//********************************************************
void WordsEdit::do_add_word(void)
{
QString str = lineword->text();
char *word = (char *)str.latin1();
FindLastWord = 0;
FindLastGroup = 0;
int curgroup = listgroup->currentItem();
if(find_down(word)){
sprintf(tmp,"This word already exists (in group %d).\nDo you wish to remove this occurance and add it to this group ?",wordlist->WordGroup[FindLastGroup].GroupNum);
switch( QMessageBox::information( this, "Remove duplicate word ?",
tmp,
"Yes", "No",
0, // Enter == button 0
1 ) ) { // Escape == button 1
case 0: //yes
wordlist->WordGroup[FindLastGroup].Words.del(FindLastWord);
update_group(FindLastGroup);
changed=true;
break;
case 1: //no
return;
}
}
wordlist->WordGroup[curgroup].Words.addsorted(word);
changed=true;
select_group(curgroup);
update_group(curgroup);
}
local void paction(Player *p, int action, Arena *arena)
{
pdata *pdata = PPDATA(p, pdkey);
if (action == PA_PREENTERARENA)
update_group(p, pdata, arena, TRUE);
else if (action == PA_CONNECT)
update_group(p, pdata, NULL, TRUE);
else if (action == PA_DISCONNECT || action == PA_LEAVEARENA)
astrncpy(pdata->group, "none", MAXGROUPLEN);
}
void remove_value(
const Shared & shared,
size_t groupid,
const Group & group,
const Value &,
rng_t & rng) {
update_group(shared, groupid, group, rng);
}
void update_all(
const Shared & shared,
const std::vector<Group> & groups,
rng_t & rng) {
const size_t group_count = groups.size();
for (size_t groupid = 0; groupid < group_count; ++groupid) {
update_group(shared, groupid, groups[groupid], rng);
}
}
static int grp_update (void)
{
int ret;
ret = update_group ();
#ifdef SHADOWGRP
if (!ret && is_shadow_grp)
ret = update_gshadow ();
#endif
return ret;
}
//********************************************************
void WordsEdit::delete_word_cb(void)
{
QString str = lineword->text();
char *word = (char *)str.latin1();
int k=wordlist->delete_word(word,SelectedGroup);
if(k!=-1){
lineword->setText("");
listwords->removeItem(k);
update_group(SelectedGroup);
changed=true;
return;
}
}
//********************************************************
void WordsEdit::change_group_number_cb(void)
{
AskNumber *newnumber = new AskNumber(0,0,"Change group number","Enter group number:");
if(!newnumber->exec())return;
int i;
QString str = newnumber->num->text();
int num = atoi((char *)str.latin1());
if(num < 0 || num > 65535){
menu->errmes("Wordsedit","You must enter an integer from 0 to 65535.");
return;
}
int currentgroup = listgroup->currentItem();
if((i=wordlist->change_number(currentgroup,num))==-1)return ;
listgroup->removeItem(currentgroup);
listgroup->insertItem("",i);
update_group(i);
changed=true;
}
/* Quadratic sorting method to use for small subarrays. To be able to update
group numbers consistently, a variant of selection sorting is used.*/
void select_sort_split(const int_iter &p, int64_t n) {
int_iter pa, pb, pi, pn;
uint64_t f, v;
pa=p; /* pa is start of group being picked out.*/
pn=p+n-1; /* pn is last position of subarray.*/
while (pa<pn) {
for (pi=pb=(pa+1), f=key(pa); pi<=pn; ++pi)
if ((v=key(pi))<f) {
f=v; /* f is smallest key found.*/
swap(pi, pa); /* place smallest element at beginning.*/
pb=pa+1; /* pb is position for elements equal to f.*/
} else if (v==f) { /* if equal to smallest key.*/
swap(pi, pb); /* place next to other smallest elements.*/
++pb;
}
update_group(pa, pb-1); /* update group values for new group.*/
pa=pb; /* continue sorting rest of the subarray.*/
}
