* NEWS, src/groupmod.c: When the gshadow file exists but there are

no gshadow entries, an entry is created if the password is changed
	and group requires a shadow entry.
This commit is contained in:
nekral-guest 2011-07-14 13:30:05 +00:00
parent d4e630b8cc
commit a7fee9db00
3 changed files with 43 additions and 5 deletions

View File

@ -1,3 +1,9 @@
2011-07-14 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/groupmod.c: When the gshadow file exists but there are
no gshadow entries, an entry is created if the password is changed
and group requires a shadow entry.
2011-07-14 Nicolas François <nicolas.francois@centraliens.net> 2011-07-14 Nicolas François <nicolas.francois@centraliens.net>
* src/usermod.c: Fix typo in comment. * src/usermod.c: Fix typo in comment.

3
NEWS
View File

@ -25,6 +25,9 @@ shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED
specified. specified.
- groupmod - groupmod
* Fixed groupmod when configured with --enable-account-tools-setuid. * Fixed groupmod when configured with --enable-account-tools-setuid.
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
-login -login
* Fixed limits support (non PAM enabled versions only) * Fixed limits support (non PAM enabled versions only)
* Added support for infinite limits and group based limits (non PAM * Added support for infinite limits and group based limits (non PAM

View File

@ -2,7 +2,7 @@
* Copyright (c) 1991 - 1994, Julianne Frances Haugh * Copyright (c) 1991 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 2000, Marek Michałkiewicz * Copyright (c) 1996 - 2000, Marek Michałkiewicz
* Copyright (c) 2000 - 2006, Tomasz Kłoczko * Copyright (c) 2000 - 2006, Tomasz Kłoczko
* Copyright (c) 2007 - 2009, Nicolas François * Copyright (c) 2007 - 2011, Nicolas François
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -147,7 +147,17 @@ static void new_grent (struct group *grent)
grent->gr_gid = group_newid; grent->gr_gid = group_newid;
} }
if (pflg) { if ( pflg
#ifdef SHADOWGRP
&& ( (!is_shadow_grp)
|| (strcmp (grent->gr_passwd, SHADOW_PASSWD_STRING) != 0))
#endif
) {
/* Update the password in group if there is no gshadow
* file or if the password is currently in group
* (gr_passwd != "x"). We do not force the usage of
* shadow passwords if it was not the case before.
*/
grent->gr_passwd = group_passwd; grent->gr_passwd = group_passwd;
} }
} }
@ -165,6 +175,13 @@ static void new_sgent (struct sgrp *sgent)
sgent->sg_name = xstrdup (group_newname); sgent->sg_name = xstrdup (group_newname);
} }
/* Always update the shadowed password if there is a shadow entry
* (even if shadowed passwords might not be enabled for this group
* (gr_passwd != "x")).
* It seems better to update the password in both places in case a
* shadow and a non shadow entry exist.
* This might occur only if there were already both entries.
*/
if (pflg) { if (pflg) {
sgent->sg_passwd = group_passwd; sgent->sg_passwd = group_passwd;
} }
@ -205,9 +222,21 @@ static void grp_update (void)
if (NULL != osgrp) { if (NULL != osgrp) {
sgrp = *osgrp; sgrp = *osgrp;
new_sgent (&sgrp); new_sgent (&sgrp);
if (pflg) { } else if ( pflg
grp.gr_passwd = SHADOW_PASSWD_STRING; && (strcmp (grp.gr_passwd, SHADOW_PASSWD_STRING) == 0)) {
} static char *empty = NULL;
/* If there is a gshadow file with no entries for
* the group, but the group file indicates a
* shadowed password, we force the creation of a
* gshadow entry when a new password is requested.
*/
memset (&sgrp, 0, sizeof sgrp);
sgrp.sg_name = xstrdup (grp.gr_name);
sgrp.sg_passwd = xstrdup (grp.gr_passwd);
sgrp.sg_adm = &empty;
sgrp.sg_mem = dup_list (grp.gr_mem);
new_sgent (&sgrp);
osgrp = &sgrp; /* entry needs to be committed */
} }
} }
#endif /* SHADOWGRP */ #endif /* SHADOWGRP */