[Pkg-shadow-commits] r1536 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Fri Dec 28 20:46:25 UTC 2007
Author: nekral-guest
Date: 2007-12-28 20:46:24 +0000 (Fri, 28 Dec 2007)
New Revision: 1536
Modified:
upstream/trunk/ChangeLog
upstream/trunk/src/groupadd.c
Log:
(main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-12-28 20:40:59 UTC (rev 1535)
+++ upstream/trunk/ChangeLog 2007-12-28 20:46:24 UTC (rev 1536)
@@ -10,6 +10,8 @@
an explicit call to audit_logger().
* src/groupadd.c (main): Before pam_end(), the return value of the
previous pam API was already checked. No need to validate it again.
+ * src/groupadd.c (main, check_perms): New function check_perms().
+ Split the validation of the user's permissions out of main()
2007-12-28 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/src/groupadd.c
===================================================================
--- upstream/trunk/src/groupadd.c 2007-12-28 20:40:59 UTC (rev 1535)
+++ upstream/trunk/src/groupadd.c 2007-12-28 20:46:24 UTC (rev 1536)
@@ -91,6 +91,7 @@
static void fail_exit (int code);
static gid_t get_gid (const char *gidstr);
static void process_flags (int argc, char **argv);
+static void check_perms (void);
/*
* usage - display usage message and exit
@@ -480,48 +481,28 @@
}
/*
- * main - groupadd command
+ * check_perms - check if the caller is allowed to add a group
+ *
+ * With PAM support, the setuid bit can be set on groupadd to allow
+ * non-root users to groups.
+ * Without PAM support, only users who can write in the group databases
+ * can add groups.
*/
-int main (int argc, char **argv)
+static void check_perms (void)
{
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
- int retval;
-#endif
+ int retval = PAM_SUCCESS;
+ struct passwd *pampw;
-#ifdef WITH_AUDIT
- audit_help_open ();
-#endif
- /*
- * Get my name so that I can use it to report errors.
- */
- Prog = Basename (argv[0]);
+ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+ if (pampw == NULL) {
+ retval = PAM_USER_UNKNOWN;
+ }
- setlocale (LC_ALL, "");
- bindtextdomain (PACKAGE, LOCALEDIR);
- textdomain (PACKAGE);
-
- OPENLOG ("groupadd");
-
- /*
- * Parse the command line options.
- */
- process_flags (argc, argv);
-
-#ifdef USE_PAM
- retval = PAM_SUCCESS;
-
- {
- struct passwd *pampw;
- pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (pampw == NULL) {
- retval = PAM_USER_UNKNOWN;
- }
-
- if (retval == PAM_SUCCESS) {
- retval = pam_start ("groupadd", pampw->pw_name,
- &conv, &pamh);
- }
+ if (retval == PAM_SUCCESS) {
+ retval = pam_start ("groupadd", pampw->pw_name,
+ &conv, &pamh);
}
if (retval == PAM_SUCCESS) {
@@ -543,7 +524,34 @@
exit (1);
}
#endif /* USE_PAM */
+}
+/*
+ * main - groupadd command
+ */
+int main (int argc, char **argv)
+{
+#ifdef WITH_AUDIT
+ audit_help_open ();
+#endif
+ /*
+ * Get my name so that I can use it to report errors.
+ */
+ Prog = Basename (argv[0]);
+
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
+ OPENLOG ("groupadd");
+
+ /*
+ * Parse the command line options.
+ */
+ process_flags (argc, argv);
+
+ check_perms ();
+
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
More information about the Pkg-shadow-commits
mailing list