[Pkg-shadow-commits] r2325 - in upstream/trunk: . man src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sun Aug 31 17:29:34 UTC 2008 

Author: nekral-guest
Date: 2008-08-31 17:29:34 +0000 (Sun, 31 Aug 2008)
New Revision: 2325

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/man/groupmems.8.xml
   upstream/trunk/src/groupmems.c
Log:
	* NEWS, src/groupmems.c, man/groupmems.8.xml: Added support for
	shadow groups.
	* src/groupmems.c: Use fail_exit() instead of exit().

Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2008-08-31 17:29:24 UTC (rev 2324)
+++ upstream/trunk/ChangeLog	2008-08-31 17:29:34 UTC (rev 2325)
@@ -1,5 +1,11 @@
 2008-08-29  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, src/groupmems.c, man/groupmems.8.xml: Added support for
+	shadow groups.
+	* src/groupmems.c: Use fail_exit() instead of exit().
+
+2008-08-29  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* src/groupmems.c: The grp structure returned by gr_locate is a
 	const. Duplicate this structure before working on it.
 	* src/groupmems.c: Do not fail and do not display warnings if a

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2008-08-31 17:29:24 UTC (rev 2324)
+++ upstream/trunk/NEWS	2008-08-31 17:29:34 UTC (rev 2325)
@@ -20,6 +20,7 @@
   * Added syslog support.
   * Use the groupmems PAM service name instead of groupmod.
   * Fix segmentation faults when adding or removing users from a group.
+  * Added support for shadow groups.
 - newusers
   * Implement the -r, --system option.
 - passwd

Modified: upstream/trunk/man/groupmems.8.xml
===================================================================
--- upstream/trunk/man/groupmems.8.xml	2008-08-31 17:29:24 UTC (rev 2324)
+++ upstream/trunk/man/groupmems.8.xml	2008-08-31 17:29:34 UTC (rev 2325)
@@ -53,12 +53,27 @@
 	<term><option>-a</option> <replaceable>user_name</replaceable></term>
 	<listitem>
 	  <para>Add a new user to the group membership list.</para>
+	  <para condition="gshadow">
+	    If the <filename>/etc/gshadow</filename> file exist, and the
+	    group has no entry in the <filename>/etc/gshadow</filename>
+	    file, a new entry will be created.
+	  </para>
 	</listitem>
       </varlistentry>
       <varlistentry>
 	<term><option>-d</option> <replaceable>user_name</replaceable></term>
 	<listitem>
 	  <para>Delete a user from the group membership list.</para>
+	  <para condition="gshadow">
+	    If the <filename>/etc/gshadow</filename> file exist, the user
+	    will be removed from the list of members and administrators of
+	    the group.
+	  </para>
+	  <para condition="gshadow">
+	    If the <filename>/etc/gshadow</filename> file exist, and the
+	    group has no entry in the <filename>/etc/gshadow</filename>
+	    file, a new entry will be created.
+	  </para>
 	</listitem>
       </varlistentry>
       <varlistentry>
@@ -79,6 +94,11 @@
 	<term><option>-p</option></term>
 	<listitem>
 	  <para>Purge all users from the group membership list.</para>
+	  <para condition="gshadow">
+	    If the <filename>/etc/gshadow</filename> file exist, and the
+	    group has no entry in the <filename>/etc/gshadow</filename>
+	    file, a new entry will be created.
+	  </para>
 	</listitem>
       </varlistentry>
     </variablelist>

Modified: upstream/trunk/src/groupmems.c
===================================================================
--- upstream/trunk/src/groupmems.c	2008-08-31 17:29:24 UTC (rev 2324)
+++ upstream/trunk/src/groupmems.c	2008-08-31 17:29:34 UTC (rev 2325)
@@ -44,6 +44,9 @@
 #include "defines.h"
 #include "prototypes.h"
 #include "groupio.h"
+#ifdef SHADOWGRP
+#include "sgroupio.h"
+#endif
 
 /* Exit Status Values */
 
@@ -69,6 +72,12 @@
 static int exclusive = 0;
 static char *Prog;
 static bool gr_locked = false;
+#ifdef SHADOWGRP
+/* Indicate if shadow groups are enabled on the system
+ * (/etc/gshadow present) */
+static bool is_shadowgrp;
+static bool sgr_locked = false;
+#endif
 
 /* local function prototypes */
 static char *whoami (void);
@@ -121,11 +130,60 @@
 		fprintf (stderr,
 		         _("%s: Out of memory. Cannot update %s.\n"),
 		         Prog, gr_dbname ());
-		exit (13);
+		fail_exit (13);
 	}
 
