[Pkg-shadow-commits] r1539 - in upstream/trunk: . src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Fri Dec 28 22:05:52 UTC 2007 

Author: nekral-guest
Date: 2007-12-28 22:05:51 +0000 (Fri, 28 Dec 2007)
New Revision: 1539

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/chpasswd.c
Log:
New functions: process_flags(), check_flags(),
check_perms(). Split out of main().


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2007-12-28 21:29:06 UTC (rev 1538)
+++ upstream/trunk/ChangeLog	2007-12-28 22:05:51 UTC (rev 1539)
@@ -2,6 +2,8 @@
 
 	* src/chpasswd.c: Before pam_end(), the return value of the previous
 	pam API was already checked. No need to validate it again.
+	* src/chpasswd.c: New functions: process_flags(), check_flags(),
+	check_perms(). Split out of main().
 
 2007-12-28  Nicolas François  <nicolas.francois at centraliens.net>
 

Modified: upstream/trunk/src/chpasswd.c
===================================================================
--- upstream/trunk/src/chpasswd.c	2007-12-28 21:29:06 UTC (rev 1538)
+++ upstream/trunk/src/chpasswd.c	2007-12-28 22:05:51 UTC (rev 1539)
@@ -61,6 +61,9 @@
 
 /* local function prototypes */
 static void usage (void);
+static void process_flags (int argc, char **argv);
+static void check_flags (void);
+static void check_perms (void);
 
 /*
  * usage - display usage message and exit
@@ -89,113 +92,100 @@
 	exit (E_USAGE);
 }
 
-int main (int argc, char **argv)
+/*
+ * process_flags - parse the command line options
+ *
+ *	It will not return if an error is encountered.
+ */
+static void process_flags (int argc, char **argv)
 {
-	char buf[BUFSIZ];
-	char *name;
-	char *newpwd;
-	char *cp;
-
-	const struct spwd *sp;
-	struct spwd newsp;
-
-	const struct passwd *pw;
-	struct passwd newpw;
-	int errors = 0;
-	int line = 0;
-	long now = time ((long *) 0) / (24L * 3600L);
-	int ok;
-
-#ifdef USE_PAM
-	pam_handle_t *pamh = NULL;
-	int retval;
-#endif
-
-	Prog = Basename (argv[0]);
-
-	setlocale (LC_ALL, "");
-	bindtextdomain (PACKAGE, LOCALEDIR);
-	textdomain (PACKAGE);
-
-	{
-		int option_index = 0;
-		int c;
-		static struct option long_options[] = {
-			{"crypt-method", required_argument, NULL, 'c'},
-			{"encrypted", no_argument, NULL, 'e'},
-			{"help", no_argument, NULL, 'h'},
-			{"md5", no_argument, NULL, 'm'},
+	int option_index = 0;
+	int c;
+	static struct option long_options[] = {
+		{"crypt-method", required_argument, NULL, 'c'},
+		{"encrypted", no_argument, NULL, 'e'},
+		{"help", no_argument, NULL, 'h'},
+		{"md5", no_argument, NULL, 'm'},
 #ifdef USE_SHA_CRYPT
-			{"sha-rounds", required_argument, NULL, 's'},
+		{"sha-rounds", required_argument, NULL, 's'},
 #endif
-			{NULL, 0, NULL, '\0'}
-		};
+		{NULL, 0, NULL, '\0'}
+	};
 
-		while ((c =
-			getopt_long (argc, argv,
+	while ((c = getopt_long (argc, argv,
 #ifdef USE_SHA_CRYPT
-			             "c:ehms:",
+	                         "c:ehms:",
 #else
-			             "c:ehm",
+	                         "c:ehm",
 #endif
-			             long_options,
-				     &option_index)) != -1) {
-			switch (c) {
-			case 'c':
-				cflg = 1;
-				crypt_method = optarg;
-				break;
-			case 'e':
-				eflg = 1;
-				break;
-			case 'h':
-				usage ();
-				break;
-			case 'm':
-				md5flg = 1;
-				break;
+	                         long_options, &option_index)) != -1) {
+		switch (c) {
+		case 'c':
+			cflg = 1;
+			crypt_method = optarg;
+			break;
+		case 'e':
+			eflg = 1;
+			break;
+		case 'h':
+			usage ();
+			break;
+		case 'm':
+			md5flg = 1;
+			break;
 #ifdef USE_SHA_CRYPT
-			case 's':
-				sflg = 1;
-				if (!getlong(optarg, &sha_rounds)) {
-					fprintf (stderr,
-					         _("%s: invalid numeric argument '%s'\n"),
-					         Prog, optarg);
-					usage ();
-				}
-				break;
-#endif
-			case 0:
-				/* long option */
-				break;
-			default:
+		case 's':
+			sflg = 1;
+			if (!getlong(optarg, &sha_rounds)) {
+				fprintf (stderr,
+				         _("%s: invalid numeric argument '%s'\n"),
+				         Prog, optarg);
 				usage ();
-				break;
 			}
+			break;
+#endif
+		case 0:
+			/* long option */
+			break;
+		default:
+			usage ();
+			break;
 		}
 	}
 
