From 21d270d38f821915949e3c13950637994c33d34f Mon Sep 17 00:00:00 2001 From: Dan Nicholson Date: Tue, 30 Jul 2024 11:11:11 -0600 Subject: [PATCH] firstboot: create locked and empty root passwords consistently Although locked and empty passwords in /etc/passwd are treated the same, in all other cases the entry is configured to read the password from /etc/shadow. (cherry picked from commit 5088de9daa156a095e79684c658f9035db971538) --- src/firstboot/firstboot.c | 11 +++++++---- test/units/TEST-74-AUX-UTILS.firstboot.sh | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index 6afabef430..923c2b89df 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -1142,10 +1142,13 @@ static int process_root_account(int rfd) { password = PASSWORD_SEE_SHADOW; hashed_password = _hashed_password; - } else if (arg_delete_root_password) - password = hashed_password = PASSWORD_NONE; - else - password = hashed_password = PASSWORD_LOCKED_AND_INVALID; + } else if (arg_delete_root_password) { + password = PASSWORD_SEE_SHADOW; + hashed_password = PASSWORD_NONE; + } else { + password = PASSWORD_SEE_SHADOW; + hashed_password = PASSWORD_LOCKED_AND_INVALID; + } r = write_root_passwd(rfd, pfd, password, arg_root_shell); if (r < 0) diff --git a/test/units/TEST-74-AUX-UTILS.firstboot.sh b/test/units/TEST-74-AUX-UTILS.firstboot.sh index 2569ad8816..48792c4c67 100755 --- a/test/units/TEST-74-AUX-UTILS.firstboot.sh +++ b/test/units/TEST-74-AUX-UTILS.firstboot.sh @@ -211,7 +211,7 @@ echo -ne "\nfoobar\n" | systemd-firstboot --root="$ROOT" --prompt-hostname grep -q "foobar" "$ROOT/etc/hostname" # With no root password provided, a locked account should be created. systemd-firstboot --root="$ROOT" --prompt-root-password