- fix a list of owned directories (#510366)

- reduce the reuse of system IDs
- speed up sys users look up on LDAP boxes (#511813)
- upgrade

.cvsignore

@@ -1,3 +1 @@
-shadow-4.0.17-login.defs
-shadow-4.0.18.1-useradd
-shadow-4.1.3.tar.bz2
+shadow-4.1.4.1.tar.bz2

shadow-4.0.17-login.defs

@@ -0,0 +1,58 @@
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#   QMAIL_DIR is for Qmail
+#
+#QMAIL_DIR	Maildir
+MAIL_DIR	/var/spool/mail
+#MAIL_FILE	.mail
+
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_MIN_LEN	Minimum acceptable password length.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_MIN_LEN	5
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			  500
+UID_MAX			60000
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			  500
+GID_MAX			60000
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# If useradd should create home directories for users by default
+# On RH systems, we do. This option is overridden with the -m flag on
+# useradd command line.
+#
+CREATE_HOME	yes
+
+# The permission mask is initialized to this value. If not specified, 
+# the permission mask will be initialized to 022.
+UMASK           077
+
+# This enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+# Use MD5 or DES to encrypt password? Red Hat use MD5 by default.
+MD5_CRYPT_ENAB yes
+

shadow-4.0.18.1-useradd

@@ -0,0 +1,9 @@
+# useradd defaults file
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/bash
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=yes
+

shadow-4.1.3-redhat.patch

@@ -1,75 +0,0 @@
-diff -up shadow-4.1.3/libmisc/find_new_gid.c.redhat shadow-4.1.3/libmisc/find_new_gid.c
---- shadow-4.1.3/libmisc/find_new_gid.c.redhat	2009-04-11 17:55:13.000000000 +0200
-+++ shadow-4.1.3/libmisc/find_new_gid.c	2009-04-14 14:49:34.000000000 +0200
-@@ -56,11 +56,11 @@ int find_new_gid (bool sys_group, gid_t 
- 	assert (gid != NULL);
- 
- 	if (!sys_group) {
--		gid_min = getdef_ulong ("GID_MIN", 1000L);
-+		gid_min = getdef_ulong ("GID_MIN", 500L);
- 		gid_max = getdef_ulong ("GID_MAX", 60000L);
- 	} else {
- 		gid_min = getdef_ulong ("SYS_GID_MIN", 1L);
--		gid_max = getdef_ulong ("GID_MIN", 1000L) - 1;
-+		gid_max = getdef_ulong ("GID_MIN", 500L) - 1;
- 		gid_max = getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
- 	}
- 	used_gids = alloca (sizeof (char) * gid_max +1);
-diff -up shadow-4.1.3/libmisc/find_new_uid.c.redhat shadow-4.1.3/libmisc/find_new_uid.c
---- shadow-4.1.3/libmisc/find_new_uid.c.redhat	2009-04-11 17:53:19.000000000 +0200
-+++ shadow-4.1.3/libmisc/find_new_uid.c	2009-04-14 14:49:34.000000000 +0200
-@@ -56,11 +56,11 @@ int find_new_uid (bool sys_user, uid_t *
- 	assert (uid != NULL);
- 
- 	if (!sys_user) {
--		uid_min = getdef_ulong ("UID_MIN", 1000L);
-+		uid_min = getdef_ulong ("UID_MIN", 500L);
- 		uid_max = getdef_ulong ("UID_MAX", 60000L);
- 	} else {
- 		uid_min = getdef_ulong ("SYS_UID_MIN", 1L);
--		uid_max = getdef_ulong ("UID_MIN", 1000L) - 1;
-+		uid_max = getdef_ulong ("UID_MIN", 500L) - 1;
- 		uid_max = getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
- 	}
- 	used_uids = alloca (sizeof (char) * uid_max +1);
-diff -up shadow-4.1.3/src/useradd.c.redhat shadow-4.1.3/src/useradd.c
---- shadow-4.1.3/src/useradd.c.redhat	2009-04-11 20:39:52.000000000 +0200
-+++ shadow-4.1.3/src/useradd.c	2009-04-14 14:58:17.000000000 +0200
-@@ -89,7 +89,7 @@ char *Prog;
- static gid_t def_group = 100;
- static const char *def_gname = "other";
- static const char *def_home = "/home";
--static const char *def_shell = "";
-+static const char *def_shell = "/sbin/nologin";
- static const char *def_template = SKEL_DIR;
- static const char *def_create_mail_spool = "no";
- 
-@@ -101,7 +101,7 @@ static char def_file[] = USER_DEFAULTS_F
- #define	VALID(s)	(strcspn (s, ":\n") == strlen (s))
- 
- static const char *user_name = "";
--static const char *user_pass = "!";
-+static const char *user_pass = "!!";
- static uid_t user_id;
- static gid_t user_gid;
- static const char *user_comment = "";
-@@ -978,9 +978,9 @@ static void process_flags (int argc, cha
- 		};
- 		while ((c = getopt_long (argc, argv,
- #ifdef WITH_SELINUX
--		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
-+		                         "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
- #else
--		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
-+		                         "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
- #endif
- 		                         long_options, NULL)) != -1) {
- 			switch (c) {
-@@ -1130,6 +1130,7 @@ static void process_flags (int argc, cha
- 			case 'M':
- 				Mflg = true;
- 				break;
-+			case 'n':
- 			case 'N':
- 				Nflg = true;
- 				break;

