[Pkg-shadow-commits] r3395 - in upstream/trunk: . src
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Thu Jul 14 13:30:05 UTC 2011
Author: nekral-guest
Date: 2011-07-14 13:30:05 +0000 (Thu, 14 Jul 2011)
New Revision: 3395
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/groupmod.c
Log:
* NEWS, src/groupmod.c: When the gshadow file exists but there are
no gshadow entries, an entry is created if the password is changed
and group requires a shadow entry.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2011-07-14 13:29:59 UTC (rev 3394)
+++ upstream/trunk/ChangeLog 2011-07-14 13:30:05 UTC (rev 3395)
@@ -1,5 +1,11 @@
2011-07-14 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, src/groupmod.c: When the gshadow file exists but there are
+ no gshadow entries, an entry is created if the password is changed
+ and group requires a shadow entry.
+
+2011-07-14 Nicolas François <nicolas.francois at centraliens.net>
+
* src/usermod.c: Fix typo in comment.
* src/usermod.c (move_home): It is always an error to use -m if
the new home directory already exist (independently from the
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2011-07-14 13:29:59 UTC (rev 3394)
+++ upstream/trunk/NEWS 2011-07-14 13:30:05 UTC (rev 3395)
@@ -25,6 +25,9 @@
specified.
- groupmod
* Fixed groupmod when configured with --enable-account-tools-setuid.
+ * When the gshadow file exists but there are no gshadow entries, an entry
+ is created if the password is changed and group requires a
+ shadow entry.
-login
* Fixed limits support (non PAM enabled versions only)
* Added support for infinite limits and group based limits (non PAM
Modified: upstream/trunk/src/groupmod.c
===================================================================
--- upstream/trunk/src/groupmod.c 2011-07-14 13:29:59 UTC (rev 3394)
+++ upstream/trunk/src/groupmod.c 2011-07-14 13:30:05 UTC (rev 3395)
@@ -2,7 +2,7 @@
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
* Copyright (c) 2000 - 2006, Tomasz Kłoczko
- * Copyright (c) 2007 - 2009, Nicolas François
+ * Copyright (c) 2007 - 2011, Nicolas François
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -147,7 +147,17 @@
grent->gr_gid = group_newid;
}
- if (pflg) {
+ if ( pflg
+#ifdef SHADOWGRP
+ && ( (!is_shadow_grp)
+ || (strcmp (grent->gr_passwd, SHADOW_PASSWD_STRING) != 0))
+#endif
+ ) {
+ /* Update the password in group if there is no gshadow
+ * file or if the password is currently in group
+ * (gr_passwd != "x"). We do not force the usage of
+ * shadow passwords if it was not the case before.
+ */
grent->gr_passwd = group_passwd;
}
}
@@ -165,6 +175,13 @@
sgent->sg_name = xstrdup (group_newname);
}
+ /* Always update the shadowed password if there is a shadow entry
+ * (even if shadowed passwords might not be enabled for this group
+ * (gr_passwd != "x")).
+ * It seems better to update the password in both places in case a
+ * shadow and a non shadow entry exist.
+ * This might occur only if there were already both entries.
+ */
if (pflg) {
sgent->sg_passwd = group_passwd;
}
@@ -205,9 +222,21 @@
if (NULL != osgrp) {
sgrp = *osgrp;
new_sgent (&sgrp);
- if (pflg) {
- grp.gr_passwd = SHADOW_PASSWD_STRING;
- }
+ } else if ( pflg
+ && (strcmp (grp.gr_passwd, SHADOW_PASSWD_STRING) == 0)) {
+ static char *empty = NULL;
+ /* If there is a gshadow file with no entries for
+ * the group, but the group file indicates a
+ * shadowed password, we force the creation of a
+ * gshadow entry when a new password is requested.
+ */
+ memset (&sgrp, 0, sizeof sgrp);
+ sgrp.sg_name = xstrdup (grp.gr_name);
+ sgrp.sg_passwd = xstrdup (grp.gr_passwd);
+ sgrp.sg_adm = ∅
+ sgrp.sg_mem = dup_list (grp.gr_mem);
+ new_sgent (&sgrp);
+ osgrp = &sgrp; /* entry needs to be committed */
}
}
#endif /* SHADOWGRP */
More information about the Pkg-shadow-commits
mailing list