- fix a list of owned directories (#510366)

- reduce the reuse of system IDs
- speed up sys users look up on LDAP boxes (#511813)
This commit is contained in:
Peter Vrabec 2009-07-16 13:41:55 +00:00
parent f556cf968e
commit abc277db56
3 changed files with 402 additions and 2 deletions

85
shadow-4.1.4.1-ldap.patch Normal file
View file

@ -0,0 +1,85 @@
diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.ldap shadow-4.1.4.1/libmisc/find_new_gid.c
--- shadow-4.1.4.1/libmisc/find_new_gid.c.ldap 2009-07-16 10:37:41.653798746 +0200
+++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 10:44:14.482808945 +0200
@@ -90,17 +90,26 @@ int find_new_gid (bool sys_group,
* but we also check the local database (gr_rewind/gr_next) in case
* some groups were created but the changes were not committed yet.
*/
- setgrent ();
- while ((grp = getgrent ()) != NULL) {
- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
- group_id = grp->gr_gid + 1;
+ if (sys_group ) {
+ for(group_id = gid_min; group_id<=gid_max; group_id++) {
+ grp = getgrgid(group_id);
+ if(grp)
+ used_gids[grp->gr_gid] = true;
}
- /* create index of used GIDs */
- if (grp->gr_gid <= gid_max) {
- used_gids[grp->gr_gid] = true;
+ }
+ else {
+ setgrent ();
+ while ((grp = getgrent ()) != NULL) {
+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+ group_id = grp->gr_gid + 1;
+ }
+ /* create index of used GIDs */
+ if (grp->gr_gid <= gid_max) {
+ used_gids[grp->gr_gid] = true;
+ }
}
+ endgrent ();
}
- endgrent ();
gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.ldap shadow-4.1.4.1/libmisc/find_new_uid.c
--- shadow-4.1.4.1/libmisc/find_new_uid.c.ldap 2009-07-16 10:37:41.653798746 +0200
+++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 10:37:41.668798323 +0200
@@ -91,17 +91,27 @@ int find_new_uid (bool sys_user,
* but we also check the local database (pw_rewind/pw_next) in case
* some users were created but the changes were not committed yet.
*/
- setpwent ();
- while ((pwd = getpwent ()) != NULL) {
- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
- user_id = pwd->pw_uid + 1;
+ /* speed up sys users look up on LDAP boxes */
+ if (sys_user) {
+ for (user_id = uid_min; user_id<=uid_max; user_id++) {
+ pwd = getpwuid(user_id);
+ if(pwd)
+ used_uids[user_id] = true;
}
- /* create index of used UIDs */
- if (pwd->pw_uid <= uid_max) {
- used_uids[pwd->pw_uid] = true;
+ }
+ else {
+ setpwent ();
+ while ((pwd = getpwent ()) != NULL) {
+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+ user_id = pwd->pw_uid + 1;
+ }
+ /* create index of used UIDs */
+ if (pwd->pw_uid <= uid_max) {
+ used_uids[pwd->pw_uid] = true;
+ }
}
+ endpwent ();
}
- endpwent ();
pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
@@ -113,6 +123,7 @@ int find_new_uid (bool sys_user,
}
}
+
/* find free system account in reverse order */
if (sys_user) {
for (user_id = uid_max; user_id >= uid_min; user_id--) {

