From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 25 Apr 2025 13:19:29 +0000 (+0200)
Subject: lib/, src/: add SELinux control flag in pw_close()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2a837a24d1380b419f68ea109dff892d07721f6f;p=thirdparty%2Fshadow.git

lib/, src/: add SELinux control flag in pw_close()

Expand pw_close() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---

diff --git a/lib/pwio.c b/lib/pwio.c
index f834354a4..cda2a21ca 100644
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -158,9 +158,9 @@ int pw_rewind (void)
 	return commonio_next (&passwd_db);
 }
 
-int pw_close (void)
+int pw_close (bool process_selinux)
 {
-	return commonio_close (&passwd_db, true);
+	return commonio_close (&passwd_db, process_selinux);
 }
 
 int pw_unlock (void)
diff --git a/lib/pwio.h b/lib/pwio.h
index 882a7c7a4..b051a7e75 100644
--- a/lib/pwio.h
+++ b/lib/pwio.h
@@ -14,8 +14,9 @@
 
 #include <sys/types.h>
 #include <pwd.h>
+#include <stdbool.h>
 
-extern int pw_close (void);
+extern int pw_close (bool process_selinux);
 extern /*@observer@*/ /*@null@*/const struct passwd *pw_locate (const char *name);
 extern /*@observer@*/ /*@null@*/const struct passwd *pw_locate_uid (uid_t uid);
 extern int pw_lock (void);
diff --git a/src/chage.c b/src/chage.c
index 3a9461aca..b5c9ac701 100644
--- a/src/chage.c
+++ b/src/chage.c
@@ -557,7 +557,7 @@ static void close_files (void)
 	 * Close the password file. If any entries were modified, the file
 	 * will be re-written.
 	 */
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
 		fail_exit (E_NOPERM);
diff --git a/src/chfn.c b/src/chfn.c
index d92c23a84..f80d2f3db 100644
--- a/src/chfn.c
+++ b/src/chfn.c
@@ -453,7 +453,7 @@ static void update_gecos (const char *user, char *gecos)
 	/*
 	 * Changes have all been made, so commit them and unlock the file.
 	 */
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
 		fail_exit (E_NOPERM);
diff --git a/src/chpasswd.c b/src/chpasswd.c
index fe3e6e9c2..391deb888 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -395,7 +395,7 @@ static void close_files (void)
 		spw_locked = false;
 	}
 
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, pw_dbname ());
diff --git a/src/chsh.c b/src/chsh.c
index e5575ac6d..87ad64d16 100644
--- a/src/chsh.c
+++ b/src/chsh.c
@@ -428,7 +428,7 @@ static void update_shell (const char *user, char *newshell)
 	/*
 	 * Changes have all been made, so commit them and unlock the file.
 	 */
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
 		fail_exit (1);
diff --git a/src/groupmod.c b/src/groupmod.c
index 20c063058..665594322 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -536,7 +536,7 @@ static void close_files (void)
 #endif				/* SHADOWGRP */
 
 	if (gflg) {
-		if (pw_close () == 0) {
+		if (pw_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, pw_dbname ());
diff --git a/src/newusers.c b/src/newusers.c
index a4c374da1..2e8f112c0 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -940,7 +940,7 @@ static void open_files (void)
  */
 static void close_files (void)
 {
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
 		fail_exit (EXIT_FAILURE);
diff --git a/src/passwd.c b/src/passwd.c
index 8057af88e..4bc23e597 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -586,7 +586,7 @@ static void update_noshadow (void)
 		                Prog, pw_dbname (), npw->pw_name);
 		fail_exit (E_FAILURE);
 	}
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		(void) fprintf (stderr,
 		                _("%s: failure while writing changes to %s\n"),
 		                Prog, pw_dbname ());
diff --git a/src/pwck.c b/src/pwck.c
index aa7f437bf..6e22923eb 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -309,7 +309,7 @@ static void close_files (bool changed)
 	 * changes to the files.
 	 */
 	if (changed) {
-		if (pw_close () == 0) {
+		if (pw_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, pw_dbname ());
diff --git a/src/pwconv.c b/src/pwconv.c
index 69f563491..1f3b41246 100644
--- a/src/pwconv.c
+++ b/src/pwconv.c
@@ -281,7 +281,7 @@ int main (int argc, char **argv)
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", spw_dbname ()));
 		fail_exit (E_FAILURE);
 	}
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, pw_dbname ());
diff --git a/src/pwunconv.c b/src/pwunconv.c
index b0516cbe6..4321c6837 100644
--- a/src/pwunconv.c
+++ b/src/pwunconv.c
@@ -207,7 +207,7 @@ int main (int argc, char **argv)
 
 	(void) spw_close (); /* was only open O_RDONLY */
 
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, pw_dbname ());
diff --git a/src/useradd.c b/src/useradd.c
index 586333a35..ce24ea8e2 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1562,7 +1562,7 @@ static void process_flags (int argc, char **argv)
  */
 static void close_files (void)
 {
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
 		fail_exit (E_PW_UPDATE);
diff --git a/src/userdel.c b/src/userdel.c
index 3e5b5b582..7bb29aa1f 100644
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -391,7 +391,7 @@ static void remove_usergroup (void)
  */
 static void close_files (void)
 {
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, pw_dbname ());
 		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
 		fail_exit (E_PW_UPDATE);
@@ -1047,7 +1047,7 @@ int main (int argc, char **argv)
 		pw_open(O_RDONLY);
 		pwd = pw_locate (user_name); /* we care only about local users */
 		if (NULL == pwd) {
-			pw_close();
+			pw_close(true);
 			fprintf (stderr, _("%s: user '%s' does not exist\n"),
 				 Prog, user_name);
 #ifdef WITH_AUDIT
@@ -1066,7 +1066,7 @@ int main (int argc, char **argv)
 		} else {
 			user_home = xstrdup(pwd->pw_dir);
 		}
-		pw_close();
+		pw_close(true);
 	}
 #ifdef WITH_TCB
 	if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
diff --git a/src/usermod.c b/src/usermod.c
index 17288d07b..043591cdc 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1472,7 +1472,7 @@ process_flags(int argc, char **argv)
  */
 static void close_files (void)
 {
-	if (pw_close () == 0) {
+	if (pw_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, pw_dbname ());