pw(8): correct expiration period handling and command line overrides

to preconfigured values for -e, -p and -w flags.

Use non-negative symbols instead of magic values
in passwd_val/pw_password functions.

PR:		223431
Submitted by:	Yuri Pankov (in part, patch for the manual)
Reported by:	mav (mentor)
MFC after:	3 days
Relnotes:	yes

diff --git a/pw/psdate.c b/pw/psdate.c
index 94d2a343375f10a34d9d47ebaf34ba658053390c..8c833b5c69c72f8096888a5a300083d8bc9801f5 100644 (file)
--- a/pw/psdate.c
+++ b/pw/psdate.c
@@ -40,7 +40,7 @@ static const char rcsid[] =
 #include "psdate.h"
 
 
-static int
+int
 numerics(char const * str)
 {
 

diff --git a/pw/psdate.h b/pw/psdate.h
index bb71da3047079ca511d0ea23eacf55663ba0760a..29bfb3397f3789d66128a488d861fb58494669c3 100644 (file)
--- a/pw/psdate.h
+++ b/pw/psdate.h
@@ -35,6 +35,7 @@
 #include <sys/cdefs.h>
 
 __BEGIN_DECLS
+int numerics(char const * str);
 time_t parse_date(time_t dt, char const * str);
 void print_date(char *buf, time_t t, int dotime);
 __END_DECLS

diff --git a/pw/pw.8 b/pw/pw.8
index 5a93c52bee60192df635fb4b47f5dac39dfead79..e848979ee519bca3391824b21e11ba63ab45f460 100644 (file)
--- a/pw/pw.8
+++ b/pw/pw.8
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 12, 2016
+.Dd December 10, 2017
 .Dt PW 8
 .Os
 .Sh NAME
@@ -611,6 +611,14 @@ that the account expires.
 A value of 0 suppresses automatic calculation of the expiry date.
 .It Fl p Ar days
 Set the default password expiration period in days.
+When
+.Fl D
+is used, the
+.Ar days
+argument is interpreted differently.
+It must be numeric and represents the number of days after creation
+that the account expires.
+A value of 0 suppresses automatic calculation of the expiry date.
 .It Fl g Ar group
 Set the default group for new users.
 If a blank group is specified using

diff --git a/pw/pw.h b/pw/pw.h
index 816c7555658421be56eba8930b6901a69510f6dd..fde3ce3ef69db95f98ee523d65e94c2bfbdb8df1 100644 (file)
--- a/pw/pw.h
+++ b/pw/pw.h
@@ -48,6 +48,14 @@ enum _mode
         M_NUM
 };
 
+enum _passmode
+{
+       P_NO,
+       P_NONE,
+       P_RANDOM,
+       P_YES
+};
+
 enum _which
 {
         W_USER,

diff --git a/pw/pw_conf.c b/pw/pw_conf.c
index e1dc6825e81a636d2d26c781ffa12db60309c0e1..36bb8b61e9d14b0e7b63d2b3034c9e72578db2b5 100644 (file)
--- a/pw/pw_conf.c
+++ b/pw/pw_conf.c
@@ -200,18 +200,18 @@ passwd_val(char const * str, int dflt)
 
                for (i = 0; booltrue[i]; i++)
                        if (strcmp(str, booltrue[i]) == 0)
-                               return 1;
+                               return P_YES;
                for (i = 0; boolfalse[i]; i++)
                        if (strcmp(str, boolfalse[i]) == 0)
-                               return 0;
+                               return P_NO;
 
                /*
                 * Special cases for defaultpassword
                 */
                if (strcmp(str, "random") == 0)
-                       return -1;
+                       return P_RANDOM;
                if (strcmp(str, "none") == 0)
-                       return -2;
+                       return P_NONE;
 
                errx(1, "Invalid value for default password");
        }

diff --git a/pw/pw_user.c b/pw/pw_user.c
index 395564d1f0040ab38dd2b850c431086fe3ff6371..b797c04ef445b6ac31cf514f15ef8c708f08dd6b 100644 (file)
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -517,7 +517,9 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
        char            pwbuf[32];
 
        switch (cnf->default_password) {
-       case -1:                /* Random password */
+       case P_NONE:            /* No password at all! */
+               return "";
+       case P_RANDOM:                  /* Random password */
                l = (arc4random() % 8 + 8);     /* 8 - 16 chars */
                for (i = 0; i < l; i++)
                        pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
@@ -533,17 +535,13 @@ pw_password(struct userconf * cnf, char const * user, bool dryrun)
                        fflush(stdout);
                }
                break;
-
-       case -2:                /* No password at all! */
-               return "";
-
-       case 0:         /* No login - default */
-       default:
-               return "*";
-
-       case 1:         /* user's name */
+       case P_YES:             /* user's name */
                strlcpy(pwbuf, user, sizeof(pwbuf));
                break;
+       case P_NO:              /* No login - default */
+                               /* FALLTHROUGH */
+       default:
+               return "*";
        }
        return pw_pwcrypt(pwbuf);
 }
@@ -1124,11 +1122,20 @@ validate_mode(char *mode)
        return (m);
 }
 
