|
 |
0539846 |
--- shadow-4.0.13/src/newgrp.c.newgrpPwd 2005-09-15 18:44:12.000000000 +0200
|
|
|
0539846 |
+++ shadow-4.0.13/src/newgrp.c 2005-10-21 16:02:16.000000000 +0200
|
|
|
0539846 |
@@ -333,25 +333,37 @@ int main (int argc, char **argv)
|
|
|
0539846 |
}
|
|
|
0539846 |
#endif
|
|
|
0539846 |
|
|
|
0539846 |
- /*
|
|
|
0539846 |
- * see if she is a member of this group. If she isn't a member, she
|
|
|
0539846 |
- * needs to provide the group password. If there is no group
|
|
|
0539846 |
- * password, she will be denied access anyway.
|
|
|
0539846 |
- *
|
|
|
0539846 |
- */
|
|
|
0539846 |
- if (!is_on_list (grp->gr_mem, name))
|
|
|
0539846 |
- needspasswd = 1;
|
|
|
0539846 |
+ /* Needn't password:
|
|
|
0539846 |
+ * - default user's GID = group ID
|
|
|
0539846 |
+ * - members of group
|
|
|
0539846 |
+ * - root
|
|
|
0539846 |
+ * Need password:
|
|
|
0539846 |
+ * - all others users
|
|
|
0539846 |
+ *
|
|
|
0539846 |
+ * -- Karel Zak <kzak@redhat.com> 2004/03/29
|
|
|
0539846 |
+ */
|
|
|
0539846 |
+ if (getuid ()!=0)
|
|
|
0539846 |
+ {
|
|
|
0539846 |
+ if (grp->gr_gid==pwd->pw_gid)
|
|
|
0539846 |
+ needspasswd = 0;
|
|
|
0539846 |
+ else if (is_on_list (grp->gr_mem, name))
|
|
|
0539846 |
+ needspasswd = 0;
|
|
|
0539846 |
+ else
|
|
|
0539846 |
+ needspasswd = 1;
|
|
|
0539846 |
|
|
|
0539846 |
/*
|
|
|
0539846 |
* If she does not have either a shadowed password, or a regular
|
|
|
0539846 |
* password, and the group has a password, she needs to give the
|
|
|
0539846 |
* group password.
|
|
|
0539846 |
*/
|
|
|
0539846 |
- if ((spwd = getspnam (name)))
|
|
|
0539846 |
- pwd->pw_passwd = spwd->sp_pwdp;
|
|
|
0539846 |
-
|
|
|
0539846 |
- if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
|
|
|
0539846 |
- needspasswd = 1;
|
|
|
0539846 |
+ if (!needspasswd)
|
|
|
0539846 |
+ {
|
|
|
0539846 |
+ if ((spwd = getspnam (name)))
|
|
|
0539846 |
+ pwd->pw_passwd = spwd->sp_pwdp;
|
|
|
0539846 |
+ if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
|
|
|
0539846 |
+ needspasswd = 1;
|
|
|
0539846 |
+ }
|
|
|
0539846 |
+ }
|
|
|
0539846 |
|
|
|
0539846 |
/*
|
|
|
0539846 |
* Now i see about letting her into the group she requested. If she
|
|
|
0539846 |
@@ -362,7 +374,21 @@ int main (int argc, char **argv)
|
|
|
0539846 |
* Note that she now has to provide the password to her own group,
|
|
|
0539846 |
* unless she is listed as a member. -- JWP
|
|
|
0539846 |
*/
|
|
|
0539846 |
- if (getuid () != 0 && needspasswd) {
|
|
|
0539846 |
+ if (needspasswd) {
|
|
|
0539846 |
+
|
|
|
0539846 |
+ /* note: the original util-linux newgrp didn't ask for pasword if
|
|
|
0539846 |
+ * there is no password. It's better directly give up.
|
|
|
0539846 |
+ * -- kzak@redhat.com
|
|
|
0539846 |
+ */
|
|
|
0539846 |
+ if (grp->gr_passwd==NULL || grp->gr_passwd[0] == '\0') {
|
|
|
0539846 |
+ /*
|
|
|
0539846 |
+ * there is no password, print out "Sorry" and give up
|
|
|
0539846 |
+ */
|
|
|
0539846 |
+ sleep (1);
|
|
|
0539846 |
+ fputs (_("Sorry.\n"), stderr);
|
|
|
0539846 |
+ goto failure;
|
|
|
0539846 |
+ }
|
|
|
0539846 |
+
|
|
|
0539846 |
/*
|
|
|
0539846 |
* get the password from her, and set the salt for
|
|
|
0539846 |
* the decryption from the group file.
|
|
|
0539846 |
@@ -378,15 +404,6 @@ int main (int argc, char **argv)
|
|
|
0539846 |
cpasswd = pw_encrypt (cp, grp->gr_passwd);
|
|
|
0539846 |
strzero (cp);
|
|
|
0539846 |
|
|
|
0539846 |
- if (grp->gr_passwd[0] == '\0') {
|
|
|
0539846 |
- /*
|
|
|
0539846 |
- * there is no password, print out "Sorry" and give up
|
|
|
0539846 |
- */
|
|
|
0539846 |
- sleep (1);
|
|
|
0539846 |
- fputs (_("Sorry.\n"), stderr);
|
|
|
0539846 |
- goto failure;
|
|
|
0539846 |
- }
|
|
|
0539846 |
-
|
|
|
0539846 |
if (strcmp (cpasswd, grp->gr_passwd) != 0) {
|
|
|
0539846 |
SYSLOG ((LOG_INFO,
|
|
|
0539846 |
"Invalid password for group `%s' from `%s'",
|