Do not complain about an /etc/group line "+\n" as "wrong number of fields",

that abbreviated syntax is explicitly allowed by group(5).  While here,
warn if it isn't the last line in the group file.
Regression reported, fix tested and ok miod@, and seems good to ajacoutot@.

Note: I'm not removing the advice to put "+\n" at the end of the group file
right now because i'm not 100% sure that advice is pointless, even though
guenther@ looked at the code an came to the conclusion OpenBSD libc ought
to cope.  And i'd rather have the manuals and the syntax checker be
consistent.  In case this really annoys people, it can be carefully tested
and changed later.

1 files changed, 9 insertions, 2 deletions

diff --git a/libexec/security/security b/libexec/security/security
index e46ef711883..95f47be3917 100644
--- a/libexec/security/security
+++ b/libexec/security/security
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -T
 
-# $OpenBSD: security,v 1.12 2011/04/23 19:47:06 schwarze Exp $
+# $OpenBSD: security,v 1.13 2011/05/10 17:53:56 schwarze Exp $
 #
 # Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org>
 # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com>
@@ -143,9 +143,16 @@ sub check_group {
 	my $filename = '/etc/group';
 	$check_title = "Checking the $filename file:";
 	nag !(open my $fh, '<', $filename), "open: $filename: $!" and return;
-	my %names;
+	my (%names, $global_yp);
 	while (my $line = <$fh>) {
 		chomp $line;
+		nag $global_yp,
+		    'Global YP inclusion ("+") is not the last line.'
+		    and undef $global_yp;
+		if ($line eq '+') {
+			$global_yp = 1;
+			next;
+		}
 		nag $line !~ /\S/,
 		    "Line $. is a blank line."
 		    and next;