From: Pat Riehecky Date: Tue, 10 Mar 2026 13:42:32 +0000 (-0500) Subject: usermod: close_files should unlock in reverse of open_files X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=91f9f4dc32337d83bd3dea8eba3ea68914bab979;p=thirdparty%2Fshadow.git usermod: close_files should unlock in reverse of open_files Signed-off-by: Pat Riehecky --- diff --git a/src/usermod.c b/src/usermod.c index 38ed1c547..33c0ee53b 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1512,30 +1512,36 @@ static void close_files(const struct option_flags *flags) process_selinux = !flags->chroot && !flags->prefix; - if (pw_close (process_selinux) == 0) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), - Prog, pw_dbname ()); - SYSLOG(LOG_ERR, "failure while writing changes to %s", pw_dbname()); - fail_exit (E_PW_UPDATE, process_selinux); +#ifdef ENABLE_SUBIDS + if (sub_gid_locked) { + if (sub_gid_close (process_selinux) == 0) { + fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ()); + SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_gid_dbname()); + fail_exit (E_SUB_GID_UPDATE, process_selinux); + } + if (sub_gid_unlock (process_selinux) == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); + SYSLOG(LOG_ERR, "failed to unlock %s", sub_gid_dbname()); + /* continue */ + } + sub_gid_locked = false; } - if (spw_locked && (spw_close (process_selinux) == 0)) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), - Prog, spw_dbname ()); - SYSLOG(LOG_ERR, "failure while writing changes to %s", spw_dbname()); - fail_exit (E_PW_UPDATE, process_selinux); + if (sub_uid_locked) { + if (sub_uid_close (process_selinux) == 0) { + fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); + SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_uid_dbname()); + fail_exit (E_SUB_UID_UPDATE, process_selinux); + } + if (sub_uid_unlock (process_selinux) == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); + SYSLOG(LOG_ERR, "failed to unlock %s", sub_uid_dbname()); + /* continue */ + } + sub_uid_locked = false; } +#endif /* ENABLE_SUBIDS */ if (gr_locked) { - if (gr_close (process_selinux) == 0) { - fprintf (stderr, - _("%s: failure while writing changes to %s\n"), - Prog, gr_dbname ()); - SYSLOG(LOG_ERR, "failure while writing changes to %s", - gr_dbname()); - fail_exit (E_GRP_UPDATE, process_selinux); - } #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_close (process_selinux) == 0) { @@ -1546,10 +1552,6 @@ static void close_files(const struct option_flags *flags) sgr_dbname()); fail_exit (E_GRP_UPDATE, process_selinux); } - } -#endif -#ifdef SHADOWGRP - if (is_shadow_grp) { if (sgr_unlock (process_selinux) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), @@ -1560,6 +1562,14 @@ static void close_files(const struct option_flags *flags) sgr_locked = false; } #endif + if (gr_close (process_selinux) == 0) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), + Prog, gr_dbname ()); + SYSLOG(LOG_ERR, "failure while writing changes to %s", + gr_dbname()); + fail_exit (E_GRP_UPDATE, process_selinux); + } if (gr_unlock (process_selinux) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), @@ -1569,8 +1579,14 @@ static void close_files(const struct option_flags *flags) } gr_locked = false; } - - if (is_shadow_pwd) { + if (spw_locked) { + if (spw_close (process_selinux) == 0) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), + Prog, spw_dbname ()); + SYSLOG(LOG_ERR, "failure while writing changes to %s", spw_dbname()); + fail_exit (E_PW_UPDATE, process_selinux); + } if (spw_unlock (process_selinux) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), @@ -1580,6 +1596,13 @@ static void close_files(const struct option_flags *flags) } spw_locked = false; } + if (pw_close (process_selinux) == 0) { + fprintf (stderr, + _("%s: failure while writing changes to %s\n"), + Prog, pw_dbname ()); + SYSLOG(LOG_ERR, "failure while writing changes to %s", pw_dbname()); + fail_exit (E_PW_UPDATE, process_selinux); + } if (pw_unlock (process_selinux) == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), @@ -1589,44 +1612,15 @@ static void close_files(const struct option_flags *flags) } pw_locked = false; -#ifdef ENABLE_SUBIDS - if (sub_uid_locked) { - if (sub_uid_close (process_selinux) == 0) { - fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); - SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_uid_dbname()); - fail_exit (E_SUB_UID_UPDATE, process_selinux); - } - if (sub_uid_unlock (process_selinux) == 0) { - fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); - SYSLOG(LOG_ERR, "failed to unlock %s", sub_uid_dbname()); - /* continue */ - } - sub_uid_locked = false; - } - if (sub_gid_locked) { - if (sub_gid_close (process_selinux) == 0) { - fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ()); - SYSLOG(LOG_ERR, "failure while writing changes to %s", sub_gid_dbname()); - fail_exit (E_SUB_GID_UPDATE, process_selinux); - } - if (sub_gid_unlock (process_selinux) == 0) { - fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); - SYSLOG(LOG_ERR, "failed to unlock %s", sub_gid_dbname()); - /* continue */ - } - sub_gid_locked = false; - } -#endif /* ENABLE_SUBIDS */ - /* * Close the DBM and/or flat files */ - endpwent (); - endspent (); - endgrent (); #ifdef SHADOWGRP endsgent (); #endif + endgrent (); + endspent (); + endpwent (); } /*