rpms/shadow-utils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

useradd: avoid generating an empty subid range (#1990653)

Browse Source 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2021-08-11 14:58:12 +02:00
parent 94f04f9e71
commit 3a32832856
2 changed files with 88 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
shadow-4.9-useradd-avoid-generating-empty-subid-range.patch Normal file
View File

@ -0,0 +1,79 @@
diff --git a/src/useradd.c b/src/useradd.c
index baeffb35..9abeea6e 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -142,9 +142,7 @@ static bool is_sub_gid = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
static uid_t sub_uid_start; /* New subordinate uid range */
-static unsigned long sub_uid_count;
static gid_t sub_gid_start; /* New subordinate gid range */
-static unsigned long sub_gid_count;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool gr_locked = false;
@@ -234,7 +232,7 @@ static void open_shadow (void);
static void faillog_reset (uid_t);
static void lastlog_reset (uid_t);
static void tallylog_reset (const char *);
-static void usr_update (void);
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
static void create_home (void);
static void create_mail (void);
static void check_uid_range(int rflg, uid_t user_id);
@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name)
* usr_update() creates the password file entries for this user
* and will update the group entries if required.
*/
-static void usr_update (void)
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
{
struct passwd pwent;
struct spwd spent;
@@ -2155,14 +2153,14 @@ static void usr_update (void)
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid &&
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
if (is_sub_gid &&
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
@@ -2624,16 +2622,16 @@ int main (int argc, char **argv)
}
#ifdef ENABLE_SUBIDS
- if (is_sub_uid && sub_uid_count != 0) {
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
+ if (is_sub_uid && subuid_count != 0) {
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate user IDs\n"),
Prog);
fail_exit(E_SUB_UID_UPDATE);
}
}
- if (is_sub_gid && sub_gid_count != 0) {
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
+ if (is_sub_gid && subgid_count != 0) {
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate group IDs\n"),
Prog);
@@ -2642,7 +2640,7 @@ int main (int argc, char **argv)
}
#endif /* ENABLE_SUBIDS */
- usr_update ();
+ usr_update (subuid_count, subgid_count);
close_files ();

12
shadow-utils.spec
View File

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.9 Version: 4.9
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 2 Epoch: 2
URL: https://github.com/shadow-maint/shadow URL: https://github.com/shadow-maint/shadow
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@ -44,10 +44,12 @@ Patch11: shadow-4.8-long-entry.patch
Patch12: shadow-4.6-sysugid-min-limit.patch Patch12: shadow-4.6-sysugid-min-limit.patch
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown # Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
Patch13: shadow-4.8-ignore-login-prompt.patch Patch13: shadow-4.8-ignore-login-prompt.patch
# https://github.com/shadow-maint/shadow/pull/395 # https://github.com/shadow-maint/shadow/commit/c6847011e8b656adacd9a0d2a78418cad0de34cb
Patch14: shadow-4.9-newuidmap-libeconf-dependency.patch Patch14: shadow-4.9-newuidmap-libeconf-dependency.patch
# https://github.com/shadow-maint/shadow/pull/397 # https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991
Patch15: shadow-4.9-usermod-allow-all-group-types.patch Patch15: shadow-4.9-usermod-allow-all-group-types.patch
# https://github.com/shadow-maint/shadow/pull/399
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
BuildRequires: make BuildRequires: make
@ -111,6 +113,7 @@ Development files for shadow-utils-subid.
%patch13 -p1 -b .login-prompt %patch13 -p1 -b .login-prompt
%patch14 -p1 -b .newuidmap-libeconf-dependency %patch14 -p1 -b .newuidmap-libeconf-dependency
%patch15 -p1 -b .usermod-allow-all-group-types %patch15 -p1 -b .usermod-allow-all-group-types
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -281,6 +284,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_libdir}/libsubid.so %{_libdir}/libsubid.so
%changelog %changelog
* Mon Aug 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-2
- useradd: avoid generating an empty subid range (#1990653)
* Wed Aug 4 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-1 * Wed Aug 4 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-1
- Rebase to version 4.9 - Rebase to version 4.9
- usermod: allow all group types with -G option (#1975327) - usermod: allow all group types with -G option (#1975327)