From patchwork Mon Aug 22 20:23:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gary Tierney X-Patchwork-Id: 9294365 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EBABB607F0 for ; Mon, 22 Aug 2016 20:31:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DA5F528AA4 for ; Mon, 22 Aug 2016 20:31:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CEC4D28AA8; Mon, 22 Aug 2016 20:31:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3D0B28AA4 for ; Mon, 22 Aug 2016 20:31:14 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,561,1464652800"; d="scan'208";a="16825903" IronPort-PHdr: =?us-ascii?q?9a23=3A5hQHORcbxS/zSSECvCquLkTxlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxc69Zx7h7PlgxGXEQZ/co6odzbGH6ua7Aydevd7B6ClEK80UEUddyI?= =?us-ascii?q?0/pE8JOIa9E0r1LfrnPWQRPf9pcxtbxUy9KlVfA83kZlff8TWY5D8WHQjjZ0Iu?= =?us-ascii?q?frymUrDbg8n/7e2u4ZqbO1wO32vkJ+goZ0vq5UWJ749N0NMkcv5wgjLy4VJwM9?= =?us-ascii?q?xMwm1pIV/B1z3d3eyXuKBZziJLpvg6/NRBW6ipN44xTLhfESh0ezttvJ6jiAPH?= =?us-ascii?q?BTeryjNcFzxO00kAPw+Q9xz+X5HsogPmp+F932+cJsSwQrcqChq46KI+ZxbymW?= =?us-ascii?q?87NjMj9mzGwph/hbhK5g6gqgZ5zp/8b4SFcvF5e/WOLpshWWNdU5MJBGR6CYSm?= =?us-ascii?q?Yt5KVrIM?= X-IPAS-Result: =?us-ascii?q?A2GJBADsX7tX/wHyM5BdGgEBAQGDJoFSuX8dh21MAQEBAQE?= =?us-ascii?q?BAQIBAlsngjIEAxGCFQIEAQIkExQgDgMJAQEXCBkBAQYICAMBLQsKEQ4LBRgEh?= =?us-ascii?q?3UBGgSiI5cTAYUWHoYNiF8RAWQBBYUNBY4fiymBZIolgxiJboVgkDdUghIcgU1?= =?us-ascii?q?vhTgNF4EfAQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 22 Aug 2016 20:29:45 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7MKTiYB014024; Mon, 22 Aug 2016 16:29:44 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7MKQkZd104773 for ; Mon, 22 Aug 2016 16:26:46 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7MKQiam013026 for ; Mon, 22 Aug 2016 16:26:45 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CvAwABX7tXhxIP49RdGwEBAYR4pFIEkSGEDIYdAoFnTAEBAQEBAQECEwEBAQgNCQkZhQ4CAQMnYiAZAQEWPBsZiBYBHqIilxEBhRYehg2JVQEFhQ0Fjh+LKYFkiiWDGI9OkDeCZhELgU1vhTgNF4EfAQEB X-IPAS-Result: A1CvAwABX7tXhxIP49RdGwEBAYR4pFIEkSGEDIYdAoFnTAEBAQEBAQECEwEBAQgNCQkZhQ4CAQMnYiAZAQEWPBsZiBYBHqIilxEBhRYehg2JVQEFhQ0Fjh+LKYFkiiWDGI9OkDeCZhELgU1vhTgNF4EfAQEB X-IronPort-AV: E=Sophos;i="5.28,561,1464667200"; d="scan'208";a="5658644" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 22 Aug 2016 16:26:45 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Ad2Y4axfHf43h/VieOsXzGJEwlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxc6/bB7h7PlgxGXEQZ/co6odzbGH6ua7Aydevd7B6ClEK80UEUddyI?= =?us-ascii?q?0/pE8JOIa9E0r1LfrnPWQRPf9pcxtbxUy9KlVfA83kZlff8TWY5D8WHQjjZ0Iu?= =?us-ascii?q?frymUrDbg8n/7e2u4ZqbO1wO32vkJ+goZ0vq5UWJ749N0NMkcv5wgjLy4VJwM9?= =?us-ascii?q?xMwm1pIV/B1z3d3eyXuKBZziJLpvg6/NRBW6ipN44xTLhfESh0ezttvJ6j5lH/?= =?us-ascii?q?Sl6U638dVHgGugZZCAjCqhfhV9H+tTWpmPB63Xy1NNfnBYw1VC6k4rYjHBDhkj?= =?us-ascii?q?ZBKz806mfam+R/ibIdqxWk8U8si7XIaZ2YYaItNpjWeskXEDJM?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FCAgABX7tXhxIP49RdGwEBAb57hh0Cg?= =?us-ascii?q?WdMAQEBAQEBAQIBAhABAQEIDQkJGS+CMhaCFwIBA4EJIBkBARY8GxmIFgEeoiK?= =?us-ascii?q?XEQGFFh6GDYlVAQWFDQWOH4spgWSKJYMYj06QN4J3gViGJw0XgR8BAQE?= X-IPAS-Result: =?us-ascii?q?A0FCAgABX7tXhxIP49RdGwEBAb57hh0CgWdMAQEBAQEBAQI?= =?us-ascii?q?BAhABAQEIDQkJGS+CMhaCFwIBA4EJIBkBARY8GxmIFgEeoiKXEQGFFh6GDYlVA?