userdbctl: fix "Password OK" shown even when password is empty or locked (#21308)

userdbctl: fix "Password OK" shown even when password is empty or locked
2024-10-06 16:21:34 +00:00 · 2022-01-06 17:01:38 +01:00 · 2022-01-06 17:01:38 +01:00 · cd933f14bd
parent 7611946ebc
commit cd933f14bd
3 changed files with 25 additions and 6 deletions
--- a/3
+++ b/3
@ -4,9 +4,6 @@ Bugfixes:
  manager or system manager can be always set. It would be better to reject
  them when parsing config.

-* userdbctl: "Password OK: yes" is shown even when there are no passwords
-  or the password is locked.
-
 * Jun 01 09:43:02 krowka systemd[1]: Unit user@1000.service has alias user@.service.
  Jun 01 09:43:02 krowka systemd[1]: Unit user@6.service has alias user@.service.
  Jun 01 09:43:02 krowka systemd[1]: Unit user-runtime-dir@6.service has alias user-runtime-dir@.service.
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@ -114,6 +114,10 @@ int is_this_me(const char *username);

 const char *get_home_root(void);

+static inline bool hashed_password_is_locked_or_invalid(const char *password) {
+        return password && password[0] != '$';
+}
+
 /* A locked *and* invalid password for "struct spwd"'s .sp_pwdp and "struct passwd"'s .pw_passwd field */
 #define PASSWORD_LOCKED_AND_INVALID "!*"

--- a/src/shared/user-record-show.c
+++ b/src/shared/user-record-show.c
@ -132,10 +132,28 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) {
                        break;
                }

-                printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
-                break;
+                if (strv_isempty(hr->hashed_password)) {
+                        if (hr->incomplete) /* Record might be incomplete, due to privs */
+                                break;
+                        printf(" Password OK: %sno%s (none set)\n", ansi_highlight(), ansi_normal());
+                        break;
+                }
+                if (strv_contains(hr->hashed_password, "")) {
+                        printf(" Password OK: %sno%s (empty set)\n", ansi_highlight_red(), ansi_normal());
+                        break;
+                }
+                bool has_valid_passwords = false;
+                char **p;
+                STRV_FOREACH(p, hr->hashed_password)
+                        if (!hashed_password_is_locked_or_invalid(*p)) {
+                                has_valid_passwords = true;
+                                break;
+                        }
+                if (has_valid_passwords)
+                        printf(" Password OK: %syes%s\n", ansi_highlight_green(), ansi_normal());
+                else
+                        printf(" Password OK: %sno%s (locked)\n", ansi_highlight(), ansi_normal());
        }
-
        if (uid_is_valid(hr->uid))
                printf("         UID: " UID_FMT "\n", hr->uid);
        if (gid_is_valid(hr->gid)) {