2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2008-04-27 06:10:09 +05:30
|
|
|
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
|
|
|
|
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
|
|
|
* Copyright (c) 2000 - 2006, Tomasz Kłoczko
|
|
|
|
* Copyright (c) 2007 - 2008, Nicolas François
|
2007-10-07 17:14:02 +05:30
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2008-04-27 06:10:09 +05:30
|
|
|
* 3. The name of the copyright holders or contributors may not be used to
|
|
|
|
* endorse or promote products derived from this software without
|
|
|
|
* specific prior written permission.
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2008-04-27 06:10:09 +05:30
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
|
|
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
2007-11-11 05:16:11 +05:30
|
|
|
#ident "$Id$"
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <ctype.h>
|
|
|
|
#include <fcntl.h>
|
2007-10-07 17:17:01 +05:30
|
|
|
#include <grp.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <pwd.h>
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
2007-10-07 17:17:11 +05:30
|
|
|
#include "pam_defs.h"
|
2007-10-07 17:15:23 +05:30
|
|
|
#endif /* USE_PAM */
|
2007-10-07 17:17:01 +05:30
|
|
|
#include <stdio.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include "defines.h"
|
|
|
|
#include "groupio.h"
|
2007-10-07 17:15:23 +05:30
|
|
|
#include "nscd.h"
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "prototypes.h"
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef SHADOWGRP
|
|
|
|
#include "sgroupio.h"
|
|
|
|
#endif
|
|
|
|
/*
|
|
|
|
* Global variables
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static char *group_name;
|
|
|
|
static char *Prog;
|
2007-10-07 17:17:01 +05:30
|
|
|
static gid_t group_id = -1;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
#ifdef SHADOWGRP
|
2008-06-10 02:24:04 +05:30
|
|
|
static bool is_shadow_grp;
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* exit status values
|
|
|
|
*/
|
|
|
|
#define E_SUCCESS 0 /* success */
|
|
|
|
#define E_USAGE 2 /* invalid command syntax */
|
|
|
|
#define E_NOTFOUND 6 /* specified group doesn't exist */
|
|
|
|
#define E_GROUP_BUSY 8 /* can't remove user's primary group */
|
|
|
|
#define E_GRP_UPDATE 10 /* can't update group file */
|
|
|
|
|
|
|
|
/* local function prototypes */
|
2007-10-07 17:15:23 +05:30
|
|
|
static void usage (void);
|
2008-03-09 02:43:54 +05:30
|
|
|
static void fail_exit (int);
|
2007-10-07 17:15:23 +05:30
|
|
|
static void grp_update (void);
|
|
|
|
static void close_files (void);
|
|
|
|
static void open_files (void);
|
|
|
|
static void group_busy (gid_t);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* usage - display usage message and exit
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static void usage (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2008-01-25 02:12:12 +05:30
|
|
|
fputs (_("Usage: groupdel group\n"), stderr);
|
2007-10-07 17:15:23 +05:30
|
|
|
exit (E_USAGE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2008-03-09 02:43:54 +05:30
|
|
|
/*
|
|
|
|
* fail_exit - exit with a failure code after unlocking the files
|
|
|
|
*/
|
|
|
|
static void fail_exit (int code)
|
|
|
|
{
|
|
|
|
(void) gr_unlock ();
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
if (is_shadow_grp) {
|
|
|
|
sgr_unlock ();
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef WITH_AUDIT
|
2008-06-14 02:29:04 +05:30
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
"deleting group",
|
|
|
|
group_name, AUDIT_NO_ID, 0);
|
2008-03-09 02:43:54 +05:30
|
|
|
#endif
|
|
|
|
|
|
|
|
exit (code);
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* grp_update - update group file entries
|
|
|
|
*
|
|
|
|
* grp_update() writes the new records to the group files.
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static void grp_update (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2008-06-10 02:24:04 +05:30
|
|
|
if (gr_remove (group_name) == 0) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: error removing group entry\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
#ifdef SHADOWGRP
|
|
|
|
/*
|
|
|
|
* Delete the shadow group entries as well.
|
|
|
|
*/
|
2008-03-08 21:47:07 +05:30
|
|
|
if (is_shadow_grp && (sgr_locate (group_name) != NULL)) {
|
2008-06-10 02:24:04 +05:30
|
|
|
if (sgr_remove (group_name) == 0) {
|
2008-03-08 21:47:07 +05:30
|
|
|
fprintf (stderr,
|
|
|
|
_("%s: error removing shadow group entry\n"),
|
|
|
|
Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2008-03-08 21:47:07 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:14:02 +05:30
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* close_files - close all of the files that were opened
|
|
|
|
*
|
|
|
|
* close_files() closes all of the files that were opened for this
|
|
|
|
* new group. This causes any modified entries to be written out.
