[Pkg-shadow-commits] r1441 - in upstream/trunk: . src

Thu Nov 22 21:55:12 UTC 2007

Author: nekral-guest
Date: 2007-11-22 21:55:12 +0000 (Thu, 22 Nov 2007)
New Revision: 1441

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/gpasswd.c
Log:
* NEWS, src/gpasswd.c: Read the group and shadow groups using
  gr_locate and sgr_locate. gpasswd write in the file database. Thus
  it should read information from the file database, not using
  getgrnam. The change to sgr_locate is just for consistency. This
  requires opening the group databases (read only) using
  gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
  option are changed, due to conditions.


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2007-11-22 21:36:38 UTC (rev 1440)
+++ upstream/trunk/ChangeLog	2007-11-22 21:55:12 UTC (rev 1441)
@@ -1,5 +1,14 @@
 2007-11-22  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, src/gpasswd.c: Read the group and shadow groups using
+	gr_locate and sgr_locate. gpasswd write in the file database. Thus
+	it should read information from the file database, not using
+	getgrnam. The change to sgr_locate is just for consistency. This
+	requires opening the group databases (read only) using
+	gr_open/sgr_open.
+
+2007-11-22  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* configure.in: SHADOWGRP added to AM_CONDITIONAL for the
 	generation of manpages.
 	* man/generate_translations.mak: Added pam/no_pam condition (like
@@ -8,6 +17,8 @@
 	gshadow/no_gshadow condition.
 	* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
 	change the manpage depending on the shadow group support.
+	* NEWS: Indicate that manpages should be re-generated if configure
+	option are changed, due to conditions.
 
 2007-11-22  Nicolas François  <nicolas.francois at centraliens.net>
 

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2007-11-22 21:36:38 UTC (rev 1440)
+++ upstream/trunk/NEWS	2007-11-22 21:55:12 UTC (rev 1441)
@@ -43,9 +43,15 @@
   passwordless account.
 - Full review of the usage of getpwnam(), getpwuid(), getgrnam(),
   getgrgid(), and getspnam(). There should be no functional changes.
+- gpasswd: Only read information from the local file group database. It
+  writes the changes in /etc/group and/or /etc/gshadow, but used to read
+  information from getgrnam (hence possibly from another group database).
 
 *** documentation:
 - Generate the translated manpages from PO at build time.
+- The generated manpages will change depending on the configure options.
+  If you use different options than the one used for the distributed
+  archive, you should re-generate the manpages.
 
 shadow-4.0.18.1 -> shadow-4.0.18.2					28-10-2007
 

Modified: upstream/trunk/src/gpasswd.c
===================================================================
--- upstream/trunk/src/gpasswd.c	2007-11-22 21:36:38 UTC (rev 1440)
+++ upstream/trunk/src/gpasswd.c	2007-11-22 21:55:12 UTC (rev 1441)
@@ -171,12 +171,12 @@
 	char *cp;
 	int amroot;
 	int retries;
-	struct group *gr = NULL;
+	struct group const*gr = NULL;
 	struct group grent;
 	static char pass[BUFSIZ];
 
 #ifdef	SHADOWGRP
-	struct sgrp *sg = NULL;
+	struct sgrp const*sg = NULL;
 	struct sgrp sgent;
 	char *admins = NULL;
 #endif
@@ -314,14 +314,20 @@
 	 * will be completely replicated so it may be modified later on.
 	 */
 
-	/*
-	 * XXX - should get the entry using gr_locate() and modify that,
-	 * getgrnam() could give us a NIS group.  --marekm
-	 */
 	if (!(group = argv[optind]))
 		usage ();
 
-	if (!(gr = getgrnam (group))) { /* dup, no need for xgetgrnam */
+	if (!gr_open (O_RDONLY)) {
+		fprintf (stderr, _("%s: can't open file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot open /etc/group"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "opening /etc/group",
+			      group, -1, 0);
+#endif
+		exit (1);
+	}
+
+	if (!(gr = gr_locate (group))) {
 		fprintf (stderr, _("unknown group: %s\n"), group);
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "group lookup", group,
@@ -334,8 +340,26 @@
 	grent.gr_passwd = xstrdup (gr->gr_passwd);
 
 	grent.gr_mem = dup_list (gr->gr_mem);
+	if (!gr_close ()) {
+		fprintf (stderr, _("%s: can't close file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot close /etc/group"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "closing /etc/group", group, -1, 0);
+#endif
+		exit (1);
+	}
 #ifdef	SHADOWGRP
-	if ((sg = getsgnam (group))) {
+	if (!sgr_open (O_RDONLY)) {
+		fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "opening /etc/gshadow", group, -1, 0);
+#endif
+		exit (1);
+	}
+	if ((sg = sgr_locate (group))) {
 		sgent = *sg;
 		sgent.sg_name = xstrdup (sg->sg_name);
 		sgent.sg_passwd = xstrdup (sg->sg_passwd);
@@ -360,6 +384,15 @@
 
 		sg = &sgent;
 	}
+	if (!sgr_close ()) {
+		fprintf (stderr, _("%s: can't close shadow file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "closing /etc/gshadow", group, -1, 0);
+#endif
+		exit (1);
+	}
 
 	/*
 	 * The policy here for changing a group is that 1) you must be root


