From c0010da5ea5a006a69021e4ad37d0d66266fd227 Mon Sep 17 00:00:00 2001 From: xiongshenglan Date: Thu, 1 Dec 2022 15:39:48 +0800 Subject: [PATCH] backport useradd check if subid range exists for user --- ...check-if-subid-range-exists-for-user.patch | 41 +++++++++++++++++++ shadow.spec | 6 ++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 backport-useradd-check-if-subid-range-exists-for-user.patch diff --git a/backport-useradd-check-if-subid-range-exists-for-user.patch b/backport-useradd-check-if-subid-range-exists-for-user.patch new file mode 100644 index 0000000..62c172f --- /dev/null +++ b/backport-useradd-check-if-subid-range-exists-for-user.patch @@ -0,0 +1,41 @@ +From e0524e813a3bae2891b33a66f35876841c11cee7 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Mon, 24 Oct 2022 10:46:36 +0200 +Subject: [PATCH 1/4] useradd: check if subid range exists for user + +Check if a user already has a subid range before assigning one. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2012929 + +Signed-off-by: Iker Pedrosa + +Reference: https://github.com/shadow-maint/shadow/commit/e0524e813a3bae2891b33a66f35876841c11cee7 +Conflict: NA +--- + src/useradd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 7ea0a9c4..e784d602 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2188,14 +2188,14 @@ static void usr_update (unsigned long subuid_count, unsigned long subgid_count) + fail_exit (E_PW_UPDATE); + } + #ifdef ENABLE_SUBIDS +- if (is_sub_uid && ++ if (is_sub_uid && !local_sub_uid_assigned(user_name) && + (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), + Prog, sub_uid_dbname ()); + fail_exit (E_SUB_UID_UPDATE); + } +- if (is_sub_gid && ++ if (is_sub_gid && !local_sub_gid_assigned(user_name) && + (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), +-- +2.12.3 + diff --git a/shadow.spec b/shadow.spec index 77749ae..a4e18d6 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.9 -Release: 7 +Release: 8 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -48,6 +48,7 @@ Patch28: backport-libmisc-add-check-fopen-return-value-in-read_random_.patch Patch29: backport-passwd-erase-password-copy-on-all-error-branches.patch Patch30: backport-chpasswd-add-get_salt-for-generating-salt-value.patch Patch31: backport-chpasswd-fix-function-problem-with-R-parameter.patch +Patch32: backport-useradd-check-if-subid-range-exists-for-user.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -214,6 +215,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_mandir}/*/* %changelog +* Thu Dec 1 2022 xiongshenglan - 2:4.9-8 +- backport useradd check if subid range exists for user + * Tue Nov 22 2022 yunjia_w - 2:4.9-7 - chpasswd fix function problem with R parameter