/*
* lock_files - lock the accounts databases
*
* lock_files() locks the group, gshadow, and passwd databases.
*/
static void lock_files (void)
{
if (gr_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
if ( is_shadow_grp
&& (pflg || nflg)) {
if (sgr_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
#endif
if (gflg) {
if (pw_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, pw_dbname ());
exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_passwd, NULL);
}
}
/*
* grp_update - add new group file entries
*
* grp_update() writes the new records to the group files.
*/
static void grp_update (void)
{
struct group grp;
#ifdef SHADOWGRP
struct sgrp sgrp;
#endif /* SHADOWGRP */
/*
* To add the group, we need to update /etc/group.
* Make sure failures will be reported.
*/
add_cleanup (cleanup_report_add_group_group, group_name);
#ifdef SHADOWGRP
if (is_shadow_grp) {
/* We also need to update /etc/gshadow */
add_cleanup (cleanup_report_add_group_gshadow, group_name);
}
#endif
/*
* Create the initial entries for this new group.
*/
new_grent (&grp);
#ifdef SHADOWGRP
new_sgent (&sgrp);
if (is_shadow_grp && pflg) {
grp.gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
}
#endif /* SHADOWGRP */
/*
* Write out the new group file entry.
*/
if (gr_update (&grp) == 0) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), grp.gr_name);
exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
/*
* Write out the new shadow group entries as well.
*/
if (is_shadow_grp && (sgr_update (&sgrp) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), sgrp.sg_name);
exit (E_GRP_UPDATE);
}
#endif /* SHADOWGRP */
}
/*
* open_files - lock and open the group files
*
* open_files() opens the two group files.
*/
static void open_files (void)
{
/* First, lock the databases */
if (gr_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
if (is_shadow_grp) {
if (sgr_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_GRP_UPDATE);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
#endif
/*
* Now, if the group is not removed, it's our fault.
* Make sure failures will be reported.
*/
add_cleanup (cleanup_report_del_group, group_name);
/* An now open the databases */
if (gr_open (O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
if (sgr_open (O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
}
/*
* open_files - lock and open the group databases
*
* It will call exit in case of error.
*/
static void open_files (void)
{
if (gr_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
exit (E_NOPERM);
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (sgr_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
exit (E_NOPERM);
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
#endif /* SHADOWGRP */
add_cleanup (log_gpasswd_failure_system, NULL);
if (gr_open (O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
exit (E_NOPERM);
}
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (sgr_open (O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
exit (E_NOPERM);
}
add_cleanup (log_gpasswd_failure_gshadow, NULL);
}
#endif /* SHADOWGRP */
add_cleanup (log_gpasswd_failure_group, NULL);
del_cleanup (log_gpasswd_failure_system);
}
/*
* close_files - close and unlock the group databases
*
* This cause any changes in the databases to be committed.
*
* It will call exit in case of error.
*/
static void close_files (void)
{
if (gr_close () == 0) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
exit (E_NOPERM);
}
add_cleanup (log_gpasswd_success_group, NULL);
del_cleanup (log_gpasswd_failure_group);
cleanup_unlock_group (NULL);
del_cleanup (cleanup_unlock_group);
#ifdef SHADOWGRP
if (is_shadowgrp) {
if (sgr_close () == 0) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
exit (E_NOPERM);
}
del_cleanup (log_gpasswd_failure_gshadow);
cleanup_unlock_gshadow (NULL);
del_cleanup (cleanup_unlock_gshadow);
}
#endif /* SHADOWGRP */
log_gpasswd_success_system (NULL);
del_cleanup (log_gpasswd_success_group);
}
/*
* grp_update - update group file entries
*
* grp_update() writes the new records to the group files.
*/
static void grp_update (void)
{
/*
* To add the group, we need to update /etc/group.
* Make sure failures will be reported.
*/
add_cleanup (cleanup_report_del_group_group, group_name);
#ifdef SHADOWGRP
if (is_shadow_grp) {
/* We also need to update /etc/gshadow */
add_cleanup (cleanup_report_del_group_gshadow, group_name);
}
#endif
/*
* Delete the group entry.
