import shadow-utils-4.6-16.el8
This commit is contained in:
parent
591e6b5663
commit
ff2f2a785d
244
SOURCES/shadow-4.6-getsubids.patch
Normal file
244
SOURCES/shadow-4.6-getsubids.patch
Normal file
@ -0,0 +1,244 @@
|
|||||||
|
diff -up shadow-4.6/man/getsubids.1.xml.getsubids shadow-4.6/man/getsubids.1.xml
|
||||||
|
--- shadow-4.6/man/getsubids.1.xml.getsubids 2021-12-09 10:40:50.730275761 +0100
|
||||||
|
+++ shadow-4.6/man/getsubids.1.xml 2021-12-09 10:40:50.730275761 +0100
|
||||||
|
@@ -0,0 +1,141 @@
|
||||||
|
+<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
+<!--
|
||||||
|
+ Copyright (c) 2021 Iker Pedrosa
|
||||||
|
+ All rights reserved.
|
||||||
|
+
|
||||||
|
+ Redistribution and use in source and binary forms, with or without
|
||||||
|
+ modification, are permitted provided that the following conditions
|
||||||
|
+ are met:
|
||||||
|
+ 1. Redistributions of source code must retain the above copyright
|
||||||
|
+ notice, this list of conditions and the following disclaimer.
|
||||||
|
+ 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
+ notice, this list of conditions and the following disclaimer in the
|
||||||
|
+ documentation and/or other materials provided with the distribution.
|
||||||
|
+ 3. The name of the copyright holders or contributors may not be used to
|
||||||
|
+ endorse or promote products derived from this software without
|
||||||
|
+ specific prior written permission.
|
||||||
|
+
|
||||||
|
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||||
|
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||||
|
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||||
|
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||||
|
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
|
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
+-->
|
||||||
|
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
||||||
|
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
||||||
|
+<!-- SHADOW-CONFIG-HERE -->
|
||||||
|
+]>
|
||||||
|
+
|
||||||
|
+<refentry id='getsubids.1'>
|
||||||
|
+ <refentryinfo>
|
||||||
|
+ <author>
|
||||||
|
+ <firstname>Iker</firstname>
|
||||||
|
+ <surname>Pedrosa</surname>
|
||||||
|
+ <contrib>Creation, 2021</contrib>
|
||||||
|
+ </author>
|
||||||
|
+ </refentryinfo>
|
||||||
|
+ <refmeta>
|
||||||
|
+ <refentrytitle>getsubids</refentrytitle>
|
||||||
|
+ <manvolnum>1</manvolnum>
|
||||||
|
+ <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
|
||||||
|
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
|
||||||
|
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
||||||
|
+ </refmeta>
|
||||||
|
+ <refnamediv id='name'>
|
||||||
|
+ <refname>getsubids</refname>
|
||||||
|
+ <refpurpose>get the subordinate id ranges for a user</refpurpose>
|
||||||
|
+ </refnamediv>
|
||||||
|
+
|
||||||
|
+ <refsynopsisdiv id='synopsis'>
|
||||||
|
+ <cmdsynopsis>
|
||||||
|
+ <command>getsubids</command>
|
||||||
|
+ <arg choice='opt'>
|
||||||
|
+ <replaceable>options</replaceable>
|
||||||
|
+ </arg>
|
||||||
|
+ <arg choice='plain'>
|
||||||
|
+ <replaceable>USER</replaceable>
|
||||||
|
+ </arg>
|
||||||
|
+ </cmdsynopsis>
|
||||||
|
+ </refsynopsisdiv>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='description'>
|
||||||
|
+ <title>DESCRIPTION</title>
|
||||||
|
+ <para>
|
||||||
|
+ The <command>getsubids</command> command lists the subordinate user ID
|
||||||
|
+ ranges for a given user. The subordinate group IDs can be listed using
|
||||||
|
+ the <option>-g</option> option.
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='options'>
|
||||||
|
+ <title>OPTIONS</title>
|
||||||
|
+ <para>
|
||||||
|
+ The options which apply to the <command>getsubids</command> command are:
|
||||||
|
+ </para>
|
||||||
|
+ <variablelist remap='IP'>
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term>
|
||||||
|
+ <option>-g</option>
|
||||||
|
+ </term>
|
||||||
|
+ <listitem>
|
||||||
|
+ <para>
|
||||||
|
+ List the subordinate group ID ranges.
|
||||||
|
+ </para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
+ </variablelist>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='example'>
|
||||||
|
+ <title>EXAMPLE</title>
|
||||||
|
+ <para>
|
||||||
|
+ For example, to obtain the subordinate UIDs of the testuser:
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+<programlisting>
|
||||||
|
+$ getsubids testuser
|
||||||
|
+0: testuser 100000 65536
|
||||||
|
+</programlisting>
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ This command output provides (in order from left to right) the list
|
||||||
|
+ index, username, UID range start, and number of UIDs in range.
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='see_also'>
|
||||||
|
+ <title>SEE ALSO</title>
|
||||||
|
+ <para>
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
+ </citerefentry>.
|
||||||
|
+ <citerefentry>
|
||||||
|
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
+ </citerefentry>,
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+</refentry>
|
||||||
|
diff -up shadow-4.6/man/Makefile.am.getsubids shadow-4.6/man/Makefile.am
|
||||||
|
--- shadow-4.6/man/Makefile.am.getsubids 2018-04-29 18:42:37.000000000 +0200
|
||||||
|
+++ shadow-4.6/man/Makefile.am 2021-12-09 10:40:50.730275761 +0100
|
||||||
|
@@ -59,6 +59,7 @@ man_MANS += $(man_nopam)
|
||||||
|
endif
|
||||||
|
|
||||||
|
man_subids = \
|
||||||
|
+ man1/getsubids.1 \
|
||||||
|
man1/newgidmap.1 \
|
||||||
|
man1/newuidmap.1 \
|
||||||
|
man5/subgid.5 \
|
||||||
|
@@ -77,6 +78,7 @@ man_XMANS = \
|
||||||
|
expiry.1.xml \
|
||||||
|
faillog.5.xml \
|
||||||
|
faillog.8.xml \
|
||||||
|
+ getsubids.1.xml \
|
||||||
|
gpasswd.1.xml \
|
||||||
|
groupadd.8.xml \
|
||||||
|
groupdel.8.xml \
|
||||||
|
diff -up shadow-4.6/src/getsubids.c.getsubids shadow-4.6/src/getsubids.c
|
||||||
|
--- shadow-4.6/src/getsubids.c.getsubids 2021-12-09 10:40:50.730275761 +0100
|
||||||
|
+++ shadow-4.6/src/getsubids.c 2021-12-09 10:40:50.730275761 +0100
|
||||||
|
@@ -0,0 +1,46 @@
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <string.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include "subid.h"
|
||||||
|
+#include "prototypes.h"
|
||||||
|
+
|
||||||
|
+const char *Prog;
|
||||||
|
+FILE *shadow_logfd = NULL;
|
||||||
|
+
|
||||||
|
+void usage(void)
|
||||||
|
+{
|
||||||
|
+ fprintf(stderr, "Usage: %s [-g] user\n", Prog);
|
||||||
|
+ fprintf(stderr, " list subuid ranges for user\n");
|
||||||
|
+ fprintf(stderr, " pass -g to list subgid ranges\n");
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ int i, count=0;
|
||||||
|
+ struct subid_range *ranges;
|
||||||
|
+ const char *owner;
|
||||||
|
+
|
||||||
|
+ Prog = Basename (argv[0]);
|
||||||
|
+ shadow_logfd = stderr;
|
||||||
|
+ if (argc < 2)
|
||||||
|
+ usage();
|
||||||
|
+ owner = argv[1];
|
||||||
|
+ if (argc == 3 && strcmp(argv[1], "-g") == 0) {
|
||||||
|
+ owner = argv[2];
|
||||||
|
+ count = get_subgid_ranges(owner, &ranges);
|
||||||
|
+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
|
||||||
|
+ usage();
|
||||||
|
+ } else {
|
||||||
|
+ count = get_subuid_ranges(owner, &ranges);
|
||||||
|
+ }
|
||||||
|
+ if (!ranges) {
|
||||||
|
+ fprintf(stderr, "Error fetching ranges\n");
|
||||||
|
+ exit(1);
|
||||||
|
+ }
|
||||||
|
+ for (i = 0; i < count; i++) {
|
||||||
|
+ printf("%d: %s %lu %lu\n", i, owner,
|
||||||
|
+ ranges[i].start, ranges[i].count);
|
||||||
|
+ }
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
diff -up shadow-4.6/src/Makefile.am.getsubids shadow-4.6/src/Makefile.am
|
||||||
|
--- shadow-4.6/src/Makefile.am.getsubids 2021-12-09 10:40:50.710275627 +0100
|
||||||
|
+++ shadow-4.6/src/Makefile.am 2021-12-09 10:45:04.465985510 +0100
|
||||||
|
@@ -140,8 +140,8 @@ if WITH_TCB
|
||||||
|
endif
|
||||||
|
|
||||||
|
if ENABLE_SUBIDS
|
||||||
|
-noinst_PROGRAMS += list_subid_ranges \
|
||||||
|
- get_subid_owners \
|
||||||
|
