[Pkg-shadow-commits] r1357 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Nov 17 11:42:47 UTC 2007
Author: nekral-guest
Date: 2007-11-17 11:42:47 +0000 (Sat, 17 Nov 2007)
New Revision: 1357
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/usermod.c
Log:
* src/usermod.c (fail_exit): Add static variables pw_locked,
spw_locked, gr_locked, and sgr_locked to indicate which files must
be unlocked.
* src/usermod.c (open_files, close_files): Open and close the
group files as well as the passwd files. This permit to check if
the group files modification are allowed before writing the passwd
files.
* src/usermod.c (grp_update, update_gshadow, update_group): Do not
return a status code, but call fail_exit() in case of error. The
group files are no more opened and closed in update_gshadow() and
update_group().
* src/usermod.c (main): move the call to grp_update between
open_files and close_files.
* src/usermod.c: Differentiate failure to add a group entry and
failure to add a shadow group entry.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-11-17 11:31:06 UTC (rev 1356)
+++ upstream/trunk/ChangeLog 2007-11-17 11:42:47 UTC (rev 1357)
@@ -1,5 +1,23 @@
2007-11-17 Nicolas François <nicolas.francois at centraliens.net>
+ * src/usermod.c (fail_exit): Add static variables pw_locked,
+ spw_locked, gr_locked, and sgr_locked to indicate which files must
+ be unlocked.
+ * src/usermod.c (open_files, close_files): Open and close the
+ group files as well as the passwd files. This permit to check if
+ the group files modification are allowed before writing the passwd
+ files.
+ * src/usermod.c (grp_update, update_gshadow, update_group): Do not
+ return a status code, but call fail_exit() in case of error. The
+ group files are no more opened and closed in update_gshadow() and
+ update_group().
+ * src/usermod.c (main): move the call to grp_update between
+ open_files and close_files.
+ * src/usermod.c: Differentiate failure to add a group entry and
+ failure to add a shadow group entry.
+
+2007-11-17 Nicolas François <nicolas.francois at centraliens.net>
+
* src/userdel.c: Differentiate failure to update a group entry and
failure to update a shadow group entry.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2007-11-17 11:31:06 UTC (rev 1356)
+++ upstream/trunk/NEWS 2007-11-17 11:42:47 UTC (rev 1357)
@@ -28,6 +28,8 @@
- userdel: Abort if an error is detected while updating the passwd or group
databases. The passwd or group files will not be written.
- usermod: Update the group database before flushing the nscd caches.
+- usermod: Make sure the group modifications will be allowed before
+ writing the passwd files.
shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007
Modified: upstream/trunk/src/usermod.c
===================================================================
--- upstream/trunk/src/usermod.c 2007-11-17 11:31:06 UTC (rev 1356)
+++ upstream/trunk/src/usermod.c 2007-11-17 11:42:47 UTC (rev 1357)
@@ -105,7 +105,7 @@
static char *Prog;
static int
- aflg = 0, /* append to existing secondary group set */
+ aflg = 0, /* append to existing secondary group set */
cflg = 0, /* new comment (GECOS) field */
dflg = 0, /* new home directory */
eflg = 0, /* days since 1970-01-01 when account becomes expired */
@@ -127,7 +127,14 @@
static int is_shadow_grp;
#endif
+static int pw_locked = 0;
+static int spw_locked = 0;
+static int gr_locked = 0;
+#ifdef SHADOWGRP
+static int sgr_locked = 0;
+#endif
+
/* local function prototypes */
static int get_groups (char *);
static void usage (void);
@@ -135,12 +142,12 @@
static void new_spent (struct spwd *);
static void fail_exit (int);
-static int update_group (void);
+static void update_group (void);
#ifdef SHADOWGRP
-static int update_gshadow (void);
+static void update_gshadow (void);
#endif
-static int grp_update (void);
+static void grp_update (void);
static long get_number (const char *);
static uid_t get_id (const char *);
@@ -514,14 +521,17 @@
*/
static void fail_exit (int code)
{
- (void) gr_unlock ();
+ if (gr_locked)
+ gr_unlock ();
#ifdef SHADOWGRP
- if (is_shadow_grp)
+ if (sgr_locked)
sgr_unlock ();
#endif
- if (is_shadow_pwd)
+ if (spw_locked)
spw_unlock ();
- (void) pw_unlock ();
+ if (pw_locked)
+ pw_unlock ();
+
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "modifying account",
user_name, -1, 0);
@@ -530,7 +540,7 @@
}
-static int update_group (void)
+static void update_group (void)
{
int is_member;
int was_member;
@@ -538,22 +548,6 @@
const struct group *grp;
struct group *ngrp;
- /*
- * Lock and open the group file. This will load all of the group
- * entries.
