- fix a list of owned directories (#510366)

- reduce the reuse of system IDs - speed up sys users look up on LDAP boxes (#511813)
2009-07-16 13:41:55 +00:00 · 2009-07-16 13:41:55 +00:00 · abc277db56
commit abc277db56
parent f556cf968e
3 changed files with 402 additions and 2 deletions
--- a/shadow-4.1.4.1-ldap.patch
+++ b/shadow-4.1.4.1-ldap.patch
@ -0,0 +1,85 @@
+diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.ldap shadow-4.1.4.1/libmisc/find_new_gid.c
+--- shadow-4.1.4.1/libmisc/find_new_gid.c.ldap	2009-07-16 10:37:41.653798746 +0200
+++ shadow-4.1.4.1/libmisc/find_new_gid.c	2009-07-16 10:44:14.482808945 +0200
+@@ -90,17 +90,26 @@ int find_new_gid (bool sys_group,
+ 	 * but we also check the local database (gr_rewind/gr_next) in case
+ 	 * some groups were created but the changes were not committed yet.
+ 	 */
+-	setgrent ();
+-	while ((grp = getgrent ()) != NULL) {
+-		if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+-			group_id = grp->gr_gid + 1;
+	if (sys_group ) {
+		for(group_id = gid_min; group_id<=gid_max; group_id++) {
+			grp = getgrgid(group_id);
+			if(grp)
+				used_gids[grp->gr_gid] = true;
+ 		}
+-		/* create index of used GIDs */
+-		if (grp->gr_gid <= gid_max) {
+-			used_gids[grp->gr_gid] = true;
+	}
+	else {
+		setgrent ();
+		while ((grp = getgrent ()) != NULL) {
+			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+				group_id = grp->gr_gid + 1;
+			}
+			/* create index of used GIDs */
+			if (grp->gr_gid <= gid_max) {
+				used_gids[grp->gr_gid] = true;
+			}
+ 		}
+		endgrent ();
+ 	}
+-	endgrent ();
+ 	gr_rewind ();
+ 	while ((grp = gr_next ()) != NULL) {
+ 		if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.ldap shadow-4.1.4.1/libmisc/find_new_uid.c
+--- shadow-4.1.4.1/libmisc/find_new_uid.c.ldap	2009-07-16 10:37:41.653798746 +0200
+++ shadow-4.1.4.1/libmisc/find_new_uid.c	2009-07-16 10:37:41.668798323 +0200
+@@ -91,17 +91,27 @@ int find_new_uid (bool sys_user,
+ 	 * but we also check the local database (pw_rewind/pw_next) in case
+ 	 * some users were created but the changes were not committed yet.
+ 	 */
+-	setpwent ();
+-	while ((pwd = getpwent ()) != NULL) {
+-		if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+-			user_id = pwd->pw_uid + 1;
+	/* speed up sys users look up on LDAP boxes */
+	if (sys_user) {
+		for (user_id = uid_min; user_id<=uid_max; user_id++) {
+			pwd = getpwuid(user_id);
+			if(pwd)
+				used_uids[user_id] = true;
+ 		}
+-		/* create index of used UIDs */
+-		if (pwd->pw_uid <= uid_max) {
+-			used_uids[pwd->pw_uid] = true;
+	}
+	else {
+		setpwent ();
+		while ((pwd = getpwent ()) != NULL) {
+			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+				user_id = pwd->pw_uid + 1;
+			}
+			/* create index of used UIDs */
+			if (pwd->pw_uid <= uid_max) {
+				used_uids[pwd->pw_uid] = true;
+			}
+ 		}
+		endpwent ();
+ 	}
+-	endpwent ();
+ 	pw_rewind ();
+ 	while ((pwd = pw_next ()) != NULL) {
+ 		if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+@@ -113,6 +123,7 @@ int find_new_uid (bool sys_user,
+ 		}
+ 	}
+ 
+
+ 	/* find free system account in reverse order */
+ 	if (sys_user) {
+ 		for (user_id = uid_max; user_id >= uid_min; user_id--) {
--- a/shadow-4.1.4.1-sysacc.patch