+bin_PROGRAMS += getsubids
|
||||||
|
+noinst_PROGRAMS += get_subid_owners \
|
||||||
|
new_subid_range \
|
||||||
|
free_subid_range \
|
||||||
|
check_subid_range
|
||||||
|
@@ -156,13 +156,13 @@ MISCLIBS = \
|
||||||
|
$(LIBCRYPT) \
|
||||||
|
$(LIBTCB)
|
||||||
|
|
||||||
|
-list_subid_ranges_LDADD = \
|
||||||
|
+getsubids_LDADD = \
|
||||||
|
$(top_builddir)/lib/libshadow.la \
|
||||||
|
$(top_builddir)/libmisc/libmisc.la \
|
||||||
|
$(top_builddir)/libsubid/libsubid.la \
|
||||||
|
$(MISCLIBS) -ldl
|
||||||
|
|
||||||
|
-list_subid_ranges_CPPFLAGS = \
|
||||||
|
+getsubids_CPPFLAGS = \
|
||||||
|
-I$(top_srcdir)/lib \
|
||||||
|
-I$(top_srcdir)/libmisc \
|
||||||
|
-I$(top_srcdir)/libsubid
|
@ -0,0 +1,13 @@
|
|||||||
|
diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c
|
||||||
|
--- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist 2021-11-19 09:21:36.997091941 +0100
|
||||||
|
+++ shadow-4.9/libmisc/prefix_flag.c 2021-11-19 09:22:19.001341010 +0100
|
||||||
|
@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
|
||||||
|
if(!passwd_db_file) {
|
||||||
|
return getpwent();
|
||||||
|
}
|
||||||
|
+ if (!fp_pwent) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
return fgetpwent(fp_pwent);
|
||||||
|
}
|
||||||
|
extern void prefix_endpwent()
|
28
SOURCES/shadow-4.6-install_subid_h.patch
Normal file
28
SOURCES/shadow-4.6-install_subid_h.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 77e39de1e6cbd6925f16bb260abb7d216296886b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Tue, 4 May 2021 09:21:11 -0500
|
||||||
|
Subject: [PATCH] Install subid.h
|
||||||
|
|
||||||
|
Now subid.h gets installed under /usr/include/shadow/subid.h
|
||||||
|
|
||||||
|
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
||||||
|
---
|
||||||
|
libsubid/Makefile.am | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
|
||||||
|
index f543b5eb..189165b0 100644
|
||||||
|
--- a/libsubid/Makefile.am
|
||||||
|
+++ b/libsubid/Makefile.am
|
||||||
|
@@ -3,6 +3,8 @@ libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
|
||||||
|
-shared -version-info @LIBSUBID_ABI_MAJOR@
|
||||||
|
libsubid_la_SOURCES = api.c
|
||||||
|
|
||||||
|
+pkginclude_HEADERS = subid.h
|
||||||
|
+
|
||||||
|
MISCLIBS = \
|
||||||
|
$(LIBAUDIT) \
|
||||||
|
$(LIBSELINUX) \
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
1306
SOURCES/shadow-4.6-libsubid_creation.patch
Normal file
1306
SOURCES/shadow-4.6-libsubid_creation.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,151 @@
|
|||||||
|
diff -up shadow-4.8.1/lib/nss.c.libsubid_fix_newusers_nss_provides_subids shadow-4.8.1/lib/nss.c
|
||||||
|
--- shadow-4.8.1/lib/nss.c.libsubid_fix_newusers_nss_provides_subids 2021-05-25 09:37:14.772741048 +0200
|
||||||
|
+++ shadow-4.8.1/lib/nss.c 2021-05-25 09:37:14.782741188 +0200
|
||||||
|
@@ -116,14 +116,6 @@ void nss_init(char *nsswitch_path) {
|
||||||
|
subid_nss = NULL;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
- subid_nss->has_any_range = dlsym(h, "shadow_subid_has_any_range");
|
||||||
|
- if (!subid_nss->has_any_range) {
|
||||||
|
- fprintf(shadow_logfd, "%s did not provide @has_any_range@\n", libname);
|
||||||
|
- dlclose(h);
|
||||||
|
- free(subid_nss);
|
||||||
|
- subid_nss = NULL;
|
||||||
|
- goto done;
|
||||||
|
- }
|
||||||
|
subid_nss->find_subid_owners = dlsym(h, "shadow_subid_find_subid_owners");
|
||||||
|
if (!subid_nss->find_subid_owners) {
|
||||||
|
fprintf(shadow_logfd, "%s did not provide @find_subid_owners@\n", libname);
|
||||||
|
diff -up shadow-4.8.1/lib/prototypes.h.libsubid_fix_newusers_nss_provides_subids shadow-4.8.1/lib/prototypes.h
|
||||||
|
--- shadow-4.8.1/lib/prototypes.h.libsubid_fix_newusers_nss_provides_subids 2021-05-25 09:37:14.780741160 +0200
|
||||||
|
+++ shadow-4.8.1/lib/prototypes.h 2021-05-25 09:37:14.782741188 +0200
|
||||||
|
@@ -279,18 +279,6 @@ extern bool nss_is_initialized();
|
||||||
|
|
||||||
|
struct subid_nss_ops {
|
||||||
|
/*
|
||||||
|
- * nss_has_any_range: does a user own any subid range
|
||||||
|
- *
|
||||||
|
- * @owner: username
|
||||||
|
- * @idtype: subuid or subgid
|
||||||
|
- * @result: true if a subid allocation was found for @owner
|
||||||
|
- *
|
||||||
|
- * returns success if the module was able to determine an answer (true or false),
|
||||||
|
- * else an error status.
|
||||||
|
- */
|
||||||
|
- enum subid_status (*has_any_range)(const char *owner, enum subid_type idtype, bool *result);
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
* nss_has_range: does a user own a given subid range
|
||||||
|
*
|
||||||
|
* @owner: username
|
||||||
|
diff -up shadow-4.8.1/lib/subordinateio.c.libsubid_fix_newusers_nss_provides_subids shadow-4.8.1/lib/subordinateio.c
|
||||||
|
--- shadow-4.8.1/lib/subordinateio.c.libsubid_fix_newusers_nss_provides_subids 2021-05-25 09:37:14.780741160 +0200
|
||||||
|
+++ shadow-4.8.1/lib/subordinateio.c 2021-05-25 09:37:14.782741188 +0200
|
||||||
|
@@ -598,19 +598,8 @@ int sub_uid_open (int mode)
|
||||||
|
return commonio_open (&subordinate_uid_db, mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
-bool sub_uid_assigned(const char *owner)
|
||||||
|
+bool local_sub_uid_assigned(const char *owner)
|
||||||
|
{
|
||||||
|
- struct subid_nss_ops *h;
|
||||||
|
- bool found;
|
||||||
|
- enum subid_status status;
|
||||||
|
- h = get_subid_nss_handle();
|
||||||
|
- if (h) {
|
||||||
|
- status = h->has_any_range(owner, ID_TYPE_UID, &found);
|
||||||
|
- if (status == SUBID_STATUS_SUCCESS && found)
|
||||||
|
- return true;
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
return range_exists (&subordinate_uid_db, owner);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -720,18 +709,8 @@ bool have_sub_gids(const char *owner, gi
|
||||||
|
return have_range(&subordinate_gid_db, owner, start, count);
|
||||||
|
}
|
||||||
|
|
||||||
|
-bool sub_gid_assigned(const char *owner)
|
||||||
|
+bool local_sub_gid_assigned(const char *owner)
|
||||||
|
{
|
||||||
|
- struct subid_nss_ops *h;
|
||||||
|
- bool found;
|
||||||
|
- enum subid_status status;
|
||||||
|
- h = get_subid_nss_handle();
|
||||||
|
- if (h) {
|
||||||
|
- status = h->has_any_range(owner, ID_TYPE_GID, &found);
|
||||||
|
- if (status == SUBID_STATUS_SUCCESS && found)
|
||||||
|
- return true;
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
return range_exists (&subordinate_gid_db, owner);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up shadow-4.8.1/lib/subordinateio.h.libsubid_fix_newusers_nss_provides_subids shadow-4.8.1/lib/subordinateio.h
|
||||||
|
--- shadow-4.8.1/lib/subordinateio.h.libsubid_fix_newusers_nss_provides_subids 2021-05-25 09:37:14.780741160 +0200
|
||||||
|
+++ shadow-4.8.1/lib/subordinateio.h 2021-05-25 09:37:14.782741188 +0200
|
||||||
|
@@ -16,7 +16,7 @@
|
||||||
|
extern int sub_uid_close(void);
|
||||||
|
extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count);
|
||||||
|
extern bool sub_uid_file_present (void);
|
||||||
|
-extern bool sub_uid_assigned(const char *owner);
|
||||||
|
+extern bool local_sub_uid_assigned(const char *owner);
|
||||||
|
extern int sub_uid_lock (void);
|
||||||
|
extern int sub_uid_setdbname (const char *filename);
|
||||||
|
extern /*@observer@*/const char *sub_uid_dbname (void);
|
||||||
|
@@ -34,7 +34,7 @@ extern void free_subordinate_ranges(stru
|
||||||
|
extern int sub_gid_close(void);
|
||||||
|
extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
|
||||||
|
extern bool sub_gid_file_present (void);
|
||||||
|
-extern bool sub_gid_assigned(const char *owner);
|
||||||
|
+extern bool local_sub_gid_assigned(const char *owner);
|
||||||
|
extern int sub_gid_lock (void);
|
||||||
|
extern int sub_gid_setdbname (const char *filename);
|
||||||
|
extern /*@observer@*/const char *sub_gid_dbname (void);
|
||||||
|
diff -up shadow-4.8.1/src/newusers.c.libsubid_fix_newusers_nss_provides_subids shadow-4.8.1/src/newusers.c
