* libmisc/pwd2spwd.c, src/chpasswd.c, src/newusers.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/useradd.c, src/usermod.c: On Jan 01, 1970, do not set the sp_lstchg field to 0 (which means that the password shall be changed during the next login), but use -1 (password aging disabled). * src/passwd.c: Do not check sp_min if sp_lstchg is null or -1.
This commit is contained in:
parent
7585fa0fe9
commit
b23443630c
@ -1,3 +1,12 @@
|
|||||||
|
2009-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* libmisc/pwd2spwd.c, src/chpasswd.c, src/newusers.c,
|
||||||
|
src/passwd.c, src/pwck.c, src/pwconv.c, src/useradd.c,
|
||||||
|
src/usermod.c: On Jan 01, 1970, do not set the sp_lstchg field to
|
||||||
|
0 (which means that the password shall be changed during the next
|
||||||
|
login), but use -1 (password aging disabled).
|
||||||
|
* src/passwd.c: Do not check sp_min if sp_lstchg is null or -1.
|
||||||
|
|
||||||
2009-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
2009-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/chage.c: When no shadow entry exist, the default sp_lstchg
|
* src/chage.c: When no shadow entry exist, the default sp_lstchg
|
||||||
|
@ -65,6 +65,11 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
|
|||||||
sp.sp_min = 0;
|
sp.sp_min = 0;
|
||||||
sp.sp_max = (10000L * DAY) / SCALE;
|
sp.sp_max = (10000L * DAY) / SCALE;
|
||||||
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == sp.sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a password
|
||||||
|
* change */
|
||||||
|
sp.sp_lstchg = -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -373,7 +373,6 @@ int main (int argc, char **argv)
|
|||||||
struct passwd newpw;
|
struct passwd newpw;
|
||||||
int errors = 0;
|
int errors = 0;
|
||||||
int line = 0;
|
int line = 0;
|
||||||
long now = (long) time ((time_t *)NULL) / SCALE;
|
|
||||||
|
|
||||||
Prog = Basename (argv[0]);
|
Prog = Basename (argv[0]);
|
||||||
|
|
||||||
@ -478,7 +477,12 @@ int main (int argc, char **argv)
|
|||||||
if (NULL != sp) {
|
if (NULL != sp) {
|
||||||
newsp = *sp;
|
newsp = *sp;
|
||||||
newsp.sp_pwdp = cp;
|
newsp.sp_pwdp = cp;
|
||||||
newsp.sp_lstchg = now;
|
newsp.sp_lstchg = (long) time ((time_t *)NULL) / SCALE;
|
||||||
|
if (0 == newsp.sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a
|
||||||
|
* password change */
|
||||||
|
newssp.sp_lstchg = -1;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
newpw = *pw;
|
newpw = *pw;
|
||||||
newpw.pw_passwd = cp;
|
newpw.pw_passwd = cp;
|
||||||
|
@ -452,6 +452,10 @@ static int add_passwd (struct passwd *pwd, const char *password)
|
|||||||
spent.sp_pwdp = pw_encrypt (password, salt);
|
spent.sp_pwdp = pw_encrypt (password, salt);
|
||||||
}
|
}
|
||||||
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == spent.sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a password change */
|
||||||
|
spent.sp_lstchg = -1;
|
||||||
|
}
|
||||||
spent.sp_min = getdef_num ("PASS_MIN_DAYS", 0);
|
spent.sp_min = getdef_num ("PASS_MIN_DAYS", 0);
|
||||||
/* 10000 is infinity this week */
|
/* 10000 is infinity this week */
|
||||||
spent.sp_max = getdef_num ("PASS_MAX_DAYS", 10000);
|
spent.sp_max = getdef_num ("PASS_MAX_DAYS", 10000);
|
||||||
|
19
src/passwd.c
19
src/passwd.c
@ -385,8 +385,10 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
|
|||||||
* changed. Passwords which have been inactive too long cannot be
|
* changed. Passwords which have been inactive too long cannot be
|
||||||
* changed.
|
* changed.
|
||||||
*/
|
*/
|
||||||
if (sp->sp_pwdp[0] == '!' || exp_status > 1 ||
|
if ( (sp->sp_pwdp[0] == '!')
|
||||||
(sp->sp_max >= 0 && sp->sp_min > sp->sp_max)) {
|
|| (exp_status > 1)
|
||||||
|
|| ( (sp->sp_max >= 0)
|
||||||
|
&& (sp->sp_min > sp->sp_max))) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("The password for %s cannot be changed.\n"),
|
_("The password for %s cannot be changed.\n"),
|
||||||
sp->sp_namp);
|
sp->sp_namp);
|
||||||
@ -398,19 +400,20 @@ static void check_password (const struct passwd *pw, const struct spwd *sp)
|
|||||||
/*
|
/*
|
||||||
* Passwords may only be changed after sp_min time is up.
