ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2025-01-25 20:19:18 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

accounts: Ensure ‘last-change’ field of shadow entries is never zero.

Browse source 
* gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is
greater than or equal to 1.
This commit is contained in:
Ludovic Courtès 2023-10-07 18:19:51 +02:00
parent 9b77bd0b9b
commit 002c5bec07
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
gnu/build/accounts.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2019, 2021, 2023 Ludovic Courtès <ludo@gnu.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -525,7 +525,15 @@ (define previous-entry
(lookup-procedure current-shadow shadow-entry-name)) (lookup-procedure current-shadow shadow-entry-name))
(define now (define now
(days-since-epoch current-time)) ;; On machines without a real-time clock (typically Arm SBCs), the system
;; clock may be at 1970-01-01 while booting, while would lead us to define
;; NOW as zero.
;;
;; However, the 'isexpired' function in Shadow interprets the combination
;; uninitialized password + last-change = 0 as "The password has expired,
;; it must be changed", which prevents logins altogether. To avoid that,
;; never set 'last-change' to zero.
(max (days-since-epoch current-time) 1))
(map (lambda (user passwd) (map (lambda (user passwd)
(or (previous-entry (password-entry-name passwd)) (or (previous-entry (password-entry-name passwd))