diff options
author | Tomas Bzatek <tbzatek@redhat.com> | 2014-01-14 13:40:34 +0100 |
---|---|---|
committer | Tomas Bzatek <tbzatek@redhat.com> | 2014-01-14 13:40:34 +0100 |
commit | 72834a3621e8e103a763a1810b004d425164461f (patch) | |
tree | b7b926cedb692f051628f240ccbde4a025462e42 /src/account/LMI_IdentityProvider.c | |
parent | 846783b577487ccbd93def33754f22d56601ab86 (diff) | |
download | openlmi-providers-72834a3621e8e103a763a1810b004d425164461f.tar.gz openlmi-providers-72834a3621e8e103a763a1810b004d425164461f.tar.xz openlmi-providers-72834a3621e8e103a763a1810b004d425164461f.zip |
account: Use lckpwdf() to protect passwd files
Glibc provides convenient lock functions to protect passwd and shadow files.
This commit makes use of them for any write operation.
Read access is still unprotected for the time being for performance reasons.
https://fedorahosted.org/openlmi/ticket/205
Diffstat (limited to 'src/account/LMI_IdentityProvider.c')
-rw-r--r-- | src/account/LMI_IdentityProvider.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/account/LMI_IdentityProvider.c b/src/account/LMI_IdentityProvider.c index df3ffe7..dbd7b02 100644 --- a/src/account/LMI_IdentityProvider.c +++ b/src/account/LMI_IdentityProvider.c @@ -18,6 +18,7 @@ * Authors: Roman Rakus <rrakus@redhat.com> */ +#include <shadow.h> #include <konkret/konkret.h> #include "LMI_Identity.h" @@ -172,14 +173,21 @@ static CMPIStatus LMI_IdentityDeleteInstance( struct lu_ent *lue = NULL; char *errmsg = NULL; CMPIrc rc = CMPI_RC_OK; + int pwdlockres; LMI_Identity_InitFromObjectPath(&identity, _cb, cop); instance_id = identity.InstanceID.chars; id = atol(rindex(instance_id, ':') + 1); + pwdlockres = lckpwdf(); + if (pwdlockres != 0) + warn("Cannot acquire passwd file lock\n"); + luc = lu_start(NULL, 0, NULL, NULL, lu_prompt_console_quiet, NULL, &error); if (!luc) { + if (pwdlockres == 0) + ulckpwdf(); KReturn2(_cb, ERR_FAILED, "Unable to initialize libuser: %s\n", lu_strerror(error)); } @@ -227,6 +235,8 @@ static CMPIStatus LMI_IdentityDeleteInstance( fail: lu_ent_free(lue); lu_end(luc); + if (pwdlockres == 0) + ulckpwdf(); if (errmsg) { CMPIString *errstr = CMNewString(_cb, errmsg, NULL); free(errmsg); |