packages/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update version to 4.13

Browse Source 
Signed-off-by: yunjia_w <yunjia.wang@huawei.com>
This commit is contained in:
yunjia_w 2023-02-08 10:06:50 +08:00
parent dac9dc298e
commit ebbcf53efe
34 changed files with 797 additions and 2742 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
View File

@ -1,112 +0,0 @@
From 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Fri, 23 Jul 2021 17:51:13 -0500
Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
There's a better way to do this, and I hope to clean that up,
but this fixes out of tree builds for me right now.
Closes #386
Signed-off-by: Serge Hallyn <serge@hallyn.com>
---
lib/Makefile.am | 2 ++
libmisc/Makefile.am | 2 +-
libsubid/Makefile.am | 4 ++--
src/Makefile.am | 6 ++++++
4 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/lib/Makefile.am b/lib/Makefile.am
index ecf3ee2..5ac2e11 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
endif
+libshadow_la_CPPFLAGS += -I$(top_srcdir)
+
libshadow_la_SOURCES = \
commonio.c \
commonio.h \
diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
index 9766a7e..9f237e0 100644
--- a/libmisc/Makefile.am
+++ b/libmisc/Makefile.am
@@ -1,7 +1,7 @@
EXTRA_DIST = .indent.pro xgetXXbyYY.c
-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
noinst_LTLIBRARIES = libmisc.la
diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
index 8305156..99308c1 100644
--- a/libsubid/Makefile.am
+++ b/libsubid/Makefile.am
@@ -20,8 +20,8 @@ MISCLIBS = \
$(LIBPAM)
libsubid_la_LIBADD = \
- $(top_srcdir)/lib/libshadow.la \
- $(top_srcdir)/libmisc/libmisc.la \
+ $(top_builddir)/lib/libshadow.la \
+ $(top_builddir)/libmisc/libmisc.la \
$(MISCLIBS) -ldl
AM_CPPFLAGS = \
diff --git a/src/Makefile.am b/src/Makefile.am
index 3502701..7c1a349 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -10,6 +10,7 @@ sgidperms = 2755
AM_CPPFLAGS = \
-I${top_srcdir}/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-DLOCALEDIR=\"$(datadir)/locale\"
# XXX why are login and su in /bin anyway (other than for
@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
list_subid_ranges_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
get_subid_owners_LDADD = \
@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
get_subid_owners_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
new_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
new_subid_range_LDADD = \
@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
free_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
free_subid_range_LDADD = \
@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
check_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libmisc
check_subid_range_LDADD = \
--
1.8.3.1

28
Fixes-the-linking-issues-when-libsubid-is-static-and.patch
View File

@ -1,28 +0,0 @@
From fc832e4648d6e80e95aaa762a158453ee43fe1cb Mon Sep 17 00:00:00 2001
From: "(GalaxyMaster)" <galaxy4public@users.noreply.github.com>
Date: Wed, 27 Oct 2021 20:14:42 +1100
Subject: [PATCH] Fixes the linking issues when libsubid is static and linked
to binaries that also define the Prog and shadow_logfd variables.
---
libsubid/api.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsubid/api.c b/libsubid/api.c
index a7b904d..a51b4e0 100644
--- a/libsubid/api.c
+++ b/libsubid/api.c
@@ -39,8 +39,8 @@
#include "idmapping.h"
#include "subid.h"
-const char *Prog = "(libsubid)";
-FILE *shadow_logfd;
+static const char *Prog = "(libsubid)";
+static FILE *shadow_logfd;
bool libsubid_init(const char *progname, FILE * logfd)
{
--
1.8.3.1

32
Makefile-include-libeconf-dependency-in-new-idmap.patch
View File

@ -1,32 +0,0 @@
From c6847011e8b656adacd9a0d2a78418cad0de34cb Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 2 Aug 2021 15:54:20 +0200
Subject: [PATCH] Makefile: include libeconf dependency in new*idmap
new*idmap has a dependency with libeconf since commit
c464ec55709dc931ba2f24073b8b1a86d5209ab0. I'm just adding it to the
Makefile to be able to compile in distributions that include libeconf.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 7c1a349..6cc873b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
--
1.8.3.1