|
||||||
|
--- shadow-4.8.1/src/newusers.c.libsubid_fix_newusers_nss_provides_subids 2021-05-25 09:37:14.776741104 +0200
|
||||||
|
+++ shadow-4.8.1/src/newusers.c 2021-05-25 09:37:25.955897160 +0200
|
||||||
|
@@ -1021,6 +1021,24 @@ static void close_files (void)
|
||||||
|
#endif /* ENABLE_SUBIDS */
|
||||||
|
}
|
||||||
|
|
||||||
|
+static bool want_subuids(void)
|
||||||
|
+{
|
||||||
|
+ if (get_subid_nss_handle() != NULL)
|
||||||
|
+ return false;
|
||||||
|
+ if (getdef_ulong ("SUB_UID_COUNT", 65536) == 0)
|
||||||
|
+ return false;
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static bool want_subgids(void)
|
||||||
|
+{
|
||||||
|
+ if (get_subid_nss_handle() != NULL)
|
||||||
|
+ return false;
|
||||||
|
+ if (getdef_ulong ("SUB_GID_COUNT", 65536) == 0)
|
||||||
|
+ return false;
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main (int argc, char **argv)
|
||||||
|
{
|
||||||
|
char buf[BUFSIZ];
|
||||||
|
@@ -1250,7 +1268,7 @@ int main (int argc, char **argv)
|
||||||
|
/*
|
||||||
|
* Add subordinate uids if the user does not have them.
|
||||||
|
*/
|
||||||
|
- if (is_sub_uid && !sub_uid_assigned(fields[0])) {
|
||||||
|
+ if (is_sub_uid && want_subuids() && !local_sub_uid_assigned(fields[0])) {
|
||||||
|
uid_t sub_uid_start = 0;
|
||||||
|
unsigned long sub_uid_count = 0;
|
||||||
|
if (find_new_sub_uids(fields[0], &sub_uid_start, &sub_uid_count) == 0) {
|
||||||
|
@@ -1270,7 +1288,7 @@ int main (int argc, char **argv)
|
||||||
|
/*
|
||||||
|
* Add subordinate gids if the user does not have them.
|
||||||
|
*/
|
||||||
|
- if (is_sub_gid && !sub_gid_assigned(fields[0])) {
|
||||||
|
+ if (is_sub_gid && want_subgids() && !local_sub_gid_assigned(fields[0])) {
|
||||||
|
gid_t sub_gid_start = 0;
|
||||||
|
unsigned long sub_gid_count = 0;
|
||||||
|
if (find_new_sub_gids(fields[0], &sub_gid_start, &sub_gid_count) == 0) {
|
@ -0,0 +1,40 @@
|
|||||||
|
From b0e86b959fe5c086ffb5e7eaf3c1b1e9219411e9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Sun, 23 May 2021 08:03:10 -0500
|
||||||
|
Subject: [PATCH] libsubid_init: don't print messages on error
|
||||||
|
|
||||||
|
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
||||||
|
---
|
||||||
|
libsubid/api.c | 7 ++-----
|
||||||
|
1 file changed, 2 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libsubid/api.c b/libsubid/api.c
|
||||||
|
index c4848142..b477b271 100644
|
||||||
|
--- a/libsubid/api.c
|
||||||
|
+++ b/libsubid/api.c
|
||||||
|
@@ -46,12 +46,10 @@ bool libsubid_init(const char *progname, FILE * logfd)
|
||||||
|
{
|
||||||
|
if (progname) {
|
||||||
|
progname = strdup(progname);
|
||||||
|
- if (progname) {
|
||||||
|
+ if (progname)
|
||||||
|
Prog = progname;
|
||||||
|
- } else {
|
||||||
|
- fprintf(stderr, "Out of memory");
|
||||||
|
+ else
|
||||||
|
return false;
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (logfd) {
|
||||||
|
@@ -60,7 +58,6 @@ bool libsubid_init(const char *progname, FILE * logfd)
|
||||||
|
}
|
||||||
|
shadow_logfd = fopen("/dev/null", "w");
|
||||||
|
if (!shadow_logfd) {
|
||||||
|
- fprintf(stderr, "ERROR opening /dev/null for error messages. Using stderr.");
|
||||||
|
shadow_logfd = stderr;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
37
SOURCES/shadow-4.6-libsubid_init_return_false.patch
Normal file
37
SOURCES/shadow-4.6-libsubid_init_return_false.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From e34f49c1966fcaa9390a544a0136ec189a3c870e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Mon, 17 May 2021 08:48:03 -0500
|
||||||
|
Subject: [PATCH] libsubid_init: return false if out of memory
|
||||||
|
|
||||||
|
The rest of the run isn't likely to get much better, is it?
|
||||||
|
|
||||||
|
Thanks to Alexey for pointing this out.
|
||||||
|
|
||||||
|
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Cc: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
---
|
||||||
|
libsubid/api.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libsubid/api.c b/libsubid/api.c
|
||||||
|
index 8ca09859..8618e500 100644
|
||||||
|
--- a/libsubid/api.c
|
||||||
|
+++ b/libsubid/api.c
|
||||||
|
@@ -46,10 +46,12 @@ bool libsubid_init(const char *progname, FILE * logfd)
|
||||||
|
{
|
||||||
|
if (progname) {
|
||||||
|
progname = strdup(progname);
|
||||||
|
- if (progname)
|
||||||
|
+ if (progname) {
|
||||||
|
Prog = progname;
|
||||||
|
- else
|
||||||
|
+ } else {
|
||||||
|
fprintf(stderr, "Out of memory");
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (logfd) {
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
41
SOURCES/shadow-4.6-libsubid_make_logfd_not_extern.patch
Normal file
41
SOURCES/shadow-4.6-libsubid_make_logfd_not_extern.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 1d767fb779d7b203ad609540d1dc605cf62d1050 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Fri, 28 May 2021 22:02:16 -0500
|
||||||
|
Subject: [PATCH] libsubid/api.c: make shadow_logfd not extern
|
||||||
|
|
||||||
|
Closes #346
|
||||||
|
|
||||||
|
Also #include stdio.h
|
||||||
|
|
||||||
|
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
||||||
|
---
|
||||||
|
libsubid/api.c | 2 +-
|
||||||
|
libsubid/subid.h | 1 +
|
||||||
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libsubid/api.c b/libsubid/api.c
|
||||||
|
index b477b271..a7b904d0 100644
|
||||||
|
--- a/libsubid/api.c
|
||||||
|
+++ b/libsubid/api.c
|
||||||
|
@@ -40,7 +40,7 @@
|
||||||
|
#include "subid.h"
|
||||||
|
|
||||||
|
const char *Prog = "(libsubid)";
|
||||||
|
-extern FILE * shadow_logfd;
|
||||||
|
+FILE *shadow_logfd;
|
||||||
|
|
||||||
|
bool libsubid_init(const char *progname, FILE * logfd)
|
||||||
|
{
|
||||||
|
diff --git a/libsubid/subid.h b/libsubid/subid.h
|
||||||
|
index 5fef2572..eabafe4d 100644
|
||||||
|
--- a/libsubid/subid.h
|
||||||
|
+++ b/libsubid/subid.h
|
||||||
|
@@ -1,4 +1,5 @@
|
||||||
|
#include <sys/types.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
|
||||||
|
#ifndef SUBID_RANGE_DEFINED
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
2382
SOURCES/shadow-4.6-libsubid_not_print_error_messages.patch
Normal file
2382
SOURCES/shadow-4.6-libsubid_not_print_error_messages.patch
Normal file
File diff suppressed because it is too large
Load Diff
1758
SOURCES/shadow-4.6-libsubid_nsswitch_support.patch
Normal file
1758
SOURCES/shadow-4.6-libsubid_nsswitch_support.patch
Normal file
File diff suppressed because it is too large
Load Diff
264
SOURCES/shadow-4.6-libsubid_simplify_ranges_variable.patch
Normal file
264
SOURCES/shadow-4.6-libsubid_simplify_ranges_variable.patch
Normal file
@ -0,0 +1,264 @@
|
|||||||
|
diff -up shadow-4.8.1/configure.ac.libsubid_simplify_ranges_variable shadow-4.8.1/configure.ac
|
||||||
|
--- shadow-4.8.1/configure.ac.libsubid_simplify_ranges_variable 2021-05-24 15:02:56.165917066 +0200
|
||||||
|
+++ shadow-4.8.1/configure.ac 2021-05-24 15:02:56.184917324 +0200
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
|
AC_PREREQ([2.69])
|
||||||
|
-m4_define([libsubid_abi_major], 2)
|
||||||
|
+m4_define([libsubid_abi_major], 3)
|
||||||
|
m4_define([libsubid_abi_minor], 0)
|
||||||
|
m4_define([libsubid_abi_micro], 0)
|
||||||
|
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
||||||
|
diff -up shadow-4.8.1/lib/prototypes.h.libsubid_simplify_ranges_variable shadow-4.8.1/lib/prototypes.h
|
||||||
|
--- shadow-4.8.1/lib/prototypes.h.libsubid_simplify_ranges_variable 2021-05-24 15:02:56.184917324 +0200
|
||||||
|
+++ shadow-4.8.1/lib/prototypes.h 2021-05-24 16:38:57.610619467 +0200
|
||||||
|
@@ -309,16 +309,15 @@ struct subid_nss_ops {
|
||||||
|
*
|
||||||
|
* @owner - string representing username being queried
|
||||||
|
* @id_type - subuid or subgid
|
||||||
|
- * @ranges - pointer to an array of struct subordinate_range pointers, or
|
||||||
|
- * NULL. The returned array of struct subordinate_range and its
|
||||||
|
- * members must be freed by the caller.
