(main, check_perms): New function check_perms().

Split the validation of the user's permissions out of main()

diff --git a/ChangeLog b/ChangeLog
index d125fc0b4b90f65092e3d16af3c0432a7b21827b..912df94c4d8cbabb87b5ff893c8caefc3cc4cb20 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@
        an explicit call to audit_logger().
        * src/groupadd.c (main): Before pam_end(), the return value of the
        previous pam API was already checked. No need to validate it again.
+       * src/groupadd.c (main, check_perms): New function check_perms().
+       Split the validation of the user's permissions out of main()
 
 2007-12-28  Nicolas François  <nicolas.francois@centraliens.net>
 

diff --git a/src/groupadd.c b/src/groupadd.c
index 05e3ff525c833db4277d08c054d8adc04c1fd3bc..d28a22b9c05b1534e2ffe8c92ef1ef6def7671aa 100644 (file)
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -91,6 +91,7 @@ static void open_files (void);
 static void fail_exit (int code);
 static gid_t get_gid (const char *gidstr);
 static void process_flags (int argc, char **argv);
+static void check_perms (void);
 
 /*
  * usage - display usage message and exit
@@ -480,48 +481,28 @@ static void process_flags (int argc, char **argv)
 }
 
 /*
- * main - groupadd command
+ * check_perms - check if the caller is allowed to add a group
+ *
+ *     With PAM support, the setuid bit can be set on groupadd to allow
+ *     non-root users to groups.
+ *     Without PAM support, only users who can write in the group databases
+ *     can add groups.
  */
-int main (int argc, char **argv)
+static void check_perms (void)
 {
 #ifdef USE_PAM
        pam_handle_t *pamh = NULL;
-       int retval;
-#endif
-
-#ifdef WITH_AUDIT
-       audit_help_open ();
-#endif
-       /*
-        * Get my name so that I can use it to report errors.
-        */
-       Prog = Basename (argv[0]);
-
-       setlocale (LC_ALL, "");
-       bindtextdomain (PACKAGE, LOCALEDIR);
-       textdomain (PACKAGE);
-
-       OPENLOG ("groupadd");
-
-       /*
-        * Parse the command line options.
-        */
-       process_flags (argc, argv);
-
-#ifdef USE_PAM
-       retval = PAM_SUCCESS;
+       int retval = PAM_SUCCESS;
+       struct passwd *pampw;
 
-       {
-               struct passwd *pampw;
-               pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-               if (pampw == NULL) {
-                       retval = PAM_USER_UNKNOWN;
-               }
+       pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+       if (pampw == NULL) {
+               retval = PAM_USER_UNKNOWN;
+       }
 
-               if (retval == PAM_SUCCESS) {
-                       retval = pam_start ("groupadd", pampw->pw_name,
-                                           &conv, &pamh);
-               }
+       if (retval == PAM_SUCCESS) {
+               retval = pam_start ("groupadd", pampw->pw_name,
+                                   &conv, &pamh);
        }
 
        if (retval == PAM_SUCCESS) {
@@ -543,6 +524,33 @@ int main (int argc, char **argv)
                exit (1);
        }
 #endif                         /* USE_PAM */
+}
+
+/*
+ * main - groupadd command
+ */
+int main (int argc, char **argv)
+{
+#ifdef WITH_AUDIT
+       audit_help_open ();
+#endif
+       /*
+        * Get my name so that I can use it to report errors.
+        */
+       Prog = Basename (argv[0]);
+
+       setlocale (LC_ALL, "");
+       bindtextdomain (PACKAGE, LOCALEDIR);
+       textdomain (PACKAGE);
+
+       OPENLOG ("groupadd");
+
+       /*
+        * Parse the command line options.
+        */
+       process_flags (argc, argv);
+
+       check_perms ();
 
 #ifdef SHADOWGRP
        is_shadow_grp = sgr_file_present ();