45
Respect-enable-static-no-in-libsubid.patch
View File

@ -1,45 +0,0 @@
From fa986b1d73605ecca54a4f19249227aeab827bf6 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <shallyn@cisco.com>
Date: Sun, 25 Jul 2021 17:18:02 +0000
Subject: [PATCH] Respect --enable-static=no in libsubid
libsubid's Makefile.am was always setting enable-shared in its LDFLAGS.
Do that only if not building static.
Closes #387
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
---
configure.ac | 2 ++
libsubid/Makefile.am | 2 ++
2 files changed, 4 insertions(+)
diff --git a/configure.ac b/configure.ac
index 0f237cc..994836b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
fi
+AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
+
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
if test "$with_bcrypt" = "yes"; then
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
index 99308c1..8bba02a 100644
--- a/libsubid/Makefile.am
+++ b/libsubid/Makefile.am
@@ -1,6 +1,8 @@
lib_LTLIBRARIES = libsubid.la
+if ENABLE_SHARED
libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
-shared -version-info @LIBSUBID_ABI_MAJOR@
+endif
libsubid_la_SOURCES = api.c
pkginclude_HEADERS = subid.h
--
1.8.3.1

30
Revert-useradd.c-fix-memleaks-of-grp.patch
View File

@ -1,30 +0,0 @@
From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge@hallyn.com>
Date: Sat, 14 Aug 2021 19:37:24 -0500
Subject: [PATCH] Revert "useradd.c:fix memleaks of grp"
In some cases, the value which was being freed is not actually
safe to free.
Closes #394
This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5.
---
src/useradd.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index f90127c..0d3f390 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -413,7 +413,6 @@ static void get_defaults (void)
} else {
def_group = grp->gr_gid;
def_gname = xstrdup (grp->gr_name);
- gr_free(grp);
}
}
--
1.8.3.1

48
backport-Add-header-guards.patch
View File

@ -1,48 +0,0 @@
From 0c7ded471fdd2a130edfb265279663c68cfd2a3c Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 10 May 2022 15:26:15 +0200
Subject: [PATCH] Add header guards
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reference: https://github.com/shadow-maint/shadow/commit/0c7ded471fdd2a130edfb265279663c68cfd2a3c
Conflict: shadowlog_internal.h is not currently available, and run_part.h is adapted
---
lib/pwauth.h | 5 +++++
lib/run_part.h | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/lib/pwauth.h b/lib/pwauth.h
index fb205b71..b610025d 100644
--- a/lib/pwauth.h
+++ b/lib/pwauth.h
@@ -34,6 +34,9 @@
* $Id$
*/
+#ifndef _PWAUTH_H
+#define _PWAUTH_H
+
#ifndef USE_PAM
int pw_auth (const char *cipher,
const char *user,
@@ -64,3 +67,5 @@ int pw_auth (const char *cipher,
#define PW_RLOGIN 202
#define PW_FTP 203
#define PW_REXEC 204
+
+#endif /* _PWAUTH_H */
diff --git a/lib/run_part.h b/lib/run_part.h
index 0b68dbfc..6422134c 100644
--- a/lib/run_part.h
+++ b/lib/run_part.h
@@ -1,2 +1,7 @@
+#ifndef _RUN_PART_H
+#define _RUN_PART_H
+
int run_part (char *script_path, char *name, char *action);
int run_parts (char *directory, char *name, char *action);
+
+#endif /* _RUN_PART_H */
--
2.23.0

29
backport-Change-to-strncat.patch
View File

@ -1,29 +0,0 @@
From 9560152f1bdae02b072b54ea65d1e686ebd46e5f Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 18 Mar 2022 15:35:02 -0400
Subject: [PATCH] Change to strncat
ut_line is declared as a nonstring in bits/utmp.h. It might not be NUL
terminated. Limit how much it copies to the size of the array.
Reference: https://github.com/shadow-maint/shadow/commit/4f393a5f9fd9168c91225ae1b39843fc90372c74
Conflict: NA
---
src/logoutd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/logoutd.c b/src/logoutd.c
index 780c29f..06c12c6 100644
--- a/src/logoutd.c
+++ b/src/logoutd.c
@@ -250,7 +250,7 @@ int main (int argc, char **argv)
tty_name[0] = '\0';
}
- strcat (tty_name, ut->ut_line);
+ strncat (tty_name, ut->ut_line, UT_LINESIZE);
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
--
2.33.0

