Jira (PUP-4406) Corrupt /etc/shadow entry when password hash contains newline

[Nick Howes (JIRA)]

Nick Howes created an issue

Puppet / PUP-4406 Corrupt /etc/shadow entry when password hash contains newline Issue Type: Bug Affects Versions: PUP 3.7.5 Assignee: Unassigned Created: 2015/04/14 1:18 AM Environment: Solaris 11.2 Priority: Normal Reporter: Nick Howes I accidentally used a password hash with a newline at the end (which I didn't notice because it was encased in an eyaml encrypted value). The user_role_add user provider for Solaris carries on and edits /etc/shadow (code) in a way that keeps adding an extra "days since 1970" value on every run. specialops:bqaTovDgSOMEHASHVALUE/:16538:16538:16538:16538:16538:16538:16538:::::: After the error is corrected, the line stays in this corrupt form, and the user can't log in. While it was an error on my part to pass it a newline, I think it'd be good if it could just fail fast without doing anything if the hash contains a newline, or anything else that might corrupt /etc/shadow (like a colon). Add Comment

This message was sent by Atlassian JIRA (v6.3.15#6346-sha1:dbc023d)

[William Hopper (JIRA)]

William Hopper updated an issue

Puppet / PUP-4406 Corrupt /etc/shadow entry when password hash contains newline

Change By: William Hopper Labels: client-onboarding

Add Comment

This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)

[Adrien Thebo (JIRA)]

Adrien Thebo commented on PUP-4406

Re: Corrupt /etc/shadow entry when password hash contains newline I think it's reasonable to verify that password hashes are properly formatted for the given platform (though this will have to be enforced by the provider since requirements will vary based on the platform). That said I don't know what to make of the idea of Puppet repairing invalid /etc/shadow entries; if the data has been corrupted I doubt there's a reliable way to "uncorrupt it." Since password hash validity checking is a reasonable thing to include we can leave this ticket open, but we'll need a pull request to move forward with this since we won't be able to make it a priority.

Add Comment

This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)

[Adrien Thebo (JIRA)]

Adrien Thebo updated an issue

Puppet / PUP-4406

Corrupt /etc/shadow entry when password hash contains newline

Change By: Adrien Thebo Labels: client-onboarding  help_wanted triaged

Add Comment

[Moses Mendoza (JIRA)]

Moses Mendoza updated an issue

Puppet / PUP-4406 Corrupt /etc/shadow entry when password hash contains newline

Change By: Moses Mendoza Labels: client-onboarding help_wanted  triaged

Add Comment

[Jacob Helwig (JIRA)]

Jacob Helwig updated an issue

Puppet / PUP-4406 Corrupt /etc/shadow entry when password hash contains newline

Change By: Jacob Helwig Sub-team: Coremunity

Add Comment

This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db)

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-4406 Corrupt /etc/shadow entry when password hash contains newline

Change By: Josh Cooper Team: Coremunity Night's Watch

Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-4406

Re: Corrupt /etc/shadow entry when password hash contains newline Thank you for filing this issue. We agree it is likely an improvement, but due to other issues demanding precedence, we don’t anticipate being able to address this any time soon. If you are interested in submitting a patch to the repository for this project at https://github.com/puppetlabs/puppet, please open a pull request and re-open this ticket. Pending that, we are closing this as “Won’t Fix.” We may revisit it at a later time, and if so will re-open this ticket.

Add Comment