- fix a list of owned directories (#510366)
- reduce the reuse of system IDs - speed up sys users look up on LDAP boxes (#511813) - upgrade
This commit is contained in:
parent
eb68578ecf
commit
8c824a0b04
12 changed files with 807 additions and 156 deletions
|
@ -1,3 +1 @@
|
||||||
shadow-4.0.17-login.defs
|
shadow-4.1.4.1.tar.bz2
|
||||||
shadow-4.0.18.1-useradd
|
|
||||||
shadow-4.1.3.tar.bz2
|
|
||||||
|
|
58
shadow-4.0.17-login.defs
Normal file
58
shadow-4.0.17-login.defs
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
# *REQUIRED*
|
||||||
|
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||||
|
# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
||||||
|
# QMAIL_DIR is for Qmail
|
||||||
|
#
|
||||||
|
#QMAIL_DIR Maildir
|
||||||
|
MAIL_DIR /var/spool/mail
|
||||||
|
#MAIL_FILE .mail
|
||||||
|
|
||||||
|
# Password aging controls:
|
||||||
|
#
|
||||||
|
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||||
|
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||||
|
# PASS_MIN_LEN Minimum acceptable password length.
|
||||||
|
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||||
|
#
|
||||||
|
PASS_MAX_DAYS 99999
|
||||||
|
PASS_MIN_DAYS 0
|
||||||
|
PASS_MIN_LEN 5
|
||||||
|
PASS_WARN_AGE 7
|
||||||
|
|
||||||
|
#
|
||||||
|
# Min/max values for automatic uid selection in useradd
|
||||||
|
#
|
||||||
|
UID_MIN 500
|
||||||
|
UID_MAX 60000
|
||||||
|
|
||||||
|
#
|
||||||
|
# Min/max values for automatic gid selection in groupadd
|
||||||
|
#
|
||||||
|
GID_MIN 500
|
||||||
|
GID_MAX 60000
|
||||||
|
|
||||||
|
#
|
||||||
|
# If defined, this command is run when removing a user.
|
||||||
|
# It should remove any at/cron/print jobs etc. owned by
|
||||||
|
# the user to be removed (passed as the first argument).
|
||||||
|
#
|
||||||
|
#USERDEL_CMD /usr/sbin/userdel_local
|
||||||
|
|
||||||
|
#
|
||||||
|
# If useradd should create home directories for users by default
|
||||||
|
# On RH systems, we do. This option is overridden with the -m flag on
|
||||||
|
# useradd command line.
|
||||||
|
#
|
||||||
|
CREATE_HOME yes
|
||||||
|
|
||||||
|
# The permission mask is initialized to this value. If not specified,
|
||||||
|
# the permission mask will be initialized to 022.
|
||||||
|
UMASK 077
|
||||||
|
|
||||||
|
# This enables userdel to remove user groups if no members exist.
|
||||||
|
#
|
||||||
|
USERGROUPS_ENAB yes
|
||||||
|
|
||||||
|
# Use MD5 or DES to encrypt password? Red Hat use MD5 by default.
|
||||||
|
MD5_CRYPT_ENAB yes
|
||||||
|
|
9
shadow-4.0.18.1-useradd
Normal file
9
shadow-4.0.18.1-useradd
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# useradd defaults file
|
||||||
|
GROUP=100
|
||||||
|
HOME=/home
|
||||||
|
INACTIVE=-1
|
||||||
|
EXPIRE=
|
||||||
|
SHELL=/bin/bash
|
||||||
|
SKEL=/etc/skel
|
||||||
|
CREATE_MAIL_SPOOL=yes
|
||||||
|
|
|
@ -1,75 +0,0 @@
|
||||||
diff -up shadow-4.1.3/libmisc/find_new_gid.c.redhat shadow-4.1.3/libmisc/find_new_gid.c
|
|
||||||
--- shadow-4.1.3/libmisc/find_new_gid.c.redhat 2009-04-11 17:55:13.000000000 +0200
|
|
||||||
+++ shadow-4.1.3/libmisc/find_new_gid.c 2009-04-14 14:49:34.000000000 +0200
|
|
||||||
@@ -56,11 +56,11 @@ int find_new_gid (bool sys_group, gid_t
|
|
||||||
assert (gid != NULL);
|
|
||||||
|
|
||||||
if (!sys_group) {
|
|
||||||
- gid_min = getdef_ulong ("GID_MIN", 1000L);
|
|
||||||
+ gid_min = getdef_ulong ("GID_MIN", 500L);
|
|
||||||
gid_max = getdef_ulong ("GID_MAX", 60000L);
|
|
||||||
} else {
|
|
||||||
gid_min = getdef_ulong ("SYS_GID_MIN", 1L);
|
|
||||||
- gid_max = getdef_ulong ("GID_MIN", 1000L) - 1;
|
|
||||||
+ gid_max = getdef_ulong ("GID_MIN", 500L) - 1;
|
|
||||||
gid_max = getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
|
||||||
}
|
|
||||||
used_gids = alloca (sizeof (char) * gid_max +1);
|
|
||||||
diff -up shadow-4.1.3/libmisc/find_new_uid.c.redhat shadow-4.1.3/libmisc/find_new_uid.c
|
|
||||||
--- shadow-4.1.3/libmisc/find_new_uid.c.redhat 2009-04-11 17:53:19.000000000 +0200
|
|
||||||
+++ shadow-4.1.3/libmisc/find_new_uid.c 2009-04-14 14:49:34.000000000 +0200
|
|
||||||
@@ -56,11 +56,11 @@ int find_new_uid (bool sys_user, uid_t *
|
|
||||||
assert (uid != NULL);
|
|
||||||
|
|
||||||
if (!sys_user) {
|
|
||||||
