/* * lock_files - lock the accounts databases * * lock_files() locks the group, gshadow, and passwd databases. */ static void lock_files (void) { if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP if ( is_shadow_grp && (pflg || nflg)) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_gshadow, NULL); } #endif if (gflg) { if (pw_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_passwd, NULL); } }
/* * grp_update - add new group file entries * * grp_update() writes the new records to the group files. */ static void grp_update (void) { struct group grp; #ifdef SHADOWGRP struct sgrp sgrp; #endif /* SHADOWGRP */ /* * To add the group, we need to update /etc/group. * Make sure failures will be reported. */ add_cleanup (cleanup_report_add_group_group, group_name); #ifdef SHADOWGRP if (is_shadow_grp) { /* We also need to update /etc/gshadow */ add_cleanup (cleanup_report_add_group_gshadow, group_name); } #endif /* * Create the initial entries for this new group. */ new_grent (&grp); #ifdef SHADOWGRP new_sgent (&sgrp); if (is_shadow_grp && pflg) { grp.gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */ } #endif /* SHADOWGRP */ /* * Write out the new group file entry. */ if (gr_update (&grp) == 0) { fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), grp.gr_name); exit (E_GRP_UPDATE); } #ifdef SHADOWGRP /* * Write out the new shadow group entries as well. */ if (is_shadow_grp && (sgr_update (&sgrp) == 0)) { fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), sgrp.sg_name); exit (E_GRP_UPDATE); } #endif /* SHADOWGRP */ }
/* * open_files - lock and open the group files * * open_files() opens the two group files. */ static void open_files (void) { /* First, lock the databases */ if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); exit (E_GRP_UPDATE); } add_cleanup (cleanup_unlock_gshadow, NULL); } #endif /* * Now, if the group is not removed, it's our fault. * Make sure failures will be reported. */ add_cleanup (cleanup_report_del_group, group_name); /* An now open the databases */ if (gr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); exit (E_GRP_UPDATE); } #ifdef SHADOWGRP if (is_shadow_grp) { if (sgr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); exit (E_GRP_UPDATE); } } #endif /* SHADOWGRP */ }
/* * open_files - lock and open the group databases * * It will call exit in case of error. */ static void open_files (void) { if (gr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); exit (E_NOPERM); } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP if (is_shadowgrp) { if (sgr_lock () == 0) { fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); exit (E_NOPERM); } add_cleanup (cleanup_unlock_gshadow, NULL); } #endif /* SHADOWGRP */ add_cleanup (log_gpasswd_failure_system, NULL); if (gr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); exit (E_NOPERM); } #ifdef SHADOWGRP if (is_shadowgrp) { if (sgr_open (O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); exit (E_NOPERM); } add_cleanup (log_gpasswd_failure_gshadow, NULL); } #endif /* SHADOWGRP */ add_cleanup (log_gpasswd_failure_group, NULL); del_cleanup (log_gpasswd_failure_system); }
/* * close_files - close and unlock the group databases * * This cause any changes in the databases to be committed. * * It will call exit in case of error. */ static void close_files (void) { if (gr_close () == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); exit (E_NOPERM); } add_cleanup (log_gpasswd_success_group, NULL); del_cleanup (log_gpasswd_failure_group); cleanup_unlock_group (NULL); del_cleanup (cleanup_unlock_group); #ifdef SHADOWGRP if (is_shadowgrp) { if (sgr_close () == 0) { fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); exit (E_NOPERM); } del_cleanup (log_gpasswd_failure_gshadow); cleanup_unlock_gshadow (NULL); del_cleanup (cleanup_unlock_gshadow); } #endif /* SHADOWGRP */ log_gpasswd_success_system (NULL); del_cleanup (log_gpasswd_success_group); }