300
shadow-4.1.4.1-sysacc.patch Normal file
View file

@ -0,0 +1,300 @@
diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc shadow-4.1.4.1/libmisc/find_new_gid.c
--- shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc 2009-07-16 11:51:34.807860808 +0200
+++ shadow-4.1.4.1/libmisc/find_new_gid.c 2009-07-16 14:19:08.678798578 +0200
@@ -52,7 +52,7 @@ int find_new_gid (bool sys_group,
/*@null@*/gid_t const *preferred_gid)
{
const struct group *grp;
- gid_t gid_min, gid_max, group_id;
+ gid_t gid_min, gid_max, group_id, id;
bool *used_gids;
assert (gid != NULL);
@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
} else {
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
}
@@ -80,7 +80,6 @@ int find_new_gid (bool sys_group,
return 0;
}
- group_id = gid_min;
/*
* Search the entire group file,
@@ -91,13 +90,28 @@ int find_new_gid (bool sys_group,
* some groups were created but the changes were not committed yet.
*/
if (sys_group ) {
- for(group_id = gid_min; group_id<=gid_max; group_id++) {
- grp = getgrgid(group_id);
- if(grp)
+ group_id = gid_max;
+ for(id = gid_max; id>=gid_min; id--) {
+ grp = getgrgid(id);
+ if(grp) {
+ group_id = id - 1;
used_gids[grp->gr_gid] = true;
+ }
+ }
+
+ gr_rewind ();
+ while ((grp = gr_next ()) != NULL) {
+ if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
+ group_id = grp->gr_gid - 1;
+ }
+ /* create index of used GIDs */
+ if (grp->gr_gid <= gid_max) {
+ used_gids[grp->gr_gid] = true;
+ }
}
}
else {
+ group_id = gid_min;
setgrent ();
while ((grp = getgrent ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
@@ -109,32 +123,16 @@ int find_new_gid (bool sys_group,
}
}
endgrent ();
- }
- gr_rewind ();
- while ((grp = gr_next ()) != NULL) {
- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
- group_id = grp->gr_gid + 1;
- }
- /* create index of used GIDs */
- if (grp->gr_gid <= gid_max) {
- used_gids[grp->gr_gid] = true;
- }
- }
- /* find free system account in reverse order */
- if (sys_group) {
- for (group_id = gid_max; group_id >= gid_min; group_id--) {
- if (false == used_gids[group_id]) {
- break;
+ gr_rewind ();
+ while ((grp = gr_next ()) != NULL) {
+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+ group_id = grp->gr_gid + 1;
+ }
+ /* create index of used GIDs */
+ if (grp->gr_gid <= gid_max) {
+ used_gids[grp->gr_gid] = true;
}
- }
- if ( group_id < gid_min ) {
- fprintf (stderr,
- _("%s: Can't get unique GID (no more available GIDs)\n"),
- Prog);
- SYSLOG ((LOG_WARN,
- "no more available GID on the system"));
- return -1;
}
}
@@ -143,16 +141,35 @@ int find_new_gid (bool sys_group,
* will give us GID_MAX+1 even if not unique. Search for the first
* free GID starting with GID_MIN.
*/
- if (group_id == gid_max + 1) {
- for (group_id = gid_min; group_id < gid_max; group_id++) {
- if (false == used_gids[group_id]) {
- break;
+ if (sys_group) {
+ if (group_id == gid_min - 1) {
+ for (group_id = gid_max; group_id >= gid_min; group_id--) {
+ if (false == used_gids[group_id]) {
+ break;
+ }
+ }
+ if ( group_id < gid_min ) {
+ fprintf (stderr,
+ _("%s: Can't get unique GID (no more available GIDs)\n"),
+ Prog);
+ SYSLOG ((LOG_WARN,
+ "no more available GID on the system"));
+ return -1;
}
}
- if (group_id == gid_max) {
- fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
- SYSLOG ((LOG_WARN, "no more available GID on the system"));
- return -1;
+ }
+ else {
+ if (group_id == gid_max + 1) {
+ for (group_id = gid_min; group_id < gid_max; group_id++) {
+ if (false == used_gids[group_id]) {
+ break;
+ }
+ }
+ if (group_id == gid_max) {
+ fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
+ SYSLOG ((LOG_WARN, "no more available GID on the system"));
+ return -1;
+ }
}
}
diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc shadow-4.1.4.1/libmisc/find_new_uid.c
--- shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc 2009-07-16 11:51:34.807860808 +0200
+++ shadow-4.1.4.1/libmisc/find_new_uid.c 2009-07-16 14:13:38.120798526 +0200
@@ -52,7 +52,7 @@ int find_new_uid (bool sys_user,
/*@null@*/uid_t const *preferred_uid)
{
const struct passwd *pwd;
- uid_t uid_min, uid_max, user_id;
+ uid_t uid_min, uid_max, user_id, id;
bool *used_uids;
assert (uid != NULL);
@@ -61,7 +61,7 @@ int find_new_uid (bool sys_user,
uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
} else {
- uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+ uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
}
@@ -81,8 +81,6 @@ int find_new_uid (bool sys_user,
}
- user_id = uid_min;
-
/*
* Search the entire password file,
* looking for the largest unused value.
@@ -91,15 +89,30 @@ int find_new_uid (bool sys_user,
* but we also check the local database (pw_rewind/pw_next) in case
* some users were created but the changes were not committed yet.
*/
- /* speed up sys users look up on LDAP boxes */
if (sys_user) {
- for (user_id = uid_min; user_id<=uid_max; user_id++) {
- pwd = getpwuid(user_id);
- if(pwd)
+ user_id = uid_max;
+ for (id = uid_max; id>=uid_min; id--) {
+ pwd = getpwuid(id);
+ if(pwd) {
+ user_id = id - 1;
used_uids[user_id] = true;
+ }
}
+
+ pw_rewind ();
+ while ((pwd = pw_next ()) != NULL) {
+ if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
+ user_id = pwd->pw_uid - 1;
+ }
+ /* create index of used UIDs */
+ if (pwd->pw_uid <= uid_max) {
+ used_uids[pwd->pw_uid] = true;
+ }
+ }
+
}
else {
+ user_id = uid_min;
setpwent ();
while ((pwd = getpwent ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
@@ -111,51 +124,55 @@ int find_new_uid (bool sys_user,
}
}
endpwent ();
- }
- pw_rewind ();
- while ((pwd = pw_next ()) != NULL) {
- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
- user_id = pwd->pw_uid + 1;
- }
- /* create index of used UIDs */
- if (pwd->pw_uid <= uid_max) {
- used_uids[pwd->pw_uid] = true;
- }
- }
-
- /* find free system account in reverse order */
- if (sys_user) {
- for (user_id = uid_max; user_id >= uid_min; user_id--) {
- if (false == used_uids[user_id]) {
- break;
+ pw_rewind ();
+ while ((pwd = pw_next ()) != NULL) {
+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+ user_id = pwd->pw_uid + 1;
+ }
+ /* create index of used UIDs */
+ if (pwd->pw_uid <= uid_max) {
+ used_uids[pwd->pw_uid] = true;
}
- }
- if (user_id < uid_min ) {
- fprintf (stderr,
- _("%s: Can't get unique system UID (no more available UIDs)\n"),
- Prog);
- SYSLOG ((LOG_WARN,
- "no more available UID on the system"));
- return -1;
}
}
+
/*
* If a user with UID equal to UID_MAX exists, the above algorithm
* will give us UID_MAX+1 even if not unique. Search for the first
* free UID starting with UID_MIN.
*/
- if (user_id == uid_max + 1) {
- for (user_id = uid_min; user_id < uid_max; user_id++) {
- if (false == used_uids[user_id]) {
- break;
+ if (sys_user) {
+ if (user_id == uid_min - 1) {
+ for (user_id = uid_max; user_id >= uid_min; user_id--) {
+ if (false == used_uids[user_id]) {
+ break;
+ }
+ }
+ if (user_id < uid_min ) {
+ fprintf (stderr,
+ _("%s: Can't get unique system UID (no more available UIDs)\n"),
+ Prog);
+ SYSLOG ((LOG_WARN,
+ "no more available UID on the system"));
+ return -1;
}
}
- if (user_id == uid_max) {
- fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog);
- SYSLOG ((LOG_WARN, "no more available UID on the system"));
- return -1;
+ }
+ else {
+ if (user_id == uid_max + 1) {
+ for (user_id = uid_min; user_id < uid_max; user_id++) {
+ if (false == used_uids[user_id]) {
+ break;
+ }
+ }
+ if (user_id == uid_max) {
+ fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"),
+ Prog);
+ SYSLOG ((LOG_WARN, "no more available UID on the system"));
+ return -1;
+ }
}
}

