-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Day and time cleanups for shadow file entries #876
Conversation
I've checked the box which allows edits by maintainers. Perhaps it's easier to consider my PR as a suggestion so wordings and other things can be changed directly without going through comments/reviews. |
I find it more interesting to have a conversation. I may say very dumb things, so if you do the changes after my suggestions, there's some chance of catching any mistakes I may say. :) |
cc63d79
to
b86a80d
Compare
Got the return value checks mixed up. Now it should be functional again. |
|
And the limit had to be adjusted... AGAIN. If this keeps going on like this, I'll change this PR into an issue and someone else can look at it. Maybe people can find this kind of interaction enjoyable, but I'm not part of that group. |
|
|
|
88fa485
to
dc76b4e
Compare
v3b changes:
v3c changes:
|
dc76b4e
to
b762fa5
Compare
v4 changes:
|
cdf2b18
to
5eca242
Compare
v4b changes:
|
5eca242
to
3ddd277
Compare
v4c changes:
|
The conversion from day to seconds can be done in print_date (renamed to print_day_as_date for clarification). This has the nice benefit that DAY multiplication and long to time_t conversion are done at just one place. Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org> Co-developed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Very large values in /etc/shadow could lead to overflows. Make sure that these calculations are saturated at LONG_MAX. Since entries are based on days and not seconds since epoch, saturating won't hurt anyone. Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org> Co-developed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
3ddd277
to
5f46fdf
Compare
v4d changes:
|
5f46fdf
to
d7b2729
Compare
v4e changes:
|
d7b2729
to
d5d9194
Compare
v5 changes:
|
ITI_AGING is not set through any build environment. If it would be set, then timings in /etc/shadow would not fit anymore. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Cherry-picked-from: ab260fc ("lib/defines.h: Remove ITI_AGING") Link: <#873> Link: <#876> Cc: "Serge E. Hallyn" <serge@hallyn.com> [alx: This is a pre-requisite for 674409e ("lib/: Saturate addition to avoid overflow")] Signed-off-by: Alejandro Colomar <alx@kernel.org>
SCALE is always DAY (and has to be always DAY), so replace it with DAY in source code and remove unneeded calculations. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Link: <#876> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: ecc3508 ("lib/, src/: Remove SCALE definition") Cc: "Serge E. Hallyn" <serge@hallyn.com> Link: <#888> Link: <#876> [alx: This is a pre-requisite for 674409e ("lib/: Saturate addition to avoid overflow")] Signed-off-by: Alejandro Colomar <alx@kernel.org>
The conversion from day to seconds can be done in print_date (renamed to print_day_as_date for clarification). This has the nice benefit that DAY multiplication and long to time_t conversion are done at just one place. Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org> Co-developed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: 20100e4 ("src/chage.c: Unify long overflow checks in print_day_as_date()") Cc: "Serge E. Hallyn" <serge@hallyn.com> Link: <#876> [alx: This is a pre-requisite for 674409e ("lib/: Saturate addition to avoid overflow")] Signed-off-by: Alejandro Colomar <alx@kernel.org>
Very large values in /etc/shadow could lead to overflows. Make sure that these calculations are saturated at LONG_MAX. Since entries are based on days and not seconds since epoch, saturating won't hurt anyone. Co-developed-by: Tobias Stoeckmann <tobias@stoeckmann.org> Co-developed-by: Alejandro Colomar <alx@kernel.org> Signed-off-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: 674409e ("lib/: Saturate addition to avoid overflow") Cc: "Serge E. Hallyn" <serge@hallyn.com> Link: <#876> Signed-off-by: Alejandro Colomar <alx@kernel.org>
The first commit is about SCALE removal:
The other commits clean up calculations based on days per epoch and seconds per epoch. It is much easier to calculate with days (in a long) than with seconds (in a time_t) because the former is already the native encoding in shadow files and LONG_MAX exists, while TIME_T_MAX does not exist everywhere.
passwd
work with day precision instead of seconds since epoch to allow easier range checkingchage
Proof of Concept (for 64 bit systems):
sgetspent
implementation which gets long parsing right (glibc does not)The user1 password change should not be allowed because the minimum wait time since last change (in the future) is not reached yet.
As a solution I have capped these calculations at
LONG_MAX
since we are talking, even for 32 bit systems, about a time span of more than 6 million years before this capping becomes a problem. Rather... Theoretical... I hope. :)