static int update_gshadow (void)
{
int is_member;
int was_member;
int was_admin;
int changed;
const struct sgrp *sgrp;
struct sgrp *nsgrp;
if (!sgr_lock ()) {
fprintf (stderr,
_("%s: error locking shadow group file\n"), Prog);
SYSLOG ((LOG_ERR, "error locking shadow group file"));
return -1;
}
if (!sgr_open (O_RDWR)) {
fprintf (stderr,
_("%s: error opening shadow group file\n"), Prog);
SYSLOG ((LOG_ERR, "error opening shadow group file"));
sgr_unlock ();
return -1;
}
changed = 0;
/*
* Scan through the entire shadow group file looking for the groups
* that the user is a member of.
*/
while ((sgrp = sgr_next ())) {
/*
* See if the user was a member of this group
*/
was_member = is_on_list (sgrp->sg_mem, user_name);
/*
* See if the user was an administrator of this group
*/
was_admin = is_on_list (sgrp->sg_adm, user_name);
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
is_member = Gflg
&& is_on_list (user_groups, sgrp->sg_name);
if (!was_member && !was_admin && !is_member)
continue;
nsgrp = __sgr_dup (sgrp);
if (!nsgrp) {
fprintf (stderr,
_
("%s: out of memory in update_gshadow\n"),
Prog);
sgr_unlock ();
return -1;
}
if (was_admin && lflg) {
nsgrp->sg_adm =
del_list (nsgrp->sg_adm, user_name);
nsgrp->sg_adm =
add_list (nsgrp->sg_adm, user_newname);
changed = 1;
SYSLOG ((LOG_INFO,
"change admin `%s' to `%s' in shadow group `%s'",
user_name, user_newname, nsgrp->sg_name));
}
if (was_member && (!Gflg || is_member)) {
if (lflg) {
nsgrp->sg_mem = del_list (nsgrp->sg_mem,
user_name);
nsgrp->sg_mem = add_list (nsgrp->sg_mem,
user_newname);
changed = 1;
SYSLOG ((LOG_INFO,
"change `%s' to `%s' in shadow group `%s'",
user_name, user_newname,
nsgrp->sg_name));
}
} else if (was_member && Gflg && !is_member) {
nsgrp->sg_mem =
del_list (nsgrp->sg_mem, user_name);
changed = 1;
SYSLOG ((LOG_INFO,
"delete `%s' from shadow group `%s'",
user_name, nsgrp->sg_name));
} else if (!was_member && Gflg && is_member) {
nsgrp->sg_mem = add_list (nsgrp->sg_mem,
lflg ? user_newname :
user_name);
changed = 1;
SYSLOG ((LOG_INFO, "add `%s' to shadow group `%s'",
lflg ? user_newname : user_name,
nsgrp->sg_name));
}
if (!changed)
continue;
changed = 0;
/*
* Update the group entry to reflect the changes.
*/
if (!sgr_update (nsgrp)) {
fprintf (stderr,
_("%s: error adding new group entry\n"),
Prog);
SYSLOG ((LOG_ERR,
"error adding shadow group entry"));
sgr_unlock ();
return -1;
}
#ifdef NDBM
/*
* Update the DBM group file with the new entry as well.
*/
if (!sg_dbm_update (nsgrp)) {
fprintf (stderr,
_("%s: cannot add new dbm group entry\n"),
Prog);
SYSLOG ((LOG_ERR,
"error adding dbm shadow group entry"));
sgr_unlock ();
return -1;
}
#endif /* NDBM */
}
#ifdef NDBM
endsgent ();
#endif /* NDBM */
if (!sgr_close ()) {
fprintf (stderr,
_("%s: cannot rewrite shadow group file\n"),
Prog);
sgr_unlock ();
return -1;
}
sgr_unlock ();
return 0;
}
static void grp_update (void)
{
struct group grp;
#ifdef SHADOWGRP
struct sgrp sgrp;
#endif /* SHADOWGRP */
/*
* Create the initial entries for this new group.
*/
new_grent (&grp);
#ifdef SHADOWGRP
new_sgent (&sgrp);
#endif /* SHADOWGRP */
/*
* Write out the new group file entry.