- uid_min = getdef_ulong ("UID_MIN", 1000L);
|
|
||||||
+ uid_min = getdef_ulong ("UID_MIN", 500L);
|
|
||||||
uid_max = getdef_ulong ("UID_MAX", 60000L);
|
|
||||||
} else {
|
|
||||||
uid_min = getdef_ulong ("SYS_UID_MIN", 1L);
|
|
||||||
- uid_max = getdef_ulong ("UID_MIN", 1000L) - 1;
|
|
||||||
+ uid_max = getdef_ulong ("UID_MIN", 500L) - 1;
|
|
||||||
uid_max = getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
|
|
||||||
}
|
|
||||||
used_uids = alloca (sizeof (char) * uid_max +1);
|
|
||||||
diff -up shadow-4.1.3/src/useradd.c.redhat shadow-4.1.3/src/useradd.c
|
|
||||||
--- shadow-4.1.3/src/useradd.c.redhat 2009-04-11 20:39:52.000000000 +0200
|
|
||||||
+++ shadow-4.1.3/src/useradd.c 2009-04-14 14:58:17.000000000 +0200
|
|
||||||
@@ -89,7 +89,7 @@ char *Prog;
|
|
||||||
static gid_t def_group = 100;
|
|
||||||
static const char *def_gname = "other";
|
|
||||||
static const char *def_home = "/home";
|
|
||||||
-static const char *def_shell = "";
|
|
||||||
+static const char *def_shell = "/sbin/nologin";
|
|
||||||
static const char *def_template = SKEL_DIR;
|
|
||||||
static const char *def_create_mail_spool = "no";
|
|
||||||
|
|
||||||
@@ -101,7 +101,7 @@ static char def_file[] = USER_DEFAULTS_F
|
|
||||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
|
||||||
|
|
||||||
static const char *user_name = "";
|
|
||||||
-static const char *user_pass = "!";
|
|
||||||
+static const char *user_pass = "!!";
|
|
||||||
static uid_t user_id;
|
|
||||||
static gid_t user_gid;
|
|
||||||
static const char *user_comment = "";
|
|
||||||
@@ -978,9 +978,9 @@ static void process_flags (int argc, cha
|
|
||||||
};
|
|
||||||
while ((c = getopt_long (argc, argv,
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
|
|
||||||
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
|
|
||||||
#else
|
|
||||||
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
|
|
||||||
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
|
|
||||||
#endif
|
|
||||||
long_options, NULL)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
@@ -1130,6 +1130,7 @@ static void process_flags (int argc, cha
|
|
||||||
case 'M':
|
|
||||||
Mflg = true;
|
|
||||||
break;
|
|
||||||
+ case 'n':
|
|
||||||
case 'N':
|
|
||||||
Nflg = true;
|
|
||||||
break;
|
|
|
@ -1,54 +0,0 @@
|
||||||
diff -up shadow-4.1.3/src/useradd.c.selinux shadow-4.1.3/src/useradd.c
|
|
||||||
--- shadow-4.1.3/src/useradd.c.selinux 2009-04-14 15:55:44.000000000 +0200
|
|
||||||
+++ shadow-4.1.3/src/useradd.c 2009-04-14 15:55:44.000000000 +0200
|
|
||||||
@@ -2011,9 +2011,7 @@ int main (int argc, char **argv)
|
|
||||||
close_files ();
|
|
||||||
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
- if (Zflg) {
|
|
||||||
- selinux_update_mapping ();
|
|
||||||
- }
|
|
||||||
+ selinux_update_mapping ();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
nscd_flush_cache ("passwd");
|
|
||||||
diff -up shadow-4.1.3/src/userdel.c.selinux shadow-4.1.3/src/userdel.c
|
|
||||||
--- shadow-4.1.3/src/userdel.c.selinux 2009-04-11 18:52:42.000000000 +0200
|
|
||||||
+++ shadow-4.1.3/src/userdel.c 2009-04-14 16:01:10.000000000 +0200
|
|
||||||
@@ -797,17 +797,6 @@ int main (int argc, char **argv)
|
|
||||||
audit_help_open ();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#ifdef WITH_SELINUX
|
|
||||||
- if (is_selinux_enabled () > 0) {
|
|
||||||
- const char *args[5];
|
|
||||||
- args[0] = "/usr/sbin/semanage";
|
|
||||||
- args[1] = "login";
|
|
||||||
- args[2] = "-d";
|
|
||||||
- args[3] = user_name;
|
|
||||||
- args[4] = NULL;
|
|
||||||
- safe_system (args[0], args, NULL, 1);
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
/*
|
|
||||||
* Get my name so that I can use it to report errors.
|
|
||||||
*/
|
|
||||||
@@ -1010,6 +999,18 @@ int main (int argc, char **argv)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ if (is_selinux_enabled () > 0) {
|
|
||||||
+ const char *args[5];
|
|
||||||
+ args[0] = "/usr/sbin/semanage";
|
|
||||||
+ args[1] = "login";
|
|
||||||
+ args[2] = "-d";
|
|
||||||
+ args[3] = user_name;
|
|
||||||
+ args[4] = NULL;
|
|
||||||
+ safe_system (args[0], args, NULL, 1);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
|
||||||
* the entry from /etc/passwd.
