passwd.c: lock, open, close and unlock passwd database

Resolves: RHEL-151055 Resolves: RHEL-150955 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2026-02-23 15:22:59 +01:00 · 2026-02-23 15:22:59 +01:00 · ac982f2f05
commit ac982f2f05
parent 8d1821d0ed
2 changed files with 54 additions and 1 deletions
--- a/shadow-4.15.0-passwd-database.patch
+++ b/shadow-4.15.0-passwd-database.patch
@ -0,0 +1,46 @@
+--- shadow-4.15.0/src/passwd.c.orig	2026-02-23 14:51:37.436277148 +0100
+++ shadow-4.15.0/src/passwd.c	2026-02-23 14:53:17.130933320 +0100
+@@ -626,6 +626,20 @@
+ 	struct spwd *nsp;
+ 	int ret;
+ 
+	if (pw_lock () == 0) {
+		(void) fprintf (stderr,
+		                _("%s: cannot lock %s; try again later.\n"),
+		                Prog, pw_dbname ());
+		exit (E_PWDBUSY);
+	}
+	pw_locked = true;
+	if (pw_open (O_CREAT | O_RDWR) == 0) {
+		(void) fprintf (stderr,
+		                _("%s: cannot open %s\n"),
+		                Prog, pw_dbname ());
+		SYSLOG ((LOG_WARN, "cannot open %s", pw_dbname ()));
+		fail_exit (E_MISSING);
+	}
+ 	pw = pw_locate(name);
+ 	if (NULL == pw) {
+ 		fprintf(stderr,
+@@ -760,6 +774,22 @@
+ 		/* continue */
+ 	}
+ 	spw_locked = false;
+
+	if (pw_close () == 0) {
+		(void) fprintf (stderr,
+		                _("%s: failure while writing changes to %s\n"),
+		                Prog, pw_dbname ());
+		SYSLOG ((LOG_ERR, "failure while writing changes to %s", pw_dbname ()));
+		fail_exit (E_FAILURE);
+	}
+	if (pw_unlock () == 0) {
+		(void) fprintf (stderr,
+		                _("%s: failed to unlock %s\n"),
+		                Prog, pw_dbname ());
+		SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
+		/* continue */
+	}
+	pw_locked = false;
+ }
+ 
+ /*
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.15.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 2
 License: BSD-3-Clause AND GPL-2.0-or-later
 URL: https://github.com/shadow-maint/shadow
@ -38,6 +38,8 @@ Patch7: shadow-4.15.0-vipw-restore-terminal.patch
 Patch8: shadow-4.15.0-groupmod-help.patch
 # https://github.com/shadow-maint/shadow/commit/03a10499fb6d499e6db06d44007d67893db48e32
 Patch9: shadow-4.15.0-passwd-audit.patch
+# Downstream only
+Patch10: shadow-4.15.0-passwd-database.patch

 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@ -286,6 +288,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
 %{_libdir}/libsubid.so

 %changelog
+* Mon Feb 23 2026 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.15.0-11
+- passwd.c: lock, open, close and unlock passwd database
+  Resolves: RHEL-151055
+  Resolves: RHEL-150955
+
 * Wed Feb 11 2026 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.15.0-10
 - passwd.c: add audit messages for passwd. Resolves: RHEL-141919