From 53339f53ab71c138578d4102a4e4011344d33b2d Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Tue, 7 Jun 2022 09:11:56 +0200 Subject: lslogins: improve prefixes interpretation It seems that for example 'passwd --lock' uses two exclamation marks in password field. It seems better to assume arbitrary number of '!' and '*' prefixes. The patch also makes description of the PWD-EMPTY output field more explicit. Upstream: http://github.com/util-linux/util-linux/commit/c51cba1e838ae7e36a843ec785543492bb8737cd Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2094216 Signed-off-by: Karel Zak --- login-utils/lslogins.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c index c37df9096..1332a9925 100644 --- a/login-utils/lslogins.c +++ b/login-utils/lslogins.c @@ -225,7 +225,7 @@ static const struct lslogins_coldesc coldescs[] = { [COL_USER] = { "USER", N_("user name"), N_("Username"), 0.1, SCOLS_FL_NOEXTREMES }, [COL_UID] = { "UID", N_("user ID"), "UID", 1, SCOLS_FL_RIGHT}, - [COL_PWDEMPTY] = { "PWD-EMPTY", N_("password not required"), N_("Password not required"), 1, SCOLS_FL_RIGHT }, + [COL_PWDEMPTY] = { "PWD-EMPTY", N_("password not defined"), N_("Password not required (empty)"), 1, SCOLS_FL_RIGHT }, [COL_PWDDENY] = { "PWD-DENY", N_("login by password disabled"), N_("Login by password disabled"), 1, SCOLS_FL_RIGHT }, [COL_PWDLOCK] = { "PWD-LOCK", N_("password defined, but locked"), N_("Password is locked"), 1, SCOLS_FL_RIGHT }, [COL_PWDMETHOD] = { "PWD-METHOD", N_("password encryption method"), N_("Password encryption method"), 0.1 }, @@ -817,23 +817,42 @@ static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const c break; case COL_PWDEMPTY: if (shadow) { - if (!*shadow->sp_pwdp) /* '\0' */ + const char *p = shadow->sp_pwdp; + + while (p && (*p == '!' || *p == '*')) + p++; + + if (!p || !*p) user->pwd_empty = STATUS_TRUE; } else user->pwd_empty = STATUS_UNKNOWN; break; case COL_PWDDENY: if (shadow) { - if ((*shadow->sp_pwdp == '!' || - *shadow->sp_pwdp == '*') && - !valid_pwd(shadow->sp_pwdp + 1)) + const char *p = shadow->sp_pwdp; + + while (p && (*p == '!' || *p == '*')) + p++; + + if (p && *p && p != shadow->sp_pwdp && !valid_pwd(p)) user->pwd_deny = STATUS_TRUE; } else user->pwd_deny = STATUS_UNKNOWN; break; case COL_PWDLOCK: if (shadow) { - if (*shadow->sp_pwdp == '!' && valid_pwd(shadow->sp_pwdp + 1)) + const char *p = shadow->sp_pwdp; + int i = 0; + + /* 'passwd --lock' uses two exclamation marks, + * shadow(5) describes the lock as "field which + * starts with an exclamation mark". Let's + * support more '!' ... + */ + while (p && *p == '!') + p++, i++; + + if (i != 0 && (!*p || valid_pwd(p))) user->pwd_lock = STATUS_TRUE; } else user->pwd_lock = STATUS_UNKNOWN; @@ -842,7 +861,7 @@ static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const c if (shadow) { const char *p = shadow->sp_pwdp; - if (*p == '!' || *p == '*') + while (p && (*p == '!' || *p == '*')) p++; user->pwd_method = get_pwd_method(p, NULL, NULL); } else -- 2.36.1