[Pkg-shadow-commits] r2239 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Wed Aug 6 15:54:50 UTC 2008
Author: nekral-guest
Date: 2008-08-06 15:54:49 +0000 (Wed, 06 Aug 2008)
New Revision: 2239
Modified:
upstream/trunk/ChangeLog
upstream/trunk/src/groupdel.c
Log:
* src/groupdel.c: Add logging to syslog & audit on lock/unlock
failures.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-08-06 15:54:16 UTC (rev 2238)
+++ upstream/trunk/ChangeLog 2008-08-06 15:54:49 UTC (rev 2239)
@@ -4,6 +4,8 @@
* src/groupadd.c: Add logging to syslog in some error cases.
* src/groupmod.c: Harmonize error & syslog messages.
* src/groupdel.c: Harmonize error & syslog messages.
+ * src/groupdel.c: Add logging to syslog & audit on lock/unlock
+ failures.
2008-08-01 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/src/groupdel.c
===================================================================
--- upstream/trunk/src/groupdel.c 2008-08-06 15:54:16 UTC (rev 2238)
+++ upstream/trunk/src/groupdel.c 2008-08-06 15:54:49 UTC (rev 2239)
@@ -59,7 +59,9 @@
#ifdef SHADOWGRP
static bool is_shadow_grp;
+static bool gshadow_locked = false;
#endif
+static bool group_locked = false;
/*
* exit status values
@@ -92,10 +94,26 @@
*/
static void fail_exit (int code)
{
- (void) gr_unlock ();
+ if (gr_unlock () == 0) {
+ fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot unlock the group file"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "unlocking group file",
+ group_name, AUDIT_NO_ID, 0);
+#endif
+ }
#ifdef SHADOWGRP
if (is_shadow_grp) {
- sgr_unlock ();
+ if (sgr_unlock () == 0) {
+ fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "unlocking gshadow file",
+ group_name, AUDIT_NO_ID, 0);
+#endif
+ }
}
#endif
@@ -154,15 +172,32 @@
fprintf (stderr, _("%s: cannot rewrite the group file\n"), Prog);
fail_exit (E_GRP_UPDATE);
}
- gr_unlock ();
+ if (gr_unlock () == 0) {
+ fprintf (stderr, _("%s: cannot unlock the group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot unlock the group file"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "unlocking group file",
+ group_name, AUDIT_NO_ID, 0);
+#endif
+ }
#ifdef SHADOWGRP
- if (is_shadow_grp && (sgr_close () == 0)) {
- fprintf (stderr,
- _("%s: cannot rewrite the shadow group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
+ if (is_shadow_grp) {
+ if (sgr_close () == 0)) {
+ fprintf (stderr,
+ _("%s: cannot rewrite the shadow group file\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+ if (sgr_unlock () == 0) {
+ fprintf (stderr, _("%s: cannot unlock the shadow group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot unlock the shadow group file"));
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "unlocking gshadow file",
+ group_name, AUDIT_NO_ID, 0);
+#endif
+ }
}
- if (is_shadow_grp)
- sgr_unlock ();
#endif /* SHADOWGRP */
}
@@ -175,23 +210,31 @@
{
if (gr_lock () == 0) {
fprintf (stderr, _("%s: cannot lock the group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot lock the group file"));
fail_exit (E_GRP_UPDATE);
}
+ group_locked = true;
if (gr_open (O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open the group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot open the group file"));
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
- if (is_shadow_grp && (sgr_lock () == 0)) {
- fprintf (stderr,
- _("%s: cannot lock the shadow group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
+ if (is_shadow_grp) {
+ if (sgr_lock () == 0)) {
+ fprintf (stderr,
+ _("%s: cannot lock the shadow group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot lock the shadow group file"));
+ fail_exit (E_GRP_UPDATE);
+ }
+ gshadow_locked = true;
+ if (sgr_open (O_RDWR) == 0)) {
+ fprintf (stderr,
+ _("%s: cannot open the shadow group file\n"), Prog);
+ SYSLOG ((LOG_WARN, "cannot open the shadow group file"));
+ fail_exit (E_GRP_UPDATE);
+ }
}
- if (is_shadow_grp && (sgr_open (O_RDWR) == 0)) {
- fprintf (stderr,
- _("%s: cannot open the shadow group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
- }
#endif /* SHADOWGRP */
}
@@ -220,8 +263,9 @@
* If pwd isn't NULL, it stopped because the gid's matched.
*/
- if (pwd == (struct passwd *) 0)
+ if (pwd == (struct passwd *) 0) {
return;
+ }
/*
* Can't remove the group.
@@ -261,8 +305,9 @@
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
- if (argc != 2)
+ if (argc != 2) {
usage ();
+ }
group_name = argv[1];
@@ -354,8 +399,7 @@
#endif
/*
- * Now check to insure that this isn't the primary group of
- * anyone.
+ * Make sure this isn't the primary group of anyone.
*/
group_busy (group_id);
More information about the Pkg-shadow-commits
mailing list