From: Iker Pedrosa Date: Fri, 25 Apr 2025 14:03:58 +0000 (+0200) Subject: lib/, src/: add SELinux control flag in sgr_unlock() X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=046c60df092c8e262a5b2f62f3b59f64662b2204;p=thirdparty%2Fshadow.git lib/, src/: add SELinux control flag in sgr_unlock() Expand sgr_unlock() interface to add a control flag for SELinux file context processing. Signed-off-by: Iker Pedrosa --- diff --git a/lib/cleanup_group.c b/lib/cleanup_group.c index 29013a0b2..a65260cc3 100644 --- a/lib/cleanup_group.c +++ b/lib/cleanup_group.c @@ -201,7 +201,7 @@ void cleanup_unlock_group (MAYBE_UNUSED void *arg) */ void cleanup_unlock_gshadow (MAYBE_UNUSED void *arg) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (log_get_logfd(), _("%s: failed to unlock %s\n"), log_get_progname(), sgr_dbname ()); diff --git a/lib/sgroupio.c b/lib/sgroupio.c index 349638522..ef6fb4d59 100644 --- a/lib/sgroupio.c +++ b/lib/sgroupio.c @@ -285,9 +285,9 @@ int sgr_close (bool process_selinux) return commonio_close (&gshadow_db, process_selinux); } -int sgr_unlock (void) +int sgr_unlock (bool process_selinux) { - return commonio_unlock (&gshadow_db, true); + return commonio_unlock (&gshadow_db, process_selinux); } void __sgr_set_changed (void) diff --git a/lib/sgroupio.h b/lib/sgroupio.h index 2f41789fd..567e380a5 100644 --- a/lib/sgroupio.h +++ b/lib/sgroupio.h @@ -28,7 +28,7 @@ extern /*@null@*/const struct sgrp *sgr_next (void); extern int sgr_open (int mode); extern int sgr_remove (const char *name); extern int sgr_rewind (void); -extern int sgr_unlock (void); +extern int sgr_unlock (bool process_selinux); extern int sgr_update (const struct sgrp *sg); extern int sgr_sort (void); diff --git a/src/chgpasswd.c b/src/chgpasswd.c index 4b18b43e2..e2a95fd21 100644 --- a/src/chgpasswd.c +++ b/src/chgpasswd.c @@ -92,7 +92,7 @@ static void fail_exit (int code) #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -389,7 +389,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ())); fail_exit (1); } - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ diff --git a/src/groupmems.c b/src/groupmems.c index ca3d27065..ec3f04dd3 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -469,7 +469,7 @@ static void fail_exit (int code) #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); @@ -545,7 +545,7 @@ static void close_files (void) fail_exit (EXIT_GROUP_FILE); } if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ diff --git a/src/grpck.c b/src/grpck.c index 26293b9f0..e4c8799e3 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -105,7 +105,7 @@ static void fail_exit (int status) #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -344,7 +344,7 @@ static void close_files (bool changed) */ #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ diff --git a/src/grpconv.c b/src/grpconv.c index bc4c6f518..e36e0cef1 100644 --- a/src/grpconv.c +++ b/src/grpconv.c @@ -65,7 +65,7 @@ static void fail_exit (int status) } if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -249,7 +249,7 @@ int main (int argc, char **argv) SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); fail_exit (3); } - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ diff --git a/src/grpunconv.c b/src/grpunconv.c index 487f94795..545474f6d 100644 --- a/src/grpunconv.c +++ b/src/grpunconv.c @@ -64,7 +64,7 @@ static void fail_exit (int status) } if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -216,7 +216,7 @@ int main (int argc, char **argv) /* continue */ } - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ diff --git a/src/newusers.c b/src/newusers.c index 8fbd3dbe9..da88d40b1 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -188,7 +188,7 @@ static void fail_exit (int code) } #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -1010,7 +1010,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ())); fail_exit (EXIT_FAILURE); } - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); diff --git a/src/useradd.c b/src/useradd.c index 52091d816..c6dd5d54a 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -279,7 +279,7 @@ static void fail_exit (int code) /* continue */ } #ifdef SHADOWGRP - if (sgr_locked && sgr_unlock() == 0) { + if (sgr_locked && sgr_unlock(true) == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", sgr_dbname())); /* continue */ @@ -1702,7 +1702,7 @@ static void unlock_group_files (void) gr_locked = false; #ifdef SHADOWGRP if (is_shadow_grp) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); #ifdef WITH_AUDIT diff --git a/src/userdel.c b/src/userdel.c index b34177ef8..b045c7ebb 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -439,7 +439,7 @@ static void close_files (void) fail_exit (E_GRP_UPDATE); } - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -507,7 +507,7 @@ static void fail_exit (int code) } #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ diff --git a/src/usermod.c b/src/usermod.c index dd2d965e5..eb3d6595f 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -643,7 +643,7 @@ fail_exit (int code) } #ifdef SHADOWGRP if (sgr_locked) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); /* continue */ @@ -1514,7 +1514,7 @@ static void close_files (void) #endif #ifdef SHADOWGRP if (is_shadow_grp) { - if (sgr_unlock () == 0) { + if (sgr_unlock (true) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());