31
backport-Do-not-return-garbage-in-run_parts.patch
View File

@ -1,31 +0,0 @@
From b2bc1f692736debf3ba94872db73435d114d19ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 3 Jan 2022 13:12:31 +0100
Subject: [PATCH] Do not return garbage in run_parts
If scandir(3) returns 0, the uninitialized value of execute_result will
be returned.
Reference: https://github.com/shadow-maint/shadow/commit/b2bc1f692736debf3ba94872db73435d114d19ec
Conflict: NA
---
lib/run_part.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/run_part.c b/lib/run_part.c
index 884bbefa..1e4f154b 100644
--- a/lib/run_part.c
+++ b/lib/run_part.c
@@ -48,7 +48,7 @@ int run_parts (const char *directory, const char *name, const char *action)
int execute_result;
scanlist = scandir (directory, &namelist, 0, alphasort);
- if (scanlist<0) {
+ if (scanlist<=0) {
return (0);
}
--
2.27.0

38
backport-Handle-ERANGE-error-correctly.patch
View File

@ -1,38 +0,0 @@
From e9bf727253e13968c4c61d71f4725e668cd49881 Mon Sep 17 00:00:00 2001
From: Niko <2089413+NikoDelarich@users.noreply.github.com>
Date: Tue, 1 Mar 2022 14:43:07 +0100
Subject: [PATCH] Handle ERANGE error correctly
The reentrant functions getgrgid_r, getgrnam_r, getpwnam_r, etc. all return an error code instead of setting errno. Adapt the error check accordingly.
Reference: https://github.com/shadow-maint/shadow/commit/e9bf727253e13968c4c61d71f4725e668cd49881
Conflict: NA
---
libmisc/xgetXXbyYY.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libmisc/xgetXXbyYY.c b/libmisc/xgetXXbyYY.c
index db010224..6a3f9693 100644
--- a/libmisc/xgetXXbyYY.c
+++ b/libmisc/xgetXXbyYY.c
@@ -66,7 +66,6 @@
"x" STRINGIZE(FUNCTION_NAME));
exit (13);
}
- errno = 0;
status = REENTRANT_NAME(ARG_NAME, result, buffer,
length, &resbuf);
if ((0 == status) && (resbuf == result)) {
@@ -78,7 +77,7 @@
return ret_result;
}
- if (ERANGE != errno) {
+ if (ERANGE != status) {
free (buffer);
free (result);
return NULL;
--
2.27.0

89
backport-Initialize-local-variables.patch
View File

@ -1,89 +0,0 @@
From 3b89b71680b2eb46135439e0a7760dbe040628e5 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 16 May 2022 17:24:58 +0200
Subject: [PATCH] Initialize local variables
CWE-457 by CodeQL.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reference: https://github.com/shadow-maint/shadow/commit/3b89b71680b2eb46135439e0a7760dbe040628e5
Conflict: The number of lines is inconsistent and there is a little difference in adaptation
---
lib/run_part.c | 2 +-
src/faillog.c | 4 ++--
src/lastlog.c | 21 ++++++++++-----------
3 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/lib/run_part.c b/lib/run_part.c
index 1e4f154b..bce11d37 100644
--- a/lib/run_part.c
+++ b/lib/run_part.c
@@ -43,7 +43,7 @@ int run_parts (char *directory, char *name, char *action)
struct dirent **namelist;
int scanlist;
int n;
- int execute_result;
+ int execute_result = 0;
scanlist = scandir (directory, &namelist, 0, alphasort);
if (scanlist<=0) {
diff --git a/src/faillog.c b/src/faillog.c
index d33fe9b6..0f94836f 100644
--- a/src/faillog.c
+++ b/src/faillog.c
@@ -565,9 +565,9 @@ static void set_locktime (long locktime)
int main (int argc, char **argv)
{
- long fail_locktime;
+ long fail_locktime = 0;
short fail_max = 0; // initialize to silence compiler warning
- long days;
+ long days = 0;
/*
* Get the program name. The program name is used as a prefix to
diff --git a/src/lastlog.c b/src/lastlog.c
index 3c0fc9c6..0d4b5fd2 100644
--- a/src/lastlog.c
+++ b/src/lastlog.c
@@ -114,7 +114,16 @@ static void print_one (/*@null@*/const struct passwd *pw)
#endif
#ifdef HAVE_LL_HOST
- int maxIPv6Addrlen;
+ /*
+ * ll_host is in minimized form, thus the maximum IPv6 address possible is
+ * 8*4+7 = 39 characters.
+ * RFC 4291 2.5.6 states that for LL-addresses fe80+only the interface ID is set,
+ * thus having a maximum size of 25+1+IFNAMSIZ.
+ * POSIX says IFNAMSIZ should be 16 characters long including the null byte, thus
+ * 25+1+IFNAMSIZ >= 42 > 39
+ */
+ /* Link-Local address + % + Interfacename */
+ const int maxIPv6Addrlen = 25+1+IFNAMSIZ;
#endif
if (NULL == pw) {
@@ -158,16 +167,6 @@ static void print_one (/*@null@*/const struct passwd *pw)
/* Print the header only once */
if (!once) {
#ifdef HAVE_LL_HOST
- /*
- * ll_host is in minimized form, thus the maximum IPv6 address possible is
- * 8*4+7 = 39 characters.
- * RFC 4291 2.5.6 states that for LL-addresses fe80+only the interface ID is set,
- * thus having a maximum size of 25+1+IFNAMSIZ.
- * POSIX says IFNAMSIZ should be 16 characters long including the null byte, thus
- * 25+1+IFNAMSIZ >= 42 > 39
- */
- /* Link-Local address + % + Interfacename */
- maxIPv6Addrlen = 25+1+IFNAMSIZ;
printf (_("Username Port From%*sLatest\n"), maxIPv6Addrlen-3, " ");
#else
puts (_("Username Port Latest"));
--
2.27.0

