* NEWS: Fix failures when the gshadow file is not present. Thanks

   to Christian Henz (http://bugs.debian.org/467488)
 * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
   the group file and set the grent structure
 * src/gpasswd.c (check_perms): The permissions should be checked
   using both the gshadow and group file. Add a <struct group *>
   parameter, and check if the gshadow file exists (is_shadowgrp).
 * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
   the gshadow file is not present (sgent is not initialized in that
   case). The fields of sgent can be set, but not used.

diff --git a/ChangeLog b/ChangeLog
index 2a4e2ba770c35777f3cf518734248b9db781cc53..7c57f2c51fdae6fe18fa02c58ef7a46ea45c259e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2008-02-26  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * NEWS: Fix failures when the gshadow file is not present. Thanks
+       to Christian Henz (http://bugs.debian.org/467488)
+       * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
+       the group file and set the grent structure
+       * src/gpasswd.c (check_perms): The permissions should be checked
+       using both the gshadow and group file. Add a <struct group *>
+       parameter, and check if the gshadow file exists (is_shadowgrp).
+       * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
+       the gshadow file is not present (sgent is not initialized in that
+       case). The fields of sgent can be set, but not used.
+
 2008-02-26  Nicolas François  <nicolas.francois@centraliens.net>
 
        * src/gpasswd.c: Fix typo in comment.

diff --git a/NEWS b/NEWS
index 4f492ee960a71ebd76b537c5f3aa125cc51308b0..5e85b8799ae5bb522fd0af20327b938dfa870c79 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ shadow-4.1.0 -> shadow-4.1.1                                          UNRELEASED
 - chage
   * Fix bug which forbid to set the aging information of an account with a
     passwd entry, but no shadow entry.
+- gpasswd
+  * Fix failures when the gshadow file is not present.
 - groupadd
   * New option -p/--password to specify an encrypted password.
   * New option -r, --system for system accounts.

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 89f1600611a6b30407fee8cbf9097ee5c5967af9..fa3a12967b7ab62e5f8776a3d6058e1078a682ab 100644 (file)
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -93,7 +93,7 @@ static void open_files (void);
 static void close_files (void);
 #ifdef SHADOWGRP
 static void get_group (struct group *gr, struct sgrp *sg);
-static void check_perms (const struct sgrp *sg);
+static void check_perms (const struct group *gr, const struct sgrp *sg);
 static void update_group (struct group *gr, struct sgrp *sg);
 static void change_passwd (struct group *gr, struct sgrp *sg);
 #else
@@ -400,12 +400,13 @@ static void close_files (void)
  *     It only returns if the user is allowed.
  */
 #ifdef SHADOWGRP
-static void check_perms (const struct sgrp *sg)
+static void check_perms (const struct group *gr, const struct sgrp *sg)
 #else
 static void check_perms (const struct group *gr)
 #endif
 {
 #ifdef SHADOWGRP
+       if (is_shadowgrp) {
        /*
         * The policy here for changing a group is that 1) you must be root
         * or 2). you must be listed as an administrative member.
@@ -419,8 +420,9 @@ static void check_perms (const struct group *gr)
 #endif
                failure ();
        }
-#else                          /* ! SHADOWGRP */
-
+       } else
+#endif                         /* ! SHADOWGRP */
+       {
 #ifdef FIRST_MEMBER_IS_ADMIN
        /*
         * The policy here for changing a group is that 1) you must be root
@@ -460,7 +462,7 @@ static void check_perms (const struct group *gr)
                failure ();
        }
 #endif
-#endif                         /* SHADOWGRP */
+       }
 }
 
 /*
@@ -499,6 +501,8 @@ static void update_group (struct group *gr)
  *
  *     The information are copied in group structure(s) so that they can be
  *     modified later.
+ *
+ *     Note: If !is_shadowgrp, *sg will not be initialized.
  */
 #ifdef SHADOWGRP
 static void get_group (struct group *gr, struct sgrp *sg)
@@ -545,6 +549,7 @@ static void get_group (struct group *gr)
        }
 
 #ifdef SHADOWGRP
+       if (is_shadowgrp) {
        if (sgr_open (O_RDONLY) == 0) {
                fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
                SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
@@ -590,6 +595,7 @@ static void get_group (struct group *gr)
 #endif
                exit (1);
        }
+       }
 #endif                         /* SHADOWGRP */
 }
 
@@ -751,7 +757,7 @@ int main (int argc, char **argv)
         * Check if the user is allowed to change the password of this group.
         */
 #ifdef SHADOWGRP
-       check_perms (&sgent);
+       check_perms (&grent, &sgent);
 #else
        check_perms (&grent);
 #endif
@@ -798,7 +804,9 @@ int main (int argc, char **argv)
                printf (_("Adding user %s to group %s\n"), user, group);
                grent.gr_mem = add_list (grent.gr_mem, user);
 #ifdef SHADOWGRP
+               if (is_shadowgrp) {
                sgent.sg_mem = add_list (sgent.sg_mem, user);
+               }
 #endif
 #ifdef WITH_AUDIT
                audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
@@ -823,10 +831,12 @@ int main (int argc, char **argv)
                        grent.gr_mem = del_list (grent.gr_mem, user);
                }
 #ifdef SHADOWGRP
+               if (is_shadowgrp) {
                if (is_on_list (sgent.sg_mem, user)) {
                        removed = 1;
                        sgent.sg_mem = del_list (sgent.sg_mem, user);
                }
+               }
 #endif
                if (!removed) {
                        fprintf (stderr, _("%s: unknown member %s\n"),