lib/, src/: add SELinux control flag in pw_unlock()

Expand pw_unlock() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/lib/cleanup_user.c b/lib/cleanup_user.c
index 3c80e5f3432fca343299a68d46d3b974743401de..e6a617a2943cef28cd087101c7d2cb99faf97c3f 100644 (file)
--- a/lib/cleanup_user.c
+++ b/lib/cleanup_user.c
@@ -98,7 +98,7 @@ void cleanup_report_add_user_shadow (void *user_name)
  */
 void cleanup_unlock_passwd (MAYBE_UNUSED void *arg)
 {
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (log_get_logfd(),
                         _("%s: failed to unlock %s\n"),
                         log_get_progname(), pw_dbname ());

diff --git a/lib/lockpw.c b/lib/lockpw.c
index e09e880e628224291daa552b8dfe24c8e22a411b..04cbdf36f6b072191f0c565ff93af658ef778cbd 100644 (file)
--- a/lib/lockpw.c
+++ b/lib/lockpw.c
@@ -56,7 +56,7 @@ int lckpwdf (void)
         */
 
        if (i == 15) {
-               pw_unlock ();
+               pw_unlock (true);
                return -1;
        }
 
@@ -78,7 +78,7 @@ int ulckpwdf (void)
         * Unlock both files.
         */
 
-       return (pw_unlock () && spw_unlock ())? 0 : -1;
+       return (pw_unlock (true) && spw_unlock ())? 0 : -1;
 }
 #else
 extern int ISO_C_forbids_an_empty_translation_unit;

diff --git a/lib/pwio.c b/lib/pwio.c
index ea2324af919d9ad7232938ede6588a77b11ce865..f4044c9b173b7fd453e8e7ad9228fdcbea7b3721 100644 (file)
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -163,9 +163,9 @@ int pw_close (bool process_selinux)
        return commonio_close (&passwd_db, process_selinux);
 }
 
-int pw_unlock (void)
+int pw_unlock (bool process_selinux)
 {
-       return commonio_unlock (&passwd_db, true);
+       return commonio_unlock (&passwd_db, process_selinux);
 }
 
 /*@null@*/struct commonio_entry *__pw_get_head (void)

diff --git a/lib/pwio.h b/lib/pwio.h
index b051a7e7551ed5cd8a27c729e6b555c756998af7..0903b8bdbaa2fb94e2972d8b644a14f93a1915ba 100644 (file)
--- a/lib/pwio.h
+++ b/lib/pwio.h
@@ -26,7 +26,7 @@ extern /*@observer@*/ /*@null@*/const struct passwd *pw_next (void);
 extern int pw_open (int mode);
 extern int pw_remove (const char *name);
 extern int pw_rewind (void);
-extern int pw_unlock (void);
+extern int pw_unlock (bool process_selinux);
 extern int pw_update (const struct passwd *pw);
 extern int pw_sort (void);
 

diff --git a/src/chage.c b/src/chage.c
index be45af17516026121bf88722af3d86e27c4871a1..09c8871e557ab5eee75dd92b5781c2538fefe7b5 100644 (file)
--- a/src/chage.c
+++ b/src/chage.c
@@ -101,7 +101,7 @@ fail_exit (int code)
                }
        }
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -568,7 +568,7 @@ static void close_files (void)
                /* continue */
        }
        spw_locked = false;
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/chfn.c b/src/chfn.c
index f80d2f3dbad8f6ae7d1ad6da55d9c848b276c974..b0e7c315d973421d3204006667161e0c4b248072 100644 (file)
--- a/src/chfn.c
+++ b/src/chfn.c
@@ -79,7 +79,7 @@ static void get_old_fields (const char *gecos);
 static void fail_exit (int code)
 {
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -458,7 +458,7 @@ static void update_gecos (const char *user, char *gecos)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
                fail_exit (E_NOPERM);
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/chpasswd.c b/src/chpasswd.c
index ba1a3b0ddf1e7e519cba503d2d0529e2e8b4affb..2ddfd08eef6428e08877945ec004270b540ac008 100644 (file)
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -83,7 +83,7 @@ static void close_files (void);
 static void fail_exit (int code)
 {
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -402,7 +402,7 @@ static void close_files (void)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
                fail_exit (1);
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/chsh.c b/src/chsh.c
index 87ad64d169c32162adcaeb1061892bf8a95985e1..f93dc3331324d15a3df9894beb7ad8d29a7e67c7 100644 (file)
--- a/src/chsh.c
+++ b/src/chsh.c
@@ -78,7 +78,7 @@ static void
 fail_exit (int code)
 {
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -433,7 +433,7 @@ static void update_shell (const char *user, char *newshell)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
                fail_exit (1);
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/newusers.c b/src/newusers.c
index 5e345d4efd78093321727675bbe5d9fb423b1d64..b931389506db2f856bbdcbaf6c2a2db1a590e521 100644 (file)
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -173,7 +173,7 @@ static void fail_exit (int code)
                }
        }
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -945,7 +945,7 @@ static void close_files (void)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
                fail_exit (EXIT_FAILURE);
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/passwd.c b/src/passwd.c
index b1a3e612934baf66597a1753cf0a4f93abb687a1..342d77d1f5b45e7c8cd6025fd42f566ff4f0b5ad 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -483,7 +483,7 @@ static void
 fail_exit (int status)
 {
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        (void) fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -593,7 +593,7 @@ static void update_noshadow (void)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
                fail_exit (E_FAILURE);
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                (void) fprintf (stderr,
                                _("%s: failed to unlock %s\n"),
                                Prog, pw_dbname ());

