From owner-svn-src-head@freebsd.org Sat Dec 9 23:34:02 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 57E7CE9BB91; Sat, 9 Dec 2017 23:34:02 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2F2E07A08D; Sat, 9 Dec 2017 23:34:02 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vB9NY1an094588; Sat, 9 Dec 2017 23:34:01 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vB9NY0eo094581; Sat, 9 Dec 2017 23:34:00 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201712092334.vB9NY0eo094581@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Sat, 9 Dec 2017 23:34:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r326738 - head/usr.sbin/pw X-SVN-Group: head X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: head/usr.sbin/pw X-SVN-Commit-Revision: 326738 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Dec 2017 23:34:02 -0000 Author: eugen Date: Sat Dec 9 23:34:00 2017 New Revision: 326738 URL: https://svnweb.freebsd.org/changeset/base/326738 Log: pw(8): correct expiration period handling and command line overrides to preconfigured values for -e, -p and -w flags. Use non-negative symbols instead of magic values in passwd_val/pw_password functions. PR: 223431 Submitted by: Yuri Pankov (in part, patch for the manual) Reported by: mav (mentor) MFC after: 3 days Relnotes: yes Modified: head/usr.sbin/pw/psdate.c head/usr.sbin/pw/psdate.h head/usr.sbin/pw/pw.8 head/usr.sbin/pw/pw.h head/usr.sbin/pw/pw_conf.c head/usr.sbin/pw/pw_user.c Modified: head/usr.sbin/pw/psdate.c ============================================================================== --- head/usr.sbin/pw/psdate.c Sat Dec 9 23:16:02 2017 (r326737) +++ head/usr.sbin/pw/psdate.c Sat Dec 9 23:34:00 2017 (r326738) @@ -40,7 +40,7 @@ static const char rcsid[] = #include "psdate.h" -static int +int numerics(char const * str) { Modified: head/usr.sbin/pw/psdate.h ============================================================================== --- head/usr.sbin/pw/psdate.h Sat Dec 9 23:16:02 2017 (r326737) +++ head/usr.sbin/pw/psdate.h Sat Dec 9 23:34:00 2017 (r326738) @@ -35,6 +35,7 @@ #include __BEGIN_DECLS +int numerics(char const * str); time_t parse_date(time_t dt, char const * str); void print_date(char *buf, time_t t, int dotime); __END_DECLS Modified: head/usr.sbin/pw/pw.8 ============================================================================== --- head/usr.sbin/pw/pw.8 Sat Dec 9 23:16:02 2017 (r326737) +++ head/usr.sbin/pw/pw.8 Sat Dec 9 23:34:00 2017 (r326738) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 12, 2016 +.Dd December 10, 2017 .Dt PW 8 .Os .Sh NAME @@ -611,6 +611,14 @@ that the account expires. A value of 0 suppresses automatic calculation of the expiry date. .It Fl p Ar days Set the default password expiration period in days. +When +.Fl D +is used, the +.Ar days +argument is interpreted differently. +It must be numeric and represents the number of days after creation +that the account expires. +A value of 0 suppresses automatic calculation of the expiry date. .It Fl g Ar group Set the default group for new users. If a blank group is specified using Modified: head/usr.sbin/pw/pw.h ============================================================================== --- head/usr.sbin/pw/pw.h Sat Dec 9 23:16:02 2017 (r326737) +++ head/usr.sbin/pw/pw.h Sat Dec 9 23:34:00 2017 (r326738) @@ -48,6 +48,14 @@ enum _mode M_NUM }; +enum _passmode +{ + P_NO, + P_NONE, + P_RANDOM, + P_YES +}; + enum _which { W_USER, Modified: head/usr.sbin/pw/pw_conf.c ============================================================================== --- head/usr.sbin/pw/pw_conf.c Sat Dec 9 23:16:02 2017 (r326737) +++ head/usr.sbin/pw/pw_conf.c Sat Dec 9 23:34:00 2017 (r326738) @@ -200,18 +200,18 @@ passwd_val(char const * str, int dflt) for (i = 0; booltrue[i]; i++) if (strcmp(str, booltrue[i]) == 0) - return 1; + return P_YES; for (i = 0; boolfalse[i]; i++) if (strcmp(str, boolfalse[i]) == 0) - return 0; + return P_NO; /* * Special cases for defaultpassword */ if (strcmp(str, "random") == 0) - return -1; + return P_RANDOM; if (strcmp(str, "none") == 0) - return -2; + return P_NONE; errx(1, "Invalid value for default password"); } Modified: head/usr.sbin/pw/pw_user.c ============================================================================== --- head/usr.sbin/pw/pw_user.c