[Pkg-shadow-commits] r1545 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Fri Dec 28 22:54:35 UTC 2007
Author: nekral-guest
Date: 2007-12-28 22:54:35 +0000 (Fri, 28 Dec 2007)
New Revision: 1545
Modified:
upstream/trunk/ChangeLog
upstream/trunk/src/chgpasswd.c
Log:
Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
check_perms(), open_files(), and close_files().
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-12-28 22:34:14 UTC (rev 1544)
+++ upstream/trunk/ChangeLog 2007-12-28 22:54:35 UTC (rev 1545)
@@ -1,5 +1,11 @@
2007-12-28 Nicolas François <nicolas.francois at centraliens.net>
+ Same changes for chgpasswd:
+ * src/chpasswd.c: main() split in process_flags(), check_flags(),
+ check_perms(), open_files(), and close_files().
+
+2007-12-28 Nicolas François <nicolas.francois at centraliens.net>
+
* src/chpasswd.c: Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
* src/chpasswd.c: New functions: process_flags(), check_flags(),
Modified: upstream/trunk/src/chgpasswd.c
===================================================================
--- upstream/trunk/src/chgpasswd.c 2007-12-28 22:34:14 UTC (rev 1544)
+++ upstream/trunk/src/chgpasswd.c 2007-12-28 22:54:35 UTC (rev 1545)
@@ -64,6 +64,11 @@
/* local function prototypes */
static void usage (void);
+static void process_flags (int argc, char **argv);
+static void check_flags (void);
+static void check_perms (void);
+static void open_files (void);
+static void close_files (void);
/*
* usage - display usage message and exit
@@ -92,100 +97,85 @@
exit (1);
}
-int main (int argc, char **argv)
+/*
+ * process_flags - parse the command line options
+ *
+ * It will not return if an error is encountered.
+ */
+static void process_flags (int argc, char **argv)
{
- char buf[BUFSIZ];
- char *name;
- char *newpwd;
- char *cp;
-
-#ifdef SHADOWGRP
- const struct sgrp *sg;
- struct sgrp newsg;
-#endif
-
- const struct group *gr;
- struct group newgr;
- int errors = 0;
- int line = 0;
- int ok;
-
-#ifdef USE_PAM
- pam_handle_t *pamh = NULL;
- int retval;
-#endif
-
- Prog = Basename (argv[0]);
-
- setlocale (LC_ALL, "");
- bindtextdomain (PACKAGE, LOCALEDIR);
- textdomain (PACKAGE);
-
- {
- int option_index = 0;
- int c;
- static struct option long_options[] = {
- {"crypt-method", required_argument, NULL, 'c'},
- {"encrypted", no_argument, NULL, 'e'},
- {"help", no_argument, NULL, 'h'},
- {"md5", no_argument, NULL, 'm'},
+ int option_index = 0;
+ int c;
+ static struct option long_options[] = {
+ {"crypt-method", required_argument, NULL, 'c'},
+ {"encrypted", no_argument, NULL, 'e'},
+ {"help", no_argument, NULL, 'h'},
+ {"md5", no_argument, NULL, 'm'},
#ifdef USE_SHA_CRYPT
- {"sha-rounds", required_argument, NULL, 's'},
+ {"sha-rounds", required_argument, NULL, 's'},
#endif
- {NULL, 0, NULL, '\0'}
- };
+ {NULL, 0, NULL, '\0'}
+ };
- while ((c =
- getopt_long (argc, argv,
+ while ((c = getopt_long (argc, argv,
#ifdef USE_SHA_CRYPT
- "c:ehms:",
+ "c:ehms:",
#else
- "c:ehm",
+ "c:ehm",
#endif
- long_options,
- &option_index)) != -1) {
- switch (c) {
- case 'c':
- cflg = 1;
- crypt_method = optarg;
- break;
- case 'e':
- eflg = 1;
- break;
- case 'h':
- usage ();
- break;
- case 'm':
- md5flg = 1;
- break;
+ long_options, &option_index)) != -1) {
+ switch (c) {
+ case 'c':
+ cflg = 1;
+ crypt_method = optarg;
+ break;
+ case 'e':
+ eflg = 1;
+ break;
+ case 'h':
+ usage ();
+ break;
+ case 'm':
+ md5flg = 1;
+ break;
#ifdef USE_SHA_CRYPT
- case 's':
- sflg = 1;
- if (!getlong(optarg, &sha_rounds)) {
- fprintf (stderr,
- _("%s: invalid numeric argument '%s'\n"),
- Prog, optarg);
- usage ();
- }
- break;
-#endif
- case 0:
- /* long option */
- break;
- default:
+ case 's':
+ sflg = 1;
+ if (!getlong(optarg, &sha_rounds)) {
+ fprintf (stderr,
+ _("%s: invalid numeric argument '%s'\n"),
+ Prog, optarg);
usage ();
- break;
}
+ break;
+#endif
+ case 0:
+ /* long option */
+ break;
+ default:
+ usage ();
+ break;
}
}
/* validate options */
+ check_flags ();
+}
+
+/*
+ * check_flags - check flags and parameters consistency
+ *
+ * It will not return if an error is encountered.
