Remove password aging

doc/HOWTO

@@ -1069,7 +1069,6 @@
   ______________________________________________________________________
   GROUP=1
   HOME=/home
-  INACTIVE=0
   EXPIRE=0
   SHELL=
   SKEL=/etc/skel
@@ -1085,20 +1084,17 @@
 
   ·  I want passwords to expire every 60 days
 
-  ·  I don't want to lock an account because the password is expired
-
   ·  I want to default shell to be /bin/bash
 
      To make these changes I would use:
 
-       useradd -D -g100 -e60 -f0 -s/bin/bash
+       useradd -D -g100 -e60 -s/bin/bash
 
   Now running useradd -D will give:
 
   ______________________________________________________________________
   GROUP=100
   HOME=/home
-  INACTIVE=0
   EXPIRE=60
   SHELL=/bin/bash
   SKEL=/etc/skel
@@ -1177,7 +1173,6 @@
   GROUP=100        # Default Group
   HOME=/home       # Home directory location (/home/username)
   SKEL=/etc/skel   # Skeleton Directory
-  INACTIVE=0       # Days after password expires to disable account (0=never)
   EXPIRE=60        # Days that a passwords lasts
   SHELL=/bin/bash  # Default Shell (full path)
   ##
@@ -1210,7 +1205,7 @@
   # parameter when it reached the SPACE character.
   #
   /usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
-          -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
+          -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
   ##
   #  Set password defaults
   ##

etc/login.defs

@@ -209,15 +209,9 @@ UMASK		022
 #
 # Password aging controls:
 #
-#	PASS_MAX_DAYS	Maximum number of days a password may be used.
-#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
 #	PASS_MIN_LEN	Minimum acceptable password length.
-#	PASS_WARN_AGE	Number of days warning given before a password expires.
 #
-PASS_MAX_DAYS	99999
-PASS_MIN_DAYS	0
 PASS_MIN_LEN	5
-PASS_WARN_AGE	7
 
 #
 # If "yes", the user must be listed as a member of the first gid 0 group

lib/Makefile.am

@@ -96,7 +96,6 @@ libshadow_la_SOURCES = \
 	getdef.h \
 	getgr_nam_gid.c \
 	getrange.c \
-	gettime.c \
 	groupio.c \
 	groupmem.c \
 	groupio.h \

lib/age.c

@@ -16,7 +16,6 @@
 #include <pwd.h>
 #include <grp.h>
 
-#include "adds.h"
 #include "defines.h"
 #include "exitcodes.h"
 #include "prototypes.h"
@@ -56,9 +55,6 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	case 1:
 		(void) fputs (_("Your password has expired."), stdout);
 		break;
-	case 2:
-		(void) fputs (_("Your password is inactive."), stdout);
-		break;
 	case 3:
 		(void) fputs (_("Your login has expired."), stdout);
 		break;
@@ -71,7 +67,7 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 	 * change that password.
 	 */
 
-	if ((status > 1) || (sp->sp_max < sp->sp_min)) {
+	if (status == 3) {
 		(void) puts (_("  Contact the system administrator."));
 		exit (EXIT_FAILURE);
 	}
@@ -133,50 +129,3 @@ int expire (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 
 	exit (EXIT_FAILURE);
  /*@notreached@*/}
-
-/*
- * agecheck - see if warning is needed for password expiration
- *
- *	agecheck sees how many days until the user's password is going
- *	to expire and warns the user of the pending password expiration.
- */
-
-void agecheck (/*@null@*/const struct spwd *sp)
-{
-	long now = time(NULL) / DAY;
-	long remain;
-
-	if (NULL == sp) {
-		return;
-	}
-
-	/*
-	 * The last, max, and warn fields must be supported or the
-	 * warning period cannot be calculated.
-	 */
-
-	if (   (-1 == sp->sp_lstchg)
-	    || (-1 == sp->sp_max)
-	    || (-1 == sp->sp_warn)) {
-		return;
-	}
-
-	if (0 == sp->sp_lstchg) {
-		(void) puts (_("You must change your password."));
-		return;
-	}
-
-	remain = addsl(sp->sp_lstchg, sp->sp_max, -now);
-
-	if (remain <= sp->sp_warn) {
-		if (remain > 1) {
-			(void) printf (_("Your password will expire in %ld days.\n"),
-			               remain);
-		} else if (1 == remain) {
-			(void) puts (_("Your password will expire tomorrow."));
-		} else if (remain == 0) {
-			(void) puts (_("Your password will expire today."));
-		}
-	}
-}
-