 	/* Add the user to the /etc/group group */
 	newgrp->gr_mem = add_list (newgrp->gr_mem, user);
+
+#ifdef SHADOWGRP
+	if (is_shadowgrp) {
+		const struct sgrp *sg = sgr_locate (newgrp->gr_name);
+		struct sgrp *newsg;
+
+		if (NULL == sg) {
+			/* Create a shadow group based on this group */
+			static struct sgrp sgrent;
+			sgrent.sg_name = xstrdup (newgrp->gr_name);
+			sgrent.sg_mem = dup_list (newgrp->gr_mem);
+			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+#ifdef FIRST_MEMBER_IS_ADMIN
+			if (sgrent.sg_mem[0]) {
+				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
+				sgrent.sg_adm[1] = NULL;
+			} else
+#endif
+			{
+				sgrent.sg_adm[0] = NULL;
+			}
+
+			/* Move any password to gshadow */
+			sgrent.sg_passwd = newgrp->gr_passwd;
+			newgrp->gr_passwd = SHADOW_PASSWD_STRING;
+
+			newsg = &sgrent;
+		} else {
+			newsg = __sgr_dup (sg);
+			if (NULL == newsg) {
+				fprintf (stderr,
+				         _("%s: Out of memory. Cannot update %s.\n"),
+				         Prog, sgr_dbname ());
+				fail_exit (13);
+			}
+			/* Add the user to the members */
+			newsg->sg_mem = add_list (newsg->sg_mem, user);
+			/* Do not touch the administrators */
+		}
+
+		if (sgr_update (newsg) == 0) {
+			fprintf (stderr,
+			         _("%s: failed to prepare the new %s entry '%s'\n"),
+			         Prog, sgr_dbname (), newsg->sg_name);
+			fail_exit (13);
+		}
+	}
+#endif
+
 	if (gr_update (newgrp) == 0) {
 		fprintf (stderr,
 		         _("%s: failed to prepare the new %s entry '%s'\n"),
@@ -155,11 +213,61 @@
 		fprintf (stderr,
 		         _("%s: Out of memory. Cannot update %s.\n"),
 		         Prog, gr_dbname ());
-		exit (13);
+		fail_exit (13);
 	}
 
 	/* Remove the user from the /etc/group group */
 	newgrp->gr_mem = del_list (newgrp->gr_mem, user);
+
+#ifdef SHADOWGRP
+	if (is_shadowgrp) {
+		const struct sgrp *sg = sgr_locate (newgrp->gr_name);
+		struct sgrp *newsg;
+
+		if (NULL == sg) {
+			/* Create a shadow group based on this group */
+			static struct sgrp sgrent;
+			sgrent.sg_name = xstrdup (newgrp->gr_name);
+			sgrent.sg_mem = dup_list (newgrp->gr_mem);
+			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+#ifdef FIRST_MEMBER_IS_ADMIN
+			if (sgrent.sg_mem[0]) {
+				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
+				sgrent.sg_adm[1] = NULL;
+			} else
+#endif
+			{
+				sgrent.sg_adm[0] = NULL;
+			}
+
+			/* Move any password to gshadow */
+			sgrent.sg_passwd = newgrp->gr_passwd;
+			newgrp->gr_passwd = SHADOW_PASSWD_STRING;
+
+			newsg = &sgrent;
+		} else {
+			newsg = __sgr_dup (sg);
+			if (NULL == newsg) {
+				fprintf (stderr,
+				         _("%s: Out of memory. Cannot update %s.\n"),
+				         Prog, sgr_dbname ());
+				fail_exit (13);
+			}
+			/* Remove the user from the members */
+			newsg->sg_mem = del_list (newsg->sg_mem, user);
+			/* Remove the user from the administrators */
+			newsg->sg_adm = del_list (newsg->sg_adm, user);
+		}
+
+		if (sgr_update (newsg) == 0) {
+			fprintf (stderr,
+			         _("%s: failed to prepare the new %s entry '%s'\n"),
+			         Prog, sgr_dbname (), newsg->sg_name);
+			fail_exit (13);
+		}
+	}
+#endif
+
 	if (gr_update (newgrp) == 0) {
 		fprintf (stderr,
 		         _("%s: failed to prepare the new %s entry '%s'\n"),
@@ -179,11 +287,56 @@
 		fprintf (stderr,
 		         _("%s: Out of memory. Cannot update %s.\n"),
 		         Prog, gr_dbname ());
-		exit (13);
+		fail_exit (13);
 	}
 
 	/* Remove all the members of the /etc/group group */
 	newgrp->gr_mem[0] = NULL;
+
+#ifdef SHADOWGRP
+	if (is_shadowgrp) {
+		const struct sgrp *sg = sgr_locate (newgrp->gr_name);
+		struct sgrp *newsg;
+
+		if (NULL == sg) {
+			/* Create a shadow group based on this group */
+			static struct sgrp sgrent;
+			sgrent.sg_name = xstrdup (newgrp->gr_name);
+			sgrent.sg_mem = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_mem[0] = NULL;
+			sgrent.sg_adm = (char **) xmalloc (sizeof (char *));
+			sgrent.sg_adm[0] = NULL;
+
+			/* Move any password to gshadow */
+			sgrent.sg_passwd = newgrp->gr_passwd;
+			newgrp->gr_passwd = xstrdup(SHADOW_PASSWD_STRING);
+
+			newsg = &sgrent;
+		} else {
+			newsg = __sgr_dup (sg);
+			if (NULL == newsg) {
+				fprintf (stderr,
+				         _("%s: Out of memory. Cannot update %s.\n"),
+				         Prog, sgr_dbname ());
+				fail_exit (13);
+			}
+			/* Remove all the members of the /etc/gshadow
+			 * group */
+			newsg->sg_mem[0] = NULL;
+			/* Remove all the administrators of the
+			 * /etc/gshadow group */
+			newsg->sg_adm[0] = NULL;
+		}
+
+		if (sgr_update (newsg) == 0) {
+			fprintf (stderr,
+			         _("%s: failed to prepare the new %s entry '%s'\n"),
+			         Prog, sgr_dbname (), newsg->sg_name);
+			fail_exit (13);
+		}
+	}
+#endif
+
 	if (gr_update (newgrp) == 0) {
 		fprintf (stderr,
 		         _("%s: failed to prepare the new %s entry '%s'\n"),

More information about the Pkg-shadow-commits mailing list