|
|
75
shadow-4.1.4-redhat.patch
Normal file
75
shadow-4.1.4-redhat.patch
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
diff -up shadow-4.1.4/libmisc/find_new_gid.c.redhat shadow-4.1.4/libmisc/find_new_gid.c
|
||||||
|
--- shadow-4.1.4/libmisc/find_new_gid.c.redhat 2009-04-23 19:36:42.000000000 +0200
|
||||||
|
+++ shadow-4.1.4/libmisc/find_new_gid.c 2009-05-15 12:01:18.000000000 +0200
|
||||||
|
@@ -58,11 +58,11 @@ int find_new_gid (bool sys_group,
|
||||||
|
assert (gid != NULL);
|
||||||
|
|
||||||
|
if (!sys_group) {
|
||||||
|
- gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
|
||||||
|
+ gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
|
||||||
|
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||||
|
} else {
|
||||||
|
gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
|
||||||
|
- gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||||
|
+ gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
|
||||||
|
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||||
|
}
|
||||||
|
used_gids = alloca (sizeof (bool) * (gid_max +1));
|
||||||
|
diff -up shadow-4.1.4/libmisc/find_new_uid.c.redhat shadow-4.1.4/libmisc/find_new_uid.c
|
||||||
|
--- shadow-4.1.4/libmisc/find_new_uid.c.redhat 2009-04-23 19:37:12.000000000 +0200
|
||||||
|
+++ shadow-4.1.4/libmisc/find_new_uid.c 2009-05-15 12:01:39.000000000 +0200
|
||||||
|
@@ -58,11 +58,11 @@ int find_new_uid (bool sys_user,
|
||||||
|
assert (uid != NULL);
|
||||||
|
|
||||||
|
if (!sys_user) {
|
||||||
|
- uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||||
|
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
|
||||||
|
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||||
|
} else {
|
||||||
|
uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
|
||||||
|
- uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
|
||||||
|
+ uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
|
||||||
|
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
|
||||||
|
}
|
||||||
|
used_uids = alloca (sizeof (bool) * (uid_max +1));
|
||||||
|
diff -up shadow-4.1.4/src/useradd.c.redhat shadow-4.1.4/src/useradd.c
|
||||||
|
--- shadow-4.1.4/src/useradd.c.redhat 2009-05-10 20:26:35.000000000 +0200
|
||||||
|
+++ shadow-4.1.4/src/useradd.c 2009-05-15 11:59:40.000000000 +0200
|
||||||
|
@@ -90,7 +90,7 @@ char *Prog;
|
||||||
|
static gid_t def_group = 100;
|
||||||
|
static const char *def_gname = "other";
|
||||||
|
static const char *def_home = "/home";
|
||||||
|
-static const char *def_shell = "";
|
||||||
|
+static const char *def_shell = "/sbin/nologin";
|
||||||
|
static const char *def_template = SKEL_DIR;
|
||||||
|
static const char *def_create_mail_spool = "no";
|
||||||
|
|
||||||
|
@@ -102,7 +102,7 @@ static char def_file[] = USER_DEFAULTS_F
|
||||||
|
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||||
|
|
||||||
|
static const char *user_name = "";
|
||||||
|
-static const char *user_pass = "!";
|
||||||
|
+static const char *user_pass = "!!";
|
||||||
|
static uid_t user_id;
|
||||||
|
static gid_t user_gid;
|
||||||
|
static const char *user_comment = "";
|
||||||
|
@@ -996,9 +996,9 @@ static void process_flags (int argc, cha
|
||||||
|
};
|
||||||
|
while ((c = getopt_long (argc, argv,
|
||||||
|
#ifdef WITH_SELINUX
|
||||||
|
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
|
||||||
|
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
|
||||||
|
#else
|
||||||
|
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
|
||||||
|
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
|
||||||
|
#endif
|
||||||
|
long_options, NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
@@ -1148,6 +1148,7 @@ static void process_flags (int argc, cha
|
||||||
|
case 'M':
|
||||||
|
Mflg = true;
|
||||||
|
break;
|
||||||
|
+ case 'n':
|
||||||
|
case 'N':
|
||||||
|
Nflg = true;
|
||||||
|
break;
|
|
@ -1,7 +1,7 @@
|
||||||
diff -up shadow-4.1.3/libmisc/chkname.c.goodname shadow-4.1.3/libmisc/chkname.c
|
diff -up shadow-4.1.4.1/libmisc/chkname.c.goodname shadow-4.1.4.1/libmisc/chkname.c
|
||||||
--- shadow-4.1.3/libmisc/chkname.c.goodname 2008-12-23 23:42:21.000000000 +0100
|
--- shadow-4.1.4.1/libmisc/chkname.c.goodname 2009-04-28 21:14:04.000000000 +0200
|
||||||
+++ shadow-4.1.3/libmisc/chkname.c 2009-04-14 11:46:21.000000000 +0200
|
+++ shadow-4.1.4.1/libmisc/chkname.c 2009-06-16 13:47:08.000000000 +0200
|
||||||
@@ -54,20 +54,28 @@
|
@@ -49,20 +49,28 @@
|
||||||
static bool is_valid_name (const char *name)
|
static bool is_valid_name (const char *name)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
|
@ -40,28 +40,28 @@ diff -up shadow-4.1.3/libmisc/chkname.c.goodname shadow-4.1.3/libmisc/chkname.c
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
diff -up shadow-4.1.3/man/groupadd.8.goodname shadow-4.1.3/man/groupadd.8
|
diff -up shadow-4.1.4.1/man/groupadd.8.goodname shadow-4.1.4.1/man/groupadd.8
|
||||||
--- shadow-4.1.3/man/groupadd.8.goodname 2009-04-12 04:46:15.000000000 +0200
|
--- shadow-4.1.4.1/man/groupadd.8.goodname 2009-05-22 15:56:08.000000000 +0200
|
||||||
+++ shadow-4.1.3/man/groupadd.8 2009-04-14 11:45:13.000000000 +0200
|
+++ shadow-4.1.4.1/man/groupadd.8 2009-06-16 13:50:41.000000000 +0200
|
||||||
@@ -139,9 +139,7 @@ Shadow password suite configuration\&.
|
@@ -153,9 +153,7 @@ Shadow password suite configuration\&.
|
||||||
.RE
|
.RE
|
||||||
.SH "CAVEATS"
|
.SH "CAVEATS"
|
||||||
.PP
|
.PP
|
||||||
-Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
||||||
-.PP
|
-.PP
|
||||||
-Groupnames may only be up to 16 characters long\&.
|
-Groupnames may only be up to 16 characters long\&.
|
||||||
+Groupnames may only be up to 32 characters long\&.
|
+Groupnames may only be up to 32 characters long\&.
|
||||||
.PP
|
.PP
|
||||||
You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
|
You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
|
||||||
.PP
|
.PP
|
||||||
diff -up shadow-4.1.3/man/useradd.8.goodname shadow-4.1.3/man/useradd.8
|
diff -up shadow-4.1.4.1/man/useradd.8.goodname shadow-4.1.4.1/man/useradd.8
|
||||||
--- shadow-4.1.3/man/useradd.8.goodname 2009-04-12 04:46:35.000000000 +0200
|
--- shadow-4.1.4.1/man/useradd.8.goodname 2009-05-22 15:56:28.000000000 +0200
|
||||||
+++ shadow-4.1.3/man/useradd.8 2009-04-14 11:45:13.000000000 +0200
|
+++ shadow-4.1.4.1/man/useradd.8 2009-06-16 13:51:17.000000000 +0200
|
||||||
@@ -385,8 +385,6 @@ Similarly, if the username already exist
|
@@ -405,8 +405,6 @@ Similarly, if the username already exist
|
||||||
\fBuseradd\fR
|
\fBuseradd\fR
|
||||||
will deny the user account creation request\&.
|
will deny the user account creation request\&.