/* * grp_update - update group file entries * * grp_update() writes the new records to the group files. */ static void grp_update (void) { /* * To add the group, we need to update /etc/group. * Make sure failures will be reported. */ add_cleanup (cleanup_report_del_group_group, group_name); #ifdef SHADOWGRP if (is_shadow_grp) { /* We also need to update /etc/gshadow */ add_cleanup (cleanup_report_del_group_gshadow, group_name); } #endif /* * Delete the group entry. */ if (gr_remove (group_name) == 0) { fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, gr_dbname ()); exit (E_GRP_UPDATE); } #ifdef SHADOWGRP /* * Delete the shadow group entries as well. */ if (is_shadow_grp && (sgr_locate (group_name) != NULL)) { if (sgr_remove (group_name) == 0) { fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, sgr_dbname ()); exit (E_GRP_UPDATE); } } #endif /* SHADOWGRP */ }
/* * prepare_failure_reports - Prepare the cleanup_info structure for logging * of success and failure to syslog or audit. */ static void prepare_failure_reports (void) { info_group.name = group_name; #ifdef SHADOWGRP info_gshadow.name = group_name; #endif info_passwd.name = group_name; info_group.audit_msg = xmalloc (512); #ifdef SHADOWGRP info_gshadow.audit_msg = xmalloc (512); #endif info_passwd.audit_msg = xmalloc (512); snprintf (info_group.audit_msg, 511, "changing %s; ", gr_dbname ()); #ifdef SHADOWGRP snprintf (info_gshadow.audit_msg, 511, "changing %s; ", sgr_dbname ()); #endif snprintf (info_passwd.audit_msg, 511, "changing %s; ", pw_dbname ()); info_group.action = info_group.audit_msg + strlen (info_group.audit_msg); #ifdef SHADOWGRP info_gshadow.action = info_gshadow.audit_msg + strlen (info_gshadow.audit_msg); #endif info_passwd.action = info_passwd.audit_msg + strlen (info_passwd.audit_msg); snprintf (info_group.action, 511 - strlen (info_group.audit_msg), "group %s/%lu", group_name, (unsigned long int) group_id); #ifdef SHADOWGRP snprintf (info_gshadow.action, 511 - strlen (info_group.audit_msg), "group %s", group_name); #endif snprintf (info_passwd.action, 511 - strlen (info_group.audit_msg), "group %s/%lu", group_name, (unsigned long int) group_id); if (nflg) { strncat (info_group.action, ", new name: ", 511 - strlen (info_group.audit_msg)); strncat (info_group.action, group_newname, 511 - strlen (info_group.audit_msg)); #ifdef SHADOWGRP strncat (info_gshadow.action, ", new name: ", 511 - strlen (info_gshadow.audit_msg)); strncat (info_gshadow.action, group_newname, 511 - strlen (info_gshadow.audit_msg)); #endif strncat (info_passwd.action, ", new name: ", 511 - strlen (info_passwd.audit_msg)); strncat (info_passwd.action, group_newname, 511 - strlen (info_passwd.audit_msg)); } if (pflg) { strncat (info_group.action, ", new password", 511 - strlen (info_group.audit_msg)); #ifdef SHADOWGRP strncat (info_gshadow.action, ", new password", 511 - strlen (info_gshadow.audit_msg)); #endif } if (gflg) { strncat (info_group.action, ", new gid: ", 511 - strlen (info_group.audit_msg)); snprintf (info_group.action+strlen (info_group.action), 511 - strlen (info_group.audit_msg), "%lu", (unsigned long int) group_newid); strncat (info_passwd.action, ", new gid: ", 511 - strlen (info_passwd.audit_msg)); snprintf (info_passwd.action+strlen (info_passwd.action), 511 - strlen (info_passwd.audit_msg), "%lu", (unsigned long int) group_newid); } info_group.audit_msg[511] = '\0'; #ifdef SHADOWGRP info_gshadow.audit_msg[511] = '\0'; #endif info_passwd.audit_msg[511] = '\0'; // FIXME: add a system cleanup add_cleanup (cleanup_report_mod_group, &info_group); #ifdef SHADOWGRP if ( is_shadow_grp && (pflg || nflg)) { add_cleanup (cleanup_report_mod_gshadow, &info_gshadow); } #endif if (gflg) { add_cleanup (cleanup_report_mod_passwd, &info_passwd); } }