*/
if (!gr_update (&grp)) {
fprintf (stderr, _("%s: error adding new group entry\n"),
Prog);
fail_exit (E_GRP_UPDATE);
}
#ifdef NDBM
/*
* Update the DBM group file with the new entry as well.
*/
if (gr_dbm_present () && !gr_dbm_update (&grp)) {
fprintf (stderr, _("%s: cannot add new dbm group entry\n"),
Prog);
fail_exit (E_GRP_UPDATE);
}
endgrent ();
#endif /* NDBM */
#ifdef SHADOWGRP
/*
* Write out the new shadow group entries as well.
*/
if (is_shadow_grp && !sgr_update (&sgrp)) {
fprintf (stderr, _("%s: error adding new group entry\n"),
Prog);
fail_exit (E_GRP_UPDATE);
}
#ifdef NDBM
/*
* Update the DBM group file with the new entry as well.
*/
if (is_shadow_grp && sg_dbm_present () && !sg_dbm_update (&sgrp)) {
fprintf (stderr, _("%s: cannot add new dbm group entry\n"),
Prog);
fail_exit (E_GRP_UPDATE);
}
endsgent ();
#endif /* NDBM */
#endif /* SHADOWGRP */
SYSLOG ((LOG_INFO, "new group: name=%s, gid=%u",
group_name, (unsigned int)group_id));
}
static void
update_groups(void)
{
const struct group *grp;
struct group *ngrp;
#ifdef SHADOWGRP
const struct sgrp *sgrp;
struct sgrp *nsgrp;
#endif /* SHADOWGRP */
/*
* Scan through the entire group file looking for the groups that
* the user is a member of.
*/
for (gr_rewind (), grp = gr_next ();grp;grp = gr_next ()) {
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
if (!is_on_list(grp->gr_mem, user_name))
continue;
/*
* Delete the username from the list of group members and
* update the group entry to reflect the change.
*/
ngrp = __gr_dup(grp);
if (!ngrp) {
exit(13); /* XXX */
}
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
if (!gr_update(ngrp))
fprintf(stderr, _("%s: error updating group entry\n"),
Prog);
/*
* Update the DBM group file with the new entry as well.
*/
#ifdef NDBM
if (!gr_dbm_update(ngrp))
fprintf(stderr,
_("%s: cannot update dbm group entry\n"),
Prog);
#endif /* NDBM */
SYSLOG((LOG_INFO, "delete `%s' from group `%s'\n",
user_name, ngrp->gr_name));
}
#ifdef NDBM
endgrent ();
#endif /* NDBM */
#ifdef SHADOWGRP
if (!is_shadow_grp)
return;
/*
* Scan through the entire shadow group file looking for the groups
* that the user is a member of. Both the administrative list and
* the ordinary membership list is checked.
*/
for (sgr_rewind (), sgrp = sgr_next ();sgrp;sgrp = sgr_next ()) {
int was_member, was_admin;
/*
* See if the user specified this group as one of their
* concurrent groups.
*/
was_member = is_on_list(sgrp->sg_mem, user_name);
was_admin = is_on_list(sgrp->sg_adm, user_name);
if (!was_member && !was_admin)
continue;
nsgrp = __sgr_dup(sgrp);
if (!nsgrp) {
exit(13); /* XXX */
}
if (was_member)
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
if (was_admin)
nsgrp->sg_adm = del_list (nsgrp->sg_adm, user_name);
if (!sgr_update(nsgrp))
fprintf(stderr, _("%s: error updating group entry\n"),
Prog);
#ifdef NDBM
/*
* Update the DBM group file with the new entry as well.
*/
if (!sg_dbm_update(nsgrp))
fprintf(stderr,
_("%s: cannot update dbm group entry\n"),
Prog);
#endif /* NDBM */
SYSLOG((LOG_INFO, "delete `%s' from shadow group `%s'\n",
user_name, nsgrp->sg_name));
}
#ifdef NDBM
endsgent ();
#endif /* NDBM */
#endif /* SHADOWGRP */
}