|
||||||
.PP
|
.PP
|
||||||
-Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
||||||
-.PP
|
-.PP
|
||||||
Usernames may only be up to 32 characters long\&.
|
Usernames may only be up to 32 characters long\&.
|
||||||
.SH "CONFIGURATION"
|
.SH "CONFIGURATION"
|
230
shadow-4.1.4.1-largeGroup.patch
Normal file
230
shadow-4.1.4.1-largeGroup.patch
Normal file
|
@ -0,0 +1,230 @@
|
||||||
|
diff -U0 shadow-4.1.4.1/ChangeLog.large_group shadow-4.1.4.1/ChangeLog
|
||||||
|
diff -up shadow-4.1.4.1/lib/gshadow.c.large_group shadow-4.1.4.1/lib/gshadow.c
|
||||||
|
--- shadow-4.1.4.1/lib/gshadow.c.large_group 2009-04-23 13:53:56.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/lib/gshadow.c 2009-06-16 14:47:08.000000000 +0200
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
|
||||||
|
* Copyright (c) 1996 - 1998, Marek Michałkiewicz
|
||||||
|
* Copyright (c) 2005 , Tomasz Kłoczko
|
||||||
|
- * Copyright (c) 2008 , Nicolas François
|
||||||
|
+ * Copyright (c) 2008 - 2009, Nicolas François
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
@@ -41,7 +41,6 @@
|
||||||
|
#include "prototypes.h"
|
||||||
|
#include "defines.h"
|
||||||
|
static /*@null@*/FILE *shadow;
|
||||||
|
-static char sgrbuf[BUFSIZ * 4];
|
||||||
|
static /*@null@*//*@only@*/char **members = NULL;
|
||||||
|
static size_t nmembers = 0;
|
||||||
|
static /*@null@*//*@only@*/char **admins = NULL;
|
||||||
|
@@ -131,12 +130,25 @@ void endsgent (void)
|
||||||
|
|
||||||
|
/*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
|
||||||
|
{
|
||||||
|
+ static char *sgrbuf = NULL;
|
||||||
|
+ static size_t sgrbuflen = 0;
|
||||||
|
+
|
||||||
|
char *fields[FIELDS];
|
||||||
|
char *cp;
|
||||||
|
int i;
|
||||||
|
+ size_t len = strlen (string) + 1;
|
||||||
|
+
|
||||||
|
+ if (len > sgrbuflen) {
|
||||||
|
+ char *buf = (char *) realloc (sgrbuf, sizeof (char) * len);
|
||||||
|
+ if (NULL == buf) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ sgrbuf = buf;
|
||||||
|
+ sgrbuflen = len;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- strncpy (sgrbuf, string, sizeof sgrbuf - 1);
|
||||||
|
- sgrbuf[sizeof sgrbuf - 1] = '\0';
|
||||||
|
+ strncpy (sgrbuf, string, len);
|
||||||
|
+ sgrbuf[len-1] = '\0';
|
||||||
|
|
||||||
|
cp = strrchr (sgrbuf, '\n');
|
||||||
|
if (NULL != cp) {
|
||||||
|
@@ -161,7 +173,7 @@ void endsgent (void)
|
||||||
|
* the line is invalid.
|
||||||
|
*/
|
||||||
|
|
||||||
|
- if ((NULL != cp) || (i != FIELDS))
|
||||||
|
+ if ((NULL != cp) || (i != FIELDS)) {
|
||||||
|
#ifdef USE_NIS
|
||||||
|
if (!IS_NISCHAR (fields[0][0])) {
|
||||||
|
return 0;
|
||||||
|
@@ -171,6 +183,7 @@ void endsgent (void)
|
||||||
|
#else
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
+ }
|
||||||
|
|
||||||
|
sgroup.sg_name = fields[0];
|
||||||
|
sgroup.sg_passwd = fields[1];
|
||||||
|
@@ -199,20 +212,48 @@ void endsgent (void)
|
||||||
|
|
||||||
|
/*@observer@*//*@null@*/struct sgrp *fgetsgent (/*@null@*/FILE * fp)
|
||||||
|
{
|
||||||
|
- char buf[sizeof sgrbuf];
|
||||||
|
+ static size_t buflen = 0;
|
||||||
|
+ static char *buf = NULL;
|
||||||
|
+
|
||||||
|
char *cp;
|
||||||
|
+ struct sgrp *ret;
|
||||||
|
+
|
||||||
|
+ if (0 == buflen) {
|
||||||
|
+ buf = (char *) malloc (BUFSIZ);
|
||||||
|
+ if (NULL == buf) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (NULL == fp) {
|
||||||
|
- return (0);
|
||||||
|
+ return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef USE_NIS
|
||||||
|
- while (fgetsx (buf, (int) sizeof buf, fp) != (char *) 0)
|
||||||
|
+ while (fgetsx (buf, (int) sizeof buf, fp) == buf)
|
||||||
|
#else
|
||||||
|
- if (fgetsx (buf, (int) sizeof buf, fp) != (char *) 0)
|
||||||
|
+ if (fgetsx (buf, (int) sizeof buf, fp) == buf)
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
- cp = strchr (buf, '\n');
|
||||||
|
+ while ( ((cp = strrchr (buf, '\n')) == NULL)
|
||||||
|
+ && (feof (fp) == 0)) {
|
||||||
|
+ size_t len;
|
||||||
|
+
|
||||||
|
+ cp = (char *) realloc (buf, buflen*2);
|
||||||
|
+ if (NULL == cp) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ buf = cp;
|
||||||
|
+ buflen *= 2;
|
||||||
|
+
|
||||||
|
+ len = strlen (buf);
|
||||||
|
+ if (fgetsx (&buf[len],
|
||||||
|
+ (int) (buflen - len),
|
||||||
|
+ fp) != &buf[len]) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ cp = strrchr (buf, '\n');
|
||||||
|
if (NULL != cp) {
|
||||||
|
*cp = '\0';
|
||||||
|
}
|
||||||
|
@@ -223,7 +264,7 @@ void endsgent (void)
|
||||||
|
#endif
|
||||||
|
return (sgetsgent (buf));
|
||||||
|
}
|
||||||
|
- return 0;
|
||||||
|
+ return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -235,7 +276,6 @@ void endsgent (void)
|
||||||
|
#ifdef USE_NIS
|
||||||
|
bool nis_1_group = false;
|
||||||
|
struct sgrp *val;
|
||||||
|
- char buf[BUFSIZ];
|
||||||
|
#endif
|
||||||
|
if (NULL == shadow) {
|
||||||
|
setsgent ();
|
||||||
