* NEWS, src/usermod.c; man/usermod.8.xml: When the shadow file
exists but there are no shadow entries, an entry has to be created if the password is changed and passwd requires a shadow entry, or if aging features are used (-e or -f). Document this and also that -e and -f require a shadow file.
This commit is contained in:
parent
c2f5088067
commit
2c6782b501
@ -16,6 +16,11 @@
|
|||||||
* src/usermod.c (update_group, update_gshadow): Reduce complexity
|
* src/usermod.c (update_group, update_gshadow): Reduce complexity
|
||||||
and document checks. Some checks were always true/false within
|
and document checks. Some checks were always true/false within
|
||||||
their call context.
|
their call context.
|
||||||
|
* NEWS, src/usermod.c; man/usermod.8.xml: When the shadow file
|
||||||
|
exists but there are no shadow entries, an entry has to be created
|
||||||
|
if the password is changed and passwd requires a shadow entry, or
|
||||||
|
if aging features are used (-e or -f). Document this and also that
|
||||||
|
-e and -f require a shadow file.
|
||||||
|
|
||||||
2011-07-08 Nicolas François <nicolas.francois@centraliens.net>
|
2011-07-08 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
3
NEWS
3
NEWS
@ -61,6 +61,9 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
|
|||||||
this group isn't the user's primary group.
|
this group isn't the user's primary group.
|
||||||
- usermod
|
- usermod
|
||||||
* Accept options in any order (username not necessarily at the end)
|
* Accept options in any order (username not necessarily at the end)
|
||||||
|
* When the shadow file exists but there are no shadow entries, an entry
|
||||||
|
is created if the password is changed and passwd requires a
|
||||||
|
shadow entry, or if aging features are used (-e or -f).
|
||||||
|
|
||||||
*** translation
|
*** translation
|
||||||
* Updated Brazilian Portuguese translation.
|
* Updated Brazilian Portuguese translation.
|
||||||
|
@ -127,6 +127,11 @@
|
|||||||
The date on which the user account will be disabled. The date is
|
The date on which the user account will be disabled. The date is
|
||||||
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
|
specified in the format <emphasis remap='I'>YYYY-MM-DD</emphasis>.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
This option requires a <filename>/etc/shadow</filename> file.
|
||||||
|
A <filename>/etc/shadow</filename> entry will be created if
|
||||||
|
there were none.
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -144,6 +149,11 @@
|
|||||||
as the password has expired, and a value of -1 disables the
|
as the password has expired, and a value of -1 disables the
|
||||||
feature.
|
feature.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
This option requires a <filename>/etc/shadow</filename> file.
|
||||||
|
A <filename>/etc/shadow</filename> entry will be created if
|
||||||
|
there were none.
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
|
@ -417,7 +417,13 @@ static void new_pwent (struct passwd *pwent)
|
|||||||
pwent->pw_name, user_newname));
|
pwent->pw_name, user_newname));
|
||||||
pwent->pw_name = xstrdup (user_newname);
|
pwent->pw_name = xstrdup (user_newname);
|
||||||
}
|
}
|
||||||
if (!is_shadow_pwd) {
|
/* Update the password in passwd if there is no shadow file or if
|
||||||
|
* the password is currently in passwd (pw_passwd != "x").
|
||||||
|
* We do not force the usage of shadow passwords if they are not
|
||||||
|
* used for this account.
|
||||||
|
*/
|
||||||
|
if ( (!is_shadow_pwd)
|
||||||
|
|| (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
|
||||||
pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
|
pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -522,12 +528,23 @@ static void new_spent (struct spwd *spent)
|
|||||||
spent->sp_namp, old_exp, new_exp));
|
spent->sp_namp, old_exp, new_exp));
|
||||||
spent->sp_expire = user_newexpire;
|
spent->sp_expire = user_newexpire;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Always update the shadowed password if there is a shadow entry
|
||||||
|
* (even if shadowed passwords might not be enabled for this
|
||||||
|
* account (pw_passwd != "x")).
|
||||||
|
* It seems better to update the password in both places in case a
|
||||||
|
* shadow and a non shadow entry exist.
|
||||||
|
* This might occur if:
|
||||||
|
* + there were already both entries
|
||||||
|
* + aging has been requested
|
||||||
|
*/
|
||||||
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
|
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
|
||||||
|
|
||||||
if (pflg) {
|
if (pflg) {
|
||||||
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
if (0 == spent->sp_lstchg) {
|
if (0 == spent->sp_lstchg) {
|
||||||
/* Better disable aging than requiring a password
|
/* Better disable aging than requiring a password
|
||||||
* change */
|
* change. */
|
||||||
spent->sp_lstchg = -1;
|
spent->sp_lstchg = -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1380,13 +1397,46 @@ static void usr_update (void)
|
|||||||
new_pwent (&pwent);
|
new_pwent (&pwent);
|
||||||
|
|
||||||
|
|
||||||
/*
|
/* If the shadow file does not exist, it won't be created */
|
||||||
* Locate the entry in /etc/shadow. It doesn't have to exist, and
|
if (is_shadow_pwd) {
|
||||||
* won't be created if it doesn't.
|
spwd = spw_locate (user_name);
|
||||||
*/
|
if (NULL != spwd) {
|
||||||
if (is_shadow_pwd && ((spwd = spw_locate (user_name)) != NULL)) {
|
/* Update the shadow entry if it exists */
|
||||||
spent = *spwd;
|
spent = *spwd;
|
||||||
new_spent (&spent);
|
new_spent (&spent);
|
||||||
|
} else if ( ( pflg
|
||||||
|
&& (strcmp (pwent.pw_passwd, SHADOW_PASSWD_STRING) == 0))
|
||||||
|
|| eflg || fflg) {
|
||||||
|
/* In some cases, we force the creation of a
|
||||||
|
* shadow entry:
|
||||||
|
* + new password requested and passwd indicates
|
||||||
|
* a shadowed password
|
||||||
|
* + aging information is requested
|
||||||
|
*/
|
||||||
|
memset (&spent, 0, sizeof spent);
|
||||||
|
spent.sp_namp = user_name;
|
||||||
|
|
||||||
|
/* The user explicitly asked for a shadow feature.
|
||||||
|
* Enable shadowed passwords for this new account.
|
||||||
|
*/
|
||||||
|
spent.sp_pwdp = xstrdup (pwent.pw_passwd);
|
||||||
|
pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING);
|
||||||
|
|
||||||
|
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||||
|
if (0 == spent.sp_lstchg) {
|
||||||
|
/* Better disable aging than
|
||||||
|
* requiring a password change */
|
||||||
|
spent.sp_lstchg = -1;
|
||||||
|
}
|
||||||
|
spent.sp_min = getdef_num ("PASS_MIN_DAYS", -1);
|
||||||
|
spent.sp_max = getdef_num ("PASS_MAX_DAYS", -1);
|
||||||
|
spent.sp_warn = getdef_num ("PASS_WARN_AGE", -1);
|
||||||
|
spent.sp_inact = -1;
|
||||||
|
spent.sp_expire = -1;
|
||||||
|
spent.sp_flag = SHADOW_SP_FLAG_UNSET;
|
||||||
|
new_spent (&spent);
|
||||||
|
spwd = &spent; /* entry needs to be committed */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (lflg || uflg || gflg || cflg || dflg || sflg || pflg
|
if (lflg || uflg || gflg || cflg || dflg || sflg || pflg
|
||||||
|
Loading…
x
Reference in New Issue
Block a user