do not run find_new_uid() twice and use getpwuid() to check UID uniqueness
(#236871)
This commit is contained in:
parent
1db68add04
commit
b17301efe0
113
shadow-4.0.18.1-findNewUidOnce.patch
Normal file
113
shadow-4.0.18.1-findNewUidOnce.patch
Normal file
@ -0,0 +1,113 @@
|
||||
--- shadow-4.0.18.1/src/useradd.c.findNewUidOnce 2007-05-16 13:16:51.000000000 +0200
|
||||
+++ shadow-4.0.18.1/src/useradd.c 2007-05-16 14:12:52.000000000 +0200
|
||||
@@ -847,8 +847,9 @@
|
||||
* find_new_uid - find the next available UID
|
||||
*
|
||||
* find_new_uid() locates the next highest unused UID in the password
|
||||
- * file, or checks the given user ID against the existing ones for
|
||||
- * uniqueness.
|
||||
+ * file.
|
||||
+ * It doesn't make sense to use find_new_uid(), if UID is specified
|
||||
+ * via "-u" option.
|
||||
*/
|
||||
static void find_new_uid (void)
|
||||
{
|
||||
@@ -867,12 +868,7 @@
|
||||
memset (index, 0, sizeof (char) * uid_max + 1);
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Start with some UID value if the user didn't provide us with
|
||||
- * one already.
|
||||
- */
|
||||
- if (!uflg)
|
||||
- user_id = uid_min;
|
||||
+ user_id = uid_min;
|
||||
|
||||
/*
|
||||
* Search the entire password file, either looking for this
|
||||
@@ -886,42 +882,24 @@
|
||||
setpwent ();
|
||||
while ((pwd = getpwent ())) {
|
||||
#endif
|
||||
- if (strcmp (user_name, pwd->pw_name) == 0) {
|
||||
- fprintf (stderr, _("%s: name %s is not unique\n"),
|
||||
- Prog, user_name);
|
||||
-#ifdef WITH_AUDIT
|
||||
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
||||
- user_name, user_id, 0);
|
||||
-#endif
|
||||
- exit (E_NAME_IN_USE);
|
||||
- }
|
||||
- if (!oflg && uflg && user_id == pwd->pw_uid) {
|
||||
- fprintf (stderr, _("%s: UID %u is not unique\n"),
|
||||
- Prog, (unsigned int) user_id);
|
||||
-#ifdef WITH_AUDIT
|
||||
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
||||
- user_name, user_id, 0);
|
||||
-#endif
|
||||
- exit (E_UID_IN_USE);
|
||||
- }
|
||||
- if (!uflg && !rflg && pwd->pw_uid >= user_id) {
|
||||
+ if (!rflg && pwd->pw_uid >= user_id) {
|
||||
if (pwd->pw_uid > uid_max)
|
||||
continue;
|
||||
user_id = pwd->pw_uid + 1;
|
||||
}
|
||||
/* create index of occupied system accounts UIDs */
|
||||
- if (!uflg && rflg && (pwd->pw_uid <= uid_max))
|
||||
+ if (rflg && (pwd->pw_uid <= uid_max))
|
||||
index[pwd->pw_uid] = 1;
|
||||
|
||||
}
|
||||
|
||||
/* find free system account */
|
||||
- if(!uflg && rflg) {
|
||||
+ if(rflg) {
|
||||
for( user_id = uid_max; (user_id >= uid_min) && index[user_id]; user_id--);
|
||||
if ( user_id < uid_min ) {
|
||||
fprintf (stderr, _("%s: can't get unique UID\n"), Prog);
|
||||
fail_exit (E_UID_IN_USE);
|
||||
- }
|
||||
+ }
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -930,7 +908,7 @@
|
||||
* free UID starting with UID_MIN (it's O(n*n) but can be avoided
|
||||
* by not having users with UID equal to UID_MAX). --marekm
|
||||
*/
|
||||
- if (!uflg && user_id == uid_max + 1) {
|
||||
+ if (user_id == uid_max + 1) {
|
||||
for (user_id = uid_min; user_id < uid_max; user_id++) {
|
||||
#ifdef NO_GETPWENT
|
||||
pw_rewind ();
|
||||
@@ -1590,9 +1568,6 @@
|
||||
struct passwd pwent;
|
||||
struct spwd spent;
|
||||
|
||||
- if (!oflg)
|
||||
- find_new_uid ();
|
||||
-
|
||||
/*
|
||||
* Fill in the password structure with any new fields, making
|
||||
* copies of strings.
|
||||
@@ -1911,7 +1886,17 @@
|
||||
/* first, seek for a valid uid to use for this user.
|
||||
* We do this because later we can use the uid we found as
|
||||
* gid too ... --gafton */
|
||||
- find_new_uid ();
|
||||
+ if (!uflg)
|
||||
+ find_new_uid ();
|
||||
+ else {
|
||||
+ if (getpwuid (user_id)) {
|
||||
+ fprintf (stderr, _("%s: UID %u is not unique\n"), Prog, (unsigned int) user_id);
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
|
||||
+#endif
|
||||
+ exit (E_UID_IN_USE);
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
/* do we have to add a group for that user? This is why we need to
|
@ -26,6 +26,7 @@ Patch10: shadow-4.0.18.1-overflow.patch
|
||||
Patch11: shadow-4.0.17-useradd.patch
|
||||
Patch12: shadow-4.0.18.1-appendOption.patch
|
||||
Patch13: shadow-4.0.18.1-sysAccount.patch
|
||||
Patch14: shadow-4.0.18.1-findNewUidOnce.patch
|
||||
|
||||
License: BSD
|
||||
Group: System Environment/Base
|
||||
@ -68,6 +69,7 @@ cp %{SOURCE3} lib/nscd.c
|
||||
%patch11 -p1 -b .useradd
|
||||
%patch12 -p1 -b .appendOption
|
||||
%patch13 -p1 -b .sysAccount
|
||||
%patch14 -p1 -b .findNewUidOnce
|
||||
|
||||
rm po/*.gmo
|
||||
rm po/stamp-po
|
||||
@ -223,6 +225,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/*/man8/faillog.8*
|
||||
|
||||
%changelog
|
||||
* Tue Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-14
|
||||
- do not run find_new_uid() twice and use getpwuid() to check
|
||||
UID uniqueness (#236871)
|
||||
|
||||
* Tue Apr 10 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-13
|
||||
- fix useradd dump core when build without WITH_SELINUX (#235641)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user