emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Merge pull request #146 from lamby/reproducible-shadow-files

Browse Source 
Make the sp_lstchg shadow field reproducible (re. #71)
This commit is contained in:
Serge Hallyn 2019-04-21 17:13:58 -05:00 committed by GitHub
commit 2c8171f8c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README
View File

@ -51,6 +51,7 @@ Brian R. Gaeke <brg@dgate.org>
Calle Karlsson <ckn@kash.se> Calle Karlsson <ckn@kash.se>
Chip Rosenthal <chip@unicom.com> Chip Rosenthal <chip@unicom.com>
Chris Evans <lady0110@sable.ox.ac.uk> Chris Evans <lady0110@sable.ox.ac.uk>
Chris Lamb <chris@chris-lamb.co.uk>
Cristian Gafton <gafton@sorosis.ro> Cristian Gafton <gafton@sorosis.ro>
Dan Walsh <dwalsh@redhat.com> Dan Walsh <dwalsh@redhat.com>
Darcy Boese <possum@chardonnay.niagara.com> Darcy Boese <possum@chardonnay.niagara.com>

3
configure.ac
View File

@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr) AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
AC_CHECK_FUNC(setpgrp) AC_CHECK_FUNC(setpgrp)
AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
1,
[Defined to 1 if you have the declaration of 'secure_getenv'])])
if test "$ac_cv_header_shadow_h" = "yes"; then if test "$ac_cv_header_shadow_h" = "yes"; then
AC_CACHE_CHECK(for working shadow group support, AC_CACHE_CHECK(for working shadow group support,

6
lib/defines.h
View File

@ -382,4 +382,10 @@ extern char *strerror ();
# endif # endif
#endif #endif
#ifdef HAVE_SECURE_GETENV
# define shadow_getenv(name) secure_getenv(name)
# else
# define shadow_getenv(name) getenv(name)
#endif
#endif /* _DEFINES_H_ */ #endif /* _DEFINES_H_ */

2
libmisc/gettime.c
View File

@ -52,7 +52,7 @@
unsigned long long epoch; unsigned long long epoch;
fallback = time (NULL); fallback = time (NULL);
source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH");
if (!source_date_epoch) if (!source_date_epoch)
return fallback; return fallback;

3
libmisc/pwd2spwd.c
View File

@ -40,7 +40,6 @@
#include "prototypes.h" #include "prototypes.h"
#include "defines.h" #include "defines.h"
#include <pwd.h> #include <pwd.h>
extern time_t time (time_t *);
/* /*
* pwd_to_spwd - create entries for new spwd structure * pwd_to_spwd - create entries for new spwd structure
@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
*/ */
sp.sp_min = 0; sp.sp_min = 0;
sp.sp_max = (10000L * DAY) / SCALE; sp.sp_max = (10000L * DAY) / SCALE;
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; sp.sp_lstchg = (long) gettime () / SCALE;
if (0 == sp.sp_lstchg) { if (0 == sp.sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change */ * change */

2
src/pwck.c
View File

@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed)
sp.sp_inact = -1; sp.sp_inact = -1;
sp.sp_expire = -1; sp.sp_expire = -1;
sp.sp_flag = SHADOW_SP_FLAG_UNSET; sp.sp_flag = SHADOW_SP_FLAG_UNSET;
sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; sp.sp_lstchg = (long) gettime () / SCALE;
if (0 == sp.sp_lstchg) { if (0 == sp.sp_lstchg) {
/* Better disable aging than /* Better disable aging than
* requiring a password change * requiring a password change

2
src/pwconv.c
View File

@ -267,7 +267,7 @@ int main (int argc, char **argv)
spent.sp_flag = SHADOW_SP_FLAG_UNSET; spent.sp_flag = SHADOW_SP_FLAG_UNSET;
} }
spent.sp_pwdp = pw->pw_passwd; spent.sp_pwdp = pw->pw_passwd;
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; spent.sp_lstchg = (long) gettime () / SCALE;
if (0 == spent.sp_lstchg) { if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password /* Better disable aging than requiring a password
* change */ * change */