|
@@ -334,7 +374,6 @@ void endsgent (void)
|
||||||
|
struct sgrp *sgrp;
|
||||||
|
|
||||||
|
#ifdef USE_NIS
|
||||||
|
- char buf[BUFSIZ];
|
||||||
|
static char save_name[16];
|
||||||
|
int nis_disabled = 0;
|
||||||
|
#endif
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/xgetgrgid.c.large_group shadow-4.1.4.1/libmisc/xgetgrgid.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/xgetgrgid.c.large_group 2008-09-06 16:56:51.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/xgetgrgid.c 2009-06-16 14:15:08.000000000 +0200
|
||||||
|
@@ -58,7 +58,6 @@
|
||||||
|
#define ARG_TYPE gid_t
|
||||||
|
#define ARG_NAME gid
|
||||||
|
#define DUP_FUNCTION __gr_dup
|
||||||
|
-#define MAX_LENGTH 0x8000
|
||||||
|
#define HAVE_FUNCTION_R (defined HAVE_GETGRGID_R)
|
||||||
|
|
||||||
|
#include "xgetXXbyYY.c"
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/xgetgrnam.c.large_group shadow-4.1.4.1/libmisc/xgetgrnam.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/xgetgrnam.c.large_group 2008-09-06 16:56:57.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/xgetgrnam.c 2009-06-16 14:15:08.000000000 +0200
|
||||||
|
@@ -58,7 +58,6 @@
|
||||||
|
#define ARG_TYPE const char *
|
||||||
|
#define ARG_NAME name
|
||||||
|
#define DUP_FUNCTION __gr_dup
|
||||||
|
-#define MAX_LENGTH 0x8000
|
||||||
|
#define HAVE_FUNCTION_R (defined HAVE_GETGRNAM_R)
|
||||||
|
|
||||||
|
#include "xgetXXbyYY.c"
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/xgetpwnam.c.large_group shadow-4.1.4.1/libmisc/xgetpwnam.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/xgetpwnam.c.large_group 2008-09-06 16:57:05.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/xgetpwnam.c 2009-06-16 14:15:08.000000000 +0200
|
||||||
|
@@ -58,7 +58,6 @@
|
||||||
|
#define ARG_TYPE const char *
|
||||||
|
#define ARG_NAME name
|
||||||
|
#define DUP_FUNCTION __pw_dup
|
||||||
|
-#define MAX_LENGTH 0x8000
|
||||||
|
#define HAVE_FUNCTION_R (defined HAVE_GETPWNAM_R)
|
||||||
|
|
||||||
|
#include "xgetXXbyYY.c"
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/xgetpwuid.c.large_group shadow-4.1.4.1/libmisc/xgetpwuid.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/xgetpwuid.c.large_group 2008-09-06 16:57:11.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/xgetpwuid.c 2009-06-16 14:15:08.000000000 +0200
|
||||||
|
@@ -58,7 +58,6 @@
|
||||||
|
#define ARG_TYPE uid_t
|
||||||
|
#define ARG_NAME uid
|
||||||
|
#define DUP_FUNCTION __pw_dup
|
||||||
|
-#define MAX_LENGTH 0x8000
|
||||||
|
#define HAVE_FUNCTION_R (defined HAVE_GETPWUID_R)
|
||||||
|
|
||||||
|
#include "xgetXXbyYY.c"
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/xgetspnam.c.large_group shadow-4.1.4.1/libmisc/xgetspnam.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/xgetspnam.c.large_group 2008-09-06 16:57:17.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/xgetspnam.c 2009-06-16 14:15:08.000000000 +0200
|
||||||
|
@@ -58,7 +58,6 @@
|
||||||
|
#define ARG_TYPE const char *
|
||||||
|
#define ARG_NAME name
|
||||||
|
#define DUP_FUNCTION __spw_dup
|
||||||
|
-#define MAX_LENGTH 0x8000
|
||||||
|
#define HAVE_FUNCTION_R (defined HAVE_GETSPNAM_R)
|
||||||
|
|
||||||
|
#include "xgetXXbyYY.c"
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/xgetXXbyYY.c.large_group shadow-4.1.4.1/libmisc/xgetXXbyYY.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/xgetXXbyYY.c.large_group 2009-04-23 11:15:53.000000000 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/xgetXXbyYY.c 2009-06-16 14:15:08.000000000 +0200
|
||||||
|
@@ -79,7 +79,7 @@
|
||||||
|
exit (13);
|
||||||
|
}
|
||||||
|
|
||||||
|
- do {
|
||||||
|
+ while (true) {
|
||||||
|
int status;
|
||||||
|
LOOKUP_TYPE *resbuf = NULL;
|
||||||
|
buffer = (char *)realloc (buffer, length);
|
||||||
|
@@ -106,8 +106,14 @@
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- length *= 4;
|
||||||
|
- } while (length < MAX_LENGTH);
|
||||||
|
+ if (length <= ((size_t)-1 / 4)) {
|
||||||
|
+ length *= 4;
|
||||||
|
+ } else if (length == (size_t) -1) {
|
||||||
|
+ break;
|
||||||
|
+ } else {
|
||||||
|
+ length = (size_t) -1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
|
||||||
|
free(buffer);
|
||||||
|
free(result);
|
||||||
|
diff -up shadow-4.1.4.1/NEWS.large_group shadow-4.1.4.1/NEWS
|
85
shadow-4.1.4.1-ldap.patch
Normal file
85
shadow-4.1.4.1-ldap.patch
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.ldap shadow-4.1.4.1/libmisc/find_new_gid.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/find_new_gid.c.ldap 2009-07-16 10:37:41.653798746 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 10:44:14.482808945 +0200
|
||||||
|
@@ -90,17 +90,26 @@ int find_new_gid (bool sys_group,
|
||||||
|
* but we also check the local database (gr_rewind/gr_next) in case
|
||||||
|
* some groups were created but the changes were not committed yet.
