diff options
author | Thomas Orgis | 2007-02-07 11:27:12 +0100 |
---|---|---|
committer | Jeremy Blosser | 2007-02-07 15:11:30 -0600 |
commit | 78ce7a16baa67619d8d76a52a0f8b0c06332bf4b (patch) | |
tree | 2c878c9f64aa7d9ab8f17e862bbafa8d9b5d134e | |
parent | 36af02e07ff80b93e887c9033653cb1129fff2aa (diff) |
shadow: making the query about restoring shadows an extra one-timer, as Jeremy suggested
(cherry picked from commit 37a38d2e3b991e47fc2b4cf2e4836dacea0c2ab9)
-rwxr-xr-x | security/shadow/CONFIGURE | 22 | ||||
-rwxr-xr-x | security/shadow/FINAL | 8 | ||||
-rw-r--r-- | security/shadow/HISTORY | 5 |
3 files changed, 19 insertions, 16 deletions
diff --git a/security/shadow/CONFIGURE b/security/shadow/CONFIGURE index b5e0ef1a33..2c754b20c9 100755 --- a/security/shadow/CONFIGURE +++ b/security/shadow/CONFIGURE @@ -1,23 +1,19 @@ # There's a bug introduced by the solution of bug 8834: # if you said "n" to $SHADOW_CONV, you ended up with the state pw/grpunconv # left on dispelling old shadow. -# Introducing a new var $SHADOW_NEWCONV for the query to be able to re-ask -# the question. +# Introducing the temporary SHADOW_RECONV to support fixing that situation. -conv_default=n && -if [[ "$SHADOW_CONV" == "y" ]]; then conv_default=y; fi && -# if we haven't yet an answer on the new question and the old answer was not y -if [[ -z "$SHADOW_NEWCONV" ]] && [[ $conv_default == n ]]; then - message "Checking passwd for shadowness (there could have been an unwanted run of pwunconv/grpunconv)." && +if [[ "$SHADOW_CONV" == n ]] && [[ -z "$SHADOW_RECONV" ]]; then + message "Checking passwd for shadowness (there could have been an unwanted run of pwunconv/grpunconv, see bug #8834)." && if ! grep -q '^root:x:' "$INSTALL_ROOT/etc/passwd"; then - message "Your passwd file contains password hashes, suggesting (re)conversion to shadow." && - message "You can still say n to the upcoming query but make sure then to run pwconv / grpconv yourself if you want existing passwords shadowed." && - conv_default=y + message "${PROBLEM_COLOR}Your passwd file contains password hashes, resuggesting conversion to shadow." && + message "${MESSAGE_COLOR}You can still say n to the upcoming query but make sure to run pwconv / grpconv yourself if you want existing passwords shadowed." && + config_query SHADOW_RECONV "One-time query: convert/fix accounts (with installed shadow utils) this time" n fi +else + config_query SHADOW_CONV "Attempt to convert/fix accounts (with installed shadow utils)" n fi && - -config_query SHADOW_NEWCONV "Attempt to convert/fix accounts (with installed shadow utils)" $conv_default && -if [[ "$SHADOW_NEWCONV" == y ]]; then +if [[ "$SHADOW_CONV" == y ]] || [[ "$SHADOW_RECONV" == y ]]; then message "OK, checking your user and group accounts" && grpck -r "$INSTALL_ROOT/etc/group" "$INSTALL_ROOT/etc/gshadow" || { diff --git a/security/shadow/FINAL b/security/shadow/FINAL index 05402f7095..87461c713b 100755 --- a/security/shadow/FINAL +++ b/security/shadow/FINAL @@ -1,6 +1,8 @@ -if [ "$SHADOW_NEWCONV" == y ]; then +if [ "$SHADOW_CONV" == y ] || [ "$SHADOW_RECONV" == "y" ]; then #Create or update necessary files for shadow - message "running pwconv and grpconv" && + message "${MESSAGE_COLOR}running pwconv and grpconv" && ${INSTALL_ROOT}/usr/sbin/pwconv && ${INSTALL_ROOT}/usr/sbin/grpconv -fi +fi && +# mark it off +SHADOW_RECONV=x diff --git a/security/shadow/HISTORY b/security/shadow/HISTORY index 54989a3daf..fea9dcb4df 100644 --- a/security/shadow/HISTORY +++ b/security/shadow/HISTORY @@ -1,3 +1,8 @@ +2007-02-07 Thomas Orgis <sobukus@sourcemage.org> + * CONFIGURE,FINAL: integrated Jeremy's suggestion of making the + emergency query a one-timer + * DETAILS: patchlevel (security level is the same as before) + 2007-02-06 Thomas Orgis <sobukus@sourcemage.org> * CONFIGURE,PRE_REMOVE, REPAIR^...^PRE_REMOVE, FINAL: I made the pwconv optional, but there still was unconditional pwunconv in |