79
backport-Remove-commented-out-code-and-FIXMEs.patch
View File

@ -1,79 +0,0 @@
From 0b51cde162322ad1c6d162be0bc1b97065ff25c8 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 10 May 2022 15:01:21 +0200
Subject: [PATCH] Remove commented out code and FIXMEs
In order to remove some of the FIXMEs it was necessary to change the
code and call getulong() instead of getlong().
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reference: https://github.com/shadow-maint/shadow/commit/0b51cde162322ad1c6d162be0bc1b97065ff25c8
Conflict: NA
---
lib/getdef.c | 1 -
lib/sgetspent.c | 3 +--
lib/shadow.c | 3 +--
libmisc/salt.c | 3 ++-
4 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/lib/getdef.c b/lib/getdef.c
index fbaea2e1..2e6022fa 100644
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -345,7 +345,6 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
}
if (getulong (d->value, &val) == 0) {
- /* FIXME: we should have a getulong */
fprintf (shadow_logfd,
_("configuration error - cannot parse %s value: '%s'"),
item, d->value);
diff --git a/lib/sgetspent.c b/lib/sgetspent.c
index a35b6759..cbadb7e6 100644
--- a/lib/sgetspent.c
+++ b/lib/sgetspent.c
@@ -171,8 +171,7 @@ struct spwd *sgetspent (const char *string)
if (fields[8][0] == '\0') {
spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
- } else if (getlong (fields[8], &spwd.sp_flag) == 0) {
- /* FIXME: add a getulong function */
+ } else if (getulong (fields[8], &spwd.sp_flag) == 0) {
return 0;
}
diff --git a/lib/shadow.c b/lib/shadow.c
index 9e86b908..b628b657 100644
--- a/lib/shadow.c
+++ b/lib/shadow.c
@@ -305,8 +305,7 @@ static struct spwd *my_sgetspent (const char *string)
if (fields[8][0] == '\0') {
spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
} else {
- if (getlong (fields[8], &spwd.sp_flag) == 0) {
- /* FIXME: add a getulong function */
+ if (getulong (fields[8], &spwd.sp_flag) == 0) {
#ifdef USE_NIS
if (nis_used) {
spwd.sp_flag = SHADOW_SP_FLAG_UNSET;
diff --git a/libmisc/salt.c b/libmisc/salt.c
index ebf162fc..450293d7 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -341,9 +341,10 @@ static /*@observer@*/const unsigned long BCRYPT_get_salt_rounds (/*@null@*/int *
/*
* Use 19 as an upper bound for now,
* because musl doesn't allow rounds >= 20.
+ * If musl ever supports > 20 rounds,
+ * rounds should be set to B_ROUNDS_MAX.
*/
if (rounds > 19) {
- /* rounds = B_ROUNDS_MAX; */
rounds = 19;
}
#endif /* USE_XCRYPT_GENSALT */
--
2.27.0

31
backport-Remove-redeclared-variable.patch
View File

@ -1,31 +0,0 @@
From 23baa40d9d96743dd3377de0de8e422b7ec3ed94 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 10 May 2022 13:23:07 +0200
Subject: [PATCH] Remove redeclared variable
No need to redeclare a variable with the same name and type. Just keep
the one with the biggest scope.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reference: https://github.com/shadow-maint/shadow/commit/23baa40d9d96743dd3377de0de8e422b7ec3ed94
Conflict: NA
---
src/vipw.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/vipw.c b/src/vipw.c
index 8c97f4bc..488a97d9 100644
--- a/src/vipw.c
+++ b/src/vipw.c
@@ -293,7 +293,6 @@ vipwedit (const char *file, int (*file_lock) (void), int (*file_unlock) (void))
/* use the system() call to invoke the editor so that it accepts
command line args in the EDITOR and VISUAL environment vars */
char *buf;
- int status;
/* Wait for parent to make us the foreground pgrp. */
if (orig_pgrp != -1) {
--
2.27.0