|
||||||
|
*/
|
||||||
|
- setgrent ();
|
||||||
|
- while ((grp = getgrent ()) != NULL) {
|
||||||
|
- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||||
|
- group_id = grp->gr_gid + 1;
|
||||||
|
+ if (sys_group ) {
|
||||||
|
+ for(group_id = gid_min; group_id<=gid_max; group_id++) {
|
||||||
|
+ grp = getgrgid(group_id);
|
||||||
|
+ if(grp)
|
||||||
|
+ used_gids[grp->gr_gid] = true;
|
||||||
|
}
|
||||||
|
- /* create index of used GIDs */
|
||||||
|
- if (grp->gr_gid <= gid_max) {
|
||||||
|
- used_gids[grp->gr_gid] = true;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ setgrent ();
|
||||||
|
+ while ((grp = getgrent ()) != NULL) {
|
||||||
|
+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||||
|
+ group_id = grp->gr_gid + 1;
|
||||||
|
+ }
|
||||||
|
+ /* create index of used GIDs */
|
||||||
|
+ if (grp->gr_gid <= gid_max) {
|
||||||
|
+ used_gids[grp->gr_gid] = true;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ endgrent ();
|
||||||
|
}
|
||||||
|
- endgrent ();
|
||||||
|
gr_rewind ();
|
||||||
|
while ((grp = gr_next ()) != NULL) {
|
||||||
|
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.ldap shadow-4.1.4.1/libmisc/find_new_uid.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/find_new_uid.c.ldap 2009-07-16 10:37:41.653798746 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 10:37:41.668798323 +0200
|
||||||
|
@@ -91,17 +91,27 @@ int find_new_uid (bool sys_user,
|
||||||
|
* but we also check the local database (pw_rewind/pw_next) in case
|
||||||
|
* some users were created but the changes were not committed yet.
|
||||||
|
*/
|
||||||
|
- setpwent ();
|
||||||
|
- while ((pwd = getpwent ()) != NULL) {
|
||||||
|
- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||||
|
- user_id = pwd->pw_uid + 1;
|
||||||
|
+ /* speed up sys users look up on LDAP boxes */
|
||||||
|
+ if (sys_user) {
|
||||||
|
+ for (user_id = uid_min; user_id<=uid_max; user_id++) {
|
||||||
|
+ pwd = getpwuid(user_id);
|
||||||
|
+ if(pwd)
|
||||||
|
+ used_uids[user_id] = true;
|
||||||
|
}
|
||||||
|
- /* create index of used UIDs */
|
||||||
|
- if (pwd->pw_uid <= uid_max) {
|
||||||
|
- used_uids[pwd->pw_uid] = true;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ setpwent ();
|
||||||
|
+ while ((pwd = getpwent ()) != NULL) {
|
||||||
|
+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||||
|
+ user_id = pwd->pw_uid + 1;
|
||||||
|
+ }
|
||||||
|
+ /* create index of used UIDs */
|
||||||
|
+ if (pwd->pw_uid <= uid_max) {
|
||||||
|
+ used_uids[pwd->pw_uid] = true;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+ endpwent ();
|
||||||
|
}
|
||||||
|
- endpwent ();
|
||||||
|
pw_rewind ();
|
||||||
|
while ((pwd = pw_next ()) != NULL) {
|
||||||
|
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||||
|
@@ -113,6 +123,7 @@ int find_new_uid (bool sys_user,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
/* find free system account in reverse order */
|
||||||
|
if (sys_user) {
|
||||||
|
for (user_id = uid_max; user_id >= uid_min; user_id--) {
|
300
shadow-4.1.4.1-sysacc.patch
Normal file
300
shadow-4.1.4.1-sysacc.patch
Normal file
|
@ -0,0 +1,300 @@
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc shadow-4.1.4.1/libmisc/find_new_gid.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc 2009-07-16 11:51:34.807860808 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 14:19:08.678798578 +0200
|
||||||
|
@@ -52,7 +52,7 @@ int find_new_gid (bool sys_group,
|
||||||
|
/*@null@*/gid_t const *preferred_gid)
|
||||||
|
{
|
||||||
|
const struct group *grp;
|
||||||
|
- gid_t gid_min, gid_max, group_id;
|
||||||
|
+ gid_t gid_min, gid_max, group_id, id;
|
||||||
|
bool *used_gids;
|
||||||
|
|
||||||
|
assert (gid != NULL);
|
||||||
|
@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
|
||||||
|
gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
|
||||||
|
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||||
|
} else {
|
||||||
|
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
|
||||||
|
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||||
|
gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
|
||||||
|
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||||
|
}
|
||||||
|
@@ -80,7 +80,6 @@ int find_new_gid (bool sys_group,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- group_id = gid_min;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Search the entire group file,
|
||||||
|
@@ -91,13 +90,28 @@ int find_new_gid (bool sys_group,
|
||||||
|
* some groups were created but the changes were not committed yet.
