+2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
+
+ * NEWS, src/gpasswd.c: Read the group and shadow groups using
+ gr_locate and sgr_locate. gpasswd write in the file database. Thus
+ it should read information from the file database, not using
+ getgrnam. The change to sgr_locate is just for consistency. This
+ requires opening the group databases (read only) using
+ gr_open/sgr_open.
+
2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
* configure.in: SHADOWGRP added to AM_CONDITIONAL for the
gshadow/no_gshadow condition.
* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
change the manpage depending on the shadow group support.
+ * NEWS: Indicate that manpages should be re-generated if configure
+ option are changed, due to conditions.
2007-11-22 Nicolas François <nicolas.francois@centraliens.net>
passwordless account.
- Full review of the usage of getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam(). There should be no functional changes.
+- gpasswd: Only read information from the local file group database. It
+ writes the changes in /etc/group and/or /etc/gshadow, but used to read
+ information from getgrnam (hence possibly from another group database).
*** documentation:
- Generate the translated manpages from PO at build time.
+- The generated manpages will change depending on the configure options.
+ If you use different options than the one used for the distributed
+ archive, you should re-generate the manpages.
shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007
char *cp;
int amroot;
int retries;
- struct group *gr = NULL;
+ struct group const*gr = NULL;
struct group grent;
static char pass[BUFSIZ];
#ifdef SHADOWGRP
- struct sgrp *sg = NULL;
+ struct sgrp const*sg = NULL;
struct sgrp sgent;
char *admins = NULL;
#endif
* will be completely replicated so it may be modified later on.
*/
- /*
- * XXX - should get the entry using gr_locate() and modify that,
- * getgrnam() could give us a NIS group. --marekm
- */
if (!(group = argv[optind]))
usage ();
- if (!(gr = getgrnam (group))) { /* dup, no need for xgetgrnam */
+ if (!gr_open (O_RDONLY)) {
+ fprintf (stderr, _("%s: can't open file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot open /etc/group"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "opening /etc/group",
+ group, -1, 0);
+#endif
+ exit (1);
+ }
+
+ if (!(gr = gr_locate (group))) {
fprintf (stderr, _("unknown group: %s\n"), group);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "group lookup", group,
grent.gr_passwd = xstrdup (gr->gr_passwd);
grent.gr_mem = dup_list (gr->gr_mem);
+ if (!gr_close ()) {
+ fprintf (stderr, _("%s: can't close file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot close /etc/group"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "closing /etc/group", group, -1, 0);
+#endif
+ exit (1);
+ }
#ifdef SHADOWGRP
- if ((sg = getsgnam (group))) {
+ if (!sgr_open (O_RDONLY)) {
+ fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "opening /etc/gshadow", group, -1, 0);
+#endif
+ exit (1);
+ }
+ if ((sg = sgr_locate (group))) {
sgent = *sg;
sgent.sg_name = xstrdup (sg->sg_name);
sgent.sg_passwd = xstrdup (sg->sg_passwd);
sg = &sgent;
}
+ if (!sgr_close ()) {
+ fprintf (stderr, _("%s: can't close shadow file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "closing /etc/gshadow", group, -1, 0);
+#endif
+ exit (1);
+ }
/*
* The policy here for changing a group is that 1) you must be root
projects / shadow / commitdiff