lib/tcbfuncs: operate on file descriptor rather than path

diff --git a/lib/tcbfuncs.c b/lib/tcbfuncs.c
index 7f96ee681e881ed9e5ce5f0ae99363798a1f1a07..b5915fcd23a111f6fe197ce842cc4e93457a7329 100644 (file)
--- a/lib/tcbfuncs.c
+++ b/lib/tcbfuncs.c
@@ -527,7 +527,7 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
        struct stat tcbdir_stat;
        gid_t shadowgid, authgid;
        struct group *gr;
-       int fd;
+       int fd = -1;
        shadowtcb_status ret = SHADOWTCB_FAILURE;
 
        if (!getdef_bool ("USE_TCB")) {
@@ -566,14 +566,13 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
                         shadow_progname, shadow, strerror (errno));
                goto out_free;
        }
-       close (fd);
-       if (chown (shadow, 0, authgid) != 0) {
+       if (fchown (fd, 0, authgid) != 0) {
                fprintf (shadow_logfd,
                         _("%s: Cannot change owner of %s: %s\n"),
                         shadow_progname, shadow, strerror (errno));
                goto out_free;
        }
-       if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
+       if (fchmod (fd, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
                fprintf (shadow_logfd,
                         _("%s: Cannot change mode of %s: %s\n"),
                         shadow_progname, shadow, strerror (errno));
@@ -597,6 +596,8 @@ shadowtcb_status shadowtcb_create (const char *name, uid_t uid)
        }
        ret = SHADOWTCB_SUCCESS;
 out_free:
+       if (fd != -1)
+               close(fd);
        free (dir);
        free (shadow);
        return ret;