chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
firstboot: follow lock protocol when changing /etc/shadow
[elogind.git]
/
src
/
firstboot
/
firstboot.c
diff --git
a/src/firstboot/firstboot.c
b/src/firstboot/firstboot.c
index 56893d0e37031f5db0670b561fdbf11524d3cace..6abffc528f953173fe658aeec37b52e359774b19 100644
(file)
--- a/
src/firstboot/firstboot.c
+++ b/
src/firstboot/firstboot.c
@@
-530,8
+530,8
@@
static int write_root_shadow(const char *path, const struct spwd *p) {
assert(path);
assert(p);
assert(path);
assert(p);
- mkdir_parents(path, 0755);
- f = fopen(path, "wex");
+ RUN_WITH_UMASK(0777)
+
f = fopen(path, "wex");
if (!f)
return -errno;
if (!f)
return -errno;
@@
-559,6
+559,8
@@
static int process_root_password(void) {
.sp_expire = -1,
.sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
};
.sp_expire = -1,
.sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
};
+
+ _cleanup_close_ int lock = -1;
char salt[3+16+1+1];
uint8_t raw[16];
unsigned i;
char salt[3+16+1+1];
uint8_t raw[16];
unsigned i;
@@
-571,6
+573,12
@@
static int process_root_password(void) {
if (faccessat(AT_FDCWD, etc_shadow, F_OK, AT_SYMLINK_NOFOLLOW) >= 0)
return 0;
if (faccessat(AT_FDCWD, etc_shadow, F_OK, AT_SYMLINK_NOFOLLOW) >= 0)
return 0;
+ mkdir_parents(etc_shadow, 0755);
+
+ lock = take_password_lock(arg_root);
+ if (lock < 0)
+ return lock;
+
if (arg_copy_root_password && arg_root) {
struct spwd *p;
if (arg_copy_root_password && arg_root) {
struct spwd *p;