+++ b/shadow-4.1.4.1-sysacc.patch
@ -0,0 +1,300 @@
+diff -up shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc shadow-4.1.4.1/libmisc/find_new_gid.c
+--- shadow-4.1.4.1/libmisc/find_new_gid.c.sysacc	2009-07-16 11:51:34.807860808 +0200
+++ shadow-4.1.4.1/libmisc/find_new_gid.c	2009-07-16 14:19:08.678798578 +0200
+@@ -52,7 +52,7 @@ int find_new_gid (bool sys_group,
+                   /*@null@*/gid_t const *preferred_gid)
+ {
+ 	const struct group *grp;
+-	gid_t gid_min, gid_max, group_id;
+	gid_t gid_min, gid_max, group_id, id;
+ 	bool *used_gids;
+ 
+ 	assert (gid != NULL);
+@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
+ 		gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
+ 	} else {
+-		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
+		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+ 		gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
+ 		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
+ 	}
+@@ -80,7 +80,6 @@ int find_new_gid (bool sys_group,
+ 		return 0;
+ 	}
+ 
+-	group_id = gid_min;
+ 
+ 	/*
+ 	 * Search the entire group file,
+@@ -91,13 +90,28 @@ int find_new_gid (bool sys_group,
+ 	 * some groups were created but the changes were not committed yet.
+ 	 */
+ 	if (sys_group ) {
+-		for(group_id = gid_min; group_id<=gid_max; group_id++) {
+-			grp = getgrgid(group_id);
+-			if(grp)
+		group_id = gid_max;
+		for(id = gid_max; id>=gid_min; id--) {
+			grp = getgrgid(id);
+			if(grp) {
+				group_id = id - 1;
+ 				used_gids[grp->gr_gid] = true;
+			}
+		}
+
+		gr_rewind ();
+		while ((grp = gr_next ()) != NULL) {
+			if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
+				group_id = grp->gr_gid - 1;
+			}
+			/* create index of used GIDs */
+			if (grp->gr_gid <= gid_max) {
+				used_gids[grp->gr_gid] = true;
+			}
+ 		}
+ 	}
+ 	else {
+		group_id = gid_min;
+ 		setgrent ();
+ 		while ((grp = getgrent ()) != NULL) {
+ 			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+@@ -109,32 +123,16 @@ int find_new_gid (bool sys_group,
+ 			}
+ 		}
+ 		endgrent ();
+-	}
+-	gr_rewind ();
+-	while ((grp = gr_next ()) != NULL) {
+-		if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+-			group_id = grp->gr_gid + 1;
+-		}
+-		/* create index of used GIDs */
+-		if (grp->gr_gid <= gid_max) {
+-			used_gids[grp->gr_gid] = true;
+-		}
+-	}
+ 
+-	/* find free system account in reverse order */
+-	if (sys_group) {
+-		for (group_id = gid_max; group_id >= gid_min; group_id--) {
+-			if (false == used_gids[group_id]) {
+-				break;
+		gr_rewind ();
+		while ((grp = gr_next ()) != NULL) {
+			if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
+				group_id = grp->gr_gid + 1;
+			}
+			/* create index of used GIDs */
+			if (grp->gr_gid <= gid_max) {
+				used_gids[grp->gr_gid] = true;
+ 			}
+-		}
+-		if ( group_id < gid_min ) {
+-			fprintf (stderr,
+-			         _("%s: Can't get unique GID (no more available GIDs)\n"),
+-			         Prog);
+-			SYSLOG ((LOG_WARN,
+-			         "no more available GID on the system"));
+-			return -1;
+ 		}
+ 	}
+ 
+@@ -143,16 +141,35 @@ int find_new_gid (bool sys_group,
+ 	 * will give us GID_MAX+1 even if not unique. Search for the first
+ 	 * free GID starting with GID_MIN.