View file

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.1.4.1
Release: 1%{?dist}
Release: 4%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@ -10,6 +10,8 @@ Source2: shadow-4.0.18.1-useradd
Patch0: shadow-4.1.4-redhat.patch
Patch1: shadow-4.1.4.1-goodname.patch
Patch2: shadow-4.1.4.1-largeGroup.patch
Patch3: shadow-4.1.4.1-ldap.patch
Patch4: shadow-4.1.4.1-sysacc.patch
License: BSD and GPLv2+
Group: System Environment/Base
BuildRequires: libselinux-devel >= 1.25.2-1
@ -37,6 +39,8 @@ are used for managing group accounts.
%patch0 -p1 -b .redhat
%patch1 -p1 -b .goodname
%patch2 -p1 -b .largeGroup
%patch3 -p1 -b .ldap
%patch4 -p1 -b .sysacc
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@ -125,7 +129,9 @@ find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
lang=$(basename $dir)
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
echo "%%lang($lang) $dir" >> shadow.lang
echo "%%lang($lang) $dir/man*" >> shadow.lang
# echo "%%lang($lang) $dir/man*/*" >> shadow.lang
done
%clean
@ -176,6 +182,15 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-4
- fix a list of owned directories (#510366)
* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-3
- reduce the reuse of system IDs
* Wed Jul 15 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-2
- speed up sys users look up on LDAP boxes (#511813)
* Tue Jun 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-1
- upgrade