* src/groupadd.c: Only call gr_unlock() and sgr_unlock() in the
group or gshadow files were previously locked. * src/groupadd.c: Make sure failures are reported to syslog/audit after the change is mentioned. * src/groupmod.c: Add logging to syslog & audit on lock/unlock failures. * src/groupmod.c: Make sure issues are reported to syslog or audit after the change is mentioned. * src/groupdel.c: Only call gr_unlock() and sgr_unlock() in the group or gshadow files were previously locked. * src/groupdel.c: Simplify the handling of PAM errors.
This commit is contained in:
parent
6461841ccd
commit
b0fe7d3a0b
16
ChangeLog
16
ChangeLog
@ -1,11 +1,23 @@
|
|||||||
2008-08-01 Nicolas François <nicolas.francois@centraliens.net>
|
2008-08-02 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/groupadd.c: Harmonize error & syslog messages.
|
* src/groupadd.c: Harmonize error & syslog messages.
|
||||||
* src/groupadd.c: Add logging to syslog in some error cases.
|
* src/groupadd.c: Add logging to syslog & audit on lock/unlock
|
||||||
|
failures.
|
||||||
|
* src/groupadd.c: Only call gr_unlock() and sgr_unlock() in the
|
||||||
|
group or gshadow files were previously locked.
|
||||||
|
* src/groupadd.c: Make sure failures are reported to syslog/audit
|
||||||
|
after the change is mentioned.
|
||||||
* src/groupmod.c: Harmonize error & syslog messages.
|
* src/groupmod.c: Harmonize error & syslog messages.
|
||||||
|
* src/groupmod.c: Add logging to syslog & audit on lock/unlock
|
||||||
|
failures.
|
||||||
|
* src/groupmod.c: Make sure issues are reported to syslog or audit
|
||||||
|
after the change is mentioned.
|
||||||
* src/groupdel.c: Harmonize error & syslog messages.
|
* src/groupdel.c: Harmonize error & syslog messages.
|
||||||
* src/groupdel.c: Add logging to syslog & audit on lock/unlock
|
* src/groupdel.c: Add logging to syslog & audit on lock/unlock
|
||||||
failures.
|
failures.
|
||||||
|
* src/groupdel.c: Only call gr_unlock() and sgr_unlock() in the
|
||||||
|
group or gshadow files were previously locked.
|
||||||
|
* src/groupdel.c: Simplify the handling of PAM errors.
|
||||||
|
|
||||||
2008-08-01 Nicolas François <nicolas.francois@centraliens.net>
|
2008-08-01 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
112
src/groupadd.c
112
src/groupadd.c
@ -53,7 +53,6 @@
|
|||||||
#include "prototypes.h"
|
#include "prototypes.h"
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
#include "sgroupio.h"
|
#include "sgroupio.h"
|
||||||
static bool is_shadow_grp;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -82,6 +81,13 @@ static bool fflg = false; /* if group already exists, do nothing and exit(0) */
|
|||||||
static bool rflg = false; /* create a system account */
|
static bool rflg = false; /* create a system account */
|
||||||
static bool pflg = false; /* new encrypted password */
|
static bool pflg = false; /* new encrypted password */
|
||||||
|
|
||||||
|
#ifdef SHADOWGRP
|
||||||
|
static bool is_shadow_grp;
|
||||||
|
static bool gshadow_locked = false;
|
||||||
|
#endif
|
||||||
|
static bool group_locked = false;
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
static pam_handle_t *pamh = NULL;
|
static pam_handle_t *pamh = NULL;
|
||||||
#endif
|
#endif
|
||||||
@ -250,16 +256,36 @@ static void close_files (void)
|
|||||||
SYSLOG ((LOG_WARN, "cannot rewrite the group file"));
|
SYSLOG ((LOG_WARN, "cannot rewrite the group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
gr_unlock ();
|
if (gr_unlock () == 0) {
|
||||||
#ifdef SHADOWGRP
|
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
|
||||||
if (is_shadow_grp && (sgr_close () == 0)) {
|
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
|
||||||
fprintf (stderr,
|
#ifdef WITH_AUDIT
|
||||||
_("%s: cannot rewrite the shadow group file\n"), Prog);
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
SYSLOG ((LOG_WARN, "cannot rewrite the shadow group file"));
|
"unlocking group file",
|
||||||
fail_exit (E_GRP_UPDATE);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
}
|
}
|
||||||
|
group_locked = false;
|
||||||
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp) {
|
if (is_shadow_grp) {
|
||||||
sgr_unlock ();
|
if (sgr_close () == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: cannot rewrite the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot rewrite the shadow group file"));
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
|
if (sgr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking gshadow file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
gshadow_locked = false;
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
}
|
}
|
||||||
@ -279,8 +305,9 @@ static void open_files (void)
|
|||||||
"locking group file",
|
"locking group file",
|
||||||
group_name, AUDIT_NO_ID, 0);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
#endif
|
#endif
|
||||||
exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
|
group_locked = true;
|
||||||
