From abc277db5652f445fe8b9398bfde02f7c2b5b687 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Thu, 16 Jul 2009 13:41:55 +0000 Subject: [PATCH] - fix a list of owned directories (#510366) - reduce the reuse of system IDs - speed up sys users look up on LDAP boxes (#511813) --- shadow-4.1.4.1-ldap.patch | 85 ++++++++++ shadow-4.1.4.1-sysacc.patch | 300 ++++++++++++++++++++++++++++++++++++ shadow-utils.spec | 19 ++- 3 files changed, 402 insertions(+), 2 deletions(-) create mode 100644 shadow-4.1.4.1-ldap.patch create mode 100644 shadow-4.1.4.1-sysacc.patch diff --git a/shadow-4.1.4.1-ldap.patch b/shadow-4.1.4.1-ldap.patch new file mode 100644 index 0000000..9d97188 --- /dev/null +++ b/shadow-4.1.4.1-ldap.patch @@ -0,0 +1,85 @@ +diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.ldap shadow-4.1.4.1/libmisc/find_new_gid.c +--- shadow-4.1.4.1/libmisc/find_new_gid.c.ldap 2009-07-16 10:37:41.653798746 +0200 ++++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 10:44:14.482808945 +0200 +@@ -90,17 +90,26 @@ int find_new_gid (bool sys_group, + * but we also check the local database (gr_rewind/gr_next) in case + * some groups were created but the changes were not committed yet. + */ +- setgrent (); +- while ((grp = getgrent ()) != NULL) { +- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { +- group_id = grp->gr_gid + 1; ++ if (sys_group ) { ++ for(group_id = gid_min; group_id<=gid_max; group_id++) { ++ grp = getgrgid(group_id); ++ if(grp) ++ used_gids[grp->gr_gid] = true; + } +- /* create index of used GIDs */ +- if (grp->gr_gid <= gid_max) { +- used_gids[grp->gr_gid] = true; ++ } ++ else { ++ setgrent (); ++ while ((grp = getgrent ()) != NULL) { ++ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { ++ group_id = grp->gr_gid + 1; ++ } ++ /* create index of used GIDs */ ++ if (grp->gr_gid <= gid_max) { ++ used_gids[grp->gr_gid] = true; ++ } + } ++ endgrent (); + } +- endgrent (); + gr_rewind (); + while ((grp = gr_next ()) != NULL) { + if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { +diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.ldap shadow-4.1.4.1/libmisc/find_new_uid.c +--- shadow-4.1.4.1/libmisc/find_new_uid.c.ldap 2009-07-16 10:37:41.653798746 +0200 ++++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 10:37:41.668798323 +0200 +@@ -91,17 +91,27 @@ int find_new_uid (bool sys_user, + * but we also check the local database (pw_rewind/pw_next) in case + * some users were created but the changes were not committed yet. + */ +- setpwent (); +- while ((pwd = getpwent ()) != NULL) { +- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { +- user_id = pwd->pw_uid + 1; ++ /* speed up sys users look up on LDAP boxes */ ++ if (sys_user) { ++ for (user_id = uid_min; user_id<=uid_max; user_id++) { ++ pwd = getpwuid(user_id); ++ if(pwd) ++ used_uids[user_id] = true; + } +- /* create index of used UIDs */ +- if (pwd->pw_uid <= uid_max) { +- used_uids[pwd->pw_uid] = true; ++ } ++ else { ++ setpwent (); ++ while ((pwd = getpwent ()) != NULL) { ++ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { ++ user_id = pwd->pw_uid + 1; ++ } ++ /* create index of used UIDs */ ++ if (pwd->pw_uid <= uid_max) { ++ used_uids[pwd->pw_uid] = true; ++ } + } ++ endpwent (); + } +- endpwent (); + pw_rewind (); + while ((pwd = pw_next ()) != NULL) { + if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { +@@ -113,6 +123,7 @@ int find_new_uid (bool sys_user, + } + } + ++ + /* find free system account in reverse order */ + if (sys_user) { + for (user_id = uid_max; user_id >= uid_min; user_id--) { diff --git a/shadow-4.1.4.1-sysacc.patch b/shadow-4.1.4.1-sysacc.patch new file mode 100644 index 0000000..3e204bd --- /dev/null +++ b/shadow-4.1.4.1-sysacc.patch @@ -0,0 +1,300 @@ +diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc shadow-4.1.4.1/libmisc/find_new_gid.c +--- shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc 2009-07-16 11:51:34.807860808 +0200 ++++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 14:19:08.678798578 +0200 +@@ -52,7 +52,7 @@ int find_new_gid (bool sys_group, + /*@null@*/gid_t const *preferred_gid) + { + const struct group *grp; +- gid_t gid_min, gid_max, group_id; ++ gid_t gid_min, gid_max, group_id, id; + bool *used_gids; + + assert (gid != NULL); +@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group, + gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL); + gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL); + } else { +- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL); ++ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL); + gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1; + gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); + } +@@ -80,7 +80,6 @@ int find_new_gid (bool sys_group, + return 0; + } + +- group_id = gid_min; + + /* + * Search the entire group file, +@@ -91,13 +90,28 @@ int find_new_gid (bool sys_group, + * some groups were created but the changes were not committed yet. + */ + if (sys_group ) { +- for(group_id = gid_min; group_id<=gid_max; group_id++) { +- grp = getgrgid(group_id); +- if(grp) ++ group_id = gid_max; ++ for(id = gid_max; id>=gid_min; id--) { ++ grp = getgrgid(id); ++ if(grp) { ++ group_id = id - 1; + used_gids[grp->gr_gid] = true; ++ } ++ } ++ ++ gr_rewind (); ++ while ((grp = gr_next ()) != NULL) { ++ if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) { ++ group_id = grp->gr_gid - 1; ++ } ++ /* create index of used GIDs */ ++ if (grp->gr_gid <= gid_max) { ++ used_gids[grp->gr_gid] = true; ++ } + } + } + else { ++ group_id = gid_min; + setgrent (); + while ((grp = getgrent ()) != NULL) { + if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { +@@ -109,32 +123,16 @@ int find_new_gid (bool sys_group, + } + } + endgrent (); +- } +- gr_rewind (); +- while ((grp = gr_next ()) != NULL) { +- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { +- group_id = grp->gr_gid + 1; +- } +- /* create index of used GIDs */ +- if (grp->gr_gid <= gid_max) { +- used_gids[grp->gr_gid] = true; +- } +- } + +- /* find free system account in reverse order */ +- if (sys_group) { +- for (group_id = gid_max; group_id >= gid_min; group_id--) { +- if (false == used_gids[group_id]) { +- break; ++ gr_rewind (); ++ while ((grp = gr_next ()) != NULL) { ++ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { ++ group_id = grp->gr_gid + 1; ++ } ++ /* create index of used GIDs */ ++ if (grp->gr_gid <= gid_max) { ++ used_gids[grp->gr_gid] = true; + } +- } +- if ( group_id < gid_min ) { +- fprintf (stderr, +- _("%s: Can't get unique GID (no more available GIDs)\n"), +- Prog); +- SYSLOG ((LOG_WARN, +- "no more available GID on the system")); +- return -1; + } + } + +@@ -143,16 +141,35 @@ int find_new_gid (bool sys_group, + * will give us GID_MAX+1 even if not unique. Search for the first + * free GID starting with GID_MIN. + */ +- if (group_id == gid_max + 1) { +- for (group_id = gid_min; group_id < gid_max; group_id++) { +- if (false == used_gids[group_id]) { +- break; ++ if (sys_group) { ++ if (group_id == gid_min - 1) { ++ for (group_id = gid_max; group_id >= gid_min; group_id--) { ++ if (false == used_gids[group_id]) { ++ break; ++ } ++ } ++ if ( group_id < gid_min ) { ++ fprintf (stderr, ++ _("%s: Can't get unique GID (no more available GIDs)\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, ++ "no more available GID on the system")); ++ return -1; + } + } +- if (group_id == gid_max) { +- fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog); +- SYSLOG ((LOG_WARN, "no more available GID on the system")); +- return -1; ++ } ++ else { ++ if (group_id == gid_max + 1) { ++ for (group_id = gid_min; group_id < gid_max; group_id++) { ++ if (false == used_gids[group_id]) { ++ break; ++ } ++ } ++ if (group_id == gid_max) { ++ fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog); ++ SYSLOG ((LOG_WARN, "no more available GID on the system")); ++ return -1; ++ } + } + } + +diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc shadow-4.1.4.1/libmisc/find_new_uid.c +--- shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc 2009-07-16 11:51:34.807860808 +0200 ++++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 14:13:38.120798526 +0200 +@@ -52,7 +52,7 @@ int find_new_uid (bool sys_user, + /*@null@*/uid_t const *preferred_uid) + { + const struct passwd *pwd; +- uid_t uid_min, uid_max, user_id; ++ uid_t uid_min, uid_max, user_id, id; + bool *used_uids; + + assert (uid != NULL); +@@ -61,7 +61,7 @@ int find_new_uid (bool sys_user, + uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL); + uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); + } else { +- uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL); ++ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL); + uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1; + uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max); + } +@@ -81,8 +81,6 @@ int find_new_uid (bool sys_user, + } + + +- user_id = uid_min; +- + /* + * Search the entire password file, + * looking for the largest unused value. +@@ -91,15 +89,30 @@ int find_new_uid (bool sys_user, + * but we also check the local