shadow-4.1.3-selinux.patch

@@ -1,54 +0,0 @@
-diff -up shadow-4.1.3/src/useradd.c.selinux shadow-4.1.3/src/useradd.c
---- shadow-4.1.3/src/useradd.c.selinux	2009-04-14 15:55:44.000000000 +0200
-+++ shadow-4.1.3/src/useradd.c	2009-04-14 15:55:44.000000000 +0200
-@@ -2011,9 +2011,7 @@ int main (int argc, char **argv)
- 	close_files ();
- 
- #ifdef WITH_SELINUX
--	if (Zflg) {
--		selinux_update_mapping ();
--	}
-+	selinux_update_mapping ();
- #endif
- 
- 	nscd_flush_cache ("passwd");
-diff -up shadow-4.1.3/src/userdel.c.selinux shadow-4.1.3/src/userdel.c
---- shadow-4.1.3/src/userdel.c.selinux	2009-04-11 18:52:42.000000000 +0200
-+++ shadow-4.1.3/src/userdel.c	2009-04-14 16:01:10.000000000 +0200
-@@ -797,17 +797,6 @@ int main (int argc, char **argv)
- 	audit_help_open ();
- #endif
- 
--#ifdef WITH_SELINUX
--	if (is_selinux_enabled () > 0) {
--		const char *args[5];
--		args[0] = "/usr/sbin/semanage";
--		args[1] = "login";
--		args[2] = "-d";
--		args[3] = user_name;
--		args[4] = NULL;
--		safe_system (args[0], args, NULL, 1);
--	}
--#endif
- 	/*
- 	 * Get my name so that I can use it to report errors.
- 	 */
-@@ -1010,6 +999,18 @@ int main (int argc, char **argv)
- 	}
- #endif
- 
-+#ifdef WITH_SELINUX
-+	if (is_selinux_enabled () > 0) {
-+		const char *args[5];
-+		args[0] = "/usr/sbin/semanage";
-+		args[1] = "login";
-+		args[2] = "-d";
-+		args[3] = user_name;
-+		args[4] = NULL;
-+		safe_system (args[0], args, NULL, 1);
-+	}
-+#endif
-+
- 	/*
- 	 * Cancel any crontabs or at jobs. Have to do this before we remove
- 	 * the entry from /etc/passwd.

shadow-4.1.4-redhat.patch

@@ -0,0 +1,75 @@
+diff -up shadow-4.1.4/libmisc/find_new_gid.c.redhat shadow-4.1.4/libmisc/find_new_gid.c
+--- shadow-4.1.4/libmisc/find_new_gid.c.redhat	2009-04-23 19:36:42.000000000 +0200
++++ shadow-4.1.4/libmisc/find_new_gid.c	2009-05-15 12:01:18.000000000 +0200
+@@ -58,11 +58,11 @@ int find_new_gid (bool sys_group,
+ 	assert (gid != NULL);
+ 
+ 	if (!sys_group) {
+-		gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
++		gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+ 	} else {
+ 		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
+-		gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
++		gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
+ 		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
+ 	}
+ 	used_gids = alloca (sizeof (bool) * (gid_max +1));
+diff -up shadow-4.1.4/libmisc/find_new_uid.c.redhat shadow-4.1.4/libmisc/find_new_uid.c
+--- shadow-4.1.4/libmisc/find_new_uid.c.redhat	2009-04-23 19:37:12.000000000 +0200
++++ shadow-4.1.4/libmisc/find_new_uid.c	2009-05-15 12:01:39.000000000 +0200
+@@ -58,11 +58,11 @@ int find_new_uid (bool sys_user,
+ 	assert (uid != NULL);
+ 
+ 	if (!sys_user) {
+-		uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
++		uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
+ 		uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ 	} else {
+ 		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+-		uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
++		uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
+ 		uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
+ 	}
+ 	used_uids = alloca (sizeof (bool) * (uid_max +1));
+diff -up shadow-4.1.4/src/useradd.c.redhat shadow-4.1.4/src/useradd.c
+--- shadow-4.1.4/src/useradd.c.redhat	2009-05-10 20:26:35.000000000 +0200
++++ shadow-4.1.4/src/useradd.c	2009-05-15 11:59:40.000000000 +0200
+@@ -90,7 +90,7 @@ char *Prog;
+ static gid_t def_group = 100;
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+-static const char *def_shell = "";
++static const char *def_shell = "/sbin/nologin";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_create_mail_spool = "no";
+ 
+@@ -102,7 +102,7 @@ static char def_file[] = USER_DEFAULTS_F
+ #define	VALID(s)	(strcspn (s, ":\n") == strlen (s))
+ 
+ static const char *user_name = "";
+-static const char *user_pass = "!";
++static const char *user_pass = "!!";
+ static uid_t user_id;
+ static gid_t user_gid;
+ static const char *user_comment = "";
+@@ -996,9 +996,9 @@ static void process_flags (int argc, cha
+ 		};
+ 		while ((c = getopt_long (argc, argv,
+ #ifdef WITH_SELINUX
+-		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
++		                         "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
+ #else
+-		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
++		                         "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
+ #endif
+ 		                         long_options, NULL)) != -1) {
+ 			switch (c) {
+@@ -1148,6 +1148,7 @@ static void process_flags (int argc, cha
+ 			case 'M':
+ 				Mflg = true;
+ 				break;
++			case 'n':
+ 			case 'N':
+ 				Nflg = true;
+ 				break;

