From e47ee90033ca88da6ffa3aeb388eaf01afcb29e3 Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sat, 17 Nov 2007 16:40:39 +0000 Subject: [PATCH] -l/-u options: edit the shadow account expiry field *in addition* to editing the password field. Debian patch 494_passwd_lock. --- ChangeLog | 6 ++++++ man/passwd.1.xml | 6 ++++-- src/passwd.c | 9 +++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 026394de..fe50f1d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2007-11-17 Nicolas François + + * src/passwd.c, man/passwd.1.xml: -l/-u options: edit the + shadow account expiry field *in addition* to editing the password + field. Debian patch 494_passwd_lock. + 2007-11-17 Nicolas François * src/newgrp.c: Do not request a password when a user uses newgrp diff --git a/man/passwd.1.xml b/man/passwd.1.xml index 724c128b..e1bd67b5 100644 --- a/man/passwd.1.xml +++ b/man/passwd.1.xml @@ -214,7 +214,8 @@ Lock the named account. This option disables an account by changing - the password to a value which matches no possible encrypted value. + the password to a value which matches no possible encrypted value, + and by setting the account expiry field to 1. @@ -275,7 +276,8 @@ Unlock the named account. This option re-enables an account by changing the password back to its previous value (to value before - using option). + using option), and by resetting the account + expiry field. diff --git a/src/passwd.c b/src/passwd.c index d3de75e4..49afaeb5 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -531,6 +531,15 @@ static void update_shadow (void) nsp->sp_inact = (inact * DAY) / SCALE; if (do_update_age) nsp->sp_lstchg = time ((time_t *) 0) / SCALE; + if (lflg) { + /* Set the account expiry field to 1. + * Some PAM implementation consider zero as a non expired + * account. + */ + nsp->sp_expire = 1; + } + if (uflg) + nsp->sp_expire = -1; /* * Force change on next login, like SunOS 4.x passwd -e or Solaris