Sat Dec 9 23:16:02 2017 (r326737) +++ head/usr.sbin/pw/pw_user.c Sat Dec 9 23:34:00 2017 (r326738) @@ -517,7 +517,9 @@ pw_password(struct userconf * cnf, char const * user, char pwbuf[32]; switch (cnf->default_password) { - case -1: /* Random password */ + case P_NONE: /* No password at all! */ + return ""; + case P_RANDOM: /* Random password */ l = (arc4random() % 8 + 8); /* 8 - 16 chars */ for (i = 0; i < l; i++) pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)]; @@ -533,17 +535,13 @@ pw_password(struct userconf * cnf, char const * user, fflush(stdout); } break; - - case -2: /* No password at all! */ - return ""; - - case 0: /* No login - default */ - default: - return "*"; - - case 1: /* user's name */ + case P_YES: /* user's name */ strlcpy(pwbuf, user, sizeof(pwbuf)); break; + case P_NO: /* No login - default */ + /* FALLTHROUGH */ + default: + return "*"; } return pw_pwcrypt(pwbuf); } @@ -1124,11 +1122,20 @@ validate_mode(char *mode) return (m); } +static long +validate_expire(char *str, int opt) +{ + if (!numerics(str)) + errx(EX_DATAERR, "-%c argument must be numeric " + "when setting defaults: %s", (char)opt, str); + return strtol(str, NULL, 0); +} + static void mix_config(struct userconf *cmdcnf, struct userconf *cfg) { - if (cmdcnf->default_password == 0) + if (cmdcnf->default_password < 0) cmdcnf->default_password = cfg->default_password; if (cmdcnf->reuse_uids == 0) cmdcnf->reuse_uids = cfg->reuse_uids; @@ -1166,9 +1173,9 @@ mix_config(struct userconf *cmdcnf, struct userconf *c cmdcnf->min_gid = cfg->min_gid; if (cmdcnf->max_gid == 0) cmdcnf->max_gid = cfg->max_gid; - if (cmdcnf->expire_days == 0) + if (cmdcnf->expire_days < 0) cmdcnf->expire_days = cfg->expire_days; - if (cmdcnf->password_days == 0) + if (cmdcnf->password_days < 0) cmdcnf->password_days = cfg->password_days; } @@ -1200,6 +1207,9 @@ pw_user_add(int argc, char **argv, char *arg1) if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL) err(EXIT_FAILURE, "calloc()"); + cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1; + now = time(NULL); + if (arg1 != NULL) { if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); @@ -1228,12 +1238,16 @@ pw_user_add(int argc, char **argv, char *arg1) homedir = optarg; break; case 'e': - now = time(NULL); - cmdcnf->expire_days = parse_date(now, optarg); + if (genconf) + cmdcnf->expire_days = validate_expire(optarg, ch); + else + cmdcnf->expire_days = parse_date(now, optarg); break; case 'p': - now = time(NULL); - cmdcnf->password_days = parse_date(now, optarg); + if (genconf) + cmdcnf->password_days = validate_expire(optarg, ch); + else + cmdcnf->password_days = parse_date(now, optarg); break; case 'g': validate_grname(cmdcnf, optarg); @@ -1371,8 +1385,12 @@ pw_user_add(int argc, char **argv, char *arg1) pwd->pw_uid = pw_uidpolicy(cmdcnf, id); pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name, (gid_t) pwd->pw_uid, dryrun); - pwd->pw_change = cmdcnf->password_days; - pwd->pw_expire = cmdcnf->expire_days; + + if (cmdcnf->password_days > 0) + pwd->pw_change = now + cmdcnf->password_days * 86400L; + if (cmdcnf->expire_days > 0) + pwd->pw_expire = now + cmdcnf->expire_days * 86400L; + pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name); pwd->pw_shell = pw_shellpolicy(cmdcnf); lc = login_getpwclass(pwd); @@ -1513,6 +1531,7 @@ pw_user_mod(int argc, char **argv, char *arg1) class = nispasswd = NULL; quiet = createhome = pretty = dryrun = nis = precrypted = false; edited = false; + now = time(NULL); if (arg1 != NULL) { if (arg1[strspn(arg1, "0123456789")] == '\0') @@ -1542,11 +1561,9 @@ pw_user_mod(int argc, char **argv, char *arg1) homedir = optarg; break; case 'e': - now = time(NULL); expire_days = parse_date(now, optarg); break; case 'p': - now = time(NULL); password_days = parse_date(now, optarg); break; case 'g': @@ -1681,13 +1698,14 @@ pw_user_mod(int argc, char **argv, char *arg1) } } - if (password_days >= 0 && pwd->pw_change != password_days) { - pwd->pw_change = password_days; + + if (password_days >= 0) { + pwd->pw_change = now + password_days * 86400L; edited = true; } - if (expire_days >= 0 && pwd->pw_expire != expire_days) { - pwd->pw_expire = expire_days; + if (expire_days >= 0) { + pwd->pw_expire = now + expire_days * 86400L; edited = true; }