{
#ifdef SHADOWGRP
if (is_shadowgrp) {
- /*
- * The policy here for changing a group is that 1) you must be root
- * or 2). you must be listed as an administrative member.
- * Administrative members can do anything to a group that the root
- * user can.
- */
- if (!amroot && !is_on_list (sg->sg_adm, myname)) {
+ /*
+ * The policy here for changing a group is that
+ * 1) you must be root or
+ * 2) you must be listed as an administrative member.
+ * Administrative members can do anything to a group that
+ * the root user can.
+ */
+ if (!amroot && !is_on_list (sg->sg_adm, myname)) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modify group", group, -1, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "modify group", group, -1, 0);
#endif
- failure ();
- }
+ failure ();
+ }
} else
#endif /* ! SHADOWGRP */
{
#ifdef FIRST_MEMBER_IS_ADMIN
- /*
- * The policy here for changing a group is that 1) you must be root
- * or 2) you must be the first listed member of the group. The
- * first listed member of a group can do anything to that group that
- * the root user can. The rationale for this hack is that the FIRST
- * user is probably the most important user in this entire group.
- */
- /*
- * This feature enabled by default could be a security problem when
- * installed on existing systems where the first group member might
- * be just a normal user. --marekm
- */
- if (!amroot) {
- if (gr->gr_mem[0] == (char *) 0) {
+ /*
+ * The policy here for changing a group is that
+ * 1) you must be root or
+ * 2) you must be the first listed member of the group.
+ * The first listed member of a group can do anything to
+ * that group that the root user can. The rationale for
+ * this hack is that the FIRST user is probably the most
+ * important user in this entire group.
+ *
+ * This feature enabled by default could be a security
+ * problem when installed on existing systems where the
+ * first group member might be just a normal user.
+ * --marekm
+ */
+ if (!amroot) {
+ if (gr->gr_mem[0] == (char *) 0) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modifying group", group, -1, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "modifying group", group, -1, 0);
#endif
- failure ();
- }
+ failure ();
+ }
- if (strcmp (gr->gr_mem[0], myname) != 0) {
+ if (strcmp (gr->gr_mem[0], myname) != 0) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modifying group", myname, -1, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "modifying group", myname, -1, 0);
#endif
- failure ();
+ failure ();
+ }
}
- }
#else /* ! FIRST_MEMBER_IS_ADMIN */
- if (!amroot) {
+ if (!amroot) {
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "modifying group", group, -1, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "modifying group", group, -1, 0);
#endif
- failure ();
- }
+ failure ();
+ }
#endif
}
}
#ifdef SHADOWGRP
if (is_shadowgrp) {
- if (sgr_open (O_RDONLY) == 0) {
- fprintf (stderr, _("%s: can't open shadow file\n"), Prog);
- SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
+ if (sgr_open (O_RDONLY) == 0) {
+ fprintf (stderr,
+ _("%s: can't open shadow file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot open /etc/gshadow"));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "opening /etc/gshadow", group, -1, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "opening /etc/gshadow", group, -1, 0);
#endif
- exit (1);
- }
- tmpsg = sgr_locate (group);
- if (NULL != tmpsg) {
- *sg = *tmpsg;
- sg->sg_name = xstrdup (tmpsg->sg_name);
- sg->sg_passwd = xstrdup (tmpsg->sg_passwd);
-
- sg->sg_mem = dup_list (tmpsg->sg_mem);
- sg->sg_adm = dup_list (tmpsg->sg_adm);
- } else {
- sg->sg_name = xstrdup (group);
- sg->sg_passwd = gr->gr_passwd;
- gr->gr_passwd = "!"; /* XXX warning: const */
+ exit (1);
+ }
+ tmpsg = sgr_locate (group);
+ if (NULL != tmpsg) {
+ *sg = *tmpsg;
+ sg->sg_name = xstrdup (tmpsg->sg_name);
+ sg->sg_passwd = xstrdup (tmpsg->sg_passwd);
+
+ sg->sg_mem = dup_list (tmpsg->sg_mem);
