[Pkg-shadow-commits] r1507 - in upstream/trunk: . src

Thu Dec 27 19:08:32 UTC 2007

Author: nekral-guest
Date: 2007-12-27 19:08:31 +0000 (Thu, 27 Dec 2007)
New Revision: 1507

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/gpasswd.c
Log:
Simplify gpasswd's main():
New function: check_perms(). Split out of main() to simplify main().


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2007-12-27 18:52:40 UTC (rev 1506)
+++ upstream/trunk/ChangeLog	2007-12-27 19:08:31 UTC (rev 1507)
@@ -9,6 +9,8 @@
 	* src/gpasswd.c: New functions: open_files(), close_files(),
 	update_group(). Split out from main() to simplify this (too) big
 	function.
+	* src/gpasswd.c: New function: check_perms(). Split out of main() to
+	simplify main().
 
 2007-12-27  Nicolas François  <nicolas.francois at centraliens.net>
 

Modified: upstream/trunk/src/gpasswd.c
===================================================================
--- upstream/trunk/src/gpasswd.c	2007-12-27 18:52:40 UTC (rev 1506)
+++ upstream/trunk/src/gpasswd.c	2007-12-27 19:08:31 UTC (rev 1507)
@@ -91,8 +91,10 @@
 static void open_files (void);
 static void close_files (void);
 #ifdef SHADOWGRP
+static void check_perms (const struct sgrp *sg);
 static void update_group (struct group *gr, struct sgrp *sg);
 #else
+static void check_perms (const struct group *gr);
 static void update_group (struct group *gr);
 #endif
 
@@ -353,7 +355,78 @@
 	}
 }
 
+/*
+ * check_perms - check if the user is allowed to change the password of
+ *               the specified group.
+ *
+ *	It only returns if the user is allowed.
+ */
 #ifdef SHADOWGRP
+static void check_perms (const struct sgrp *sg)
+#else
+static void check_perms (const struct group *gr)
+#endif
+{
+#ifdef SHADOWGRP
+	/*
+	 * The policy here for changing a group is that 1) you must be root
+	 * or 2). you must be listed as an administrative member. 
+	 * Administrative members can do anything to a group that the root
+	 * user can.
+	 */
+	if (!amroot && !is_on_list (sg->sg_adm, myname)) {
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+		              "modify group", group, -1, 0);
+#endif
+		failure ();
+	}
+#else				/* ! SHADOWGRP */
+
+#ifdef FIRST_MEMBER_IS_ADMIN
+	/*
+	 * The policy here for changing a group is that 1) you must bes root
+	 * or 2) you must be the first listed member of the group. The
+	 * first listed member of a group can do anything to that group that
+	 * the root user can. The rationale for this hack is that the FIRST
+	 * user is probably the most important user in this entire group.
+	 */
+	if (!amroot) {
+		if (gr->gr_mem[0] == (char *) 0) {
+#ifdef WITH_AUDIT
+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			              "modifying group", group, -1, 0);
+#endif
+			failure ();
+		}
+
+		if (strcmp (gr->gr_mem[0], myname) != 0) {
+#ifdef WITH_AUDIT
+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			              "modifying group", myname, -1, 0);
+#endif
+			failure ();
+		}
+	}
+#else
+	/*
+	 * This feature enabled by default could be a security problem when
+	 * installed on existing systems where the first group member might
+	 * be just a normal user.  --marekm
+	 */
+	if (!amroot) {
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+		              "modifying group", group, -1, 0);
+#endif
+		failure ();
+	}
+#endif
+#endif				/* SHADOWGRP */
+}
+
+
+#ifdef SHADOWGRP
 static void update_group (struct group *gr, struct sgrp *sg)
 #else
 static void update_group (struct group *gr)
@@ -546,62 +619,14 @@
 	}
 
 	/*
-	 * The policy here for changing a group is that 1) you must be root
-	 * or 2). you must be listed as an administrative member. 
-	 * Administrative members can do anything to a group that the root
-	 * user can.
+	 * Check if the user is allowed to change the password of this group.
 	 */
-	if (!amroot && !is_on_list (sgent.sg_adm, myname)) {
-#ifdef WITH_AUDIT
-		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "modify group", group,
-			      -1, 0);
-#endif
-		failure ();
-	}
-#else				/* ! SHADOWGRP */
-
-#ifdef FIRST_MEMBER_IS_ADMIN
-	/*
-	 * The policy here for changing a group is that 1) you must bes root
-	 * or 2) you must be the first listed member of the group. The
-	 * first listed member of a group can do anything to that group that
-	 * the root user can. The rationale for this hack is that the FIRST
-	 * user is probably the most important user in this entire group.
-	 */
-	if (!amroot) {
-		if (grent.gr_mem[0] == (char *) 0) {
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-				      "modifying group", group, -1, 0);
-#endif
-			failure ();
-		}
-
-		if (strcmp (grent.gr_mem[0], myname) != 0) {
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-				      "modifying group", myname, -1, 0);
-#endif
-			failure ();
-		}
-	}
+#ifdef SHADOWGRP
+	check_perms (&sgent);
 #else
-	/*
-	 * This feature enabled by default could be a security problem when
-	 * installed on existing systems where the first group member might
-	 * be just a normal user.  --marekm
-	 */
-	if (!amroot) {
-#ifdef WITH_AUDIT
-		audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "modifying group",
-			      group, -1, 0);
+	check_perms (&grent);
 #endif
-		failure ();
-	}
-#endif
 
-#endif				/* SHADOWGRP */
-
 	/*
 	 * Removing a password is straight forward. Just set the password
 	 * field to a "".


