* NEWS, src/gpasswd.c: Read the group and shadow groups using

gr_locate and sgr_locate. gpasswd write in the file database. Thus it should read information from the file database, not using getgrnam. The change to sgr_locate is just for consistency. This requires opening the group databases (read only) using gr_open/sgr_open. * NEWS: Indicate that manpages should be re-generated if configure option are changed, due to conditions.
2007-11-22 21:55:12 +00:00 · 2007-11-22 21:55:12 +00:00 · a0488ccac2
commit a0488ccac2
parent b2c58c81ed
3 changed files with 58 additions and 8 deletions
--- a/11
+++ b/11
@ -1,3 +1,12 @@
+2007-11-22  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, src/gpasswd.c: Read the group and shadow groups using
+	gr_locate and sgr_locate. gpasswd write in the file database. Thus
+	it should read information from the file database, not using
+	getgrnam. The change to sgr_locate is just for consistency. This
+	requires opening the group databases (read only) using
+	gr_open/sgr_open.
+
 2007-11-22  Nicolas François  <nicolas.francois@centraliens.net>

 	* configure.in: SHADOWGRP added to AM_CONDITIONAL for the
@ -8,6 +17,8 @@
 	gshadow/no_gshadow condition.
 	* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
 	change the manpage depending on the shadow group support.
+	* NEWS: Indicate that manpages should be re-generated if configure
+	option are changed, due to conditions.

 2007-11-22  Nicolas François  <nicolas.francois@centraliens.net>

--- a/6
+++ b/6
@ -43,9 +43,15 @@ shadow-4.0.18.1 -> shadow-4.0.18.2					UNRELEASED
  passwordless account.
 - Full review of the usage of getpwnam(), getpwuid(), getgrnam(),
  getgrgid(), and getspnam(). There should be no functional changes.
+- gpasswd: Only read information from the local file group database. It
+  writes the changes in /etc/group and/or /etc/gshadow, but used to read
+  information from getgrnam (hence possibly from another group database).

 *** documentation:
 - Generate the translated manpages from PO at build time.
+- The generated manpages will change depending on the configure options.
+  If you use different options than the one used for the distributed
+  archive, you should re-generate the manpages.

 shadow-4.0.18.1 -> shadow-4.0.18.2					28-10-2007

--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@ -171,12 +171,12 @@ int main (int argc, char **argv)
 	char *cp;
 	int amroot;
 	int retries;
-	struct group *gr = NULL;
+	struct group const*gr = NULL;
 	struct group grent;
 	static char pass[BUFSIZ];

 #ifdef	SHADOWGRP
-	struct sgrp *sg = NULL;
+	struct sgrp const*sg = NULL;
 	struct sgrp sgent;
 	char *admins = NULL;
 #endif
@ -314,14 +314,20 @@ int main (int argc, char **argv)
 	 * will be completely replicated so it may be modified later on.
 	 */

-	/*
-	 * XXX - should get the entry using gr_locate() and modify that,
-	 * getgrnam() could give us a NIS group.  --marekm
-	 */
 	if (!(group = argv[optind]))
 		usage ();

-	if (!(gr = getgrnam (group))) { /* dup, no need for xgetgrnam */
+	if (!gr_open (O_RDONLY)) {
+		fprintf (stderr, _("%s: can't open file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot open /etc/group"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "opening /etc/group",
+			      group, -1, 0);
+#endif
+		exit (1);
+	}
+
+	if (!(gr = gr_locate (group))) {
 		fprintf (stderr, _("unknown group: %s\n"), group);
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "group lookup", group,
@ -334,8 +340,26 @@ int main (int argc, char **argv)
 	grent.gr_passwd = xstrdup (gr->gr_passwd);

 	grent.gr_mem = dup_list (gr->gr_mem);
+	if (!gr_close ()) {
+		fprintf (stderr, _("%s: can't close file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot close /etc/group"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "closing /etc/group", group, -1, 0);
+#endif
+		exit (1);
+	}
 #ifdef	SHADOWGRP
-	if ((sg = getsgnam (group))) {
+	if (!sgr_open (O_RDONLY)) {
+		fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "opening /etc/gshadow", group, -1, 0);
+#endif
+		exit (1);
+	}
+	if ((sg = sgr_locate (group))) {
 		sgent = *sg;
 		sgent.sg_name = xstrdup (sg->sg_name);
 		sgent.sg_passwd = xstrdup (sg->sg_passwd);
@ -360,6 +384,15 @@ int main (int argc, char **argv)

 		sg = &sgent;
 	}
+	if (!sgr_close ()) {
+		fprintf (stderr, _("%s: can't close shadow file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			      "closing /etc/gshadow", group, -1, 0);
+#endif
+		exit (1);
+	}

 	/*
 	 * The policy here for changing a group is that 1) you must be root