Make sure the passwd, group, shadow, and gshadow files are unlocked on

exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
This commit is contained in:
nekral-guest 2008-03-08 22:44:53 +00:00
parent 5af8a5d74d
commit 1b808e62df
3 changed files with 80 additions and 40 deletions

View File

@ -1,3 +1,9 @@
2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/useradd.c: Make sure the passwd, group, shadow, and
gshadow files are unlocked on exit. Unlock locked files in
fail_exit(). Prefer fail_exit() over exit().
2008-03-08 Nicolas François <nicolas.francois@centraliens.net> 2008-03-08 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, src/groupdel.c: Make sure the group, and gshadow files are * NEWS, src/groupdel.c: Make sure the group, and gshadow files are

2
NEWS
View File

@ -88,6 +88,8 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
should replace nflg from the previous versions. Please set any -n should replace nflg from the previous versions. Please set any -n
option to deprecated because its meaning differs from one distribution option to deprecated because its meaning differs from one distribution
to the other. to the other.
* Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit.
- usermod - usermod
* Keep the access and modification time of files when moving an user's home * Keep the access and modification time of files when moving an user's home
directory. directory.

View File

@ -107,7 +107,11 @@ static int is_shadow_pwd;
#ifdef SHADOWGRP #ifdef SHADOWGRP
static int is_shadow_grp; static int is_shadow_grp;
static int gshadow_locked = 0;
#endif #endif
static int passwd_locked = 0;
static int group_locked = 0;
static int shadow_locked = 0;
static char **user_groups; /* NULL-terminated list */ static char **user_groups; /* NULL-terminated list */
static long sys_ngroups; static long sys_ngroups;
static int do_grp_update = 0; /* group files need to be updated */ static int do_grp_update = 0; /* group files need to be updated */
@ -190,6 +194,21 @@ static void fail_exit (int code)
if (home_added) if (home_added)
rmdir (user_home); rmdir (user_home);
if (shadow_locked) {
spw_unlock ();
}
if (passwd_locked) {
pw_unlock ();
}
if (group_locked) {
gr_unlock ();
}
#ifdef SHADOWGRP
if (gshadow_locked) {
sgr_unlock ();
}
#endif
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1, audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1,
0); 0);
@ -1170,13 +1189,19 @@ static void close_files (void)
} }
#endif #endif
} }
if (is_shadow_pwd) if (is_shadow_pwd) {
spw_unlock (); spw_unlock ();
shadow_locked--;
}
pw_unlock (); pw_unlock ();
passwd_locked--;
gr_unlock (); gr_unlock ();
group_locked--;
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp) if (is_shadow_grp) {
sgr_unlock (); sgr_unlock ();
gshadow_locked--;
}
#endif #endif
} }
@ -1195,60 +1220,68 @@ static void open_files (void)
#endif #endif
exit (E_PW_UPDATE); exit (E_PW_UPDATE);
} }
passwd_locked++;
if (!pw_open (O_RDWR)) { if (!pw_open (O_RDWR)) {
fprintf (stderr, _("%s: unable to open password file\n"), Prog); fprintf (stderr, _("%s: unable to open password file\n"), Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"opening password file", user_name, user_id, 0); "opening password file", user_name, user_id, 0);
#endif #endif
pw_unlock (); fail_exit (E_PW_UPDATE);
exit (E_PW_UPDATE);
} }
if (is_shadow_pwd && !spw_lock ()) { if (is_shadow_pwd) {
fprintf (stderr, if (!spw_lock ()) {
_("%s: cannot lock shadow password file\n"), Prog); fprintf (stderr,
_("%s: cannot lock shadow password file\n"),
Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"locking shadow password file", user_name, "locking shadow password file", user_name,
user_id, 0); user_id, 0);
#endif #endif
pw_unlock (); fail_exit (E_PW_UPDATE);
exit (E_PW_UPDATE); }
} shadow_locked++;
if (is_shadow_pwd && !spw_open (O_RDWR)) { if (!spw_open (O_RDWR)) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot open shadow password file\n"), Prog); _("%s: cannot open shadow password file\n"),
Prog);
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"opening shadow password file", user_name, "opening shadow password file", user_name,
user_id, 0); user_id, 0);
#endif #endif
spw_unlock (); fail_exit (E_PW_UPDATE);
pw_unlock (); }
exit (E_PW_UPDATE);
} }
/* /*
* Lock and open the group file. * Lock and open the group file.
*/ */
if (!gr_lock ()) { if (!gr_lock ()) {
fprintf (stderr, _("%s: error locking group file\n"), Prog); fprintf (stderr, _("%s: error locking group file\n"), Prog);
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
group_locked++;
if (!gr_open (O_RDWR)) { if (!gr_open (O_RDWR)) {
fprintf (stderr, _("%s: error opening group file\n"), Prog); fprintf (stderr, _("%s: error opening group file\n"), Prog);
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp && !sgr_lock ()) { if (is_shadow_grp) {
fprintf (stderr, if (!sgr_lock ()) {
_("%s: error locking shadow group file\n"), Prog); fprintf (stderr,
fail_exit (E_GRP_UPDATE); _("%s: error locking shadow group file\n"),
} Prog);
if (is_shadow_grp && !sgr_open (O_RDWR)) { fail_exit (E_GRP_UPDATE);
fprintf (stderr, }
_("%s: error opening shadow group file\n"), Prog); gshadow_locked++;
fail_exit (E_GRP_UPDATE); if (!sgr_open (O_RDWR)) {
fprintf (stderr,
_("%s: error opening shadow group file\n"),
Prog);
fail_exit (E_GRP_UPDATE);
}
} }
#endif #endif
} }
@ -1405,7 +1438,7 @@ static void usr_update (void)
if (!pw_update (&pwent)) { if (!pw_update (&pwent)) {
fprintf (stderr, fprintf (stderr,
_("%s: error adding new password entry\n"), Prog); _("%s: error adding new password entry\n"), Prog);
exit (E_PW_UPDATE); fail_exit (E_PW_UPDATE);
} }
/* /*
@ -1420,7 +1453,7 @@ static void usr_update (void)
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding shadow password", user_name, user_id, 0); "adding shadow password", user_name, user_id, 0);
#endif #endif
exit (E_PW_UPDATE); fail_exit (E_PW_UPDATE);
} }
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name,
@ -1588,7 +1621,7 @@ int main (int argc, char **argv)
if (retval != PAM_SUCCESS) { if (retval != PAM_SUCCESS) {
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
exit (1); fail_exit (1);
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
@ -1613,7 +1646,7 @@ int main (int argc, char **argv)
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
user_name, -1, 0); user_name, -1, 0);
#endif #endif
exit (E_NAME_IN_USE); fail_exit (E_NAME_IN_USE);
} }
/* /*
@ -1632,7 +1665,7 @@ int main (int argc, char **argv)
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"adding group", user_name, -1, 0); "adding group", user_name, -1, 0);
#endif #endif
exit (E_NAME_IN_USE); fail_exit (E_NAME_IN_USE);
} }
} }
@ -1662,7 +1695,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0); audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
#endif #endif
exit (E_UID_IN_USE); fail_exit (E_UID_IN_USE);
} }
} }
} }
@ -1723,6 +1756,5 @@ int main (int argc, char **argv)
pam_end (pamh, PAM_SUCCESS); pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */ #endif /* USE_PAM */
exit (E_SUCCESS); return E_SUCCESS;
/* NOT REACHED */
} }