On Fri, Apr 8, 2011 at 7:46 PM, enok srd <enok...@gmail.com> wrote: > Suggested fix: `change usermod --expiredate` to handle numeric > arguments the same way chage does, and update the usermod man page > accordingly. > > Here's some relevant code from usermod and chage in the most recent > source I could find > (ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.4.3.tar.bz). > Note the isnum check in chage: > > shadow-4.1.4.3/src/usermod.c: > 937 case 'e': > 938 if ('\0' != *optarg) { > 939 user_newexpire = > strtoday (optarg); > 940 if (user_newexpire == -1) { > 941 fprintf (stderr, > 942 > _("%s: invalid date '%s'\n"), > 943 Prog, optarg); > 944 exit (E_BAD_ARG); > 945 } > 946 user_newexpire *= DAY / SCALE; > 947 } else { > 948 user_newexpire = -1; > 949 } > 950 eflg = true; > 951 break; > > shadow-4.1.4.3/src/chage.c: > 419 case 'E': > 420 Eflg = true; > 421 if (!isnum (optarg)) { > 422 expdate = strtoday (optarg); > 423 } else if ( (getlong (optarg, &expdate) == 0) > 424 || (expdate < -1)) { > 425 fprintf (stderr, > 426 _("%s: invalid date '%s'\n"), > 427 Prog, optarg); > 428 usage (); > 429 } > 430 break;
Oh, and notice the `expdate < -1` check in the isnum branch of the chage case: that check also needs to be made on the strtoday results, since currently both chage and usermod are happy to write negative values into /etc/shadow, but then they are unable to parse those values. Subsequent `usermod --expiredate` calls do nothing, and `chage --expiredate` calls add new entries to /etc/shadow. Only way I know to fix these is to edit /etc/shadow (with vipw -s). The pwck command suggests the corrupted /etc/shadow entries be deleted.
