#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
#endif
+/*
+ * Structures
+ */
+struct option_flags {
+ bool chroot;
+ bool prefix;
+};
/*
* Global variables
/* local function prototypes */
NORETURN static void fail_exit (int);
-static void get_defaults (void);
+static void get_defaults (struct option_flags *);
static void show_defaults (void);
static int set_defaults (void);
-static int get_groups (char *);
+static int get_groups (char *, struct option_flags *);
static struct group * get_local_group (char * grp_name);
NORETURN static void usage (int status);
static void new_pwent (struct passwd *);
static void new_spent (struct spwd *);
static void grp_update (void);
-static void process_flags (int argc, char **argv);
-static void close_files (void);
-static void close_group_files (void);
-static void unlock_group_files (void);
+static void process_flags (int argc, char **argv, struct option_flags *flags);
+static void close_files (struct option_flags *flags);
+static void close_group_files (bool process_selinux);
+static void unlock_group_files (bool process_selinux);
static void open_files (void);
static void open_group_files (void);
static void open_shadow (void);
* file does not exist.
*/
static void
-get_defaults(void)
+get_defaults(struct option_flags *flags)
{
FILE *fp;
char *default_file = USER_DEFAULTS_FILE;
ccp = cp;
if (streq(buf, DGROUPS)) {
- if (get_groups (cp) != 0) {
+ if (get_groups (cp, flags) != 0) {
fprintf (stderr,
_("%s: the '%s=' configuration in %s has an invalid group, ignoring the bad group\n"),
Prog, DGROUPS, default_file);
* converts it to a NULL-terminated array. Any unknown group
* names are reported as errors.
*/
-static int get_groups (char *list)
+static int get_groups (char *list, struct option_flags *flags)
{
struct group *grp;
bool errors = false;
int ngroups = 0;
+ bool process_selinux;
+
+ process_selinux = !flags->chroot && !flags->prefix;
/*
* Free previous group list before creating a new one.
gr_free (grp);
}
- close_group_files ();
- unlock_group_files ();
+ close_group_files (process_selinux);
+ unlock_group_files (process_selinux);
user_groups[ngroups] = NULL;
* the values that the user will be created with accordingly. The
* values are checked for sanity.
*/
-static void process_flags (int argc, char **argv)
+static void process_flags (int argc, char **argv, struct option_flags *flags)
{
const struct group *grp;
bool anyflag = false;
gflg = true;
break;
case 'G':
- if (get_groups (optarg) != 0) {
+ if (get_groups (optarg, flags) != 0) {
exit (E_NOTFOUND);
}
if (NULL != user_groups[0]) {
rflg = true;
break;
case 'R': /* no-op, handled in process_root_flag () */
+ flags->chroot = true;
break;
case 'P': /* no-op, handled in process_prefix_flag () */
+ flags->prefix = true;
break;
case 's':
if ( ( !VALID (optarg) )
* close_files() closes all of the files that were opened for this
* new user. This causes any modified entries to be written out.
*/
-static void close_files (void)
+static void close_files (struct option_flags *flags)
{
- if (pw_close (true) == 0) {
+ bool process_selinux;
+
+ process_selinux = !flags->chroot && !flags->prefix;
+
+ if (pw_close (process_selinux) == 0) {
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
fail_exit (E_PW_UPDATE);
}
- if (is_shadow_pwd && (spw_close (true) == 0)) {
+ if (is_shadow_pwd && (spw_close (process_selinux) == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
fail_exit (E_PW_UPDATE);
}
- close_group_files ();
+ close_group_files (process_selinux);
#ifdef ENABLE_SUBIDS
- if (is_sub_uid && (sub_uid_close (true) == 0)) {
+ if (is_sub_uid && (sub_uid_close (process_selinux) == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
fail_exit (E_SUB_UID_UPDATE);
}
- if (is_sub_gid && (sub_gid_close (true) == 0)) {
+ if (is_sub_gid && (sub_gid_close (process_selinux) == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
}
#endif /* ENABLE_SUBIDS */
if (is_shadow_pwd) {
- if (spw_unlock (true) == 0) {
+ if (spw_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
}
spw_locked = false;
}
- if (pw_unlock (true) == 0) {
+ if (pw_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
}
pw_locked = false;
- unlock_group_files ();
+ unlock_group_files (process_selinux);
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
- if (sub_uid_unlock (true) == 0) {
+ if (sub_uid_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
#ifdef WITH_AUDIT
sub_uid_locked = false;
}
if (is_sub_gid) {
- if (sub_gid_unlock (true) == 0) {
+ if (sub_gid_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
#ifdef WITH_AUDIT
* close_group_files() closes all of the files that were opened related
* with groups. This causes any modified entries to be written out.
*/
-static void close_group_files (void)
+static void close_group_files (bool process_selinux)
{
if (!do_grp_update)
return;
- if (gr_close(true) == 0) {
+ if (gr_close(process_selinux) == 0) {
fprintf(stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname());
fail_exit(E_GRP_UPDATE);
}
#ifdef SHADOWGRP
- if (is_shadow_grp && sgr_close(true) == 0) {
+ if (is_shadow_grp && sgr_close(process_selinux) == 0) {
fprintf(stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname());
* unlock_group_files() unlocks all of the files that were locked related
* with groups. This causes any modified entries to be written out.
*/
-static void unlock_group_files (void)
+static void unlock_group_files (bool process_selinux)
{
- if (gr_unlock (true) == 0) {
+ if (gr_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
gr_locked = false;
#ifdef SHADOWGRP
if (is_shadow_grp) {
- if (sgr_unlock (true) == 0) {
+ if (sgr_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
#endif
unsigned long subuid_count = 0;
unsigned long subgid_count = 0;
+ struct option_flags flags;
log_set_progname(Prog);
log_set_logfd(stderr);
is_shadow_grp = sgr_file_present ();
#endif
- get_defaults ();
+ get_defaults (&flags);
- process_flags (argc, argv);
+ process_flags (argc, argv, &flags);
#ifdef ENABLE_SUBIDS
uid_min = getdef_ulong ("UID_MIN", 1000UL);
usr_update (subuid_count, subgid_count);
- close_files ();
+ close_files (&flags);
nscd_flush_cache ("passwd");
nscd_flush_cache ("group");
projects / thirdparty / shadow.git / commitdiff
