Bug 1740166

Summary: passwd -S report is incorrect when the user's /etc/passwd entry does not contain 'x' in the password hash field
Product: [Fedora] Fedora Reporter: Jiri Kucera <jkucera>
Component: passwdAssignee: Jiri Kucera <jkucera>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: frantisek.kluknavsky, jkucera, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: passwd-0.80-7.fc31 passwd-0.80-7.fc30 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-07 01:50:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Kucera 2019-08-12 11:58:18 UTC 
Description of problem:
When the password field in /etc/passwd is empty, but the password hash is set in /etc/shadow, `passwd -S` reports that the password is set, but it should report that password is empty for the current user instead.

Version-Release number of selected component (if applicable):
passwd-0.80-5.fc30

How reproducible:
always

Steps to Reproduce:
~# useradd tester
~# passwd tester
Changing password for user tester.
New password: foo
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: foo
passwd: all authentication tokens updated successfully.
~# grep tester /etc/shadow
tester:$6$dcnqm3mPkRPaktZv$qCoydK8DZha/m.f07y47jMf2eBkn.ojCzxFYgRjuysZ.06G6Oqiq5Zi/nx4L3pslnf3Od8Ka7xk6d0MNEn53g.:18120:0:99999:7:::
~# grep tester /etc/passwd
tester:x:1000:1000::/home/tester:/bin/bash
~# passwd -S tester
tester PS 2019-08-11 0 99999 7 -1 (Password set, SHA512 crypt.)
~# vim /etc/passwd
~# grep tester /etc/passwd
tester::1000:1000::/home/tester:/bin/bash
~# passwd -S tester
tester PS 2019-08-11 0 99999 7 -1 (Password set, SHA512 crypt.)

Actual results:
tester PS 2019-08-11 0 99999 7 -1 (Password set, SHA512 crypt.)

Expected results:
tester NP 2019-08-11 0 99999 7 -1 (Empty password.)

Additional info:
`passwd -S` should also print info to stderr that password field in /etc/passwd is empty but in /etc/shadow the password is set.
Comment 1 Jiri Kucera 2019-12-04 18:11:42 UTC 
Fix in rawhide, f31 and f30. Commit: https://src.fedoraproject.org/rpms/passwd/c/1f800c50310f216b612f5e7e3fee852a74ff96ec
Comment 2 Fedora Update System 2019-12-04 19:48:34 UTC 
FEDORA-2019-1c4b3119a7 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-1c4b3119a7
Comment 3 Fedora Update System 2019-12-04 19:48:35 UTC 
FEDORA-2019-8d4b43000d has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8d4b43000d
Comment 4 Fedora Update System 2019-12-05 01:23:46 UTC 
passwd-0.80-7.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8d4b43000d
Comment 5 Fedora Update System 2019-12-05 02:01:13 UTC 
passwd-0.80-7.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-1c4b3119a7
Comment 6 Fedora Update System 2019-12-07 01:50:21 UTC 
passwd-0.80-7.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2019-12-20 01:13:50 UTC 
passwd-0.80-7.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.