shadow-4.1.4.1-goodname.patch

@@ -1,7 +1,7 @@
-diff -up shadow-4.1.3/libmisc/chkname.c.goodname shadow-4.1.3/libmisc/chkname.c
---- shadow-4.1.3/libmisc/chkname.c.goodname	2008-12-23 23:42:21.000000000 +0100
-+++ shadow-4.1.3/libmisc/chkname.c	2009-04-14 11:46:21.000000000 +0200
-@@ -54,20 +54,28 @@
+diff -up shadow-4.1.4.1/libmisc/chkname.c.goodname shadow-4.1.4.1/libmisc/chkname.c
+--- shadow-4.1.4.1/libmisc/chkname.c.goodname	2009-04-28 21:14:04.000000000 +0200
++++ shadow-4.1.4.1/libmisc/chkname.c	2009-06-16 13:47:08.000000000 +0200
+@@ -49,20 +49,28 @@
  static bool is_valid_name (const char *name)
  {
  	/*
@@ -40,28 +40,28 @@ diff -up shadow-4.1.3/libmisc/chkname.c.goodname shadow-4.1.3/libmisc/chkname.c
  			return false;
  		}
  	}
-diff -up shadow-4.1.3/man/groupadd.8.goodname shadow-4.1.3/man/groupadd.8
---- shadow-4.1.3/man/groupadd.8.goodname	2009-04-12 04:46:15.000000000 +0200
-+++ shadow-4.1.3/man/groupadd.8	2009-04-14 11:45:13.000000000 +0200
-@@ -139,9 +139,7 @@ Shadow password suite configuration\&.
+diff -up shadow-4.1.4.1/man/groupadd.8.goodname shadow-4.1.4.1/man/groupadd.8
+--- shadow-4.1.4.1/man/groupadd.8.goodname	2009-05-22 15:56:08.000000000 +0200
++++ shadow-4.1.4.1/man/groupadd.8	2009-06-16 13:50:41.000000000 +0200
+@@ -153,9 +153,7 @@ Shadow password suite configuration\&.
  .RE
  .SH "CAVEATS"
  .PP
--Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
 -.PP
 -Groupnames may only be up to 16 characters long\&.
 +Groupnames may only be up to 32 characters long\&.
  .PP
  You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
  .PP
-diff -up shadow-4.1.3/man/useradd.8.goodname shadow-4.1.3/man/useradd.8
---- shadow-4.1.3/man/useradd.8.goodname	2009-04-12 04:46:35.000000000 +0200
-+++ shadow-4.1.3/man/useradd.8	2009-04-14 11:45:13.000000000 +0200
-@@ -385,8 +385,6 @@ Similarly, if the username already exist
+diff -up shadow-4.1.4.1/man/useradd.8.goodname shadow-4.1.4.1/man/useradd.8
+--- shadow-4.1.4.1/man/useradd.8.goodname	2009-05-22 15:56:28.000000000 +0200
++++ shadow-4.1.4.1/man/useradd.8	2009-06-16 13:51:17.000000000 +0200
+@@ -405,8 +405,6 @@ Similarly, if the username already exist
  \fBuseradd\fR
  will deny the user account creation request\&.
  .PP
--Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
 -.PP
  Usernames may only be up to 32 characters long\&.
  .SH "CONFIGURATION"

