From mishania@pappnase.demos.su  Sat Oct 18 19:31:37 1997
Received: from pappnase.demos.su (pappnase.dol.ru [194.87.5.66])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA16938
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Oct 1997 19:31:35 -0700 (PDT)
          (envelope-from mishania@pappnase.demos.su)
Received: (from root@localhost)
	by pappnase.demos.su (8.8.7/8.8.5) id GAA09817;
	Sun, 19 Oct 1997 06:30:16 +0400 (MSD)
Message-Id: <199710190230.GAA09817@pappnase.demos.su>
Date: Sun, 19 Oct 1997 06:30:16 +0400 (MSD)
From: mishania@demos.su
Reply-To: mishania@demos.su
To: FreeBSD-gnats-submit@freebsd.org
Subject: login.c mistake/typo? in 3.0-CURRENT
X-Send-Pr-Version: 3.2

>Number:         4801
>Category:       bin
>Synopsis:       critical mistake in login.c's code.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 18 19:40:00 PDT 1997
>Closed-Date:    Sun Oct 19 11:35:22 MEST 1997
>Last-Modified:  Sun Oct 19 11:35:38 MEST 1997
>Originator:     Mikhail A. Sokolov
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
Demos Company, Ltd.
>Environment:

	FreeBSD 3.0-current.

>Description:
Original code of login.c, line 555 has a mistake, which leads to having 
passwords always expired, if you don't use LOGIN_CAP <comments start with :>>:

#define DEFAULT_WARN  (2L * 7L & 86400L)  /* Two weeks */
	:>		       ^^!!
 	:>here's the mistake - this operation gives null DEFAULT_WARN

#ifdef LOGIN_CAP
        warntime = login_getcaptime(lc, "warnpassword",
                                    DEFAULT_WARN, DEFAULT_WARN);
#else
        warntime = DEFAULT_WARN; 
	:> i.e. if you don't use LOGIN_CAP, warntime == NULL.

#endif

        changepass=0;
        if (pwd->pw_change) {
                if (tp.tv_sec >= pwd->pw_change) {
                        (void)printf("Sorry -- your password has expired.\n");
                        changepass=1;
                        syslog(LOG_INFO,
                               "%s Password expired - forcing change",
                               pwd->pw_name);
                } else if (pwd->pw_change - tp.tv_sec < warntime && !quietlog)

	:>	           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	:>  this is always true, since warntime = NULL.



                    (void)printf("Warning: your password expires on %s",
                                 ctime(&pwd->pw_change));


>How-To-Repeat:
>Fix:
	
 	line 555 of login.c should read :
#define DEFAULT_WARN  (2L * 7L * 86400L)  /* Two weeks */
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Sun Oct 19 11:35:22 MEST 1997 
State-Changed-Why:  

Fixed in rev 1.30, thanks! 
>Unformatted:
