do not run find_new_uid() twice and use getpwuid() to check UID uniqueness
(#236871)
This commit is contained in:
parent
8cfc807e8c
commit
9744679f21
2 changed files with 120 additions and 2 deletions
113
shadow-4.0.18.1-findNewUidOnce.patch
Normal file
113
shadow-4.0.18.1-findNewUidOnce.patch
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
--- shadow-4.0.18.1/src/useradd.c.findNewUidOnce 2007-05-16 13:16:51.000000000 +0200
|
||||||
|
+++ shadow-4.0.18.1/src/useradd.c 2007-05-16 14:12:52.000000000 +0200
|
||||||
|
@@ -847,8 +847,9 @@
|
||||||
|
* find_new_uid - find the next available UID
|
||||||
|
*
|
||||||
|
* find_new_uid() locates the next highest unused UID in the password
|
||||||
|
- * file, or checks the given user ID against the existing ones for
|
||||||
|
- * uniqueness.
|
||||||
|
+ * file.
|
||||||
|
+ * It doesn't make sense to use find_new_uid(), if UID is specified
|
||||||
|
+ * via "-u" option.
|
||||||
|
*/
|
||||||
|
static void find_new_uid (void)
|
||||||
|
{
|
||||||
|
@@ -867,12 +868,7 @@
|
||||||
|
memset (index, 0, sizeof (char) * uid_max + 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * Start with some UID value if the user didn't provide us with
|
||||||
|
- * one already.
|
||||||
|
- */
|
||||||
|
- if (!uflg)
|
||||||
|
- user_id = uid_min;
|
||||||
|
+ user_id = uid_min;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Search the entire password file, either looking for this
|
||||||
|
@@ -886,42 +882,24 @@
|
||||||
|
setpwent ();
|
||||||
|
while ((pwd = getpwent ())) {
|
||||||
|
#endif
|
||||||
|
- if (strcmp (user_name, pwd->pw_name) == 0) {
|
||||||
|
- fprintf (stderr, _("%s: name %s is not unique\n"),
|
||||||
|
- Prog, user_name);
|
||||||
|
-#ifdef WITH_AUDIT
|
||||||
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
||||||
|
- user_name, user_id, 0);
|
||||||
|
-#endif
|
||||||
|
- exit (E_NAME_IN_USE);
|
||||||
|
- }
|
||||||
|
- if (!oflg && uflg && user_id == pwd->pw_uid) {
|
||||||
|
- fprintf (stderr, _("%s: UID %u is not unique\n"),
|
||||||
|
- Prog, (unsigned int) user_id);
|
||||||
|
-#ifdef WITH_AUDIT
|
||||||
|
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
|
||||||
|
- user_name, user_id, 0);
|
||||||
|
-#endif
|
||||||
|
- exit (E_UID_IN_USE);
|
||||||
|
- }
|
||||||
|
- if (!uflg && !rflg && pwd->pw_uid >= user_id) {
|
||||||
|
+ if (!rflg && pwd->pw_uid >= user_id) {
|
||||||
|
if (pwd->pw_uid > uid_max)
|
||||||
|
continue;
|
||||||
|
user_id = pwd->pw_uid + 1;
|
||||||
|
}
|
||||||
|
/* create index of occupied system accounts UIDs */
|
||||||
|
- if (!uflg && rflg && (pwd->pw_uid <= uid_max))
|
||||||
|
+ if (rflg && (pwd->pw_uid <= uid_max))
|
||||||
|
index[pwd->pw_uid] = 1;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/* find free system account */
|
||||||
|
- if(!uflg && rflg) {
|
||||||
|
+ if(rflg) {
|
||||||
|
for( user_id = uid_max; (user_id >= uid_min) && index[user_id]; user_id--);
|
||||||
|
if ( user_id < uid_min ) {
|
||||||
|
fprintf (stderr, _("%s: can't get unique UID\n"), Prog);
|
||||||
|
fail_exit (E_UID_IN_USE);
|
||||||
|
- }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -930,7 +908,7 @@
|
||||||
|
* free UID starting with UID_MIN (it's O(n*n) but can be avoided
|
||||||
|
* by not having users with UID equal to UID_MAX). --marekm
|
||||||
|
*/
|
||||||
|
- if (!uflg && user_id == uid_max + 1) {
|
||||||
|
+ if (user_id == uid_max + 1) {
|
||||||
|
for (user_id = uid_min; user_id < uid_max; user_id++) {
|
||||||
|
#ifdef NO_GETPWENT
|
||||||
|
pw_rewind ();
|
||||||
|
@@ -1590,9 +1568,6 @@
|
||||||
|
struct passwd pwent;
|
||||||
|
struct spwd spent;
|
||||||
|
|
||||||
|
- if (!oflg)
|
||||||
|
- find_new_uid ();
|
||||||
|
-
|
||||||
|
/*
|
||||||
|
* Fill in the password structure with any new fields, making
|
||||||
|
* copies of strings.
