- getsubids: provide system binary and man page
- useradd: generate home and mail directories with selinux user attribute - useradd: revert fix memleak of grp - groupdel: fix SIGSEGV when passwd does not exist - pwck: fix segfault when calling fprintf() - newgrp: fix segmentation fault - Clean spec file: organize dependencies and move License location Resolves: #2013015 Resolves: #1993081 Resolves: #2020238 Resolves: #2024834 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
parent
c565b30bac
commit
4b31c38f8e
245
shadow-4.9-getsubids.patch
Normal file
245
shadow-4.9-getsubids.patch
Normal file
@ -0,0 +1,245 @@
|
|||||||
|
diff -up shadow-4.9/man/getsubids.1.xml.getsubids shadow-4.9/man/getsubids.1.xml
|
||||||
|
--- shadow-4.9/man/getsubids.1.xml.getsubids 2021-11-18 16:27:33.951053120 +0100
|
||||||
|
+++ shadow-4.9/man/getsubids.1.xml 2021-11-18 16:27:33.951053120 +0100
|
||||||
|
@@ -0,0 +1,141 @@
|
||||||
|
+<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
+<!--
|
||||||
|
+ Copyright (c) 2021 Iker Pedrosa
|
||||||
|
+ All rights reserved.
|
||||||
|
+
|
||||||
|
+ Redistribution and use in source and binary forms, with or without
|
||||||
|
+ modification, are permitted provided that the following conditions
|
||||||
|
+ are met:
|
||||||
|
+ 1. Redistributions of source code must retain the above copyright
|
||||||
|
+ notice, this list of conditions and the following disclaimer.
|
||||||
|
+ 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
+ notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ documentation and/or other materials provided with the distribution.
|
||||||
|
+ 3. The name of the copyright holders or contributors may not be used to
|
||||||
|
+ endorse or promote products derived from this software without
|
||||||
|
+ specific prior written permission.
|
||||||
|
+
|
||||||
|
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||||
|
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
+-->
|
||||||
|
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
||||||
|
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
||||||
|
+<!-- SHADOW-CONFIG-HERE -->
|
||||||
|
+]>
|
||||||
|
+
|
||||||
|
+<refentry id='getsubids.1'>
|
||||||
|
+ <refentryinfo>
|
||||||
|
+ <author>
|
||||||
|
+ <firstname>Iker</firstname>
|
||||||
|
+ <surname>Pedrosa</surname>
|
||||||
|
+ <contrib>Creation, 2021</contrib>
|
||||||
|
+ </author>
|
||||||
|
+ </refentryinfo>
|
||||||
|
+ <refmeta>
|
||||||
|
+ <refentrytitle>getsubids</refentrytitle>
|
||||||
|
+ <manvolnum>1</manvolnum>
|
||||||
|
+ <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
|
||||||
|
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
|
||||||
|
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
||||||
|
+ </refmeta>
|
||||||
|
+ <refnamediv id='name'>
|
||||||
|
+ <refname>getsubids</refname>
|
||||||
|
+ <refpurpose>get the subordinate id ranges for a user</refpurpose>
|
||||||
|
+ </refnamediv>
|
||||||
|
+
|
||||||
|
+ <refsynopsisdiv id='synopsis'>
|
||||||
|
+ <cmdsynopsis>
|
||||||
|
+ <command>getsubids</command>
|
||||||
|
+ <arg choice='opt'>
|
||||||
|
+ <replaceable>options</replaceable>
|
||||||
|
+ </arg>
|
||||||
|
+ <arg choice='plain'>
|
||||||
|
+ <replaceable>USER</replaceable>
|
||||||
|
+ </arg>
|
||||||
|
+ </cmdsynopsis>
|
||||||
|
+ </refsynopsisdiv>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='description'>
|
||||||
|
+ <title>DESCRIPTION</title>
|
||||||
|
+ <para>
|
||||||
|
+ The <command>getsubids</command> command lists the subordinate user ID
|
||||||
|
+ ranges for a given user. The subordinate group IDs can be listed using
|
||||||
|
+ the <option>-g</option> option.
