d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pw(8): correct expiration period handling and command line overrides

Browse Source 
to preconfigured values for -e, -p and -w flags.

Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.

PR:		223431
Submitted by:	Yuri Pankov (in part, patch for the manual)
Reported by:	mav (mentor)
MFC after:	3 days
Relnotes:	yes
This commit is contained in:
eugen 2017-12-09 23:34:00 +00:00
parent a942c585af
commit 3cfe33fd3b
6 changed files with 66 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
usr.sbin/pw/psdate.c
View File

@ -40,7 +40,7 @@ static const char rcsid[] =
#include "psdate.h" #include "psdate.h"
static int int
numerics(char const * str) numerics(char const * str)
{ {

1
usr.sbin/pw/psdate.h
View File

@ -35,6 +35,7 @@
#include <sys/cdefs.h> #include <sys/cdefs.h>
__BEGIN_DECLS __BEGIN_DECLS
int numerics(char const * str);
time_t parse_date(time_t dt, char const * str); time_t parse_date(time_t dt, char const * str);
void print_date(char *buf, time_t t, int dotime); void print_date(char *buf, time_t t, int dotime);
__END_DECLS __END_DECLS

10
usr.sbin/pw/pw.8
View File

@ -24,7 +24,7 @@
.\" .\"
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd September 12, 2016 .Dd December 10, 2017
.Dt PW 8 .Dt PW 8
.Os .Os
.Sh NAME .Sh NAME
@ -611,6 +611,14 @@ that the account expires.
A value of 0 suppresses automatic calculation of the expiry date. A value of 0 suppresses automatic calculation of the expiry date.
.It Fl p Ar days .It Fl p Ar days
Set the default password expiration period in days. Set the default password expiration period in days.
When
.Fl D
is used, the
.Ar days
argument is interpreted differently.
It must be numeric and represents the number of days after creation
that the account expires.
A value of 0 suppresses automatic calculation of the expiry date.
.It Fl g Ar group .It Fl g Ar group
Set the default group for new users. Set the default group for new users.
If a blank group is specified using If a blank group is specified using

8
usr.sbin/pw/pw.h
View File

@ -48,6 +48,14 @@ enum _mode
M_NUM M_NUM
}; };
enum _passmode
{
P_NO,
P_NONE,
P_RANDOM,
P_YES
};
enum _which enum _which
{ {
W_USER, W_USER,

8
usr.sbin/pw/pw_conf.c
View File

@ -200,18 +200,18 @@ passwd_val(char const * str, int dflt)
for (i = 0; booltrue[i]; i++) for (i = 0; booltrue[i]; i++)
if (strcmp(str, booltrue[i]) == 0) if (strcmp(str, booltrue[i]) == 0)
return 1; return P_YES;
for (i = 0; boolfalse[i]; i++) for (i = 0; boolfalse[i]; i++)
if (strcmp(str, boolfalse[i]) == 0) if (strcmp(str, boolfalse[i]) == 0)
return 0; return P_NO;
/* /*
* Special cases for defaultpassword * Special cases for defaultpassword
*/ */
if (strcmp(str, "random") == 0) if (strcmp(str, "random") == 0)
return -1; return P_RANDOM;
if (strcmp(str, "none") == 0) if (strcmp(str, "none") == 0)
return -2; return P_NONE;
errx(1, "Invalid value for default password"); errx(1, "Invalid value for default password");
} }

