/* local function prototypes */
NORETURN static void usage (int status);
-NORETURN static void fail_exit (int);
+NORETURN static void fail_exit (int, bool);
static int add_group (const char *, const char *, gid_t *, gid_t);
static int get_user_id (const char *, uid_t *);
static int add_user (const char *, uid_t, gid_t);
static int add_passwd (struct passwd *, const char *);
static void process_flags (int argc, char **argv, struct option_flags *flags);
static void check_flags (void);
-static void check_perms (void);
-static void open_files (void);
+static void check_perms (struct option_flags *flags);
+static void open_files (bool process_selinux);
static void close_files (struct option_flags *flags);
extern int allow_bad_names;
/*
* fail_exit - undo as much as possible
*/
-static void fail_exit (int code)
+static void fail_exit (int code, bool process_selinux)
{
if (spw_locked) {
- if (spw_unlock (true) == 0) {
+ if (spw_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
/* continue */
}
}
if (pw_locked) {
- if (pw_unlock (true) == 0) {
+ if (pw_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
/* continue */
}
}
if (gr_locked) {
- if (gr_unlock (true) == 0) {
+ if (gr_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
/* continue */
}
#ifdef SHADOWGRP
if (sgr_locked) {
- if (sgr_unlock (true) == 0) {
+ if (sgr_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
/* continue */
#endif
#ifdef ENABLE_SUBIDS
if (sub_uid_locked) {
- if (sub_uid_unlock (true) == 0) {
+ if (sub_uid_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
/* continue */
}
}
if (sub_gid_locked) {
- if (sub_gid_unlock (true) == 0) {
+ if (sub_gid_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
/* continue */
SNPRINTF(buf, "%s: %s", Prog, argv[1]);
perror (buf);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, !flags->chroot);
}
}
*
* It will not return if the user is not allowed.
*/
-static void check_perms (void)
+static void check_perms (struct option_flags *flags)
{
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
int retval;
struct passwd *pampw;
+ bool process_selinux;
+
+ process_selinux = !flags->chroot;
pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
if (NULL == pampw) {
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
retval = pam_start ("newusers", pampw->pw_name, &conv, &pamh);
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
/*
* open_files - lock and open the password, group and shadow databases
*/
-static void open_files (void)
+static void open_files (bool process_selinux)
{
/*
* Lock the password files and open them for update. This will bring
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, pw_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
pw_locked = true;
if (is_shadow) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, spw_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
spw_locked = true;
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
gr_locked = true;
#ifdef SHADOWGRP
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
sgr_locked = true;
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_uid_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
sub_uid_locked = true;
}
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_gid_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
sub_gid_locked = true;
}
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (is_shadow && (spw_open (O_CREAT | O_RDWR) == 0)) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
#ifdef SHADOWGRP
if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
#endif
#ifdef ENABLE_SUBIDS
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_uid_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
}
if (is_sub_gid) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_gid_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
}
#endif /* ENABLE_SUBIDS */
if (pw_close (process_selinux) == 0) {
fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (pw_unlock (process_selinux) == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
_("%s: failure while writing changes to %s\n"),
Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (spw_unlock (process_selinux) == 0) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid && (sub_uid_close (process_selinux) == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (is_sub_gid && (sub_gid_close (process_selinux) == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
#endif /* ENABLE_SUBIDS */
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (sgr_unlock (process_selinux) == 0) {
fprintf (stderr,
size_t nusers = 0;
#endif /* USE_PAM */
struct option_flags flags;
+ bool process_selinux;
log_set_progname(Prog);
log_set_logfd(stderr);
OPENLOG ("newusers");
process_flags (argc, argv, &flags);
+ process_selinux = !flags.chroot;
- check_perms ();
+ check_perms (&flags);
is_shadow = spw_file_present ();
is_sub_gid = want_subgid_file() && sub_gid_file_present() && !rflg;
#endif /* ENABLE_SUBIDS */
- open_files ();
+ open_files (process_selinux);
/*
* Read each line. The line has the same format as a password file
if (stpsep(buf, "\n") == NULL && feof(stdin) == 0) {
fprintf (stderr, _("%s: line %jd: line too long\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (STRSEP2ARR(buf, ":", fields) == -1) {
fprintf (stderr, _("%s: line %jd: invalid line\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
/*
fprintf (stderr,
_("%s: cannot update the entry of user %s (not in the passwd database)\n"),
Prog, fields[0]);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (NULL == pw && get_user_id(fields[2], &uid) != 0) {
fprintf (stderr,
_("%s: line %jd: can't create user\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
/*
fprintf (stderr,
_("%s: line %jd: can't create group\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
/*
fprintf (stderr,
_("%s: line %jd: can't create user\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
/*
fprintf (stderr,
_("%s: line %jd: user '%s' does not exist in %s\n"),
Prog, line, fields[0], pw_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
newpw = *pw;
fprintf (stderr,
_("%s: line %jd: %s\n"),
Prog, line, strerror(errno));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
lines[nusers-1] = line;
usernames[nusers-1] = xstrdup(fields[0]);
fprintf (stderr,
_("%s: line %jd: can't update password\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (!streq(fields[4], "")) {
newpw.pw_gecos = fields[4];
fprintf(stderr,
_("%s: line %jd: homedir must be an absolute path\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (mkdir (newpw.pw_dir, mode) != 0) {
fprintf (stderr,
Prog, line, newpw.pw_dir,
strerror (errno));
if (errno != EEXIST) {
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
}
if (chown(newpw.pw_dir, newpw.pw_uid, newpw.pw_gid) != 0)
_("%s: line %jd: chown %s failed: %s\n"),
Prog, line, newpw.pw_dir,
strerror (errno));
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
}
fprintf (stderr,
_("%s: line %jd: can't update entry\n"),
Prog, line);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
#ifdef ENABLE_SUBIDS
fprintf (stderr,
_("%s: can't find subordinate user range\n"),
Prog);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0)
{
fprintf (stderr,
_("%s: failed to prepare new %s entry\n"),
Prog, sub_uid_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
}
fprintf (stderr,
_("%s: can't find subordinate group range\n"),
Prog);
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) {
fprintf (stderr,
_("%s: failed to prepare new %s entry\n"),
Prog, sub_uid_dbname ());
- fail_exit (EXIT_FAILURE);
+ fail_exit (EXIT_FAILURE, process_selinux);
}
}
#endif /* ENABLE_SUBIDS */
projects / thirdparty / shadow.git / commitdiff