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='options'>
|
||||||
|
+ <title>OPTIONS</title>
|
||||||
|
+ <para>
|
||||||
|
+ The options which apply to the <command>getsubids</command> command are:
|
||||||
|
+ </para>
|
||||||
|
+ <variablelist remap='IP'>
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term>
|
||||||
|
+ <option>-g</option>
|
||||||
|
+ </term>
|
||||||
|
+ <listitem>
|
||||||
|
+ <para>
|
||||||
|
+ List the subordinate group ID ranges.
|
||||||
|
+ </para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
+ </variablelist>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='example'>
|
||||||
|
+ <title>EXAMPLE</title>
|
||||||
|
+ <para>
|
||||||
|
+ For example, to obtain the subordinate UIDs of the testuser:
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+<programlisting>
|
||||||
|
+$ getsubids testuser
|
||||||
|
+0: testuser 100000 65536
|
||||||
|
+</programlisting>
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ This command output provides (in order from left to right) the list
|
||||||
|
+ index, username, UID range start, and number of UIDs in range.
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='see_also'>
|
||||||
|
+ <title>SEE ALSO</title>
|
||||||
|
+ <para>
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
+ </citerefentry>.
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+</refentry>
|
||||||
|
diff -up shadow-4.9/man/Makefile.am.getsubids shadow-4.9/man/Makefile.am
|
||||||
|
--- shadow-4.9/man/Makefile.am.getsubids 2021-07-22 23:55:35.000000000 +0200
|
||||||
|
+++ shadow-4.9/man/Makefile.am 2021-11-18 16:27:33.951053120 +0100
|
||||||
|
@@ -62,6 +62,7 @@ man_MANS += $(man_nopam)
|
||||||
|
endif
|
||||||
|
|
||||||
|
man_subids = \
|
||||||
|
+ man1/getsubids.1 \
|
||||||
|
man1/newgidmap.1 \
|
||||||
|
man1/newuidmap.1 \
|
||||||
|
man5/subgid.5 \
|
||||||
|
@@ -80,6 +81,7 @@ man_XMANS = \
|
||||||
|
expiry.1.xml \
|
||||||
|
faillog.5.xml \
|
||||||
|
faillog.8.xml \
|
||||||
|
+ getsubids.1.xml \
|
||||||
|
gpasswd.1.xml \
|
||||||
|
groupadd.8.xml \
|
||||||
|
groupdel.8.xml \
|
||||||
|
diff -up shadow-4.9/src/getsubids.c.getsubids shadow-4.9/src/getsubids.c
|
||||||
|
--- shadow-4.9/src/getsubids.c.getsubids 2021-11-18 16:27:33.951053120 +0100
|
||||||
|
+++ shadow-4.9/src/getsubids.c 2021-11-18 16:27:33.951053120 +0100
|
||||||
|
@@ -0,0 +1,46 @@
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include "subid.h"
|
||||||
|
+#include "prototypes.h"
|
||||||
|
+
|
||||||
|
+const char *Prog;
|
||||||
|
+FILE *shadow_logfd = NULL;
|
||||||
|
+
|
||||||
|
+void usage(void)
|
||||||
|
+{
|
||||||
|
+ fprintf(stderr, "Usage: %s [-g] user\n", Prog);
|
||||||
|
+ fprintf(stderr, " list subuid ranges for user\n");
|
||||||
|
+ fprintf(stderr, " pass -g to list subgid ranges\n");
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ int i, count=0;
|
||||||
|
+ struct subid_range *ranges;
|
||||||
|
+ const char *owner;
|
||||||
|
+
|
||||||
|
+ Prog = Basename (argv[0]);
|
