From: Alejandro Colomar <alx@kernel.org>
Date: Sun, 30 Jun 2024 21:50:31 +0000 (+0200)
Subject: src/: Remove dead code
X-Git-Tag: 4.17.0-rc1~173
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53e1eb404541d3ac7f897e8f74dcb7dcb9c3b964;p=thirdparty%2Fshadow.git

src/: Remove dead code

FIRST_MEMBER_IS_ADMIN was never enabled.  And BTW, that code had been
broken for a long time, so probably nobody should manually enable it.

Link: <https://github.com/shadow-maint/shadow/pull/991#discussion_r1660308748>
Reported-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 83e56a0e7..92b83ea0b 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -682,30 +682,8 @@ static void check_perms (const struct group *gr)
 		}
 	} else
 #endif				/* SHADOWGRP */
-	if (!amroot) {
-		/*
-		 * The policy here for changing a group is that
-		 * 1) you must be root or
-		 * 2) you must be the first listed member of the group.
-		 * The first listed member of a group can do anything to
-		 * that group that the root user can. The rationale for
-		 * this hack is that the FIRST user is probably the most
-		 * important user in this entire group.
-		 *
-		 * This feature enabled by default could be a security
-		 * problem when installed on existing systems where the
-		 * first group member might be just a normal user.
-		 * --marekm
-		 */
-#if !defined(FIRST_MEMBER_IS_ADMIN)
+	if (!amroot)
 		failure();
-#endif
-		if (gr->gr_mem[0] == NULL)
-			failure();
-
-		if (strcmp(gr->gr_mem[0], myname) != 0)
-			failure();
-	}
 }
 
 /*
@@ -805,16 +783,8 @@ static void get_group (struct group *gr)
 
 			sg->sg_mem = dup_list (gr->gr_mem);
 
-			sg->sg_adm = XMALLOC(2, char *);
-#ifdef FIRST_MEMBER_IS_ADMIN
-			if (sg->sg_mem[0]) {
-				sg->sg_adm[0] = xstrdup (sg->sg_mem[0]);
-				sg->sg_adm[1] = NULL;
-			} else
-#endif
-			{
-				sg->sg_adm[0] = NULL;
-			}
+			sg->sg_adm = XMALLOC(1, char *);
+			sg->sg_adm[0] = NULL;
 
 		}
 		if (sgr_close () == 0) {
diff --git a/src/groupmems.c b/src/groupmems.c
index 7edbd2fe8..b88694984 100644
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -129,16 +129,8 @@ static void add_user (const char *user,
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
 			sgrent.sg_mem = dup_list (newgrp->gr_mem);
-			sgrent.sg_adm = XMALLOC(2, char *);
-#ifdef FIRST_MEMBER_IS_ADMIN
-			if (sgrent.sg_mem[0]) {
-				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
-				sgrent.sg_adm[1] = NULL;
-			} else
-#endif
-			{
-				sgrent.sg_adm[0] = NULL;
-			}
+			sgrent.sg_adm = XMALLOC(1, char *);
+			sgrent.sg_adm[0] = NULL;
 
 			/* Move any password to gshadow */
 			sgrent.sg_passwd = newgrp->gr_passwd;
@@ -212,16 +204,8 @@ static void remove_user (const char *user,
 			static struct sgrp sgrent;
 			sgrent.sg_name = xstrdup (newgrp->gr_name);
 			sgrent.sg_mem = dup_list (newgrp->gr_mem);
-			sgrent.sg_adm = XMALLOC(2, char *);
-#ifdef FIRST_MEMBER_IS_ADMIN
-			if (sgrent.sg_mem[0]) {
-				sgrent.sg_adm[0] = xstrdup (sgrent.sg_mem[0]);
-				sgrent.sg_adm[1] = NULL;
-			} else
-#endif
-			{
-				sgrent.sg_adm[0] = NULL;
-			}
+			sgrent.sg_adm = XMALLOC(1, char *);
+			sgrent.sg_adm[0] = NULL;
 
 			/* Move any password to gshadow */
 			sgrent.sg_passwd = newgrp->gr_passwd;