From: Pat Riehecky <riehecky@fnal.gov>
Date: Tue, 10 Mar 2026 13:37:29 +0000 (-0500)
Subject: usermod: only unlock on close_files if we actually locked them
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e65380f5184dcdc5a42bd071815fee581dec2515;p=thirdparty%2Fshadow.git

usermod: only unlock on close_files if we actually locked them

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---

diff --git a/src/usermod.c b/src/usermod.c
index 27fba2bfb..38ed1c547 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1519,7 +1519,7 @@ static void close_files(const struct option_flags *flags)
 		SYSLOG(LOG_ERR, "failure while writing changes to %s", pw_dbname());
 		fail_exit (E_PW_UPDATE, process_selinux);
 	}
-	if (is_shadow_pwd && (spw_close (process_selinux) == 0)) {
+	if (spw_locked && (spw_close (process_selinux) == 0)) {
 		fprintf (stderr,
 		         _("%s: failure while writing changes to %s\n"),
 		         Prog, spw_dbname ());
@@ -1527,7 +1527,7 @@ static void close_files(const struct option_flags *flags)
 		fail_exit (E_PW_UPDATE, process_selinux);
 	}
 
-	if (Gflg || lflg) {
+	if (gr_locked) {
 		if (gr_close (process_selinux) == 0) {
 			fprintf (stderr,
 			         _("%s: failure while writing changes to %s\n"),
@@ -1557,6 +1557,7 @@ static void close_files(const struct option_flags *flags)
 				SYSLOG(LOG_ERR, "failed to unlock %s", sgr_dbname());
 				/* continue */
 			}
+			sgr_locked = false;
 		}
 #endif
 		if (gr_unlock (process_selinux) == 0) {
@@ -1566,6 +1567,7 @@ static void close_files(const struct option_flags *flags)
 			SYSLOG(LOG_ERR, "failed to unlock %s", gr_dbname());
 			/* continue */
 		}
+		gr_locked = false;
 	}
 
 	if (is_shadow_pwd) {
@@ -1576,6 +1578,7 @@ static void close_files(const struct option_flags *flags)
 			SYSLOG(LOG_ERR, "failed to unlock %s", spw_dbname());
 			/* continue */
 		}
+		spw_locked = false;
 	}
 	if (pw_unlock (process_selinux) == 0) {
 		fprintf (stderr,
@@ -1584,16 +1587,10 @@ static void close_files(const struct option_flags *flags)
 		SYSLOG(LOG_ERR, "failed to unlock %s", pw_dbname());
 		/* continue */
 	}
-
 	pw_locked = false;
-	spw_locked = false;
-	gr_locked = false;
-#ifdef	SHADOWGRP
-	sgr_locked = false;
-#endif
 
 #ifdef ENABLE_SUBIDS
-	if (vflg || Vflg) {
+	if (sub_uid_locked) {
 		if (sub_uid_close (process_selinux) == 0) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
 			SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_uid_dbname());
@@ -1606,7 +1603,7 @@ static void close_files(const struct option_flags *flags)
 		}
 		sub_uid_locked = false;
 	}
-	if (wflg || Wflg) {
+	if (sub_gid_locked) {
 		if (sub_gid_close (process_selinux) == 0) {
 			fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
 			SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_gid_dbname());