diff options
| author | Frederic Lepied <flepied@mandriva.com> | 2005-08-16 08:13:10 +0000 |
|---|---|---|
| committer | Frederic Lepied <flepied@mandriva.com> | 2005-08-16 08:13:10 +0000 |
| commit | 0fb5d0e2ff7df7b719f888323d5e58f3e5893ada (patch) | |
| tree | 482905513d4914cb4798216ef9d5f8e9f5a2845f | |
| parent | 9ace39be031375ecf16acadb58457e17a9f0faf8 (diff) | |
| download | msec-0fb5d0e2ff7df7b719f888323d5e58f3e5893ada.tar msec-0fb5d0e2ff7df7b719f888323d5e58f3e5893ada.tar.gz msec-0fb5d0e2ff7df7b719f888323d5e58f3e5893ada.tar.bz2 msec-0fb5d0e2ff7df7b719f888323d5e58f3e5893ada.tar.xz msec-0fb5d0e2ff7df7b719f888323d5e58f3e5893ada.zip | |
password_aging: really fix bug #17477 by not parsing the output of chage anymore.
| -rw-r--r-- | share/libmsec.py | 55 |
1 files changed, 20 insertions, 35 deletions
diff --git a/share/libmsec.py b/share/libmsec.py index d845bc9..bbb6ebd 100644 --- a/share/libmsec.py +++ b/share/libmsec.py @@ -1206,8 +1206,6 @@ Name must be put between '. Msec will then no more manage password aging for name so you have to use chage(1) to manage it by hand.''' no_aging_list.append(name) -# TODO FL Sat Dec 29 20:18:20 2001 -# replace chage calls and /etc/shadow parsing by a python API to the shadow functions. def password_aging(max, inactive=-1): ''' Set password aging to \\fImax\\fP days and delay to change to \\fIinactive\\fP.''' uid_min = 500 @@ -1227,6 +1225,11 @@ def password_aging(max, inactive=-1): continue name = field[0] password = field[1] + current_max = int(field[4]) + if field[6] == '': + current_inactive = -1 + else: + current_inactive = int(field[6]) if name in no_aging_list: _interactive and log(_('User %s in password aging exception list') % (name,)) continue @@ -1236,39 +1239,21 @@ def password_aging(max, inactive=-1): error(_('User %s in shadow but not in passwd file') % name) continue if (len(password) > 0 and password[0] != '!') and password != '*' and password != 'x' and (entry[2] >= uid_min or entry[2] == 0): - cmd = 'LC_ALL=C /usr/bin/chage -l %s' % entry[0] - ret = commands.getstatusoutput(cmd) - _interactive and log(_('got current maximum password aging for user %s with command \'%s\'') % (entry[0], cmd)) - if ret[0] == 0: - res = maximum_regex.search(ret[1]) - res2 = inactive_regex.search(ret[1]) - if res and res2: - current_max = int(res.group(1)) - if res2.group(2) == 'never': - current_inactive = -1 - else: - current_inactive = int(res2.group(2)) - new_max = max - new_inactive = inactive - # don't lower security when not changing security level - if same_level(): - if current_max < max and current_inactive < inactive: - continue - if current_max < max: - new_max = current_max - if current_inactive < inactive: - new_inactive = current_inactive - if new_max != current_max or current_inactive != new_inactive: - cmd = 'LC_ALL=C /usr/bin/chage -M %d -I %d -d %s %s' % (new_max, new_inactive, time.strftime('%Y-%m-%d'), entry[0]) - ret = commands.getstatusoutput(cmd) - log(_('changed maximum password aging for user %s with command %s') % (entry[0], cmd)) - if ret[0] != 0: - error(ret[1]) - else: - error(_('unable to parse chage output')) - else: - error(_('unable to run chage: %s') % ret[1]) - + new_max = max + new_inactive = inactive + # don't lower security when not changing security level + if same_level(): + if current_max < max and current_inactive < inactive: + continue + if current_max < max: + new_max = current_max + if current_inactive < inactive: + new_inactive = current_inactive + if new_max != current_max or current_inactive != new_inactive: + cmd = 'LC_ALL=C /usr/bin/chage -M %d -I %d -d %s \'%s\'' % (new_max, new_inactive, time.strftime('%Y-%m-%d'), entry[0]) + ret = commands.getstatusoutput(cmd) + log(_('changed maximum password aging for user \'%s\' with command %s') % (entry[0], cmd)) + ################################################################################ def allow_xauth_from_root(arg): |