shadow-utils/shadow-4.0.13-newgrpPwd.patch

93 lines
3.0 KiB
Diff
Raw Normal View History

2005-10-22 12:38:17 +00:00
--- shadow-4.0.13/src/newgrp.c.newgrpPwd 2005-09-15 18:44:12.000000000 +0200
+++ shadow-4.0.13/src/newgrp.c 2005-10-21 16:02:16.000000000 +0200
@@ -333,25 +333,37 @@ int main (int argc, char **argv)
}
#endif
- /*
- * see if she is a member of this group. If she isn't a member, she
- * needs to provide the group password. If there is no group
- * password, she will be denied access anyway.
- *
- */
- if (!is_on_list (grp->gr_mem, name))
- needspasswd = 1;
+ /* Needn't password:
+ * - default user's GID = group ID
+ * - members of group
+ * - root
+ * Need password:
+ * - all others users
+ *
+ * -- Karel Zak <kzak@redhat.com> 2004/03/29
+ */
+ if (getuid ()!=0)
+ {
+ if (grp->gr_gid==pwd->pw_gid)
+ needspasswd = 0;
+ else if (is_on_list (grp->gr_mem, name))
+ needspasswd = 0;
+ else
+ needspasswd = 1;
/*
* If she does not have either a shadowed password, or a regular
* password, and the group has a password, she needs to give the
* group password.
*/
- if ((spwd = getspnam (name)))
- pwd->pw_passwd = spwd->sp_pwdp;
-
- if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
- needspasswd = 1;
+ if (!needspasswd)
+ {
+ if ((spwd = getspnam (name)))
+ pwd->pw_passwd = spwd->sp_pwdp;
+ if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
+ needspasswd = 1;
+ }
+ }
/*
* Now i see about letting her into the group she requested. If she
@@ -362,7 +374,21 @@ int main (int argc, char **argv)
* Note that she now has to provide the password to her own group,
* unless she is listed as a member. -- JWP
*/
- if (getuid () != 0 && needspasswd) {
+ if (needspasswd) {
+
+ /* note: the original util-linux newgrp didn't ask for pasword if
+ * there is no password. It's better directly give up.
+ * -- kzak@redhat.com
+ */
+ if (grp->gr_passwd==NULL || grp->gr_passwd[0] == '\0') {
+ /*
+ * there is no password, print out "Sorry" and give up
+ */
+ sleep (1);
+ fputs (_("Sorry.\n"), stderr);
+ goto failure;
+ }
+
/*
* get the password from her, and set the salt for
* the decryption from the group file.
@@ -378,15 +404,6 @@ int main (int argc, char **argv)
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
- if (grp->gr_passwd[0] == '\0') {
- /*
- * there is no password, print out "Sorry" and give up
- */
- sleep (1);
- fputs (_("Sorry.\n"), stderr);
- goto failure;
- }
-
if (strcmp (cpasswd, grp->gr_passwd) != 0) {
SYSLOG ((LOG_INFO,
"Invalid password for group `%s' from `%s'",