|
||||||
|
+ * @ranges - pointer to an array of struct subid_range, or NULL. The
|
||||||
|
+ * returned array must be freed by the caller.
|
||||||
|
* @count - pointer to an integer into which the number of returned ranges
|
||||||
|
* is written.
|
||||||
|
|
||||||
|
* returns success if the module was able to determine an answer,
|
||||||
|
* else an error status.
|
||||||
|
*/
|
||||||
|
- enum subid_status (*list_owner_ranges)(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges, int *count);
|
||||||
|
+ enum subid_status (*list_owner_ranges)(const char *owner, enum subid_type id_type, struct subid_range **ranges, int *count);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* nss_find_subid_owners: find uids who own a given subuid or subgid.
|
||||||
|
diff -up shadow-4.8.1/libsubid/api.c.libsubid_simplify_ranges_variable shadow-4.8.1/libsubid/api.c
|
||||||
|
--- shadow-4.8.1/libsubid/api.c.libsubid_simplify_ranges_variable 2021-05-24 15:03:01.467989079 +0200
|
||||||
|
+++ shadow-4.8.1/libsubid/api.c 2021-05-24 16:42:32.091584531 +0200
|
||||||
|
@@ -68,26 +68,21 @@ bool libsubid_init(const char *progname,
|
||||||
|
}
|
||||||
|
|
||||||
|
static
|
||||||
|
-int get_subid_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges)
|
||||||
|
+int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges)
|
||||||
|
{
|
||||||
|
return list_owner_ranges(owner, id_type, ranges);
|
||||||
|
}
|
||||||
|
|
||||||
|
-int get_subuid_ranges(const char *owner, struct subordinate_range ***ranges)
|
||||||
|
+int get_subuid_ranges(const char *owner, struct subid_range **ranges)
|
||||||
|
{
|
||||||
|
return get_subid_ranges(owner, ID_TYPE_UID, ranges);
|
||||||
|
}
|
||||||
|
|
||||||
|
-int get_subgid_ranges(const char *owner, struct subordinate_range ***ranges)
|
||||||
|
+int get_subgid_ranges(const char *owner, struct subid_range **ranges)
|
||||||
|
{
|
||||||
|
return get_subid_ranges(owner, ID_TYPE_GID, ranges);
|
||||||
|
}
|
||||||
|
|
||||||
|
-void subid_free_ranges(struct subordinate_range **ranges, int count)
|
||||||
|
-{
|
||||||
|
- return free_subordinate_ranges(ranges, count);
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
static
|
||||||
|
int get_subid_owner(unsigned long id, enum subid_type id_type, uid_t **owner)
|
||||||
|
{
|
||||||
|
diff -up shadow-4.8.1/libsubid/subid.h.libsubid_simplify_ranges_variable shadow-4.8.1/libsubid/subid.h
|
||||||
|
--- shadow-4.8.1/libsubid/subid.h.libsubid_simplify_ranges_variable 2021-05-24 15:03:01.468989093 +0200
|
||||||
|
+++ shadow-4.8.1/libsubid/subid.h 2021-05-24 16:43:49.697657383 +0200
|
||||||
|
@@ -3,6 +3,15 @@
|
||||||
|
|
||||||
|
#ifndef SUBID_RANGE_DEFINED
|
||||||
|
#define SUBID_RANGE_DEFINED 1
|
||||||
|
+
|
||||||
|
+/* subid_range is just a starting point and size of a range */
|
||||||
|
+struct subid_range {
|
||||||
|
+ unsigned long start;
|
||||||
|
+ unsigned long count;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+/* subordinage_range is a subid_range plus an owner, representing
|
||||||
|
+ * a range in /etc/subuid or /etc/subgid */
|
||||||
|
struct subordinate_range {
|
||||||
|
const char *owner;
|
||||||
|
unsigned long start;
|
||||||
|
@@ -41,32 +50,27 @@ bool libsubid_init(const char *progname,
|
||||||
|
* get_subuid_ranges: return a list of UID ranges for a user
|
||||||
|
*
|
||||||
|
* @owner: username being queried
|
||||||
|
- * @ranges: a pointer to a subordinate range ** in which the result will be
|
||||||
|
- * returned.
|
||||||
|
+ * @ranges: a pointer to an array of subid_range structs in which the result
|
||||||
|
+ * will be returned.
|
||||||
|
+ *
|
||||||
|
+ * The caller must free(ranges) when done.
|
||||||
|
*
|
||||||
|
* returns: number of ranges found, ir < 0 on error.
|
||||||
|
*/
|
||||||
|
-int get_subuid_ranges(const char *owner, struct subordinate_range ***ranges);
|
||||||
|
+int get_subuid_ranges(const char *owner, struct subid_range **ranges);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* get_subgid_ranges: return a list of GID ranges for a user
|
||||||
|
*
|
||||||
|
* @owner: username being queried
|
||||||
|
- * @ranges: a pointer to a subordinate range ** in which the result will be
|
||||||
|
- * returned.
|
||||||
|
+ * @ranges: a pointer to an array of subid_range structs in which the result
|
||||||
|
+ * will be returned.
|
||||||
|
*
|
||||||
|
- * returns: number of ranges found, ir < 0 on error.
|
||||||
|
- */
|
||||||
|
-int get_subgid_ranges(const char *owner, struct subordinate_range ***ranges);
|
||||||
|
-
|
||||||
|
-/*
|
||||||
|
- * subid_free_ranges: free an array of subordinate_ranges returned by either
|
||||||
|
- * get_subuid_ranges() or get_subgid_ranges().
|
||||||
|
+ * The caller must free(ranges) when done.
|
||||||
|
*
|
||||||
|
- * @ranges: the ranges to free
|
||||||
|
- * @count: the number of ranges in @ranges
|
||||||
|
+ * returns: number of ranges found, ir < 0 on error.