- */
- if (!gr_lock ()) {
- fprintf (stderr, _("%s: error locking group file\n"), Prog);
- SYSLOG ((LOG_ERR, "error locking group file"));
- return -1;
- }
- if (!gr_open (O_RDWR)) {
- fprintf (stderr, _("%s: error opening group file\n"), Prog);
- SYSLOG ((LOG_ERR, "error opening group file"));
- gr_unlock ();
- return -1;
- }
-
changed = 0;
/*
@@ -576,8 +570,7 @@
fprintf (stderr,
_("%s: Out of memory. Cannot update the group database.\n"),
Prog);
- gr_unlock ();
- return -1;
+ fail_exit (E_GRP_UPDATE);
}
if (was_member && (!Gflg || is_member)) {
@@ -627,23 +620,16 @@
if (!gr_update (ngrp)) {
fprintf (stderr,
_("%s: error adding new group entry\n"), Prog);
- SYSLOG ((LOG_ERR, "error adding group entry"));
- gr_unlock ();
- return -1;
+ SYSLOG ((LOG_ERR, "error adding new group entry"));
+ fail_exit (E_GRP_UPDATE);
}
}
- if (!gr_close ()) {
- fprintf (stderr, _("%s: cannot rewrite group file\n"), Prog);
- gr_unlock ();
- return -1;
- }
- gr_unlock ();
return 0;
}
#ifdef SHADOWGRP
-static int update_gshadow (void)
+static void update_gshadow (void)
{
int is_member;
int was_member;
@@ -652,20 +638,6 @@
const struct sgrp *sgrp;
struct sgrp *nsgrp;
- if (!sgr_lock ()) {
- fprintf (stderr,
- _("%s: error locking shadow group file\n"), Prog);
- SYSLOG ((LOG_ERR, "error locking shadow group file"));
- return -1;
- }
- if (!sgr_open (O_RDWR)) {
- fprintf (stderr,
- _("%s: error opening shadow group file\n"), Prog);
- SYSLOG ((LOG_ERR, "error opening shadow group file"));
- sgr_unlock ();
- return -1;
- }
-
changed = 0;
/*
@@ -698,8 +670,7 @@
fprintf (stderr,
_("%s: Out of memory. Cannot update the shadow group database.\n"),
Prog);
- sgr_unlock ();
- return -1;
+ fail_exit (E_GRP_UPDATE);
}
if (was_admin && lflg) {
@@ -767,21 +738,11 @@
*/
if (!sgr_update (nsgrp)) {
fprintf (stderr,
- _("%s: error adding new group entry\n"), Prog);
+ _("%s: error adding new shadow group entry\n"), Prog);
SYSLOG ((LOG_ERR, "error adding shadow group entry"));
- sgr_unlock ();
- return -1;
+ fail_exit (E_GRP_UPDATE);
}
}
-
- if (!sgr_close ()) {
- fprintf (stderr,
- _("%s: cannot rewrite shadow group file\n"), Prog);
- sgr_unlock ();
- return -1;
- }
- sgr_unlock ();
- return 0;
}
#endif /* SHADOWGRP */
@@ -791,16 +752,13 @@
* grp_update() takes the secondary group set given in user_groups and
* adds the user to each group given by that set.
*/
-static int grp_update (void)
+static void grp_update (void)
{
- int ret;
-
- ret = update_group ();
+ update_group ();
#ifdef SHADOWGRP
- if (!ret && is_shadow_grp)
- ret = update_gshadow ();
+ if (is_shadow_grp)
+ update_gshadow ();
#endif
- return ret;
}
static long get_number (const char *numstr)
@@ -1138,10 +1096,35 @@
_("%s: cannot rewrite shadow password file\n"), Prog);
fail_exit (E_PW_UPDATE);
}
+
+ if (Gflg || lflg) {
+ if (!gr_close ()) {
+ fprintf (stderr, _("%s: cannot rewrite group file\n"),
+ Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp && !sgr_close ()) {
+ fprintf (stderr,
+ _("%s: cannot rewrite shadow group file\n"),
+ Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+ if (is_shadow_grp)
+ sgr_unlock ();
+#endif
+ gr_unlock ();
+ }
+
if (is_shadow_pwd)
spw_unlock ();
- (void) pw_unlock ();
+ pw_unlock ();
+ pw_locked = 0;
+ spw_locked = 0;
+ gr_locked = 0;
+ sgr_locked = 0;
+
/*
* Close the DBM and/or flat files
*/
@@ -1162,8 +1145,9 @@
{
if (!pw_lock ()) {
fprintf (stderr, _("%s: unable to lock password file\n"), Prog);
- exit (E_PW_UPDATE);
+ fail_exit (E_PW_UPDATE);
}
+ pw_locked = 1;
if (!pw_open (O_RDWR)) {
fprintf (stderr, _("%s: unable to open password file\n"), Prog);
fail_exit (E_PW_UPDATE);
@@ -1173,11 +1157,48 @@
_("%s: cannot lock shadow password file\n"), Prog);
fail_exit (E_PW_UPDATE);
}
+ spw_locked = 1;
if (is_shadow_pwd && !spw_open (O_RDWR)) {
fprintf (stderr,
_("%s: cannot open shadow password file\n"), Prog);
fail_exit (E_PW_UPDATE);
}
+
+ if (Gflg || lflg) {
+ /*
+ * Lock and open the group file. This will load all of the
+ * group entries.
+ */
+ if (!gr_lock ()) {
+ fprintf (stderr, _("%s: error locking group file\n"),
+ Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+ gr_locked = 1;
+ if (!gr_open (O_RDWR)) {
+ fprintf (stderr, _("%s: error opening group file\n"),
+ Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp && !sgr_lock ()) {
+ fprintf (stderr,
+ _("%s: error locking shadow group file\n"),
+ Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+ sgr_locked = 1;
+ if (is_shadow_grp && !sgr_open (O_RDWR)) {
+ fprintf (stderr,
+ _("%s: error opening shadow group file\n"),
+ Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#endif
+ }
+
+
+
}
/*
@@ -1454,8 +1475,6 @@
*/
int main (int argc, char **argv)
{
- int grp_err = 0;
-
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
struct passwd *pampw;
@@ -1526,11 +1545,10 @@
*/
open_files ();
usr_update ();
+ if (Gflg || lflg)
+ grp_update ();
close_files ();
- if (Gflg || lflg)
- grp_err = grp_update ();
-
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
@@ -1554,9 +1572,6 @@
user_gid, gflg ? user_newgid : user_gid);
}
- if (grp_err)
- exit (E_GRP_UPDATE);
-
#ifdef USE_PAM
if (retval == PAM_SUCCESS)
pam_end (pamh, PAM_SUCCESS);
More information about the Pkg-shadow-commits
mailing list