|
||||||
|
@@ -1911,7 +1886,17 @@
|
||||||
|
/* first, seek for a valid uid to use for this user.
|
||||||
|
* We do this because later we can use the uid we found as
|
||||||
|
* gid too ... --gafton */
|
||||||
|
- find_new_uid ();
|
||||||
|
+ if (!uflg)
|
||||||
|
+ find_new_uid ();
|
||||||
|
+ else {
|
||||||
|
+ if (getpwuid (user_id)) {
|
||||||
|
+ fprintf (stderr, _("%s: UID %u is not unique\n"), Prog, (unsigned int) user_id);
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
|
||||||
|
+#endif
|
||||||
|
+ exit (E_UID_IN_USE);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* do we have to add a group for that user? This is why we need to
|
|
@ -5,7 +5,7 @@
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.0.18.1
|
Version: 4.0.18.1
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://shadow.pld.org.pl/
|
URL: http://shadow.pld.org.pl/
|
||||||
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
|
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
|
||||||
|
@ -26,7 +26,7 @@ Patch10: shadow-4.0.18.1-overflow.patch
|
||||||
Patch11: shadow-4.0.17-useradd.patch
|
Patch11: shadow-4.0.17-useradd.patch
|
||||||
Patch12: shadow-4.0.18.1-appendOption.patch
|
Patch12: shadow-4.0.18.1-appendOption.patch
|
||||||
Patch13: shadow-4.0.18.1-sysAccount.patch
|
Patch13: shadow-4.0.18.1-sysAccount.patch
|
||||||
|
Patch14: shadow-4.0.18.1-findNewUidOnce.patch
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
BuildRequires: autoconf, automake, libtool, gettext-devel
|
BuildRequires: autoconf, automake, libtool, gettext-devel
|
||||||
|
@ -68,6 +68,7 @@ cp %{SOURCE3} lib/nscd.c
|
||||||
%patch11 -p1 -b .useradd
|
%patch11 -p1 -b .useradd
|
||||||
%patch12 -p1 -b .appendOption
|
%patch12 -p1 -b .appendOption
|
||||||
%patch13 -p1 -b .sysAccount
|
%patch13 -p1 -b .sysAccount
|
||||||
|
%patch14 -p1 -b .findNewUidOnce
|
||||||
|
|
||||||
rm po/*.gmo
|
rm po/*.gmo
|
||||||
rm po/stamp-po
|
rm po/stamp-po
|
||||||
|
@ -223,6 +224,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
%{_mandir}/*/man8/faillog.8*
|
%{_mandir}/*/man8/faillog.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-14
|
||||||
|
- do not run find_new_uid() twice and use getpwuid() to check
|
||||||
|
UID uniqueness (#236871)
|
||||||
|
|
||||||
* Tue Apr 10 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-13
|
* Tue Apr 10 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-13
|
||||||
- fix useradd dump core when build without WITH_SELINUX (#235641)
|
- fix useradd dump core when build without WITH_SELINUX (#235641)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue