[Pkg-shadow-commits] r3334 - in upstream/trunk: . src

Nicolas FRANÇOIS nekral-guest at alioth.debian.org
Sun Jun 5 12:24:02 UTC 2011 

Author: nekral-guest
Date: 2011-06-05 12:23:59 +0000 (Sun, 05 Jun 2011)
New Revision: 3334

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/src/userdel.c
Log:
	* NEWS, src/userdel.c: Do not remove a group with the same name as
	the user (usergroup) if this group isn't the user's primary group.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2011-06-04 22:38:57 UTC (rev 3333)
+++ upstream/trunk/ChangeLog	2011-06-05 12:23:59 UTC (rev 3334)
@@ -1,3 +1,8 @@
+2011-06-05  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* NEWS, src/userdel.c: Do not remove a group with the same name as
+	the user (usergroup) if this group isn't the user's primary group.
+
 2011-06-04  Nicolas François  <nicolas.francois at centraliens.net>
 
 	* NEWS, src/userdel.c: Check the existence of the user's mail

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2011-06-04 22:38:57 UTC (rev 3333)
+++ upstream/trunk/NEWS	2011-06-05 12:23:59 UTC (rev 3334)
@@ -47,6 +47,8 @@
 - userdel
   * Check the existence of the user's mail spool before trying to remove
     it. If it does not exist, a warning is issued, but no failure.
+  * Do not remove a group with the same name as the user (usergroup) if
+    this group isn't the user's primary group.
 - usermod
   * Accept options in any order (username not necessarily at the end)
 

Modified: upstream/trunk/src/userdel.c
===================================================================
--- upstream/trunk/src/userdel.c	2011-06-04 22:38:57 UTC (rev 3333)
+++ upstream/trunk/src/userdel.c	2011-06-05 12:23:59 UTC (rev 3334)
@@ -82,6 +82,7 @@
 
 static char *user_name;
 static uid_t user_id;
+static gid_t user_gid;
 static char *user_home;
 
 static bool fflg = false;
@@ -100,6 +101,7 @@
 /* local function prototypes */
 static void usage (int status);
 static void update_groups (void);
+static void remove_usergroup (void);
 static void close_files (void);
 static void fail_exit (int);
 static void open_files (void);
@@ -145,10 +147,8 @@
 {
 	const struct group *grp;
 	struct group *ngrp;
-	struct passwd *pwd;
 
 #ifdef	SHADOWGRP
-	bool deleted_user_group = false;
 	const struct sgrp *sgrp;
 	struct sgrp *nsgrp;
 #endif				/* SHADOWGRP */
@@ -199,69 +199,10 @@
 			 user_name, ngrp->gr_name));
 	}
 
-	/*
-	 * we've removed their name from all the groups above, so
-	 * now if they have a group with the same name as their
-	 * user name, with no members, we delete it.
-	 * FIXME: below, the check for grp->gr_mem[0] is not sufficient.
-	 *        We should retrieve the group with gr_locate and check
-	 *        that gr_mem is empty.
-	 */
-	grp = xgetgrnam (user_name);
-	if (   (NULL != grp)
-	    && getdef_bool ("USERGROUPS_ENAB")
-	    && (   (NULL == grp->gr_mem[0])
-	        || (   (NULL == grp->gr_mem[1])
-	            && (strcmp (grp->gr_mem[0], user_name) == 0)))) {
+	if (getdef_bool ("USERGROUPS_ENAB")) {
+		remove_usergroup ();
+	}
 
-		pwd = NULL;
-		if (!fflg) {
-			/*
-			 * Scan the passwd file to check if this group is still
-			 * used as a primary group.
-			 */
-			setpwent ();
-			while ((pwd = getpwent ()) != NULL) {
-				if (strcmp (pwd->pw_name, user_name) == 0) {
-					continue;
-				}
-				if (pwd->pw_gid == grp->gr_gid) {
-					fprintf (stderr,
-					         _("%s: group %s is the primary group of another user and is not removed.\n"),
-					         Prog, grp->gr_name);
-					break;
-				}
-			}
-			endpwent ();
-		}
-
-		if (NULL == pwd) {
-			/*
-			 * We can remove this group, it is not the primary
-			 * group of any remaining user.
-			 */
-			if (gr_remove (grp->gr_name) == 0) {
-				fprintf (stderr,
-				         _("%s: cannot remove entry '%s' from %s\n"),
-				         Prog, grp->gr_name, gr_dbname ());
-				fail_exit (E_GRP_UPDATE);
-			}
-
-#ifdef SHADOWGRP
-			deleted_user_group = true;
-#endif				/* SHADOWGRP */
-
-#ifdef WITH_AUDIT
-			audit_logger (AUDIT_DEL_GROUP, Prog,
-			              "deleting group",
-			              grp->gr_name, AUDIT_NO_ID,
-			              SHADOW_AUDIT_SUCCESS);
-#endif				/* WITH_AUDIT */
-			SYSLOG ((LOG_INFO,
-				 "removed group '%s' owned by '%s'\n",
-				 grp->gr_name, user_name));
-		}
-	}
 #ifdef	SHADOWGRP
 	if (!is_shadow_grp) {
 		return;
@@ -317,19 +258,109 @@
 		              SHADOW_AUDIT_SUCCESS);
 #endif				/* WITH_AUDIT */
 		SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
-			 user_name, nsgrp->sg_name));
+		         user_name, nsgrp->sg_name));
 	}
+#endif				/* SHADOWGRP */
+}
 