|
||||||
|
*/
|
||||||
|
-void subid_free_ranges(struct subordinate_range **ranges, int count);
|
||||||
|
+int get_subgid_ranges(const char *owner, struct subid_range **ranges);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* get_subuid_owners: return a list of uids to which the given uid has been
|
||||||
|
diff -up shadow-4.8.1/lib/subordinateio.c.libsubid-simplify shadow-4.8.1/lib/subordinateio.c
|
||||||
|
--- shadow-4.8.1/lib/subordinateio.c.libsubid-simplify 2021-05-24 17:27:38.721035241 +0200
|
||||||
|
+++ shadow-4.8.1/lib/subordinateio.c 2021-05-24 17:28:06.481420946 +0200
|
||||||
|
@@ -11,6 +11,7 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "commonio.h"
|
||||||
|
#include "subordinateio.h"
|
||||||
|
+#include "../libsubid/subid.h"
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
@@ -308,25 +309,21 @@ static bool have_range(struct commonio_d
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static bool append_range(struct subordinate_range ***ranges, const struct subordinate_range *new, int n)
|
||||||
|
+static bool append_range(struct subid_range **ranges, const struct subordinate_range *new, int n)
|
||||||
|
{
|
||||||
|
- struct subordinate_range *tmp;
|
||||||
|
if (!*ranges) {
|
||||||
|
- *ranges = malloc(sizeof(struct subordinate_range *));
|
||||||
|
+ *ranges = malloc(sizeof(struct subid_range));
|
||||||
|
if (!*ranges)
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
|
- struct subordinate_range **new;
|
||||||
|
- new = realloc(*ranges, (n + 1) * (sizeof(struct subordinate_range *)));
|
||||||
|
- if (!new)
|
||||||
|
+ struct subid_range *alloced;
|
||||||
|
+ alloced = realloc(*ranges, (n + 1) * (sizeof(struct subid_range)));
|
||||||
|
+ if (!alloced)
|
||||||
|
return false;
|
||||||
|
- *ranges = new;
|
||||||
|
+ *ranges = alloced;
|
||||||
|
}
|
||||||
|
- (*ranges)[n] = NULL;
|
||||||
|
- tmp = subordinate_dup(new);
|
||||||
|
- if (!tmp)
|
||||||
|
- return false;
|
||||||
|
- (*ranges)[n] = tmp;
|
||||||
|
+ (*ranges)[n].start = new->start;
|
||||||
|
+ (*ranges)[n].count = new->count;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -785,10 +782,10 @@ gid_t sub_gid_find_free_range(gid_t min,
|
||||||
|
*
|
||||||
|
* The caller must free the subordinate range list.
|
||||||
|
*/
|
||||||
|
-int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***in_ranges)
|
||||||
|
+int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **in_ranges)
|
||||||
|
{
|
||||||
|
// TODO - need to handle owner being either uid or username
|
||||||
|
- struct subordinate_range **ranges = NULL;
|
||||||
|
+ struct subid_range *ranges = NULL;
|
||||||
|
const struct subordinate_range *range;
|
||||||
|
struct commonio_db *db;
|
||||||
|
enum subid_status status;
|
||||||
|
@@ -826,7 +823,7 @@ int list_owner_ranges(const char *owner,
|
||||||
|
while ((range = commonio_next(db)) != NULL) {
|
||||||
|
if (0 == strcmp(range->owner, owner)) {
|
||||||
|
if (!append_range(&ranges, range, count++)) {
|
||||||
|
- free_subordinate_ranges(ranges, count-1);
|
||||||
|
+ free(ranges);
|
||||||
|
ranges = NULL;
|
||||||
|
count = -1;
|
||||||
|
goto out;
|
||||||
|
diff -up shadow-4.8.1/lib/subordinateio.h.libsubid_simplify_ranges_variable shadow-4.8.1/lib/subordinateio.h
|
||||||
|
--- shadow-4.8.1/lib/subordinateio.h.libsubid_simplify_ranges_variable 2021-05-24 15:03:01.467989079 +0200
|
||||||
|
+++ shadow-4.8.1/lib/subordinateio.h 2021-05-24 16:40:56.978269647 +0200
|
||||||
|
@@ -25,7 +25,7 @@ extern int sub_uid_unlock (void);
|
||||||
|
extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
|
||||||
|
extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
|
||||||
|
extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
|
||||||
|
-extern int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges);
|
||||||
|
+extern int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges);
|
||||||
|
extern bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, bool reuse);
|
||||||
|
extern bool release_subid_range(struct subordinate_range *range, enum subid_type id_type);
|
||||||
|
extern int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids);
|
||||||
|
diff -up shadow-4.8.1/src/list_subid_ranges.c.libsubid_simplify_ranges_variable shadow-4.8.1/src/list_subid_ranges.c
|
||||||
|
--- shadow-4.8.1/src/list_subid_ranges.c.libsubid_simplify_ranges_variable 2021-05-24 15:03:01.468989093 +0200
|
||||||
|
+++ shadow-4.8.1/src/list_subid_ranges.c 2021-05-24 16:45:10.884779740 +0200
|
||||||
|
@@ -17,27 +17,29 @@ void usage(void)
|
||||||
|
int main(int argc, char *argv[])
|
||||||
|
{
|
||||||
|
int i, count=0;
|
||||||
|
- struct subordinate_range **ranges;
|
||||||
|
+ struct subid_range *ranges;
|
||||||
|
+ const char *owner;
|
||||||
|
|
||||||
|
Prog = Basename (argv[0]);
|
||||||
|
shadow_logfd = stderr;
|
||||||
|
- if (argc < 2) {
|
||||||
|
+ if (argc < 2)
|
||||||
|
usage();
|
||||||
|
- }
|
||||||
|
- if (argc == 3 && strcmp(argv[1], "-g") == 0)
|
||||||
|
- count = get_subgid_ranges(argv[2], &ranges);
|
||||||
|
- else if (argc == 2 && strcmp(argv[1], "-h") == 0)
|
||||||
|
+ owner = argv[1];
|
||||||
|
+ if (argc == 3 && strcmp(argv[1], "-g") == 0) {
|
||||||
|
+ owner = argv[2];
|
||||||
|
+ count = get_subgid_ranges(owner, &ranges);
|
||||||
|
+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
|
||||||
|
usage();
|
||||||
|
- else
|
||||||
|
- count = get_subuid_ranges(argv[1], &ranges);
|
||||||
|
+ } else {
|
||||||
|
+ count = get_subuid_ranges(owner, &ranges);
|
||||||
|
+ }
|
||||||
|
if (!ranges) {
|
||||||
|
fprintf(stderr, "Error fetching ranges\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
for (i = 0; i < count; i++) {
|
||||||
|
- printf("%d: %s %lu %lu\n", i, ranges[i]->owner,
|
||||||
|
- ranges[i]->start, ranges[i]->count);
|
||||||
|
+ printf("%d: %s %lu %lu\n", i, owner,
|
||||||
|
+ ranges[i].start, ranges[i].count);
|
||||||
|
}
|
||||||
|
- subid_free_ranges(ranges, count);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff -up shadow-4.8.1/tests/libsubid/04_nss/libsubid_zzz.c.libsubid_simplify_ranges_variable shadow-4.8.1/tests/libsubid/04_nss/libsubid_zzz.c
|
||||||
|
--- shadow-4.8.1/tests/libsubid/04_nss/libsubid_zzz.c.libsubid_simplify_ranges_variable 2021-05-24 15:02:56.166917079 +0200
|
||||||
|
+++ shadow-4.8.1/tests/libsubid/04_nss/libsubid_zzz.c 2021-05-24 15:03:01.469989106 +0200
|
||||||
|
@@ -113,7 +113,7 @@ enum subid_status shadow_subid_list_owne
|
||||||
|
if (strcmp(owner, "conn") == 0)
|
||||||
|
return SUBID_STATUS_ERROR_CONN;
|
||||||
|
|
||||||
|
- *ranges = NULL;
|
||||||
|
+ *in_ranges = NULL;
|
||||||
|
if (strcmp(owner, "user1") != 0 && strcmp(owner, "ubuntu") != 0 &&
|
||||||
|
strcmp(owner, "group1") != 0)
|
||||||
|
return SUBID_STATUS_SUCCESS;
|
44
SOURCES/shadow-4.6-man-mention-nss-in-newuidmap.patch
Normal file
44
SOURCES/shadow-4.6-man-mention-nss-in-newuidmap.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From 186b1b7ac1a68d0fcc618a22da1a99232b420911 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Tue, 4 May 2021 14:39:26 -0500
|
||||||
|
Subject: [PATCH] manpages: mention NSS in new[ug]idmap manpages
|
||||||
|
|
||||||
|
Closes #328
|
||||||
|
|
||||||
|
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
||||||
|
---
|
||||||
|
man/newgidmap.1.xml | 3 ++-
|
||||||
|
man/newuidmap.1.xml | 3 ++-
|
||||||
|
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/newgidmap.1.xml b/man/newgidmap.1.xml
|
||||||
|
index 71b03e56..76fc1e30 100644
|
||||||
|
--- a/man/newgidmap.1.xml
|
||||||
|
+++ b/man/newgidmap.1.xml
|
||||||
|
@@ -88,7 +88,8 @@
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
<para>
|
||||||
|
The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
|
||||||
|
- command line arguments and the gids allowed in <filename>/etc/subgid</filename>.