shadow-4.1.4.1-largeGroup.patch

@@ -0,0 +1,230 @@
+diff -U0 shadow-4.1.4.1/ChangeLog.large_group shadow-4.1.4.1/ChangeLog
+diff -up shadow-4.1.4.1/lib/gshadow.c.large_group shadow-4.1.4.1/lib/gshadow.c
+--- shadow-4.1.4.1/lib/gshadow.c.large_group	2009-04-23 13:53:56.000000000 +0200
++++ shadow-4.1.4.1/lib/gshadow.c	2009-06-16 14:47:08.000000000 +0200
+@@ -2,7 +2,7 @@
+  * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+  * Copyright (c) 1996 - 1998, Marek Michałkiewicz
+  * Copyright (c) 2005       , Tomasz Kłoczko
+- * Copyright (c) 2008       , Nicolas François
++ * Copyright (c) 2008 - 2009, Nicolas François
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -41,7 +41,6 @@
+ #include "prototypes.h"
+ #include "defines.h"
+ static /*@null@*/FILE *shadow;
+-static char sgrbuf[BUFSIZ * 4];
+ static /*@null@*//*@only@*/char **members = NULL;
+ static size_t nmembers = 0;
+ static /*@null@*//*@only@*/char **admins = NULL;
+@@ -131,12 +130,25 @@ void endsgent (void)
+ 
+ /*@observer@*//*@null@*/struct sgrp *sgetsgent (const char *string)
+ {
++	static char *sgrbuf = NULL;
++	static size_t sgrbuflen = 0;
++
+ 	char *fields[FIELDS];
+ 	char *cp;
+ 	int i;
++	size_t len = strlen (string) + 1;
++
++	if (len > sgrbuflen) {
++		char *buf = (char *) realloc (sgrbuf, sizeof (char) * len);
++		if (NULL == buf) {
++			return NULL;
++		}
++		sgrbuf = buf;
++		sgrbuflen = len;
++	}
+ 
+-	strncpy (sgrbuf, string, sizeof sgrbuf - 1);
+-	sgrbuf[sizeof sgrbuf - 1] = '\0';
++	strncpy (sgrbuf, string, len);
++	sgrbuf[len-1] = '\0';
+ 
+ 	cp = strrchr (sgrbuf, '\n');
+ 	if (NULL != cp) {
+@@ -161,7 +173,7 @@ void endsgent (void)
+ 	 * the line is invalid.
+ 	 */
+ 
+-	if ((NULL != cp) || (i != FIELDS))
++	if ((NULL != cp) || (i != FIELDS)) {
+ #ifdef	USE_NIS
+ 		if (!IS_NISCHAR (fields[0][0])) {
+ 			return 0;
+@@ -171,6 +183,7 @@ void endsgent (void)
+ #else
+ 		return 0;
+ #endif
++	}
+ 
+ 	sgroup.sg_name = fields[0];
+ 	sgroup.sg_passwd = fields[1];
+@@ -199,20 +212,48 @@ void endsgent (void)
+ 
+ /*@observer@*//*@null@*/struct sgrp *fgetsgent (/*@null@*/FILE * fp)
+ {
+-	char buf[sizeof sgrbuf];
++	static size_t buflen = 0;
++	static char *buf = NULL;
++
+ 	char *cp;
++	struct sgrp *ret;
++
++	if (0 == buflen) {
++		buf = (char *) malloc (BUFSIZ);
++		if (NULL == buf) {
++			return NULL;
++		}
++	}
+ 
+ 	if (NULL == fp) {
+-		return (0);
++		return NULL;
+ 	}
+ 
+ #ifdef	USE_NIS
+-	while (fgetsx (buf, (int) sizeof buf, fp) != (char *) 0)
++	while (fgetsx (buf, (int) sizeof buf, fp) == buf)
+ #else
+-	if (fgetsx (buf, (int) sizeof buf, fp) != (char *) 0)
++	if (fgetsx (buf, (int) sizeof buf, fp) == buf)
+ #endif
+ 	{
+-		cp = strchr (buf, '\n');
++		while (   ((cp = strrchr (buf, '\n')) == NULL)
++		       && (feof (fp) == 0)) {
++			size_t len;
++
++			cp = (char *) realloc (buf, buflen*2);
++			if (NULL == cp) {
++				return NULL;
++			}
++			buf = cp;
++			buflen *= 2;
++
++			len = strlen (buf);
++			if (fgetsx (&buf[len],
++			            (int) (buflen - len),
++			            fp) != &buf[len]) {
++				return NULL;
++			}
++		}
++		cp = strrchr (buf, '\n');
+ 		if (NULL != cp) {
+ 			*cp = '\0';
+ 		}
+@@ -223,7 +264,7 @@ void endsgent (void)
+ #endif
+ 		return (sgetsgent (buf));
+ 	}
+-	return 0;
++	return NULL;
+ }
+ 
+ /*
+@@ -235,7 +276,6 @@ void endsgent (void)
+ #ifdef	USE_NIS
+ 	bool nis_1_group = false;