||||||
|
+ shadow_logfd = stderr;
|
||||||
|
+ if (argc < 2)
|
||||||
|
+ usage();
|
||||||
|
+ owner = argv[1];
|
||||||
|
+ if (argc == 3 && strcmp(argv[1], "-g") == 0) {
|
||||||
|
+ owner = argv[2];
|
||||||
|
+ count = get_subgid_ranges(owner, &ranges);
|
||||||
|
+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
|
||||||
|
+ usage();
|
||||||
|
+ } else {
|
||||||
|
+ count = get_subuid_ranges(owner, &ranges);
|
||||||
|
+ }
|
||||||
|
+ if (!ranges) {
|
||||||
|
+ fprintf(stderr, "Error fetching ranges\n");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ for (i = 0; i < count; i++) {
|
||||||
|
+ printf("%d: %s %lu %lu\n", i, owner,
|
||||||
|
+ ranges[i].start, ranges[i].count);
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff -up shadow-4.9/src/list_subid_ranges.c.getsubids shadow-4.9/src/list_subid_ranges.c
|
||||||
|
diff -up shadow-4.9/src/Makefile.am.getsubids shadow-4.9/src/Makefile.am
|
||||||
|
--- shadow-4.9/src/Makefile.am.getsubids 2021-11-18 16:27:33.943053061 +0100
|
||||||
|
+++ shadow-4.9/src/Makefile.am 2021-11-18 16:28:03.647272392 +0100
|
||||||
|
@@ -157,8 +157,8 @@ if FCAPS
|
||||||
|
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
|
||||||
|
endif
|
||||||
|
|
||||||
|
-noinst_PROGRAMS += list_subid_ranges \
|
||||||
|
- get_subid_owners \
|
||||||
|
+bin_PROGRAMS += getsubids
|
||||||
|
+noinst_PROGRAMS += get_subid_owners \
|
||||||
|
new_subid_range \
|
||||||
|
free_subid_range \
|
||||||
|
check_subid_range
|
||||||
|
@@ -174,13 +174,13 @@ MISCLIBS = \
|
||||||
|
$(LIBCRYPT) \
|
||||||
|
$(LIBTCB)
|
||||||
|
|
||||||
|
-list_subid_ranges_LDADD = \
|
||||||
|
+getsubids_LDADD = \
|
||||||
|
$(top_builddir)/lib/libshadow.la \
|
||||||
|
$(top_builddir)/libmisc/libmisc.la \
|
||||||
|
$(top_builddir)/libsubid/libsubid.la \
|
||||||
|
$(MISCLIBS) -ldl
|
||||||
|
|
||||||
|
-list_subid_ranges_CPPFLAGS = \
|
||||||
|
+getsubids_CPPFLAGS = \
|
||||||
|
-I$(top_srcdir)/lib \
|
||||||
|
-I$(top_srcdir)/libmisc \
|
||||||
|
-I$(top_srcdir)/libsubid
|
@ -0,0 +1,13 @@
|
|||||||
|
diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c
|
||||||
|
--- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist 2021-11-19 09:21:36.997091941 +0100
|
||||||
|
+++ shadow-4.9/libmisc/prefix_flag.c 2021-11-19 09:22:19.001341010 +0100
|
||||||
|
@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
|
||||||
|
if(!passwd_db_file) {
|
||||||
|
return getpwent();
|
||||||
|
}
|
||||||
|
+ if (!fp_pwent) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
return fgetpwent(fp_pwent);
|
||||||
|
}
|
||||||
|
extern void prefix_endpwent()
|
@ -1,8 +1,22 @@
|
|||||||
|
From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Date: Fri, 8 Oct 2021 13:09:59 +0200
|
||||||
|
Subject: [PATCH] useradd: create directories after the SELinux user
|
||||||
|
|
||||||
|
Create the home and mail folders after the SELinux user has been set for
|
||||||
|
the added user. This will allow the folders to be created with the
|
||||||
|
SELinux user label.
