Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
This commit is contained in:
parent
5af8a5d74d
commit
1b808e62df
@ -1,3 +1,9 @@
|
|||||||
|
2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* NEWS, src/useradd.c: Make sure the passwd, group, shadow, and
|
||||||
|
gshadow files are unlocked on exit. Unlock locked files in
|
||||||
|
fail_exit(). Prefer fail_exit() over exit().
|
||||||
|
|
||||||
2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
|
2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* NEWS, src/groupdel.c: Make sure the group, and gshadow files are
|
* NEWS, src/groupdel.c: Make sure the group, and gshadow files are
|
||||||
|
2
NEWS
2
NEWS
@ -88,6 +88,8 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
|
|||||||
should replace nflg from the previous versions. Please set any -n
|
should replace nflg from the previous versions. Please set any -n
|
||||||
option to deprecated because its meaning differs from one distribution
|
option to deprecated because its meaning differs from one distribution
|
||||||
to the other.
|
to the other.
|
||||||
|
* Make sure the passwd, group, shadow, and gshadow files are unlocked on
|
||||||
|
exit.
|
||||||
- usermod
|
- usermod
|
||||||
* Keep the access and modification time of files when moving an user's home
|
* Keep the access and modification time of files when moving an user's home
|
||||||
directory.
|
directory.
|
||||||
|
112
src/useradd.c
112
src/useradd.c
@ -107,7 +107,11 @@ static int is_shadow_pwd;
|
|||||||
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
static int is_shadow_grp;
|
static int is_shadow_grp;
|
||||||
|
static int gshadow_locked = 0;
|
||||||
#endif
|
#endif
|
||||||
|
static int passwd_locked = 0;
|
||||||
|
static int group_locked = 0;
|
||||||
|
static int shadow_locked = 0;
|
||||||
static char **user_groups; /* NULL-terminated list */
|
static char **user_groups; /* NULL-terminated list */
|
||||||
static long sys_ngroups;
|
static long sys_ngroups;
|
||||||
static int do_grp_update = 0; /* group files need to be updated */
|
static int do_grp_update = 0; /* group files need to be updated */
|
||||||
@ -190,6 +194,21 @@ static void fail_exit (int code)
|
|||||||
if (home_added)
|
if (home_added)
|
||||||
rmdir (user_home);
|
rmdir (user_home);
|
||||||
|
|
||||||
|
if (shadow_locked) {
|
||||||
|
spw_unlock ();
|
||||||
|
}
|
||||||
|
if (passwd_locked) {
|
||||||
|
pw_unlock ();
|
||||||
|
}
|
||||||
|
if (group_locked) {
|
||||||
|
gr_unlock ();
|
||||||
|
}
|
||||||
|
#ifdef SHADOWGRP
|
||||||
|
if (gshadow_locked) {
|
||||||
|
sgr_unlock ();
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1,
|
||||||
0);
|
0);
|
||||||
@ -1170,13 +1189,19 @@ static void close_files (void)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
if (is_shadow_pwd)
|
if (is_shadow_pwd) {
|
||||||
spw_unlock ();
|
spw_unlock ();
|
||||||
|
shadow_locked--;
|
||||||
|
}
|
||||||
pw_unlock ();
|
pw_unlock ();
|
||||||
|
passwd_locked--;
|
||||||
gr_unlock ();
|
gr_unlock ();
|
||||||
|
group_locked--;
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp)
|
if (is_shadow_grp) {
|
||||||
sgr_unlock ();
|
sgr_unlock ();
|
||||||
|
gshadow_locked--;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1195,60 +1220,68 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
exit (E_PW_UPDATE);
|
exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
|
passwd_locked++;
|
||||||
if (!pw_open (O_RDWR)) {
|
if (!pw_open (O_RDWR)) {
|
||||||
fprintf (stderr, _("%s: unable to open password file\n"), Prog);
|
fprintf (stderr, _("%s: unable to open password file\n"), Prog);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"opening password file", user_name, user_id, 0);
|
"opening password file", user_name, user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
pw_unlock ();
|
fail_exit (E_PW_UPDATE);
|
||||||
exit (E_PW_UPDATE);
|
|
||||||
}
|
}
|
||||||
if (is_shadow_pwd && !spw_lock ()) {
|
if (is_shadow_pwd) {
|
||||||
fprintf (stderr,
|
if (!spw_lock ()) {
|
||||||
_("%s: cannot lock shadow password file\n"), Prog);
|
fprintf (stderr,
|
||||||
|
_("%s: cannot lock shadow password file\n"),
|
||||||
|
Prog);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"locking shadow password file", user_name,
|
"locking shadow password file", user_name,
|
||||||
user_id, 0);
|
user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
pw_unlock ();
|
fail_exit (E_PW_UPDATE);
|
||||||
exit (E_PW_UPDATE);
|
}
|
||||||
}
|
shadow_locked++;
|
||||||
if (is_shadow_pwd && !spw_open (O_RDWR)) {
|
if (!spw_open (O_RDWR)) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot open shadow password file\n"), Prog);
|
_("%s: cannot open shadow password file\n"),
|
||||||
|
Prog);
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"opening shadow password file", user_name,
|
"opening shadow password file", user_name,
|
||||||
user_id, 0);
|
user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
spw_unlock ();
|
fail_exit (E_PW_UPDATE);
|
||||||
pw_unlock ();
|
}
|
||||||
exit (E_PW_UPDATE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Lock and open the group file.
