shared/{user,group}-record-nss: adjust filtering of "valid" passwords

We would reject various passwords that glibc accepts, for example "" or any descrypted password. Accounts with empty password are definitely useful, for example for testing or in scenarios where a password is not needed. Also, using weak encryption methods is probably not a good idea, it's not the job of our nss helpers to decide that: they should just faithfully forward whatever data is there. Also rename the function to make it more obvious that the returned answer is not in any way certain.
2025-03-23 10:50:16 +03:00 · 2020-08-28 16:23:16 +02:00 · 2020-08-28 16:23:16 +02:00 · 8f796e40a5
commit 8f796e40a5
parent c1afa2ed39
4 changed files with 15 additions and 10 deletions
--- a/src/shared/group-record-nss.c
+++ b/src/shared/group-record-nss.c
@ -37,7 +37,7 @@ int nss_group_to_group_record(
        g->gid = grp->gr_gid;

        if (sgrp) {
-                if (hashed_password_valid(sgrp->sg_passwd)) {
+                if (looks_like_hashed_password(sgrp->sg_passwd)) {
                        g->hashed_password = strv_new(sgrp->sg_passwd);
                        if (!g->hashed_password)
                                return -ENOMEM;
--- a/src/shared/libcrypt-util.c
+++ b/src/shared/libcrypt-util.c
@ -74,13 +74,18 @@ int make_salt(char **ret) {
 #endif
 }

-bool hashed_password_valid(const char *s) {
-
-        /* Returns true if the specified string is a 'valid' hashed UNIX password, i.e. if starts with '$' or
-         * with '!$' (the latter being a valid, yet locked password). */
-
-        if (isempty(s))
+bool looks_like_hashed_password(const char *s) {
+        /* Returns false if the specified string is certainly not a hashed UNIX password. crypt(5) lists
+         * various hashing methods. We only reject (return false) strings which are documented to have
+         * different meanings.
+         *
+         * In particular, we allow locked passwords, i.e. strings starting with "!", including just "!",
+         * i.e. the locked empty password. See also fc58c0c7bf7e4f525b916e3e5be0de2307fef04e.
+         */
+        if (!s)
                return false;

-        return STARTSWITH_SET(s, "$", "!$");
+        s += strspn(s, "!"); /* Skip (possibly duplicated) locking prefix */
+
+        return !STR_IN_SET(s, "x", "*");
 }
--- a/src/shared/libcrypt-util.h
+++ b/src/shared/libcrypt-util.h
@ -19,4 +19,4 @@

 int make_salt(char **ret);

-bool hashed_password_valid(const char *s);
+bool looks_like_hashed_password(const char *s);
--- a/src/shared/user-record-nss.c
+++ b/src/shared/user-record-nss.c
@ -66,7 +66,7 @@ int nss_passwd_to_user_record(
        hr->uid = pwd->pw_uid;
        hr->gid = pwd->pw_gid;

-        if (spwd && hashed_password_valid(spwd->sp_pwdp)) {
+        if (spwd && looks_like_hashed_password(spwd->sp_pwdp)) {
                strv_free_erase(hr->hashed_password);
                hr->hashed_password = strv_new(spwd->sp_pwdp);
                if (!hr->hashed_password)