packages/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
shadow/backport-run_parts-for-groupadd-and-groupdel.patch

128 lines
3.4 KiB
Diff
Raw Normal View History

backport some patches Signed-off-by: yunjia_w <yunjia.wang@huawei.com>
2023-06-19 15:44:03 +08:00
From 4e1f674c41724dd96ad2c3a0c02ac9f6666697ba Mon Sep 17 00:00:00 2001
From: ed neville <ed@s5h.net>
Date: Mon, 27 Mar 2023 20:23:03 +0100
Subject: [PATCH] run_parts for groupadd and groupdel
run_parts currently exists in useradd and userdel, this commit mirrors
the functionality with groupadd and groupdel
Hook for group{add,del} to include killing processes that have group
membership that would no longer exist to avoid membership ID reuse.
Conflict: NA
Reference: https://github.com/shadow-maint/shadow/commit/4e1f674c41724dd96ad2c3a0c02ac9f6666697ba
---
.../groupdel-pre.d/01-kill_group_procs.sh | 26 +++++++++++++++++++
src/groupadd.c | 11 ++++++++
src/groupdel.c | 11 ++++++++
3 files changed, 48 insertions(+)
create mode 100644 etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
diff --git a/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
new file mode 100644
index 00000000..10db5279
--- /dev/null
+++ b/etc/shadow-maint/groupdel-pre.d/01-kill_group_procs.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+GROUPID=`awk -F: '$1 == "'"${SUBJECT}"'" { print $3 }' /etc/group`
+
+if [ "${GROUPID}" = "" ]; then
+ exit 0
+fi
+
+for status in /proc/*/status; do
+ # either this isn't a process or its already dead since expanding the list
+ [ -f "$status" ] || continue
+
+ tbuf=${status%/status}
+ pid=${tbuf#/proc/}
+ case "$pid" in
+ "$$") continue;;
+ [0-9]*) :;;
+ *) continue
+ esac
+
+ grep -q '^Groups:.*\b'"${GROUPID}"'\b.*' "/proc/$pid/status" || continue
+
+ kill -9 "$pid" || echo "cannot kill $pid" 1>&2
+done
+
diff --git a/src/groupadd.c b/src/groupadd.c
index 31142101..2eda1c68 100644
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -34,6 +34,7 @@
#include "sgroupio.h"
#endif
#include "shadowlog.h"
+#include "run_part.h"
/*
* exit status values
@@ -603,6 +604,11 @@ int main (int argc, char **argv)
check_perms ();
+ if (run_parts ("/etc/shadow-maint/groupadd-pre.d", group_name,
+ "groupadd")) {
+ exit(1);
+ }
+
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
@@ -621,6 +627,11 @@ int main (int argc, char **argv)
grp_update ();
close_files ();
+ if (run_parts ("/etc/shadow-maint/groupadd-post.d", group_name,
+ "groupadd")) {
+ exit(1);
+ }
+
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
diff --git a/src/groupdel.c b/src/groupdel.c
index fdccf5e1..bae4367b 100644
--- a/src/groupdel.c
+++ b/src/groupdel.c
@@ -32,6 +32,7 @@
#include "sgroupio.h"
#endif
#include "shadowlog.h"
+#include "run_part.h"
/*
* Global variables
*/
@@ -461,6 +462,11 @@ int main (int argc, char **argv)
group_busy (group_id);
}
+ if (run_parts ("/etc/shadow-maint/groupdel-pre.d", group_name,
+ "groupdel")) {
+ exit(1);
+ }
+
/*
* Do the hard stuff - open the files, delete the group entries,
* then close and update the files.
@@ -471,6 +477,11 @@ int main (int argc, char **argv)
close_files ();
+ if (run_parts ("/etc/shadow-maint/groupdel-post.d", group_name,
+ "groupdel")) {
+ exit(1);
+ }
+
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_GROUP);
--
2.27.0
Reference in New Issue Copy Permalink