ahill:4.0.3
ahill:4.0.2
ahill:4.0.1
ahill:4.0.0
ahill:20001016
ahill:20001012
ahill:20000902
ahill:20000826
ahill:19990827
ahill:19990709

6 Commits
master ... 4.19.2

Author SHA1 Message Date
Alejandro Colomar
a7eca27114
Release 4.19.2 
Regression fixes:

-  usermod(8):
   -  Revert an incorrect commit.
      See <https://github.com/shadow-maint/shadow/issues/1509>
      and <https://github.com/shadow-maint/shadow/pull/1510>.

Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2026-01-19 14:29:35 +01:00
Alejandro Colomar
759fc9a485
Revert "src/usermod.c: Remove optimizations" 
This wasn't only an optimization; it also skipped some checks that were
now spuriously triggering errors.  We may be able to get rid of the
optimizations, but that will need more analysis.  For now, let's revert
to a known-good state.

Fixes: 6a8a25dc7de6 (2025-10-15; "src/usermod.c: Remove optimizations")
Reverts: 6a8a25dc7de6 (2025-10-15; "src/usermod.c: Remove optimizations")
Closes: <https://github.com/shadow-maint/shadow/issues/1509>
Reported-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: d25bbc48d607 (2026-01-19; "Revert "src/usermod.c: Remove optimizations"")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2026-01-19 14:27:28 +01:00
Alejandro Colomar
167a6b7a75
Release 4.19.1 
Regression fixes:

-  chpasswd(8):
   -  Don't reject leading '!' in password hashes or a hash consisting
      of "*".  These were accidentally rejected in 4.19.0.
      See <https://github.com/shadow-maint/shadow/issues/1483>
      and <https://github.com/shadow-maint/shadow/pull/1486>.
   -  Accept a passwordless account ("" or "!").
      See <https://github.com/shadow-maint/shadow/issues/1483#issuecomment-3757398138>
      and <https://github.com/shadow-maint/shadow/pull/1505>.

Closes: <https://github.com/shadow-maint/shadow/issues/1487>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2026-01-18 22:49:52 +01:00
Alejandro Colomar
6b1d7aafce
lib/chkhash.c: is_valid_hash(): Accept an empty hash 
It represents a passwordless account.
That is discouraged, but accepted.

Fixes: c44f1e096a19 (2025-07-20; "chpasswd: Check hash before write when using -e")
Link: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124835>
Reported-by: Marc 'Zugschlus' Haber <mh+githubvisible@zugschlus.de>
Reported-by: "Serge E. Hallyn" <serge@hallyn.com>
Reported-by: Adam Williamson <awilliam@redhat.com>
Co-authored-by: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: b323141ee90f (2026-01-16; "lib/chkhash.c: is_valid_hash(): Accept an empty hash")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2026-01-18 22:48:44 +01:00
Alejandro Colomar
e0758f361c
lib/chkhash.c: is_valid_hash(): Accept '*' as the hash 
This is widely accepted as an invalid hash, to remove password access
for an account (that is, no passwords will match the "hash").

Fixes: c44f1e096a19 (2025-07-20; "chpasswd: Check hash before write when using -e")
Closes: <https://github.com/shadow-maint/shadow/issues/1483>
Closes: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124835>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Reviewed-by: Chris Hofstaedtler <zeha@debian.org>
Cc: vinz <mmpx09@protonmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: ddc2549f87e3 (2026-01-07; "lib/chkhash.c: is_valid_hash(): Accept '*' as the hash")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2026-01-09 14:37:46 +01:00
Alejandro Colomar
1a280cd264
lib/chkhash.c: is_valid_hash(): Accept a leading '!' 
A leading '!' means that the account is locked.

Fixes: c44f1e096a19 (2025-07-20; "chpasswd: Check hash before write when using -e")
Link: <https://github.com/shadow-maint/shadow/issues/1483>
Link: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124835>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Reviewed-by: Chris Hofstaedtler <zeha@debian.org>
Cc: vinz <mmpx09@protonmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 87ec7a52ab25 (2026-01-07; "lib/chkhash.c: is_valid_hash(): Accept a leading '!'")
Signed-off-by: Alejandro Colomar <alx@kernel.org>
 2026-01-09 14:36:41 +01:00
3 changed files with 55 additions and 1 deletions
Show Stats Expand all files Collapse all files

2
configure.ac
View File

@ -5,7 +5,7 @@ m4_define([libsubid_abi_minor], [0])
m4_define([libsubid_abi_micro], [0])
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
AC_INIT([shadow], [4.19.0], [pkg-shadow-devel@lists.alioth.debian.org], [],
AC_INIT([shadow], [4.19.2], [pkg-shadow-devel@lists.alioth.debian.org], [],
[https://github.com/shadow-maint/shadow])
AC_CONFIG_MACRO_DIRS([m4])
AC_CONFIG_AUX_DIR([build-aux])

12
lib/chkhash.c
View File

@ -7,6 +7,9 @@
#include <stddef.h>
#include <string.h>
#include "string/strcmp/streq.h"
#include "string/strcmp/strprefix.h"
/*
* match_regex - return true if match, false if not
@ -37,6 +40,15 @@ match_regex(const char *pattern, const char *string)
bool
is_valid_hash(const char *hash)
{
hash = strprefix(hash, "!") ?: hash;
// Passwordless account; discouraged
if (streq(hash, ""))
return true;
if (streq(hash, "*"))
return true;
// Minimum hash length
if (strlen(hash) < 13)
return false;

42
src/usermod.c
View File

@ -1388,6 +1388,48 @@ process_flags(int argc, char **argv, struct option_flags *flags)
}
#endif /* WITH_SELINUX */
if (user_newid == user_id) {
uflg = false;
oflg = false;
}
if (user_newgid == user_gid) {
gflg = false;
}
if ( (NULL != user_newshell)
&& streq(user_newshell, user_shell)) {
sflg = false;
}
if (streq(user_newname, user_name)) {
lflg = false;
}
if (user_newinactive == user_inactive) {
fflg = false;
}
if (user_newexpire == user_expire) {
eflg = false;
}
if ( (NULL != user_newhome)
&& streq(user_newhome, user_home)) {
dflg = false;
mflg = false;
}
if ( (NULL != user_newcomment)
&& streq(user_newcomment, user_comment)) {
cflg = false;
}
if (!(Uflg || uflg || sflg || pflg || mflg || Lflg ||
lflg || Gflg || gflg || fflg || eflg || dflg || cflg
#ifdef ENABLE_SUBIDS
|| vflg || Vflg || wflg || Wflg
#endif /* ENABLE_SUBIDS */
#ifdef WITH_SELINUX
|| Zflg
#endif /* WITH_SELINUX */
)) {
exit (E_SUCCESS);
}
if (!is_shadow_pwd && (eflg || fflg)) {
fprintf (stderr,
_("%s: shadow passwords required for -e and -f\n"),