Make sure the passwd, group, shadow, and gshadow files are unlocked on

author nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>

Sat, 8 Mar 2008 22:44:53 +0000 (22:44 +0000)

committer nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>

Sat, 8 Mar 2008 22:44:53 +0000 (22:44 +0000)
author nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Sat, 8 Mar 2008 22:44:53 +0000 (22:44 +0000)
committer nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Sat, 8 Mar 2008 22:44:53 +0000 (22:44 +0000)
diff --git a/ChangeLog b/ChangeLog

index 08e4a95012127508317a63b98b35ca2528203979..4f3703625e6ee16aba2b5b835fee65dba52ff19a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-03-08  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * NEWS, src/useradd.c: Make sure the passwd, group, shadow, and
+       gshadow files are unlocked on exit. Unlock locked files in
+       fail_exit(). Prefer fail_exit() over exit().
+
  2008-03-08  Nicolas François  <nicolas.francois@centraliens.net>
  
         * NEWS, src/groupdel.c: Make sure the group, and gshadow files are
diff --git a/NEWS b/NEWS

index 56d5fcb1135f37d8caaecead6c3b0419e428f3a4..9ba6dcc559f3b4efc9e544288233e7d6eea5a722 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -88,6 +88,8 @@ shadow-4.1.0 -> shadow-4.1.1                                          UNRELEASED
      should replace nflg from the previous versions. Please set any -n
      option to deprecated because its meaning differs from one distribution
      to the other.
+  * Make sure the passwd, group, shadow, and gshadow files are unlocked on
+    exit.
  - usermod
    * Keep the access and modification time of files when moving an user's home
      directory.
diff --git a/src/useradd.c b/src/useradd.c

index 5fdc07b578f34e137cf64d67a0207ecab2556e50..56ec073fce1600d53e42d14105542f2f634c27e1 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -107,7 +107,11 @@ static int is_shadow_pwd;
  
  #ifdef SHADOWGRP
  static int is_shadow_grp;
+static int gshadow_locked = 0;
  #endif
+static int passwd_locked = 0;
+static int group_locked = 0;
+static int shadow_locked = 0;
  static char **user_groups;     /* NULL-terminated list */
  static long sys_ngroups;
  static int do_grp_update = 0;  /* group files need to be updated */
@@ -190,6 +194,21 @@ static void fail_exit (int code)
         if (home_added)
                 rmdir (user_home);
  
+       if (shadow_locked) {
+               spw_unlock ();
+       }
+       if (passwd_locked) {
+               pw_unlock ();
+       }
+       if (group_locked) {
+               gr_unlock ();
+       }
+#ifdef SHADOWGRP
+       if (gshadow_locked) {
+               sgr_unlock ();
+       }
+#endif
+
  #ifdef WITH_AUDIT
         audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1,
                       0);
@@ -1170,13 +1189,19 @@ static void close_files (void)
                 }
  #endif
         }
-       if (is_shadow_pwd)
+       if (is_shadow_pwd) {
                 spw_unlock ();
+               shadow_locked--;
+       }
         pw_unlock ();
+       passwd_locked--;
         gr_unlock ();
+       group_locked--;
  #ifdef SHADOWGRP
-       if (is_shadow_grp)
+       if (is_shadow_grp) {
                 sgr_unlock ();
+               gshadow_locked--;
+       }
  #endif
  }
  
