From 1e56491f0e1cbd07fc0eb0fbfdf5982eced366a6 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Tue, 24 Mar 2009 16:33:21 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2009-03-24  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_unix/passverify.c(save_old_password): Call fflush() and
        fsync().
        (unix_update_passwd, unix_update_shadow): Likewise.
        * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise.
---
 modules/pam_pwhistory/opasswd.c |  9 +++++++++
 modules/pam_unix/passverify.c   | 21 ++++++++++++++++++---
 2 files changed, 27 insertions(+), 3 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
index fd4cd251..dbcd04e3 100644
--- a/modules/pam_pwhistory/opasswd.c
+++ b/modules/pam_pwhistory/opasswd.c
@@ -452,6 +452,15 @@ save_old_password (pam_handle_t *pamh, const char *user, uid_t uid,
 	goto error_opasswd;
       }
 
+  if (fflush (newpf) != 0 || fsync (fileno (newpf)) != 0)
+    {
+      pam_syslog (pamh, LOG_ERR,
+		  "Error while syncing temporary opasswd file: %m");
+      retval = PAM_AUTHTOK_ERR;
+      fclose (newpf);
+      goto error_opasswd;
+    }
+
   if (fclose (newpf) != 0)
     {
       pam_syslog (pamh, LOG_ERR,
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 234e86dd..0575f657 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -680,8 +680,13 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
 	}
     }
 
+    if (fflush(pwfile) || fsync(fileno(pwfile))) {
+	D(("fflush or fsync error writing entries to old passwords file: %m"));
+	err = 1;
+    }
+    
     if (fclose(pwfile)) {
-	D(("error writing entries to old passwords file: %m"));
+	D(("fclose error writing entries to old passwords file: %m"));
 	err = 1;
     }
 
@@ -795,8 +800,13 @@ PAMH_ARG_DECL(int unix_update_passwd,
     }
     fclose(opwfile);
 
+    if (fflush(pwfile) || fsync(fileno(pwfile))) {
+	D(("fflush or fsync error writing entries to password file: %m"));
+	err = 1;
+    }
+    
     if (fclose(pwfile)) {
-	D(("error writing entries to password file: %m"));
+	D(("fclose error writing entries to password file: %m"));
 	err = 1;
     }
 
@@ -916,8 +926,13 @@ PAMH_ARG_DECL(int unix_update_shadow,
     }
     fclose(opwfile);
 
+    if (fflush(pwfile) || fsync(fileno(pwfile))) {
+	D(("fflush or fsync error writing entries to shadow file: %m"));
+	err = 1;
+    }
+    
     if (fclose(pwfile)) {
-	D(("error writing entries to shadow file: %m"));
+	D(("fclose error writing entries to shadow file: %m"));
 	err = 1;
     }
 
-- 
cgit v1.2.3