[Pkg-shadow-commits] r1867 - in upstream/trunk: . src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Tue Feb 26 19:09:10 UTC 2008 

Author: nekral-guest
Date: 2008-02-26 19:09:10 +0000 (Tue, 26 Feb 2008)
New Revision: 1867

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/gpasswd.c
Log:
 * NEWS: Fix failures when the gshadow file is not present. Thanks
   to Christian Henz (http://bugs.debian.org/467488)
 * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
   the group file and set the grent structure
 * src/gpasswd.c (check_perms): The permissions should be checked
   using both the gshadow and group file. Add a <struct group *>
   parameter, and check if the gshadow file exists (is_shadowgrp).
 * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
   the gshadow file is not present (sgent is not initialized in that
   case). The fields of sgent can be set, but not used.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2008-02-26 18:59:28 UTC (rev 1866)
+++ upstream/trunk/ChangeLog	2008-02-26 19:09:10 UTC (rev 1867)
@@ -1,5 +1,18 @@
 2008-02-26  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS: Fix failures when the gshadow file is not present. Thanks
+	to Christian Henz (http://bugs.debian.org/467488)
+	* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
+	the group file and set the grent structure
+	* src/gpasswd.c (check_perms): The permissions should be checked
+	using both the gshadow and group file. Add a <struct group *>
+	parameter, and check if the gshadow file exists (is_shadowgrp).
+	* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
+	the gshadow file is not present (sgent is not initialized in that
+	case). The fields of sgent can be set, but not used.
+
+2008-02-26  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/gpasswd.c: Fix typo in comment.
 	* src/gpasswd.c: Move comment regarding FIRST_MEMBER_IS_ADMIN to
 	where it belongs.

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2008-02-26 18:59:28 UTC (rev 1866)
+++ upstream/trunk/NEWS	2008-02-26 19:09:10 UTC (rev 1867)
@@ -21,6 +21,8 @@
 - chage
   * Fix bug which forbid to set the aging information of an account with a
     passwd entry, but no shadow entry.
+- gpasswd
+  * Fix failures when the gshadow file is not present.
 - groupadd
   * New option -p/--password to specify an encrypted password.
   * New option -r, --system for system accounts.

Modified: upstream/trunk/src/gpasswd.c
===================================================================
--- upstream/trunk/src/gpasswd.c	2008-02-26 18:59:28 UTC (rev 1866)
+++ upstream/trunk/src/gpasswd.c	2008-02-26 19:09:10 UTC (rev 1867)
@@ -93,7 +93,7 @@
 static void close_files (void);
 #ifdef SHADOWGRP
 static void get_group (struct group *gr, struct sgrp *sg);
-static void check_perms (const struct sgrp *sg);
+static void check_perms (const struct group *gr, const struct sgrp *sg);
 static void update_group (struct group *gr, struct sgrp *sg);
 static void change_passwd (struct group *gr, struct sgrp *sg);
 #else
@@ -400,12 +400,13 @@
  *	It only returns if the user is allowed.
  */
 #ifdef SHADOWGRP
-static void check_perms (const struct sgrp *sg)
+static void check_perms (const struct group *gr, const struct sgrp *sg)
 #else
 static void check_perms (const struct group *gr)
 #endif
 {
 #ifdef SHADOWGRP
+	if (is_shadowgrp) {
 	/*
 	 * The policy here for changing a group is that 1) you must be root
 	 * or 2). you must be listed as an administrative member.
@@ -419,8 +420,9 @@
 #endif
 		failure ();
 	}
-#else				/* ! SHADOWGRP */
-
+	} else
+#endif				/* ! SHADOWGRP */
+	{
 #ifdef FIRST_MEMBER_IS_ADMIN
 	/*
 	 * The policy here for changing a group is that 1) you must be root
@@ -460,7 +462,7 @@
 		failure ();
 	}
 #endif
-#endif				/* SHADOWGRP */
+	}
 }
 
 /*
@@ -499,6 +501,8 @@
  *
  *	The information are copied in group structure(s) so that they can be
  *	modified later.
+ *
+ *	Note: If !is_shadowgrp, *sg will not be initialized.
  */
 #ifdef SHADOWGRP
 static void get_group (struct group *gr, struct sgrp *sg)
@@ -545,6 +549,7 @@
 	}
 
 #ifdef SHADOWGRP
+	if (is_shadowgrp) {
 	if (sgr_open (O_RDONLY) == 0) {
 		fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
 		SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
@@ -590,6 +595,7 @@
 #endif
 		exit (1);
 	}
+	}
 #endif				/* SHADOWGRP */
 }
 
@@ -751,7 +757,7 @@
 	 * Check if the user is allowed to change the password of this group.
 	 */
 #ifdef SHADOWGRP
-	check_perms (&sgent);
+	check_perms (&grent, &sgent);
 #else
 	check_perms (&grent);
 #endif
@@ -798,7 +804,9 @@
 		printf (_("Adding user %s to group %s\n"), user, group);
 		grent.gr_mem = add_list (grent.gr_mem, user);
 #ifdef SHADOWGRP
+		if (is_shadowgrp) {
 		sgent.sg_mem = add_list (sgent.sg_mem, user);
+		}
 #endif
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
@@ -823,10 +831,12 @@
 			grent.gr_mem = del_list (grent.gr_mem, user);
 		}
 #ifdef SHADOWGRP
+		if (is_shadowgrp) {
 		if (is_on_list (sgent.sg_mem, user)) {
 			removed = 1;
 			sgent.sg_mem = del_list (sgent.sg_mem, user);
 		}
+		}
 #endif
 		if (!removed) {
 			fprintf (stderr, _("%s: unknown member %s\n"),

More information about the Pkg-shadow-commits mailing list