@@ -1195,60 +1220,68 @@ static void open_files (void)
  #endif
                 exit (E_PW_UPDATE);
         }
+       passwd_locked++;
         if (!pw_open (O_RDWR)) {
                 fprintf (stderr, _("%s: unable to open password file\n"), Prog);
  #ifdef WITH_AUDIT
                 audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
                               "opening password file", user_name, user_id, 0);
  #endif
-               pw_unlock ();
-               exit (E_PW_UPDATE);
+               fail_exit (E_PW_UPDATE);
         }
-       if (is_shadow_pwd && !spw_lock ()) {
-               fprintf (stderr,
-                        _("%s: cannot lock shadow password file\n"), Prog);
+       if (is_shadow_pwd) {
+               if (!spw_lock ()) {
+                       fprintf (stderr,
+                                _("%s: cannot lock shadow password file\n"),
+                                Prog);
  #ifdef WITH_AUDIT
-               audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-                             "locking shadow password file", user_name,
-                             user_id, 0);
+                       audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+                                     "locking shadow password file", user_name,
+                                     user_id, 0);
  #endif
-               pw_unlock ();
-               exit (E_PW_UPDATE);
-       }
-       if (is_shadow_pwd && !spw_open (O_RDWR)) {
-               fprintf (stderr,
-                        _("%s: cannot open shadow password file\n"), Prog);
+                       fail_exit (E_PW_UPDATE);
+               }
+               shadow_locked++;
+               if (!spw_open (O_RDWR)) {
+                       fprintf (stderr,
+                                _("%s: cannot open shadow password file\n"),
+                                Prog);
  #ifdef WITH_AUDIT
-               audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-                             "opening shadow password file", user_name,
-                             user_id, 0);
+                       audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+                                     "opening shadow password file", user_name,
+                                     user_id, 0);
  #endif
-               spw_unlock ();
-               pw_unlock ();
-               exit (E_PW_UPDATE);
+                       fail_exit (E_PW_UPDATE);
+               }
         }
+
         /*
          * Lock and open the group file.
          */
-
         if (!gr_lock ()) {
                 fprintf (stderr, _("%s: error locking group file\n"), Prog);
                 fail_exit (E_GRP_UPDATE);
         }
+       group_locked++;
         if (!gr_open (O_RDWR)) {
                 fprintf (stderr, _("%s: error opening group file\n"), Prog);
                 fail_exit (E_GRP_UPDATE);
         }
  #ifdef  SHADOWGRP
-       if (is_shadow_grp && !sgr_lock ()) {
-               fprintf (stderr,
-                        _("%s: error locking shadow group file\n"), Prog);
-               fail_exit (E_GRP_UPDATE);
-       }
-       if (is_shadow_grp && !sgr_open (O_RDWR)) {
-               fprintf (stderr,
-                        _("%s: error opening shadow group file\n"), Prog);
-               fail_exit (E_GRP_UPDATE);
+       if (is_shadow_grp) {
+               if (!sgr_lock ()) {
+                       fprintf (stderr,
+                                _("%s: error locking shadow group file\n"),
+                                Prog);
+                       fail_exit (E_GRP_UPDATE);
+               }
+               gshadow_locked++;
+               if (!sgr_open (O_RDWR)) {
+                       fprintf (stderr,
+                                _("%s: error opening shadow group file\n"),
+                                Prog);
+                       fail_exit (E_GRP_UPDATE);
+               }
         }
  #endif
  }
@@ -1405,7 +1438,7 @@ static void usr_update (void)
         if (!pw_update (&pwent)) {
                 fprintf (stderr,
                          _("%s: error adding new password entry\n"), Prog);
-               exit (E_PW_UPDATE);
+               fail_exit (E_PW_UPDATE);
         }
  
         /*
@@ -1420,7 +1453,7 @@ static void usr_update (void)
                 audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
                               "adding shadow password", user_name, user_id, 0);
  #endif
-               exit (E_PW_UPDATE);
+               fail_exit (E_PW_UPDATE);
         }
  #ifdef WITH_AUDIT
         audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name,
@@ -1588,7 +1621,7 @@ int main (int argc, char **argv)
  
         if (retval != PAM_SUCCESS) {
                 fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
-               exit (1);
+               fail_exit (1);
         }
  #endif                         /* USE_PAM */
  
@@ -1613,7 +1646,7 @@ int main (int argc, char **argv)
                 audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
                               user_name, -1, 0);
  #endif
-               exit (E_NAME_IN_USE);
+               fail_exit (E_NAME_IN_USE);
         }
  
         /*
@@ -1632,7 +1665,7 @@ int main (int argc, char **argv)
                         audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
                                       "adding group", user_name, -1, 0);
  #endif
-                       exit (E_NAME_IN_USE);
+                       fail_exit (E_NAME_IN_USE);
                 }
         }
  
@@ -1662,7 +1695,7 @@ int main (int argc, char **argv)
  #ifdef WITH_AUDIT
                                 audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
  #endif
-                               exit (E_UID_IN_USE);
+                               fail_exit (E_UID_IN_USE);
                         }
                 }
         }
@@ -1723,6 +1756,5 @@ int main (int argc, char **argv)
                 pam_end (pamh, PAM_SUCCESS);
  #endif                         /* USE_PAM */
  
-       exit (E_SUCCESS);
-       /* NOT REACHED */
+       return E_SUCCESS;
  }
author	nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
	Sat, 8 Mar 2008 22:44:53 +0000 (22:44 +0000)
committer	nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
	Sat, 8 Mar 2008 22:44:53 +0000 (22:44 +0000)
ChangeLog		patch \| blob \| history
NEWS		patch \| blob \| history
src/useradd.c		patch \| blob \| history