*/
if (gr_remove (group_name) == 0) {
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, gr_dbname ());
exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
/*
* Delete the shadow group entries as well.
*/
if (is_shadow_grp && (sgr_locate (group_name) != NULL)) {
if (sgr_remove (group_name) == 0) {
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, sgr_dbname ());
exit (E_GRP_UPDATE);
}
}
#endif /* SHADOWGRP */
}
/*
* prepare_failure_reports - Prepare the cleanup_info structure for logging
* of success and failure to syslog or audit.
*/
static void prepare_failure_reports (void)
{
info_group.name = group_name;
#ifdef SHADOWGRP
info_gshadow.name = group_name;
#endif
info_passwd.name = group_name;
info_group.audit_msg = xmalloc (512);
#ifdef SHADOWGRP
info_gshadow.audit_msg = xmalloc (512);
#endif
info_passwd.audit_msg = xmalloc (512);
snprintf (info_group.audit_msg, 511,
"changing %s; ", gr_dbname ());
#ifdef SHADOWGRP
snprintf (info_gshadow.audit_msg, 511,
"changing %s; ", sgr_dbname ());
#endif
snprintf (info_passwd.audit_msg, 511,
"changing %s; ", pw_dbname ());
info_group.action = info_group.audit_msg
+ strlen (info_group.audit_msg);
#ifdef SHADOWGRP
info_gshadow.action = info_gshadow.audit_msg
+ strlen (info_gshadow.audit_msg);
#endif
info_passwd.action = info_passwd.audit_msg
+ strlen (info_passwd.audit_msg);
snprintf (info_group.action, 511 - strlen (info_group.audit_msg),
"group %s/%lu", group_name, (unsigned long int) group_id);
#ifdef SHADOWGRP
snprintf (info_gshadow.action, 511 - strlen (info_group.audit_msg),
"group %s", group_name);
#endif
snprintf (info_passwd.action, 511 - strlen (info_group.audit_msg),
"group %s/%lu", group_name, (unsigned long int) group_id);
if (nflg) {
strncat (info_group.action, ", new name: ",
511 - strlen (info_group.audit_msg));
strncat (info_group.action, group_newname,
511 - strlen (info_group.audit_msg));
#ifdef SHADOWGRP
strncat (info_gshadow.action, ", new name: ",
511 - strlen (info_gshadow.audit_msg));
strncat (info_gshadow.action, group_newname,
511 - strlen (info_gshadow.audit_msg));
#endif
strncat (info_passwd.action, ", new name: ",
511 - strlen (info_passwd.audit_msg));
strncat (info_passwd.action, group_newname,
511 - strlen (info_passwd.audit_msg));
}
if (pflg) {
strncat (info_group.action, ", new password",
511 - strlen (info_group.audit_msg));
#ifdef SHADOWGRP
strncat (info_gshadow.action, ", new password",
511 - strlen (info_gshadow.audit_msg));
#endif
}
if (gflg) {
strncat (info_group.action, ", new gid: ",
511 - strlen (info_group.audit_msg));
snprintf (info_group.action+strlen (info_group.action),
511 - strlen (info_group.audit_msg),
"%lu", (unsigned long int) group_newid);
strncat (info_passwd.action, ", new gid: ",
511 - strlen (info_passwd.audit_msg));
snprintf (info_passwd.action+strlen (info_passwd.action),
511 - strlen (info_passwd.audit_msg),
"%lu", (unsigned long int) group_newid);
}
info_group.audit_msg[511] = '\0';
#ifdef SHADOWGRP
info_gshadow.audit_msg[511] = '\0';
#endif
info_passwd.audit_msg[511] = '\0';
// FIXME: add a system cleanup
add_cleanup (cleanup_report_mod_group, &info_group);
#ifdef SHADOWGRP
if ( is_shadow_grp
&& (pflg || nflg)) {
add_cleanup (cleanup_report_mod_gshadow, &info_gshadow);
}
#endif
if (gflg) {
add_cleanup (cleanup_report_mod_passwd, &info_passwd);
}
}