117
backport-chpasswd-add-get_salt-for-generating-salt-value.patch
View File

@ -1,117 +0,0 @@
From 6d1b10b9e516bd88fa34392395b0a7c6e6f54fd7 Mon Sep 17 00:00:00 2001
From: juyin <zhuyan34@huawei.com>
Date: Thu, 31 Mar 2022 16:45:19 +0800
Subject: [PATCH] chpasswd: add get_salt for generating salt value
The function that generates the salt value is extracted separately, and it is more convenient to modify it later.
Reference: https://github.com/shadow-maint/shadow/commit/a026154c6fca7c7e5d6d0723e0cc29d6cd9fa00a
Conflict: The EulerOS supports SM3. As a result, the patch is different.
---
src/chpasswd.c | 73 +++++++++++++++++++++++++++-----------------------
1 file changed, 39 insertions(+), 34 deletions(-)
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 5dfb995..708f973 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -430,12 +430,54 @@ static void close_files (void)
pw_locked = false;
}
+static const char *get_salt(void)
+{
+ if ( !eflg
+ && ( (NULL == crypt_method)
+ || (0 != strcmp (crypt_method, "NONE")))) {
+ void *arg = NULL;
+
+ if (md5flg) {
+ crypt_method = "MD5";
+ }
+#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
+ if (sflg) {
+#if defined(USE_SHA_CRYPT)
+ if ( (0 == strcmp (crypt_method, "SHA256"))
+ || (0 == strcmp (crypt_method, "SHA512"))) {
+ arg = &sha_rounds;
+ }
+#endif /* USE_SHA_CRYPT */
+#if defined(USE_BCRYPT)
+ if (0 == strcmp (crypt_method, "BCRYPT")) {
+ arg = &bcrypt_rounds;
+ }
+#endif /* USE_BCRYPT */
+#if defined(USE_YESCRYPT)
+ if (0 == strcmp (crypt_method, "YESCRYPT")) {
+ arg = &yescrypt_cost;
+ }
+#endif /* USE_YESCRYPT */
+#if defined(USE_SM3_CRYPT)
+ if (0 == strcmp (crypt_method, "SM3")) {
+ arg = &sm3_rounds;
+ }
+#endif /* USE_SM3_CRYPT */
+ }
+#endif
+ return crypt_make_salt (crypt_method, arg);
+ }
+
+ return NULL;
+}
+
int main (int argc, char **argv)
{
char buf[BUFSIZ];
char *name;
char *newpwd;
char *cp;
+ const char *salt;
#ifdef USE_PAM
bool use_pam = true;
@@ -545,40 +587,8 @@ int main (int argc, char **argv)
const struct passwd *pw;
struct passwd newpw;
- if ( !eflg
- && ( (NULL == crypt_method)
- || (0 != strcmp (crypt_method, "NONE")))) {
- void *arg = NULL;
- const char *salt;
- if (md5flg) {
- crypt_method = "MD5";
- }
-#if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
- if (sflg) {
-#if defined(USE_SHA_CRYPT)
- if ( (0 == strcmp (crypt_method, "SHA256"))
- || (0 == strcmp (crypt_method, "SHA512"))) {
- arg = &sha_rounds;
- }
-#endif /* USE_SHA_CRYPT */
-#if defined(USE_BCRYPT)
- if (0 == strcmp (crypt_method, "BCRYPT")) {
- arg = &bcrypt_rounds;
- }
-#endif /* USE_BCRYPT */
-#if defined(USE_YESCRYPT)
- if (0 == strcmp (crypt_method, "YESCRYPT")) {
- arg = &yescrypt_cost;
- }
-#endif /* USE_YESCRYPT */
-#if defined(USE_SM3_CRYPT)
- if (0 == strcmp (crypt_method, "SM3")) {
- arg = &sm3_rounds;
- }
-#endif /* USE_SM3_CRYPT */
- }
-#endif
- salt = crypt_make_salt (crypt_method, arg);
+ salt = get_salt();
+ if (salt) {
cp = pw_encrypt (newpwd, salt);
if (NULL == cp) {
fprintf (stderr,
--
2.33.0

