From 96ad7ec4fa84dd32439e3473c0128612dd5f9d49 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Wed, 11 Jan 2017 15:04:42 -0800 Subject: [PATCH 62/67] Ticket #49082 - Fix password expiration related shadow attributes The original patch was provided by Gordon Messmer (gordon.messmer@gmail.com) with the description: Bug description: Shadow attributes (in /etc/shadow and in LDAP) are typically unset when no policy is in place. 389-ds will incorrectly return values (possibly set to 0) when there is no policy. Fix description: Only auto-fill shadow attributes when a password policy is available. These are empty when no policy is in place. Don't auto-fill expiration related shadow attributes if passwords never expire. Reviewed by William Brown (Thanks!!). (cherry picked from commit 5bcd966b73708f6b558f01e6b11a7a11e8d3b126) (cherry picked from commit faae0fa5a4a6b3d590c1a9e068d9436965cc49c9) --- ldap/servers/slapd/pw.c | 74 +++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index ce1ca2a..30a2cb9 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -2802,7 +2802,7 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) { const char *dn = NULL; passwdPolicy *pwpolicy = NULL; - long long shadowval = 0; + long long shadowval = -1; Slapi_Mods *smods = NULL; LDAPMod **mods; long long sval; @@ -2840,64 +2840,66 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) if (shadowval > _MAX_SHADOW) { shadowval = _MAX_SHADOW; } - } else { - shadowval = 0; } - shmin = slapi_entry_attr_get_charptr(*e, "shadowMin"); - if (shmin) { - sval = strtoll(shmin, NULL, 0); - if (sval != shadowval) { - slapi_ch_free_string(&shmin); - shmin = slapi_ch_smprintf("%lld", shadowval); + if (shadowval > 0) { + shmin = slapi_entry_attr_get_charptr(*e, "shadowMin"); + if (shmin) { + sval = strtoll(shmin, NULL, 0); + if (sval != shadowval) { + slapi_ch_free_string(&shmin); + shmin = slapi_ch_smprintf("%lld", shadowval); + mod_num++; + } + } else { mod_num++; + shmin = slapi_ch_smprintf("%lld", shadowval); } - } else { - mod_num++; - shmin = slapi_ch_smprintf("%lld", shadowval); } /* shadowMax - the maximum number of days for which the user password remains valid. */ - if (pwpolicy->pw_maxage > 0) { + shadowval = -1; + if (pwpolicy->pw_exp == 1 && pwpolicy->pw_maxage > 0) { shadowval = pwpolicy->pw_maxage / _SEC_PER_DAY; if (shadowval > _MAX_SHADOW) { shadowval = _MAX_SHADOW; } - } else { - shadowval = _MAX_SHADOW; } - shmax = slapi_entry_attr_get_charptr(*e, "shadowMax"); - if (shmax) { - sval = strtoll(shmax, NULL, 0); - if (sval != shadowval) { - slapi_ch_free_string(&shmax); - shmax = slapi_ch_smprintf("%lld", shadowval); + if (shadowval > 0) { + shmax = slapi_entry_attr_get_charptr(*e, "shadowMax"); + if (shmax) { + sval = strtoll(shmax, NULL, 0); + if (sval != shadowval) { + slapi_ch_free_string(&shmax); + shmax = slapi_ch_smprintf("%lld", shadowval); + mod_num++; + } + } else { mod_num++; + shmax = slapi_ch_smprintf("%lld", shadowval); } - } else { - mod_num++; - shmax = slapi_ch_smprintf("%lld", shadowval); } /* shadowWarning - the number of days of advance warning given to the user before the user password expires. */ - if (pwpolicy->pw_warning > 0) { + shadowval = -1; + if (pwpolicy->pw_exp == 1 && pwpolicy->pw_warning > 0) { shadowval = pwpolicy->pw_warning / _SEC_PER_DAY; if (shadowval > _MAX_SHADOW) { shadowval = _MAX_SHADOW; } - } else { - shadowval = 0; } - shwarn = slapi_entry_attr_get_charptr(*e, "shadowWarning"); - if (shwarn) { - sval = strtoll(shwarn, NULL, 0); - if (sval != shadowval) { - slapi_ch_free_string(&shwarn); - shwarn = slapi_ch_smprintf("%lld", shadowval); + if (shadowval > 0) { + shwarn = slapi_entry_attr_get_charptr(*e, "shadowWarning"); + if (shwarn) { + sval = strtoll(shwarn, NULL, 0); + if (sval != shadowval) { + slapi_ch_free_string(&shwarn); + shwarn = slapi_ch_smprintf("%lld", shadowval); + mod_num++; + } + } else { mod_num++; + shwarn = slapi_ch_smprintf("%lld", shadowval); } - } else { - mod_num++; - shwarn = slapi_ch_smprintf("%lld", shadowval); } smods = slapi_mods_new(); -- 2.9.3