Modify

Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#10393 closed defect (worksforme)

LUCI password behavior is broken after updating to 28940.

Reported by: andrewsi@… Owned by: developers
Priority: highest Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: password Cc:

Description

After doing sysupgrade to trunk 28940, saving existing config settings, LUCI reports that the system has no password and one should be set. I do this, and it reports that the password has been successfully changed, however, the no-password warning remains active, and even after logout, you can still fully access the system without entering any password at all.

Attachments (0)

Change History (11)

comment:1 Changed 6 years ago by kd4yal@…

Having same problem: WZR-HP-AG300H (r28940) / LuCI Trunk (trunk+svn7920)

Can not telnet and change password either.

comment:2 Changed 6 years ago by kd4yal@…

System log:

authpriv.warn dropbear[2095]: User 'root' has blank password, rejected


authpriv.info dropbear[2095]: Exit before auth (user 'root', 2 fails): Exited normally


authpriv.info dropbear[1862]: Premature exit: Terminated by signal


authpriv.info dropbear[2123]: Running in background


auth.info passwd: Password for root changed by root


authpriv.info dropbear[2123]: Premature exit: Terminated by signal


authpriv.info dropbear[2161]: Running in background


authpriv.info dropbear[2165]: Child connection from 192.168.11.110:34607


authpriv.warn dropbear[2165]: User 'root' has blank password, rejected


auth.info passwd: Password for root changed by root


authpriv.info dropbear[2161]: Premature exit: Terminated by signal


authpriv.info dropbear[2203]: Running in background


authpriv.info dropbear[2203]: Premature exit: Terminated by signal


authpriv.info dropbear[2244]: Running in background


auth.info passwd: Password for root changed by root


authpriv.info dropbear[2244]: Premature exit: Terminated by signal


authpriv.info dropbear[2282]: Running in background


authpriv.warn dropbear[2165]: User 'root' has blank password, rejected

comment:3 Changed 6 years ago by hnyman <hannu.nyman@…>

Same problem with WNDR3700 with trunk build done yesterday.

Password changed both via passwd and via LuCI. /etc/passwd gets changed, but not /etc/shadow, as far as I can see.

This is probably effect of r28935 and r28936

comment:4 Changed 6 years ago by Kaloz

"make package/base-files/clean" before you rebuild..

comment:5 Changed 6 years ago by anonymous

Check if CONFIG_BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS is enabled:

menuconfig > Base system > busybox > Login/Password Management Utilities > Support for shadow passwords.

comment:6 follow-up: Changed 6 years ago by AndrewSi@…

It wasn't. I enabled it, reset the password after reflashing and now things appear to be working correctly.

It seems like there should be some mechanism to warn trunk users of breaking changes that require reconfiguration of your build...

comment:7 Changed 6 years ago by kd4yal@…

Tried both with 28970:

Check if CONFIG_BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS is enabled:

make package/base-files/clean

It did resolve this issue.

Thank you

comment:8 in reply to: ↑ 6 Changed 6 years ago by hnyman <hannu.nyman@…>

There should be a forced dependency in base-files package on that config option.

r28936 changed the default config option of shadow passwords as "yes", but then the second changed the base-files Makefile by removing the former if clause:

@@ -456,8 +456,7 @@
 # Form valid /etc/shadow entries, by copying the user:pw pairs
 # from /etc/passwd, and adding on pw change data
-        $(if $(CONFIG_BUSYBOX_CONFIG_FEATURE_SHADOWPASSWDS), \
-                cut -d ':' -f 1-2 $(1)/etc/passwd > $(1)/etc/shadow; \
-                $(SED) 's/$$$$/:13848:0:99999:7:::/' $(1)/etc/shadow \
-        )
+        cut -d ':' -f 1-2 $(1)/etc/passwd > $(1)/etc/shadow; \
+        $(SED) 's/$$$$/:0:0:99999:7:::/' $(1)/etc/shadow
+
         $(SED) 's,$$$$R,$(REVISION),g' $(1)/etc/banner
         mkdir -p $(1)/CONTROL

And that second change broke the password handling for the case where the shadow-passwords option is not selected for some reason (due to old config, users' specific config choice, etc...).

There should definitely be a dependency forcing that config option on, or the if clause should be returned.

comment:9 Changed 6 years ago by jow

  • Resolution set to worksforme
  • Status changed from new to closed

comment:10 Changed 6 years ago by Attila Lendvai <attila.lendvai@…>

FYI, i've just been bitten by this when recompiling trunk.

i had to look up this ticket, enable shadow support and recompile.

comment:11 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.