Use the lckpwdf() again if prefix is not set

The implementation of prefix option dropped the use of lckpwdf().
However that is incorrect as other tools manipulating the shadow passwords
such as PAM use lckpwdf() and do not know anything about the
shadow's own locking mechanism.

This reverts the implementation to use lckpwdf() if prefix option
is not used.

diff --git a/lib/commonio.c b/lib/commonio.c
index 26e518f2297ab29ebaec4f5fedd097af31dcf627..94dda779b33cde91bcf4900d2237e040b9fa3f66 100644 (file)
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -364,6 +364,7 @@ static void free_linked_list (struct commonio_db *db)
 int commonio_setname (struct commonio_db *db, const char *name)
 {
        snprintf (db->filename, sizeof (db->filename), "%s", name);
+       db->setname = true;
        return 1;
 }
 
@@ -414,37 +415,39 @@ cleanup_ENOMEM:
 
 int commonio_lock (struct commonio_db *db)
 {
-/*#ifdef HAVE_LCKPWDF*/ /* not compatible with prefix option*/
-#if 0
-       /*
-        * only if the system libc has a real lckpwdf() - the one from
-        * lockpw.c calls us and would cause infinite recursion!
-        */
+       int i;
 
+#ifdef HAVE_LCKPWDF
        /*
-        * Call lckpwdf() on the first lock.
-        * If it succeeds, call *_lock() only once
-        * (no retries, it should always succeed).
+        * Only if the system libc has a real lckpwdf() - the one from
+        * lockpw.c calls us and would cause infinite recursion!
+        * It is also not used with the prefix option.
         */
-       if (0 == lock_count) {
-               if (lckpwdf () == -1) {
-                       if (geteuid () != 0) {
-                               (void) fprintf (stderr,
-                                               "%s: Permission denied.\n",
-                                               Prog);
+       if (!db->setname) {
+               /*
+                * Call lckpwdf() on the first lock.
+                * If it succeeds, call *_lock() only once
+                * (no retries, it should always succeed).
+                */
+               if (0 == lock_count) {
+                       if (lckpwdf () == -1) {
+                               if (geteuid () != 0) {
+                                       (void) fprintf (stderr,
+                                                       "%s: Permission denied.\n",
+                                                       Prog);
+                               }
+                               return 0;       /* failure */
                        }
-                       return 0;       /* failure */
                }
-       }
 
-       if (commonio_lock_nowait (db, true) != 0) {
-               return 1;       /* success */
-       }
+               if (commonio_lock_nowait (db, true) != 0) {
+                       return 1;       /* success */
+               }
 
-       ulckpwdf ();
-       return 0;               /* failure */
-#else                          /* !HAVE_LCKPWDF */
-       int i;
+               ulckpwdf ();
+               return 0;               /* failure */
+       }
+#endif                         /* !HAVE_LCKPWDF */
 
        /*
         * lckpwdf() not used - do it the old way.
@@ -471,7 +474,6 @@ int commonio_lock (struct commonio_db *db)
                }
        }
        return 0;               /* failure */
-#endif                         /* !HAVE_LCKPWDF */
 }
 
 static void dec_lock_count (void)

diff --git a/lib/commonio.h b/lib/commonio.h
index 40e5708f26b9be29d0ea6392ad0b1baa0978569e..64e830731378056e9d8b484123055fd7dbea69a6 100644 (file)
--- a/lib/commonio.h
+++ b/lib/commonio.h
@@ -143,6 +143,7 @@ struct commonio_db {
        bool isopen:1;
        bool locked:1;
        bool readonly:1;
+       bool setname:1;
 };
 
 extern int commonio_setname (struct commonio_db *, const char *);

diff --git a/lib/groupio.c b/lib/groupio.c
index ae2302b564e2ccea2c69fa71cdb39f52069a45ff..bffb06e0fa45346e7e539c85586d0994e0097e08 100644 (file)
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -139,7 +139,8 @@ static /*@owned@*/struct commonio_db group_db = {
        false,                  /* changed */
        false,                  /* isopen */
        false,                  /* locked */
-       false                   /* readonly */
+       false,                  /* readonly */
+       false                   /* setname */
 };
 
 int gr_setdbname (const char *filename)

diff --git a/lib/pwio.c b/lib/pwio.c
index 7ee85377225f1c280793e7f2ecd45e33ab92336b..127719cba8718ff692802339942a47c36f886111 100644 (file)
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -114,7 +114,8 @@ static struct commonio_db passwd_db = {
        false,                  /* changed */
        false,                  /* isopen */
        false,                  /* locked */
-       false                   /* readonly */
+       false,                  /* readonly */
+       false                   /* setname */
 };
 
 int pw_setdbname (const char *filename)

diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index 5423626a01dabc018fbb9198b831e39d0b30abb4..ffbdb263616bdebe54faae4aa51c1fd214539cd3 100644 (file)
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -238,7 +238,8 @@ static struct commonio_db gshadow_db = {
        false,                  /* changed */
        false,                  /* isopen */
        false,                  /* locked */
-       false                   /* readonly */
+       false,                  /* readonly */
+       false                   /* setname */
 };
 
 int sgr_setdbname (const char *filename)

diff --git a/lib/shadowio.c b/lib/shadowio.c
index 5fa3d312bbf9b17f30ddff9852d6ece8cae325ad..676b1f1a39773d7840c0fea7a31d3675da48e759 100644 (file)
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -114,7 +114,8 @@ static struct commonio_db shadow_db = {
        false,                  /* changed */
        false,                  /* isopen */
        false,                  /* locked */
-       false                   /* readonly */
+       false,                  /* readonly */
+       false                   /* setname */
 };
 
 int spw_setdbname (const char *filename)

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index a662e67e53814be67b48e9c29b540c467f097912..dd779c5966f920616c2af97caaa6793d3de34892 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -550,7 +550,8 @@ static struct commonio_db subordinate_uid_db = {
        false,                  /* changed */
        false,                  /* isopen */
        false,                  /* locked */
-       false                   /* readonly */
+       false,                  /* readonly */
+       false                   /* setname */
 };
 
 int sub_uid_setdbname (const char *filename)
@@ -631,7 +632,8 @@ static struct commonio_db subordinate_gid_db = {
        false,                  /* changed */
        false,                  /* isopen */
        false,                  /* locked */
-       false                   /* readonly */
+       false,                  /* readonly */
+       false                   /* setname */
 };
 
 int sub_gid_setdbname (const char *filename)