import shadow-utils-4.6-17.el8
This commit is contained in:
		
							parent
							
								
									ff2f2a785d
								
							
						
					
					
						commit
						0476791c85
					
				
							
								
								
									
										108
									
								
								SOURCES/shadow-4.9-subordinateio-compare-owner-ID.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										108
									
								
								SOURCES/shadow-4.9-subordinateio-compare-owner-ID.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,108 @@ | |||||||
|  | From 3ec32f9975f262073f8fbdecd2bfaee4a1d3db48 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Iker Pedrosa <ipedrosa@redhat.com> | ||||||
|  | Date: Wed, 13 Jul 2022 09:55:14 +0200 | ||||||
|  | Subject: [PATCH] subordinateio: also compare the owner ID | ||||||
|  | 
 | ||||||
|  | IDs already populate /etc/subuid and /etc/subgid files so it's necessary | ||||||
|  | not only to check for the owner name but also for the owner ID of a | ||||||
|  | given range. | ||||||
|  | 
 | ||||||
|  | Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2093311 | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  lib/subordinateio.c | 50 +++++++++++++++++++++++++++++++++++++++++++++ | ||||||
|  |  1 file changed, 50 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/lib/subordinateio.c b/lib/subordinateio.c
 | ||||||
|  | index 9ca70b8b..6bc45283 100644
 | ||||||
|  | --- a/lib/subordinateio.c
 | ||||||
|  | +++ b/lib/subordinateio.c
 | ||||||
|  | @@ -17,6 +17,8 @@
 | ||||||
|  |  #include <ctype.h> | ||||||
|  |  #include <fcntl.h> | ||||||
|  |   | ||||||
|  | +#define ID_SIZE 31
 | ||||||
|  | +
 | ||||||
|  |  /* | ||||||
|  |   * subordinate_dup: create a duplicate range | ||||||
|  |   * | ||||||
|  | @@ -745,6 +747,40 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
 | ||||||
|  |  	return start == ULONG_MAX ? (gid_t) -1 : start; | ||||||
|  |  } | ||||||
|  |   | ||||||
|  | +static bool get_owner_id(const char *owner, enum subid_type id_type, char *id)
 | ||||||
|  | +{
 | ||||||
|  | +	struct passwd *pw;
 | ||||||
|  | +	struct group *gr;
 | ||||||
|  | +	int ret = 0;
 | ||||||
|  | +
 | ||||||
|  | +	switch (id_type) {
 | ||||||
|  | +	case ID_TYPE_UID:
 | ||||||
|  | +		pw = getpwnam(owner);
 | ||||||
|  | +		if (pw == NULL) {
 | ||||||
|  | +			return false;
 | ||||||
|  | +		}
 | ||||||
|  | +		ret = snprintf(id, ID_SIZE, "%u", pw->pw_uid);
 | ||||||
|  | +		if (ret < 0 || ret >= ID_SIZE) {
 | ||||||
|  | +			return false;
 | ||||||
|  | +		}
 | ||||||
|  | +		break;
 | ||||||
|  | +	case ID_TYPE_GID:
 | ||||||
|  | +		gr = getgrnam(owner);
 | ||||||
|  | +		if (gr == NULL) {
 | ||||||
|  | +			return false;
 | ||||||
|  | +		}
 | ||||||
|  | +		ret = snprintf(id, ID_SIZE, "%u", gr->gr_gid);
 | ||||||
|  | +		if (ret < 0 || ret >= ID_SIZE) {
 | ||||||
|  | +			return false;
 | ||||||
|  | +		}
 | ||||||
|  | +		break;
 | ||||||
|  | +	default:
 | ||||||
|  | +		return false;
 | ||||||
|  | +	}
 | ||||||
|  | +
 | ||||||
|  | +	return true;
 | ||||||
|  | +}
 | ||||||
|  | +
 | ||||||
|  |  /* | ||||||
|  |   * int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges) | ||||||
|  |   * | ||||||
|  | @@ -770,6 +806,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
 | ||||||
|  |  	enum subid_status status; | ||||||
|  |  	int count = 0; | ||||||
|  |  	struct subid_nss_ops *h; | ||||||
|  | +	char id[ID_SIZE];
 | ||||||
|  | +	bool have_owner_id;
 | ||||||
|  |   | ||||||
|  |  	*in_ranges = NULL; | ||||||
|  |   | ||||||
|  | @@ -798,6 +836,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
 | ||||||
|  |  		return -1; | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  | +	have_owner_id = get_owner_id(owner, id_type, id);
 | ||||||
|  | +
 | ||||||
|  |  	commonio_rewind(db); | ||||||
|  |  	while ((range = commonio_next(db)) != NULL) { | ||||||
|  |  		if (0 == strcmp(range->owner, owner)) { | ||||||
|  | @@ -808,6 +848,16 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
 | ||||||
|  |  				goto out; | ||||||
|  |  			} | ||||||
|  |  		} | ||||||
|  | +
 | ||||||
|  | +		// Let's also compare with the ID
 | ||||||
|  | +		if (have_owner_id == true && 0 == strcmp(range->owner, id)) {
 | ||||||
