From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 25 Apr 2025 13:32:05 +0000 (+0200)
Subject: lib/, src/: add SELinux control flag in sgr_close()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ddd112714e161191f6d8dd60b3faf0f705e2f004;p=thirdparty%2Fshadow.git

lib/, src/: add SELinux control flag in sgr_close()

Expand sgr_close() interface to add a control flag for SELinux file
context processing.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---

diff --git a/lib/sgroupio.c b/lib/sgroupio.c
index 2cf509bc1..f2a5bdaaf 100644
--- a/lib/sgroupio.c
+++ b/lib/sgroupio.c
@@ -280,9 +280,9 @@ int sgr_rewind (void)
 	return commonio_next (&gshadow_db);
 }
 
-int sgr_close (void)
+int sgr_close (bool process_selinux)
 {
-	return commonio_close (&gshadow_db, true);
+	return commonio_close (&gshadow_db, process_selinux);
 }
 
 int sgr_unlock (void)
diff --git a/lib/sgroupio.h b/lib/sgroupio.h
index d37526f5e..2f41789fd 100644
--- a/lib/sgroupio.h
+++ b/lib/sgroupio.h
@@ -18,7 +18,7 @@
 #include "shadow/gshadow/sgrp.h"
 
 
-extern int sgr_close (void);
+extern int sgr_close (bool process_selinux);
 extern bool sgr_file_present (void);
 extern /*@observer@*/ /*@null@*/const struct sgrp *sgr_locate (const char *name);
 extern int sgr_lock (void);
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index 8f8f1a68e..e510ecd7a 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -382,7 +382,7 @@ static void close_files (void)
 {
 #ifdef SHADOWGRP
 	if (is_shadow_grp) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_dbname ());
diff --git a/src/gpasswd.c b/src/gpasswd.c
index a9115824a..77257845d 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -608,7 +608,7 @@ static void close_files (void)
 
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_dbname ());
@@ -763,7 +763,7 @@ static void get_group (struct group *gr)
 			sg->sg_adm[0] = NULL;
 
 		}
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while closing read-only %s\n"),
 			         Prog, sgr_dbname ());
diff --git a/src/groupadd.c b/src/groupadd.c
index 10d9d781c..d1610b393 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -296,7 +296,7 @@ static void close_files (void)
 	/* Now, write the changes in the shadow database */
 #ifdef	SHADOWGRP
 	if (is_shadow_grp) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_dbname ());
diff --git a/src/groupdel.c b/src/groupdel.c
index c43ff2273..35123265f 100644
--- a/src/groupdel.c
+++ b/src/groupdel.c
@@ -173,7 +173,7 @@ static void close_files (void)
 	/* Then, write the changes in the shadow database */
 #ifdef	SHADOWGRP
 	if (is_shadow_grp) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_dbname ());
diff --git a/src/groupmems.c b/src/groupmems.c
index 48a76aed6..7e302018f 100644
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -539,7 +539,7 @@ static void close_files (void)
 
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
-		if ((sgr_close () == 0) && !list) {
+		if ((sgr_close (true) == 0) && !list) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ());
 			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
 			fail_exit (EXIT_GROUP_FILE);
diff --git a/src/groupmod.c b/src/groupmod.c
index 7cd7fb03e..66886324b 100644
--- a/src/groupmod.c
+++ b/src/groupmod.c
@@ -506,7 +506,7 @@ static void close_files (void)
 #ifdef	SHADOWGRP
 	if (   is_shadow_grp
 	    && (pflg || nflg || user_list)) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_dbname ());
diff --git a/src/grpck.c b/src/grpck.c
index a3bf80ce3..e086c3067 100644
--- a/src/grpck.c
+++ b/src/grpck.c
@@ -331,7 +331,7 @@ static void close_files (bool changed)
 			fail_exit (E_CANT_UPDATE);
 		}
 #ifdef	SHADOWGRP
-		if (is_shadow && (sgr_close () == 0)) {
+		if (is_shadow && (sgr_close (true) == 0)) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_file);
 			fail_exit (E_CANT_UPDATE);
diff --git a/src/grpconv.c b/src/grpconv.c
index 99620edee..82dbe73d3 100644
--- a/src/grpconv.c
+++ b/src/grpconv.c
@@ -235,7 +235,7 @@ int main (int argc, char **argv)
 		}
 	}
 
-	if (sgr_close () == 0) {
+	if (sgr_close (true) == 0) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, sgr_dbname ());
diff --git a/src/grpunconv.c b/src/grpunconv.c
index 9b05d162e..abea1d4e6 100644
--- a/src/grpunconv.c
+++ b/src/grpunconv.c
@@ -192,7 +192,7 @@ int main (int argc, char **argv)
 		}
 	}
 
-	(void) sgr_close (); /* was only open O_RDONLY */
+	(void) sgr_close (true); /* was only open O_RDONLY */
 
 	if (gr_close (true) == 0) {
 		fprintf (stderr,
diff --git a/src/newusers.c b/src/newusers.c
index 327bc6db5..2cbe74f6a 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -1003,7 +1003,7 @@ static void close_files (void)
 
 #ifdef SHADOWGRP
 	if (is_shadow_grp) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
 			         Prog, sgr_dbname ());
diff --git a/src/useradd.c b/src/useradd.c
index 1971f69ad..3cd7bd10f 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1670,7 +1670,7 @@ static void close_group_files (void)
 		fail_exit(E_GRP_UPDATE);
 	}
 #ifdef	SHADOWGRP
-	if (is_shadow_grp && sgr_close() == 0) {
+	if (is_shadow_grp && sgr_close(true) == 0) {
 		fprintf(stderr,
 		        _("%s: failure while writing changes to %s\n"),
 		        Prog, sgr_dbname());
diff --git a/src/userdel.c b/src/userdel.c
index 7f118343a..a9e2e3ac9 100644
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -432,7 +432,7 @@ static void close_files (void)
 
 #ifdef	SHADOWGRP
 	if (is_shadow_grp) {
-		if (sgr_close () == 0) {
+		if (sgr_close (true) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ());
 			SYSLOG ((LOG_ERR, "failure while writing changes to %s", sgr_dbname ()));
diff --git a/src/usermod.c b/src/usermod.c
index 7ac9e6c46..4e2d22555 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1501,7 +1501,7 @@ static void close_files (void)
 		}
 #ifdef SHADOWGRP
 		if (is_shadow_grp) {
-			if (sgr_close () == 0) {
+			if (sgr_close (true) == 0) {
 				fprintf (stderr,
 				         _("%s: failure while writing changes to %s\n"),
 				         Prog, sgr_dbname ());