* NEWS: Fix failures when the gshadow file is not present. Thanks

to Christian Henz (http://bugs.debian.org/467488) * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use the group file and set the grent structure * src/gpasswd.c (check_perms): The permissions should be checked using both the gshadow and group file. Add a <struct group *> parameter, and check if the gshadow file exists (is_shadowgrp). * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if the gshadow file is not present (sgent is not initialized in that case). The fields of sgent can be set, but not used.
2008-02-26 19:09:10 +00:00 · 2008-02-26 19:09:10 +00:00 · 2a2b2b3aa4
commit 2a2b2b3aa4
parent db479122f3
3 changed files with 31 additions and 6 deletions
--- a/13
+++ b/13
@ -1,3 +1,16 @@
+2008-02-26  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS: Fix failures when the gshadow file is not present. Thanks
+	to Christian Henz (http://bugs.debian.org/467488)
+	* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
+	the group file and set the grent structure
+	* src/gpasswd.c (check_perms): The permissions should be checked
+	using both the gshadow and group file. Add a <struct group *>
+	parameter, and check if the gshadow file exists (is_shadowgrp).
+	* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
+	the gshadow file is not present (sgent is not initialized in that
+	case). The fields of sgent can be set, but not used.
+
 2008-02-26  Nicolas François  <nicolas.francois@centraliens.net>

 	* src/gpasswd.c: Fix typo in comment.
--- a/2
+++ b/2
@ -21,6 +21,8 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
 - chage
  * Fix bug which forbid to set the aging information of an account with a
    passwd entry, but no shadow entry.
+- gpasswd
+  * Fix failures when the gshadow file is not present.
 - groupadd
  * New option -p/--password to specify an encrypted password.
  * New option -r, --system for system accounts.
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@ -93,7 +93,7 @@ static void open_files (void);
 static void close_files (void);
 #ifdef SHADOWGRP
 static void get_group (struct group *gr, struct sgrp *sg);
-static void check_perms (const struct sgrp *sg);
+static void check_perms (const struct group *gr, const struct sgrp *sg);
 static void update_group (struct group *gr, struct sgrp *sg);
 static void change_passwd (struct group *gr, struct sgrp *sg);
 #else
@ -400,12 +400,13 @@ static void close_files (void)
 *	It only returns if the user is allowed.
 */
 #ifdef SHADOWGRP
-static void check_perms (const struct sgrp *sg)
+static void check_perms (const struct group *gr, const struct sgrp *sg)
 #else
 static void check_perms (const struct group *gr)
 #endif
 {
 #ifdef SHADOWGRP
+	if (is_shadowgrp) {
 	/*
 	 * The policy here for changing a group is that 1) you must be root
 	 * or 2). you must be listed as an administrative member.
@ -419,8 +420,9 @@ static void check_perms (const struct group *gr)
 #endif
 		failure ();
 	}
-#else				/* ! SHADOWGRP */
-
+	} else
+#endif				/* ! SHADOWGRP */
+	{
 #ifdef FIRST_MEMBER_IS_ADMIN
 	/*
 	 * The policy here for changing a group is that 1) you must be root
@ -460,7 +462,7 @@ static void check_perms (const struct group *gr)
 		failure ();
 	}
 #endif
-#endif				/* SHADOWGRP */
+	}
 }

 /*
@ -499,6 +501,8 @@ static void update_group (struct group *gr)
 *
 *	The information are copied in group structure(s) so that they can be
 *	modified later.
+ *
+ *	Note: If !is_shadowgrp, *sg will not be initialized.
 */
 #ifdef SHADOWGRP
 static void get_group (struct group *gr, struct sgrp *sg)
@ -545,6 +549,7 @@ static void get_group (struct group *gr)
 	}

 #ifdef SHADOWGRP
+	if (is_shadowgrp) {
 	if (sgr_open (O_RDONLY) == 0) {
 		fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
 		SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
@ -590,6 +595,7 @@ static void get_group (struct group *gr)
 #endif
 		exit (1);
 	}
+	}
 #endif				/* SHADOWGRP */
 }

@ -751,7 +757,7 @@ int main (int argc, char **argv)
 	 * Check if the user is allowed to change the password of this group.
 	 */
 #ifdef SHADOWGRP
-	check_perms (&sgent);
+	check_perms (&grent, &sgent);
 #else
 	check_perms (&grent);
 #endif
@ -798,7 +804,9 @@ int main (int argc, char **argv)
 		printf (_("Adding user %s to group %s\n"), user, group);
 		grent.gr_mem = add_list (grent.gr_mem, user);
 #ifdef SHADOWGRP
+		if (is_shadowgrp) {
 		sgent.sg_mem = add_list (sgent.sg_mem, user);
+		}
 #endif
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
@ -823,10 +831,12 @@ int main (int argc, char **argv)
 			grent.gr_mem = del_list (grent.gr_mem, user);
 		}
 #ifdef SHADOWGRP
+		if (is_shadowgrp) {
 		if (is_on_list (sgent.sg_mem, user)) {
 			removed = 1;
 			sgent.sg_mem = del_list (sgent.sg_mem, user);
 		}
+		}
 #endif
 		if (!removed) {
 			fprintf (stderr, _("%s: unknown member %s\n"),