On Fri, 12 Sep 2014, Karel Zak wrote:
On Sun, Sep 07, 2014 at 01:42:53PM +0100, Sami Kerola wrote:
Signed-off-by: Sami Kerola <kerolasa@xxxxxx>
---
login-utils/newgrp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
If we really want to support passwords for groups then it would be
better to add support for this to PAM. But it seems it's so crazy and
unnecessary that nobody has been motivated to do this change in last
20 years.
It would be better to remove support for /etc/gshadow from newgrp at
all.
Either PAM does not support group passwords, or I misread docs & git
checkout. What comes to gshadow itself I do agree finding an example when
using them would be useful is hard. Then again the support for group
passwords has been around for long time and even opengroup mentions
authorizations.
http://pubs.opengroup.org/onlinepubs/009695299/utilities/newgrp.html
So that in mind I changed the newgrp change somewhat. Here is first
alteration.
--->8----
From: Sami Kerola <kerolasa@xxxxxx>
Date: Sun, 14 Sep 2014 17:29:54 +0100
Subject: [PATCH 15/17] newgrp: use libc function to read gshadow if it is available
The glib versionf of getsgnam() is using /etc/nsswitch.conf, allowing the
group passwords to come from external database.
Signed-off-by: Sami Kerola <kerolasa@xxxxxx>
---
configure.ac | 1 +
login-utils/newgrp.c | 11 +++++++++++
2 files changed, 12 insertions(+)
diff --git a/configure.ac b/configure.ac
index 5b558ec..c84814f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -302,6 +302,7 @@ AC_CHECK_FUNCS([ \
getexecname \
getmntinfo \
getrlimit \
+ getsgnam \
inotify_init \
inotify_init1 \
jrand48 \
diff --git a/login-utils/newgrp.c b/login-utils/newgrp.c
index 55dad1b..d492f23 100644
--- a/login-utils/newgrp.c
+++ b/login-utils/newgrp.c
@@ -28,6 +28,10 @@
# include <crypt.h>
#endif
+#ifdef HAVE_GETSGNAM
+# include <gshadow.h>
+#endif
+
#include "c.h"
#include "closestream.h"
#include "nls.h"
@@ -37,6 +41,12 @@
/* try to read password from gshadow */
static char *get_gshadow_pwd(char *groupname)
{
+#ifdef HAVE_GETSGNAM
+ struct sgrp *sgrp;
+
+ sgrp = getsgnam(groupname);
+ return sgrp ? xstrdup(sgrp->sg_passwd) : NULL;
+#else
char buf[BUFSIZ];
char *pwd = NULL;
FILE *f;
@@ -69,6 +79,7 @@ static char *get_gshadow_pwd(char *groupname)
}
fclose(f);
return pwd ? xstrdup(pwd) : NULL;
+#endif /* HAVE_GETSGNAM */
}
static int allow_setgid(struct passwd *pe, struct group *ge)
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