|
||||||
|
*/
|
||||||
|
if (sys_group ) {
|
||||||
|
- for(group_id = gid_min; group_id<=gid_max; group_id++) {
|
||||||
|
- grp = getgrgid(group_id);
|
||||||
|
- if(grp)
|
||||||
|
+ group_id = gid_max;
|
||||||
|
+ for(id = gid_max; id>=gid_min; id--) {
|
||||||
|
+ grp = getgrgid(id);
|
||||||
|
+ if(grp) {
|
||||||
|
+ group_id = id - 1;
|
||||||
|
used_gids[grp->gr_gid] = true;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ gr_rewind ();
|
||||||
|
+ while ((grp = gr_next ()) != NULL) {
|
||||||
|
+ if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
|
||||||
|
+ group_id = grp->gr_gid - 1;
|
||||||
|
+ }
|
||||||
|
+ /* create index of used GIDs */
|
||||||
|
+ if (grp->gr_gid <= gid_max) {
|
||||||
|
+ used_gids[grp->gr_gid] = true;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
+ group_id = gid_min;
|
||||||
|
setgrent ();
|
||||||
|
while ((grp = getgrent ()) != NULL) {
|
||||||
|
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||||
|
@@ -109,32 +123,16 @@ int find_new_gid (bool sys_group,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
endgrent ();
|
||||||
|
- }
|
||||||
|
- gr_rewind ();
|
||||||
|
- while ((grp = gr_next ()) != NULL) {
|
||||||
|
- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||||
|
- group_id = grp->gr_gid + 1;
|
||||||
|
- }
|
||||||
|
- /* create index of used GIDs */
|
||||||
|
- if (grp->gr_gid <= gid_max) {
|
||||||
|
- used_gids[grp->gr_gid] = true;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
|
||||||
|
- /* find free system account in reverse order */
|
||||||
|
- if (sys_group) {
|
||||||
|
- for (group_id = gid_max; group_id >= gid_min; group_id--) {
|
||||||
|
- if (false == used_gids[group_id]) {
|
||||||
|
- break;
|
||||||
|
+ gr_rewind ();
|
||||||
|
+ while ((grp = gr_next ()) != NULL) {
|
||||||
|
+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||||
|
+ group_id = grp->gr_gid + 1;
|
||||||
|
+ }
|
||||||
|
+ /* create index of used GIDs */
|
||||||
|
+ if (grp->gr_gid <= gid_max) {
|
||||||
|
+ used_gids[grp->gr_gid] = true;
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
- if ( group_id < gid_min ) {
|
||||||
|
- fprintf (stderr,
|
||||||
|
- _("%s: Can't get unique GID (no more available GIDs)\n"),
|
||||||
|
- Prog);
|
||||||
|
- SYSLOG ((LOG_WARN,
|
||||||
|
- "no more available GID on the system"));
|
||||||
|
- return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -143,16 +141,35 @@ int find_new_gid (bool sys_group,
|
||||||
|
* will give us GID_MAX+1 even if not unique. Search for the first
|
||||||
|
* free GID starting with GID_MIN.
|
||||||
|
*/
|
||||||
|
- if (group_id == gid_max + 1) {
|
||||||
|
- for (group_id = gid_min; group_id < gid_max; group_id++) {
|
||||||
|
- if (false == used_gids[group_id]) {
|
||||||
|
- break;
|
||||||
|
+ if (sys_group) {
|
||||||
|
+ if (group_id == gid_min - 1) {
|
||||||
|
+ for (group_id = gid_max; group_id >= gid_min; group_id--) {
|
||||||
|
+ if (false == used_gids[group_id]) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if ( group_id < gid_min ) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: Can't get unique GID (no more available GIDs)\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ SYSLOG ((LOG_WARN,
|
||||||
|
+ "no more available GID on the system"));
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if (group_id == gid_max) {
|
||||||
|
- fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
|
||||||
|
- SYSLOG ((LOG_WARN, "no more available GID on the system"));
|
||||||
|
- return -1;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ if (group_id == gid_max + 1) {
|
||||||
|
+ for (group_id = gid_min; group_id < gid_max; group_id++) {
|
||||||
|
+ if (false == used_gids[group_id]) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (group_id == gid_max) {
|
||||||
|
+ fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
|
||||||
|
+ SYSLOG ((LOG_WARN, "no more available GID on the system"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc shadow-4.1.4.1/libmisc/find_new_uid.c
|
||||||
|
--- shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc 2009-07-16 11:51:34.807860808 +0200
|
||||||
|
+++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 14:13:38.120798526 +0200
|
||||||
|
@@ -52,7 +52,7 @@ int find_new_uid (bool sys_user,
|
||||||
|
/*@null@*/uid_t const *preferred_uid)
|
||||||
|
{
|
||||||
|
const struct passwd *pwd;
|
||||||
|
- uid_t uid_min, uid_max, user_id;
|
||||||
|
+ uid_t uid_min, uid_max, user_id, id;
|
||||||
|
bool *used_uids;
|
||||||
|
|
||||||
|
assert (uid != NULL);
|
||||||
|
@@ -61,7 +61,7 @@ int find_new_uid (bool sys_user,
|
||||||
|
uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
|
||||||
|
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||||
|
} else {
|
||||||
|
- uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
|
||||||
|
+ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
|
||||||
|
uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
|
||||||
|
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
|
||||||
|
}
|
||||||
|
@@ -81,8 +81,6 @@ int find_new_uid (bool sys_user,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
- user_id = uid_min;
|
||||||
|
-
|
||||||
|
/*
|
||||||
|
* Search the entire password file,
|
||||||
|
* looking for the largest unused value.
|
||||||
|
@@ -91,15 +89,30 @@ int find_new_uid (bool sys_user,
|
||||||
|
* but we also check the local database (pw_rewind/pw_next) in case
|
||||||
|
* some users were created but the changes were not committed yet.
|
||||||
|
*/
|
||||||
|
- /* speed up sys users look up on LDAP boxes */
|
||||||
|
if (sys_user) {
|
||||||
|
- for (user_id = uid_min; user_id<=uid_max; user_id++) {
|
||||||
|
- pwd = getpwuid(user_id);
|
||||||
|
- if(pwd)
|
||||||
|
+ user_id = uid_max;
|
||||||
|
+ for (id = uid_max; id>=uid_min; id--) {
|
||||||
|
+ pwd = getpwuid(id);
|
||||||
|
+ if(pwd) {
|
||||||
|
+ user_id = id - 1;
|
||||||
|
used_uids[user_id] = true;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ pw_rewind ();
|
||||||
|
+ while ((pwd = pw_next ()) != NULL) {
|
||||||
|
+ if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
|
||||||
|
+ user_id = pwd->pw_uid - 1;
|
||||||
|
+ }
|
||||||
|
+ /* create index of used UIDs */
|
||||||
|
+ if (pwd->pw_uid <= uid_max) {
|
||||||
|
+ used_uids[pwd->pw_uid] = true;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
+ user_id = uid_min;
|
||||||
|
setpwent ();
|
||||||
|
while ((pwd = getpwent ()) != NULL) {
|
||||||
|
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||||
|
@@ -111,51 +124,55 @@ int find_new_uid (bool sys_user,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
endpwent ();
|
||||||
|
- }
|
||||||
|
- pw_rewind ();
|
||||||
|
- while ((pwd = pw_next ()) != NULL) {
|
||||||
|
- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||||
|
- user_id = pwd->pw_uid + 1;
|
||||||
|
- }
|
||||||
|
- /* create index of used UIDs */
|
||||||
|
- if (pwd->pw_uid <= uid_max) {
|
||||||
|
- used_uids[pwd->pw_uid] = true;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
|
||||||
|
- /* find free system account in reverse order */
|
||||||
|
- if (sys_user) {
|
||||||
|
- for (user_id = uid_max; user_id >= uid_min; user_id--) {
|
||||||
|
- if (false == used_uids[user_id]) {
|
||||||
|
- break;
|
||||||
|
+ pw_rewind ();
|
||||||
|
+ while ((pwd = pw_next ()) != NULL) {
|
||||||
|
+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||||
|
+ user_id = pwd->pw_uid + 1;
|
||||||
|
+ }
|
||||||
|
+ /* create index of used UIDs */
|
||||||
|
+ if (pwd->pw_uid <= uid_max) {
|
||||||
|
+ used_uids[pwd->pw_uid] = true;
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
- if (user_id < uid_min ) {
|
||||||
|
- fprintf (stderr,
|
||||||
|
- _("%s: Can't get unique system UID (no more available UIDs)\n"),
|
||||||
|
- Prog);
|
||||||
|
- SYSLOG ((LOG_WARN,
|
||||||
|
- "no more available UID on the system"));
|
||||||
|
- return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* If a user with UID equal to UID_MAX exists, the above algorithm
|
||||||
|
* will give us UID_MAX+1 even if not unique. Search for the first
|
||||||
|
* free UID starting with UID_MIN.