if (gr_open (O_RDWR) == 0) {
|
if (gr_open (O_RDWR) == 0) {
|
||||||
fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
|
fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
|
||||||
SYSLOG ((LOG_WARN, "cannot open the group file"));
|
SYSLOG ((LOG_WARN, "cannot open the group file"));
|
||||||
@ -292,17 +319,30 @@ static void open_files (void)
|
|||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp && (sgr_lock () == 0)) {
|
if (is_shadow_grp) {
|
||||||
fprintf (stderr,
|
if (sgr_lock () == 0) {
|
||||||
_("%s: cannot lock the shadow group file\n"), Prog);
|
fprintf (stderr,
|
||||||
SYSLOG ((LOG_WARN, "cannot lock the shadow group file"));
|
_("%s: cannot lock the shadow group file\n"), Prog);
|
||||||
fail_exit (E_GRP_UPDATE);
|
SYSLOG ((LOG_WARN, "cannot lock the shadow group file"));
|
||||||
}
|
#ifdef WITH_AUDIT
|
||||||
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
fprintf (stderr,
|
"locking gshadow file",
|
||||||
_("%s: cannot open the shadow group file\n"), Prog);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
SYSLOG ((LOG_WARN, "cannot open the shadow group file"));
|
#endif
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
|
gshadow_locked = true;
|
||||||
|
if (sgr_open (O_RDWR) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: cannot open the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot open the shadow group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"opening gshadow file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
}
|
}
|
||||||
@ -312,10 +352,30 @@ static void open_files (void)
|
|||||||
*/
|
*/
|
||||||
static void fail_exit (int code)
|
static void fail_exit (int code)
|
||||||
{
|
{
|
||||||
(void) gr_unlock ();
|
if (group_locked) {
|
||||||
|
if (gr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking group file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp) {
|
if (gshadow_locked) {
|
||||||
sgr_unlock ();
|
if (sgr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking gshadow file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -470,7 +530,7 @@ static void check_flags (void)
|
|||||||
/* OK, no need to do anything */
|
/* OK, no need to do anything */
|
||||||
fail_exit (E_SUCCESS);
|
fail_exit (E_SUCCESS);
|
||||||
}
|
}
|
||||||
fprintf (stderr, _("%s: group %s exists\n"), Prog, group_name);
|
fprintf (stderr, _("%s: group '%s' already exists\n"), Prog, group_name);
|
||||||
fail_exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -487,7 +547,7 @@ static void check_flags (void)
|
|||||||
/* Turn off -g, we can use any GID */
|
/* Turn off -g, we can use any GID */
|
||||||
gflg = false;
|
gflg = false;
|
||||||
} else {
|
} else {
|
||||||
fprintf (stderr, _("%s: GID %u is not unique\n"),
|
fprintf (stderr, _("%s: GID '%u' already exists\n"),
|
||||||
Prog, (unsigned int) group_id);
|
Prog, (unsigned int) group_id);
|
||||||
fail_exit (E_GID_IN_USE);
|
fail_exit (E_GID_IN_USE);
|
||||||
}
|
}
|
||||||
|
@ -94,17 +94,20 @@ static void usage (void)
|
|||||||
*/
|
*/
|
||||||
static void fail_exit (int code)
|
static void fail_exit (int code)
|
||||||
{
|
{
|
||||||
if (gr_unlock () == 0) {
|
if (group_locked) {
|
||||||
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
|
if (gr_unlock () == 0) {
|
||||||
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
|
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"unlocking group file",
|
"unlocking group file",
|
||||||
group_name, AUDIT_NO_ID, 0);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
#endif
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp) {
|
if (gshadow_locked) {
|
||||||
if (sgr_unlock () == 0) {
|
if (sgr_unlock () == 0) {
|
||||||
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
|
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
|
||||||
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
|
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
|
||||||
@ -113,6 +116,7 @@ static void fail_exit (int code)
|
|||||||
"unlocking gshadow file",
|
"unlocking gshadow file",
|
||||||
group_name, AUDIT_NO_ID, 0);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
#endif
|
#endif
|
||||||
|
/* continue */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -170,6 +174,7 @@ static void close_files (void)
|
|||||||
|
|
||||||
if (gr_close () == 0) {
|
if (gr_close () == 0) {
|
||||||
fprintf (stderr, _("%s: cannot rewrite the group file\n"), Prog);
|
fprintf (stderr, _("%s: cannot rewrite the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot rewrite the group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
if (gr_unlock () == 0) {
|
if (gr_unlock () == 0) {
|
||||||
@ -180,12 +185,15 @@ static void close_files (void)
|
|||||||
"unlocking group file",
|
"unlocking group file",
|
||||||
group_name, AUDIT_NO_ID, 0);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
#endif
|
#endif
|
||||||
|
/* continue */
|
||||||
}
|
}
|
||||||
|
group_locked = false;
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp) {
