From: Iker Pedrosa Date: Fri, 25 Apr 2025 13:53:17 +0000 (+0200) Subject: lib/, src/: add SELinux control flag in pw_unlock() X-Git-Tag: 4.19.0-rc1~128^2~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6396ff013c74dcd884c562cbd0e1f8c06529eeeb;p=thirdparty%2Fshadow.git lib/, src/: add SELinux control flag in pw_unlock() Expand pw_unlock() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- diff --git a/lib/cleanup_user.c b/lib/cleanup_user.c index 3c80e5f34..e6a617a29 100644 --- a/lib/cleanup_user.c +++ b/lib/cleanup_user.c @@ -98,7 +98,7 @@ void cleanup_report_add_user_shadow (void *user_name) */ void cleanup_unlock_passwd (MAYBE_UNUSED void *arg) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (log_get_logfd(), _("%s: failed to unlock %s\n"), log_get_progname(), pw_dbname ()); diff --git a/lib/lockpw.c b/lib/lockpw.c index e09e880e6..04cbdf36f 100644 --- a/lib/lockpw.c +++ b/lib/lockpw.c @@ -56,7 +56,7 @@ int lckpwdf (void) */ if (i == 15) { - pw_unlock (); + pw_unlock (true); return -1; } @@ -78,7 +78,7 @@ int ulckpwdf (void) * Unlock both files. */ - return (pw_unlock () && spw_unlock ())? 0 : -1; + return (pw_unlock (true) && spw_unlock ())? 0 : -1; } #else extern int ISO_C_forbids_an_empty_translation_unit; diff --git a/lib/pwio.c b/lib/pwio.c index ea2324af9..f4044c9b1 100644 --- a/lib/pwio.c +++ b/lib/pwio.c @@ -163,9 +163,9 @@ int pw_close (bool process_selinux) return commonio_close (&passwd_db, process_selinux); } -int pw_unlock (void) +int pw_unlock (bool process_selinux) { - return commonio_unlock (&passwd_db, true); + return commonio_unlock (&passwd_db, process_selinux); } /*@null@*/struct commonio_entry *__pw_get_head (void) diff --git a/lib/pwio.h b/lib/pwio.h index b051a7e75..0903b8bdb 100644 --- a/lib/pwio.h +++ b/lib/pwio.h @@ -26,7 +26,7 @@ extern /*@observer@*/ /*@null@*/const struct passwd *pw_next (void); extern int pw_open (int mode); extern int pw_remove (const char *name); extern int pw_rewind (void); -extern int pw_unlock (void); +extern int pw_unlock (bool process_selinux); extern int pw_update (const struct passwd *pw); extern int pw_sort (void); diff --git a/src/chage.c b/src/chage.c index be45af175..09c8871e5 100644 --- a/src/chage.c +++ b/src/chage.c @@ -101,7 +101,7 @@ fail_exit (int code) } } if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -568,7 +568,7 @@ static void close_files (void) /* continue */ } spw_locked = false; - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/chfn.c b/src/chfn.c index f80d2f3db..b0e7c315d 100644 --- a/src/chfn.c +++ b/src/chfn.c @@ -79,7 +79,7 @@ static void get_old_fields (const char *gecos); static void fail_exit (int code) { if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -458,7 +458,7 @@ static void update_gecos (const char *user, char *gecos) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (E_NOPERM); } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/chpasswd.c b/src/chpasswd.c index ba1a3b0dd..2ddfd08ee 100644 --- a/src/chpasswd.c +++ b/src/chpasswd.c @@ -83,7 +83,7 @@ static void close_files (void); static void fail_exit (int code) { if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -402,7 +402,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (1); } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/chsh.c b/src/chsh.c index 87ad64d16..f93dc3331 100644 --- a/src/chsh.c +++ b/src/chsh.c @@ -78,7 +78,7 @@ static void fail_exit (int code) { if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -433,7 +433,7 @@ static void update_shell (const char *user, char *newshell) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (1); } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/newusers.c b/src/newusers.c index 5e345d4ef..b93138950 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -173,7 +173,7 @@ static void fail_exit (int code) } } if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -945,7 +945,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (EXIT_FAILURE); } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/passwd.c b/src/passwd.c index b1a3e6129..342d77d1f 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -483,7 +483,7 @@ static void fail_exit (int status) { if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { (void) fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -593,7 +593,7 @@ static void update_noshadow (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (E_FAILURE); } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { (void) fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); diff --git a/src/pwck.c b/src/pwck.c index 9d30b7d3b..c827b5ca0 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -96,7 +96,7 @@ static void fail_exit (int code) } if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); if (use_system_pw_file) { SYSLOG ((LOG_ERR, "failed to unlock %s", @@ -351,7 +351,7 @@ static void close_files (bool changed) } spw_locked = false; if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); diff --git a/src/pwconv.c b/src/pwconv.c index 75eb8d07b..6bef9be50 100644 --- a/src/pwconv.c +++ b/src/pwconv.c @@ -83,7 +83,7 @@ static void process_flags (int argc, char **argv); static void fail_exit (int status) { if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -299,7 +299,7 @@ int main (int argc, char **argv) /* continue */ } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/pwunconv.c b/src/pwunconv.c index 83d3516cd..2ce174ebe 100644 --- a/src/pwunconv.c +++ b/src/pwunconv.c @@ -54,7 +54,7 @@ static void fail_exit (int status) } } if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -227,7 +227,7 @@ int main (int argc, char **argv) SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); /* continue */ } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/useradd.c b/src/useradd.c index 4a988c4e1..0af295ce5 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -268,7 +268,7 @@ static void fail_exit (int code) SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname())); /* continue */ } - if (pw_locked && pw_unlock() == 0) { + if (pw_locked && pw_unlock(true) == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname())); /* continue */ @@ -1604,7 +1604,7 @@ static void close_files (void) } spw_locked = false; } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT diff --git a/src/userdel.c b/src/userdel.c index e535fc1d1..fa1de9885 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -396,7 +396,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ())); fail_exit (E_PW_UPDATE); } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -485,7 +485,7 @@ static void close_files (void) static void fail_exit (int code) { if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ diff --git a/src/usermod.c b/src/usermod.c index df94f1f52..12cd13926 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -658,7 +658,7 @@ fail_exit (int code) } } if (pw_locked) { - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); /* continue */ @@ -1547,7 +1547,7 @@ static void close_files (void) /* continue */ } } - if (pw_unlock () == 0) { + if (pw_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());