* src/userdel.c: Report failure to remove entries from group or
gshadow to stderr. * src/userdel.c: Fail in case of failure during the write of a user or group database. Report errors to syslog. * src/userdel.c: Do not unlock non locked files. * src/userdel.c: Report failure to unlock the passwd or shadow file to stderr and syslog.
This commit is contained in:
parent
85bc9c1d1a
commit
e2b778a38e
10
ChangeLog
10
ChangeLog
@ -1,3 +1,13 @@
|
|||||||
|
2008-08-07 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* src/userdel.c: Report failure to remove entries from group or
|
||||||
|
gshadow to stderr.
|
||||||
|
* src/userdel.c: Fail in case of failure during the write of a
|
||||||
|
user or group database. Report errors to syslog.
|
||||||
|
* src/userdel.c: Do not unlock non locked files.
|
||||||
|
* src/userdel.c: Report failure to unlock the passwd or shadow
|
||||||
|
file to stderr and syslog.
|
||||||
|
|
||||||
2008-08-07 Nicolas François <nicolas.francois@centraliens.net>
|
2008-08-07 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/pwunconv.c: Report failure to unlock the passwd or shadow
|
* src/pwunconv.c: Report failure to unlock the passwd or shadow
|
||||||
|
120
src/userdel.c
120
src/userdel.c
@ -80,7 +80,11 @@ static bool is_shadow_pwd;
|
|||||||
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
static bool is_shadow_grp;
|
static bool is_shadow_grp;
|
||||||
|
static bool gshadow_locked = false;
|
||||||
#endif
|
#endif
|
||||||
|
static bool passwd_locked = false;
|
||||||
|
static bool group_locked = false;
|
||||||
|
static bool shadow_locked = false;
|
||||||
|
|
||||||
/* local function prototypes */
|
/* local function prototypes */
|
||||||
static void usage (void);
|
static void usage (void);
|
||||||
@ -216,7 +220,12 @@ static void update_groups (void)
|
|||||||
* We can remove this group, it is not the primary
|
* We can remove this group, it is not the primary
|
||||||
* group of any remaining user.
|
* group of any remaining user.
|
||||||
*/
|
*/
|
||||||
gr_remove (grp->gr_name);
|
if (gr_remove (grp->gr_name) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: cannot remove entry '%s' from %s\n"),
|
||||||
|
Prog, grp->gr_name, gr_dbname ());
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
deleted_user_group = true;
|
deleted_user_group = true;
|
||||||
@ -289,7 +298,13 @@ static void update_groups (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (deleted_user_group) {
|
if (deleted_user_group) {
|
||||||
sgr_remove (user_name);
|
/* FIXME: Test if the group is in gshadow first? */
|
||||||
|
if (sgr_remove (user_name) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: cannot remove entry '%s' from %s\n"),
|
||||||
|
Prog, user_name, sgr_dbname ());
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif /* SHADOWGRP */
|
#endif /* SHADOWGRP */
|
||||||
}
|
}
|
||||||
@ -304,30 +319,60 @@ static void close_files (void)
|
|||||||
{
|
{
|
||||||
if (pw_close () == 0) {
|
if (pw_close () == 0) {
|
||||||
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
|
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
|
||||||
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
if (is_shadow_pwd && (spw_close () == 0)) {
|
if (pw_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
passwd_locked = false;
|
||||||
|
|
||||||
|
if (is_shadow_pwd) {
|
||||||
|
if (spw_close () == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
|
_("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
|
||||||
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
|
if (spw_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
shadow_locked = false;
|
||||||
|
}
|
||||||
|
|
||||||
if (gr_close () == 0) {
|
if (gr_close () == 0) {
|
||||||
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
|
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
|
if (gr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
group_locked = false;
|
||||||
|
|
||||||
gr_unlock ();
|
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp && (sgr_close () == 0)) {
|
if (is_shadow_grp) {
|
||||||
|
if (sgr_close () == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ());
|
_("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
|
||||||
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_shadow_grp) {
|
if (sgr_unlock () == 0) {
|
||||||
sgr_unlock ();
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
gshadow_locked = false;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (is_shadow_pwd) {
