[PATCH alternative] sulogin: fix FEATURE_SHADOWPASSWDS sematics

[Tito]

On Wednesday 20 November 2013 13:25:15 you wrote:
> On Tue, Nov 19, 2013 at 1:58 PM, Tito <farmatito at tiscali.it> wrote:
> >> Please try attached patch.
> >>
> > looks good for consolidation of the other loginutils but for sulogin
> > it makes implementing the locked root account feature more difficult
> 
> Why difficult?
> 
> ...
>         pwd = getpwuid(0);
>         if (!pwd) {
>                 goto auth_error;
>         }
> +       if (pwd->pw_passwd == "!") ...
>         while (1) {
>                 int r;
>                 r = ask_and_check_password_extended(pwd, timeout,
> ...
> 
> 
> > and probably also detecting an invalid root account or corrupted passwd/shadow
> > files  so that in the worst case you could be locked out of your system.
> 
> Does standard sulogin do something like that?
> 
Hi,
Because at least in Debian when using shadow passwords
we have 'x' in /etc/passwd and '!' in /etc/shadow:

grep test /etc/passwd /etc/shadow
/etc/passwd:test:x:1004:1005:,,,:/home/test:/bin/bash
/etc/shadow:test:!$6$5Gts7ZAs$ANBEqeEqu5fdpuCsGR042brEFZVBLL/ML1CQC2v0VyyamAwsFxTbQrIVwXNx63L/Z22MNCadbKOm8IF5CC.f6.:16029:0:99999:7:::

so we need to check for '!' after having checked /etc/shadow.
Samething for an invalid root account with entry in /etc/passwd
and missing entry in /etc/shadow.


Ciao,
Tito