48
backport-chpasswd-fix-function-problem-with-R-parameter.patch
View File

@ -1,48 +0,0 @@
From 3732cf72d6f05fcd9d9f301eac84c1a61443e379 Mon Sep 17 00:00:00 2001
From: juyin <zhuyan34@huawei.com>
Date: Thu, 31 Mar 2022 16:48:52 +0800
Subject: [PATCH] chpasswd: fix function problem with -R parameter
Generating salt value depends on /dev/urandom. But after the
function process_root_flag changed the root directory, It does
not exist.
So, generate salt value before changeing the directory.
Fixes: #514
Reference: https://github.com/shadow-maint/shadow/commit/3732cf72d6f05fcd9d9f301eac84c1a61443e379
Conflict: NA
---
src/chpasswd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 94e923ab..d0da14c6 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -451,10 +451,11 @@ int main (int argc, char **argv)
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
- process_root_flag ("-R", argc, argv);
-
process_flags (argc, argv);
+ salt = get_salt();
+ process_root_flag ("-R", argc, argv);
+
#ifdef USE_PAM
if (md5flg || eflg || cflg) {
use_pam = false;
@@ -545,7 +546,6 @@ int main (int argc, char **argv)
const struct passwd *pw;
struct passwd newpw;
- salt = get_salt();
if (salt) {
cp = pw_encrypt (newpwd, salt);
if (NULL == cp) {
--
2.23.0

33
backport-libmisc-add-check-fopen-return-value-in-read_random_.patch
View File

@ -1,33 +0,0 @@
From a43d0b95c44b2c36025452b772b9d4b251281e3e Mon Sep 17 00:00:00 2001
From: juyin <zhuyan34@huawei.com>
Date: Wed, 30 Mar 2022 19:21:32 +0800
Subject: [PATCH] libmisc: add check fopen return value in read_random_bytes()
Returns null when fopen fails. Then, using fread with a null pointer will cause a segfault.
Signed-off-by: Yan Zhu <zhuyan34@huawei.com>
Reference: https://github.com/shadow-maint/shadow/commit/a43d0b95c44b2c36025452b772b9d4b251281e3e
Conflict: NA
---
libmisc/salt.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libmisc/salt.c b/libmisc/salt.c
index f8ac5669..ebf162fc 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -175,6 +175,9 @@ static long read_random_bytes (void)
#else
FILE *f = fopen ("/dev/urandom", "r");
+ if (NULL == f) {
+ goto fail;
+ }
if (fread (&randval, sizeof (randval), 1, f) != 1) {
fclose(f);
--
2.27.0

35
backport-passwd-erase-password-copy-on-all-error-branches.patch
View File

@ -1,35 +0,0 @@
From 58b6e97a9eef866e9e479fb781aaaf59fb11ef36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 25 Apr 2022 12:17:40 +0200
Subject: [PATCH] passwd: erase password copy on all error branches
Reference: https://github.com/shadow-maint/shadow/commit/58b6e97a9eef866e9e479fb781aaaf59fb11ef36
Conflict: NA
---
src/passwd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/passwd.c b/src/passwd.c
index 80531ec6..8c6f81a9 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw)
cp = getpass (_("New password: "));
if (NULL == cp) {
memzero (orig, sizeof orig);
+ memzero (pass, sizeof pass);
return -1;
}
if (warned && (strcmp (pass, cp) != 0)) {
@@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw)
cp = getpass (_("Re-enter new password: "));
if (NULL == cp) {
memzero (orig, sizeof orig);
+ memzero (pass, sizeof pass);
return -1;
}
if (strcmp (cp, pass) != 0) {
--
2.27.0

42
backport-useradd-modify-check-ID-range-for-system-users.patch
View File

@ -1,42 +0,0 @@
From f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 4 Jan 2022 13:06:00 +0100
Subject: [PATCH] useradd: modify check ID range for system users
useradd warns that a system user ID less than SYS_UID_MIN is outside the
expected range, even though that ID has been specifically selected with
the "-u" option.
In my opinion all the user ID's below SYS_UID_MAX are for the system,
thus I change the condition to take that into account.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004911
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Conflict: context adaptation
---
src/useradd.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 34376fa..4c71c38 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2409,11 +2409,9 @@ static void check_uid_range(int rflg, uid_t user_id)
uid_t uid_min ;
uid_t uid_max ;
if(rflg){
- uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL);
uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
- if(uid_min <= uid_max){
- if(user_id < uid_min || user_id >uid_max)
- fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
+ if (user_id > uid_max) {
+ fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max);
}
}else{
uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
--
1.8.3.1