|
||||||
|
|
||||||
|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
---
|
||||||
|
src/useradd.c | 46 +++++++++++++++++++++++-----------------------
|
||||||
|
1 file changed, 23 insertions(+), 23 deletions(-)
|
||||||
|
|
||||||
diff --git a/src/useradd.c b/src/useradd.c
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
index baeffb35..02e1402c 100644
|
index 6269c01c..b463a170 100644
|
||||||
--- a/src/useradd.c
|
--- a/src/useradd.c
|
||||||
+++ b/src/useradd.c
|
+++ b/src/useradd.c
|
||||||
@@ -2644,27 +2644,12 @@ int main (int argc, char **argv)
|
@@ -2670,27 +2670,12 @@ int main (int argc, char **argv)
|
||||||
|
|
||||||
usr_update ();
|
usr_update ();
|
||||||
|
|
||||||
@ -34,17 +48,14 @@ index baeffb35..02e1402c 100644
|
|||||||
/*
|
/*
|
||||||
* tallylog_reset needs to be able to lookup
|
* tallylog_reset needs to be able to lookup
|
||||||
* a valid existing user name,
|
* a valid existing user name,
|
||||||
@@ -2695,9 +2680,24 @@ int main (int argc, char **argv)
|
@@ -2716,15 +2701,30 @@ int main (int argc, char **argv)
|
||||||
exit(1);
|
|
||||||
}
|
}
|
||||||
|
#endif /* WITH_SELINUX */
|
||||||
|
|
||||||
- nscd_flush_cache ("passwd");
|
|
||||||
- nscd_flush_cache ("group");
|
|
||||||
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
|
||||||
+ if (mflg) {
|
+ if (mflg) {
|
||||||
+ create_home ();
|
+ create_home ();
|
||||||
+ if (home_added) {
|
+ if (home_added) {
|
||||||
+ copy_tree (def_template, prefix_user_home, false, true,
|
+ copy_tree (def_template, prefix_user_home, false, false,
|
||||||
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||||
+ } else {
|
+ } else {
|
||||||
+ fprintf (stderr,
|
+ fprintf (stderr,
|
||||||
@ -59,6 +70,19 @@ index baeffb35..02e1402c 100644
|
|||||||
+ if (!rflg) {
|
+ if (!rflg) {
|
||||||
+ create_mail ();
|
+ create_mail ();
|
||||||
+ }
|
+ }
|
||||||
|
+
|
||||||
|
if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name,
|
||||||
|
"useradd")) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- nscd_flush_cache ("passwd");
|
||||||
|
- nscd_flush_cache ("group");
|
||||||
|
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||||
|
-
|
||||||
return E_SUCCESS;
|
return E_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
35
shadow-4.9-newgrp-fix-segmentation-fault.patch
Normal file
35
shadow-4.9-newgrp-fix-segmentation-fault.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Date: Wed, 10 Nov 2021 12:02:04 +0100
|
||||||
|
Subject: [PATCH] newgrp: fix segmentation fault
|
||||||
|
|
||||||
|
Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
|
||||||
|
that is immediately freed.