+static long
+validate_expire(char *str, int opt)
+{
+       if (!numerics(str))
+               errx(EX_DATAERR, "-%c argument must be numeric "
+                    "when setting defaults: %s", (char)opt, str);
+       return strtol(str, NULL, 0);
+}
+
 static void
 mix_config(struct userconf *cmdcnf, struct userconf *cfg)
 {
 
-       if (cmdcnf->default_password == 0)
+       if (cmdcnf->default_password < 0)
                cmdcnf->default_password = cfg->default_password;
        if (cmdcnf->reuse_uids == 0)
                cmdcnf->reuse_uids = cfg->reuse_uids;
@@ -1166,9 +1173,9 @@ mix_config(struct userconf *cmdcnf, struct userconf *cfg)
                cmdcnf->min_gid = cfg->min_gid;
        if (cmdcnf->max_gid == 0)
                cmdcnf->max_gid = cfg->max_gid;
-       if (cmdcnf->expire_days == 0)
+       if (cmdcnf->expire_days < 0)
                cmdcnf->expire_days = cfg->expire_days;
-       if (cmdcnf->password_days == 0)
+       if (cmdcnf->password_days < 0)
                cmdcnf->password_days = cfg->password_days;
 }
 
@@ -1200,6 +1207,9 @@ pw_user_add(int argc, char **argv, char *arg1)
        if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL)
                err(EXIT_FAILURE, "calloc()");
 
+       cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1; 
+       now = time(NULL);
+
        if (arg1 != NULL) {
                if (arg1[strspn(arg1, "0123456789")] == '\0')
                        id = pw_checkid(arg1, UID_MAX);
@@ -1228,12 +1238,16 @@ pw_user_add(int argc, char **argv, char *arg1)
                        homedir = optarg;
                        break;
                case 'e':
-                       now = time(NULL);
-                       cmdcnf->expire_days = parse_date(now, optarg);
+                       if (genconf)
+                           cmdcnf->expire_days = validate_expire(optarg, ch);
+                       else
+                           cmdcnf->expire_days = parse_date(now, optarg);
                        break;
                case 'p':
-                       now = time(NULL);
-                       cmdcnf->password_days = parse_date(now, optarg);
+                       if (genconf)
+                           cmdcnf->password_days = validate_expire(optarg, ch);
+                       else
+                           cmdcnf->password_days = parse_date(now, optarg);
                        break;
                case 'g':
                        validate_grname(cmdcnf, optarg);
@@ -1371,8 +1385,12 @@ pw_user_add(int argc, char **argv, char *arg1)
        pwd->pw_uid = pw_uidpolicy(cmdcnf, id);
        pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name,
            (gid_t) pwd->pw_uid, dryrun);
-       pwd->pw_change = cmdcnf->password_days;
-       pwd->pw_expire = cmdcnf->expire_days;
+       
+       if (cmdcnf->password_days > 0)
+               pwd->pw_change = now + cmdcnf->password_days * 86400L;
+       if (cmdcnf->expire_days > 0)
+               pwd->pw_expire = now + cmdcnf->expire_days * 86400L;
+
        pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
        pwd->pw_shell = pw_shellpolicy(cmdcnf);
        lc = login_getpwclass(pwd);
@@ -1513,6 +1531,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
        class = nispasswd = NULL;
        quiet = createhome = pretty = dryrun = nis = precrypted = false;
        edited = false;
+       now = time(NULL);
 
        if (arg1 != NULL) {
                if (arg1[strspn(arg1, "0123456789")] == '\0')
@@ -1542,11 +1561,9 @@ pw_user_mod(int argc, char **argv, char *arg1)
                        homedir = optarg;
                        break;
                case 'e':
-                       now = time(NULL);
                        expire_days = parse_date(now, optarg);
                        break;
                case 'p':
-                       now = time(NULL);
                        password_days = parse_date(now, optarg);
                        break;
                case 'g':
@@ -1681,13 +1698,14 @@ pw_user_mod(int argc, char **argv, char *arg1)
                }
        }
 
-       if (password_days >= 0 && pwd->pw_change != password_days) {
-               pwd->pw_change = password_days;
+
+       if (password_days >= 0) {
+               pwd->pw_change = now + password_days * 86400L;
                edited = true;
        }
 
-       if (expire_days >= 0 && pwd->pw_expire != expire_days) {
-               pwd->pw_expire = expire_days;
+       if (expire_days >= 0) {
+               pwd->pw_expire = now + expire_days * 86400L;
                edited = true;
        }