|
if (is_shadow_grp) {
|
||||||
if (sgr_close () == 0)) {
|
if (sgr_close () == 0)) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot rewrite the shadow group file\n"), Prog);
|
_("%s: cannot rewrite the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot rewrite the shadow group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
if (sgr_unlock () == 0) {
|
if (sgr_unlock () == 0) {
|
||||||
@ -196,7 +204,9 @@ static void close_files (void)
|
|||||||
"unlocking gshadow file",
|
"unlocking gshadow file",
|
||||||
group_name, AUDIT_NO_ID, 0);
|
group_name, AUDIT_NO_ID, 0);
|
||||||
#endif
|
#endif
|
||||||
|
/* continue */
|
||||||
}
|
}
|
||||||
|
gshadow_locked = false;
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
}
|
}
|
||||||
@ -331,19 +341,14 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
if (PAM_SUCCESS == retval) {
|
if (PAM_SUCCESS == retval) {
|
||||||
retval = pam_authenticate (pamh, 0);
|
retval = pam_authenticate (pamh, 0);
|
||||||
if (PAM_SUCCESS != retval) {
|
|
||||||
(void) pam_end (pamh, retval);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PAM_SUCCESS == retval) {
|
if (PAM_SUCCESS == retval) {
|
||||||
retval = pam_acct_mgmt (pamh, 0);
|
retval = pam_acct_mgmt (pamh, 0);
|
||||||
if (PAM_SUCCESS != retval) {
|
|
||||||
(void) pam_end (pamh, retval);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PAM_SUCCESS != retval) {
|
if (PAM_SUCCESS != retval) {
|
||||||
|
(void) pam_end (pamh, retval);
|
||||||
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
@ -416,9 +421,7 @@ int main (int argc, char **argv)
|
|||||||
nscd_flush_cache ("group");
|
nscd_flush_cache ("group");
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
if (PAM_SUCCESS == retval) {
|
(void) pam_end (pamh, PAM_SUCCESS);
|
||||||
(void) pam_end (pamh, PAM_SUCCESS);
|
|
||||||
}
|
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
|
|
||||||
return E_SUCCESS;
|
return E_SUCCESS;
|
||||||
|
128
src/groupmod.c
128
src/groupmod.c
@ -124,15 +124,42 @@ static void usage (void)
|
|||||||
static void fail_exit (int status)
|
static void fail_exit (int status)
|
||||||
{
|
{
|
||||||
if (group_locked) {
|
if (group_locked) {
|
||||||
gr_unlock ();
|
if (gr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking group file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (gshadow_locked) {
|
if (gshadow_locked) {
|
||||||
sgr_unlock ();
|
if (sgr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking gshadow file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
if (passwd_locked) {
|
if (passwd_locked) {
|
||||||
pw_unlock();
|
if (pw_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the passwd file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the passwd file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking passwd file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
exit (status);
|
exit (status);
|
||||||
}
|
}
|
||||||
@ -145,14 +172,17 @@ static void fail_exit (int status)
|
|||||||
*/
|
*/
|
||||||
static void new_grent (struct group *grent)
|
static void new_grent (struct group *grent)
|
||||||
{
|
{
|
||||||
if (nflg)
|
if (nflg) {
|
||||||
grent->gr_name = xstrdup (group_newname);
|
grent->gr_name = xstrdup (group_newname);
|
||||||
|
}
|
||||||
|
|
||||||
if (gflg)
|
if (gflg) {
|
||||||
grent->gr_gid = group_newid;
|
grent->gr_gid = group_newid;
|
||||||
|
}
|
||||||
|
|
||||||
if (pflg)
|
if (pflg) {
|
||||||
grent->gr_passwd = group_passwd;
|
grent->gr_passwd = group_passwd;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
@ -164,11 +194,13 @@ static void new_grent (struct group *grent)
|
|||||||
*/
|
*/
|
||||||
static void new_sgent (struct sgrp *sgent)
|
static void new_sgent (struct sgrp *sgent)
|
||||||
{
|
{
|
||||||
if (nflg)
|
if (nflg) {
|
||||||
sgent->sg_name = xstrdup (group_newname);
|
sgent->sg_name = xstrdup (group_newname);
|
||||||
|
}
|
||||||
|
|
||||||
if (pflg)
|
if (pflg) {
|
||||||
sgent->sg_passwd = group_passwd;
|
sgent->sg_passwd = group_passwd;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
|
|
||||||
@ -468,28 +500,73 @@ static void close_files (void)
|
|||||||
{
|
{
|
||||||
if (gr_close () == 0) {
|
if (gr_close () == 0) {
|
||||||
fprintf (stderr, _("%s: cannot rewrite group file\n"), Prog);
|
fprintf (stderr, _("%s: cannot rewrite group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot rewrite the group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"rewrite group file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
gr_unlock ();
|
if (gr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking group file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
group_locked = false;
|
group_locked = false;
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp && (sgr_close () == 0)) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: cannot rewrite shadow group file\n"), Prog);
|
|
||||||
fail_exit (E_GRP_UPDATE);
|
|
||||||
}
|
|
||||||
if (is_shadow_grp) {
