* NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488) * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use the group file and set the grent structure * src/gpasswd.c (check_perms): The permissions should be checked using both the gshadow and group file. Add a <struct group *> parameter, and check if the gshadow file exists (is_shadowgrp). * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if the gshadow file is not present (sgent is not initialized in that case). The fields of sgent can be set, but not used.
This commit is contained in:
nekral-guest
parent
db479122f3
commit
2a2b2b3aa4
13
ChangeLog
13
ChangeLog
@ -1,3 +1,16 @@
|
|||||||
|
2008-02-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* NEWS: Fix failures when the gshadow file is not present. Thanks
|
||||||
|
to Christian Henz (http://bugs.debian.org/467488)
|
||||||
|
* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
|
||||||
|
the group file and set the grent structure
|
||||||
|
* src/gpasswd.c (check_perms): The permissions should be checked
|
||||||
|
using both the gshadow and group file. Add a <struct group *>
|
||||||
|
parameter, and check if the gshadow file exists (is_shadowgrp).
|
||||||
|
* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
|
||||||
|
the gshadow file is not present (sgent is not initialized in that
|
||||||
|
case). The fields of sgent can be set, but not used.
|
||||||
|
|
||||||
2008-02-26 Nicolas François <nicolas.francois@centraliens.net>
|
2008-02-26 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/gpasswd.c: Fix typo in comment.
|
* src/gpasswd.c: Fix typo in comment.
|
||||||
|
|||||||
2
NEWS
2
NEWS
@ -21,6 +21,8 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
|
|||||||
- chage
|
- chage
|
||||||
* Fix bug which forbid to set the aging information of an account with a
|
* Fix bug which forbid to set the aging information of an account with a
|
||||||
passwd entry, but no shadow entry.
|
passwd entry, but no shadow entry.
|
||||||
|
- gpasswd
|
||||||
|
* Fix failures when the gshadow file is not present.
|
||||||
- groupadd
|
- groupadd
|
||||||
* New option -p/--password to specify an encrypted password.
|
* New option -p/--password to specify an encrypted password.
|
||||||
* New option -r, --system for system accounts.
|
* New option -r, --system for system accounts.
|
||||||
|
|||||||
@ -93,7 +93,7 @@ static void open_files (void);
|
|||||||
static void close_files (void);
|
static void close_files (void);
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
static void get_group (struct group *gr, struct sgrp *sg);
|
static void get_group (struct group *gr, struct sgrp *sg);
|
||||||
static void check_perms (const struct sgrp *sg);
|
static void check_perms (const struct group *gr, const struct sgrp *sg);
|
||||||
static void update_group (struct group *gr, struct sgrp *sg);
|
static void update_group (struct group *gr, struct sgrp *sg);
|
||||||
static void change_passwd (struct group *gr, struct sgrp *sg);
|
static void change_passwd (struct group *gr, struct sgrp *sg);
|
||||||
#else
|
#else
|
||||||
@ -400,12 +400,13 @@ static void close_files (void)
|
|||||||
* It only returns if the user is allowed.
|
* It only returns if the user is allowed.
|
||||||
*/
|
*/
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
static void check_perms (const struct sgrp *sg)
|
static void check_perms (const struct group *gr, const struct sgrp *sg)
|
||||||
#else
|
#else
|
||||||
static void check_perms (const struct group *gr)
|
static void check_perms (const struct group *gr)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
|
if (is_shadowgrp) {
|
||||||
/*
|
/*
|
||||||
* The policy here for changing a group is that 1) you must be root
|
* The policy here for changing a group is that 1) you must be root
|
||||||
* or 2). you must be listed as an administrative member.
|
* or 2). you must be listed as an administrative member.
|
||||||
@ -419,8 +420,9 @@ static void check_perms (const struct group *gr)
|
|||||||
#endif
|
#endif
|
||||||
failure ();
|
failure ();
|
||||||
}
|
}
|
||||||
#else /* ! SHADOWGRP */
|
} else
|
||||||
|
#endif /* ! SHADOWGRP */
|
||||||
|
{
|
||||||
#ifdef FIRST_MEMBER_IS_ADMIN
|
#ifdef FIRST_MEMBER_IS_ADMIN
|
||||||
/*
|
/*
|
||||||
* The policy here for changing a group is that 1) you must be root
|
* The policy here for changing a group is that 1) you must be root
|
||||||
@ -460,7 +462,7 @@ static void check_perms (const struct group *gr)
|
|||||||
failure ();
|
failure ();
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif /* SHADOWGRP */
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -499,6 +501,8 @@ static void update_group (struct group *gr)
|
|||||||
*
|
*
|
||||||
* The information are copied in group structure(s) so that they can be
|
* The information are copied in group structure(s) so that they can be
|
||||||
* modified later.
|
* modified later.
|
||||||
|
*
|
||||||
|
* Note: If !is_shadowgrp, *sg will not be initialized.
|
||||||
*/
|
*/
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
static void get_group (struct group *gr, struct sgrp *sg)
|
static void get_group (struct group *gr, struct sgrp *sg)
|
||||||
@ -545,6 +549,7 @@ static void get_group (struct group *gr)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
|
if (is_shadowgrp) {
|
||||||
if (sgr_open (O_RDONLY) == 0) {
|
if (sgr_open (O_RDONLY) == 0) {
|
||||||
fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
|
fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
|
||||||
SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
|
SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
|
||||||
@ -590,6 +595,7 @@ static void get_group (struct group *gr)
|
|||||||
#endif
|
#endif
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -751,7 +757,7 @@ int main (int argc, char **argv)
|
|||||||
* Check if the user is allowed to change the password of this group.
|
* Check if the user is allowed to change the password of this group.
|
||||||
*/
|
*/
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
check_perms (&sgent);
|
check_perms (&grent, &sgent);
|
||||||
#else
|
#else
|
||||||
check_perms (&grent);
|
check_perms (&grent);
|
||||||
#endif
|
#endif
|
||||||
@ -798,7 +804,9 @@ int main (int argc, char **argv)
|
|||||||
printf (_("Adding user %s to group %s\n"), user, group);
|
printf (_("Adding user %s to group %s\n"), user, group);
|
||||||
grent.gr_mem = add_list (grent.gr_mem, user);
|
grent.gr_mem = add_list (grent.gr_mem, user);
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
|
if (is_shadowgrp) {
|
||||||
sgent.sg_mem = add_list (sgent.sg_mem, user);
|
sgent.sg_mem = add_list (sgent.sg_mem, user);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
|
||||||
@ -823,10 +831,12 @@ int main (int argc, char **argv)
|
|||||||
grent.gr_mem = del_list (grent.gr_mem, user);
|
grent.gr_mem = del_list (grent.gr_mem, user);
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
|
if (is_shadowgrp) {
|
||||||
if (is_on_list (sgent.sg_mem, user)) {
|
if (is_on_list (sgent.sg_mem, user)) {
|
||||||
removed = 1;
|
removed = 1;
|
||||||
sgent.sg_mem = del_list (sgent.sg_mem, user);
|
sgent.sg_mem = del_list (sgent.sg_mem, user);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
if (!removed) {
|
if (!removed) {
|
||||||
fprintf (stderr, _("%s: unknown member %s\n"),
|
fprintf (stderr, _("%s: unknown member %s\n"),
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user