[Pkg-shadow-devel] [Pam-patches] passverify/sp_lstchg handling (Bug #2730965)

Wed Aug 4 21:28:21 UTC 2010

As Debian has carried patches before that special-cased a 0 value in other
shadow fields that caused interop problems with shadow, I'm forwarding this
patch to the maintainers of the Debian shadow package for their input. 
Guys, here's a patch that's being proposed for inclusion in PAM upstream -
any thoughts?

For my part, this looks ok.

On Wed, Aug 04, 2010 at 03:17:13PM +0200, Thorsten Kukuk wrote:

> Bug #2730965 is about, that the calculation of sp_lstchg on
> systems, where the time is not yet set (means the date is 1.1.1970),
> will be '0', which means the user is requested to change the password
> at the next login. This Jan 01, 1970 date problem is common on 
> embedded hardware.

> I propose the following patch for this special case:

> --- passverify.c        8 Dec 2009 09:15:51 -0000       1.14
> +++ passverify.c        4 Aug 2010 13:14:32 -0000
> @@ -909,6 +909,9 @@
>         if (!strcmp(stmpent->sp_namp, forwho)) {
>             stmpent->sp_pwdp = towhat;
>             stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24);
> +           if (stmpent->sp_lstchg == 0)
> +               stmpent->sp_lstchg = -1; /* Don't request passwort change
> +                                           only because time isn't set yet. */
>             wroteentry = 1;
>             D(("Set password %s for %s", stmpent->sp_pwdp, forwho));
>         }
> @@ -928,6 +931,9 @@
>         spwdent.sp_namp = forwho;
>         spwdent.sp_pwdp = towhat;
>         spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24);
> +       if (spwdent.sp_lstchg == 0)
> +           spwdent.sp_lstchg = -1; /* Don't request passwort change
> +                                      only because time isn't set yet. */
>         spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact =
>             spwdent.sp_expire = -1;
>         spwdent.sp_flag = (unsigned long)-1l;

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20100804/043971ae/attachment.pgp>