database (pw_rewind/pw_next) in case + * some users were created but the changes were not committed yet. + */ +- /* speed up sys users look up on LDAP boxes */ + if (sys_user) { +- for (user_id = uid_min; user_id<=uid_max; user_id++) { +- pwd = getpwuid(user_id); +- if(pwd) ++ user_id = uid_max; ++ for (id = uid_max; id>=uid_min; id--) { ++ pwd = getpwuid(id); ++ if(pwd) { ++ user_id = id - 1; + used_uids[user_id] = true; ++ } + } ++ ++ pw_rewind (); ++ while ((pwd = pw_next ()) != NULL) { ++ if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) { ++ user_id = pwd->pw_uid - 1; ++ } ++ /* create index of used UIDs */ ++ if (pwd->pw_uid <= uid_max) { ++ used_uids[pwd->pw_uid] = true; ++ } ++ } ++ + } + else { ++ user_id = uid_min; + setpwent (); + while ((pwd = getpwent ()) != NULL) { + if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { +@@ -111,51 +124,55 @@ int find_new_uid (bool sys_user, + } + } + endpwent (); +- } +- pw_rewind (); +- while ((pwd = pw_next ()) != NULL) { +- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { +- user_id = pwd->pw_uid + 1; +- } +- /* create index of used UIDs */ +- if (pwd->pw_uid <= uid_max) { +- used_uids[pwd->pw_uid] = true; +- } +- } +- + +- /* find free system account in reverse order */ +- if (sys_user) { +- for (user_id = uid_max; user_id >= uid_min; user_id--) { +- if (false == used_uids[user_id]) { +- break; ++ pw_rewind (); ++ while ((pwd = pw_next ()) != NULL) { ++ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { ++ user_id = pwd->pw_uid + 1; ++ } ++ /* create index of used UIDs */ ++ if (pwd->pw_uid <= uid_max) { ++ used_uids[pwd->pw_uid] = true; + } +- } +- if (user_id < uid_min ) { +- fprintf (stderr, +- _("%s: Can't get unique system UID (no more available UIDs)\n"), +- Prog); +- SYSLOG ((LOG_WARN, +- "no more available UID on the system")); +- return -1; + } + } + ++ + /* + * If a user with UID equal to UID_MAX exists, the above algorithm + * will give us UID_MAX+1 even if not unique. Search for the first + * free UID starting with UID_MIN. + */ +- if (user_id == uid_max + 1) { +- for (user_id = uid_min; user_id < uid_max; user_id++) { +- if (false == used_uids[user_id]) { +- break; ++ if (sys_user) { ++ if (user_id == uid_min - 1) { ++ for (user_id = uid_max; user_id >= uid_min; user_id--) { ++ if (false == used_uids[user_id]) { ++ break; ++ } ++ } ++ if (user_id < uid_min ) { ++ fprintf (stderr, ++ _("%s: Can't get unique system UID (no more available UIDs)\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, ++ "no more available UID on the system")); ++ return -1; + } + } +- if (user_id == uid_max) { +- fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog); +- SYSLOG ((LOG_WARN, "no more available UID on the system")); +- return -1; ++ } ++ else { ++ if (user_id == uid_max + 1) { ++ for (user_id = uid_min; user_id < uid_max; user_id++) { ++ if (false == used_uids[user_id]) { ++ break; ++ } ++ } ++ if (user_id == uid_max) { ++ fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, "no more available UID on the system")); ++ return -1; ++ } + } + } + diff --git a/shadow-utils.spec b/shadow-utils.spec index 4adf658..ffd2846 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.4.1 -Release: 1%{?dist} +Release: 4%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 @@ -10,6 +10,8 @@ Source2: shadow-4.0.18.1-useradd Patch0: shadow-4.1.4-redhat.patch Patch1: shadow-4.1.4.1-goodname.patch Patch2: shadow-4.1.4.1-largeGroup.patch +Patch3: shadow-4.1.4.1-ldap.patch +Patch4: shadow-4.1.4.1-sysacc.patch License: BSD and GPLv2+ Group: System Environment/Base BuildRequires: libselinux-devel >= 1.25.2-1 @@ -37,6 +39,8 @@ are used for managing group accounts. %patch0 -p1 -b .redhat %patch1 -p1 -b .goodname %patch2 -p1 -b .largeGroup +%patch3 -p1 -b .ldap +%patch4 -p1 -b .sysacc iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -125,7 +129,9 @@ find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||") lang=$(basename $dir) - echo "%%lang($lang) $dir/man*/*" >> shadow.lang + echo "%%lang($lang) $dir" >> shadow.lang + echo "%%lang($lang) $dir/man*" >> shadow.lang +# echo "%%lang($lang) $dir/man*/*" >> shadow.lang done %clean @@ -176,6 +182,15 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Thu Jul 16 2009 Peter Vrabec 2:4.1.4.1-4 +- fix a list of owned directories (#510366) + +* Thu Jul 16 2009 Peter Vrabec 2:4.1.4.1-3 +- reduce the reuse of system IDs + +* Wed Jul 15 2009 Peter Vrabec 2:4.1.4.1-2 +- speed up sys users look up on LDAP boxes (#511813) + * Tue Jun 16 2009 Peter Vrabec 2:4.1.4.1-1 - upgrade