if (pa==pn) { /* check if last part is single element.*/
m_VV[*pa]=pa-m_SA;
*pa=mark_neg(1); /* sorted group.*/
}
}
static void select_sort_split(int *p, int n) {
int *pa, *pb, *pi, *pn;
int f, v, tmp;
pa=p; /* pa is start of group being picked out.*/
pn=p+n-1; /* pn is last position of subarray.*/
while (pa<pn) {
for (pi=pb=pa+1, f=KEY(pa); pi<=pn; ++pi)
if ((v=KEY(pi))<f) {
f=v; /* f is smallest key found.*/
SWAP(pi, pa); /* place smallest element at beginning.*/
pb=pa+1; /* pb is position for elements equal to f.*/
} else if (v==f) { /* if equal to smallest key.*/
SWAP(pi, pb); /* place next to other smallest elements.*/
++pb;
}
update_group(pa, pb-1); /* update group values for new group.*/
pa=pb; /* continue sorting rest of the subarray.*/
}
if (pa==pn) { /* check if last part is single element.*/
V[*pa]=pa-I;
*pa=-1; /* sorted group.*/
}
}
/*
* gpasswd - administer the /etc/group file
*/
int main (int argc, char **argv)
{
struct group grent;
#ifdef SHADOWGRP
struct sgrp sgent;
#endif
struct passwd *pw = NULL;
#ifdef WITH_AUDIT
audit_help_open ();
#endif
sanitize_env ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
/*
* Make a note of whether or not this command was invoked by root.
* This will be used to bypass certain checks later on. Also, set
* the real user ID to match the effective user ID. This will
* prevent the invoker from issuing signals which would interfere
* with this command.
*/
bywho = getuid ();
Prog = Basename (argv[0]);
OPENLOG ("gpasswd");
setbuf (stdout, NULL);
setbuf (stderr, NULL);
#ifdef SHADOWGRP
is_shadowgrp = sgr_file_present ();
#endif
/*
* Determine the name of the user that invoked this command. This
* is really hit or miss because there are so many ways that command
* can be executed and so many ways to trip up the routines that
* report the user name.
*/
pw = get_my_pwent ();
if (NULL == pw) {
fprintf (stderr, _("%s: Cannot determine your user name.\n"),
Prog);
SYSLOG ((LOG_WARN,
"Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
exit (E_NOPERM);
}
myname = xstrdup (pw->pw_name);
/*
* Register an exit function to warn for any inconsistency that we
* could create.
*/
if (atexit (do_cleanups) != 0) {
fprintf(stderr, "%s: cannot set exit function\n", Prog);
exit (1);
}
/* Parse the options */
process_flags (argc, argv);
/*
* Replicate the group so it can be modified later on.
*/
#ifdef SHADOWGRP
get_group (&grent, &sgent);
#else
get_group (&grent);
#endif
/*
* Check if the user is allowed to change the password of this group.
*/
#ifdef SHADOWGRP
check_perms (&grent, &sgent);
#else
check_perms (&grent);
#endif
/*
* Removing a password is straight forward. Just set the password
* field to a "".
*/
if (rflg) {
grent.gr_passwd = ""; /* XXX warning: const */
#ifdef SHADOWGRP
sgent.sg_passwd = ""; /* XXX warning: const */
#endif
goto output;
} else if (Rflg) {
/*
* Same thing for restricting the group. Set the password
* field to "!".
*/
grent.gr_passwd = "!"; /* XXX warning: const */
#ifdef SHADOWGRP
sgent.sg_passwd = "!"; /* XXX warning: const */
#endif
goto output;
}
/*
* Adding a member to a member list is pretty straightforward as
* well. Call the appropriate routine and split.
*/
if (aflg) {
printf (_("Adding user %s to group %s\n"), user, group);
grent.gr_mem = add_list (grent.gr_mem, user);
#ifdef SHADOWGRP
if (is_shadowgrp) {
sgent.sg_mem = add_list (sgent.sg_mem, user);
}
#endif
goto output;
}
/*
* Removing a member from the member list is the same deal as adding
* one, except the routine is different.
