Relevant BUGIDs: 1478180

Purpose of commit: bugfix

Commit summary:
---------------

2006-05-02  Thorsten Kukuk  <kukuk@suse.de>

        * modules/pam_tally/pam_tally.c: Always close file handle
        in error case, don't close it depending on *TALLY value [#1478180]

diff --git a/ChangeLog b/ChangeLog
index 46dc2fef0633617ab9945637043b9c6f6ddc8849..e563182bef57b25ac50fb87682e098aee9c94870 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-05-02  Thorsten Kukuk  <kukuk@suse.de>
+
+       * modules/pam_tally/pam_tally.c: Always close file handle
+       in error case, don't close it depending on *TALLY value [#1478180]
+
 2006-04-21  Thorsten Kukuk  <kukuk@thkukuk.de>
 
        * po/fr.po: Updated.
@@ -30,7 +35,7 @@
        * configure.in: Remove ALL_LINGUAS.
        * po/LINGUAS: New.
        * po/tr.po: New (from Ismail Donmez <ismail@pardus.org.tr>).
-       
+
 2006-03-13  Thorsten Kukuk  <kukuk@thkukuk.de>
 
        * doc/man/pam_error.3.xml: New.

diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 9abe7d499b6e68d3b268c0694decbc8175c8cd86..71dc70bd6fc11538a1af948409885774a841e5f7 100644 (file)
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -379,26 +379,27 @@ static int
 set_tally(pam_handle_t *pamh, tally_t tally, uid_t uid,
             const char *filename, FILE **TALLY, struct fail_s *fsp)
 {
-    if ( tally!=TALLY_HI )
-      {
-        if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) {
-                  pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
-                            return PAM_AUTH_ERR;
-        }
-        fsp->fs_faillog.fail_cnt = tally;
-        if (fwrite((char *) &fsp->fs_faillog,
+    int retval = PAM_SUCCESS;
+
+    if ( tally!=TALLY_HI ) {
+      if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) {
+       pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
+       retval = PAM_AUTH_ERR;
+      } else {
+       fsp->fs_faillog.fail_cnt = tally;
+       if (fwrite((char *) &fsp->fs_faillog,
                   sizeof(struct faillog), 1, *TALLY)==0 ) {
-           pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s", filename);
-           return PAM_AUTH_ERR;
-        }
+         pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s", filename);
+         retval = PAM_AUTH_ERR;
       }
+    }
 
     if ( fclose(*TALLY) ) {
       pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s", filename);
       return PAM_AUTH_ERR;
     }
     *TALLY=NULL;
-    return PAM_SUCCESS;
+    return retval;
 }
 
 /*---------------------------------------------------------------------*/
@@ -415,7 +416,7 @@ set_tally(pam_handle_t *pamh, tally_t tally, uid_t uid,
 
 static int
 tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
-            uid_t uid, const char *user, struct tally_options *opts) 
+            uid_t uid, const char *user, struct tally_options *opts)
 {
   tally_t
     tally         = 0;  /* !TALLY_HI --> Log opened for update */
@@ -429,7 +430,7 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
     int i;
 
     i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
+    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
 
     /* to remember old fail time (for locktime) */
     fsp->fs_fail_time = fsp->fs_faillog.fail_time;
@@ -475,14 +476,14 @@ tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
     }
 
     i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp );
-    if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
+    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
 
     return PAM_SUCCESS;
 }
 
 static int
 tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
-               const char *user, struct tally_options *opts) 
+               const char *user, struct tally_options *opts)
 {
   tally_t
     deny          = opts->deny;
@@ -496,7 +497,6 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
     int i;
 
     i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
-    if (TALLY) fclose(TALLY);
     if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
 
     if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) {       /* magic_root skips tally check */
@@ -558,7 +558,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
     int i;
 
     i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
+    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
 
       /* resets if not magic root
        */
@@ -574,7 +574,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
     }
 
     i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); }
+    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
 
     return PAM_SUCCESS;
 }
@@ -732,7 +732,7 @@ static int cline_quiet =  0;
  */
 
 static const char *
-pam_errors( int i ) 
+pam_errors( int i )
 {
   switch (i) {
   case PAM_AUTH_ERR:     return _("Authentication error");
@@ -743,7 +743,7 @@ pam_errors( int i )
 }
 
 static int
-getopts( char **argv ) 
+getopts( char **argv )
 {
   const char *pname = *argv;
   for ( ; *argv ; (void)(*argv && ++argv) ) {
@@ -801,7 +801,6 @@ int main ( int argc UNUSED, char **argv )
 
     i=get_tally(NULL, &tally, uid, cline_filename, &TALLY, fsp);
     if ( i != PAM_SUCCESS ) {
-      if (TALLY) fclose(TALLY);
       fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
       exit(0);
     }
@@ -812,7 +811,6 @@ int main ( int argc UNUSED, char **argv )
 
     i=set_tally(NULL, cline_reset, uid, cline_filename, &TALLY, fsp);
     if ( i != PAM_SUCCESS ) {
-      if (TALLY) fclose(TALLY);
       fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
       exit(0);
     }