| Summary: | passwd does not update 'last modified time' field in /etc/shadow when updating password | ||
|---|---|---|---|
| Product: | Busybox | Reporter: | Ben Friedberg <ben.friedberg> |
| Component: | Other | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | busybox-cvs |
| Priority: | P5 | ||
| Version: | 1.13.x | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| Host: | Target: | ||
| Build: | |||
| Attachments: | fix | ||
Created attachment 455 [details]
fix
Should be fixed now. Please test current git or attached patch.
|
libbb/update_passwd.c does not seem to contain a mechanism to update the lastchanged field (field 3) for a user in /etc/shadow when using shadow passwds. This field is, however, created and set to 'days since the epoch' when the user entry is CREATED. When a user's password expires as a combination of field 3 (last modified) and field 5 (max days password is valid from modification) the user is prompted to change the password. The update_passwd correctly sets the new password but fails to set the last modified time. This makes the updated password nice and all, but it is still expired relative to field 3 and field 5. I am using bb 1.13.2. but I looked all the way up to the tip revision of update_passwd and it doesn't seem to set that value anywhere... I believe that this is relative to line 219 of libbb/update_passwd.c line 130 of loginutils/adduser.c (for 1.14.0) includes the initial setting of that value: p = xasprintf("!:%u:0:99999:7:::", (unsigned)(time(NULL) / 86400)); I can probably add the feature and patch it up myself, but I wanted to call attention to it.