import shadow-utils-4.6-17.el8

This commit is contained in:
CentOS Sources 2022-09-27 16:19:12 -04:00 committed by Stepan Oksanichenko
parent 4d38963f85
commit 6b83065613
2 changed files with 120 additions and 3 deletions

View File

@ -0,0 +1,108 @@
From 3ec32f9975f262073f8fbdecd2bfaee4a1d3db48 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 13 Jul 2022 09:55:14 +0200
Subject: [PATCH] subordinateio: also compare the owner ID
IDs already populate /etc/subuid and /etc/subgid files so it's necessary
not only to check for the owner name but also for the owner ID of a
given range.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2093311
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
lib/subordinateio.c | 50 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index 9ca70b8b..6bc45283 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -17,6 +17,8 @@
#include <ctype.h>
#include <fcntl.h>
+#define ID_SIZE 31
+
/*
* subordinate_dup: create a duplicate range
*
@@ -745,6 +747,40 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
return start == ULONG_MAX ? (gid_t) -1 : start;
}
+static bool get_owner_id(const char *owner, enum subid_type id_type, char *id)
+{
+ struct passwd *pw;
+ struct group *gr;
+ int ret = 0;
+
+ switch (id_type) {
+ case ID_TYPE_UID:
+ pw = getpwnam(owner);
+ if (pw == NULL) {
+ return false;
+ }
+ ret = snprintf(id, ID_SIZE, "%u", pw->pw_uid);
+ if (ret < 0 || ret >= ID_SIZE) {
+ return false;
+ }
+ break;
+ case ID_TYPE_GID:
+ gr = getgrnam(owner);
+ if (gr == NULL) {
+ return false;
+ }
+ ret = snprintf(id, ID_SIZE, "%u", gr->gr_gid);
+ if (ret < 0 || ret >= ID_SIZE) {
+ return false;
+ }
+ break;
+ default:
+ return false;
+ }
+
+ return true;
+}
+
/*
* int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges)
*
@@ -770,6 +806,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
enum subid_status status;
int count = 0;
struct subid_nss_ops *h;
+ char id[ID_SIZE];
+ bool have_owner_id;
*in_ranges = NULL;
@@ -798,6 +836,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
return -1;
}
+ have_owner_id = get_owner_id(owner, id_type, id);
+
commonio_rewind(db);
while ((range = commonio_next(db)) != NULL) {
if (0 == strcmp(range->owner, owner)) {
@@ -808,6 +848,16 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
goto out;
}
}
+
+ // Let's also compare with the ID
+ if (have_owner_id == true && 0 == strcmp(range->owner, id)) {
+ if (!append_range(&ranges, range, count++)) {
+ free(ranges);
+ ranges = NULL;
+ count = -1;
+ goto out;
+ }
+ }
}
out:
--
2.36.1

View File

@ -1,11 +1,11 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.6 Version: 4.6
Release: 16%{?dist} Release: 17%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
Source2: shadow-utils.useradd Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt Source4: shadow-bsd.txt
@ -92,6 +92,8 @@ Patch61: shadow-4.6-respect_enable_static_no.patch
Patch62: shadow-4.6-getsubids.patch Patch62: shadow-4.6-getsubids.patch
# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83 # https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
Patch63: shadow-4.6-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch Patch63: shadow-4.6-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
# https://github.com/shadow-maint/shadow/commit/3ec32f9975f262073f8fbdecd2bfaee4a1d3db48
Patch64: shadow-4.9-subordinateio-compare-owner-ID.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
@ -135,6 +137,7 @@ Utility library that provides a way to manage subid ranges.
%package subid-devel %package subid-devel
Summary: Development package for shadow-utils-subid Summary: Development package for shadow-utils-subid
License: BSD and GPLv2+ License: BSD and GPLv2+
Requires: shadow-utils-subid = %{epoch}:%{version}-%{release}
%description subid-devel %description subid-devel
Development files for shadow-utils-subid. Development files for shadow-utils-subid.
@ -190,6 +193,7 @@ Development files for shadow-utils-subid.
%patch61 -p1 -b .respect_enable_static_no %patch61 -p1 -b .respect_enable_static_no
%patch62 -p1 -b .getsubids %patch62 -p1 -b .getsubids
%patch63 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist %patch63 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
%patch64 -p1 -b .subordinateio-compare-owner-ID
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO cp -f doc/HOWTO.utf8 doc/HOWTO
@ -360,6 +364,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_libdir}/libsubid.so %{_libdir}/libsubid.so
%changelog %changelog
* Thu Jul 21 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-17
- subordinateio: also compare the owner ID. Resolves: #2093311
- Fix release sources
- Add subid requirement for subid-devel
* Thu Dec 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-16 * Thu Dec 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-16
- getsubids: provide system binary and man page. Resolves: #2013016 - getsubids: provide system binary and man page. Resolves: #2013016
- groupdel: fix SIGSEGV when passwd does not exist. Resolves: #1986782 - groupdel: fix SIGSEGV when passwd does not exist. Resolves: #1986782