emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, src/gpasswd.c: Read the group and shadow groups using

Browse Source 
gr_locate and sgr_locate. gpasswd write in the file database. Thus
  it should read information from the file database, not using
  getgrnam. The change to sgr_locate is just for consistency. This
  requires opening the group databases (read only) using
  gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
  option are changed, due to conditions.
This commit is contained in:
nekral-guest 2007-11-22 21:55:12 +00:00
parent b2c58c81ed
commit a0488ccac2
3 changed files with 58 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,12 @@
2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/gpasswd.c: Read the group and shadow groups using
gr_locate and sgr_locate. gpasswd write in the file database. Thus
it should read information from the file database, not using
getgrnam. The change to sgr_locate is just for consistency. This
requires opening the group databases (read only) using
gr_open/sgr_open.
2007-11-22 Nicolas François <nicolas.francois@centraliens.net> 2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
* configure.in: SHADOWGRP added to AM_CONDITIONAL for the * configure.in: SHADOWGRP added to AM_CONDITIONAL for the
@ -8,6 +17,8 @@
gshadow/no_gshadow condition. gshadow/no_gshadow condition.
* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to * man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
change the manpage depending on the shadow group support. change the manpage depending on the shadow group support.
* NEWS: Indicate that manpages should be re-generated if configure
option are changed, due to conditions.
2007-11-22 Nicolas François <nicolas.francois@centraliens.net> 2007-11-22 Nicolas François <nicolas.francois@centraliens.net>

6
NEWS
View File

@ -43,9 +43,15 @@ shadow-4.0.18.1 -> shadow-4.0.18.2 UNRELEASED
passwordless account. passwordless account.
- Full review of the usage of getpwnam(), getpwuid(), getgrnam(), - Full review of the usage of getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam(). There should be no functional changes. getgrgid(), and getspnam(). There should be no functional changes.
- gpasswd: Only read information from the local file group database. It
writes the changes in /etc/group and/or /etc/gshadow, but used to read
information from getgrnam (hence possibly from another group database).
*** documentation: *** documentation:
- Generate the translated manpages from PO at build time. - Generate the translated manpages from PO at build time.
- The generated manpages will change depending on the configure options.
If you use different options than the one used for the distributed
archive, you should re-generate the manpages.
shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007 shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007

49
src/gpasswd.c
View File

@ -171,12 +171,12 @@ int main (int argc, char **argv)
char *cp; char *cp;
int amroot; int amroot;
int retries; int retries;
struct group *gr = NULL; struct group const*gr = NULL;
struct group grent; struct group grent;
static char pass[BUFSIZ]; static char pass[BUFSIZ];
#ifdef SHADOWGRP #ifdef SHADOWGRP
struct sgrp *sg = NULL; struct sgrp const*sg = NULL;
struct sgrp sgent; struct sgrp sgent;
char *admins = NULL; char *admins = NULL;
#endif #endif
@ -314,14 +314,20 @@ int main (int argc, char **argv)
* will be completely replicated so it may be modified later on. * will be completely replicated so it may be modified later on.
*/ */
/*
* XXX - should get the entry using gr_locate() and modify that,
* getgrnam() could give us a NIS group. --marekm
*/
if (!(group = argv[optind])) if (!(group = argv[optind]))
usage (); usage ();
if (!(gr = getgrnam (group))) { /* dup, no need for xgetgrnam */ if (!gr_open (O_RDONLY)) {
fprintf (stderr, _("%s: can't open file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot open /etc/group"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "opening /etc/group",
group, -1, 0);
#endif
exit (1);
}
if (!(gr = gr_locate (group))) {
fprintf (stderr, _("unknown group: %s\n"), group); fprintf (stderr, _("unknown group: %s\n"), group);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "group lookup", group, audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "group lookup", group,
@ -334,8 +340,26 @@ int main (int argc, char **argv)
grent.gr_passwd = xstrdup (gr->gr_passwd); grent.gr_passwd = xstrdup (gr->gr_passwd);
grent.gr_mem = dup_list (gr->gr_mem); grent.gr_mem = dup_list (gr->gr_mem);
if (!gr_close ()) {
fprintf (stderr, _("%s: can't close file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot close /etc/group"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"closing /etc/group", group, -1, 0);
#endif
exit (1);
}
#ifdef SHADOWGRP #ifdef SHADOWGRP
if ((sg = getsgnam (group))) { if (!sgr_open (O_RDONLY)) {
fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"opening /etc/gshadow", group, -1, 0);
#endif
exit (1);
}
if ((sg = sgr_locate (group))) {
sgent = *sg; sgent = *sg;
sgent.sg_name = xstrdup (sg->sg_name); sgent.sg_name = xstrdup (sg->sg_name);
sgent.sg_passwd = xstrdup (sg->sg_passwd); sgent.sg_passwd = xstrdup (sg->sg_passwd);
@ -360,6 +384,15 @@ int main (int argc, char **argv)
sg = &sgent; sg = &sgent;
} }
if (!sgr_close ()) {
fprintf (stderr, _("%s: can't close shadow file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"closing /etc/gshadow", group, -1, 0);
#endif
exit (1);
}
/* /*
* The policy here for changing a group is that 1) you must be root * The policy here for changing a group is that 1) you must be root