|
* Lock and open the group file.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!gr_lock ()) {
|
if (!gr_lock ()) {
|
||||||
fprintf (stderr, _("%s: error locking group file\n"), Prog);
|
fprintf (stderr, _("%s: error locking group file\n"), Prog);
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
|
group_locked++;
|
||||||
if (!gr_open (O_RDWR)) {
|
if (!gr_open (O_RDWR)) {
|
||||||
fprintf (stderr, _("%s: error opening group file\n"), Prog);
|
fprintf (stderr, _("%s: error opening group file\n"), Prog);
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp && !sgr_lock ()) {
|
if (is_shadow_grp) {
|
||||||
fprintf (stderr,
|
if (!sgr_lock ()) {
|
||||||
_("%s: error locking shadow group file\n"), Prog);
|
fprintf (stderr,
|
||||||
fail_exit (E_GRP_UPDATE);
|
_("%s: error locking shadow group file\n"),
|
||||||
}
|
Prog);
|
||||||
if (is_shadow_grp && !sgr_open (O_RDWR)) {
|
fail_exit (E_GRP_UPDATE);
|
||||||
fprintf (stderr,
|
}
|
||||||
_("%s: error opening shadow group file\n"), Prog);
|
gshadow_locked++;
|
||||||
fail_exit (E_GRP_UPDATE);
|
if (!sgr_open (O_RDWR)) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: error opening shadow group file\n"),
|
||||||
|
Prog);
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@ -1405,7 +1438,7 @@ static void usr_update (void)
|
|||||||
if (!pw_update (&pwent)) {
|
if (!pw_update (&pwent)) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: error adding new password entry\n"), Prog);
|
_("%s: error adding new password entry\n"), Prog);
|
||||||
exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1420,7 +1453,7 @@ static void usr_update (void)
|
|||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"adding shadow password", user_name, user_id, 0);
|
"adding shadow password", user_name, user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name,
|
||||||
@ -1588,7 +1621,7 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
if (retval != PAM_SUCCESS) {
|
if (retval != PAM_SUCCESS) {
|
||||||
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
||||||
exit (1);
|
fail_exit (1);
|
||||||
}
|
}
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
|
|
||||||
@ -1613,7 +1646,7 @@ int main (int argc, char **argv)
|
|||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
||||||
user_name, -1, 0);
|
user_name, -1, 0);
|
||||||
#endif
|
#endif
|
||||||
exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1632,7 +1665,7 @@ int main (int argc, char **argv)
|
|||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"adding group", user_name, -1, 0);
|
"adding group", user_name, -1, 0);
|
||||||
#endif
|
#endif
|
||||||
exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1662,7 +1695,7 @@ int main (int argc, char **argv)
|
|||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
exit (E_UID_IN_USE);
|
fail_exit (E_UID_IN_USE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1723,6 +1756,5 @@ int main (int argc, char **argv)
|
|||||||
pam_end (pamh, PAM_SUCCESS);
|
pam_end (pamh, PAM_SUCCESS);
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
|
|
||||||
exit (E_SUCCESS);
|
return E_SUCCESS;
|
||||||
/* NOT REACHED */
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user