emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Make the sp_lstchg shadow field reproducible.

Browse Source 
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

   username:17238:0:99999:7:::

whilst creating the same user tomorrow will result in:

    username:17239:0:99999:7:::

This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.

 [0] https://reproducible-builds.org/
 [1] https://reproducible-builds.org/specs/source-date-epoch/

Signed-off-by: Chris Lamb <lamby@debian.org>
This commit is contained in:
Chris Lamb
2017-03-15 10:36:21 +00:00
committed by Chris Lamb
parent 2f36da5201
commit cb610d54b4
8 changed files with 100 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/chpasswd.c
View File

@@ -552,7 +552,7 @@ int main (int argc, char **argv)
if (NULL != sp) {
newsp = *sp;
newsp.sp_pwdp = cp;
newsp.sp_lstchg = (long) time ((time_t *)NULL) / SCALE;
newsp.sp_lstchg = (long) gettime () / SCALE;
if (0 == newsp.sp_lstchg) {
/* Better disable aging than requiring a
* password change */

4
src/newusers.c
View File

@@ -496,7 +496,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
}
spent.sp_pwdp = cp;
}
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent.sp_lstchg = (long) gettime () / SCALE;
if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password
* change */
@@ -553,7 +553,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
*/
spent.sp_pwdp = "!";
#endif
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent.sp_lstchg = (long) gettime () / SCALE;
if (0 == spent.sp_lstchg) {
/* Better disable aging than requiring a password change */
spent.sp_lstchg = -1;

2
src/passwd.c
View File

@@ -668,7 +668,7 @@ static void update_shadow (void)
}
#ifndef USE_PAM
if (do_update_age) {
nsp->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
nsp->sp_lstchg = (long) gettime () / SCALE;
if (0 == nsp->sp_lstchg) {
/* Better disable aging than requiring a password
* change */

2
src/useradd.c
View File

@@ -828,7 +828,7 @@ static void new_spent (struct spwd *spent)
memzero (spent, sizeof *spent);
spent->sp_namp = (char *) user_name;
spent->sp_pwdp = (char *) user_pass;
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent->sp_lstchg = (long) gettime () / SCALE;
if (0 == spent->sp_lstchg) {
/* Better disable aging than requiring a password change */
spent->sp_lstchg = -1;

4
src/usermod.c
View File

@@ -641,7 +641,7 @@ static void new_spent (struct spwd *spent)
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
if (pflg) {
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent->sp_lstchg = (long) gettime () / SCALE;
if (0 == spent->sp_lstchg) {
/* Better disable aging than requiring a password
* change. */
@@ -1673,7 +1673,7 @@ static void usr_update (void)
spent.sp_pwdp = xstrdup (pwent.pw_passwd);
pwent.pw_passwd = xstrdup (SHADOW_PASSWD_STRING);
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent.sp_lstchg = (long) gettime () / SCALE;
if (0 == spent.sp_lstchg) {
/* Better disable aging than
* requiring a password change */