From 2a2b2b3aa4347d0a5d1103d7771cb95784744b30 Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Tue, 26 Feb 2008 19:09:10 +0000 Subject: [PATCH] * NEWS: Fix failures when the gshadow file is not present. Thanks to Christian Henz (http://bugs.debian.org/467488) * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use the group file and set the grent structure * src/gpasswd.c (check_perms): The permissions should be checked using both the gshadow and group file. Add a parameter, and check if the gshadow file exists (is_shadowgrp). * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if the gshadow file is not present (sgent is not initialized in that case). The fields of sgent can be set, but not used. --- ChangeLog | 13 +++++++++++++ NEWS | 2 ++ src/gpasswd.c | 22 ++++++++++++++++------ 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2a4e2ba7..7c57f2c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2008-02-26 Nicolas François + + * NEWS: Fix failures when the gshadow file is not present. Thanks + to Christian Henz (http://bugs.debian.org/467488) + * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use + the group file and set the grent structure + * src/gpasswd.c (check_perms): The permissions should be checked + using both the gshadow and group file. Add a + parameter, and check if the gshadow file exists (is_shadowgrp). + * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if + the gshadow file is not present (sgent is not initialized in that + case). The fields of sgent can be set, but not used. + 2008-02-26 Nicolas François * src/gpasswd.c: Fix typo in comment. diff --git a/NEWS b/NEWS index 4f492ee9..5e85b879 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,8 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED - chage * Fix bug which forbid to set the aging information of an account with a passwd entry, but no shadow entry. +- gpasswd + * Fix failures when the gshadow file is not present. - groupadd * New option -p/--password to specify an encrypted password. * New option -r, --system for system accounts. diff --git a/src/gpasswd.c b/src/gpasswd.c index 89f16006..fa3a1296 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -93,7 +93,7 @@ static void open_files (void); static void close_files (void); #ifdef SHADOWGRP static void get_group (struct group *gr, struct sgrp *sg); -static void check_perms (const struct sgrp *sg); +static void check_perms (const struct group *gr, const struct sgrp *sg); static void update_group (struct group *gr, struct sgrp *sg); static void change_passwd (struct group *gr, struct sgrp *sg); #else @@ -400,12 +400,13 @@ static void close_files (void) * It only returns if the user is allowed. */ #ifdef SHADOWGRP -static void check_perms (const struct sgrp *sg) +static void check_perms (const struct group *gr, const struct sgrp *sg) #else static void check_perms (const struct group *gr) #endif { #ifdef SHADOWGRP + if (is_shadowgrp) { /* * The policy here for changing a group is that 1) you must be root * or 2). you must be listed as an administrative member. @@ -419,8 +420,9 @@ static void check_perms (const struct group *gr) #endif failure (); } -#else /* ! SHADOWGRP */ - + } else +#endif /* ! SHADOWGRP */ + { #ifdef FIRST_MEMBER_IS_ADMIN /* * The policy here for changing a group is that 1) you must be root @@ -460,7 +462,7 @@ static void check_perms (const struct group *gr) failure (); } #endif -#endif /* SHADOWGRP */ + } } /* @@ -499,6 +501,8 @@ static void update_group (struct group *gr) * * The information are copied in group structure(s) so that they can be * modified later. + * + * Note: If !is_shadowgrp, *sg will not be initialized. */ #ifdef SHADOWGRP static void get_group (struct group *gr, struct sgrp *sg) @@ -545,6 +549,7 @@ static void get_group (struct group *gr) } #ifdef SHADOWGRP + if (is_shadowgrp) { if (sgr_open (O_RDONLY) == 0) { fprintf (stderr, _("%s: can't open shadow file\n"), Prog); SYSLOG ((LOG_WARN, "cannot open /etc/gshadow")); @@ -590,6 +595,7 @@ static void get_group (struct group *gr) #endif exit (1); } + } #endif /* SHADOWGRP */ } @@ -751,7 +757,7 @@ int main (int argc, char **argv) * Check if the user is allowed to change the password of this group. */ #ifdef SHADOWGRP - check_perms (&sgent); + check_perms (&grent, &sgent); #else check_perms (&grent); #endif @@ -798,7 +804,9 @@ int main (int argc, char **argv) printf (_("Adding user %s to group %s\n"), user, group); grent.gr_mem = add_list (grent.gr_mem, user); #ifdef SHADOWGRP + if (is_shadowgrp) { sgent.sg_mem = add_list (sgent.sg_mem, user); + } #endif #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member", @@ -823,10 +831,12 @@ int main (int argc, char **argv) grent.gr_mem = del_list (grent.gr_mem, user); } #ifdef SHADOWGRP + if (is_shadowgrp) { if (is_on_list (sgent.sg_mem, user)) { removed = 1; sgent.sg_mem = del_list (sgent.sg_mem, user); } + } #endif if (!removed) { fprintf (stderr, _("%s: unknown member %s\n"),