+ sg->sg_adm = dup_list (tmpsg->sg_adm);
+ } else {
+ sg->sg_name = xstrdup (group);
+ sg->sg_passwd = gr->gr_passwd;
+ gr->gr_passwd = "!"; /* XXX warning: const */
- sg->sg_mem = dup_list (gr->gr_mem);
+ sg->sg_mem = dup_list (gr->gr_mem);
- sg->sg_adm = (char **) xmalloc (sizeof (char *) * 2);
+ sg->sg_adm = (char **) xmalloc (sizeof (char *) * 2);
#ifdef FIRST_MEMBER_IS_ADMIN
- if (sg->sg_mem[0]) {
- sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
- sg->sg_adm[1] = NULL;
- } else
+ if (sg->sg_mem[0]) {
+ sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
+ sg->sg_adm[1] = NULL;
+ } else
#endif
- {
- sg->sg_adm[0] = NULL;
- }
+ {
+ sg->sg_adm[0] = NULL;
+ }
- }
- if (sgr_close () == 0) {
- fprintf (stderr, _("%s: can't close shadow file\n"), Prog);
- SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
+ }
+ if (sgr_close () == 0) {
+ fprintf (stderr,
+ _("%s: can't close shadow file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot close /etc/gshadow"));
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "closing /etc/gshadow", group, -1, 0);
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "closing /etc/gshadow", group, -1, 0);
#endif
- exit (1);
- }
+ exit (1);
+ }
}
#endif /* SHADOWGRP */
}
fputs (_("Who are you?\n"), stderr);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "user lookup", NULL,
- bywho, 0);
+ bywho, 0);
#endif
failure ();
}
#endif
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "deleting group password", group, -1, 1);
+ "deleting group password", group, -1, 1);
#endif
SYSLOG ((LOG_INFO, "remove password from group %s by %s",
- group, myname));
+ group, myname));
goto output;
} else if (Rflg) {
/*
#endif
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "restrict access to group", group, -1, 1);
+ "restrict access to group", group, -1, 1);
#endif
SYSLOG ((LOG_INFO, "restrict access to group %s by %s",
group, myname));
grent.gr_mem = add_list (grent.gr_mem, user);
#ifdef SHADOWGRP
if (is_shadowgrp) {
- sgent.sg_mem = add_list (sgent.sg_mem, user);
+ sgent.sg_mem = add_list (sgent.sg_mem, user);
}
#endif
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group member",
- user, -1, 1);
+ user, -1, 1);
#endif
SYSLOG ((LOG_INFO, "add member %s to group %s by %s", user,
- group, myname));
+ group, myname));
goto output;
}
}
#ifdef SHADOWGRP
if (is_shadowgrp) {
- if (is_on_list (sgent.sg_mem, user)) {
- removed = 1;
- sgent.sg_mem = del_list (sgent.sg_mem, user);
- }
+ if (is_on_list (sgent.sg_mem, user)) {
+ removed = 1;
+ sgent.sg_mem = del_list (sgent.sg_mem, user);
+ }
}
#endif
if (!removed) {
fprintf (stderr, _("%s: unknown member %s\n"),
- Prog, user);
+ Prog, user);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "deleting member", user, -1, 0);
+ "deleting member", user, -1, 0);
#endif
exit (1);
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting member",
- user, -1, 1);
+ user, -1, 1);
#endif
SYSLOG ((LOG_INFO, "remove member %s from group %s by %s",
- user, group, myname));
+ user, group, myname));
goto output;
}
#ifdef SHADOWGRP
if (Aflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "setting group admin",
- group, -1, 1);
+ group, -1, 1);
#endif
SYSLOG ((LOG_INFO, "set administrators of %s to %s",
- group, admins));
+ group, admins));
sgent.sg_adm = comma_to_list (admins);
if (!Mflg) {
goto output;
if (Mflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
- "setting group members", group, -1, 1);
+ "setting group members", group, -1, 1);
#endif
SYSLOG ((LOG_INFO, "set members of %s to %s", group, members));
#ifdef SHADOWGRP
fprintf (stderr, _("%s: Not a tty\n"), Prog);
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "changing password",
- group, -1, 0);
+ group, -1, 0);
#endif
exit (1);
}
SYSLOG ((LOG_ERR, "can't setuid(0)"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "changing id to root",
- group, -1, 0);
+ group, -1, 0);
#endif
closelog ();
exit (1);
projects / shadow / commitdiff