* src/gpasswd.c: Warn and log to syslog and audit when group or

	gshadow cannot be unlocked, but do not fail.

diff --git a/ChangeLog b/ChangeLog
index 1889b94b253c6a0277b6a202b8a663e60727bdfe..407b3c0c59738ff84362bed69307cf8c42a8fd1d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 2008-08-01  Nicolas François  <nicolas.francois@centraliens.net>
 
        * src/gpasswd.c: Harmonize error & syslog messages.
+       * src/gpasswd.c: Warn and log to syslog and audit when group or
+       gshadow cannot be unlocked, but do not fail.
 
 2008-08-01  Nicolas François  <nicolas.francois@centraliens.net>
 

diff --git a/src/gpasswd.c b/src/gpasswd.c
index 27126ee074a09eb49659355dc988e229f56bc2ba..f01e570b5962552f87f213c1ab933a33044b0c90 100644 (file)
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -161,11 +161,27 @@ static RETSIGTYPE catch_signals (int killed)
 static void fail_exit (int status)
 {
        if (group_locked) {
-               gr_unlock ();
+               if (gr_unlock () == 0) {
+                       fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
+                       SYSLOG ((LOG_WARN, "cannot unlock the group file"));
+#ifdef WITH_AUDIT
+                       audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+                                     "unlocking group file",
+                                     group, AUDIT_NO_ID, 0);
+#endif
+               }
        }
 #ifdef SHADOWGRP
        if (gshadow_locked) {
-               sgr_unlock ();
+               if (sgr_unlock () == 0) {
+                       fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
+                       SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
+#ifdef WITH_AUDIT
+                       audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+                                     "unlocking gshadow file",
+                                     group, AUDIT_NO_ID, 0);
+#endif
+               }
        }
 #endif
 
@@ -433,19 +449,26 @@ static void close_files (void)
                fail_exit (1);
        }
        if (is_shadowgrp) {
-               /* TODO: same logging as in open_files & for /etc/group */
-               sgr_unlock ();
+               if (sgr_unlock () == 0) {
+                       fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
+                       SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
+#ifdef WITH_AUDIT
+                       audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+                                     "unlocking gshadow file",
+                                     group, AUDIT_NO_ID, 0);
+#endif
+               }
                gshadow_locked = false;
        }
 #endif
        if (gr_unlock () == 0) {
                fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
+               SYSLOG ((LOG_WARN, "cannot unlock the group file"));
 #ifdef WITH_AUDIT
                audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
                              "unlocking group file",
                              group, AUDIT_NO_ID, 0);
 #endif
-               exit (1);
        }
        group_locked = false;
 }