Skip to content

chpasswd: Check hash before write when using -e #1285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alejandro-colomar merged 1 commit into from
Jul 20, 2025
Merged

chpasswd: Check hash before write when using -e #1285

alejandro-colomar merged 1 commit into from
Jul 20, 2025

Conversation

@mmpx12
Copy link
Contributor

@mmpx12 mmpx12 commented Jul 11, 2025

Add is_valid_hash to prevent adding a bad hash in /etc/shadow (and so prevent user to be lock) when using chpasswd -e

# before
echo 'vinz:test123' | chpasswd -e
grep vinz /etc/shadow
vinz:test123:20280:0:99999:7:::

# now
echo 'vinz:test123' |sudo ./chpasswd -e
chpasswd: (line: 1) invalid password hash for user 'vinz'
chpasswd: error detected, changes ignored

@mmpx12 mmpx12 force-pushed the master branch 2 times, most recently from 183a7aa to 6e12d17 Compare July 11, 2025 20:21
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
@mmpx12 mmpx12 force-pushed the master branch 2 times, most recently from 180f236 to d9eff0e Compare July 12, 2025 20:01
@mmpx12
Copy link
Contributor Author

mmpx12 commented Jul 12, 2025

@alejandro-colomar Everything should be resolved.

alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 12, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar approved these changes Jul 12, 2025
View reviewed changes
Copy link
Collaborator

@alejandro-colomar alejandro-colomar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the minor style comments, I like this very much! Thanks!

Reviewed-by: Alejandro Colomar <alx@kernel.org>

alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 13, 2025
View reviewed changes
@mmpx12 mmpx12 force-pushed the master branch 2 times, most recently from 7837faf to 7f9c2ad Compare July 13, 2025 21:11
@alejandro-colomar
Copy link
Collaborator

alejandro-colomar commented Jul 13, 2025
edited
Loading

All's good. Please squash the commits into one, and I'll merge. Thanks!

@alejandro-colomar
Copy link
Collaborator

alejandro-colomar commented Jul 16, 2025

Please fix the commit message. It is currently:

 chpasswd: Check hash before write when using -e

chpasswd: Check hash before write when using -e (fixed)

chpasswd: Check hash before write when using -e (fixed 2)

chpasswd: Check hash before write when using -e (sorted hash from safest to weakest)

chpasswd: Check hash before write when using -e (typos and consitent regex order)

chpasswd: Check hash before write when using -e (use crypt(5) regex)

chpasswd: Check hash before write when using -e (fixed crypt(5) bad regex)

:)

@alejandro-colomar
Copy link
Collaborator

alejandro-colomar commented Jul 16, 2025
edited
Loading

Add is_valid_hash to prevent adding a bad hash in /etc/shadow (and so prevent user to be lock) when using chpasswd -e

# before
echo 'vinz:test123' | chpasswd -e
grep vinz /etc/shadow
vinz:test123:20280:0:99999:7:::

# now
echo 'vinz:test123' |sudo ./chpasswd -e
chpasswd: (line: 1) invalid password hash for user 'vinz'
chpasswd: error detected, changes ignored

Please include this in the commit message, with the code examples indented with a tab.

alejandro-colomar
alejandro-colomar reviewed Jul 20, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar reviewed Jul 20, 2025
View reviewed changes
@alejandro-colomar
Copy link
Collaborator

alejandro-colomar commented Jul 20, 2025 

Add is_valid_hash to prevent adding a bad hash in /etc/shadow (and so prevent user to be lock) when using chpasswd -e

    # before
    echo 'vinz:test123' | chpasswd -e
    grep vinz /etc/shadow
    vinz:test123:20280:0:99999:7:::

    # now
    echo 'vinz:test123' | sudo ./chpasswd -e
    chpasswd: (line: 1) invalid password hash for user 'vinz'
    chpasswd: error detected, changes ignored

This (from the commit message) doesn't match the code from the patch. The parentheses around the line number are not there.

@mmpx12
chpasswd: Check hash before write when using -e
dd4d1ae 
Add is_valid_hash to prevent adding a bad hash in /etc/shadow (and so prevent user to be lock) when using chpasswd -e

    # before
    echo 'vinz:test123' | chpasswd -e
    grep vinz /etc/shadow
    vinz:test123:20280:0:99999:7:::

    # now
    echo 'vinz:test123' | sudo ./chpasswd -e
    chpasswd: (line 1, user vinz) invalid password hash
    chpasswd: error detected, changes ignored
alejandro-colomar
alejandro-colomar reviewed Jul 20, 2025
View reviewed changes
alejandro-colomar
alejandro-colomar approved these changes Jul 20, 2025
View reviewed changes
Copy link
Collaborator

@alejandro-colomar alejandro-colomar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@alejandro-colomar alejandro-colomar merged commit c44f1e0 into shadow-maint:master Jul 20, 2025
@mmpx12
Copy link
Contributor Author

mmpx12 commented Jul 20, 2025

@alejandro-colomar i changed commit msg and error msg (used do_pam_passwd_non_interactive style) and changed "config.h" import

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alejandro-colomar alejandro-colomar alejandro-colomar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mmpx12 @alejandro-colomar