|
||||||
|
|
||||||
|
The error was committed in
|
||||||
|
https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553
|
||||||
|
|
||||||
|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
---
|
||||||
|
src/newgrp.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/newgrp.c b/src/newgrp.c
|
||||||
|
index 730f47e8..566f1c89 100644
|
||||||
|
--- a/src/newgrp.c
|
||||||
|
+++ b/src/newgrp.c
|
||||||
|
@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp,
|
||||||
|
spwd = xgetspnam (pwd->pw_name);
|
||||||
|
if (NULL != spwd) {
|
||||||
|
pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
|
||||||
|
+ spw_free (spwd);
|
||||||
|
}
|
||||||
|
- spw_free (spwd);
|
||||||
|
|
||||||
|
if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
|
||||||
|
needspasswd = true;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
30
shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
Normal file
30
shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Date: Mon, 15 Nov 2021 12:40:15 +0100
|
||||||
|
Subject: [PATCH] pwck: fix segfault when calling fprintf()
|
||||||
|
|
||||||
|
As shadow_logfd variable is not set at the beginning of the program if
|
||||||
|
something fails and fprintf() is called a segmentation fault happens.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
|
||||||
|
|
||||||
|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
---
|
||||||
|
src/pwck.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/pwck.c b/src/pwck.c
|
||||||
|
index 4248944a..4ce86af2 100644
|
||||||
|
--- a/src/pwck.c
|
||||||
|
+++ b/src/pwck.c
|
||||||
|
@@ -857,6 +857,7 @@ int main (int argc, char **argv)
|
||||||
|
* Get my name so that I can use it to report errors.
|
||||||
|
*/
|
||||||
|
Prog = Basename (argv[0]);
|
||||||
|
+ shadow_logfd = stderr;
|
||||||
|
|
||||||
|
(void) setlocale (LC_ALL, "");
|
||||||
|
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
30
shadow-4.9-revert-useradd-fix-memleak.patch
Normal file
30
shadow-4.9-revert-useradd-fix-memleak.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Sat, 14 Aug 2021 19:37:24 -0500
|
||||||
|
Subject: [PATCH] Revert "useradd.c:fix memleaks of grp"
|
||||||
|
|
||||||
|
In some cases, the value which was being freed is not actually
|
||||||
|
safe to free.
|
||||||
|
|
||||||
|
Closes #394
|
||||||
|
|
||||||
|
This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5.
|
||||||
|
---
|
||||||
|
src/useradd.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
|
index f90127cd..0d3f390d 100644
|
||||||
|
--- a/src/useradd.c
|
||||||
|
+++ b/src/useradd.c
|
||||||
|
@@ -413,7 +413,6 @@ static void get_defaults (void)
|
||||||
|
} else {
|
||||||
|
def_group = grp->gr_gid;
|
||||||
|
def_gname = xstrdup (grp->gr_name);
|
||||||
|
- gr_free(grp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
61
shadow-4.9-semanage-close-the-selabel-handle.patch
Normal file
61
shadow-4.9-semanage-close-the-selabel-handle.patch
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
Date: Fri, 8 Oct 2021 13:13:13 +0200
|
||||||
|
Subject: [PATCH] semanage: close the selabel handle
|
||||||
|
|
||||||
|
Close the selabel handle to update the file_context. This means that the
|
||||||
|
file_context will be remmaped and used by selabel_lookup() to return
|
||||||
|
the appropriate context to label the home folder.
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081
|
||||||
|
|
||||||
|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||||
|
---
|
||||||
|
lib/prototypes.h | 1 +
|
||||||
|
lib/selinux.c | 5 +++++
|
||||||
|
lib/semanage.c | 1 +
|
||||||
|
3 files changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/prototypes.h b/lib/prototypes.h
|
||||||
|
index 1d1586d4..b697e0ec 100644
|
||||||
|
--- a/lib/prototypes.h
|
||||||
|
+++ b/lib/prototypes.h
|
||||||
|
@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
|
||||||
|
/* selinux.c */
|
||||||
|
#ifdef WITH_SELINUX
|
||||||
|
extern int set_selinux_file_context (const char *dst_name, mode_t mode);
|
||||||
|
+extern void reset_selinux_handle (void);
|
||||||
|
extern int reset_selinux_file_context (void);
|
||||||
|
extern int check_selinux_permit (const char *perm_name);
|
||||||
|
#endif
|
||||||
|
diff --git a/lib/selinux.c b/lib/selinux.c
|
||||||
|
index c83545f9..b075d4c0 100644
|
||||||
|
--- a/lib/selinux.c
|
||||||
|
+++ b/lib/selinux.c
|
||||||
|
@@ -50,6 +50,11 @@ static void cleanup(void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+void reset_selinux_handle (void)
|
||||||
|
+{
|
||||||
|
+ cleanup();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* set_selinux_file_context - Set the security context before any file or
|
||||||
|
* directory creation.
