src/: Remove dead code

FIRST_MEMBER_IS_ADMIN was never enabled.  And BTW, that code had been
broken for a long time, so probably nobody should manually enable it.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308748>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 83e56a0e7fc411532dc85202b6bf4e3260547ba1..92b83ea0be5a7bdd97a82323ea74439e3d459f45 100644 (file)
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -682,30 +682,8 @@ static void check_perms (const struct group *gr)
                }
        } else
 #endif                         /* SHADOWGRP */
-       if (!amroot) {
-               /*
-                * The policy here for changing a group is that
-                * 1) you must be root or
-                * 2) you must be the first listed member of the group.
-                * The first listed member of a group can do anything to
-                * that group that the root user can. The rationale for
-                * this hack is that the FIRST user is probably the most
-                * important user in this entire group.
-                *
-                * This feature enabled by default could be a security
-                * problem when installed on existing systems where the
-                * first group member might be just a normal user.
-                * --marekm
-                */
-#if !defined(FIRST_MEMBER_IS_ADMIN)
+       if (!amroot)
                failure();
-#endif
-               if (gr->gr_mem[0] == NULL)
-                       failure();
-
-               if (strcmp(gr->gr_mem[0], myname) != 0)
-                       failure();
-       }
 }
 
 /*
@@ -805,16 +783,8 @@ static void get_group (struct group *gr)
 
                        sg->sg_mem = dup_list (gr->gr_mem);
 
-                       sg->sg_adm = XMALLOC(2, char *);
-#ifdef FIRST_MEMBER_IS_ADMIN
-                       if (sg->sg_mem[0]) {
-                               sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
-                               sg->sg_adm[1] = NULL;
-                       } else
-#endif
-                       {
-                               sg->sg_adm[0] = NULL;
-                       }
+                       sg->sg_adm = XMALLOC(1, char *);
+                       sg->sg_adm[0] = NULL;
 
                }
                if (sgr_close () == 0) {

diff --git a/src/groupmems.c b/src/groupmems.c
index 7edbd2fe8822540b00ba9cfc735ddf0220b4195e..b88694984dcfc620e5d5423c3fb71031444f5e75 100644 (file)
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -129,16 +129,8 @@ static void add_user (const char *user,
                        static struct sgrp sgrent;
                        sgrent.sg_name = xstrdup (newgrp->gr_name);
                        sgrent.sg_mem = dup_list (newgrp->gr_mem);
-                       sgrent.sg_adm = XMALLOC(2, char *);
-#ifdef FIRST_MEMBER_IS_ADMIN
-                       if (sgrent.sg_mem[0]) {
-                               sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
-                               sgrent.sg_adm[1] = NULL;
-                       } else
-#endif
-                       {
-                               sgrent.sg_adm[0] = NULL;
-                       }
+                       sgrent.sg_adm = XMALLOC(1, char *);
+                       sgrent.sg_adm[0] = NULL;
 
                        /* Move any password to gshadow */
                        sgrent.sg_passwd = newgrp->gr_passwd;
@@ -212,16 +204,8 @@ static void remove_user (const char *user,
                        static struct sgrp sgrent;
                        sgrent.sg_name = xstrdup (newgrp->gr_name);
                        sgrent.sg_mem = dup_list (newgrp->gr_mem);
-                       sgrent.sg_adm = XMALLOC(2, char *);
-#ifdef FIRST_MEMBER_IS_ADMIN
-                       if (sgrent.sg_mem[0]) {
-                               sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
-                               sgrent.sg_adm[1] = NULL;
-                       } else
-#endif
-                       {
-                               sgrent.sg_adm[0] = NULL;
-                       }
+                       sgrent.sg_adm = XMALLOC(1, char *);
+                       sgrent.sg_adm[0] = NULL;
 
                        /* Move any password to gshadow */
                        sgrent.sg_passwd = newgrp->gr_passwd;