usermod: only unlock on close_files if we actually locked them

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>

diff --git a/src/usermod.c b/src/usermod.c
index 27fba2bfb2872ad290bdbe61234a77399530676c..38ed1c54711b55b6b0fc112bffa2829e1bd4e711 100644 (file)
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1519,7 +1519,7 @@ static void close_files(const struct option_flags *flags)
                SYSLOG(LOG_ERR, "failure while writing changes to %s", pw_dbname());
                fail_exit (E_PW_UPDATE, process_selinux);
        }
-       if (is_shadow_pwd && (spw_close (process_selinux) == 0)) {
+       if (spw_locked && (spw_close (process_selinux) == 0)) {
                fprintf (stderr,
                         _("%s: failure while writing changes to %s\n"),
                         Prog, spw_dbname ());
@@ -1527,7 +1527,7 @@ static void close_files(const struct option_flags *flags)
                fail_exit (E_PW_UPDATE, process_selinux);
        }
 
-       if (Gflg || lflg) {
+       if (gr_locked) {
                if (gr_close (process_selinux) == 0) {
                        fprintf (stderr,
                                 _("%s: failure while writing changes to %s\n"),
@@ -1557,6 +1557,7 @@ static void close_files(const struct option_flags *flags)
                                SYSLOG(LOG_ERR, "failed to unlock %s", sgr_dbname());
                                /* continue */
                        }
+                       sgr_locked = false;
                }
 #endif
                if (gr_unlock (process_selinux) == 0) {
@@ -1566,6 +1567,7 @@ static void close_files(const struct option_flags *flags)
                        SYSLOG(LOG_ERR, "failed to unlock %s", gr_dbname());
                        /* continue */
                }
+               gr_locked = false;
        }
 
        if (is_shadow_pwd) {
@@ -1576,6 +1578,7 @@ static void close_files(const struct option_flags *flags)
                        SYSLOG(LOG_ERR, "failed to unlock %s", spw_dbname());
                        /* continue */
                }
+               spw_locked = false;
        }
        if (pw_unlock (process_selinux) == 0) {
                fprintf (stderr,
@@ -1584,16 +1587,10 @@ static void close_files(const struct option_flags *flags)
                SYSLOG(LOG_ERR, "failed to unlock %s", pw_dbname());
                /* continue */
        }
-
        pw_locked = false;
-       spw_locked = false;
-       gr_locked = false;
-#ifdef SHADOWGRP
-       sgr_locked = false;
-#endif
 
 #ifdef ENABLE_SUBIDS
-       if (vflg || Vflg) {
+       if (sub_uid_locked) {
                if (sub_uid_close (process_selinux) == 0) {
                        fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
                        SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_uid_dbname());
@@ -1606,7 +1603,7 @@ static void close_files(const struct option_flags *flags)
                }
                sub_uid_locked = false;
        }
-       if (wflg || Wflg) {
+       if (sub_gid_locked) {
                if (sub_gid_close (process_selinux) == 0) {
                        fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
                        SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_gid_dbname());