= =?us-ascii?q?QWFDQWOH4spgWSKJYMYj06QN4J3gViGJw0XgR8BAQE?= X-IronPort-AV: E=Sophos;i="5.28,561,1464652800"; d="scan'208";a="18659381" Received: from mout.gmx.net ([212.227.15.18]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Aug 2016 20:23:12 +0000 Received: from home ([79.71.36.116]) by mail.gmx.com (mrgmx003) with ESMTPA (Nemesis) id 0MCtut-1bSKxZ3aZn-009gGo for ; Mon, 22 Aug 2016 22:23:11 +0200 From: Gary Tierney To: selinux@tycho.nsa.gov Subject: [PATCH 2/2] genhomedircon: add support for %group syntax Date: Mon, 22 Aug 2016 21:23:01 +0100 Message-Id: <1471897381-21216-3-git-send-email-gary.tierney@gmx.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1471897381-21216-1-git-send-email-gary.tierney@gmx.com> References: <1471897381-21216-1-git-send-email-gary.tierney@gmx.com> X-Provags-ID: V03:K0:8h4IoXnPi3LFhQVPI+SvN13gtKQxs0S/w0ViUyddwnvOxKohz7a 6lco2+rw9bOPbnMCzcRwNX+F/5S+JBx2Ov79d4GlADw35rdW4mJFvZ/T8wEtK7ddV8FtEIr QUnIXX1sJ8J5m7HEi1EbHpdKknpQupE7ouY4tYY7PbOCqTKAb6NNVx+v3p5A5f8V3Yr3aDl BWvBdw5QxFtBG6DnVjJYw== X-UI-Out-Filterresults: notjunk:1; V01:K0:7l9RYFIVmCE=:aqFCxfp6IzgblYPD7/5+BI ETOb14dYUNQqf0j5Kq/7hZVBK2uaDVxeNhMijx5M/f4NrjrVCh92nYXC2zCzBjN/1uuSLN8y2 O55XQh719BOQJ+ouqOobpyihglGyV7/TGwkm8t2nAqxAiJ9u9dbazIwSeuL2zxnQhTjrwaxpJ Wyh6x1K9OoRXOn9DotamOCbuDqUYPaKVlUrj4KJ9gFxLi178eQSv+KwrwYy6QdCdh89sq4z40 x4kz17NhB0XF1M0/r/iSsmiO+5VYyTyx3xz9XtVa8hyrvBdVEn22m++RJkpOZAv6D0PiyFJf3 Hqdu4PIv1f/1JMSQvbRATLY1sncBS2LyGz0aC/zSjDbEHMjmSuQro9Q5q23q3jcbg5EoQm5VE Kx/TvsROAZcwf6/oauZEkSxyZN5QmNum0Lep6Hy0RQaZOrIEk+jR6lLXDNzRVnLXJgc6DkArn IYVcrqmoGKogm+/tsp4H8K9U68dUNnmGHKh9h5QfwVY0SPFoTzpp5/5hgtJzKWDIFRpQd3cO2 /dMzBrH+o6s/b5jqRXjwqseGxggK0WtxvLuua1X/wZKyJT8uZWiap4oxWFan/aabdBOUHyM6/ Wg8ylwclErw6YzebHU4if0PXm6b4M1KtNqdIkawYMmz7h7FT6tmk0dm/ieH/RJkwHLnqdyoAq cseH7YjRcv+QLKJ7FtOqVu+VW06fen4/TzDyzSKdnsqHXhEMGBD/rnWpQaZU5Vk+mFDSxJkWQ jPKRMVdqvDK4yeLKEK9zTDkQMYBGhYNezSuHy8d6txsAi47KIJik3ARDlrY= X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: Gary Tierney semanage-login supports login mappings using the %group syntax, but genhomedircon does not expand groups to the users belonging to them. This commit adds support for generating home directory contexts for login mappings using the group syntax and adds error reporting for handling cases where there is ambiguity due to a user belonging to multiple groups mapped by semanage-login. If a login mapping is added for the user which belongs to multiple groups it will take precedence and resolve the ambiguity issue. Signed-off-by: Gary Tierney --- libsemanage/src/genhomedircon.c | 311 +++++++++++++++++++++++++++++++--------- 1 file changed, 243 insertions(+), 68 deletions(-) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 698b907..cce3884 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -48,6 +48,8 @@ #include #include #include +#include +#include /* paths used in get_home_dirs() */ #define PATH_ETC_USERADD "/etc/default/useradd" @@ -98,6 +100,7 @@ typedef struct user_entry { char *prefix; char *home; char *level; + char *login; struct user_entry *next; } genhomedircon_user_entry_t; @@ -486,6 +489,11 @@ static int USER_CONTEXT_PRED(const char *string) return (int)(strstr(string, TEMPLATE_USER) != NULL); } +static int STR_COMPARATOR(const void *a, const void *b) +{ + return strcmp((const char *) a, (const char *) b); +} + /* make_tempate * @param s the settings holding the paths to various files * @param pred function pointer to function to use as filter for slurp @@ -652,6 +660,24 @@ static int write_user_context(genhomedircon_settings_t * s, FILE * out, return write_replacements(s, out, tpl, repl); } +static int seuser_sort_func(const void *arg1, const void *arg2) +{ + const semanage_seuser_t **u1 = (const semanage_seuser_t **) arg1; + const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;; + const char *name1 = semanage_seuser_get_name(*u1); + const char *name2 = semanage_seuser_get_name(*u2); + + if (name1[0] == '%' && name2[0] == '%') { + return 0; + } else if (name1[0] == '%') { + return 1; + } else if (name2[0] == '%') { + return -1; + } + + return strcmp(name1, name2); +} + static int user_sort_func(semanage_user_t ** arg1, semanage_user_t ** arg2) { return strcmp(semanage_user_get_name(*arg1), @@ -665,7 +691,8 @@ static int name_user_cmp(char *key, semanage_user_t ** val) static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, const char *u, const char *g, const char *sen, - const char *pre, const char *h, const char *l) + const char *pre, const char *h, const char *l, + const char *ln) { genhomedircon_user_entry_t *temp = NULL; char *name = NULL; @@ -675,6 +702,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, char *prefix = NULL; char *home = NULL; char *level = NULL; + char *lname = NULL; temp = malloc(sizeof(genhomedircon_user_entry_t)); if (!temp) @@ -700,6 +728,9 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, level = strdup(l); if (!level) goto cleanup; + lname = strdup(ln); + if (!lname) + goto cleanup; temp->name = name; temp->uid = uid; @@ -708,6 +739,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, temp->prefix = prefix; temp->home = home; temp->level = level; + temp->login = lname; temp->next = (*list); (*list) = temp; @@ -721,6 +753,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, free(prefix); free(home); free(level); + free(lname); free(temp); return STATUS_ERR; } @@ -741,6 +774,7 @@ static void pop_user_entry(genhomedircon_user_entry_t ** list) free(temp->prefix); free(temp->home); free(temp->level); + free(temp->login); free(temp); } @@ -790,7 +824,8 @@ static int setup_fallback_user(genhomedircon_settings_t * s) if (push_user_entry(&(s->fallback), FALLBACK_NAME, FALLBACK_UIDGID, FALLBACK_UIDGID, - seuname, prefix, "", level) != 0) + seuname, prefix, "", level, + FALLBACK_NAME) != 0) errors = STATUS_ERR; semanage_user_key_free(key); if (u) @@ -806,6 +841,202 @@ static int setup_fallback_user(genhomedircon_settings_t * s) return errors; } +static genhomedircon_user_entry_t *find_user(genhomedircon_user_entry_t *head, + const char *name) +{ + for(; head; head = head->next) { + if (strcmp(head->name, name) == 0) { + return head; + } + } + + return NULL; +} + +static int add_user(genhomedircon_settings_t * s, + genhomedircon_user_entry_t **head, + semanage_user_t *user, + const char *name, + const char *sename, + const char *selogin) +{ + if (selogin[0] == '%') { + genhomedircon_user_entry_t *orig = find_user(*head, name); + if (orig != NULL && orig->login[0] == '%') { + ERR(s->h_semanage, "User %s is already mapped to" + " group %s, but also belongs to group %s. Add an" + " explicit mapping for this user