[Pkg-shadow-commits] r1867 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Tue Feb 26 19:09:10 UTC 2008
Author: nekral-guest
Date: 2008-02-26 19:09:10 +0000 (Tue, 26 Feb 2008)
New Revision: 1867
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/gpasswd.c
Log:
* NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
the group file and set the grent structure
* src/gpasswd.c (check_perms): The permissions should be checked
using both the gshadow and group file. Add a <struct group *>
parameter, and check if the gshadow file exists (is_shadowgrp).
* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
the gshadow file is not present (sgent is not initialized in that
case). The fields of sgent can be set, but not used.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-02-26 18:59:28 UTC (rev 1866)
+++ upstream/trunk/ChangeLog 2008-02-26 19:09:10 UTC (rev 1867)
@@ -1,5 +1,18 @@
2008-02-26 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS: Fix failures when the gshadow file is not present. Thanks
+ to Christian Henz (http://bugs.debian.org/467488)
+ * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
+ the group file and set the grent structure
+ * src/gpasswd.c (check_perms): The permissions should be checked
+ using both the gshadow and group file. Add a <struct group *>
+ parameter, and check if the gshadow file exists (is_shadowgrp).
+ * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
+ the gshadow file is not present (sgent is not initialized in that
+ case). The fields of sgent can be set, but not used.
+
+2008-02-26 Nicolas François <nicolas.francois at centraliens.net>
+
* src/gpasswd.c: Fix typo in comment.
* src/gpasswd.c: Move comment regarding FIRST_MEMBER_IS_ADMIN to
where it belongs.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2008-02-26 18:59:28 UTC (rev 1866)
+++ upstream/trunk/NEWS 2008-02-26 19:09:10 UTC (rev 1867)
@@ -21,6 +21,8 @@
- chage
* Fix bug which forbid to set the aging information of an account with a
passwd entry, but no shadow entry.
+- gpasswd
+ * Fix failures when the gshadow file is not present.
- groupadd
* New option -p/--password to specify an encrypted password.
* New option -r, --system for system accounts.
Modified: upstream/trunk/src/gpasswd.c
===================================================================
--- upstream/trunk/src/gpasswd.c 2008-02-26 18:59:28 UTC (rev 1866)
+++ upstream/trunk/src/gpasswd.c 2008-02-26 19:09:10 UTC (rev 1867)
@@ -93,7 +93,7 @@
static void close_files (void);
#ifdef SHADOWGRP
static void get_group (struct group *gr, struct sgrp *sg);
-static void check_perms (const struct sgrp *sg);
+static void check_perms (const struct group *gr, const struct sgrp *sg);
static void update_group (struct group *gr, struct sgrp *sg);
static void change_passwd (struct group *gr, struct sgrp *sg);
#else
@@ -400,12 +400,13 @@
* It only returns if the user is allowed.
*/
#ifdef SHADOWGRP
-static void check_perms (const struct sgrp *sg)
+static void check_perms (const struct group *gr, const struct sgrp *sg)
#else
static void check_perms (const struct group *gr)
#endif
{
#ifdef SHADOWGRP
+ if (is_shadowgrp) {
/*
* The policy here for changing a group is that 1) you must be root
* or 2). you must be listed as an administrative member.
@@ -419,8 +420,9 @@
#endif
failure ();
}
-#else /* ! SHADOWGRP */
-
+ } else
+#endif /* ! SHADOWGRP */
+ {
#ifdef FIRST_MEMBER_IS_ADMIN
/*
* The policy here for changing a group is that 1) you must be root
@@ -460,7 +462,7 @@
failure ();
}
#endif
-#endif /* SHADOWGRP */
+ }
}
/*
@@ -499,6 +501,8 @@
*
* The information are copied in group structure(s) so that they can be
* modified later.
+ *
+ * Note: If !is_shadowgrp, *sg will not be initialized.
*/
#ifdef SHADOWGRP
static void get_group (struct group *gr, struct sgrp *sg)
@@ -545,6 +549,7 @@
}
#ifdef SHADOWGRP
+ if (is_shadowgrp) {
if (sgr_open (O_RDONLY) == 0) {
fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
@@ -590,6 +595,7 @@
#endif
exit (1);
}
+ }
#endif /* SHADOWGRP */
}
@@ -751,7 +757,7 @@
* Check if the user is allowed to change the password of this group.
*/
#ifdef SHADOWGRP
- check_perms (&sgent);
+ check_perms (&grent, &sgent);
#else
check_perms (&grent);
#endif
@@ -798,7 +804,9 @@
printf (_("Adding user %s to group %s\n"), user, group);
grent.gr_mem = add_list (grent.gr_mem, user);
#ifdef SHADOWGRP
+ if (is_shadowgrp) {
sgent.sg_mem = add_list (sgent.sg_mem, user);
+ }
#endif
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
@@ -823,10 +831,12 @@
grent.gr_mem = del_list (grent.gr_mem, user);
}
#ifdef SHADOWGRP
+ if (is_shadowgrp) {
if (is_on_list (sgent.sg_mem, user)) {
removed = 1;
sgent.sg_mem = del_list (sgent.sg_mem, user);
}
+ }
#endif
if (!removed) {
fprintf (stderr, _("%s: unknown member %s\n"),
More information about the Pkg-shadow-commits
mailing list