|
||||||
|
+ command line arguments and the gids allowed (either in <filename>/etc/subgid</filename> or
|
||||||
|
+ through the configured NSS subid module).
|
||||||
|
Note that the root user is not exempted from the requirement for a valid
|
||||||
|
<filename>/etc/subgid</filename> entry.
|
||||||
|
</para>
|
||||||
|
diff --git a/man/newuidmap.1.xml b/man/newuidmap.1.xml
|
||||||
|
index a6f1f085..44eca50a 100644
|
||||||
|
--- a/man/newuidmap.1.xml
|
||||||
|
+++ b/man/newuidmap.1.xml
|
||||||
|
@@ -88,7 +88,8 @@
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
<para>
|
||||||
|
The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
|
||||||
|
- command line arguments and the uids allowed in <filename>/etc/subuid</filename>.
|
||||||
|
+ command line arguments and the uids allowed (either in <filename>/etc/subuid</filename> or
|
||||||
|
+ through the configured NSS subid module).
|
||||||
|
Note that the root user is not exempted from the requirement for a valid
|
||||||
|
<filename>/etc/subuid</filename> entry.
|
||||||
|
</para>
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
166
SOURCES/shadow-4.6-man_clarify_subid_delegation.patch
Normal file
166
SOURCES/shadow-4.6-man_clarify_subid_delegation.patch
Normal file
@ -0,0 +1,166 @@
|
|||||||
|
diff -up shadow-4.6/man/newgidmap.1.xml.man_clarify_subid_delegation shadow-4.6/man/newgidmap.1.xml
|
||||||
|
--- shadow-4.6/man/newgidmap.1.xml.man_clarify_subid_delegation 2021-11-03 09:58:34.176484342 +0100
|
||||||
|
+++ shadow-4.6/man/newgidmap.1.xml 2021-11-03 09:58:34.191484452 +0100
|
||||||
|
@@ -80,10 +80,15 @@
|
||||||
|
<refsect1 id='description'>
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
<para>
|
||||||
|
- The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename> based on its
|
||||||
|
- command line arguments and the gids allowed (either in <filename>/etc/subgid</filename> or
|
||||||
|
- through the configured NSS subid module).
|
||||||
|
- Note that the root user is not exempted from the requirement for a valid
|
||||||
|
+ The <command>newgidmap</command> sets <filename>/proc/[pid]/gid_map</filename>
|
||||||
|
+ based on its command line arguments and the gids allowed. Subgid
|
||||||
|
+ delegation can either be managed via <filename>/etc/subgid</filename>
|
||||||
|
+ or through the configured NSS subid module. These options are mutually
|
||||||
|
+ exclusive.
|
||||||
|
+ </para>
|
||||||
|
+
|
||||||
|
+ <para>
|
||||||
|
+ Note that the root group is not exempted from the requirement for a valid
|
||||||
|
<filename>/etc/subgid</filename> entry.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
diff -up shadow-4.6/man/newuidmap.1.xml.man_clarify_subid_delegation shadow-4.6/man/newuidmap.1.xml
|
||||||
|
--- shadow-4.6/man/newuidmap.1.xml.man_clarify_subid_delegation 2021-11-03 09:58:34.176484342 +0100
|
||||||
|
+++ shadow-4.6/man/newuidmap.1.xml 2021-11-03 09:58:34.191484452 +0100
|
||||||
|
@@ -80,9 +80,14 @@
|
||||||
|
<refsect1 id='description'>
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
<para>
|
||||||
|
- The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename> based on its
|
||||||
|
- command line arguments and the uids allowed (either in <filename>/etc/subuid</filename> or
|
||||||
|
- through the configured NSS subid module).
|
||||||
|
+ The <command>newuidmap</command> sets <filename>/proc/[pid]/uid_map</filename>
|
||||||
|
+ based on its command line arguments and the uids allowed. Subuid
|
||||||
|
+ delegation can either be managed via <filename>/etc/subuid</filename> or
|
||||||
|
+ through the configured NSS subid module. These options are mutually
|
||||||
|
+ exclusive.
|
||||||
|
+ </para>
|
||||||
|
+
|
||||||
|
+ <para>
|
||||||
|
Note that the root user is not exempted from the requirement for a valid
|
||||||
|
<filename>/etc/subuid</filename> entry.
|
||||||
|
</para>
|
||||||
|
diff -up shadow-4.6/man/subgid.5.xml.man_clarify_subid_delegation shadow-4.6/man/subgid.5.xml
|
||||||
|
--- shadow-4.6/man/subgid.5.xml.man_clarify_subid_delegation 2018-04-29 18:42:37.000000000 +0200
|
||||||
|
+++ shadow-4.6/man/subgid.5.xml 2021-11-03 09:59:55.752084920 +0100
|
||||||
|
@@ -32,6 +32,18 @@
|
||||||
|
<!-- SHADOW-CONFIG-HERE -->
|
||||||
|
]>
|
||||||
|
<refentry id='subgid.5'>
|
||||||
|
+ <refentryinfo>
|
||||||
|
+ <author>
|
||||||
|
+ <firstname>Eric</firstname>
|
||||||
|
+ <surname>Biederman</surname>
|
||||||
|
+ <contrib>Creation, 2013</contrib>
|
||||||
|
+ </author>
|
||||||
|
+ <author>
|
||||||
|
+ <firstname>Iker</firstname>
|
||||||
|
+ <surname>Pedrosa</surname>
|
||||||
|
+ <contrib>Developer, 2021</contrib>
|
||||||
|
+ </author>
|
||||||
|
+ </refentryinfo>
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>subgid</refentrytitle>
|
||||||
|
<manvolnum>5</manvolnum>
|
||||||
|
@@ -41,12 +53,37 @@
|
||||||
|
</refmeta>
|
||||||
|
<refnamediv id='name'>
|
||||||
|
<refname>subgid</refname>
|
||||||
|
- <refpurpose>the subordinate gid file</refpurpose>
|
||||||
|
+ <refpurpose>the configuration for subordinate group ids</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1 id='description'>
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
<para>
|
||||||
|
+ Subgid authorizes a group id to map ranges of group ids from its namespace
|
||||||
|
+ into child namespaces.
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ The delegation of the subordinate gids can be configured via the
|
||||||
|
+ <replaceable>subid</replaceable> field in
|
||||||
|
+ <filename>/etc/nsswitch.conf</filename> file. Only one value can be set
|
||||||
|
+ as the delegation source. Setting this field to
|
||||||
|
+ <replaceable>files</replaceable> configures the delegation of gids to
|
||||||
|
+ <filename>/etc/subgid</filename>. Setting any other value treats
|
||||||
|
+ the delegation as a plugin following with a name of the form
|
||||||
|
+ <replaceable>libsubid_$value.so</replaceable>. If the value or plugin is
|
||||||
|
+ missing, then the subordinate gid delegation falls back to
|
||||||
|
+ <replaceable>files</replaceable>.
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ Note, that <command>groupadd</command> will only create entries in
|
||||||
|
+ <filename>/etc/subgid</filename> if subid delegation is managed via subid
|
||||||
|
+ files.
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='local-subordinate-delegation'>
|
||||||
|
+ <title>LOCAL SUBORDINATE DELEGATION</title>
|
||||||
|
+ <para>
|
||||||
|
Each line in <filename>/etc/subgid</filename> contains
|
||||||
|
a user name and a range of subordinate group ids that user
|
||||||
|
is allowed to use.
|
||||||
|
diff -up shadow-4.6/man/subuid.5.xml.man_clarify_subid_delegation shadow-4.6/man/subuid.5.xml
|
||||||
|
--- shadow-4.6/man/subuid.5.xml.man_clarify_subid_delegation 2018-04-29 18:42:37.000000000 +0200
|
||||||
|
+++ shadow-4.6/man/subuid.5.xml 2021-11-03 10:00:18.888255255 +0100
|
||||||
|
@@ -32,6 +32,18 @@
|
||||||
|
<!-- SHADOW-CONFIG-HERE -->
|
||||||
|
]>
|
||||||
|
<refentry id='subuid.5'>
|
||||||
|
+ <refentryinfo>
|
||||||
|
+ <author>
|
||||||
|
+ <firstname>Eric</firstname>
|
||||||
|
+ <surname>Biederman</surname>
|
||||||
|
+ <contrib>Creation, 2013</contrib>
|
||||||
|
+ </author>
|
||||||
|
+ <author>
|
||||||
|
+ <firstname>Iker</firstname>
|
||||||
|
+ <surname>Pedrosa</surname>
|
||||||
|
+ <contrib>Developer, 2021</contrib>
|
||||||
|
+ </author>
|
||||||
|
+ </refentryinfo>
|
||||||
|
<refmeta>
|
||||||
|
<refentrytitle>subuid</refentrytitle>
|
||||||
|
<manvolnum>5</manvolnum>
|
||||||
|
@@ -41,12 +53,37 @@
|
||||||
|
</refmeta>
|
||||||
|
<refnamediv id='name'>
|
||||||
|
<refname>subuid</refname>
|
||||||
|
- <refpurpose>the subordinate uid file</refpurpose>
|
||||||
|
+ <refpurpose>the configuration for subordinate user ids</refpurpose>
|
||||||
|
</refnamediv>
|
||||||
|
|
||||||
|
<refsect1 id='description'>
|
||||||
|
<title>DESCRIPTION</title>
|
||||||
|
<para>
|
||||||
|
+ Subuid authorizes a user id to map ranges of user ids from its namespace
|
||||||
|
+ into child namespaces.
