From b17301efe01e9d652a570b7891d562d530c5184c Mon Sep 17 00:00:00 2001
From: Peter Vrabec <pvrabec@fedoraproject.org>
Date: Tue, 5 Jun 2007 13:09:03 +0000
Subject: [PATCH] do not run find_new_uid() twice and use getpwuid() to check
 UID uniqueness     (#236871)

---
 shadow-4.0.18.1-findNewUidOnce.patch | 113 +++++++++++++++++++++++++++
 shadow-utils.spec                    |   6 ++
 2 files changed, 119 insertions(+)
 create mode 100644 shadow-4.0.18.1-findNewUidOnce.patch

diff --git a/shadow-4.0.18.1-findNewUidOnce.patch b/shadow-4.0.18.1-findNewUidOnce.patch
new file mode 100644
index 0000000..31287a9
--- /dev/null
+++ b/shadow-4.0.18.1-findNewUidOnce.patch
@@ -0,0 +1,113 @@
+--- shadow-4.0.18.1/src/useradd.c.findNewUidOnce	2007-05-16 13:16:51.000000000 +0200
++++ shadow-4.0.18.1/src/useradd.c	2007-05-16 14:12:52.000000000 +0200
+@@ -847,8 +847,9 @@
+  * find_new_uid - find the next available UID
+  *
+  *	find_new_uid() locates the next highest unused UID in the password
+- *	file, or checks the given user ID against the existing ones for
+- *	uniqueness.
++ *	file.
++ *	It doesn't make sense to use find_new_uid(), if UID is specified 
++ * 	via "-u" option.
+  */
+ static void find_new_uid (void)
+ {
+@@ -867,12 +868,7 @@
+ 		memset (index, 0, sizeof (char) * uid_max + 1);
+         }
+ 
+-	/*
+-	 * Start with some UID value if the user didn't provide us with
+-	 * one already.
+-	 */
+-	if (!uflg)
+-		user_id = uid_min;
++	user_id = uid_min;
+ 
+ 	/*
+ 	 * Search the entire password file, either looking for this
+@@ -886,42 +882,24 @@
+ 	setpwent ();
+ 	while ((pwd = getpwent ())) {
+ #endif
+-		if (strcmp (user_name, pwd->pw_name) == 0) {
+-			fprintf (stderr, _("%s: name %s is not unique\n"),
+-				 Prog, user_name);
+-#ifdef WITH_AUDIT
+-			audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
+-				      user_name, user_id, 0);
+-#endif
+-			exit (E_NAME_IN_USE);
+-		}
+-		if (!oflg && uflg && user_id == pwd->pw_uid) {
+-			fprintf (stderr, _("%s: UID %u is not unique\n"),
+-				 Prog, (unsigned int) user_id);
+-#ifdef WITH_AUDIT
+-			audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user",
+-				      user_name, user_id, 0);
+-#endif
+-			exit (E_UID_IN_USE);
+-		}
+-		if (!uflg && !rflg && pwd->pw_uid >= user_id) {
++		if (!rflg && pwd->pw_uid >= user_id) {
+ 			if (pwd->pw_uid > uid_max)
+ 				continue;
+ 			user_id = pwd->pw_uid + 1;
+ 		}
+ 		/* create index of occupied system accounts UIDs */
+-		if (!uflg && rflg && (pwd->pw_uid <= uid_max)) 
++		if (rflg && (pwd->pw_uid <= uid_max)) 
+ 			index[pwd->pw_uid] = 1;
+ 		
+ 	}
+ 
+ 	/* find free system account */
+-	if(!uflg && rflg) {
++	if(rflg) {
+ 		for( user_id = uid_max; (user_id >= uid_min) && index[user_id]; user_id--);
+ 		if ( user_id < uid_min ) {
+ 			fprintf (stderr, _("%s: can't get unique UID\n"), Prog);
+ 			fail_exit (E_UID_IN_USE);
+-		}		
++		}	
+ 	}
+ 
+ 	/*
+@@ -930,7 +908,7 @@
+ 	 * free UID starting with UID_MIN (it's O(n*n) but can be avoided
+ 	 * by not having users with UID equal to UID_MAX).  --marekm
+ 	 */
+-	if (!uflg && user_id == uid_max + 1) {
++	if (user_id == uid_max + 1) {
+ 		for (user_id = uid_min; user_id < uid_max; user_id++) {
+ #ifdef NO_GETPWENT
+ 			pw_rewind ();
+@@ -1590,9 +1568,6 @@
+ 	struct passwd pwent;
+ 	struct spwd spent;
+ 
+-	if (!oflg)
+-		find_new_uid ();
+-
+ 	/*
+ 	 * Fill in the password structure with any new fields, making
+ 	 * copies of strings.
+@@ -1911,7 +1886,17 @@
+ 		/* first, seek for a valid uid to use for this user.
+ 		 * We do this because later we can use the uid we found as
+ 		 * gid too ... --gafton */
+-		find_new_uid ();
++		if (!uflg)
++			find_new_uid ();
++		else {
++			if (getpwuid (user_id)) {
++	                        fprintf (stderr, _("%s: UID %u is not unique\n"), Prog, (unsigned int) user_id);
++#ifdef WITH_AUDIT
++        	                audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0);
++#endif
++                        	exit (E_UID_IN_USE);
++			}
++		}
+ 	}
+ 
+ 	/* do we have to add a group for that user? This is why we need to
diff --git a/shadow-utils.spec b/shadow-utils.spec
index cd88bd8..8d72cbb 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -26,6 +26,7 @@ Patch10: shadow-4.0.18.1-overflow.patch
 Patch11: shadow-4.0.17-useradd.patch
 Patch12: shadow-4.0.18.1-appendOption.patch
 Patch13: shadow-4.0.18.1-sysAccount.patch
+Patch14: shadow-4.0.18.1-findNewUidOnce.patch
 
 License: BSD
 Group: System Environment/Base
@@ -68,6 +69,7 @@ cp %{SOURCE3} lib/nscd.c
 %patch11 -p1 -b .useradd
 %patch12 -p1 -b .appendOption
 %patch13 -p1 -b .sysAccount
+%patch14 -p1 -b .findNewUidOnce
 
 rm po/*.gmo
 rm po/stamp-po
@@ -223,6 +225,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/man8/faillog.8*
 
 %changelog
+* Tue Jun 06 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-14
+- do not run find_new_uid() twice and use getpwuid() to check
+  UID uniqueness (#236871)
+
 * Tue Apr 10 2007 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-13
 - fix useradd dump core when build without WITH_SELINUX (#235641)