* src/userdel.c: Report failure to remove entries from group or

gshadow to stderr.
	* src/userdel.c: Fail in case of failure during the write of a
	user or group database. Report errors to syslog.
	* src/userdel.c: Do not unlock non locked files.
	* src/userdel.c: Report failure to unlock the passwd or shadow
	file to stderr and syslog.
This commit is contained in:
nekral-guest 2008-08-07 08:44:06 +00:00
parent 85bc9c1d1a
commit e2b778a38e
2 changed files with 140 additions and 54 deletions

View File

@ -1,3 +1,13 @@
2008-08-07 Nicolas François <nicolas.francois@centraliens.net>
* src/userdel.c: Report failure to remove entries from group or
gshadow to stderr.
* src/userdel.c: Fail in case of failure during the write of a
user or group database. Report errors to syslog.
* src/userdel.c: Do not unlock non locked files.
* src/userdel.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
2008-08-07 Nicolas François <nicolas.francois@centraliens.net> 2008-08-07 Nicolas François <nicolas.francois@centraliens.net>
* src/pwunconv.c: Report failure to unlock the passwd or shadow * src/pwunconv.c: Report failure to unlock the passwd or shadow

View File

@ -80,7 +80,11 @@ static bool is_shadow_pwd;
#ifdef SHADOWGRP #ifdef SHADOWGRP
static bool is_shadow_grp; static bool is_shadow_grp;
static bool gshadow_locked = false;
#endif #endif
static bool passwd_locked = false;
static bool group_locked = false;
static bool shadow_locked = false;
/* local function prototypes */ /* local function prototypes */
static void usage (void); static void usage (void);
@ -216,7 +220,12 @@ static void update_groups (void)
* We can remove this group, it is not the primary * We can remove this group, it is not the primary
* group of any remaining user. * group of any remaining user.
*/ */
gr_remove (grp->gr_name); if (gr_remove (grp->gr_name) == 0) {
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, grp->gr_name, gr_dbname ());
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP #ifdef SHADOWGRP
deleted_user_group = true; deleted_user_group = true;
@ -289,7 +298,13 @@ static void update_groups (void)
} }
if (deleted_user_group) { if (deleted_user_group) {
sgr_remove (user_name); /* FIXME: Test if the group is in gshadow first? */
if (sgr_remove (user_name) == 0) {
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, user_name, sgr_dbname ());
fail_exit (E_GRP_UPDATE);
}
} }
#endif /* SHADOWGRP */ #endif /* SHADOWGRP */
} }
@ -304,30 +319,60 @@ static void close_files (void)
{ {
if (pw_close () == 0) { if (pw_close () == 0) {
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ()); fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
fail_exit (E_PW_UPDATE);
} }
if (is_shadow_pwd && (spw_close () == 0)) { if (pw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
/* continue */
}
passwd_locked = false;
if (is_shadow_pwd) {
if (spw_close () == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, spw_dbname ()); _("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
fail_exit (E_PW_UPDATE);
} }
if (spw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
/* continue */
}
shadow_locked = false;
}
if (gr_close () == 0) { if (gr_close () == 0) {
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
fail_exit (E_GRP_UPDATE);
} }
if (gr_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
/* continue */
}
group_locked = false;
gr_unlock ();
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp && (sgr_close () == 0)) { if (is_shadow_grp) {
if (sgr_close () == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
fail_exit (E_GRP_UPDATE);
} }
if (is_shadow_grp) { if (sgr_unlock () == 0) {
sgr_unlock (); fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
/* continue */
}
gshadow_locked = false;
} }
#endif #endif
if (is_shadow_pwd) {
spw_unlock ();
}
pw_unlock ();
} }
/* /*
@ -335,21 +380,43 @@ static void close_files (void)
*/ */
static void fail_exit (int code) static void fail_exit (int code)
{ {
pw_unlock (); if (passwd_locked) {
gr_unlock (); if (pw_unlock () == 0) {
if (is_shadow_pwd) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
spw_unlock (); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
/* continue */
}
}
if (group_locked) {
if (gr_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
/* continue */
}
}
if (shadow_locked) {
if (spw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
/* continue */
}
} }
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp) { if (gshadow_locked) {
sgr_unlock (); if (sgr_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
/* continue */
}
} }
#endif #endif
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"deleting user", "deleting user",
user_name, (unsigned int) user_id, 0); user_name, (unsigned int) user_id, 0);
#endif #endif
exit (code); exit (code);
} }
@ -368,8 +435,9 @@ static void open_files (void)
"locking password file", "locking password file",
user_name, (unsigned int) user_id, 0); user_name, (unsigned int) user_id, 0);
#endif #endif
exit (E_PW_UPDATE); fail_exit (E_PW_UPDATE);
} }
passwd_locked = true;
if (pw_open (O_RDWR) == 0) { if (pw_open (O_RDWR) == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ()); _("%s: cannot open %s\n"), Prog, pw_dbname ());
@ -380,7 +448,8 @@ static void open_files (void)
#endif #endif
fail_exit (E_PW_UPDATE); fail_exit (E_PW_UPDATE);
} }
if (is_shadow_pwd && (spw_lock () == 0)) { if (is_shadow_pwd) {
if (spw_lock () == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot lock %s\n"), Prog, spw_dbname ()); _("%s: cannot lock %s\n"), Prog, spw_dbname ());
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
@ -390,7 +459,8 @@ static void open_files (void)
#endif #endif
fail_exit (E_PW_UPDATE); fail_exit (E_PW_UPDATE);
} }
if (is_shadow_pwd && (spw_open (O_RDWR) == 0)) { shadow_locked = true;
if (spw_open (O_RDWR) == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot open %s\n"), Prog, spw_dbname ()); _("%s: cannot open %s\n"), Prog, spw_dbname ());
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
@ -400,6 +470,7 @@ static void open_files (void)
#endif #endif
fail_exit (E_PW_UPDATE); fail_exit (E_PW_UPDATE);
} }
}
if (gr_lock () == 0) { if (gr_lock () == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot lock %s\n"), Prog, gr_dbname ()); _("%s: cannot lock %s\n"), Prog, gr_dbname ());
@ -410,6 +481,7 @@ static void open_files (void)
#endif #endif
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
group_locked = true;
if (gr_open (O_RDWR) == 0) { if (gr_open (O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
@ -420,7 +492,8 @@ static void open_files (void)
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
#ifdef SHADOWGRP #ifdef SHADOWGRP
if (is_shadow_grp && (sgr_lock () == 0)) { if (is_shadow_grp) {
if (sgr_lock () == 0) {
fprintf (stderr, fprintf (stderr,
_("%s: cannot lock %s\n"), Prog, sgr_dbname ()); _("%s: cannot lock %s\n"), Prog, sgr_dbname ());
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
@ -430,7 +503,8 @@ static void open_files (void)
#endif #endif
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) { gshadow_locked= true;
if (sgr_open (O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), fprintf (stderr, _("%s: cannot open %s\n"),
Prog, sgr_dbname ()); Prog, sgr_dbname ());
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
@ -440,6 +514,7 @@ static void open_files (void)
#endif #endif
fail_exit (E_GRP_UPDATE); fail_exit (E_GRP_UPDATE);
} }
}
#endif #endif
} }
@ -865,6 +940,7 @@ int main (int argc, char **argv)
(void) pam_end (pamh, PAM_SUCCESS); (void) pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */ #endif /* USE_PAM */
#ifdef WITH_AUDIT #ifdef WITH_AUDIT
/* FIXME: Is it really "deleting home directory"? */
if (0 != errors) { if (0 != errors) {
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"deleting home directory", "deleting home directory",