|
||||||
|
diff --git a/lib/semanage.c b/lib/semanage.c
|
||||||
|
index 0d30456a..a5bf9218 100644
|
||||||
|
--- a/lib/semanage.c
|
||||||
|
+++ b/lib/semanage.c
|
||||||
|
@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
|
+ reset_selinux_handle();
|
||||||
|
|
||||||
|
done:
|
||||||
|
semanage_seuser_key_free (key);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
13
shadow-4.9-useradd-copy-tree-argument.patch
Normal file
13
shadow-4.9-useradd-copy-tree-argument.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
|
index b463a170..f7c97958 100644
|
||||||
|
--- a/src/useradd.c
|
||||||
|
+++ b/src/useradd.c
|
||||||
|
@@ -2704,7 +2704,7 @@ int main (int argc, char **argv)
|
||||||
|
if (mflg) {
|
||||||
|
create_home ();
|
||||||
|
if (home_added) {
|
||||||
|
- copy_tree (def_template, prefix_user_home, false, false,
|
||||||
|
+ copy_tree (def_template, prefix_user_home, false, true,
|
||||||
|
(uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||||
|
} else {
|
||||||
|
fprintf (stderr,
|
@ -1,8 +1,9 @@
|
|||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.9
|
Version: 4.9
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
|
License: BSD and GPLv2+
|
||||||
URL: https://github.com/shadow-maint/shadow
|
URL: https://github.com/shadow-maint/shadow
|
||||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||||
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||||
@ -20,7 +21,7 @@ Source6: shadow-utils.HOME_MODE.xml
|
|||||||
Patch0: shadow-4.9-redhat.patch
|
Patch0: shadow-4.9-redhat.patch
|
||||||
# Be more lenient with acceptable user/group names - non upstreamable
|
# Be more lenient with acceptable user/group names - non upstreamable
|
||||||
Patch1: shadow-4.8-goodname.patch
|
Patch1: shadow-4.8-goodname.patch
|
||||||
# Move create home to the end of main - upstreamability unknown
|
# https://github.com/shadow-maint/shadow/commit/09c752f00f9dfc610f66d68be38c9e5be8ca7f15
|
||||||
Patch2: shadow-4.9-move-create-home.patch
|
Patch2: shadow-4.9-move-create-home.patch
|
||||||
# SElinux related - upstreamability unknown
|
# SElinux related - upstreamability unknown
|
||||||
Patch3: shadow-4.9-default-range.patch
|
Patch3: shadow-4.9-default-range.patch
|
||||||
@ -52,20 +53,46 @@ Patch15: shadow-4.9-usermod-allow-all-group-types.patch
|
|||||||
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
|
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
|
||||||
# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62
|
# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62
|
||||||
Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
|
Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/234af5cf67fc1a3ba99fc246ba65869a3c416545
|
||||||
|
Patch18: shadow-4.9-semanage-close-the-selabel-handle.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/4624e9fca1b02b64e25e8b2280a0186182ab73ba
|
||||||
|
Patch19: shadow-4.9-revert-useradd-fix-memleak.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2
|
||||||
|
Patch20: shadow-4.9-useradd-copy-tree-argument.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f
|
||||||
|
Patch21: shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948
|
||||||
|
Patch22: shadow-4.9-newgrp-fix-segmentation-fault.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734
|
||||||
|
Patch23: shadow-4.9-getsubids.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
|
||||||
|
Patch24: shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
|
||||||
|
|
||||||
License: BSD and GPLv2+
|
### Dependencies ###
|
||||||
BuildRequires: make
|
|
||||||
BuildRequires: gcc
|
|
||||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
|
