Bug#317012: [Pkg-shadow-devel] Bug#317012: fixed in shadow 1:4.0.3-37

Christian Perrier bubulle at debian.org
Wed Sep 14 18:56:40 UTC 2005 

> > > On Sun, Jul 10, 2005 at 03:49:26PM -0400, Christian Perrier wrote:
> > > >    * Upstream bugs not fixed in upstream releases or CVS:
> > > >      - 443_chage_exit_values
> > > >        chage: change the exit value to 3 when chage fails because the system is
> > > >        not shadow enabled.
> > > >        Closes: #317012
> > > 
> > > That doesn't seem to work reliably, see #328090.
> > 
> > root at mykerinos:~# shadowconfig off
> > Shadow passwords are now off.
> > root at mykerinos:~# chage spongebob
> > chage: the shadow password file is not present
> > root at mykerinos:~# echo $?
> > 3
> > 
> > What else could be done?
> 
> Maybe it would be an idea to debug with the bug reporter of #328090
> why his chage is returning 1 after saying "can't open shadow password
> file", which is a differently worded error message from the one you
> have cited. Maybe there is another code path in chage which still
> returns 1?


Well, Petter, could you give us details about the environment where
you got the failure ?

In passwd 4.0.3-39, chage exist with an errorlevel of 3 as soon as
/etc/shadow does not exist.

What you reported comes from a chunk of code which comes *AFTER* the
check of existence for /etc/shadow

-----------------------------------------------------
#define E_SUCCESS	0
#define E_NOPERM	1	/* permission denied */
#define E_NOT_SHADOWED 	3	/* no shadow password file */

.../...

#ifdef	SHADOWPWD
	if (!spw_file_present()) {
		fprintf (stderr,
			 _("%s: the shadow password file is not present\n"),
			 Prog);
		SYSLOG ((LOG_ERR, "can't find the shadow password file"));
		closelog ();
M 		exit (E_NOT_SHADOWED);
	}
	/*
	 * For shadow password files we have to lock the file and read in
	 * the entries as was done for the password file. The user entries
	 * does not have to exist in this case; a new entry will be created
	 * for this user if one does not exist already.
	 */
	if (locks && !spw_lock ()) {
		fprintf (stderr,
			 _("%s: can't lock shadow password file"), Prog);
		cleanup (1);
		SYSLOG ((LOG_ERR, "failed locking %s", SHADOW_FILE));
		closelog ();
		exit (E_NOPERM);
	}
	if (!spw_open (locks ? O_RDWR : O_RDONLY)) {
		fprintf (stderr,
			 _("%s: can't open shadow password file"), Prog);
		cleanup (2);
		SYSLOG ((LOG_ERR, "failed opening %s", SHADOW_FILE));
		closelog ();
		exit (E_NOPERM);
	}

-----------------------------------------------------

So, if I read the code properly, when /etc/shadow does not
exist....chage really exits with the errorcode 3 (E_NOT_SHADOWED).

The reported behaviour seems to indicate that the file is here, but it
could not be opened...

Any idea of what in your setup could have lead to this ?

More information about the Pkg-shadow-devel mailing list