[Pkg-shadow-commits] r1536 - in upstream/trunk: . src

Fri Dec 28 20:46:25 UTC 2007

Author: nekral-guest
Date: 2007-12-28 20:46:24 +0000 (Fri, 28 Dec 2007)
New Revision: 1536

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/groupadd.c
Log:
(main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2007-12-28 20:40:59 UTC (rev 1535)
+++ upstream/trunk/ChangeLog	2007-12-28 20:46:24 UTC (rev 1536)
@@ -10,6 +10,8 @@
 	an explicit call to audit_logger().
 	* src/groupadd.c (main): Before pam_end(), the return value of the
 	previous pam API was already checked. No need to validate it again.
+	* src/groupadd.c (main, check_perms): New function check_perms().
+	Split the validation of the user's permissions out of main()
 
 2007-12-28  Nicolas François  <nicolas.francois at centraliens.net>
 

Modified: upstream/trunk/src/groupadd.c
===================================================================
--- upstream/trunk/src/groupadd.c	2007-12-28 20:40:59 UTC (rev 1535)
+++ upstream/trunk/src/groupadd.c	2007-12-28 20:46:24 UTC (rev 1536)
@@ -91,6 +91,7 @@
 static void fail_exit (int code);
 static gid_t get_gid (const char *gidstr);
 static void process_flags (int argc, char **argv);
+static void check_perms (void);
 
 /*
  * usage - display usage message and exit
@@ -480,48 +481,28 @@
 }
 
 /*
- * main - groupadd command
+ * check_perms - check if the caller is allowed to add a group
+ *
+ *	With PAM support, the setuid bit can be set on groupadd to allow
+ *	non-root users to groups.
+ *	Without PAM support, only users who can write in the group databases
+ *	can add groups.
  */
-int main (int argc, char **argv)
+static void check_perms (void)
 {
 #ifdef USE_PAM
 	pam_handle_t *pamh = NULL;
-	int retval;
-#endif
+	int retval = PAM_SUCCESS;
+	struct passwd *pampw;
 
-#ifdef WITH_AUDIT
-	audit_help_open ();
-#endif
-	/*
-	 * Get my name so that I can use it to report errors.
-	 */
-	Prog = Basename (argv[0]);
+	pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+	if (pampw == NULL) {
+		retval = PAM_USER_UNKNOWN;
+	}
 
-	setlocale (LC_ALL, "");
-	bindtextdomain (PACKAGE, LOCALEDIR);
-	textdomain (PACKAGE);
-
-	OPENLOG ("groupadd");
-
-	/*
-	 * Parse the command line options.
-	 */
-	process_flags (argc, argv);
-
-#ifdef USE_PAM
-	retval = PAM_SUCCESS;
-
-	{
-		struct passwd *pampw;
-		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-		if (pampw == NULL) {
-			retval = PAM_USER_UNKNOWN;
-		}
-
-		if (retval == PAM_SUCCESS) {
-			retval = pam_start ("groupadd", pampw->pw_name,
-			                    &conv, &pamh);
-		}
+	if (retval == PAM_SUCCESS) {
+		retval = pam_start ("groupadd", pampw->pw_name,
+		                    &conv, &pamh);
 	}
 
 	if (retval == PAM_SUCCESS) {
@@ -543,7 +524,34 @@
 		exit (1);
 	}
 #endif				/* USE_PAM */
+}
 
+/*
+ * main - groupadd command
+ */
+int main (int argc, char **argv)
+{
+#ifdef WITH_AUDIT
+	audit_help_open ();
+#endif
+	/*
+	 * Get my name so that I can use it to report errors.
+	 */
+	Prog = Basename (argv[0]);
+
+	setlocale (LC_ALL, "");
+	bindtextdomain (PACKAGE, LOCALEDIR);
+	textdomain (PACKAGE);
+
+	OPENLOG ("groupadd");
+
+	/*
+	 * Parse the command line options.
+	 */
+	process_flags (argc, argv);
+
+	check_perms ();
+
 #ifdef SHADOWGRP
 	is_shadow_grp = sgr_file_present ();
 #endif