|
if (is_shadow_grp) {
|
||||||
sgr_unlock ();
|
if (sgr_close () == 0)) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: cannot rewrite the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot rewrite the shadow group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"rewrite gshadow file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
|
if (sgr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking gshadow file",
|
||||||
|
group, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
gshadow_locked = false;
|
gshadow_locked = false;
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
if (gflg) {
|
if (gflg) {
|
||||||
if (pw_close () == 0) {
|
if (pw_close () == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot rewrite passwd file\n"), Prog);
|
_("%s: cannot rewrite the passwd file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot rewrite the passwd file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"rewrite passwd file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
pw_unlock();
|
if (pw_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: cannot unlock the passwd file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot unlock the passwd file"));
|
||||||
|
#ifdef WITH_AUDIT
|
||||||
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
|
"unlocking passwd file",
|
||||||
|
group_name, AUDIT_NO_ID, 0);
|
||||||
|
#endif
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
passwd_locked = false;
|
passwd_locked = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -503,11 +580,13 @@ static void open_files (void)
|
|||||||
{
|
{
|
||||||
if (gr_lock () == 0) {
|
if (gr_lock () == 0) {
|
||||||
fprintf (stderr, _("%s: cannot lock the group file\n"), Prog);
|
fprintf (stderr, _("%s: cannot lock the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot lock the group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
group_locked = true;
|
group_locked = true;
|
||||||
if (gr_open (O_RDWR) == 0) {
|
if (gr_open (O_RDWR) == 0) {
|
||||||
fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
|
fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot open the group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
@ -516,6 +595,7 @@ static void open_files (void)
|
|||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot lock the shadow group file\n"),
|
_("%s: cannot lock the shadow group file\n"),
|
||||||
Prog);
|
Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot lock the shadow group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
gshadow_locked = true;
|
gshadow_locked = true;
|
||||||
@ -523,6 +603,7 @@ static void open_files (void)
|
|||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot open the shadow group file\n"),
|
_("%s: cannot open the shadow group file\n"),
|
||||||
Prog);
|
Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot open the shadow group file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -532,6 +613,7 @@ static void open_files (void)
|
|||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot lock the passwd file\n"),
|
_("%s: cannot lock the passwd file\n"),
|
||||||
Prog);
|
Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot lock the passwd file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
passwd_locked = true;
|
passwd_locked = true;
|
||||||
@ -539,6 +621,7 @@ static void open_files (void)
|
|||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot open the passwd file\n"),
|
_("%s: cannot open the passwd file\n"),
|
||||||
Prog);
|
Prog);
|
||||||
|
SYSLOG ((LOG_WARN, "cannot open the passwd file"));
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -632,19 +715,14 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
if (PAM_SUCCESS == retval) {
|
if (PAM_SUCCESS == retval) {
|
||||||
retval = pam_authenticate (pamh, 0);
|
retval = pam_authenticate (pamh, 0);
|
||||||
if (PAM_SUCCESS != retval) {
|
|
||||||
(void) pam_end (pamh, retval);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PAM_SUCCESS == retval) {
|
if (PAM_SUCCESS == retval) {
|
||||||
retval = pam_acct_mgmt (pamh, 0);
|
retval = pam_acct_mgmt (pamh, 0);
|
||||||
if (PAM_SUCCESS != retval) {
|
|
||||||
(void) pam_end (pamh, retval);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PAM_SUCCESS != retval) {
|
if (PAM_SUCCESS != retval) {
|
||||||
|
(void) pam_end (pamh, retval);
|
||||||
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
|
||||||
fail_exit (1);
|
fail_exit (1);
|
||||||
}
|
}
|
||||||
@ -729,9 +807,7 @@ int main (int argc, char **argv)
|
|||||||
nscd_flush_cache ("group");
|
nscd_flush_cache ("group");
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
if (PAM_SUCCESS == retval) {
|
(void) pam_end (pamh, PAM_SUCCESS);
|
||||||
(void) pam_end (pamh, PAM_SUCCESS);
|
|
||||||
}
|
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
exit (E_SUCCESS);
|
exit (E_SUCCESS);
|
||||||
/* NOT REACHED */
|
/* NOT REACHED */
|
||||||
|
Loading…
Reference in New Issue
Block a user