|
* Passwords may only be changed after sp_min time is up.
|
||||||
*/
|
*/
|
||||||
|
if (sp->sp_lstchg > 0) {
|
||||||
last = sp->sp_lstchg * SCALE;
|
last = sp->sp_lstchg * SCALE;
|
||||||
ok = last + (sp->sp_min > 0 ? sp->sp_min * SCALE : 0);
|
ok = last + (sp->sp_min > 0 ? sp->sp_min * SCALE : 0);
|
||||||
|
|
||||||
if (now < ok) {
|
if (now < ok) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_
|
_("The password for %s cannot be changed yet.\n"),
|
||||||
("The password for %s cannot be changed yet.\n"),
|
|
||||||
pw->pw_name);
|
pw->pw_name);
|
||||||
SYSLOG ((LOG_WARN, "now < minimum age for '%s'", pw->pw_name));
|
SYSLOG ((LOG_WARN, "now < minimum age for '%s'", pw->pw_name));
|
||||||
closelog ();
|
closelog ();
|
||||||
exit (E_NOPERM);
|
exit (E_NOPERM);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* insert_crypt_passwd - add an "old-style" password to authentication
|
* insert_crypt_passwd - add an "old-style" password to authentication
|
||||||
@ -633,6 +636,11 @@ static void update_shadow (void)
|
|||||||
}
|
}
|
||||||
if (do_update_age) {
|
if (do_update_age) {
|
||||||
nsp->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
nsp->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == nsp->sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a password
|
||||||
|
* change */
|
||||||
|
nsp->sp_lstchg = -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -640,8 +648,9 @@ static void update_shadow (void)
|
|||||||
* 2.x passwd -f. Solaris 2.x seems to do the same thing (set
|
* 2.x passwd -f. Solaris 2.x seems to do the same thing (set
|
||||||
* sp_lstchg to 0).
|
* sp_lstchg to 0).
|
||||||
*/
|
*/
|
||||||
if (eflg)
|
if (eflg) {
|
||||||
nsp->sp_lstchg = 0;
|
nsp->sp_lstchg = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (spw_update (nsp) == 0) {
|
if (spw_update (nsp) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
|
@ -473,6 +473,12 @@ static void check_pw_file (int *errors, bool *changed)
|
|||||||
sp.sp_expire = -1;
|
sp.sp_expire = -1;
|
||||||
sp.sp_flag = SHADOW_SP_FLAG_UNSET;
|
sp.sp_flag = SHADOW_SP_FLAG_UNSET;
|
||||||
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == sp.sp_lstchg) {
|
||||||
|
/* Better disable aging than
|
||||||
|
* requiring a password change
|
||||||
|
*/
|
||||||
|
sp.sp_lstchg = -1;
|
||||||
|
}
|
||||||
*changed = true;
|
*changed = true;
|
||||||
|
|
||||||
if (spw_update (&sp) == 0) {
|
if (spw_update (&sp) == 0) {
|
||||||
|
@ -203,6 +203,11 @@ int main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
spent.sp_pwdp = pw->pw_passwd;
|
spent.sp_pwdp = pw->pw_passwd;
|
||||||
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == spent.sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a password
|
||||||
|
* change */
|
||||||
|
spent.sp_lstchg = -1;
|
||||||
|
}
|
||||||
if (spw_update (&spent) == 0) {
|
if (spw_update (&spent) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failed to prepare the new %s entry '%s'\n"),
|
_("%s: failed to prepare the new %s entry '%s'\n"),
|
||||||
|
@ -766,6 +766,10 @@ static void new_spent (struct spwd *spent)
|
|||||||
spent->sp_namp = (char *) user_name;
|
spent->sp_namp = (char *) user_name;
|
||||||
spent->sp_pwdp = (char *) user_pass;
|
spent->sp_pwdp = (char *) user_pass;
|
||||||
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == spent->sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a password change */
|
||||||
|
spent->sp_lstchg = -1;
|
||||||
|
}
|
||||||
if (!rflg) {
|
if (!rflg) {
|
||||||
spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
|
spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
|
||||||
spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
|
spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
|
||||||
|
@ -521,6 +521,11 @@ static void new_spent (struct spwd *spent)
|
|||||||
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
|
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
|
||||||
if (pflg) {
|
if (pflg) {
|
||||||
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == spent->sp_lstchg) {
|
||||||
|
/* Better disable aging than requiring a password
|
||||||
|
* change */
|
||||||
|
spent->sp_lstchg = -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user