|  | +			if (!append_range(&ranges, range, count++)) {
 | ||||||
|  | +				free(ranges);
 | ||||||
|  | +				ranges = NULL;
 | ||||||
|  | +				count = -1;
 | ||||||
|  | +				goto out;
 | ||||||
|  | +			}
 | ||||||
|  | +		}
 | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  |  out: | ||||||
|  | -- 
 | ||||||
|  | 2.36.1 | ||||||
|  | 
 | ||||||
| @ -1,11 +1,11 @@ | |||||||
| Summary: Utilities for managing accounts and shadow password files | Summary: Utilities for managing accounts and shadow password files | ||||||
| Name: shadow-utils | Name: shadow-utils | ||||||
| Version: 4.6 | Version: 4.6 | ||||||
| Release: 16%{?dist} | Release: 17%{?dist} | ||||||
| Epoch: 2 | Epoch: 2 | ||||||
| URL: http://pkg-shadow.alioth.debian.org/ | URL: http://pkg-shadow.alioth.debian.org/ | ||||||
| Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz | Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz | ||||||
| Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc | Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc | ||||||
| Source2: shadow-utils.useradd | Source2: shadow-utils.useradd | ||||||
| Source3: shadow-utils.login.defs | Source3: shadow-utils.login.defs | ||||||
| Source4: shadow-bsd.txt | Source4: shadow-bsd.txt | ||||||
| @ -92,6 +92,8 @@ Patch61: shadow-4.6-respect_enable_static_no.patch | |||||||
| Patch62: shadow-4.6-getsubids.patch | Patch62: shadow-4.6-getsubids.patch | ||||||
| # https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83 | # https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83 | ||||||
| Patch63: shadow-4.6-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch | Patch63: shadow-4.6-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch | ||||||
|  | # https://github.com/shadow-maint/shadow/commit/3ec32f9975f262073f8fbdecd2bfaee4a1d3db48 | ||||||
|  | Patch64: shadow-4.9-subordinateio-compare-owner-ID.patch | ||||||
| 
 | 
 | ||||||
| License: BSD and GPLv2+ | License: BSD and GPLv2+ | ||||||
| Group: System Environment/Base | Group: System Environment/Base | ||||||
| @ -135,6 +137,7 @@ Utility library that provides a way to manage subid ranges. | |||||||
| %package subid-devel | %package subid-devel | ||||||
| Summary: Development package for shadow-utils-subid | Summary: Development package for shadow-utils-subid | ||||||
| License: BSD and GPLv2+ | License: BSD and GPLv2+ | ||||||
|  | Requires: shadow-utils-subid = %{epoch}:%{version}-%{release} | ||||||
| 
 | 
 | ||||||
| %description subid-devel | %description subid-devel | ||||||
| Development files for shadow-utils-subid. | Development files for shadow-utils-subid. | ||||||
| @ -190,6 +193,7 @@ Development files for shadow-utils-subid. | |||||||
| %patch61 -p1 -b .respect_enable_static_no | %patch61 -p1 -b .respect_enable_static_no | ||||||
| %patch62 -p1 -b .getsubids | %patch62 -p1 -b .getsubids | ||||||
| %patch63 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist | %patch63 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist | ||||||
|  | %patch64 -p1 -b .subordinateio-compare-owner-ID | ||||||
| 
 | 
 | ||||||
| iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8 | iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8 | ||||||
| cp -f doc/HOWTO.utf8 doc/HOWTO | cp -f doc/HOWTO.utf8 doc/HOWTO | ||||||
| @ -360,6 +364,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la | |||||||
| %{_libdir}/libsubid.so | %{_libdir}/libsubid.so | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu Jul 21 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-17 | ||||||
|  | - subordinateio: also compare the owner ID. Resolves: #2093311 | ||||||
|  | - Fix release sources | ||||||
|  | - Add subid requirement for subid-devel | ||||||
|  | 
 | ||||||
| * Thu Dec  9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-16 | * Thu Dec  9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-16 | ||||||
| - getsubids: provide system binary and man page. Resolves: #2013016 | - getsubids: provide system binary and man page. Resolves: #2013016 | ||||||
| - groupdel: fix SIGSEGV when passwd does not exist. Resolves: #1986782 | - groupdel: fix SIGSEGV when passwd does not exist. Resolves: #1986782 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user