lib/isexpired.c

@@ -18,7 +18,6 @@
 #include <pwd.h>
 #include <time.h>
 
-#include "adds.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "string/strcmp/streq.h"
@@ -35,8 +34,6 @@
  * Return value:
  *	0: the password is still valid
  *	1: the password has expired, it must be changed
- *	2: the password has expired since a long time and the account is
- *	   now disabled. (password cannot be changed)
  *	3: the account has expired
  */
 int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
@@ -72,33 +69,6 @@ int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
 		return 1;
 	}
 
-	if (   (sp->sp_lstchg > 0)
-	    && (sp->sp_max >= 0)
-	    && (sp->sp_inact >= 0)
-	    && (now >= addsl(sp->sp_lstchg, sp->sp_max, sp->sp_inact)))
-	{
-		return 2;
-	}
-
-	/*
-	 * The last and max fields must be present for an account
-	 * to have an expired password.
-	 */
-
-	if (   (-1 == sp->sp_lstchg)
-	    || (-1 == sp->sp_max)) {
-		return 0;
-	}
-
-	/*
-	 * Calculate today's day and the day on which the password
-	 * is going to expire.  If that date has already passed,
-	 * the password has expired.
-	 */
-
-	if (now >= addsl(sp->sp_lstchg, sp->sp_max))
-		return 1;
-
 	return 0;
 }
 

lib/pam_pass.c

@@ -28,15 +28,13 @@
 #include "prototypes.h"
 #include "shadowlog.h"
 
-void do_pam_passwd (const char *user, bool silent, bool change_expired)
+void do_pam_passwd (const char *user, bool silent)
 {
 	pam_handle_t *pamh = NULL;
 	int flags = 0, ret;
 
 	if (silent)
 		flags |= PAM_SILENT;
-	if (change_expired)
-		flags |= PAM_CHANGE_EXPIRED_AUTHTOK;
 
 	ret = pam_start ("passwd", user, &conv, &pamh);
 	if (ret != PAM_SUCCESS) {

lib/prototypes.h

@@ -43,7 +43,6 @@ extern int add_groups (const char *);
 #endif
 
 /* age.c */
-extern void agecheck (/*@null@*/const struct spwd *);
 extern int expire (const struct passwd *, /*@null@*/const struct spwd *);
 
 /* isexpired.c */
@@ -151,9 +150,6 @@ extern int getrange (const char *range,
                      unsigned long *min, bool *has_min,
                      unsigned long *max, bool *has_max);
 
-/* gettime.c */
-extern time_t gettime (void);
-
 /* groupio.c */
 extern void __gr_del_entry (const struct commonio_entry *ent);
 extern /*@observer@*/const struct commonio_db *__gr_get_db (void);
@@ -305,7 +301,7 @@ extern void obscure_get_range(int *, int *);
 
 /* pam_pass.c */
 #ifdef USE_PAM
-extern void do_pam_passwd (const char *user, bool silent, bool change_expired);
+extern void do_pam_passwd (const char *user, bool silent);
 #endif
 