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ The delegation of the subordinate uids can be configured via the
|
||||||
|
+ <replaceable>subid</replaceable> field in
|
||||||
|
+ <filename>/etc/nsswitch.conf</filename> file. Only one value can be set
|
||||||
|
+ as the delegation source. Setting this field to
|
||||||
|
+ <replaceable>files</replaceable> configures the delegation of uids to
|
||||||
|
+ <filename>/etc/subuid</filename>. Setting any other value treats
|
||||||
|
+ the delegation as a plugin following with a name of the form
|
||||||
|
+ <replaceable>libsubid_$value.so</replaceable>. If the value or plugin is
|
||||||
|
+ missing, then the subordinate uid delegation falls back to
|
||||||
|
+ <replaceable>files</replaceable>.
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ Note, that <command>useradd</command> will only create entries in
|
||||||
|
+ <filename>/etc/subuid</filename> if subid delegation is managed via subid
|
||||||
|
+ files.
|
||||||
|
+ </para>
|
||||||
|
+ </refsect1>
|
||||||
|
+
|
||||||
|
+ <refsect1 id='local-subordinate-delegation'>
|
||||||
|
+ <title>LOCAL SUBORDINATE DELEGATION</title>
|
||||||
|
+ <para>
|
||||||
|
Each line in <filename>/etc/subuid</filename> contains
|
||||||
|
a user name and a range of subordinate user ids that user
|
||||||
|
is allowed to use.
|
24
SOURCES/shadow-4.6-respect_enable_static_no.patch
Normal file
24
SOURCES/shadow-4.6-respect_enable_static_no.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -up shadow-4.6/configure.ac.respect_enable_static_no shadow-4.6/configure.ac
|
||||||
|
--- shadow-4.6/configure.ac.respect_enable_static_no 2021-11-03 12:09:39.852829632 +0100
|
||||||
|
+++ shadow-4.6/configure.ac 2021-11-03 12:10:32.447203434 +0100
|
||||||
|
@@ -311,6 +311,8 @@ if test "$with_sha_crypt" = "yes"; then
|
||||||
|
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
|
||||||
|
fi
|
||||||
|
|
||||||
|
+AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
|
||||||
|
+
|
||||||
|
if test "$with_nscd" = "yes"; then
|
||||||
|
AC_CHECK_FUNC(posix_spawn,
|
||||||
|
[AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
|
||||||
|
diff -up shadow-4.6/libsubid/Makefile.am.respect_enable_static_no shadow-4.6/libsubid/Makefile.am
|
||||||
|
--- shadow-4.6/libsubid/Makefile.am.respect_enable_static_no 2021-11-03 12:09:39.851829625 +0100
|
||||||
|
+++ shadow-4.6/libsubid/Makefile.am 2021-11-03 12:09:39.852829632 +0100
|
||||||
|
@@ -1,6 +1,8 @@
|
||||||
|
lib_LTLIBRARIES = libsubid.la
|
||||||
|
+if ENABLE_SHARED
|
||||||
|
libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
|
||||||
|
-shared -version-info @LIBSUBID_ABI_MAJOR@
|
||||||
|
+endif
|
||||||
|
libsubid_la_SOURCES = api.c
|
||||||
|
|
||||||
|
pkginclude_HEADERS = subid.h
|
44
SOURCES/shadow-4.6-useradd_SUB_UID_COUNT-0.patch
Normal file
44
SOURCES/shadow-4.6-useradd_SUB_UID_COUNT-0.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From 663824ef4ca927aa2b4319b69e0bfa68282ec719 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Serge Hallyn <serge@hallyn.com>
|
||||||
|
Date: Sat, 22 May 2021 11:42:02 -0500
|
||||||
|
Subject: [PATCH] Fix useradd with SUB_UID_COUNT=0
|
||||||
|
|
||||||
|
Closes #298
|
||||||
|
|
||||||
|
Fix useradd when SUB_UID_COUNT=0 in login.defs.
|
||||||
|
|
||||||
|
Signed-off-by: Serge Hallyn <serge@hallyn.com>
|
||||||
|
---
|
||||||
|
src/useradd.c | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/useradd.c b/src/useradd.c
|
||||||
|
index 06accb2f..9862ae55 100644
|
||||||
|
--- a/src/useradd.c
|
||||||
|
+++ b/src/useradd.c
|
||||||
|
@@ -2386,6 +2386,8 @@ int main (int argc, char **argv)
|
||||||
|
#ifdef ENABLE_SUBIDS
|
||||||
|
uid_t uid_min;
|
||||||
|
uid_t uid_max;
|
||||||
|
+ unsigned long subuid_count;
|
||||||
|
+ unsigned long subgid_count;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -2427,9 +2429,11 @@ int main (int argc, char **argv)
|
||||||
|
#ifdef ENABLE_SUBIDS
|
||||||
|
uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||||
|
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||||
|
- is_sub_uid = sub_uid_file_present () && !rflg &&
|
||||||
|
+ subuid_count = getdef_ulong ("SUB_UID_COUNT", 65536);
|
||||||
|
+ subgid_count = getdef_ulong ("SUB_GID_COUNT", 65536);
|
||||||
|
+ is_sub_uid = subuid_count > 0 && sub_uid_file_present () && !rflg &&
|
||||||
|
(!user_id || (user_id <= uid_max && user_id >= uid_min));
|
||||||
|
- is_sub_gid = sub_gid_file_present () && !rflg &&
|
||||||
|
+ is_sub_gid = subgid_count > 0 && sub_gid_file_present () && !rflg &&
|
||||||
|
(!user_id || (user_id <= uid_max && user_id >= uid_min));
|
||||||
|
#endif /* ENABLE_SUBIDS */
|
||||||
|
|
||||||
|
--
|
||||||
|
2.30.2
|
||||||
|
|
@ -0,0 +1,21 @@
|
|||||||
|
diff -up shadow-4.6/src/useradd.c.useradd_dont_try_to_create_0_subuids shadow-4.6/src/useradd.c
|
||||||
|
--- shadow-4.6/src/useradd.c.useradd_dont_try_to_create_0_subuids 2021-11-03 11:55:00.189562187 +0100
|
||||||
|
+++ shadow-4.6/src/useradd.c 2021-11-03 11:57:34.128658978 +0100
|
||||||
|
@@ -2350,7 +2350,7 @@ int main (int argc, char **argv)
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef ENABLE_SUBIDS
|
||||||
|
- if (is_sub_uid) {
|
||||||
|
+ if (is_sub_uid && subuid_count != 0) {
|
||||||
|
if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: can't create subordinate user IDs\n"),
|
||||||
|
@@ -2358,7 +2358,7 @@ int main (int argc, char **argv)
|
||||||
|
fail_exit(E_SUB_UID_UPDATE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if (is_sub_gid) {
|
||||||
|
+ if (is_sub_gid && subgid_count != 0) {
|
||||||
|
if (find_new_sub_gids(user_name, &sub_gid_start, &sub_gid_count) < 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: can't create subordinate group IDs\n"),
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.6
|
Version: 4.6
|
||||||
Release: 14%{?dist}
|
Release: 16%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://pkg-shadow.alioth.debian.org/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||||
@ -10,6 +10,11 @@ Source2: shadow-utils.useradd
|
|||||||
Source3: shadow-utils.login.defs
|
Source3: shadow-utils.login.defs
|
||||||
Source4: shadow-bsd.txt
|
Source4: shadow-bsd.txt
|
||||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||||
|
|
||||||
|
### Globals ###
|
||||||
|
%global includesubiddir %{_includedir}/shadow
|
||||||
|
|
||||||
|
### Patches ###
|
||||||
Patch0: shadow-4.6-redhat.patch
|
Patch0: shadow-4.6-redhat.patch
|
||||||
Patch1: shadow-4.6-goodname.patch
|
Patch1: shadow-4.6-goodname.patch
|
||||||
Patch2: shadow-4.1.5.1-info-parent-dir.patch
|
Patch2: shadow-4.1.5.1-info-parent-dir.patch
|
||||||
@ -49,6 +54,44 @@ Patch45: shadow-4.6-sssd-redirect-warning.patch
|
|||||||
Patch46: shadow-4.6-remove-login-string-references.patch
|
Patch46: shadow-4.6-remove-login-string-references.patch
|
||||||
# https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991
|
# https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991
|
||||||
Patch47: shadow-4.6-usermod-allow-all-group-types.patch
|
Patch47: shadow-4.6-usermod-allow-all-group-types.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/0a7888b1fad613a052b988b01a71933b67296e68
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/607f1dd549cf9abc87af1cf29275f0d2d11eea29
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/b5fb1b38eea2fb0489ed088c82daf6700e72363e
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/43a917cce54019799a8de037fd63780a2b640afc
|
||||||
|
Patch48: shadow-4.6-libsubid_creation.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/514c1328b6c90d817ae0a9f7addfb3c9a11a275a