*/
if (dflg) {
bool removed = false;
printf (_("Removing user %s from group %s\n"), user, group);
if (is_on_list (grent.gr_mem, user)) {
removed = true;
grent.gr_mem = del_list (grent.gr_mem, user);
}
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (is_on_list (sgent.sg_mem, user)) {
removed = true;
sgent.sg_mem = del_list (sgent.sg_mem, user);
}
}
#endif
if (!removed) {
fprintf (stderr,
_("%s: user '%s' is not a member of '%s'\n"),
Prog, user, group);
exit (E_BAD_ARG);
}
goto output;
}
#ifdef SHADOWGRP
/*
* Replacing the entire list of administrators is simple. Check the
* list to make sure everyone is a real user. Then slap the new list
* in place.
*/
if (Aflg) {
sgent.sg_adm = comma_to_list (admins);
if (!Mflg) {
goto output;
}
}
#endif /* SHADOWGRP */
/*
* Replacing the entire list of members is simple. Check the list to
* make sure everyone is a real user. Then slap the new list in
* place.
*/
if (Mflg) {
#ifdef SHADOWGRP
sgent.sg_mem = comma_to_list (members);
#endif
grent.gr_mem = comma_to_list (members);
goto output;
}
/*
* If the password is being changed, the input and output must both
* be a tty. The typical keyboard signals are caught so the termio
* modes can be restored.
*/
if ((isatty (0) == 0) || (isatty (1) == 0)) {
fprintf (stderr, _("%s: Not a tty\n"), Prog);
exit (E_NOPERM);
}
catch_signals (0); /* save tty modes */
(void) signal (SIGHUP, catch_signals);
(void) signal (SIGINT, catch_signals);
(void) signal (SIGQUIT, catch_signals);
(void) signal (SIGTERM, catch_signals);
#ifdef SIGTSTP
(void) signal (SIGTSTP, catch_signals);
#endif
/* Prompt for the new password */
#ifdef SHADOWGRP
change_passwd (&grent, &sgent);
#else
change_passwd (&grent);
#endif
/*
* This is the common arrival point to output the new group file.
* The freshly crafted entry is in allocated space. The group file
* will be locked and opened for writing. The new entry will be
* output, etc.
*/
output:
if (setuid (0) != 0) {
fputs (_("Cannot change ID to root.\n"), stderr);
SYSLOG ((LOG_ERR, "can't setuid(0)"));
closelog ();
exit (E_NOPERM);
}
pwd_init ();
open_files ();
#ifdef SHADOWGRP
update_group (&grent, &sgent);
#else
update_group (&grent);
#endif
close_files ();
nscd_flush_cache ("group");
exit (E_SUCCESS);
}
local int HasCapabilityInArena(Player *p, Arena *a, const char *cap)
{
pdata tmp_pdata;
update_group(p, &tmp_pdata, a, FALSE);
return cfg->GetStr(groupdef, tmp_pdata.group, cap) != NULL;
}
int al__add_to_group(const char *username, struct al_record *record)
{
FILE *in, *out;
char *line = NULL, *p;
int len = strlen(username), linesize, nentries, i, nhesgroups;
int lockfd, status, ngroups;
gid_t gid, primary_gid, *groups;
struct hesgroup *hesgroups;
/* Retrieve the hesiod groups. */
if (retrieve_hesgroups(username, &hesgroups, &nhesgroups, &primary_gid) != 0)
return AL_WGROUP;
/* Open the input and output files. */
out = lock_group(&lockfd);
if (!out)
{
free_hesgroups(hesgroups, nhesgroups);
return AL_WGROUP;
}
in = fopen(PATH_GROUP, "r");
if (!in)
{
free_hesgroups(hesgroups, nhesgroups);
discard_group_lockfile(out, lockfd);
return AL_WGROUP;
}
/* Set up the groups array in the session record. */
