chpasswd -S does not operate according to documented behaviour

Bug #1045786 reported by James Dingwall on 2012-09-04
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
Undecided
Unassigned

Bug Description

# lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04

# apt-cache policy passwd
passwd:
  Installed: 1:4.1.4.2+svn3283-3ubuntu5
  Candidate: 1:4.1.4.2+svn3283-3ubuntu5
  Version table:
 *** 1:4.1.4.2+svn3283-3ubuntu5 0
        500 http://10.0.0.1/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

According to the chpasswd(8) man page this should be the behaviour of chpasswd with the -S option.
       -S, --stdout
           Report encrypted passwords to stdout instead of updating password
           file.

However in this version of the package with -S or --stdout the encrypted password is not echoed to the console and the password file is updated.

Test case:
# grep ^user /etc/shadow ; echo user:newpass | chpasswd -S ; grep ^user /etc/shadow
user:$6$0pDpHiAG$e9Ks1Y8MwixB2rwdYCv0/abhTdTsWo5hEdLdOD85NHMovlPbQ.lWD163l1xgNipsZkzgSIzJarbnjK6xwywMf.:15587:0:99999:7:::
user:$6$A15jTQUz$BJDqOMNV4WE2.SVwJ5DmaH7FoJC7p9Zlf5JpR.Cq.mV9ViBmrn.JNgrAv1nk4PdriKlANWeckGD/6nrNAES9G1:15587:0:99999:7:::

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shadow (Ubuntu):
status: New → Confirmed
Matt Day (fjarlq) wrote :

I looked into this briefly, and I think I've spotted the problem.

In the `shadow` package, version 4.1.5.1, the `debian/patches/495_stdout-encrypted-password` patch does not cause the call to `do_pam_passwd_non_interractive()` to be avoided when the -S option has been given, indicating `use_stdout = TRUE`.

I am not familiar with this code at all, but I looked into `do_pam_passwd_non_interractive()` (`shadow` package file `libmisc/pam_pass_non_interractive.c`) and it only seems to be doing PAM updating stuff that shouldn't be happening when -S has been specified.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers