LibCore: Always fail Account authentication on missing shadow entry

If a user is missing from /etc/shadow, we used to just allow anyone to
authenticate as that user without a password.

With this patch, authentication will instead always fail.

Userland/Libraries/LibCore/Account.cpp

@@ -102,6 +102,10 @@ Result<Account, String> Account::from_uid(uid_t uid)
 
 bool Account::authenticate(const char* password) const
 {
+    // If there was no shadow entry for this account, authentication always fails.
+    if (m_password_hash.is_null())
+        return false;
+
     // An empty passwd field indicates that no password is required to log in.
     if (m_password_hash.is_empty())
         return true;
@@ -206,7 +210,7 @@ void Account::load_shadow_file()
         auto line = shadow_file->read_line();
         if (line.is_null())
             break;
-        auto parts = line.split(':');
+        auto parts = line.split(':', true);
         if (parts.size() != 2) {
             dbgln("Malformed shadow entry, ignoring.");
             continue;

Userland/Libraries/LibCore/Account.h

@@ -51,7 +51,10 @@ public:
     void set_password(const char* password);
     void set_password_enabled(bool enabled);
     void delete_password();
-    bool has_password() const { return !m_password_hash.is_empty(); }
+
+    // A null password means that this account was missing from /etc/shadow.
+    // It's considered to have a password in that case, and authentication will always fail.
+    bool has_password() const { return !m_password_hash.is_empty() || m_password_hash.is_null(); }
 
     uid_t uid() const { return m_uid; }
     gid_t gid() const { return m_gid; }
@@ -73,8 +76,6 @@ private:
 
     String m_username;
 
-    // Contents of passwd field in passwd entry.
-    // Can be empty, "x", or contain a leading '!'
     String m_password_hash;
     uid_t m_uid { 0 };
     gid_t m_gid { 0 };