+ 	 */
+-	if (group_id == gid_max + 1) {
+-		for (group_id = gid_min; group_id < gid_max; group_id++) {
+-			if (false == used_gids[group_id]) {
+-				break;
+	if (sys_group) {
+		if (group_id == gid_min - 1) {
+			for (group_id = gid_max; group_id >= gid_min; group_id--) {
+				if (false == used_gids[group_id]) {
+					break;
+				}
+			}
+			if ( group_id < gid_min ) {
+				fprintf (stderr,
+				         _("%s: Can't get unique GID (no more available GIDs)\n"),
+				         Prog);
+				SYSLOG ((LOG_WARN,
+				         "no more available GID on the system"));
+				return -1;
+ 			}
+ 		}
+-		if (group_id == gid_max) {
+-			fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
+-			SYSLOG ((LOG_WARN, "no more available GID on the system"));
+-			return -1;
+	}
+	else {
+		if (group_id == gid_max + 1) {
+			for (group_id = gid_min; group_id < gid_max; group_id++) {
+				if (false == used_gids[group_id]) {
+					break;
+				}
+			}
+			if (group_id == gid_max) {
+				fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog);
+				SYSLOG ((LOG_WARN, "no more available GID on the system"));
+				return -1;
+			}
+ 		}
+ 	}
+ 
+diff -up shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc shadow-4.1.4.1/libmisc/find_new_uid.c
+--- shadow-4.1.4.1/libmisc/find_new_uid.c.sysacc	2009-07-16 11:51:34.807860808 +0200
+++ shadow-4.1.4.1/libmisc/find_new_uid.c	2009-07-16 14:13:38.120798526 +0200
+@@ -52,7 +52,7 @@ int find_new_uid (bool sys_user,
+                   /*@null@*/uid_t const *preferred_uid)
+ {
+ 	const struct passwd *pwd;
+-	uid_t uid_min, uid_max, user_id;
+	uid_t uid_min, uid_max, user_id, id;
+ 	bool *used_uids;
+ 
+ 	assert (uid != NULL);
+@@ -61,7 +61,7 @@ int find_new_uid (bool sys_user,
+ 		uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
+ 		uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ 	} else {
+-		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL);
+		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
+ 		uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
+ 		uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
+ 	}
+@@ -81,8 +81,6 @@ int find_new_uid (bool sys_user,
+ 	}
+ 
+ 
+-	user_id = uid_min;
+-
+ 	/*
+ 	 * Search the entire password file,
+ 	 * looking for the largest unused value.
+@@ -91,15 +89,30 @@ int find_new_uid (bool sys_user,
+ 	 * but we also check the local database (pw_rewind/pw_next) in case
+ 	 * some users were created but the changes were not committed yet.
+ 	 */
+-	/* speed up sys users look up on LDAP boxes */
+ 	if (sys_user) {
+-		for (user_id = uid_min; user_id<=uid_max; user_id++) {
+-			pwd = getpwuid(user_id);
+-			if(pwd)
+		user_id = uid_max;
+		for (id = uid_max; id>=uid_min; id--) {
+			pwd = getpwuid(id);
+			if(pwd) {
+				user_id = id - 1;
+ 				used_uids[user_id] = true;
+			}
+ 		}
+
+		pw_rewind ();
+		while ((pwd = pw_next ()) != NULL) {
+			if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
+				user_id = pwd->pw_uid - 1;
+			}
+			/* create index of used UIDs */
+			if (pwd->pw_uid <= uid_max) {
+				used_uids[pwd->pw_uid] = true;
+			}
+		}
+
+ 	}
+ 	else {
+		user_id = uid_min;
+ 		setpwent ();
+ 		while ((pwd = getpwent ()) != NULL) {
+ 			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+@@ -111,51 +124,55 @@ int find_new_uid (bool sys_user,
+ 			}
+ 		}
+ 		endpwent ();
+-	}
+-	pw_rewind ();
+-	while ((pwd = pw_next ()) != NULL) {
+-		if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+-			user_id = pwd->pw_uid + 1;
+-		}
+-		/* create index of used UIDs */
+-		if (pwd->pw_uid <= uid_max) {
+-			used_uids[pwd->pw_uid] = true;
+-		}
+-	}
+-
+ 
+-	/* find free system account in reverse order */
+-	if (sys_user) {
+-		for (user_id = uid_max; user_id >= uid_min; user_id--) {
+-			if (false == used_uids[user_id]) {
+-				break;
+		pw_rewind ();
+		while ((pwd = pw_next ()) != NULL) {
+			if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
+				user_id = pwd->pw_uid + 1;
+			}
+			/* create index of used UIDs */
+			if (pwd->pw_uid <= uid_max) {
+				used_uids[pwd->pw_uid] = true;
+ 			}
+-		}
+-		if (user_id < uid_min ) {
+-			fprintf (stderr,
+-			         _("%s: Can't get unique system UID (no more available UIDs)\n"),
+-			         Prog);
+-			SYSLOG ((LOG_WARN,
+-			         "no more available UID on the system"));
+-			return -1;
+ 		}
+ 	}
+ 
+
+ 	/*
+ 	 * If a user with UID equal to UID_MAX exists, the above algorithm
+ 	 * will give us UID_MAX+1 even if not unique. Search for the first
+ 	 * free UID starting with UID_MIN.