32
groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch
View File

@ -1,32 +0,0 @@
From a757b458ffb4fb9a40bcbb4f7869449431c67f83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Rigault?= <frigo@amadeus.com>
Date: Mon, 1 Nov 2021 13:54:25 +0100
Subject: [PATCH] groupdel: fix SIGSEGV when passwd does not exist
When using groupdel with a prefix, groupdel will attempt to read a
passwd file to look for any user in the group. When the file does not
exist it cores with segmentation fault.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1986111
Conflict: context adaptation
---
libmisc/prefix_flag.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index cca553a..b6628ac 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
if(!passwd_db_file) {
return getpwent();
}
+ if (!fp_pwent) {
+ return NULL;
+ }
return fgetpwent(fp_pwent);
}
extern void prefix_endpwent()
--
1.8.3.1

60
libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
View File

@ -1,60 +0,0 @@
From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Sat, 14 Aug 2021 13:24:34 -0400
Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
use SHA_ROUNDS_DEFAULT.
Previously, the code fell through, calling shadow_random(-1, -1). This
ultimately set rounds = (unsigned long) -1, which ends up being a very
large number! This then got capped to SHA_ROUNDS_MAX later in the
function.
The new behavior matches BCRYPT_get_salt_rounds().
Bug: https://bugs.gentoo.org/808195
Fixes: https://github.com/shadow-maint/shadow/issues/393
---
libmisc/salt.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/libmisc/salt.c b/libmisc/salt.c
index 91d528f..30eefb9 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
if ((-1 == min_rounds) && (-1 == max_rounds)) {
rounds = SHA_ROUNDS_DEFAULT;
}
+ else {
+ if (-1 == min_rounds) {
+ min_rounds = max_rounds;
+ }
- if (-1 == min_rounds) {
- min_rounds = max_rounds;
- }
+ if (-1 == max_rounds) {
+ max_rounds = min_rounds;
+ }
- if (-1 == max_rounds) {
- max_rounds = min_rounds;
- }
+ if (min_rounds > max_rounds) {
+ max_rounds = min_rounds;
+ }
- if (min_rounds > max_rounds) {
- max_rounds = min_rounds;
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
}
-
- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
} else if (0 == *prefered_rounds) {
rounds = SHA_ROUNDS_DEFAULT;
} else {
--
1.8.3.1

28
libsubid-link-to-PAM-libraries.patch
View File

@ -1,28 +0,0 @@
From f4a84efb468b8be21be124700ce35159c444e9d6 Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@mengyan1223.wang>
Date: Fri, 23 Jul 2021 14:38:08 +0800
Subject: [PATCH] libsubid: link to PAM libraries
libsubid.so links to libmisc.a, which contains several routines referring to
PAM functions.
---
libsubid/Makefile.am | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
index 189165b..8305156 100644
--- a/libsubid/Makefile.am
+++ b/libsubid/Makefile.am
@@ -16,7 +16,8 @@ MISCLIBS = \
$(LIBCRYPT) \
$(LIBACL) \
$(LIBATTR) \
- $(LIBTCB)
+ $(LIBTCB) \
+ $(LIBPAM)
libsubid_la_LIBADD = \
$(top_srcdir)/lib/libshadow.la \
--
1.8.3.1

35
newgrp-fix-segmentation-fault.patch
View File

@ -1,35 +0,0 @@
From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Wed, 10 Nov 2021 12:02:04 +0100
Subject: [PATCH] newgrp: fix segmentation fault
Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
that is immediately freed.
The error was committed in
https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/newgrp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/newgrp.c b/src/newgrp.c
index 730f47e..566f1c8 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp,
spwd = xgetspnam (pwd->pw_name);
if (NULL != spwd) {
pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
+ spw_free (spwd);
}
- spw_free (spwd);
if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
needspasswd = true;
--
1.8.3.1

30
pwck-fix-segfault-when-calling-fprintf.patch
View File

@ -1,30 +0,0 @@
From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 15 Nov 2021 12:40:15 +0100
Subject: [PATCH] pwck: fix segfault when calling fprintf()
As shadow_logfd variable is not set at the beginning of the program if
something fails and fprintf() is called a segmentation fault happens.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/pwck.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/pwck.c b/src/pwck.c
index 4248944..4ce86af 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -857,6 +857,7 @@ int main (int argc, char **argv)
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
+ shadow_logfd = stderr;
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
--
1.8.3.1