groups = malloc(nhesgroups * sizeof(gid_t));
if (!groups)
{
free_hesgroups(hesgroups, nhesgroups);
discard_group_lockfile(out, lockfd);
fclose(in);
return AL_ENOMEM;
}
ngroups = 0;
/* Count the number of groups the user already belongs to. */
nentries = 0;
while ((status = al__read_line(in, &line, &linesize)) == 0)
{
/* Skip the group name, group password, and gid; record the gid. */
if (parse_to_gid(line, &p, &gid) != 0)
continue;
/* Don't include the primary gid in the count. */
if (gid == primary_gid)
continue;
/* Look for username in the group's user list. */
while (p)
{
p++;
if (strncmp(p, username, len) == 0
&& (*(p + len) == ',' || *(p + len) == 0))
{
nentries++;
break;
}
p = strchr(p, ',');
}
}
if (status == -1)
{
free(groups);
free_hesgroups(hesgroups, nhesgroups);
discard_group_lockfile(out, lockfd);
fclose(in);
return AL_ENOMEM;
}
/* Copy in to out, adding the user to groups as we go. We choose to skip
* malformed group lines because it's a little easier; you could justify
* either skipping or preserving them. Hopefully we won't find any. */
rewind(in);
while ((status = al__read_line(in, &line, &linesize)) == 0)
{
/* Skip the group name, group password, and gid; record the gid. */
if (parse_to_gid(line, &p, &gid) != 0)
continue;
/* Write out the output line, without a newline for now. */
fputs(line, out);
/* Check if Hesiod has the user in this group. */
for (i = 0; i < nhesgroups; i++)
{
if (hesgroups[i].gid == gid)
break;
}
if (i < nhesgroups)
{
/* Just for safety, if we've seen this group entry before, don't
* do anything with it. Otherwise we might overflow
* groups on a bad group file. */
if (hesgroups[i].present)
{
putc('\n', out);
continue;
}
/* Make a note that this Hesiod group already has a listing. */
hesgroups[i].present = 1;
/* Check if the user is already listed in this group. */
while (p)
{
p++;
if (strncmp(p, username, len) == 0
&& (*(p + len) == ',' || *(p + len) == 0))
break;
p = strchr(p, ',');
}
if (p)
{
putc('\n', out);
continue;
}
/* Add the user to the group if it's the primary group or if
* the user isn't already in MAX_GROUPS other groups. */
if (nentries < MAX_GROUPS || gid == primary_gid)
{
if (line[strlen(line) - 1] != ':')
putc(',', out);
fputs(username, out);
if (gid != primary_gid)
nentries++;
groups[ngroups++] = gid;
}
}
/* finish up the output line. */
putc('\n', out);
}
if (status == -1)
{
free(groups);
free_hesgroups(hesgroups, nhesgroups);
discard_group_lockfile(out, lockfd);
fclose(in);
return AL_ENOMEM;
}
/* Write out group lines which had no listings before. */
for (i = 0; i < nhesgroups; i++)
{
gid = hesgroups[i].gid;
if (hesgroups[i].present)
continue;
if (nentries < MAX_GROUPS || gid == primary_gid)
{
fprintf(out, "%s:*:%lu:%s\n", hesgroups[i].name,
(unsigned long) gid, username);
if (gid != primary_gid)
nentries++;
groups[ngroups++] = gid;
}
}
/* Clean up allocated memory. */
fclose(in);
free(line);
free_hesgroups(hesgroups, nhesgroups);
/* Update the group file from what we wrote out. */
if (update_group(out, lockfd) < 0)
{
free(groups);
return AL_WGROUP;
}
record->groups = groups;
record->ngroups = ngroups;
return AL_SUCCESS;
}