diff --git a/src/pwck.c b/src/pwck.c
index 9d30b7d3b3705d68c3379a7087904ad349c7da3e..c827b5ca01b6d0ce3e2a78f3ad87c8bd8387cc1b 100644 (file)
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -96,7 +96,7 @@ static void fail_exit (int code)
        }
 
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        if (use_system_pw_file) {
                                SYSLOG ((LOG_ERR, "failed to unlock %s",
@@ -351,7 +351,7 @@ static void close_files (bool changed)
        }
        spw_locked = false;
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr,
                                 _("%s: failed to unlock %s\n"),
                                 Prog, pw_dbname ());

diff --git a/src/pwconv.c b/src/pwconv.c
index 75eb8d07bce5bfe328e40349eee4b2bf388f2ebf..6bef9be50a1ff449379ed9e4da0de7ab920fb417 100644 (file)
--- a/src/pwconv.c
+++ b/src/pwconv.c
@@ -83,7 +83,7 @@ static void process_flags (int argc, char **argv);
 static void fail_exit (int status)
 {
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -299,7 +299,7 @@ int main (int argc, char **argv)
                /* continue */
        }
 
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/pwunconv.c b/src/pwunconv.c
index 83d3516cd95a693e8f6c942077fac1e965f6a182..2ce174ebe583b016248d188a1f0db0c712e5c8c8 100644 (file)
--- a/src/pwunconv.c
+++ b/src/pwunconv.c
@@ -54,7 +54,7 @@ static void fail_exit (int status)
                }
        }
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -227,7 +227,7 @@ int main (int argc, char **argv)
                SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
                /* continue */
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */

diff --git a/src/useradd.c b/src/useradd.c
index 4a988c4e11283968603b31e6b5d61879aecfa1af..0af295ce5d07dc2d1e24729e500b2cefa5bdde3d 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -268,7 +268,7 @@ static void fail_exit (int code)
                SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname()));
                /* continue */
        }
-       if (pw_locked && pw_unlock() == 0) {
+       if (pw_locked && pw_unlock(true) == 0) {
                fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname());
                SYSLOG((LOG_ERR, "failed to unlock %s", pw_dbname()));
                /* continue */
@@ -1604,7 +1604,7 @@ static void close_files (void)
                }
                spw_locked = false;
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
 #ifdef WITH_AUDIT

diff --git a/src/userdel.c b/src/userdel.c
index e535fc1d18e1295804e49bd955a6b4c95af629f1..fa1de98853fa280df3893480a7167d68486f00d3 100644 (file)
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -396,7 +396,7 @@ static void close_files (void)
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
                fail_exit (E_PW_UPDATE);
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                /* continue */
@@ -485,7 +485,7 @@ static void close_files (void)
 static void fail_exit (int code)
 {
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */

diff --git a/src/usermod.c b/src/usermod.c
index df94f1f52a4e3c3934dfc6557ccbd202fea31294..12cd13926bc75160eee8046e32ed4c9cb7cc66ce 100644 (file)
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -658,7 +658,7 @@ fail_exit (int code)
                }
        }
        if (pw_locked) {
-               if (pw_unlock () == 0) {
+               if (pw_unlock (true) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
                        /* continue */
@@ -1547,7 +1547,7 @@ static void close_files (void)
                        /* continue */
                }
        }
-       if (pw_unlock () == 0) {
+       if (pw_unlock (true) == 0) {
                fprintf (stderr,
                         _("%s: failed to unlock %s\n"),
                         Prog, pw_dbname ());