64
usr.sbin/pw/pw_user.c
View File

@ -517,7 +517,9 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
char pwbuf[32]; char pwbuf[32];
switch (cnf->default_password) { switch (cnf->default_password) {
case -1: /* Random password */ case P_NONE: /* No password at all! */
return "";
case P_RANDOM: /* Random password */
l = (arc4random() % 8 + 8); /* 8 - 16 chars */ l = (arc4random() % 8 + 8); /* 8 - 16 chars */
for (i = 0; i < l; i++) for (i = 0; i < l; i++)
pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
@ -533,17 +535,13 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
fflush(stdout); fflush(stdout);
} }
break; break;
case P_YES: /* user's name */
case -2: /* No password at all! */
return "";
case 0: /* No login - default */
default:
return "*";
case 1: /* user's name */
strlcpy(pwbuf, user, sizeof(pwbuf)); strlcpy(pwbuf, user, sizeof(pwbuf));
break; break;
case P_NO: /* No login - default */
/* FALLTHROUGH */
default:
return "*";
} }
return pw_pwcrypt(pwbuf); return pw_pwcrypt(pwbuf);
} }
@ -1124,11 +1122,20 @@ validate_mode(char *mode)
return (m); return (m);
} }
static long
validate_expire(char *str, int opt)
{
if (!numerics(str))
errx(EX_DATAERR, "-%c argument must be numeric "
"when setting defaults: %s", (char)opt, str);
return strtol(str, NULL, 0);
}
static void static void
mix_config(struct userconf *cmdcnf, struct userconf *cfg) mix_config(struct userconf *cmdcnf, struct userconf *cfg)
{ {
if (cmdcnf->default_password == 0) if (cmdcnf->default_password < 0)
cmdcnf->default_password = cfg->default_password; cmdcnf->default_password = cfg->default_password;
if (cmdcnf->reuse_uids == 0) if (cmdcnf->reuse_uids == 0)
cmdcnf->reuse_uids = cfg->reuse_uids; cmdcnf->reuse_uids = cfg->reuse_uids;
@ -1166,9 +1173,9 @@ mix_config(struct userconf *cmdcnf, struct userconf *cfg)
cmdcnf->min_gid = cfg->min_gid; cmdcnf->min_gid = cfg->min_gid;
if (cmdcnf->max_gid == 0) if (cmdcnf->max_gid == 0)
cmdcnf->max_gid = cfg->max_gid; cmdcnf->max_gid = cfg->max_gid;
if (cmdcnf->expire_days == 0) if (cmdcnf->expire_days < 0)
cmdcnf->expire_days = cfg->expire_days; cmdcnf->expire_days = cfg->expire_days;
if (cmdcnf->password_days == 0) if (cmdcnf->password_days < 0)
cmdcnf->password_days = cfg->password_days; cmdcnf->password_days = cfg->password_days;
} }
@ -1200,6 +1207,9 @@ pw_user_add(int argc, char **argv, char *arg1)
if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL) if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL)
err(EXIT_FAILURE, "calloc()"); err(EXIT_FAILURE, "calloc()");
cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1;
now = time(NULL);
if (arg1 != NULL) { if (arg1 != NULL) {
if (arg1[strspn(arg1, "0123456789")] == '\0') if (arg1[strspn(arg1, "0123456789")] == '\0')
id = pw_checkid(arg1, UID_MAX); id = pw_checkid(arg1, UID_MAX);
@ -1228,11 +1238,15 @@ pw_user_add(int argc, char **argv, char *arg1)
homedir = optarg; homedir = optarg;
break; break;
case 'e': case 'e':
now = time(NULL); if (genconf)
cmdcnf->expire_days = validate_expire(optarg, ch);
else
cmdcnf->expire_days = parse_date(now, optarg); cmdcnf->expire_days = parse_date(now, optarg);
break; break;
case 'p': case 'p':
now = time(NULL); if (genconf)
cmdcnf->password_days = validate_expire(optarg, ch);
else
cmdcnf->password_days = parse_date(now, optarg); cmdcnf->password_days = parse_date(now, optarg);
break; break;
case 'g': case 'g':
@ -1371,8 +1385,12 @@ pw_user_add(int argc, char **argv, char *arg1)
pwd->pw_uid = pw_uidpolicy(cmdcnf, id); pwd->pw_uid = pw_uidpolicy(cmdcnf, id);
pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name, pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name,
(gid_t) pwd->pw_uid, dryrun); (gid_t) pwd->pw_uid, dryrun);
pwd->pw_change = cmdcnf->password_days;
pwd->pw_expire = cmdcnf->expire_days; if (cmdcnf->password_days > 0)
pwd->pw_change = now + cmdcnf->password_days * 86400L;
if (cmdcnf->expire_days > 0)
pwd->pw_expire = now + cmdcnf->expire_days * 86400L;
pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name); pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
pwd->pw_shell = pw_shellpolicy(cmdcnf); pwd->pw_shell = pw_shellpolicy(cmdcnf);
lc = login_getpwclass(pwd); lc = login_getpwclass(pwd);
@ -1513,6 +1531,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
class = nispasswd = NULL; class = nispasswd = NULL;
quiet = createhome = pretty = dryrun = nis = precrypted = false; quiet = createhome = pretty = dryrun = nis = precrypted = false;
edited = false; edited = false;
now = time(NULL);
if (arg1 != NULL) { if (arg1 != NULL) {
if (arg1[strspn(arg1, "0123456789")] == '\0') if (arg1[strspn(arg1, "0123456789")] == '\0')
@ -1542,11 +1561,9 @@ pw_user_mod(int argc, char **argv, char *arg1)
homedir = optarg; homedir = optarg;
break; break;
case 'e': case 'e':
now = time(NULL);
expire_days = parse_date(now, optarg); expire_days = parse_date(now, optarg);
break; break;
case 'p': case 'p':
now = time(NULL);
password_days = parse_date(now, optarg); password_days = parse_date(now, optarg);
break; break;
case 'g': case 'g':
@ -1681,13 +1698,14 @@ pw_user_mod(int argc, char **argv, char *arg1)
} }
} }
if (password_days >= 0 && pwd->pw_change != password_days) {
pwd->pw_change = password_days; if (password_days >= 0) {
pwd->pw_change = now + password_days * 86400L;
edited = true; edited = true;
} }
if (expire_days >= 0 && pwd->pw_expire != expire_days) { if (expire_days >= 0) {
pwd->pw_expire = expire_days; pwd->pw_expire = now + expire_days * 86400L;
edited = true; edited = true;
} }