[Pkg-shadow-commits] r2239 - in upstream/trunk: . src

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Wed Aug 6 15:54:50 UTC 2008 

Author: nekral-guest
Date: 2008-08-06 15:54:49 +0000 (Wed, 06 Aug 2008)
New Revision: 2239

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/groupdel.c
Log:
	* src/groupdel.c: Add logging to syslog & audit on lock/unlock
	failures.

Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2008-08-06 15:54:16 UTC (rev 2238)
+++ upstream/trunk/ChangeLog	2008-08-06 15:54:49 UTC (rev 2239)
@@ -4,6 +4,8 @@
 	* src/groupadd.c: Add logging to syslog in some error cases.
 	* src/groupmod.c: Harmonize error & syslog messages.
 	* src/groupdel.c: Harmonize error & syslog messages.
+	* src/groupdel.c: Add logging to syslog & audit on lock/unlock
+	failures.
 
 2008-08-01  Nicolas François  <nicolas.francois at centraliens.net>
 

Modified: upstream/trunk/src/groupdel.c
===================================================================
--- upstream/trunk/src/groupdel.c	2008-08-06 15:54:16 UTC (rev 2238)
+++ upstream/trunk/src/groupdel.c	2008-08-06 15:54:49 UTC (rev 2239)
@@ -59,7 +59,9 @@
 
 #ifdef	SHADOWGRP
 static bool is_shadow_grp;
+static bool gshadow_locked = false;
 #endif
+static bool group_locked = false;
 
 /*
  * exit status values
@@ -92,10 +94,26 @@
  */
 static void fail_exit (int code)
 {
-	(void) gr_unlock ();
+	if (gr_unlock () == 0) {
+		fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot unlock the group file"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+		              "unlocking group file",
+		              group_name, AUDIT_NO_ID, 0);
+#endif
+	}
 #ifdef	SHADOWGRP
 	if (is_shadow_grp) {
-		sgr_unlock ();
+		if (sgr_unlock () == 0) {
+			fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
+			SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
+#ifdef WITH_AUDIT
+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			              "unlocking gshadow file",
+			              group_name, AUDIT_NO_ID, 0);
+#endif
+		}
 	}
 #endif
 
@@ -154,15 +172,32 @@
 		fprintf (stderr, _("%s: cannot rewrite the group file\n"), Prog);
 		fail_exit (E_GRP_UPDATE);
 	}
-	gr_unlock ();
+	if (gr_unlock () == 0) {
+		fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot unlock the group file"));
+#ifdef WITH_AUDIT
+		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+		              "unlocking group file",
+		              group_name, AUDIT_NO_ID, 0);
+#endif
+	}
 #ifdef	SHADOWGRP
-	if (is_shadow_grp && (sgr_close () == 0)) {
-		fprintf (stderr,
-			 _("%s: cannot rewrite the shadow group file\n"), Prog);
-		fail_exit (E_GRP_UPDATE);
+	if (is_shadow_grp) {
+		if (sgr_close () == 0)) {
+			fprintf (stderr,
+			         _("%s: cannot rewrite the shadow group file\n"), Prog);
+			fail_exit (E_GRP_UPDATE);
+		}
+		if (sgr_unlock () == 0) {
+			fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
+			SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
+#ifdef WITH_AUDIT
+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+			              "unlocking gshadow file",
+			              group_name, AUDIT_NO_ID, 0);
+#endif
+		}
 	}
-	if (is_shadow_grp)
-		sgr_unlock ();
 #endif				/* SHADOWGRP */
 }
 
@@ -175,23 +210,31 @@
 {
 	if (gr_lock () == 0) {
 		fprintf (stderr, _("%s: cannot lock the group file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot lock the group file"));
 		fail_exit (E_GRP_UPDATE);
 	}
+	group_locked = true;
 	if (gr_open (O_RDWR) == 0) {
 		fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
+		SYSLOG ((LOG_WARN, "cannot open the group file"));
 		fail_exit (E_GRP_UPDATE);
 	}
 #ifdef	SHADOWGRP
-	if (is_shadow_grp && (sgr_lock () == 0)) {
-		fprintf (stderr,
-			 _("%s: cannot lock the shadow group file\n"), Prog);
-		fail_exit (E_GRP_UPDATE);
+	if (is_shadow_grp) {
+		if (sgr_lock () == 0)) {
+			fprintf (stderr,
+			         _("%s: cannot lock the shadow group file\n"), Prog);
+			SYSLOG ((LOG_WARN, "cannot lock the shadow group file"));
+			fail_exit (E_GRP_UPDATE);
+		}
+		gshadow_locked = true;
+		if (sgr_open (O_RDWR) == 0)) {
+			fprintf (stderr,
+			         _("%s: cannot open the shadow group file\n"), Prog);
+			SYSLOG ((LOG_WARN, "cannot open the shadow group file"));
+			fail_exit (E_GRP_UPDATE);
+		}
 	}
-	if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
-		fprintf (stderr,
-			 _("%s: cannot open the shadow group file\n"), Prog);
-		fail_exit (E_GRP_UPDATE);
-	}
 #endif				/* SHADOWGRP */
 }
 
@@ -220,8 +263,9 @@
 	 * If pwd isn't NULL, it stopped because the gid's matched.
 	 */
 
-	if (pwd == (struct passwd *) 0)
+	if (pwd == (struct passwd *) 0) {
 		return;
+	}
 
 	/*
 	 * Can't remove the group.
@@ -261,8 +305,9 @@
 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
 	(void) textdomain (PACKAGE);
 
-	if (argc != 2)
+	if (argc != 2) {
 		usage ();
+	}
 
 	group_name = argv[1];
 
@@ -354,8 +399,7 @@
 #endif
 
 	/*
-	 * Now check to insure that this isn't the primary group of
-	 * anyone.
+	 * Make sure this isn't the primary group of anyone.
 	 */
 	group_busy (group_id);

More information about the Pkg-shadow-commits mailing list