+ 	struct sgrp *val;
+-	char buf[BUFSIZ];
+ #endif
+ 	if (NULL == shadow) {
+ 		setsgent ();
+@@ -334,7 +374,6 @@ void endsgent (void)
+ 	struct sgrp *sgrp;
+ 
+ #ifdef	USE_NIS
+-	char buf[BUFSIZ];
+ 	static char save_name[16];
+ 	int nis_disabled = 0;
+ #endif
+diff -up shadow-4.1.4.1/libmisc/xgetgrgid.c.large_group shadow-4.1.4.1/libmisc/xgetgrgid.c
+--- shadow-4.1.4.1/libmisc/xgetgrgid.c.large_group	2008-09-06 16:56:51.000000000 +0200
++++ shadow-4.1.4.1/libmisc/xgetgrgid.c	2009-06-16 14:15:08.000000000 +0200
+@@ -58,7 +58,6 @@
+ #define ARG_TYPE	gid_t
+ #define ARG_NAME	gid
+ #define DUP_FUNCTION	__gr_dup
+-#define MAX_LENGTH	0x8000
+ #define HAVE_FUNCTION_R (defined HAVE_GETGRGID_R)
+ 
+ #include "xgetXXbyYY.c"
+diff -up shadow-4.1.4.1/libmisc/xgetgrnam.c.large_group shadow-4.1.4.1/libmisc/xgetgrnam.c
+--- shadow-4.1.4.1/libmisc/xgetgrnam.c.large_group	2008-09-06 16:56:57.000000000 +0200
++++ shadow-4.1.4.1/libmisc/xgetgrnam.c	2009-06-16 14:15:08.000000000 +0200
+@@ -58,7 +58,6 @@
+ #define ARG_TYPE	const char *
+ #define ARG_NAME	name
+ #define DUP_FUNCTION	__gr_dup
+-#define MAX_LENGTH	0x8000
+ #define HAVE_FUNCTION_R (defined HAVE_GETGRNAM_R)
+ 
+ #include "xgetXXbyYY.c"
+diff -up shadow-4.1.4.1/libmisc/xgetpwnam.c.large_group shadow-4.1.4.1/libmisc/xgetpwnam.c
+--- shadow-4.1.4.1/libmisc/xgetpwnam.c.large_group	2008-09-06 16:57:05.000000000 +0200
++++ shadow-4.1.4.1/libmisc/xgetpwnam.c	2009-06-16 14:15:08.000000000 +0200
+@@ -58,7 +58,6 @@
+ #define ARG_TYPE	const char *
+ #define ARG_NAME	name
+ #define DUP_FUNCTION	__pw_dup
+-#define MAX_LENGTH	0x8000
+ #define HAVE_FUNCTION_R (defined HAVE_GETPWNAM_R)
+ 
+ #include "xgetXXbyYY.c"
+diff -up shadow-4.1.4.1/libmisc/xgetpwuid.c.large_group shadow-4.1.4.1/libmisc/xgetpwuid.c
+--- shadow-4.1.4.1/libmisc/xgetpwuid.c.large_group	2008-09-06 16:57:11.000000000 +0200
++++ shadow-4.1.4.1/libmisc/xgetpwuid.c	2009-06-16 14:15:08.000000000 +0200
+@@ -58,7 +58,6 @@
+ #define ARG_TYPE	uid_t
+ #define ARG_NAME	uid
+ #define DUP_FUNCTION	__pw_dup
+-#define MAX_LENGTH	0x8000
+ #define HAVE_FUNCTION_R (defined HAVE_GETPWUID_R)
+ 
+ #include "xgetXXbyYY.c"
+diff -up shadow-4.1.4.1/libmisc/xgetspnam.c.large_group shadow-4.1.4.1/libmisc/xgetspnam.c
+--- shadow-4.1.4.1/libmisc/xgetspnam.c.large_group	2008-09-06 16:57:17.000000000 +0200
++++ shadow-4.1.4.1/libmisc/xgetspnam.c	2009-06-16 14:15:08.000000000 +0200
+@@ -58,7 +58,6 @@
+ #define ARG_TYPE	const char *
+ #define ARG_NAME	name
+ #define DUP_FUNCTION	__spw_dup
+-#define MAX_LENGTH	0x8000
+ #define HAVE_FUNCTION_R (defined HAVE_GETSPNAM_R)
+ 
+ #include "xgetXXbyYY.c"
+diff -up shadow-4.1.4.1/libmisc/xgetXXbyYY.c.large_group shadow-4.1.4.1/libmisc/xgetXXbyYY.c
+--- shadow-4.1.4.1/libmisc/xgetXXbyYY.c.large_group	2009-04-23 11:15:53.000000000 +0200
++++ shadow-4.1.4.1/libmisc/xgetXXbyYY.c	2009-06-16 14:15:08.000000000 +0200
+@@ -79,7 +79,7 @@
+ 		exit (13);
+ 	}
+ 
+-	do {
++	while (true) {
+ 		int status;
+ 		LOOKUP_TYPE *resbuf = NULL;
+ 		buffer = (char *)realloc (buffer, length);
+@@ -106,8 +106,14 @@
+ 			return NULL;
+ 		}
+ 
+-		length *= 4;
+-	} while (length < MAX_LENGTH);
++		if (length <= ((size_t)-1 / 4)) {
++			length *= 4;
++		} else if (length == (size_t) -1) {
++			break;
++		} else {
++			length = (size_t) -1;
++		}
++	}
+ 
+ 	free(buffer);
+ 	free(result);
+diff -up shadow-4.1.4.1/NEWS.large_group shadow-4.1.4.1/NEWS