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static void close_files (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2008-03-08 21:50:55 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-06-14 02:29:04 +05:30
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
"deleting group",
|
|
|
|
group_name, (unsigned int) group_id, 1);
|
2008-03-08 21:50:55 +05:30
|
|
|
#endif
|
|
|
|
SYSLOG ((LOG_INFO, "remove group `%s'\n", group_name));
|
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
if (gr_close () == 0) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: cannot rewrite group file\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
gr_unlock ();
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
2008-06-10 02:24:04 +05:30
|
|
|
if (is_shadow_grp && (sgr_close () == 0)) {
|
2007-10-07 17:15:23 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("%s: cannot rewrite shadow group file\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
if (is_shadow_grp)
|
2007-10-07 17:15:23 +05:30
|
|
|
sgr_unlock ();
|
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* open_files - lock and open the group files
|
|
|
|
*
|
|
|
|
* open_files() opens the two group files.
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static void open_files (void)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2008-06-10 02:24:04 +05:30
|
|
|
if (gr_lock () == 0) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: unable to lock group file\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-06-10 02:24:04 +05:30
|
|
|
if (gr_open (O_RDWR) == 0) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: unable to open group file\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
#ifdef SHADOWGRP
|
2008-06-10 02:24:04 +05:30
|
|
|
if (is_shadow_grp && (sgr_lock () == 0)) {
|
2007-10-07 17:15:23 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("%s: unable to lock shadow group file\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-06-10 02:24:04 +05:30
|
|
|
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
|
2007-10-07 17:15:23 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("%s: unable to open shadow group file\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GRP_UPDATE);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
#endif /* SHADOWGRP */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* group_busy - check if this is any user's primary group
|
|
|
|
*
|
|
|
|
* group_busy verifies that this group is not the primary group
|
|
|
|
* for any user. You must remove all users before you remove
|
|
|
|
* the group.
|
|
|
|
*/
|
2007-10-07 17:15:23 +05:30
|
|
|
static void group_busy (gid_t gid)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:15:23 +05:30
|
|
|
struct passwd *pwd;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Nice slow linear search.
|
|
|
|
*/
|
|
|
|
|
|
|
|
setpwent ();
|
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
while ( ((pwd = getpwent ()) != NULL) && (pwd->pw_gid != gid) );
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
endpwent ();
|
|
|
|
|
|
|
|
/*
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
* If pwd isn't NULL, it stopped because the gid's matched.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
if (pwd == (struct passwd *) 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Can't remove the group.
|
|
|
|
*/
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: cannot remove user's primary group.\n"), Prog);
|
2008-03-09 02:43:54 +05:30
|
|
|
fail_exit (E_GROUP_BUSY);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* main - groupdel command
|
|
|
|
*
|
|
|
|
* The syntax of the groupdel command is
|
|
|
|
*
|
|
|
|
* groupdel group
|
|
|
|
*
|
|
|
|
* The named group will be deleted.
|
|
|
|
*/
|
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
int main (int argc, char **argv)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
pam_handle_t *pamh = NULL;
|
|
|
|
int retval;
|
|
|
|
#endif
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
|
|
|
audit_help_open ();
|
|
|
|
#endif
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* Get my name so that I can use it to report errors.
|
|
|
|
*/
|
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
Prog = Basename (argv[0]);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
(void) setlocale (LC_ALL, "");
|
|
|
|
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
(void) textdomain (PACKAGE);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
if (argc != 2)
|
2007-10-07 17:16:07 +05:30
|
|
|
usage ();
|
2007-10-07 17:15:40 +05:30
|
|
|
|
|
|
|
group_name = argv[1];
|
|
|
|
|
2007-10-07 17:16:52 +05:30
|
|
|
OPENLOG ("groupdel");
|
|
|
|
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
retval = PAM_SUCCESS;
|
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
{
|
|
|
|
struct passwd *pampw;
|
|
|
|
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
|
|
|
|
if (pampw == NULL) {
|
|
|
|
retval = PAM_USER_UNKNOWN;
|
|
|
|
}
|
2007-10-07 17:14:38 +05:30
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS == retval) {
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
retval = pam_start ("groupdel", pampw->pw_name,
|
|
|
|
&conv, &pamh);
|
|
|
|
}
|
2007-10-07 17:14:38 +05:30
|
|
|
}
|
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS == retval) {
|
2007-10-07 17:15:23 +05:30
|
|
|
retval = pam_authenticate (pamh, 0);
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS != retval) {
|
|
|
|
(void) pam_end (pamh, retval);
|
2007-10-07 17:14:38 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS == retval) {
|
2007-10-07 17:15:23 +05:30
|
|
|
retval = pam_acct_mgmt (pamh, 0);
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS != retval) {
|
|
|
|
(void) pam_end (pamh, retval);
|
2007-10-07 17:14:38 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS != retval) {
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
2007-10-07 17:14:38 +05:30
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
#endif /* USE_PAM */
|
2007-10-07 17:14:38 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SHADOWGRP
|
2007-10-07 17:15:23 +05:30
|
|
|
is_shadow_grp = sgr_file_present ();
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
{
|
|
|
|
struct group *grp;
|
|
|
|
/*
|
|
|
|
* Start with a quick check to see if the group exists.