+ 	 */
+-	if (user_id == uid_max + 1) {
+-		for (user_id = uid_min; user_id < uid_max; user_id++) {
+-			if (false == used_uids[user_id]) {
+-				break;
+	if (sys_user) {
+		if (user_id == uid_min - 1) {
+			for (user_id = uid_max; user_id >= uid_min; user_id--) {
+				if (false == used_uids[user_id]) {
+					break;
+				}
+			}
+			if (user_id < uid_min ) {
+				fprintf (stderr,
+				         _("%s: Can't get unique system UID (no more available UIDs)\n"),
+				         Prog);
+				SYSLOG ((LOG_WARN,
+				         "no more available UID on the system"));
+				return -1;
+ 			}
+ 		}
+-		if (user_id == uid_max) {
+-			fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog);
+-			SYSLOG ((LOG_WARN, "no more available UID on the system"));
+-			return -1;
+	}
+	else {
+		if (user_id == uid_max + 1) {
+			for (user_id = uid_min; user_id < uid_max; user_id++) {
+				if (false == used_uids[user_id]) {
+					break;
+				}
+			}
+			if (user_id == uid_max) {
+				fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"),
+                                                 Prog);
+				SYSLOG ((LOG_WARN, "no more available UID on the system"));
+				return -1;
+			}
+ 		}
+ 	}
+ 
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.1.4.1
-Release: 1%{?dist}
+Release: 4%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
@ -10,6 +10,8 @@ Source2: shadow-4.0.18.1-useradd
 Patch0: shadow-4.1.4-redhat.patch
 Patch1: shadow-4.1.4.1-goodname.patch
 Patch2: shadow-4.1.4.1-largeGroup.patch
+Patch3: shadow-4.1.4.1-ldap.patch
+Patch4: shadow-4.1.4.1-sysacc.patch
 License: BSD and GPLv2+
 Group: System Environment/Base
 BuildRequires: libselinux-devel >= 1.25.2-1
@ -37,6 +39,8 @@ are used for managing group accounts.
 %patch0 -p1 -b .redhat
 %patch1 -p1 -b .goodname
 %patch2 -p1 -b .largeGroup
+%patch3 -p1 -b .ldap
+%patch4 -p1 -b .sysacc

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@ -125,7 +129,9 @@ find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
 for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
    dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
    lang=$(basename $dir)
-    echo "%%lang($lang) $dir/man*/*" >> shadow.lang
+    echo "%%lang($lang) $dir" >> shadow.lang
+    echo "%%lang($lang) $dir/man*" >> shadow.lang
+#    echo "%%lang($lang) $dir/man*/*" >> shadow.lang
 done

 %clean
@ -176,6 +182,15 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*

 %changelog
+* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-4
+- fix a list of owned directories (#510366)
+
+* Thu Jul 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-3
+- reduce the reuse of system IDs
+
+* Wed Jul 15 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-2
+- speed up sys users look up on LDAP boxes (#511813)
+
 * Tue Jun 16 2009 Peter Vrabec <pvrabec@redhat.com> 2:4.1.4.1-1
 - upgrade