pw(8): correct expiration period handling and command line overrides
to preconfigured values for -e, -p and -w flags. Use non-negative symbols instead of magic values in passwd_val/pw_password functions. PR: 223431 Submitted by: Yuri Pankov (in part, patch for the manual) Reported by: mav (mentor) MFC after: 3 days Relnotes: yes
This commit is contained in:
parent
a942c585af
commit
3cfe33fd3b
@ -40,7 +40,7 @@ static const char rcsid[] =
|
||||
#include "psdate.h"
|
||||
|
||||
|
||||
static int
|
||||
int
|
||||
numerics(char const * str)
|
||||
{
|
||||
|
||||
|
@ -35,6 +35,7 @@
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
int numerics(char const * str);
|
||||
time_t parse_date(time_t dt, char const * str);
|
||||
void print_date(char *buf, time_t t, int dotime);
|
||||
__END_DECLS
|
||||
|
@ -24,7 +24,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd September 12, 2016
|
||||
.Dd December 10, 2017
|
||||
.Dt PW 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -611,6 +611,14 @@ that the account expires.
|
||||
A value of 0 suppresses automatic calculation of the expiry date.
|
||||
.It Fl p Ar days
|
||||
Set the default password expiration period in days.
|
||||
When
|
||||
.Fl D
|
||||
is used, the
|
||||
.Ar days
|
||||
argument is interpreted differently.
|
||||
It must be numeric and represents the number of days after creation
|
||||
that the account expires.
|
||||
A value of 0 suppresses automatic calculation of the expiry date.
|
||||
.It Fl g Ar group
|
||||
Set the default group for new users.
|
||||
If a blank group is specified using
|
||||
|
@ -48,6 +48,14 @@ enum _mode
|
||||
M_NUM
|
||||
};
|
||||
|
||||
enum _passmode
|
||||
{
|
||||
P_NO,
|
||||
P_NONE,
|
||||
P_RANDOM,
|
||||
P_YES
|
||||
};
|
||||
|
||||
enum _which
|
||||
{
|
||||
W_USER,
|
||||
|
@ -200,18 +200,18 @@ passwd_val(char const * str, int dflt)
|
||||
|
||||
for (i = 0; booltrue[i]; i++)
|
||||
if (strcmp(str, booltrue[i]) == 0)
|
||||
return 1;
|
||||
return P_YES;
|
||||
for (i = 0; boolfalse[i]; i++)
|
||||
if (strcmp(str, boolfalse[i]) == 0)
|
||||
return 0;
|
||||
return P_NO;
|
||||
|
||||
/*
|
||||
* Special cases for defaultpassword
|
||||
*/
|
||||
if (strcmp(str, "random") == 0)
|
||||
return -1;
|
||||
return P_RANDOM;
|
||||
if (strcmp(str, "none") == 0)
|
||||
return -2;
|
||||
return P_NONE;
|
||||
|
||||
errx(1, "Invalid value for default password");
|
||||
}
|
||||
|
@ -517,7 +517,9 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
|
||||
char pwbuf[32];
|
||||
|
||||
switch (cnf->default_password) {
|
||||
case -1: /* Random password */
|
||||
case P_NONE: /* No password at all! */
|
||||
return "";
|
||||
case P_RANDOM: /* Random password */
|
||||
l = (arc4random() % 8 + 8); /* 8 - 16 chars */
|
||||
for (i = 0; i < l; i++)
|
||||
pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
|
||||
@ -533,17 +535,13 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
|
||||
fflush(stdout);
|
||||
}
|
||||
break;
|
||||
|
||||
case -2: /* No password at all! */
|
||||
return "";
|
||||
|
||||
case 0: /* No login - default */
|
||||
default:
|
||||
return "*";
|
||||
|
||||
case 1: /* user's name */
|
||||
case P_YES: /* user's name */
|
||||
strlcpy(pwbuf, user, sizeof(pwbuf));
|
||||
break;
|
||||
case P_NO: /* No login - default */
|
||||
/* FALLTHROUGH */
|
||||
default:
|
||||
return "*";
|
||||
}
|
||||
return pw_pwcrypt(pwbuf);
|
||||
}
|
||||
@ -1124,11 +1122,20 @@ validate_mode(char *mode)
|
||||
return (m);
|
||||
}
|
||||
|
||||
static long
|
||||
validate_expire(char *str, int opt)
|
||||
{
|
||||
if (!numerics(str))
|
||||
errx(EX_DATAERR, "-%c argument must be numeric "
|
||||
"when setting defaults: %s", (char)opt, str);
|
||||
return strtol(str, NULL, 0);
|
||||
}
|
||||
|
||||