 	/* validate options */
+	check_flags ();
+}
+
+/*
+ * check_flags - check flags and parameters consistency
+ *
+ *	It will not return if an error is encountered.
+ */
+static void check_flags ()
+{
 	if (sflg && !cflg) {
 		fprintf (stderr,
-			 _("%s: %s flag is ONLY allowed with the %s flag\n"),
-			 Prog, "-s", "-c");
+		         _("%s: %s flag is ONLY allowed with the %s flag\n"),
+		         Prog, "-s", "-c");
 		usage ();
 	}
+
 	if ((eflg && (md5flg || cflg)) ||
 	    (md5flg && cflg)) {
 		fprintf (stderr,
-			 _("%s: the -c, -e, and -m flags are exclusive\n"),
-			 Prog);
+		         _("%s: the -c, -e, and -m flags are exclusive\n"),
+		         Prog);
 		usage ();
 	}
+
 	if (cflg) {
-		if (   0 != strcmp (crypt_method, "DES")
-		    && 0 != strcmp (crypt_method, "MD5")
-		    && 0 != strcmp (crypt_method, "NONE")
+		if (   (0 != strcmp (crypt_method, "DES"))
+		    && (0 != strcmp (crypt_method, "MD5"))
+		    && (0 != strcmp (crypt_method, "NONE"))
 #ifdef USE_SHA_CRYPT
-		    && 0 != strcmp (crypt_method, "SHA256")
-		    && 0 != strcmp (crypt_method, "SHA512")
+		    && (0 != strcmp (crypt_method, "SHA256"))
+		    && (0 != strcmp (crypt_method, "SHA512"))
 #endif
 		    ) {
 			fprintf (stderr,
@@ -204,21 +194,32 @@
 			usage ();
 		}
 	}
+}
 
+/*
+ * check_perms - check if the caller is allowed to add a group
+ *
+ *	With PAM support, the setuid bit can be set on groupadd to allow
+ *	non-root users to groups.
+ *	Without PAM support, only users who can write in the group databases
+ *	can add groups.
+ *
+ *	It will not return if the user is not allowed.
+ */
+static void check_perms (void)
+{
 #ifdef USE_PAM
-	retval = PAM_SUCCESS;
+	pam_handle_t *pamh = NULL;
+	int retval = PAM_SUCCESS;
 
-	{
-		struct passwd *pampw;
-		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-		if (pampw == NULL) {
-			retval = PAM_USER_UNKNOWN;
-		}
+	struct passwd *pampw;
+	pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+	if (pampw == NULL) {
+		retval = PAM_USER_UNKNOWN;
+	}
 
-		if (retval == PAM_SUCCESS) {
-			retval = pam_start ("chpasswd", pampw->pw_name,
-					    &conv, &pamh);
-		}
+	if (retval == PAM_SUCCESS) {
+		retval = pam_start ("chpasswd", pampw->pw_name, &conv, &pamh);
 	}
 
 	if (retval == PAM_SUCCESS) {
@@ -240,7 +241,35 @@
 		exit (1);
 	}
 #endif				/* USE_PAM */
+}
 
+int main (int argc, char **argv)
+{
+	char buf[BUFSIZ];
+	char *name;
+	char *newpwd;
+	char *cp;
+
+	const struct spwd *sp;
+	struct spwd newsp;
+
+	const struct passwd *pw;
+	struct passwd newpw;
+	int errors = 0;
+	int line = 0;
+	long now = time ((long *) 0) / (24L * 3600L);
+	int ok;
+
+	Prog = Basename (argv[0]);
+
+	setlocale (LC_ALL, "");
+	bindtextdomain (PACKAGE, LOCALEDIR);
+	textdomain (PACKAGE);
+
+	process_flags (argc, argv);
+
+	check_perms ();
+
 	/*
 	 * Lock the password file and open it for reading. This will bring
 	 * all of the entries into memory where they may be updated.

More information about the Pkg-shadow-commits mailing list