shadow-4.1.4.1-ldap.patch

@@ -0,0 +1,85 @@
+diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.ldap shadow-4.1.4.1/libmisc/find_new_gid.c
+--- shadow-4.1.4.1/libmisc/find_new_gid.c.ldap	2009-07-16 10:37:41.653798746 +0200
++++ shadow-4.1.4.1/libmisc/find_new_gid.c	2009-07-16 10:44:14.482808945 +0200
+@@ -90,17 +90,26 @@ int find_new_gid (bool sys_group,
+ 	 * but we also check the local database (gr_rewind/gr_next) in case
+ 	 * some groups were created but the changes were not committed yet.
+ 	 */
+-	setgrent ();
+-	while ((grp = getgrent ()) != NULL) {
+-		if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+-			group_id = grp->gr_gid + 1;
++	if (sys_group ) {
++		for(group_id = gid_min; group_id<=gid_max; group_id++) {
++			grp = getgrgid(group_id);
++			if(grp)
++				used_gids[grp->gr_gid] = true;
+ 		}
+-		/* create index of used GIDs */
+-		if (grp->gr_gid <= gid_max) {
+-			used_gids[grp->gr_gid] = true;
++	}
++	else {
++		setgrent ();
++		while ((grp = getgrent ()) != NULL) {
++			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
++				group_id = grp->gr_gid + 1;
++			}
++			/* create index of used GIDs */
++			if (grp->gr_gid <= gid_max) {
++				used_gids[grp->gr_gid] = true;
++			}
+ 		}
++		endgrent ();
+ 	}
+-	endgrent ();
+ 	gr_rewind ();
+ 	while ((grp = gr_next ()) != NULL) {
+ 		if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.ldap shadow-4.1.4.1/libmisc/find_new_uid.c
+--- shadow-4.1.4.1/libmisc/find_new_uid.c.ldap	2009-07-16 10:37:41.653798746 +0200
++++ shadow-4.1.4.1/libmisc/find_new_uid.c	2009-07-16 10:37:41.668798323 +0200
+@@ -91,17 +91,27 @@ int find_new_uid (bool sys_user,
+ 	 * but we also check the local database (pw_rewind/pw_next) in case
+ 	 * some users were created but the changes were not committed yet.
+ 	 */
+-	setpwent ();
+-	while ((pwd = getpwent ()) != NULL) {
+-		if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+-			user_id = pwd->pw_uid + 1;
++	/* speed up sys users look up on LDAP boxes */
++	if (sys_user) {
++		for (user_id = uid_min; user_id<=uid_max; user_id++) {
++			pwd = getpwuid(user_id);
++			if(pwd)
++				used_uids[user_id] = true;
+ 		}
+-		/* create index of used UIDs */
+-		if (pwd->pw_uid <= uid_max) {
+-			used_uids[pwd->pw_uid] = true;
++	}
++	else {
++		setpwent ();
++		while ((pwd = getpwent ()) != NULL) {
++			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
++				user_id = pwd->pw_uid + 1;
++			}
++			/* create index of used UIDs */
++			if (pwd->pw_uid <= uid_max) {
++				used_uids[pwd->pw_uid] = true;
++			}
+ 		}
++		endpwent ();
+ 	}
+-	endpwent ();
+ 	pw_rewind ();
+ 	while ((pwd = pw_next ()) != NULL) {
+ 		if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+@@ -113,6 +123,7 @@ int find_new_uid (bool sys_user,
+ 		}
+ 	}
+ 
++
+ 	/* find free system account in reverse order */
+ 	if (sys_user) {
+ 		for (user_id = uid_max; user_id >= uid_min; user_id--) {