static void
|
||||
mix_config(struct userconf *cmdcnf, struct userconf *cfg)
|
||||
{
|
||||
|
||||
if (cmdcnf->default_password == 0)
|
||||
if (cmdcnf->default_password < 0)
|
||||
cmdcnf->default_password = cfg->default_password;
|
||||
if (cmdcnf->reuse_uids == 0)
|
||||
cmdcnf->reuse_uids = cfg->reuse_uids;
|
||||
@ -1166,9 +1173,9 @@ mix_config(struct userconf *cmdcnf, struct userconf *cfg)
|
||||
cmdcnf->min_gid = cfg->min_gid;
|
||||
if (cmdcnf->max_gid == 0)
|
||||
cmdcnf->max_gid = cfg->max_gid;
|
||||
if (cmdcnf->expire_days == 0)
|
||||
if (cmdcnf->expire_days < 0)
|
||||
cmdcnf->expire_days = cfg->expire_days;
|
||||
if (cmdcnf->password_days == 0)
|
||||
if (cmdcnf->password_days < 0)
|
||||
cmdcnf->password_days = cfg->password_days;
|
||||
}
|
||||
|
||||
@ -1200,6 +1207,9 @@ pw_user_add(int argc, char **argv, char *arg1)
|
||||
if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL)
|
||||
err(EXIT_FAILURE, "calloc()");
|
||||
|
||||
cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1;
|
||||
now = time(NULL);
|
||||
|
||||
if (arg1 != NULL) {
|
||||
if (arg1[strspn(arg1, "0123456789")] == '\0')
|
||||
id = pw_checkid(arg1, UID_MAX);
|
||||
@ -1228,12 +1238,16 @@ pw_user_add(int argc, char **argv, char *arg1)
|
||||
homedir = optarg;
|
||||
break;
|
||||
case 'e':
|
||||
now = time(NULL);
|
||||
cmdcnf->expire_days = parse_date(now, optarg);
|
||||
if (genconf)
|
||||
cmdcnf->expire_days = validate_expire(optarg, ch);
|
||||
else
|
||||
cmdcnf->expire_days = parse_date(now, optarg);
|
||||
break;
|
||||
case 'p':
|
||||
now = time(NULL);
|
||||
cmdcnf->password_days = parse_date(now, optarg);
|
||||
if (genconf)
|
||||
cmdcnf->password_days = validate_expire(optarg, ch);
|
||||
else
|
||||
cmdcnf->password_days = parse_date(now, optarg);
|
||||
break;
|
||||
case 'g':
|
||||
validate_grname(cmdcnf, optarg);
|
||||
@ -1371,8 +1385,12 @@ pw_user_add(int argc, char **argv, char *arg1)
|
||||
pwd->pw_uid = pw_uidpolicy(cmdcnf, id);
|
||||
pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name,
|
||||
(gid_t) pwd->pw_uid, dryrun);
|
||||
pwd->pw_change = cmdcnf->password_days;
|
||||
pwd->pw_expire = cmdcnf->expire_days;
|
||||
|
||||
if (cmdcnf->password_days > 0)
|
||||
pwd->pw_change = now + cmdcnf->password_days * 86400L;
|
||||
if (cmdcnf->expire_days > 0)
|
||||
pwd->pw_expire = now + cmdcnf->expire_days * 86400L;
|
||||
|
||||
pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
|
||||
pwd->pw_shell = pw_shellpolicy(cmdcnf);
|
||||
lc = login_getpwclass(pwd);
|
||||
@ -1513,6 +1531,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
|
||||
class = nispasswd = NULL;
|
||||
quiet = createhome = pretty = dryrun = nis = precrypted = false;
|
||||
edited = false;
|
||||
now = time(NULL);
|
||||
|
||||
if (arg1 != NULL) {
|
||||
if (arg1[strspn(arg1, "0123456789")] == '\0')
|
||||
@ -1542,11 +1561,9 @@ pw_user_mod(int argc, char **argv, char *arg1)
|
||||
homedir = optarg;
|
||||
break;
|
||||
case 'e':
|
||||
now = time(NULL);
|
||||
expire_days = parse_date(now, optarg);
|
||||
break;
|
||||
case 'p':
|
||||
now = time(NULL);
|
||||
password_days = parse_date(now, optarg);
|
||||
break;
|
||||
case 'g':
|
||||
@ -1681,13 +1698,14 @@ pw_user_mod(int argc, char **argv, char *arg1)
|
||||
}
|
||||
}
|
||||
|
||||
if (password_days >= 0 && pwd->pw_change != password_days) {
|
||||
pwd->pw_change = password_days;
|
||||
|
||||
if (password_days >= 0) {
|
||||
pwd->pw_change = now + password_days * 86400L;
|
||||
edited = true;
|
||||
}
|
||||
|
||||
if (expire_days >= 0 && pwd->pw_expire != expire_days) {
|
||||
pwd->pw_expire = expire_days;
|
||||
if (expire_days >= 0) {
|
||||
pwd->pw_expire = now + expire_days * 86400L;
|
||||
edited = true;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user