+ */
+static void check_flags (void)
+{
if (sflg && !cflg) {
fprintf (stderr,
_("%s: %s flag is ONLY allowed with the %s flag\n"),
Prog, "-s", "-c");
usage ();
}
+
if ((eflg && (md5flg || cflg)) ||
(md5flg && cflg)) {
fprintf (stderr,
@@ -193,6 +183,7 @@
Prog);
usage ();
}
+
if (cflg) {
if ( 0 != strcmp (crypt_method, "DES")
&& 0 != strcmp (crypt_method, "MD5")
@@ -208,21 +199,32 @@
usage ();
}
}
+}
+/*
+ * check_perms - check if the caller is allowed to add a group
+ *
+ * With PAM support, the setuid bit can be set on groupadd to allow
+ * non-root users to groups.
+ * Without PAM support, only users who can write in the group databases
+ * can add groups.
+ *
+ * It will not return if the user is not allowed.
+ */
+static void check_perms (void)
+{
#ifdef USE_PAM
- retval = PAM_SUCCESS;
+ pam_handle_t *pamh = NULL;
+ int retval = PAM_SUCCESS;
- {
- struct passwd *pampw;
- pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
- if (pampw == NULL) {
- retval = PAM_USER_UNKNOWN;
- }
+ struct passwd *pampw;
+ pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+ if (pampw == NULL) {
+ retval = PAM_USER_UNKNOWN;
+ }
- if (retval == PAM_SUCCESS) {
- retval = pam_start ("chgpasswd", pampw->pw_name,
- &conv, &pamh);
- }
+ if (retval == PAM_SUCCESS) {
+ retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh);
}
if (retval == PAM_SUCCESS) {
@@ -244,10 +246,16 @@
exit (1);
}
#endif /* USE_PAM */
+}
+/*
+ * open_files - lock and open the group databases
+ */
+static void open_files (void)
+{
/*
- * Lock the group file and open it for reading. This will bring
- * all of the entries into memory where they may be updated.
+ * Lock the group file and open it for reading and writing. This will
+ * bring all of the entries into memory where they may be updated.
*/
if (!gr_lock ()) {
fprintf (stderr, _("%s: can't lock group file\n"), Prog);
@@ -258,8 +266,9 @@
gr_unlock ();
exit (1);
}
+
#ifdef SHADOWGRP
- is_shadow_grp = sgr_file_present ();
+ /* Do the same for the shadowed database, if it exist */
if (is_shadow_grp) {
if (!sgr_lock ()) {
fprintf (stderr, _("%s: can't lock gshadow file\n"),
@@ -276,7 +285,64 @@
}
}
#endif
+}
+/*
+ * close_files - close and unlock the group databases
+ */
+static void close_files (void)
+{
+#ifdef SHADOWGRP
+ if (is_shadow_grp) {
+ if (!sgr_close ()) {
+ fprintf (stderr,
+ _("%s: error updating shadow file\n"), Prog);
+ gr_unlock ();
+ exit (1);
+ }
+ sgr_unlock ();
+ }
+#endif
+
+ if (!gr_close ()) {
+ fprintf (stderr, _("%s: error updating password file\n"), Prog);
+ exit (1);
+ }
+ gr_unlock ();
+}
+
+int main (int argc, char **argv)
+{
+ char buf[BUFSIZ];
+ char *name;
+ char *newpwd;
+ char *cp;
+
+#ifdef SHADOWGRP
+ const struct sgrp *sg;
+ struct sgrp newsg;
+#endif
+
+ const struct group *gr;
+ struct group newgr;
+ int errors = 0;
+ int line = 0;
+ int ok;
+
+ Prog = Basename (argv[0]);
+
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
+ process_flags(argc, argv);
+
+ check_perms ();
+
+ is_shadow_grp = sgr_file_present ();
+
+ open_files ();
+
/*
* Read each line, separating the group name from the password. The
* password entry for each group will be looked up in the appropriate
@@ -402,29 +468,13 @@
gr_unlock ();
exit (1);
}
-#ifdef SHADOWGRP
- if (is_shadow_grp) {
- if (!sgr_close ()) {
- fprintf (stderr,
- _("%s: error updating shadow file\n"), Prog);
- gr_unlock ();
- exit (1);
- }
- sgr_unlock ();
- }
-#endif
- if (!gr_close ()) {
- fprintf (stderr, _("%s: error updating password file\n"), Prog);
- exit (1);
- }
+ close_files ();
+
nscd_flush_cache ("group");
- gr_unlock ();
-
#ifdef USE_PAM
- if (retval == PAM_SUCCESS)
- pam_end (pamh, PAM_SUCCESS);
+ pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return (0);
More information about the Pkg-shadow-commits
mailing list