|
|
||||||
spw_unlock ();
|
|
||||||
}
|
|
||||||
pw_unlock ();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -335,21 +380,43 @@ static void close_files (void)
|
|||||||
*/
|
*/
|
||||||
static void fail_exit (int code)
|
static void fail_exit (int code)
|
||||||
{
|
{
|
||||||
pw_unlock ();
|
if (passwd_locked) {
|
||||||
gr_unlock ();
|
if (pw_unlock () == 0) {
|
||||||
if (is_shadow_pwd) {
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
|
||||||
spw_unlock ();
|
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (group_locked) {
|
||||||
|
if (gr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (shadow_locked) {
|
||||||
|
if (spw_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp) {
|
if (gshadow_locked) {
|
||||||
sgr_unlock ();
|
if (sgr_unlock () == 0) {
|
||||||
|
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
|
||||||
|
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
|
||||||
|
/* continue */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"deleting user",
|
"deleting user",
|
||||||
user_name, (unsigned int) user_id, 0);
|
user_name, (unsigned int) user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
exit (code);
|
exit (code);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -368,8 +435,9 @@ static void open_files (void)
|
|||||||
"locking password file",
|
"locking password file",
|
||||||
user_name, (unsigned int) user_id, 0);
|
user_name, (unsigned int) user_id, 0);
|
||||||
#endif
|
#endif
|
||||||
exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
|
passwd_locked = true;
|
||||||
if (pw_open (O_RDWR) == 0) {
|
if (pw_open (O_RDWR) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
_("%s: cannot open %s\n"), Prog, pw_dbname ());
|
||||||
@ -380,7 +448,8 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
fail_exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
if (is_shadow_pwd && (spw_lock () == 0)) {
|
if (is_shadow_pwd) {
|
||||||
|
if (spw_lock () == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot lock %s\n"), Prog, spw_dbname ());
|
_("%s: cannot lock %s\n"), Prog, spw_dbname ());
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -390,7 +459,8 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
fail_exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
if (is_shadow_pwd && (spw_open (O_RDWR) == 0)) {
|
shadow_locked = true;
|
||||||
|
if (spw_open (O_RDWR) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot open %s\n"), Prog, spw_dbname ());
|
_("%s: cannot open %s\n"), Prog, spw_dbname ());
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -400,6 +470,7 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
fail_exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if (gr_lock () == 0) {
|
if (gr_lock () == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot lock %s\n"), Prog, gr_dbname ());
|
_("%s: cannot lock %s\n"), Prog, gr_dbname ());
|
||||||
@ -410,6 +481,7 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
|
group_locked = true;
|
||||||
if (gr_open (O_RDWR) == 0) {
|
if (gr_open (O_RDWR) == 0) {
|
||||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -420,7 +492,8 @@ static void open_files (void)
|
|||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
if (is_shadow_grp && (sgr_lock () == 0)) {
|
if (is_shadow_grp) {
|
||||||
|
if (sgr_lock () == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot lock %s\n"), Prog, sgr_dbname ());
|
_("%s: cannot lock %s\n"), Prog, sgr_dbname ());
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -430,7 +503,8 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
|
gshadow_locked= true;
|
||||||
|
if (sgr_open (O_RDWR) == 0) {
|
||||||
fprintf (stderr, _("%s: cannot open %s\n"),
|
fprintf (stderr, _("%s: cannot open %s\n"),
|
||||||
Prog, sgr_dbname ());
|
Prog, sgr_dbname ());
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -440,6 +514,7 @@ static void open_files (void)
|
|||||||
#endif
|
#endif
|
||||||
fail_exit (E_GRP_UPDATE);
|
fail_exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -865,6 +940,7 @@ int main (int argc, char **argv)
|
|||||||
(void) pam_end (pamh, PAM_SUCCESS);
|
(void) pam_end (pamh, PAM_SUCCESS);
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
|
/* FIXME: Is it really "deleting home directory"? */
|
||||||
if (0 != errors) {
|
if (0 != errors) {
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||||
"deleting home directory",
|
"deleting home directory",
|
||||||
|
Loading…
Reference in New Issue
Block a user