|
||||||
|
*/
|
||||||
|
- if (user_id == uid_max + 1) {
|
||||||
|
- for (user_id = uid_min; user_id < uid_max; user_id++) {
|
||||||
|
- if (false == used_uids[user_id]) {
|
||||||
|
- break;
|
||||||
|
+ if (sys_user) {
|
||||||
|
+ if (user_id == uid_min - 1) {
|
||||||
|
+ for (user_id = uid_max; user_id >= uid_min; user_id--) {
|
||||||
|
+ if (false == used_uids[user_id]) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (user_id < uid_min ) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: Can't get unique system UID (no more available UIDs)\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ SYSLOG ((LOG_WARN,
|
||||||
|
+ "no more available UID on the system"));
|
||||||
|
+ return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
- if (user_id == uid_max) {
|
||||||
|
- fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog);
|
||||||
|
- SYSLOG ((LOG_WARN, "no more available UID on the system"));
|
||||||
|
- return -1;
|
||||||
|
+ }
|
||||||
|
+ else {
|
||||||
|
+ if (user_id == uid_max + 1) {
|
||||||
|
+ for (user_id = uid_min; user_id < uid_max; user_id++) {
|
||||||
|
+ if (false == used_uids[user_id]) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (user_id == uid_max) {
|
||||||
|
+ fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ SYSLOG ((LOG_WARN, "no more available UID on the system"));
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -1,15 +1,17 @@
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.1.3
|
Version: 4.1.4.1
|
||||||
Release: 2%{?dist}
|
Release: 4%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://pkg-shadow.alioth.debian.org/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
|
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
|
||||||
Source1: shadow-4.0.17-login.defs
|
Source1: shadow-4.0.17-login.defs
|
||||||
Source2: shadow-4.0.18.1-useradd
|
Source2: shadow-4.0.18.1-useradd
|
||||||
Patch0: shadow-4.1.3-redhat.patch
|
Patch0: shadow-4.1.4-redhat.patch
|
||||||
Patch1: shadow-4.1.3-goodname.patch
|
Patch1: shadow-4.1.4.1-goodname.patch
|
||||||
Patch2: shadow-4.1.3-selinux.patch
|
Patch2: shadow-4.1.4.1-largeGroup.patch
|
||||||
|
Patch3: shadow-4.1.4.1-ldap.patch
|
||||||
|
Patch4: shadow-4.1.4.1-sysacc.patch
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||||
|
@ -36,7 +38,9 @@ are used for managing group accounts.
|
||||||
%setup -q -n shadow-%{version}
|
%setup -q -n shadow-%{version}
|
||||||
%patch0 -p1 -b .redhat
|
%patch0 -p1 -b .redhat
|
||||||
%patch1 -p1 -b .goodname
|
%patch1 -p1 -b .goodname
|
||||||
%patch2 -p1 -b .selinux
|
%patch2 -p1 -b .largeGroup
|
||||||
|
%patch3 -p1 -b .ldap
|
||||||
|
%patch4 -p1 -b .sysacc
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
@ -125,7 +129,9 @@ find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
|
||||||
for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
||||||
dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
|
dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
|
||||||
lang=$(basename $dir)
|
lang=$(basename $dir)
|
||||||
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
echo "%%lang($lang) $dir" >> shadow.lang
|
||||||
|
echo "%%lang($lang) $dir/man*" >> shadow.lang
|
||||||
|
# echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||||
done
|
done
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
|
@ -176,6 +182,27 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
%{_mandir}/man8/vigr.8*
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-4
|
||||||
|
- fix a list of owned directories (#510366)
|
||||||
|
|
||||||
|
* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-3
|
||||||
|
- reduce the reuse of system IDs
|
||||||
|
|
||||||
|
* Wed Jul 15 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-2
|
||||||
|
- speed up sys users look up on LDAP boxes (#511813)
|
||||||
|
|
||||||
|
* Tue Jun 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-1
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
* Fri May 15 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4-1
|
||||||
|
- upgrade
|
||||||
|
|
||||||
|
* Wed Apr 22 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3.1-2
|
||||||
|
- lastlog fix
|
||||||
|
|
||||||
|
* Fri Apr 17 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3.1-1
|
||||||
|
- upgrade
|
||||||
|
|
||||||
* Tue Apr 14 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3-2
|
* Tue Apr 14 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3-2
|
||||||
- get "-n" option back
|
- get "-n" option back
|
||||||
- fix selinux issues
|
- fix selinux issues
|
||||||
|
|
4
sources
4
sources
|
@ -1,3 +1 @@
|
||||||
e91727c55dbafc9915250e31535f13bb shadow-4.0.17-login.defs
|
62f7dae4cb54fa84e478c4602d58cbe8 shadow-4.1.4.1.tar.bz2
|
||||||
ebdf46b79f9b414353c9ae8aba4d55cc shadow-4.0.18.1-useradd
|
|
||||||
d222bd50f64d52a32882c82ab1e85f28 shadow-4.1.3.tar.bz2
|
|
||||||
|
|
Loading…
Reference in a new issue