Ubuntu
shadow package

chpasswd -S does not operate according to documented behaviour

Bug #1045786 reported by James Dingwall
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

# lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04

# apt-cache policy passwd
passwd:
  Installed: 1:4.1.4.2+svn3283-3ubuntu5
  Candidate: 1:4.1.4.2+svn3283-3ubuntu5
  Version table:
 *** 1:4.1.4.2+svn3283-3ubuntu5 0
        500 http://10.0.0.1/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

According to the chpasswd(8) man page this should be the behaviour of chpasswd with the -S option.
       -S, --stdout
           Report encrypted passwords to stdout instead of updating password
           file.

However in this version of the package with -S or --stdout the encrypted password is not echoed to the console and the password file is updated.

Test case:
# grep ^user /etc/shadow ; echo user:newpass | chpasswd -S ; grep ^user /etc/shadow
user:$6$0pDpHiAG$e9Ks1Y8MwixB2rwdYCv0/abhTdTsWo5hEdLdOD85NHMovlPbQ.lWD163l1xgNipsZkzgSIzJarbnjK6xwywMf.:15587:0:99999:7:::
user:$6$A15jTQUz$BJDqOMNV4WE2.SVwJ5DmaH7FoJC7p9Zlf5JpR.Cq.mV9ViBmrn.JNgrAv1nk4PdriKlANWeckGD/6nrNAES9G1:15587:0:99999:7:::

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status: New → Confirmed
Revision history for this message
Matt Day (fjarlq) wrote :

I looked into this briefly, and I think I've spotted the problem.

In the `shadow` package, version 4.1.5.1, the `debian/patches/495_stdout-encrypted-password` patch does not cause the call to `do_pam_passwd_non_interractive()` to be avoided when the -S option has been given, indicating `use_stdout = TRUE`.

I am not familiar with this code at all, but I looked into `do_pam_passwd_non_interractive()` (`shadow` package file `libmisc/pam_pass_non_interractive.c`) and it only seems to be doing PAM updating stuff that shouldn't be happening when -S has been specified.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.