src/chgpasswd.c: chroot or prefix SELinux file context

Do not process SELinux file context during file closure when chroot or
prefix options are selected.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>

diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index e2a95fd21d729c0bc20c3d8a888b098a90a36c6b..27338561fb98d1bb385ed9863ddbd973be852924 100644 (file)
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -39,6 +39,12 @@
 #include "string/strcmp/streq.h"
 #include "string/strtok/stpsep.h"
 
+/*
+ * Structures
+ */
+struct option_flags {
+       bool chroot;
+};
 
 /*
  * Global variables
@@ -71,11 +77,11 @@ static bool gr_locked = false;
 /* local function prototypes */
 NORETURN static void fail_exit (int code);
 NORETURN static void usage (int status);
-static void process_flags (int argc, char **argv);
+static void process_flags (int argc, char **argv, struct option_flags *flags);
 static void check_flags (void);
 static void check_perms (void);
 static void open_files (void);
-static void close_files (void);
+static void close_files (struct option_flags *flags);
 
 /*
  * fail_exit - exit with a failure code after unlocking the files
@@ -150,7 +156,7 @@ usage (int status)
  *
  *     It will not return if an error is encountered.
  */
-static void process_flags (int argc, char **argv)
+static void process_flags (int argc, char **argv, struct option_flags *flags)
 {
        int c;
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
@@ -188,6 +194,7 @@ static void process_flags (int argc, char **argv)
                        md5flg = true;
                        break;
                case 'R': /* no-op, handled in process_root_flag () */
+                       flags->chroot = true;
                        break;
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
                case 's':
@@ -378,18 +385,21 @@ static void open_files (void)
 /*
  * close_files - close and unlock the group databases
  */
-static void close_files (void)
+static void close_files (struct option_flags *flags)
 {
+       bool process_selinux;
+
+       process_selinux = !flags->chroot;
 #ifdef SHADOWGRP
        if (is_shadow_grp) {
-               if (sgr_close (true) == 0) {
+               if (sgr_close (process_selinux) == 0) {
                        fprintf (stderr,
                                 _("%s: failure while writing changes to %s\n"),
                                 Prog, sgr_dbname ());
                        SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
                        fail_exit (1);
                }
-               if (sgr_unlock (true) == 0) {
+               if (sgr_unlock (process_selinux) == 0) {
                        fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
                        SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
                        /* continue */
@@ -398,14 +408,14 @@ static void close_files (void)
        }
 #endif
 
-       if (gr_close (true) == 0) {
+       if (gr_close (process_selinux) == 0) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"),
                         Prog, gr_dbname ());
                SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
                fail_exit (1);
        }
-       if (gr_unlock (true) == 0) {
+       if (gr_unlock (process_selinux) == 0) {
                fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
                SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
                /* continue */
@@ -429,6 +439,7 @@ int main (int argc, char **argv)
        struct group newgr;
        bool errors = false;
        intmax_t line = 0;
+       struct option_flags  flags;
 
        log_set_progname(Prog);
        log_set_logfd(stderr);
@@ -445,7 +456,7 @@ int main (int argc, char **argv)
 
        process_root_flag ("-R", argc, argv);
 
-       process_flags (argc, argv);
+       process_flags (argc, argv, &flags);
 
        OPENLOG (Prog);
 
@@ -628,7 +639,7 @@ int main (int argc, char **argv)
                fail_exit (1);
        }
 
-       close_files ();
+       close_files (&flags);
 
        nscd_flush_cache ("group");
        sssd_flush_cache (SSSD_DB_GROUP);