shadow-4.1.4.1-sysacc.patch

@@ -0,0 +1,300 @@
+diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc shadow-4.1.4.1/libmisc/find_new_gid.c
+--- shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc	2009-07-16 11:51:34.807860808 +0200
++++ shadow-4.1.4.1/libmisc/find_new_gid.c	2009-07-16 14:19:08.678798578 +0200
+@@ -52,7 +52,7 @@ int find_new_gid (bool sys_group,
+                   /*@null@*/gid_t const *preferred_gid)
+ {
+ 	const struct group *grp;
+-	gid_t gid_min, gid_max, group_id;
++	gid_t gid_min, gid_max, group_id, id;
+ 	bool *used_gids;
+ 
+ 	assert (gid != NULL);
+@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
+ 		gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+ 	} else {
+-		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
++		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
+ 		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
+ 	}
+@@ -80,7 +80,6 @@ int find_new_gid (bool sys_group,
+ 		return 0;
+ 	}
+ 
+-	group_id = gid_min;
+ 
+ 	/*
+ 	 * Search the entire group file,
+@@ -91,13 +90,28 @@ int find_new_gid (bool sys_group,
+ 	 * some groups were created but the changes were not committed yet.
+ 	 */
+ 	if (sys_group ) {
+-		for(group_id = gid_min; group_id<=gid_max; group_id++) {
+-			grp = getgrgid(group_id);
+-			if(grp)
++		group_id = gid_max;
++		for(id = gid_max; id>=gid_min; id--) {
++			grp = getgrgid(id);
++			if(grp) {
++				group_id = id - 1;
+ 				used_gids[grp->gr_gid] = true;
++			}
++		}
++
++		gr_rewind ();
++		while ((grp = gr_next ()) != NULL) {
++			if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
++				group_id = grp->gr_gid - 1;
++			}
++			/* create index of used GIDs */
++			if (grp->gr_gid <= gid_max) {
++				used_gids[grp->gr_gid] = true;
++			}
+ 		}
+ 	}
+ 	else {
++		group_id = gid_min;
+ 		setgrent ();
+ 		while ((grp = getgrent ()) != NULL) {
+ 			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+@@ -109,32 +123,16 @@ int find_new_gid (bool sys_group,
+ 			}
+ 		}
+ 		endgrent ();
+-	}
+-	gr_rewind ();
+-	while ((grp = gr_next ()) != NULL) {
+-		if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+-			group_id = grp->gr_gid + 1;
+-		}
+-		/* create index of used GIDs */
+-		if (grp->gr_gid <= gid_max) {
+-			used_gids[grp->gr_gid] = true;
+-		}
+-	}
+ 
+-	/* find free system account in reverse order */
+-	if (sys_group) {
+-		for (group_id = gid_max; group_id >= gid_min; group_id--) {
+-			if (false == used_gids[group_id]) {
+-				break;
++		gr_rewind ();
++		while ((grp = gr_next ()) != NULL) {
++			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
++				group_id = grp->gr_gid + 1;
++			}
++			/* create index of used GIDs */
++			if (grp->gr_gid <= gid_max) {
++				used_gids[grp->gr_gid] = true;
+ 			}
+-		}
+-		if ( group_id < gid_min ) {
+-			fprintf (stderr,
+-			         _("%s: Can't get unique GID (no more available GIDs)\n"),
+-			         Prog);
+-			SYSLOG ((LOG_WARN,
+-			         "no more available GID on the system"));
+-			return -1;
+ 		}
+ 	}
+ 
+@@ -143,16 +141,35 @@ int find_new_gid (bool sys_group,
+ 	 * will give us GID_MAX+1 even if not unique. Search for the first
+ 	 * free GID starting with GID_MIN.
+ 	 */
+-	if (group_id == gid_max + 1) {
+-		for (group_id = gid_min; group_id < gid_max; group_id++) {
+-			if (false == used_gids[group_id]) {
+-				break;
++	if (sys_group) {
++		if (group_id == gid_min - 1) {
++			for (group_id = gid_max; group_id >= gid_min; group_id--) {
++				if (false == used_gids[group_id]) {
++					break;
++				}
++			}
++			if ( group_id < gid_min ) {
++				fprintf (stderr,
++				         _("%s: Can't get unique GID (no more available GIDs)\n"),
++				         Prog);
++				SYSLOG ((LOG_WARN,
++				         "no more available GID on the system"));
++				return -1;
+ 			}
+ 		}
+-		if (group_id == gid_max) {
+-			fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
+-			SYSLOG ((LOG_WARN, "no more available GID on the system"));
+-			return -1;
++	}
++	else {
++		if (group_id == gid_max + 1) {
++			for (group_id = gid_min; group_id < gid_max; group_id++) {
++				if (false == used_gids[group_id]) {
++					break;
++				}
++			}
++			if (group_id == gid_max) {
++				fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
++				SYSLOG ((LOG_WARN, "no more available GID on the system"));
++				return -1;
++			}
+ 		}
+ 	}
+ 
+diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc shadow-4.1.4.1/libmisc/find_new_uid.c
+--- shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc	2009-07-16 11:51:34.807860808 +0200
++++ shadow-4.1.4.1/libmisc/find_new_uid.c	2009-07-16 14:13:38.120798526 +0200
+@@ -52,7 +52,7 @@ int find_new_uid (bool sys_user,
+                   /*@null@*/uid_t const *preferred_uid)
+ {
+ 	const struct passwd *pwd;
+-	uid_t uid_min, uid_max, user_id;
++	uid_t uid_min, uid_max, user_id, id;
+ 	bool *used_uids;
+ 
+ 	assert (uid != NULL);
+@@ -61,7 +61,7 @@ int find_new_uid (bool sys_user,
+ 		uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
+ 		uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ 	} else {
+-		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
++		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
+ 		uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
+ 		uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
+ 	}
+@@ -81,8 +81,6 @@ int find_new_uid (bool sys_user,
+ 	}
+ 
+ 
+-	user_id = uid_min;
+-
+ 	/*
+ 	 * Search the entire password file,
+ 	 * looking for the largest unused value.
+@@ -91,15 +89,30 @@ int find_new_uid (bool sys_user,
+ 	 * but we also check the local database (pw_rewind/pw_next) in case
+ 	 * some users were created but the changes were not committed yet.
+ 	 */
+-	/* speed up sys users look up on LDAP boxes */
+ 	if (sys_user) {
+-		for (user_id = uid_min; user_id<=uid_max; user_id++) {
+-			pwd = getpwuid(user_id);
+-			if(pwd)
++		user_id = uid_max;
++		for (id = uid_max; id>=uid_min; id--) {
++			pwd = getpwuid(id);
++			if(pwd) {
++				user_id = id - 1;
+ 				used_uids[user_id] = true;
++			}
+ 		}
++
++		pw_rewind ();
++		while ((pwd = pw_next ()) != NULL) {
++			if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
++				user_id = pwd->pw_uid - 1;
++			}
++			/* create index of used UIDs */
++			if (pwd->pw_uid <= uid_max) {
++				used_uids[pwd->pw_uid] = true;
++			}
++		}
++
+ 	}
+ 	else {
++		user_id = uid_min;
+ 		setpwent ();
+ 		while ((pwd = getpwent ()) != NULL) {
+ 			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+@@ -111,51 +124,55 @@ int find_new_uid (bool sys_user,
+ 			}
+ 		}
+ 		endpwent ();
+-	}
+-	pw_rewind ();
+-	while ((pwd = pw_next ()) != NULL) {
+-		if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+-			user_id = pwd->pw_uid + 1;
+-		}
+-		/* create index of used UIDs */
+-		if (pwd->pw_uid <= uid_max) {
+-			used_uids[pwd->pw_uid] = true;
+-		}
+-	}
+-
+ 
+-	/* find free system account in reverse order */
+-	if (sys_user) {
+-		for (user_id = uid_max; user_id >= uid_min; user_id--) {
+-			if (false == used_uids[user_id]) {
+-				break;
++		pw_rewind ();
++		while ((pwd = pw_next ()) != NULL) {
++			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
++				user_id = pwd->pw_uid + 1;
++			}
++			/* create index of used UIDs */
++			if (pwd->pw_uid <= uid_max) {
++				used_uids[pwd->pw_uid] = true;
+ 			}
+-		}
+-		if (user_id < uid_min ) {
+-			fprintf (stderr,
+-			         _("%s: Can't get unique system UID (no more available UIDs)\n"),
+-			         Prog);
+-			SYSLOG ((LOG_WARN,
+-			         "no more available UID on the system"));
+-			return -1;
+ 		}
+ 	}
+ 
++
+ 	/*
+ 	 * If a user with UID equal to UID_MAX exists, the above algorithm
+ 	 * will give us UID_MAX+1 even if not unique. Search for the first
+ 	 * free UID starting with UID_MIN.
+ 	 */
+-	if (user_id == uid_max + 1) {
+-		for (user_id = uid_min; user_id < uid_max; user_id++) {
+-			if (false == used_uids[user_id]) {
+-				break;
++	if (sys_user) {
++		if (user_id == uid_min - 1) {
++			for (user_id = uid_max; user_id >= uid_min; user_id--) {
++				if (false == used_uids[user_id]) {
++					break;
++				}
++			}
++			if (user_id < uid_min ) {
++				fprintf (stderr,
++				         _("%s: Can't get unique system UID (no more available UIDs)\n"),
++				         Prog);
++				SYSLOG ((LOG_WARN,
++				         "no more available UID on the system"));
++				return -1;
+ 			}
+ 		}
+-		if (user_id == uid_max) {
+-			fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog);
+-			SYSLOG ((LOG_WARN, "no more available UID on the system"));
+-			return -1;
++	}
++	else {
++		if (user_id == uid_max + 1) {
++			for (user_id = uid_min; user_id < uid_max; user_id++) {
++				if (false == used_uids[user_id]) {
++					break;
++				}
++			}
++			if (user_id == uid_max) {
++				fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"),
++                                                 Prog);
++				SYSLOG ((LOG_WARN, "no more available UID on the system"));
++				return -1;
++			}
+ 		}
+ 	}
+ 

