Inline patch has whitespace messed up by launchpad, here is a working version.
** Patch added: "patch.diff" http://launchpadlibrarian.net/38761789/patch.diff ** Tags added: patch ** Description changed: Binary package hint: libnss-extrausers When reading shadow, integer fields are read with strtol directly. This produces 0 for an empty field. However, in many cases a -1 should be used for an empty field. This is certainly the case for account expiry, the final field. This can be seen in the code in glibc which loads these fields: eglibc-2.10.1/shadow/sgetspent_r.c: - INT_FIELD_MAYBE_NULL (result->sp_expire, ISCOLON, 0, 10, (long int), - (long int) -1); - - In the definition of INT_FIELD_MAYBE_NULL the last field is called default. + INT_FIELD_MAYBE_NULL (result->sp_expire, ISCOLON, 0, 10, (long int), + (long int) -1); + + In the definition of INT_FIELD_MAYBE_NULL the last field is called + default. pam_unix is interpreting this 0 value as an account expiring on the 1st of January 1970 which of course is always in the past and so all accounts are appearing expired. Other fields which default to -1 are sp_lstchg, sp_min, sp_max, sp_warn and sp_inact. A workaround for this is to set a value in this field. - A fix is the following patch: - - diff -U3 -r libnss-extrausers-0.2-orig/shadow.c libnss-extrausers-0.2/shadow.c - --- libnss-extrausers-0.2-orig/shadow.c 2010-01-27 22:07:04.064336148 +0000 - +++ libnss-extrausers-0.2/shadow.c 2010-01-27 22:19:38.122475198 +0000 - @@ -118,27 +118,33 @@ - TOCOLON(p,h); - /* extract day of last changes */ - t_lstchg = strtol(p,&h,10); - + if (p == h) t_lstchg = -1; - p=h; - CHECKCOLON; - p = ++h; - /* extract min */ - t_min = strtol(p,&h,10); - + if (p == h) t_min = -1; - p=h; - CHECKCOLON; - /* extract max */ - t_max = strtol(p,&h,10); - + if (p == h) t_max = -1; - p=h; - CHECKCOLON; - /* extract days of warning */ - t_warn = strtol(p,&h,10); - + if (p == h) t_warn = -1; - p=h; - CHECKCOLON; - /* extract days of inactivity */ - t_inact = strtol(p,&h,10); - + if (p == h) t_inact = -1; - p=h; - CHECKCOLON; - /* extract day of expire */ - t_expire = strtol(p,&h,10); - + if (p == h) t_expire = -1; - p=h; - CHECKCOLON; - /* extract reserved flags */ - I wonder if it's actually possible to use the shadow reading code in glibc instead of doing this separately? I don't have time to look into that now anyway. -- empty fields in shadow handled wrongly https://bugs.launchpad.net/bugs/513497 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