int al__remove_from_group(const char *username, struct al_record *record)
{
FILE *in, *out;
char *line = NULL, *p;
int i, lockfd, linesize, nlocal, status, len = strlen(username);
gid_t gid, *local;
local = retrieve_local_gids(&nlocal);
out = lock_group(&lockfd);
if (!out)
{
free(local);
return AL_EPERM;
}
in = fopen(PATH_GROUP, "r");
if (!in)
{
free(local);
discard_group_lockfile(out, lockfd);
return AL_EPERM;
}
/* Copy in to out, eliminating the user from groups in record->groups. */
while ((status = al__read_line(in, &line, &linesize)) == 0)
{
/* Skip the group name, group password, and gid; record the gid. */
if (parse_to_gid(line, &p, &gid) != 0)
continue;
for (i = 0; i < record->ngroups; i++)
{
if (record->groups[i] == gid)
break;
}
if (i < record->ngroups)
{
/* Search for username in the membership list and remove it. */
while (p)
{
p++;
if (strncmp(p, username, len) == 0
&& (*(p + len) == ',' || *(p + len) == 0))
{
/* Found it; now remove it. */
i = (*(p + len) == ',') ? len + 1 : len;
memmove(p, p + i, strlen(p + i) + 1);
if (*p == 0 && *(p - 1) == ',')
*(p - 1) = 0;
}
p = strchr(p, ',');
}
}
/* If the edited line has a non-empty user list or is in the local
* gid list, write it out. */
if (line[strlen(line) - 1] != ':' || in_local_gids(local, nlocal, gid))
{
fputs(line, out);
putc('\n', out);
}
}
fclose(in);
free(line);
free(local);
if (status == -1)
{
discard_group_lockfile(out, lockfd);
return AL_ENOMEM;
}
if (update_group(out, lockfd) < 0)
return AL_EPERM;
return AL_SUCCESS;
}
void
authclnt::sfsauth_update (svccb *sbp)
{
update_info i;
i.cp = NULL;
i.ur = NULL;
if (sbp->getaui () >= credtab.size ()
|| !(i.cp = &credtab[sbp->getaui ()])
|| i.cp->type != SFS_UNIXCRED
|| !(i.ur = utab[sbp->getaui ()])
|| i.ur->authtype == SFS_NOAUTH) {
sbp->reject (AUTH_REJECTEDCRED);
return;
}
i.res.set_ok (false);
i.kname.set_type (SFSAUTH_DBKEY_NAME);
*i.kname.name = i.cp->unixcred->username;
dbfile *cdbp;
if (!get_user_cursor (&cdbp, NULL, &i.cdbr, i.kname)
|| i.cp->unixcred->username != i.cdbr.userinfo->name) {
*i.res.errmsg = "could not load credential db record";
sbp->replyref (i.res);
return;
}
if (i.cp->unixcred->uid != i.cdbr.userinfo->id) {
*i.res.errmsg = "invalid uid";
warn << i.cp->unixcred->username << " authenticated with uid "
<< i.cp->unixcred->uid << " while DB record has uid "
<< i.cdbr.userinfo->id << "\n";
warn << "could user " << i.cp->unixcred->username << " have"
<< " wrong UID in sfs_users file?\n";
sbp->replyref (i.res);
return;
}
i.argp = sbp->Xtmpl getarg<sfsauth2_update_arg> ();
if (i.argp->req.type != SFS_UPDATEREQ
|| (i.argp->req.rec.type != SFSAUTH_USER
&& i.argp->req.rec.type != SFSAUTH_GROUP)) {
*i.res.errmsg = "invalid request";
sbp->replyref (i.res);
return;
}
i.opts = i.argp->req.opts;
if (i.argp->req.authid != authid) {
*i.res.errmsg = "invalid authid";
sbp->replyref (i.res);
return ;
}
static rxx adminrx ("(\\A|,)admin(\\Z|,)");
i.admin = cdbp->allow_admin && adminrx.search (i.cdbr.userinfo->privs);
if (!update_checksig (sbp, i, cdbp))
return;
if (i.argp->req.rec.type == SFSAUTH_USER)
update_user (sbp, i);
else
update_group (sbp, i);
sbp->replyref (i.res);
}