-	if (   deleted_user_group
-	    && (sgr_locate (user_name) != NULL)) {
-		if (sgr_remove (user_name) == 0) {
+/*
+ * remove_usergroup - delete the user's group if it is a usergroup
+ *
+ *	An usergroup is removed if
+ *	  + it has the same name as the user
+ *	  + it is the primary group of the user
+ *	  + it has no other members
+ *	  + it is not the primary group of any other user
+ */
+static void remove_usergroup (void)
+{
+	const struct group *grp;
+	const struct passwd *pwd = NULL;
+
+	grp = gr_locate (user_name);
+	if (NULL == grp) {
+		/* This user has no usergroup. */
+		return;
+	}
+
+	if (grp->gr_gid != user_gid) {
+		fprintf (stderr,
+		         _("%s: group %s not removed because it is not the primary group of user %s.\n"),
+		         Prog, grp->gr_name, user_name);
+		return;
+	}
+
+	if (NULL != grp->gr_mem[0]) {
+		/* The usergroup has other members. */
+		fprintf (stderr,
+		         _("%s: group %s not removed because it has other members.\n"),
+		         Prog, grp->gr_name);
+		return;
+	}
+
+	if (!fflg) {
+		/*
+		 * Scan the passwd file to check if this group is still
+		 * used as a primary group.
+		 */
+		setpwent ();
+		while ((pwd = getpwent ()) != NULL) {
+			if (strcmp (pwd->pw_name, user_name) == 0) {
+				continue;
+			}
+			if (pwd->pw_gid == grp->gr_gid) {
+				fprintf (stderr,
+				         _("%s: group %s is the primary group of another user and is not removed.\n"),
+				         Prog, grp->gr_name);
+				break;
+			}
+		}
+		endpwent ();
+	}
+
+	if (NULL == pwd) {
+		/*
+		 * We can remove this group, it is not the primary
+		 * group of any remaining user.
+		 */
+		if (gr_remove (grp->gr_name) == 0) {
 			fprintf (stderr,
 			         _("%s: cannot remove entry '%s' from %s\n"),
-			         Prog, user_name, sgr_dbname ());
+			         Prog, grp->gr_name, gr_dbname ());
 			fail_exit (E_GRP_UPDATE);
 		}
+
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_DEL_GROUP, Prog,
+		              "deleting group",
+		              grp->gr_name, AUDIT_NO_ID,
+		              SHADOW_AUDIT_SUCCESS);
+#endif				/* WITH_AUDIT */
+		SYSLOG ((LOG_INFO,
+		         "removed group '%s' owned by '%s'\n",
+		         grp->gr_name, user_name));
+
+#ifdef	SHADOWGRP
+		if (sgr_locate (user_name) != NULL) {
+			if (sgr_remove (user_name) == 0) {
+				fprintf (stderr,
+				         _("%s: cannot remove entry '%s' from %s\n"),
+				         Prog, user_name, sgr_dbname ());
+				fail_exit (E_GRP_UPDATE);
+			}
+#ifdef WITH_AUDIT
+			audit_logger (AUDIT_DEL_GROUP, Prog,
+			              "deleting shadow group",
+			              grp->gr_name, AUDIT_NO_ID,
+			              SHADOW_AUDIT_SUCCESS);
+#endif				/* WITH_AUDIT */
+			SYSLOG ((LOG_INFO,
+			         "removed shadow group '%s' owned by '%s'\n",
+			         grp->gr_name, user_name));
+
+		}
+#endif				/* SHADOWGRP */
 	}
-#endif				/* SHADOWGRP */
 }
 
 /*
@@ -925,6 +956,7 @@
 			exit (E_NOTFOUND);
 		}
 		user_id = pwd->pw_uid;
+		user_gid = pwd->pw_gid;
 		user_home = xstrdup (pwd->pw_dir);
 	}
 #ifdef WITH_TCB

More information about the Pkg-shadow-commits mailing list