emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Re-indent.

Browse Source
This commit is contained in:
nekral-guest 2008-02-26 19:17:20 +00:00
parent 2a2b2b3aa4
commit f43a4659c6
1 changed files with 107 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/gpasswd.c
View File

@ -408,10 +408,11 @@ static void check_perms (const struct group *gr)
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadowgrp) { if (is_shadowgrp) {
/* /*
* The policy here for changing a group is that 1) you must be root * The policy here for changing a group is that
* or 2). you must be listed as an administrative member. * 1) you must be root or
* Administrative members can do anything to a group that the root * 2) you must be listed as an administrative member.
* user can. * Administrative members can do anything to a group that
* the root user can.
*/ */
if (!amroot && !is_on_list (sg->sg_adm, myname)) { if (!amroot && !is_on_list (sg->sg_adm, myname)) {
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
@ -425,16 +426,18 @@ static void check_perms (const struct group *gr)
{ {
#ifdef FIRST_MEMBER_IS_ADMIN #ifdef FIRST_MEMBER_IS_ADMIN
/* /*
* The policy here for changing a group is that 1) you must be root * The policy here for changing a group is that
* or 2) you must be the first listed member of the group. The * 1) you must be root or
* first listed member of a group can do anything to that group that * 2) you must be the first listed member of the group.
* the root user can. The rationale for this hack is that the FIRST * The first listed member of a group can do anything to
* user is probably the most important user in this entire group. * that group that the root user can. The rationale for
*/ * this hack is that the FIRST user is probably the most
/* * important user in this entire group.
* This feature enabled by default could be a security problem when *
* installed on existing systems where the first group member might * This feature enabled by default could be a security
* be just a normal user. --marekm * problem when installed on existing systems where the
* first group member might be just a normal user.
* --marekm
*/ */
if (!amroot) { if (!amroot) {
if (gr->gr_mem[0] == (char *) 0) { if (gr->gr_mem[0] == (char *) 0) {
@ -551,7 +554,8 @@ static void get_group (struct group *gr)
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadowgrp) { if (is_shadowgrp) {
if (sgr_open (O_RDONLY) == 0) { if (sgr_open (O_RDONLY) == 0) {
fprintf (stderr, _("%s: can't open shadow file\n"), Prog); fprintf (stderr,
_("%s: can't open shadow file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot open /etc/gshadow")); SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@ -587,7 +591,8 @@ static void get_group (struct group *gr)
} }
if (sgr_close () == 0) { if (sgr_close () == 0) {
fprintf (stderr, _("%s: can't close shadow file\n"), Prog); fprintf (stderr,
_("%s: can't close shadow file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot close /etc/gshadow")); SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,