to" + " override group mappings.", + name, orig->login + 1, selogin + 1); + return STATUS_ERR; + } else if (orig != NULL) { + // user mappings take precedence + return STATUS_SUCCESS; + } + } + + int retval = STATUS_ERR; + + char *rbuf = NULL; + long rbuflen; + struct passwd pwstorage, *pwent = NULL; + const char *prefix = NULL; + const char *level = NULL; + char uid[11]; + char gid[11]; + + /* Allocate space for the getpwnam_r buffer */ + rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + if (rbuflen <= 0) + goto cleanup; + rbuf = malloc(rbuflen); + if (rbuf == NULL) + goto cleanup; + + if (user) { + prefix = semanage_user_get_prefix(user); + level = semanage_user_get_mlslevel(user); + + if (!level) { + level = FALLBACK_LEVEL; + } + } else { + prefix = name; + level = FALLBACK_LEVEL; + } + + retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); + if (retval != 0 || pwent == NULL) { + if (retval != 0 && retval != ENOENT) { + goto cleanup; + } + + WARN(s->h_semanage, + "user %s not in password file", name); + retval = STATUS_SUCCESS; + goto cleanup; + } + + int len = strlen(pwent->pw_dir) -1; + for(; len > 0 && pwent->pw_dir[len] == '/'; len--) { + pwent->pw_dir[len] = '\0'; + } + + if (strcmp(pwent->pw_dir, "/") == 0) { + /* don't relabel / genhomdircon checked to see if root + * was the user and if so, set his home directory to + * /root */ + retval = STATUS_SUCCESS; + goto cleanup; + } + + if (ignore(pwent->pw_dir)) { + retval = STATUS_SUCCESS; + goto cleanup; + } + + len = snprintf(uid, sizeof(uid), "%u", pwent->pw_uid); + if (len < 0 || len >= (int)sizeof(uid)) { + goto cleanup; + } + + len = snprintf(gid, sizeof(gid), "%u", pwent->pw_gid); + if (len < 0 || len >= (int)sizeof(gid)) { + goto cleanup; + } + + retval = push_user_entry(head, name, uid, gid, sename, prefix, + pwent->pw_dir, level, selogin); +cleanup: + free(rbuf); + return retval; +} + +static int get_group_users(genhomedircon_settings_t * s, + genhomedircon_user_entry_t **head, + semanage_user_t *user, + const char *sename, + const char *selogin) +{ + int retval = STATUS_ERR; + unsigned int i; + + long grbuflen; + char *grbuf = NULL; + struct group grstorage, *group = NULL; + + long prbuflen; + char *pwbuf = NULL; + struct passwd pwstorage, *pw = NULL; + + grbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); + if (grbuflen <= 0) + goto cleanup; + grbuf = malloc(grbuflen); + if (grbuf == NULL) + goto cleanup; + + const char *grname = selogin + 1; + + if (getgrnam_r(grname, &grstorage, grbuf, + (size_t) grbuflen, &group) != 0) { + goto cleanup; + } + + if (group == NULL) { + ERR(s->h_semanage, "Can't find group named %s\n", grname); + goto cleanup; + } + + size_t nmembers = 0; + char **members = group->gr_mem; + + while (*members != NULL) { + nmembers++; + members++; + } + + for (i = 0; i < nmembers; i++) { + const char *uname = group->gr_mem[i]; + + if (add_user(s, head, user, uname, sename, selogin) < 0) { + goto cleanup; + } + } + + prbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + if (prbuflen <= 0) + goto cleanup; + pwbuf = malloc(prbuflen); + if (pwbuf == NULL) + goto cleanup; + + setpwent(); + while ((retval = getpwent_r(&pwstorage, pwbuf, prbuflen, &pw)) == 0) { + // skip users who also have this group as their + // primary group + if (lfind(pw->pw_name, group->gr_mem, &nmembers, + sizeof(char *), &STR_COMPARATOR)) { + continue; + } + + if (group->gr_gid == pw->pw_gid) { + if (add_user(s, head, user, pw->pw_name, + sename, selogin) < 0) { + goto cleanup; + } + } + } + + retval = STATUS_SUCCESS; +cleanup: + endpwent(); + free(pwbuf); + free(grbuf); + + return retval; +} + static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, int *errors) { @@ -817,14 +1048,7 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, semanage_user_t **u = NULL; const char *name = NULL; const char *seuname = NULL; - const char *prefix = NULL; - const char *level = NULL; - char uid[11]; - char gid[11]; - struct passwd pwstorage, *pwent = NULL; unsigned int i; - long rbuflen; - char *rbuf = NULL; int retval; *errors = 0; @@ -838,17 +1062,11 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, nusers = 0; } + qsort(seuser_list, nseusers, sizeof(semanage_seuser_t *), + &seuser_sort_func); qsort(user_list, nusers, sizeof(semanage_user_t *), (int (*)(const void *, const void *))&user_sort_func); - /* Allocate space for the getpwnam_r buffer */ - rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); - if (rbuflen <= 0) - goto cleanup; - rbuf = malloc(rbuflen); - if (rbuf == NULL) - goto cleanup; - for (i = 0; i < nseusers; i++) { seuname = semanage_seuser_get_sename(seuser_list[i]); name = semanage_seuser_get_name(seuser_list[i]); @@ -859,70 +1077,27 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, if (strcmp(name, TEMPLATE_SEUSER) == 0) continue; - /* %groupname syntax */ - if (name[0] == '%') - continue; - /* find the user structure given the name */ u = bsearch(seuname, user_list, nusers, sizeof(semanage_user_t *), (int (*)(const void *, const void *)) &name_user_cmp); - if (u) { - prefix = semanage_user_get_prefix(*u); - level = semanage_user_get_mlslevel(*u); - if (!level) - level = FALLBACK_LEVEL; - } else { - prefix = name; - level = FALLBACK_LEVEL; - } - - retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); - if (retval != 0 || pwent == NULL) { - if (retval != 0 && retval != ENOENT) { - *errors = STATUS_ERR; - goto cleanup; - } - - WARN(s->h_semanage, - "user %s not in password file", name); - continue; - } - int len = strlen(pwent->pw_dir) -1; - for(; len > 0 && pwent->pw_dir[len] == '/'; len--) { - pwent->pw_dir[len] = '\0'; + /* %groupname syntax */ + if (name[0] == '%') { + retval = get_group_users(s, &head, *u, seuname, + name); + } else { + retval = add_user(s, &head, *u, name, + seuname, name); } - if (strcmp(pwent->pw_dir, "/") == 0) { - /* don't relabel / genhomdircon checked to see if root - * was the user and if so, set his home directory to - * /root */ - continue; - } - if (ignore(pwent->pw_dir)) - continue; - - len = snprintf(uid, sizeof(uid), "%u", pwent->pw_uid); - if (len < 0 || len >= (int)sizeof(uid)) { + if (retval != 0) { *errors = STATUS_ERR; goto cleanup; } - len = snprintf(gid, sizeof(gid), "%u", pwent->pw_gid); - if (len < 0 || len >= (int)sizeof(gid)) { - *errors = STATUS_ERR; - goto cleanup; - } - - if (push_user_entry(&head, name, uid, gid, seuname, - prefix, pwent->pw_dir, level) != STATUS_SUCCESS) { - *errors = STATUS_ERR; - break; - } } cleanup: - free(rbuf); if (*errors) { for (; head; pop_user_entry(&head)) { /* the pop function takes care of all the cleanup