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/8492dee6632e340dee76eee895c3e30877bebf45
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/0f4347d1483191b2142546416a9eefe0c9459600
|
||||||
|
Patch49: shadow-4.6-libsubid_nsswitch_support.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/186b1b7ac1a68d0fcc618a22da1a99232b420911
|
||||||
|
Patch50: shadow-4.6-man-mention-nss-in-newuidmap.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/f9831a4a1a20b0e8fe47cc72ec20018ec04dbb90
|
||||||
|
Patch51: shadow-4.6-libsubid_not_print_error_messages.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/c6cab4a7bafa18d9d65a333cac1261e7b5e32bc9
|
||||||
|
Patch52: shadow-4.6-libsubid_init_return_false.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/2f1f45d64fc7c10e7a3cbe00e89f63714343e526
|
||||||
|
Patch53: shadow-4.6-useradd_SUB_UID_COUNT-0.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/ea7af4e1543c63590d4107ae075fea385028997d
|
||||||
|
Patch54: shadow-4.6-libsubid_simplify_ranges_variable.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/0fe42f571c69f0105d31305f995c9887aeb9525e
|
||||||
|
Patch55: shadow-4.6-libsubid_init_not_print_error_messages.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/ec1951c181faed188464396b2cfdd2efb726c7f3
|
||||||
|
Patch56: shadow-4.6-libsubid_fix_newusers_nss_provides_subids.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/087112244327be50abc24f9ec8afbf60ae8b2dec
|
||||||
|
# https://github.com/shadow-maint/shadow/pull/353
|
||||||
|
Patch57: shadow-4.6-man_clarify_subid_delegation.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/bd920ab36a6c641e4a8769f8c7f8ca738ec61820
|
||||||
|
Patch58: shadow-4.6-libsubid_make_logfd_not_extern.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/0dffc7c61200f492eeac03c29fa7e93b62d3cead
|
||||||
|
Patch59: shadow-4.6-useradd_dont_try_to_create_0_subuids.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/77e39de1e6cbd6925f16bb260abb7d216296886b
|
||||||
|
Patch60: shadow-4.6-install_subid_h.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/fa986b1d73605ecca54a4f19249227aeab827bf6
|
||||||
|
Patch61: shadow-4.6-respect_enable_static_no.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734
|
||||||
|
Patch62: shadow-4.6-getsubids.patch
|
||||||
|
# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
|
||||||
|
Patch63: shadow-4.6-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
|
||||||
|
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -79,6 +122,23 @@ for all users. The useradd, userdel, and usermod commands are used for
|
|||||||
managing user accounts. The groupadd, groupdel, and groupmod commands
|
managing user accounts. The groupadd, groupdel, and groupmod commands
|
||||||
are used for managing group accounts.
|
are used for managing group accounts.
|
||||||
|
|
||||||
|
|
||||||
|
### Subpackages ###
|
||||||
|
%package subid
|
||||||
|
Summary: A library to manage subordinate uid and gid ranges
|
||||||
|
License: BSD and GPLv2+
|
||||||
|
|
||||||
|
%description subid
|
||||||
|
Utility library that provides a way to manage subid ranges.
|
||||||
|
|
||||||
|
|
||||||
|
%package subid-devel
|
||||||
|
Summary: Development package for shadow-utils-subid
|
||||||
|
License: BSD and GPLv2+
|
||||||
|
|
||||||
|
%description subid-devel
|
||||||
|
Development files for shadow-utils-subid.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n shadow-%{version}
|
%setup -q -n shadow-%{version}
|
||||||
%patch0 -p1 -b .redhat
|
%patch0 -p1 -b .redhat
|
||||||
@ -114,6 +174,22 @@ are used for managing group accounts.
|
|||||||
%patch45 -p1 -b .sssd-redirect-warning
|
%patch45 -p1 -b .sssd-redirect-warning
|
||||||
%patch46 -p1 -b .remove-login-string-references
|
%patch46 -p1 -b .remove-login-string-references
|
||||||
%patch47 -p1 -b .usermod-allow-all-group-types
|
%patch47 -p1 -b .usermod-allow-all-group-types
|
||||||
|
%patch48 -p1 -b .libsubid_creation
|
||||||
|
%patch49 -p1 -b .libsubid_nsswitch_support
|
||||||
|
%patch50 -p1 -b .man-mention-nss-in-newuidmap
|
||||||
|
%patch51 -p1 -b .libsubid_not_print_error_messages
|
||||||
|
%patch52 -p1 -b .libsubid_init_return_false
|
||||||
|
%patch53 -p1 -b .useradd_SUB_UID_COUNT-0
|
||||||
|
%patch54 -p1 -b .libsubid_simplify_ranges_variable
|
||||||
|
%patch55 -p1 -b .libsubid_init_not_print_error_messages
|
||||||
|
%patch56 -p1 -b .libsubid_fix_newusers_nss_provides_subids
|
||||||
|
%patch57 -p1 -b .man_clarify_subid_delegation
|
||||||
|
%patch58 -p1 -b .libsubid_make_logfd_not_extern
|
||||||
|
%patch59 -p1 -b .useradd_dont_try_to_create_0_subuids
|
||||||
|
%patch60 -p1 -b .install_subid_h
|
||||||
|
%patch61 -p1 -b .respect_enable_static_no
|
||||||
|
%patch62 -p1 -b .getsubids
|
||||||
|
%patch63 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
@ -142,7 +218,7 @@ autoreconf
|
|||||||
--with-selinux \
|
--with-selinux \
|
||||||
--without-libcrack \
|
--without-libcrack \
|
||||||
--without-libpam \
|
--without-libpam \
|
||||||
--disable-shared \
|
--enable-shared \
|
||||||
--with-group-name-max-length=32
|
--with-group-name-max-length=32
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
@ -218,6 +294,13 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
|||||||
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Move header files to its own folder
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
|
||||||
|
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
|
||||||
|
|
||||||
|
# Remove .la files created by libsubid
|
||||||
|
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||||
|
|
||||||
%files -f shadow.lang
|
%files -f shadow.lang
|
||||||
%doc NEWS doc/HOWTO README
|
%doc NEWS doc/HOWTO README
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
@ -267,7 +350,33 @@ done
|
|||||||
%{_mandir}/man8/vipw.8*
|
%{_mandir}/man8/vipw.8*
|
||||||
%{_mandir}/man8/vigr.8*
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
|
%files subid
|
||||||
|
%{_libdir}/libsubid.so.*
|
||||||
|
%{_bindir}/getsubids
|
||||||
|
%{_mandir}/man1/getsubids.1*
|
||||||
|
|
||||||
|
%files subid-devel
|
||||||
|
%{includesubiddir}/subid.h
|
||||||
|
%{_libdir}/libsubid.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 9 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-16
|
||||||
|
- getsubids: provide system binary and man page. Resolves: #2013016
|
||||||
|
- groupdel: fix SIGSEGV when passwd does not exist. Resolves: #1986782
|
||||||
|
|
||||||
|
* Tue Oct 19 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-15
|
||||||
|
- Creation of subid and subid-devel subpackages (#2013009)
|
||||||
|
- libsubid: creation and nsswitch support
|
||||||
|
- libsubid: don't print error messages on stderr by default
|
||||||
|
- libsubid: libsubid_init return false if out of memory
|
||||||
|
- libsubid: don't return owner in list_owner_ranges API call
|
||||||
|
- libsubid: libsubid_init don't print messages on error
|
||||||
|
- libsubid: fix newusers when nss provides subids
|
||||||
|
- libsubid: make shadow_logfd not extern
|
||||||
|
- useradd: fix SUB_UID_COUNT=0
|
||||||
|
- man: mention NSS in new[ug]idmap manpages
|
||||||
|
- man: clarify subid delegation
|
||||||
|
|
||||||
* Thu Aug 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-14
|
* Thu Aug 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-14
|
||||||
- usermod: allow all group types with -G option (#1967641)
|
- usermod: allow all group types with -G option (#1967641)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user