emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

(main, check_perms): New function check_perms().

Browse Source 
Split the validation of the user's permissions out of main()
This commit is contained in:
nekral-guest 2007-12-28 20:46:24 +00:00
parent 6d09b4ce4d
commit 605a338216
2 changed files with 46 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -10,6 +10,8 @@
an explicit call to audit_logger(). an explicit call to audit_logger().
* src/groupadd.c (main): Before pam_end(), the return value of the * src/groupadd.c (main): Before pam_end(), the return value of the
previous pam API was already checked. No need to validate it again. previous pam API was already checked. No need to validate it again.
* src/groupadd.c (main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()
2007-12-28 Nicolas François <nicolas.francois@centraliens.net> 2007-12-28 Nicolas François <nicolas.francois@centraliens.net>

80
src/groupadd.c
View File

@ -91,6 +91,7 @@ static void open_files (void);
static void fail_exit (int code); static void fail_exit (int code);
static gid_t get_gid (const char *gidstr); static gid_t get_gid (const char *gidstr);
static void process_flags (int argc, char **argv); static void process_flags (int argc, char **argv);
static void check_perms (void);
/* /*
* usage - display usage message and exit * usage - display usage message and exit
@ -480,48 +481,28 @@ static void process_flags (int argc, char **argv)
} }
/* /*
* main - groupadd command * check_perms - check if the caller is allowed to add a group
*
* With PAM support, the setuid bit can be set on groupadd to allow
* non-root users to groups.
* Without PAM support, only users who can write in the group databases
* can add groups.
*/ */
int main (int argc, char **argv) static void check_perms (void)
{ {
#ifdef USE_PAM #ifdef USE_PAM
pam_handle_t *pamh = NULL; pam_handle_t *pamh = NULL;
int retval; int retval = PAM_SUCCESS;
#endif struct passwd *pampw;
#ifdef WITH_AUDIT pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
audit_help_open (); if (pampw == NULL) {
#endif retval = PAM_USER_UNKNOWN;
/* }
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
setlocale (LC_ALL, ""); if (retval == PAM_SUCCESS) {
bindtextdomain (PACKAGE, LOCALEDIR); retval = pam_start ("groupadd", pampw->pw_name,
textdomain (PACKAGE); &conv, &pamh);
OPENLOG ("groupadd");
/*
* Parse the command line options.
*/
process_flags (argc, argv);
#ifdef USE_PAM
retval = PAM_SUCCESS;
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (retval == PAM_SUCCESS) {
retval = pam_start ("groupadd", pampw->pw_name,
&conv, &pamh);
}
} }
if (retval == PAM_SUCCESS) { if (retval == PAM_SUCCESS) {
@ -543,6 +524,33 @@ int main (int argc, char **argv)
exit (1); exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
}
/*
* main - groupadd command
*/
int main (int argc, char **argv)
{
#ifdef WITH_AUDIT
audit_help_open ();
#endif
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
OPENLOG ("groupadd");
/*
* Parse the command line options.
*/
process_flags (argc, argv);
check_perms ();
#ifdef SHADOWGRP #ifdef SHADOWGRP
is_shadow_grp = sgr_file_present (); is_shadow_grp = sgr_file_present ();