From 0d450f9e246cca284ee59beeac2a0c33f972b8bd Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Fri, 16 Mar 2007 10:04:22 +0000 Subject: [PATCH] - assign system dynamic UID/GID from the top of available UID/GID (#190523) --- shadow-4.0.18.1-sysAccount.patch | 149 +++++++++++++++++++++++++++++++ shadow-utils.spec | 7 +- 2 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 shadow-4.0.18.1-sysAccount.patch diff --git a/shadow-4.0.18.1-sysAccount.patch b/shadow-4.0.18.1-sysAccount.patch new file mode 100644 index 0000000..95d46ce --- /dev/null +++ b/shadow-4.0.18.1-sysAccount.patch @@ -0,0 +1,149 @@ +--- shadow-4.0.18.1/src/useradd.c.sysAccount 2007-03-12 10:49:14.000000000 +0100 ++++ shadow-4.0.18.1/src/useradd.c 2007-03-12 12:15:57.000000000 +0100 +@@ -854,6 +854,7 @@ + { + const struct passwd *pwd; + uid_t uid_min, uid_max; ++ char * index; + + if (!rflg) { + uid_min = getdef_unum ("UID_MIN", 500); +@@ -862,6 +863,8 @@ + else { + uid_min = 1; + uid_max = getdef_unum ("UID_MIN", 500) - 1; ++ index = alloca (sizeof (char) * uid_max +1); ++ memset (index, 0, sizeof (char) * uid_max + 1); + } + + /* +@@ -901,11 +904,24 @@ + #endif + exit (E_UID_IN_USE); + } +- if (!uflg && pwd->pw_uid >= user_id) { ++ if (!uflg && !rflg && pwd->pw_uid >= user_id) { + if (pwd->pw_uid > uid_max) + continue; + user_id = pwd->pw_uid + 1; + } ++ /* create index of occupied system accounts UIDs */ ++ if (!uflg && rflg && (pwd->pw_uid <= uid_max)) ++ index[pwd->pw_uid] = 1; ++ ++ } ++ ++ /* find free system account */ ++ if(!uflg && rflg) { ++ for( user_id = uid_max; (user_id >= uid_min) && index[user_id]; user_id--); ++ if ( user_id < uid_min ) { ++ fprintf (stderr, _("%s: can't get unique UID\n"), Prog); ++ fail_exit (E_UID_IN_USE); ++ } + } + + /* +@@ -946,6 +962,7 @@ + { + const struct group *grp; + gid_t gid_min, gid_max; ++ char * index; + + if (!rflg) { + gid_min = getdef_unum ("GID_MIN", 500); +@@ -953,7 +970,9 @@ + } else { + gid_min = 1; + gid_max = getdef_unum ("GID_MIN", 500) - 1; +- } ++ index = alloca (sizeof (char) * gid_max +1); ++ memset (index, 0, sizeof (char) * gid_max + 1); ++ } + + /* + * Start with some GID value if the user didn't provide us with +@@ -978,12 +997,16 @@ + user_gid = grp->gr_gid; + return; + } +- if (grp->gr_gid >= user_gid) { ++ if (!rflg && grp->gr_gid >= user_gid) { + if (grp->gr_gid > gid_max) + continue; + user_gid = grp->gr_gid + 1; + } ++ /* create index of occupied system accounts GIDs */ ++ if (rflg && (grp->gr_gid <= gid_max)) ++ index[grp->gr_gid] = 1; + } ++ + #ifndef NO_GETGRENT /* glibc does have this, so ... */ + /* A quick test gets here: if the UID is available + * as a GID, go ahead and use it */ +@@ -992,6 +1015,18 @@ + return; + } + #endif ++ ++ /* find free system account */ ++ if(rflg) { ++ for( user_gid = gid_max; (user_gid >= gid_min) && index[user_gid]; user_gid--); ++ if ( user_gid < gid_min ) { ++ fprintf (stderr, ++ "%s: can't get unique gid (run out of GIDs)\n", ++ Prog); ++ fail_exit (4); ++ } ++ } ++ + if (user_gid == gid_max + 1) { + for (user_gid = gid_min; user_gid < gid_max; user_gid++) { + #ifdef NO_GETGRENT +--- shadow-4.0.18.1/src/groupadd.c.sysAccount 2007-03-12 10:49:14.000000000 +0100 ++++ shadow-4.0.18.1/src/groupadd.c 2007-03-12 10:49:14.000000000 +0100 +@@ -199,6 +199,7 @@ + { + const struct group *grp; + gid_t gid_min, gid_max; ++ char * index; + + if (!rflg) { + gid_min = getdef_unum ("GID_MIN", 500); +@@ -206,7 +207,9 @@ + } else { + gid_min = 1; + gid_max = getdef_unum ("GID_MIN", 500) - 1; +- } ++ index = alloca (sizeof (char) * gid_max +1); ++ memset (index, 0, sizeof (char) * gid_max + 1); ++ } + + /* + * Start with some GID value if the user didn't provide us with +@@ -251,12 +254,25 @@ + Prog, (unsigned int) group_id); + fail_exit (E_GID_IN_USE); + } +- if (!gflg && grp->gr_gid >= group_id) { ++ if (!gflg && !rflg && grp->gr_gid >= group_id) { + if (grp->gr_gid > gid_max) + continue; + group_id = grp->gr_gid + 1; + } ++ /* create index of occupied system accounts UIDs */ ++ if (!gflg && rflg && (grp->gr_gid <= gid_max)) ++ index[grp->gr_gid] = 1; ++ } ++ ++ /* find free system account */ ++ if(!gflg && rflg) { ++ for( group_id = gid_max; (group_id >= gid_min) && index[group_id]; group_id--); ++ if ( group_id < gid_min ) { ++ fprintf (stderr, _("%s: can't get unique GID\n"), Prog); ++ fail_exit (E_GID_IN_USE); ++ } + } ++ + if (!gflg && group_id == gid_max + 1) { + for (group_id = gid_min; group_id < gid_max; group_id++) { + #ifdef NO_GETGRENT diff --git a/shadow-utils.spec b/shadow-utils.spec index 8e4f57d..a11deaf 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -5,7 +5,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.0.18.1 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 2 URL: http://shadow.pld.org.pl/ Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2 @@ -25,6 +25,7 @@ Patch9: shadow-4.0.18.1-gid.patch Patch10: shadow-4.0.18.1-overflow.patch Patch11: shadow-4.0.17-useradd.patch Patch12: shadow-4.0.18.1-appendOption.patch +Patch13: shadow-4.0.18.1-sysAccount.patch License: BSD Group: System Environment/Base @@ -66,6 +67,7 @@ cp %{SOURCE3} lib/nscd.c %patch10 -p1 -b .overflow %patch11 -p1 -b .useradd %patch12 -p1 -b .appendOption +%patch13 -p1 -b .sysAccount rm po/*.gmo rm po/stamp-po @@ -221,6 +223,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/man8/faillog.8* %changelog +* Fri Mar 16 2007 Peter Vrabec 2:4.0.18.1-11 +- assign system dynamic UID/GID from the top of available UID/GID (#190523) + * Wed Feb 28 2007 Peter Vrabec 2:4.0.18.1-10 - spec file fixes to meet fedora standarts. - fix useless call of restorecon(). (#222159)