||||||
BuildRequires: audit-libs-devel >= 1.6.5
|
|
||||||
BuildRequires: libsemanage-devel
|
|
||||||
BuildRequires: libacl-devel, libattr-devel
|
|
||||||
BuildRequires: bison, flex, docbook-style-xsl, docbook-dtds
|
|
||||||
BuildRequires: autoconf, automake, libtool, gettext-devel
|
|
||||||
BuildRequires: /usr/bin/xsltproc, /usr/bin/itstool
|
|
||||||
Requires: libselinux >= 1.25.2-1
|
|
||||||
Requires: audit-libs >= 1.6.5
|
Requires: audit-libs >= 1.6.5
|
||||||
|
Requires: libselinux >= 1.25.2-1
|
||||||
Requires: setup
|
Requires: setup
|
||||||
|
|
||||||
|
### Build Dependencies ###
|
||||||
|
BuildRequires: audit-libs-devel >= 1.6.5
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: bison
|
||||||
|
BuildRequires: docbook-dtds
|
||||||
|
BuildRequires: docbook-style-xsl
|
||||||
|
BuildRequires: flex
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: gettext-devel
|
||||||
|
BuildRequires: itstool
|
||||||
|
BuildRequires: libacl-devel
|
||||||
|
BuildRequires: libattr-devel
|
||||||
|
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||||
|
BuildRequires: libsemanage-devel
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: libxslt
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
|
### Provides ###
|
||||||
Provides: shadow = %{epoch}:%{version}-%{release}
|
Provides: shadow = %{epoch}:%{version}-%{release}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -117,6 +144,13 @@ Development files for shadow-utils-subid.
|
|||||||
%patch15 -p1 -b .usermod-allow-all-group-types
|
%patch15 -p1 -b .usermod-allow-all-group-types
|
||||||
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
|
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
|
||||||
%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds
|
%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds
|
||||||
|
%patch18 -p1 -b .semanage-close-the-selabel-handle
|
||||||
|
%patch19 -p1 -b .revert-useradd-fix-memleak
|
||||||
|
%patch20 -p1 -b .useradd-copy-tree-argument
|
||||||
|
%patch21 -p1 -b .pwck-fix-segfault-when-calling-fprintf
|
||||||
|
%patch22 -p1 -b .newgrp-fix-segmentation-fault
|
||||||
|
%patch23 -p1 -b .getsubids
|
||||||
|
%patch24 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
@ -279,12 +313,23 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
|||||||
|
|
||||||
%files subid
|
%files subid
|
||||||
%{_libdir}/libsubid.so.*
|
%{_libdir}/libsubid.so.*
|
||||||
|
%{_bindir}/getsubids
|
||||||
|
%{_mandir}/man1/getsubids.1*
|
||||||
|
|
||||||
%files subid-devel
|
%files subid-devel
|
||||||
%{includesubiddir}/subid.h
|
%{includesubiddir}/subid.h
|
||||||
%{_libdir}/libsubid.so
|
%{_libdir}/libsubid.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 2 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-3
|
||||||
|
- getsubids: provide system binary and man page. Resolves: #2013015
|
||||||
|
- useradd: generate home and mail directories with selinux user attribute. Resolves: #1993081
|
||||||
|
- useradd: revert fix memleak of grp. Resolves: #2020238
|
||||||
|
- groupdel: fix SIGSEGV when passwd does not exist. Resolves: #2024834
|
||||||
|
- pwck: fix segfault when calling fprintf()
|
||||||
|
- newgrp: fix segmentation fault
|
||||||
|
- Clean spec file: organize dependencies and move License location
|
||||||
|
|
||||||
* Tue Aug 17 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-2
|
* Tue Aug 17 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-2
|
||||||
- libmisc: fix default value in SHA_get_salt_rounds(). Resolves: #1993919
|
- libmisc: fix default value in SHA_get_salt_rounds(). Resolves: #1993919
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user