diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-01-15 10:37:18 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-01-17 08:13:09 +0100 |
| commit | ddee3ada467d25e77fef3434fbed7191ff0c1a34 (patch) | |
| tree | b4d66980c42f9fd76c11d4690a3eccc2373dfcf4 /src/shared/user-record-nss.c | |
| parent | 192aee3cae72bf4ca36c849061894e07250b93b0 (diff) | |
| download | systemd-ddee3ada467d25e77fef3434fbed7191ff0c1a34.tar.gz | |
shared/user-record-nss: use macro to avoid repeats
It's easier to read when each field is intialized in exactly one place.
Diffstat (limited to 'src/shared/user-record-nss.c')
| -rw-r--r-- | src/shared/user-record-nss.c | 109 |
1 files changed, 46 insertions, 63 deletions
diff --git a/src/shared/user-record-nss.c b/src/shared/user-record-nss.c index cf273653de..0ff6d17117 100644 --- a/src/shared/user-record-nss.c +++ b/src/shared/user-record-nss.c @@ -6,6 +6,9 @@ #include "strv.h" #include "user-record-nss.h" +#define SET_IF(field, condition, value, fallback) \ + field = (condition) ? (value) : (fallback) + int nss_passwd_to_user_record( const struct passwd *pwd, const struct spwd *spwd, @@ -47,70 +50,50 @@ int nss_passwd_to_user_record( hr->uid = pwd->pw_uid; hr->gid = pwd->pw_gid; - if (spwd) { - if (hashed_password_valid(spwd->sp_pwdp)) { - strv_free_erase(hr->hashed_password); - hr->hashed_password = strv_new(spwd->sp_pwdp); - if (!hr->hashed_password) - return -ENOMEM; - } else - hr->hashed_password = strv_free_erase(hr->hashed_password); - - /* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check) - * for locking a whole account, hence check for that. Note that it also defines a way to lock - * just a password instead of the whole account, but that's mostly pointless in times of - * password-less authorization, hence let's not bother. */ - - if (spwd->sp_expire >= 0) - hr->locked = spwd->sp_expire <= 1; - else - hr->locked = -1; - - if (spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY) - hr->not_after_usec = spwd->sp_expire * USEC_PER_DAY; - else - hr->not_after_usec = UINT64_MAX; - - if (spwd->sp_lstchg >= 0) - hr->password_change_now = spwd->sp_lstchg == 0; - else - hr->password_change_now = -1; - - if (spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY) - hr->last_password_change_usec = spwd->sp_lstchg * USEC_PER_DAY; - else - hr->last_password_change_usec = UINT64_MAX; - - if (spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY) - hr->password_change_min_usec = spwd->sp_min * USEC_PER_DAY; - else - hr->password_change_min_usec = UINT64_MAX; - - if (spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY) - hr->password_change_max_usec = spwd->sp_max * USEC_PER_DAY; - else - hr->password_change_max_usec = UINT64_MAX; - - if (spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY) - hr->password_change_warn_usec = spwd->sp_warn * USEC_PER_DAY; - else - hr->password_change_warn_usec = UINT64_MAX; - - if (spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY) - hr->password_change_inactive_usec = spwd->sp_inact * USEC_PER_DAY; - else - hr->password_change_inactive_usec = UINT64_MAX; - } else { + if (spwd && hashed_password_valid(spwd->sp_pwdp)) { + strv_free_erase(hr->hashed_password); + hr->hashed_password = strv_new(spwd->sp_pwdp); + if (!hr->hashed_password) + return -ENOMEM; + } else hr->hashed_password = strv_free_erase(hr->hashed_password); - hr->locked = -1; - hr->not_after_usec = UINT64_MAX; - hr->password_change_now = -1, - hr->last_password_change_usec = UINT64_MAX; - hr->password_change_min_usec = UINT64_MAX; - hr->password_change_max_usec = UINT64_MAX; - hr->password_change_warn_usec = UINT64_MAX; - hr->password_change_inactive_usec = UINT64_MAX; - } + + /* shadow-utils suggests using "chage -E 0" (or -E 1, depending on which man page you check) + * for locking a whole account, hence check for that. Note that it also defines a way to lock + * just a password instead of the whole account, but that's mostly pointless in times of + * password-less authorization, hence let's not bother. */ + + SET_IF(hr->locked, + spwd && spwd->sp_expire >= 0, + spwd->sp_expire <= 1, -1); + + SET_IF(hr->not_after_usec, + spwd && spwd->sp_expire > 1 && (uint64_t) spwd->sp_expire < (UINT64_MAX-1)/USEC_PER_DAY, + spwd->sp_expire * USEC_PER_DAY, UINT64_MAX); + + SET_IF(hr->password_change_now, + spwd && spwd->sp_lstchg >= 0, + spwd->sp_lstchg == 0, -1); + + SET_IF(hr->last_password_change_usec, + spwd && spwd->sp_lstchg > 0 && (uint64_t) spwd->sp_lstchg <= (UINT64_MAX-1)/USEC_PER_DAY, + spwd->sp_lstchg * USEC_PER_DAY, UINT64_MAX); + + SET_IF(hr->password_change_min_usec, + spwd && spwd->sp_min > 0 && (uint64_t) spwd->sp_min <= (UINT64_MAX-1)/USEC_PER_DAY, + spwd->sp_min * USEC_PER_DAY, UINT64_MAX); + + SET_IF(hr->password_change_max_usec, + spwd && spwd->sp_max > 0 && (uint64_t) spwd->sp_max <= (UINT64_MAX-1)/USEC_PER_DAY, + spwd->sp_max * USEC_PER_DAY, UINT64_MAX); + + SET_IF(hr->password_change_warn_usec, + spwd && spwd->sp_warn > 0 && (uint64_t) spwd->sp_warn <= (UINT64_MAX-1)/USEC_PER_DAY, + spwd->sp_warn * USEC_PER_DAY, UINT64_MAX); + + SET_IF(hr->password_change_inactive_usec, + spwd && spwd->sp_inact > 0 && (uint64_t) spwd->sp_inact <= (UINT64_MAX-1)/USEC_PER_DAY, + spwd->sp_inact * USEC_PER_DAY, UINT64_MAX); hr->json = json_variant_unref(hr->json); r = json_build(&hr->json, JSON_BUILD_OBJECT( |