From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 25 Apr 2025 13:28:42 +0000 (+0200)
Subject: lib/, src/: add SELinux control flag in gr_close()
X-Git-Tag: 4.19.0-rc1~128^2~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=073df98f0c473ad897a1c1c0a1f6a368b2e8883b;p=thirdparty%2Fshadow.git

lib/, src/: add SELinux control flag in gr_close()

Expand gr_close() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---

diff --git a/lib/groupio.c b/lib/groupio.c
index 0bce549fd..b5a587aa2 100644
--- a/lib/groupio.c
+++ b/lib/groupio.c
@@ -185,9 +185,9 @@ int gr_rewind (void)
 	return commonio_next (&group_db);
 }
 
-int gr_close (void)
+int gr_close (bool process_selinux)
 {
-	return commonio_close (&group_db, true);
+	return commonio_close (&group_db, process_selinux);
 }
 
 int gr_unlock (void)
diff --git a/lib/groupio.h b/lib/groupio.h
index 2014de0ca..ef9242d04 100644
--- a/lib/groupio.h
+++ b/lib/groupio.h
@@ -14,8 +14,9 @@
 
 #include <sys/types.h>
 #include <grp.h>
+#include <stdbool.h>
 
-extern int gr_close (void);
+extern int gr_close (bool process_selinux);
 extern /*@observer@*/ /*@null@*/const struct group *gr_locate (const char *name);
 extern /*@observer@*/ /*@null@*/const struct group *gr_locate_gid (gid_t gid);
 extern int gr_lock (void);
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index c0017e338..8f8f1a68e 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -398,7 +398,7 @@ static void close_files (void)
 	}
 #endif
 
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/gpasswd.c b/src/gpasswd.c
index a64c27017..a9115824a 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -594,7 +594,7 @@ static void log_gpasswd_success_group (MAYBE_UNUSED void *arg)
  */
 static void close_files (void)
 {
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
@@ -725,7 +725,7 @@ static void get_group (struct group *gr)
 	gr->gr_passwd = xstrdup (tmpgr->gr_passwd);
 	gr->gr_mem = dup_list (tmpgr->gr_mem);
 
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while closing read-only %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/groupadd.c b/src/groupadd.c
index 8210388bd..10d9d781c 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -275,7 +275,7 @@ check_new_name(void)
 static void close_files (void)
 {
 	/* First, write the changes in the regular group database */
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/groupdel.c b/src/groupdel.c
index 2e754e31a..c43ff2273 100644
--- a/src/groupdel.c
+++ b/src/groupdel.c
@@ -149,7 +149,7 @@ static void grp_update (void)
 static void close_files (void)
 {
 	/* First, write the changes in the regular group database */
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/groupmems.c b/src/groupmems.c
index 68a186730..48a76aed6 100644
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -523,7 +523,7 @@ static void open_files (void)
 
 static void close_files (void)
 {
-	if ((gr_close () == 0) && !list) {
+	if ((gr_close (true) == 0) && !list) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
 		fail_exit (EXIT_GROUP_FILE);
diff --git a/src/groupmod.c b/src/groupmod.c
index 665594322..7cd7fb03e 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -483,7 +483,7 @@ static void process_flags (int argc, char **argv)
  */
 static void close_files (void)
 {
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/grpck.c b/src/grpck.c
index 2a6a11ee9..a3bf80ce3 100644
--- a/src/grpck.c
+++ b/src/grpck.c
@@ -325,7 +325,7 @@ static void close_files (bool changed)
 	 * changes to the files.
 	 */
 	if (changed) {
-		if (gr_close () == 0) {
+		if (gr_close (true) == 0) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"),
 			         Prog, grp_file);
 			fail_exit (E_CANT_UPDATE);
diff --git a/src/grpconv.c b/src/grpconv.c
index 64b2157d2..99620edee 100644
--- a/src/grpconv.c
+++ b/src/grpconv.c
@@ -242,7 +242,7 @@ int main (int argc, char **argv)
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
 		fail_exit (3);
 	}
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/grpunconv.c b/src/grpunconv.c
index 4a822f7ed..9b05d162e 100644
--- a/src/grpunconv.c
+++ b/src/grpunconv.c
@@ -194,7 +194,7 @@ int main (int argc, char **argv)
 
 	(void) sgr_close (); /* was only open O_RDONLY */
 
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/newusers.c b/src/newusers.c
index ebe467441..327bc6db5 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -970,7 +970,7 @@ static void close_files (void)
 		spw_locked = false;
 	}
 
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, gr_dbname ());
diff --git a/src/useradd.c b/src/useradd.c
index 55444c811..1971f69ad 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1662,7 +1662,7 @@ static void close_group_files (void)
 	if (!do_grp_update)
 		return;
 
-	if (gr_close() == 0) {
+	if (gr_close(true) == 0) {
 		fprintf(stderr,
 		        _("%s: failure while writing changes to %s\n"),
 		        Prog, gr_dbname());
diff --git a/src/userdel.c b/src/userdel.c
index d60c974b3..7f118343a 100644
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -418,7 +418,7 @@ static void close_files (void)
 		spw_locked = false;
 	}
 
-	if (gr_close () == 0) {
+	if (gr_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
 		fail_exit (E_GRP_UPDATE);
diff --git a/src/usermod.c b/src/usermod.c
index f392ed58b..7ac9e6c46 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1490,7 +1490,7 @@ static void close_files (void)
 	}
 
 	if (Gflg || lflg) {
-		if (gr_close () == 0) {
+		if (gr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, gr_dbname ());