shadow-utils.spec

@@ -1,15 +1,17 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
-Version: 4.1.3
-Release: 2%{?dist}
+Version: 4.1.4.1
+Release: 4%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
 Source1: shadow-4.0.17-login.defs
 Source2: shadow-4.0.18.1-useradd
-Patch0: shadow-4.1.3-redhat.patch
-Patch1: shadow-4.1.3-goodname.patch
-Patch2: shadow-4.1.3-selinux.patch
+Patch0: shadow-4.1.4-redhat.patch
+Patch1: shadow-4.1.4.1-goodname.patch
+Patch2: shadow-4.1.4.1-largeGroup.patch
+Patch3: shadow-4.1.4.1-ldap.patch
+Patch4: shadow-4.1.4.1-sysacc.patch
 License: BSD and GPLv2+
 Group: System Environment/Base
 BuildRequires: libselinux-devel >= 1.25.2-1
@@ -36,7 +38,9 @@ are used for managing group accounts.
 %setup -q -n shadow-%{version}
 %patch0 -p1 -b .redhat
 %patch1 -p1 -b .goodname
-%patch2 -p1 -b .selinux
+%patch2 -p1 -b .largeGroup
+%patch3 -p1 -b .ldap
+%patch4 -p1 -b .sysacc
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -125,7 +129,9 @@ find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
 for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
     dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
     lang=$(basename $dir)
-    echo "%%lang($lang) $dir/man*/*" >> shadow.lang
+    echo "%%lang($lang) $dir" >> shadow.lang
+    echo "%%lang($lang) $dir/man*" >> shadow.lang
+#    echo "%%lang($lang) $dir/man*/*" >> shadow.lang
 done
 
 %clean
@@ -176,6 +182,27 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-4
+- fix a list of owned directories (#510366)
+
+* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-3
+- reduce the reuse of system IDs
+
+* Wed Jul 15 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-2
+- speed up sys users look up on LDAP boxes (#511813)
+
+* Tue Jun 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-1
+- upgrade
+
+* Fri May 15 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4-1
+- upgrade
+
+* Wed Apr 22 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3.1-2
+- lastlog fix
+
+* Fri Apr 17 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3.1-1
+- upgrade
+
 * Tue Apr 14 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.3-2
 - get "-n" option back
 - fix selinux issues

sources

@@ -1,3 +1 @@
-e91727c55dbafc9915250e31535f13bb  shadow-4.0.17-login.defs
-ebdf46b79f9b414353c9ae8aba4d55cc  shadow-4.0.18.1-useradd
-d222bd50f64d52a32882c82ab1e85f28  shadow-4.1.3.tar.bz2
+62f7dae4cb54fa84e478c4602d58cbe8  shadow-4.1.4.1.tar.bz2