emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* src/groupdel.c: Add logging to syslog & audit on lock/unlock

Browse Source 
failures.
This commit is contained in:
nekral-guest
2008-08-06 15:54:49 +00:00
parent 9ddc88dd9d
commit 2cba7fdfcd
2 changed files with 69 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -4,6 +4,8 @@
* src/groupadd.c: Add logging to syslog in some error cases. * src/groupadd.c: Add logging to syslog in some error cases.
* src/groupmod.c: Harmonize error & syslog messages. * src/groupmod.c: Harmonize error & syslog messages.
* src/groupdel.c: Harmonize error & syslog messages. * src/groupdel.c: Harmonize error & syslog messages.
* src/groupdel.c: Add logging to syslog & audit on lock/unlock
failures.
2008-08-01 Nicolas François <nicolas.francois@centraliens.net> 2008-08-01 Nicolas François <nicolas.francois@centraliens.net>

90
src/groupdel.c
View File

@@ -59,7 +59,9 @@ static gid_t group_id = -1;
#ifdef SHADOWGRP #ifdef SHADOWGRP
static bool is_shadow_grp; static bool is_shadow_grp;
static bool gshadow_locked = false;
#endif #endif
static bool group_locked = false;
/* /*
* exit status values * exit status values
@@ -92,10 +94,26 @@ static void usage (void)
*/ */
static void fail_exit (int code) static void fail_exit (int code)
{ {
(void) gr_unlock (); if (gr_unlock () == 0) {
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"unlocking group file",
group_name, AUDIT_NO_ID, 0);
#endif
}
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp) { if (is_shadow_grp) {
sgr_unlock (); if (sgr_unlock () == 0) {
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"unlocking gshadow file",
group_name, AUDIT_NO_ID, 0);
#endif
}
} }
#endif #endif
@@ -154,15 +172,32 @@ static void close_files (void)
fprintf (stderr, _("%s: cannot rewrite the group file\n"), Prog); fprintf (stderr, _("%s: cannot rewrite the group file\n"), Prog);
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
gr_unlock (); if (gr_unlock () == 0) {
#ifdef SHADOWGRP fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
if (is_shadow_grp && (sgr_close () == 0)) { SYSLOG ((LOG_WARN, "cannot unlock the group file"));
fprintf (stderr, #ifdef WITH_AUDIT
_("%s: cannot rewrite the shadow group file\n"), Prog); audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
fail_exit (E_GRP_UPDATE); "unlocking group file",
group_name, AUDIT_NO_ID, 0);
#endif
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
if (sgr_close () == 0)) {
fprintf (stderr,
_("%s: cannot rewrite the shadow group file\n"), Prog);
fail_exit (E_GRP_UPDATE);
}
if (sgr_unlock () == 0) {
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"unlocking gshadow file",
group_name, AUDIT_NO_ID, 0);
#endif
}
} }
if (is_shadow_grp)
sgr_unlock ();
#endif /* SHADOWGRP */ #endif /* SHADOWGRP */
} }
@@ -175,22 +210,30 @@ static void open_files (void)
{ {
if (gr_lock () == 0) { if (gr_lock () == 0) {
fprintf (stderr, _("%s: cannot lock the group file\n"), Prog); fprintf (stderr, _("%s: cannot lock the group file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot lock the group file"));
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
group_locked = true;
if (gr_open (O_RDWR) == 0) { if (gr_open (O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open the group file\n"), Prog); fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot open the group file"));
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp && (sgr_lock () == 0)) { if (is_shadow_grp) {
fprintf (stderr, if (sgr_lock () == 0)) {
_("%s: cannot lock the shadow group file\n"), Prog); fprintf (stderr,
fail_exit (E_GRP_UPDATE); _("%s: cannot lock the shadow group file\n"), Prog);
} SYSLOG ((LOG_WARN, "cannot lock the shadow group file"));
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) { fail_exit (E_GRP_UPDATE);
fprintf (stderr, }
_("%s: cannot open the shadow group file\n"), Prog); gshadow_locked = true;
fail_exit (E_GRP_UPDATE); if (sgr_open (O_RDWR) == 0)) {
fprintf (stderr,
_("%s: cannot open the shadow group file\n"), Prog);
SYSLOG ((LOG_WARN, "cannot open the shadow group file"));
fail_exit (E_GRP_UPDATE);
}
} }
#endif /* SHADOWGRP */ #endif /* SHADOWGRP */
} }
@@ -220,8 +263,9 @@ static void group_busy (gid_t gid)
* If pwd isn't NULL, it stopped because the gid's matched. * If pwd isn't NULL, it stopped because the gid's matched.
*/ */
if (pwd == (struct passwd *) 0) if (pwd == (struct passwd *) 0) {
return; return;
}
/* /*
* Can't remove the group. * Can't remove the group.
@@ -261,8 +305,9 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR); (void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE); (void) textdomain (PACKAGE);
if (argc != 2) if (argc != 2) {
usage (); usage ();
}
group_name = argv[1]; group_name = argv[1];
@@ -354,8 +399,7 @@ int main (int argc, char **argv)
#endif #endif
/* /*
* Now check to insure that this isn't the primary group of * Make sure this isn't the primary group of anyone.
* anyone.
*/ */
group_busy (group_id); group_busy (group_id);