 /* port.c */

lib/pwd2spwd.c

@@ -38,7 +38,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw)
 	 * file.  They are set to uninitialized values.
 	 */
 	sp.sp_lstchg = -1;
-	sp.sp_min = 0;
+	sp.sp_min = -1;
 	sp.sp_max = -1;
 	sp.sp_warn = -1;
 	sp.sp_expire = -1;

lib/shadow/shadow/sgetspent.c

@@ -63,35 +63,12 @@ sgetspent(const char *s)
 
 	spwd.sp_namp = fields[0];
 	spwd.sp_pwdp = fields[1];
-
-	/*
-	 * Get the last changed date.  For all of the integer fields,
-	 * we check for proper format.  It is an error to have an
-	 * incorrectly formatted number.
-	 */
-
-	if (streq(fields[2], ""))
+	if (streq(fields[2], "0"))
+		spwd.sp_lstchg = 0;
+	else
 		spwd.sp_lstchg = -1;
-	else if (a2sl(&spwd.sp_lstchg, fields[2], NULL, 0, 0, LONG_MAX) == -1)
-		return NULL;
-
-	/*
-	 * Get the minimum period between password changes.
-	 */
-
-	if (streq(fields[3], ""))
-		spwd.sp_min = -1;
-	else if (a2sl(&spwd.sp_min, fields[3], NULL, 0, 0, LONG_MAX) == -1)
-		return NULL;
-
-	/*
-	 * Get the maximum number of days a password is valid.
-	 */
-
-	if (streq(fields[4], ""))
-		spwd.sp_max = -1;
-	else if (a2sl(&spwd.sp_max, fields[4], NULL, 0, 0, LONG_MAX) == -1)
-		return NULL;
+	spwd.sp_min = -1;
+	spwd.sp_max = -1;
 
 	/*
 	 * If there are only OFIELDS fields (this is a SVR3.2 /etc/shadow
@@ -107,24 +84,8 @@ sgetspent(const char *s)
 		return &spwd;
 	}
 
-	/*
-	 * Get the number of days of password expiry warning.
-	 */
-
-	if (streq(fields[5], ""))
-		spwd.sp_warn = -1;
-	else if (a2sl(&spwd.sp_warn, fields[5], NULL, 0, 0, LONG_MAX) == -1)
-		return NULL;
-
-	/*
-	 * Get the number of days of inactivity before an account is
-	 * disabled.
-	 */
-
-	if (streq(fields[6], ""))
-		spwd.sp_inact = -1;
-	else if (a2sl(&spwd.sp_inact, fields[6], NULL, 0, 0, LONG_MAX) == -1)
-		return NULL;
+	spwd.sp_warn = -1;
+	spwd.sp_inact = -1;
 
 	/*
 	 * Get the number of days after the epoch before the account is

lib/shadowmem.c

@@ -32,10 +32,10 @@
 	}
 	/* The libc might define other fields. They won't be copied. */
 	sp->sp_lstchg = spent->sp_lstchg;
-	sp->sp_min    = spent->sp_min;
-	sp->sp_max    = spent->sp_max;
-	sp->sp_warn   = spent->sp_warn;
-	sp->sp_inact  = spent->sp_inact;
+	sp->sp_min    = -1;
+	sp->sp_max    = -1;
+	sp->sp_warn   = -1;
+	sp->sp_inact  = -1;
 	sp->sp_expire = spent->sp_expire;
 	sp->sp_flag   = spent->sp_flag;
 	/*@-mustfreeonly@*/

man/Makefile.am

@@ -158,10 +158,7 @@ login_defs_v = \
 	OBSCURE_CHECKS_ENAB.xml \
 	PASS_ALWAYS_WARN.xml \
 	PASS_CHANGE_TRIES.xml \
-	PASS_MAX_DAYS.xml \
 	PASS_MAX_LEN.xml \
-	PASS_MIN_DAYS.xml \
-	PASS_WARN_AGE.xml \
 	PORTTIME_CHECKS_ENAB.xml \
 	QUOTAS_ENAB.xml \
 	SHA_CRYPT_MIN_ROUNDS.xml \