From 538db049507341530621caa0fba6daa5c35f1a5a Mon Sep 17 00:00:00 2001 From: nekral-guest Date: Sat, 9 Aug 2008 23:22:00 +0000 Subject: [PATCH] * src/chgpasswd.c: Added fail_exit(). * src/chgpasswd.c: Added support for syslog. * src/chgpasswd.c: Report failure to unlock files to stderr and syslog. * src/chgpasswd.c: Simplify the PAM error handling. * src/chgpasswd.c: Report failure during *_close() to syslog. * src/chgpasswd.c: Ignore the return value or pam_end(). --- ChangeLog | 10 ++++++ src/chgpasswd.c | 93 ++++++++++++++++++++++++++++++++----------------- 2 files changed, 71 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index d663bb5c..f76ca87a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2008-08-07 Nicolas François + + * src/chgpasswd.c: Added fail_exit(). + * src/chgpasswd.c: Added support for syslog. + * src/chgpasswd.c: Report failure to unlock files to stderr and + syslog. + * src/chgpasswd.c: Simplify the PAM error handling. + * src/chgpasswd.c: Report failure during *_close() to syslog. + * src/chgpasswd.c: Ignore the return value or pam_end(). + 2008-08-07 Nicolas François * src/userdel.c: Report failure to remove entries from group or diff --git a/src/chgpasswd.c b/src/chgpasswd.c index f8a81272..58742f43 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -63,13 +63,16 @@ static long sha_rounds = 5000; #ifdef SHADOWGRP static bool is_shadow_grp; +static bool gshadow_locked = false; #endif +static bool group_locked = false; #ifdef USE_PAM static pam_handle_t *pamh = NULL; #endif /* local function prototypes */ +static void fail_exit (int code); static void usage (void); static void process_flags (int argc, char **argv); static void check_flags (void); @@ -77,6 +80,32 @@ static void check_perms (void); static void open_files (void); static void close_files (void); +/* + * fail_exit - exit with a failure code after unlocking the files + */ +static void fail_exit (int code) +{ + if (group_locked) { + if (gr_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); + /* continue */ + } + } + +#ifdef SHADOWGRP + if (gshadow_locked) { + if (sgr_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); + /* continue */ + } + } +#endif + + exit (code); +} + /* * usage - display usage message and exit */ @@ -225,29 +254,24 @@ static void check_perms (void) struct passwd *pampw; pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ - if (pampw == NULL) { + if (NULL == pampw) { retval = PAM_USER_UNKNOWN; } - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_start ("chgpasswd", pampw->pw_name, &conv, &pamh); } - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_authenticate (pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end (pamh, retval); - } } - if (retval == PAM_SUCCESS) { + if (PAM_SUCCESS == retval) { retval = pam_acct_mgmt (pamh, 0); - if (retval != PAM_SUCCESS) { - pam_end (pamh, retval); - } } - if (retval != PAM_SUCCESS) { + if (PAM_SUCCESS != retval) { + (void) pam_end (pamh, retval); fprintf (stderr, _("%s: PAM authentication failed\n"), Prog); exit (1); } @@ -266,13 +290,13 @@ static void open_files (void) if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s\n"), Prog, gr_dbname ()); - exit (1); + fail_exit (1); } + group_locked = true; if (gr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); - gr_unlock (); - exit (1); + fail_exit (1); } #ifdef SHADOWGRP @@ -281,15 +305,13 @@ static void open_files (void) if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s\n"), Prog, sgr_dbname ()); - gr_unlock (); - exit (1); + fail_exit (1); } + gshadow_locked = true; if (sgr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); - gr_unlock (); - sgr_unlock (); - exit (1); + fail_exit (1); } } #endif @@ -306,10 +328,15 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); - gr_unlock (); - exit (1); + SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ())); + fail_exit (1); } - sgr_unlock (); + if (sgr_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); + /* continue */ + } + gshadow_locked = false; } #endif @@ -317,9 +344,15 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); - exit (1); + SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); + fail_exit (1); + } + if (gr_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); + /* continue */ } - gr_unlock (); + group_locked = false; } int main (int argc, char **argv) @@ -348,6 +381,8 @@ int main (int argc, char **argv) process_flags(argc, argv); + OPENLOG ("chgpasswd"); + check_perms (); #ifdef SHADOWGRP @@ -481,13 +516,7 @@ int main (int argc, char **argv) if (0 != errors) { fprintf (stderr, _("%s: error detected, changes ignored\n"), Prog); -#ifdef SHADOWGRP - if (is_shadow_grp) { - sgr_unlock (); - } -#endif - gr_unlock (); - exit (1); + fail_exit (1); } close_files (); @@ -495,7 +524,7 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); #ifdef USE_PAM - pam_end (pamh, PAM_SUCCESS); + (void) pam_end (pamh, PAM_SUCCESS); #endif /* USE_PAM */ return (0); -- 2.40.0