Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
This commit is contained in:
parent
5af8a5d74d
commit
1b808e62df
@ -1,3 +1,9 @@
|
||||
2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* NEWS, src/useradd.c: Make sure the passwd, group, shadow, and
|
||||
gshadow files are unlocked on exit. Unlock locked files in
|
||||
fail_exit(). Prefer fail_exit() over exit().
|
||||
|
||||
2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* NEWS, src/groupdel.c: Make sure the group, and gshadow files are
|
||||
|
2
NEWS
2
NEWS
@ -88,6 +88,8 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
|
||||
should replace nflg from the previous versions. Please set any -n
|
||||
option to deprecated because its meaning differs from one distribution
|
||||
to the other.
|
||||
* Make sure the passwd, group, shadow, and gshadow files are unlocked on
|
||||
exit.
|
||||
- usermod
|
||||
* Keep the access and modification time of files when moving an user's home
|
||||
directory.
|
||||
|
@ -107,7 +107,11 @@ static int is_shadow_pwd;
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
static int is_shadow_grp;
|
||||
static int gshadow_locked = 0;
|
||||
#endif
|
||||
static int passwd_locked = 0;
|
||||
static int group_locked = 0;
|
||||
static int shadow_locked = 0;
|
||||
static char **user_groups; /* NULL-terminated list */
|
||||
static long sys_ngroups;
|
||||
static int do_grp_update = 0; /* group files need to be updated */
|
||||
@ -190,6 +194,21 @@ static void fail_exit (int code)
|
||||
if (home_added)
|
||||
rmdir (user_home);
|
||||
|
||||
if (shadow_locked) {
|
||||
spw_unlock ();
|
||||
}
|
||||
if (passwd_locked) {
|
||||
pw_unlock ();
|
||||
}
|
||||
if (group_locked) {
|
||||
gr_unlock ();
|
||||
}
|
||||
#ifdef SHADOWGRP
|
||||
if (gshadow_locked) {
|
||||
sgr_unlock ();
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1,
|
||||
0);
|
||||
@ -1170,13 +1189,19 @@ static void close_files (void)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
if (is_shadow_pwd)
|
||||
if (is_shadow_pwd) {
|
||||
spw_unlock ();
|
||||
shadow_locked--;
|
||||
}
|
||||
pw_unlock ();
|
||||
passwd_locked--;
|
||||
gr_unlock ();
|
||||
group_locked--;
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadow_grp)
|
||||
if (is_shadow_grp) {
|
||||
sgr_unlock ();
|
||||
gshadow_locked--;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -1195,61 +1220,69 @@ static void open_files (void)
|
||||
#endif
|
||||
exit (E_PW_UPDATE);
|
||||
}
|
||||
passwd_locked++;
|
||||
if (!pw_open (O_RDWR)) {
|
||||
fprintf (stderr, _("%s: unable to open password file\n"), Prog);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"opening password file", user_name, user_id, 0);
|
||||
#endif
|
||||
pw_unlock ();
|
||||
exit (E_PW_UPDATE);
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
if (is_shadow_pwd && !spw_lock ()) {
|
||||
if (is_shadow_pwd) {
|
||||
if (!spw_lock ()) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot lock shadow password file\n"), Prog);
|
||||
_("%s: cannot lock shadow password file\n"),
|
||||
Prog);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"locking shadow password file", user_name,
|
||||
user_id, 0);
|
||||
#endif
|
||||
pw_unlock ();
|
||||
exit (E_PW_UPDATE);
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
if (is_shadow_pwd && !spw_open (O_RDWR)) {
|
||||
shadow_locked++;
|
||||
if (!spw_open (O_RDWR)) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot open shadow password file\n"), Prog);
|
||||
_("%s: cannot open shadow password file\n"),
|
||||
Prog);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"opening shadow password file", user_name,
|
||||
user_id, 0);
|
||||
#endif
|
||||
spw_unlock ();
|
||||
pw_unlock ();
|
||||
exit (E_PW_UPDATE);
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Lock and open the group file.
|
||||
*/
|
||||
|
||||
if (!gr_lock ()) {
|
||||
fprintf (stderr, _("%s: error locking group file\n"), Prog);
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
group_locked++;
|
||||
if (!gr_open (O_RDWR)) {
|
||||
fprintf (stderr, _("%s: error opening group file\n"), Prog);
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
#ifdef SHADOWGRP
|
||||
if (is_shadow_grp && !sgr_lock ()) {
|
||||
if (is_shadow_grp) {
|
||||
if (!sgr_lock ()) {
|
||||
fprintf (stderr,
|
||||
_("%s: error locking shadow group file\n"), Prog);
|
||||
_("%s: error locking shadow group file\n"),
|
||||
Prog);
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
if (is_shadow_grp && !sgr_open (O_RDWR)) {
|
||||
gshadow_locked++;
|
||||
if (!sgr_open (O_RDWR)) {
|
||||
fprintf (stderr,
|
||||
_("%s: error opening shadow group file\n"), Prog);
|
||||
_("%s: error opening shadow group file\n"),
|
||||
Prog);
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -1405,7 +1438,7 @@ static void usr_update (void)
|
||||
if (!pw_update (&pwent)) {
|
||||
fprintf (stderr,
|
||||
_("%s: error adding new password entry\n"), Prog);
|
||||
exit (E_PW_UPDATE);
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1420,7 +1453,7 @@ static void usr_update (void)
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"adding shadow password", user_name, user_id, 0);
|
||||
#endif
|
||||
exit (E_PW_UPDATE);
|
||||
fail_exit (E_PW_UPDATE);
|
||||
}
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name,
|
||||
@ -1588,7 +1621,7 @@ int main (int argc, char **argv)
|
||||
|
||||
if (retval != PAM_SUCCESS) {
|
||||
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
||||
exit (1);
|
||||
fail_exit (1);
|
||||
}
|
||||
#endif /* USE_PAM */
|
||||
|
||||
@ -1613,7 +1646,7 @@ int main (int argc, char **argv)
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
||||
user_name, -1, 0);
|
||||
#endif
|
||||
exit (E_NAME_IN_USE);
|
||||
fail_exit (E_NAME_IN_USE);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1632,7 +1665,7 @@ int main (int argc, char **argv)
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
"adding group", user_name, -1, 0);
|
||||
#endif
|
||||
exit (E_NAME_IN_USE);
|
||||
fail_exit (E_NAME_IN_USE);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1662,7 +1695,7 @@ int main (int argc, char **argv)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
|
||||
#endif
|
||||
exit (E_UID_IN_USE);
|
||||
fail_exit (E_UID_IN_USE);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1723,6 +1756,5 @@ int main (int argc, char **argv)
|
||||
pam_end (pamh, PAM_SUCCESS);
|
||||
#endif /* USE_PAM */
|
||||
|
||||
exit (E_SUCCESS);
|
||||
/* NOT REACHED */
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user