|
|
|
|
*/
|
2008-06-10 02:24:04 +05:30
|
|
|
grp = getgrnam (group_name); /* local, no need for xgetgrnam */
|
|
|
|
if (NULL == grp) {
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
fprintf (stderr, _("%s: group %s does not exist\n"),
|
|
|
|
Prog, group_name);
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
2008-06-14 02:29:04 +05:30
|
|
|
"deleting group",
|
|
|
|
group_name, AUDIT_NO_ID, 0);
|
2007-10-07 17:17:01 +05:30
|
|
|
#endif
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
exit (E_NOTFOUND);
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
group_id = grp->gr_gid; /* LAUS */
|
|
|
|
}
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2007-10-07 17:16:07 +05:30
|
|
|
#ifdef USE_NIS
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* Make sure this isn't a NIS group
|
|
|
|
*/
|
|
|
|
if (__isgrNIS ()) {
|
2007-10-07 17:15:23 +05:30
|
|
|
char *nis_domain;
|
|
|
|
char *nis_master;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
fprintf (stderr, _("%s: group %s is a NIS group\n"),
|
|
|
|
Prog, group_name);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:17:01 +05:30
|
|
|
#ifdef WITH_AUDIT
|
2008-06-14 02:29:04 +05:30
|
|
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
|
|
"deleting group",
|
|
|
|
group_name, AUDIT_NO_ID, 0);
|
2007-10-07 17:17:01 +05:30
|
|
|
#endif
|
2007-10-07 17:15:23 +05:30
|
|
|
if (!yp_get_default_domain (&nis_domain) &&
|
|
|
|
!yp_master (nis_domain, "group.byname", &nis_master)) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fprintf (stderr, _("%s: %s is the NIS master\n"),
|
2007-10-07 17:15:23 +05:30
|
|
|
Prog, nis_master);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
exit (E_NOTFOUND);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now check to insure that this isn't the primary group of
|
|
|
|
* anyone.
|
|
|
|
*/
|
* lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
xgetgrgid(), and xgetspnam(). They allocate memory for the
returned structure and are more robust to successive calls. They
are implemented with the libc's getxxyyy_r() functions if
available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
usage of one of the getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam() functions. It was noticed on
http://bugs.debian.org/341230 that chfn and chsh use a passwd
structure after calling a pam function, which result in using
information from the passwd structure requested by pam, not the
original one. It is much easier to use the new xget... functions
to avoid these issues. I've checked which call to the original
get... functions could be left (reducing the scope of the
structure if possible), and I've left comments to ease future
reviews (e.g. /* local, no need for xgetpwnam */).
Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
functions (used by the xget... functions) from the <xx>io.c files
to the new <xx>mem.c files. This avoid linking some utils against
the SELinux library.
2007-11-19 04:45:26 +05:30
|
|
|
group_busy (group_id);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Do the hard stuff - open the files, delete the group entries,
|
|
|
|
* then close and update the files.
|
|
|
|
*/
|
|
|
|
open_files ();
|
|
|
|
|
|
|
|
grp_update ();
|
2008-03-09 02:43:54 +05:30
|
|
|
|
|
|
|
close_files ();
|
|
|
|
|
|
|
|
nscd_flush_cache ("group");
|
2007-10-07 20:06:51 +05:30
|
|
|
|
2007-10-07 17:14:38 +05:30
|
|
|
#ifdef USE_PAM
|
2008-06-10 02:24:04 +05:30
|
|
|
if (PAM_SUCCESS == retval) {
|
|
|
|
(void) pam_end (pamh, PAM_SUCCESS);
|
|
|
|
}
|
2007-10-07 17:15:23 +05:30
|
|
|
#endif /* USE_PAM */
|
2008-03-09 02:43:54 +05:30
|
|
|
|
|
|
|
return E_SUCCESS;
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2008-03-09 02:43:54 +05:30
|
|
|
|