[Pkg-shadow-devel] Re: [Pkg-shadow-commits] r298 - trunk/debian/patches

Nicolas François nicolas.francois@centraliens.net
Fri, 24 Jun 2005 01:11:19 +0200 

Hello,


On Thu, Jun 23, 2005 at 10:48:20PM +0000, Nicolas FRANCOIS wrote:
> Author: nekral-guest
> Date: 2005-06-23 22:48:20 +0000 (Thu, 23 Jun 2005)
> New Revision: 298
> 
> Added:
>    trunk/debian/patches/426_grpck_group-gshadow_members_consistency
> Modified:
>    trunk/debian/patches/series
> Log:
> Warn when the members of a group differ in /etc/groups and /etc/gshadow.
> 
> 
> Added: trunk/debian/patches/426_grpck_group-gshadow_members_consistency
> ===================================================================
> --- trunk/debian/patches/426_grpck_group-gshadow_members_consistency	2005-06-23 21:07:44 UTC (rev 297)
> +++ trunk/debian/patches/426_grpck_group-gshadow_members_consistency	2005-06-23 22:48:20 UTC (rev 298)
> @@ -0,0 +1,81 @@
> +Goal: Warn when the members of a group differ in /etc/groups and /etc/gshadow.
> +Fixes: #75181
> +
> +Status wrt upstream: It should be forwarded to upstream.
> +
> +Index: shadow-4.0.3/src/grpck.c
> +===================================================================
> +--- shadow-4.0.3.orig/src/grpck.c	2005-06-24 00:02:49.490159000 +0200
> ++++ shadow-4.0.3/src/grpck.c	2005-06-24 00:33:48.520159000 +0200
> +@@ -437,6 +437,40 @@
> + 			gre->changed = 1;
> + 			__gr_set_changed ();
> + 		}
> ++
> ++#ifdef	SHADOWGRP
> ++		/*
> ++		 * Make sure this entry exists in the /etc/gshadow file.
> ++		 */
> ++
> ++		if (is_shadow)
> ++		{
> ++			sgr = (struct sgrp *)sgr_locate (grp->gr_name);
> ++			if (sgr == NULL) {

---8<---------------------------------------------------------------------

> ++				printf (_("no matching group file entry in %s\n"), grp_file);
> ++				printf (_("delete line `%s'? "), gre->line);
> ++				errors++;
> ++				if (yes_or_no ())
> ++					goto delete_gr;

---8<---------------------------------------------------------------------

> ++			} else {

The part between dashes asks the user to delete groups in /etc/groups when
they are not present in /etc/gshadow.

This was not asked by the submitter. I added this to have the same
behavior as when a group is in /etc/gshadow but not in /etc/group.
(grpck currently asks the user if he wants to remove the non-consitent
entry from gshadow).

So, do you think this makes sense, or do you want me to remove this part?
(or just warn)

Kind Regards,
-- 
Nekral