(main, check_perms): New function check_perms().

Split the validation of the user's permissions out of main()
This commit is contained in:
nekral-guest 2007-12-28 20:46:24 +00:00
parent 6d09b4ce4d
commit 605a338216
2 changed files with 46 additions and 36 deletions

View File

@ -10,6 +10,8 @@
an explicit call to audit_logger().
* src/groupadd.c (main): Before pam_end(), the return value of the
previous pam API was already checked. No need to validate it again.
* src/groupadd.c (main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()
2007-12-28 Nicolas François <nicolas.francois@centraliens.net>

View File

@ -91,6 +91,7 @@ static void open_files (void);
static void fail_exit (int code);
static gid_t get_gid (const char *gidstr);
static void process_flags (int argc, char **argv);
static void check_perms (void);
/*
* usage - display usage message and exit
@ -480,48 +481,28 @@ static void process_flags (int argc, char **argv)
}
/*
* main - groupadd command
* check_perms - check if the caller is allowed to add a group
*
* With PAM support, the setuid bit can be set on groupadd to allow
* non-root users to groups.
* Without PAM support, only users who can write in the group databases
* can add groups.
*/
int main (int argc, char **argv)
static void check_perms (void)
{
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
int retval;
#endif
int retval = PAM_SUCCESS;
struct passwd *pampw;
#ifdef WITH_AUDIT
audit_help_open ();
#endif
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
OPENLOG ("groupadd");
/*
* Parse the command line options.
*/
process_flags (argc, argv);
#ifdef USE_PAM
retval = PAM_SUCCESS;
{
struct passwd *pampw;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (retval == PAM_SUCCESS) {
retval = pam_start ("groupadd", pampw->pw_name,
&conv, &pamh);
}
if (retval == PAM_SUCCESS) {
retval = pam_start ("groupadd", pampw->pw_name,
&conv, &pamh);
}
if (retval == PAM_SUCCESS) {
@ -543,6 +524,33 @@ int main (int argc, char **argv)
exit (1);
}
#endif /* USE_PAM */
}
/*
* main - groupadd command
*/
int main (int argc, char **argv)
{
#ifdef WITH_AUDIT
audit_help_open ();
#endif
/*
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
OPENLOG ("groupadd");
/*
* Parse the command line options.
*/
process_flags (argc, argv);
check_perms ();
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();