[Pkg-shadow-devel] Bug#621810: shadow: usermod and passwd man pages wrongly suggest `usermod -e 1` to expire account
enok srd
enoksrd at gmail.com
Sat Apr 9 23:27:58 UTC 2011
On Fri, Apr 8, 2011 at 7:46 PM, enok srd <enoksrd at gmail.com> wrote:
> Suggested fix: `change usermod --expiredate` to handle numeric
> arguments the same way chage does, and update the usermod man page
> accordingly.
>
> Here's some relevant code from usermod and chage in the most recent
> source I could find
> (ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.3.tar.bz).
> Note the isnum check in chage:
>
> shadow-4.1.4.3/src/usermod.c:
> 937 case 'e':
> 938 if ('\0' != *optarg) {
> 939 user_newexpire =
> strtoday (optarg);
> 940 if (user_newexpire == -1) {
> 941 fprintf (stderr,
> 942
> _("%s: invalid date '%s'\n"),
> 943 Prog, optarg);
> 944 exit (E_BAD_ARG);
> 945 }
> 946 user_newexpire *= DAY / SCALE;
> 947 } else {
> 948 user_newexpire = -1;
> 949 }
> 950 eflg = true;
> 951 break;
>
> shadow-4.1.4.3/src/chage.c:
> 419 case 'E':
> 420 Eflg = true;
> 421 if (!isnum (optarg)) {
> 422 expdate = strtoday (optarg);
> 423 } else if ( (getlong (optarg, &expdate) == 0)
> 424 || (expdate < -1)) {
> 425 fprintf (stderr,
> 426 _("%s: invalid date '%s'\n"),
> 427 Prog, optarg);
> 428 usage ();
> 429 }
> 430 break;
Oh, and notice the `expdate < -1` check in the isnum branch of the
chage case: that check also needs to be made on the strtoday results,
since currently both chage and usermod are happy to write negative
values into /etc/shadow, but then they are unable to parse those
values. Subsequent `usermod --expiredate` calls do nothing, and
`chage --expiredate` calls add new entries to /etc/shadow. Only way I
know to fix these is to edit /etc/shadow (with vipw -s). The pwck
command suggests the corrupted /etc/shadow entries be deleted.
More information about the Pkg-shadow-devel
mailing list