61
semanage-close-the-selabel-handle.patch
View File

@ -1,61 +0,0 @@
From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 8 Oct 2021 13:13:13 +0200
Subject: [PATCH] semanage: close the selabel handle
Close the selabel handle to update the file_context. This means that the
file_context will be remmaped and used by selabel_lookup() to return
the appropriate context to label the home folder.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
lib/prototypes.h | 1 +
lib/selinux.c | 5 +++++
lib/semanage.c | 1 +
3 files changed, 7 insertions(+)
diff --git a/lib/prototypes.h b/lib/prototypes.h
index 1d1586d..b697e0e 100644
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
/* selinux.c */
#ifdef WITH_SELINUX
extern int set_selinux_file_context (const char *dst_name, mode_t mode);
+extern void reset_selinux_handle (void);
extern int reset_selinux_file_context (void);
extern int check_selinux_permit (const char *perm_name);
#endif
diff --git a/lib/selinux.c b/lib/selinux.c
index c83545f..b075d4c 100644
--- a/lib/selinux.c
+++ b/lib/selinux.c
@@ -50,6 +50,11 @@ static void cleanup(void)
}
}
+void reset_selinux_handle (void)
+{
+ cleanup();
+}
+
/*
* set_selinux_file_context - Set the security context before any file or
* directory creation.
diff --git a/lib/semanage.c b/lib/semanage.c
index 0d30456..a5bf921 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
}
ret = 0;
+ reset_selinux_handle();
done:
semanage_seuser_key_free (key);
--
1.8.3.1

BIN
shadow-4.13.tar.xz Normal file
View File

Binary file not shown.

100
shadow-4.8-goodname.patch
View File

@ -1,100 +0,0 @@
diff -up shadow-4.8/libmisc/chkname.c.goodname shadow-4.8/libmisc/chkname.c
--- shadow-4.8/libmisc/chkname.c.goodname 2020-01-13 09:44:41.968507996 +0100
+++ shadow-4.8/libmisc/chkname.c 2020-01-13 09:46:27.863727732 +0100
@@ -55,26 +55,44 @@ static bool is_valid_name (const char *n
}
/*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
+ * User/group names must match gnu e-regex:
+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+ *
+ * as a non-POSIX, extension, allow "$" as the last char for
+ * sake of Samba 3.x "add machine script"
+ *
+ * Also do not allow fully numeric names or just "." or "..".
+ */
+ int numeric;
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ if ('\0' == *name ||
+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
+ '\0' == name[1])) ||
+ !((*name >= 'a' && *name <= 'z') ||
+ (*name >= 'A' && *name <= 'Z') ||
+ (*name >= '0' && *name <= '9') ||
+ *name == '_' ||
+ *name == '.')) {
return false;
}
+ numeric = isdigit(*name);
+
while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
+ if (!((*name >= 'a' && *name <= 'z') ||
+ (*name >= 'A' && *name <= 'Z') ||
+ (*name >= '0' && *name <= '9') ||
+ *name == '_' ||
+ *name == '.' ||
+ *name == '-' ||
+ (*name == '$' && name[1] == '\0')
)) {
return false;
}
+ numeric &= isdigit(*name);
}
- return true;
+ return !numeric;
}
bool is_valid_user_name (const char *name)
diff -up shadow-4.8/man/groupadd.8.xml.goodname shadow-4.8/man/groupadd.8.xml
--- shadow-4.8/man/groupadd.8.xml.goodname 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/man/groupadd.8.xml 2020-01-13 09:44:41.968507996 +0100
@@ -273,10 +273,12 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
- Groupnames must start with a lower case letter or an underscore,
- followed by lower case letters, digits, underscores, or dashes.
- They can end with a dollar sign.
- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ Groupnames may contain only lower and upper case letters, digits,
+ underscores, or dashes. They can end with a dollar sign.
+
+ Dashes are not allowed at the beginning of the groupname.
+ Fully numeric groupnames and groupnames . or .. are
+ also disallowed.
</para>
<para>
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
diff -up shadow-4.8/man/useradd.8.xml.goodname shadow-4.8/man/useradd.8.xml
--- shadow-4.8/man/useradd.8.xml.goodname 2019-10-05 03:23:58.000000000 +0200
+++ shadow-4.8/man/useradd.8.xml 2020-01-13 09:44:41.968507996 +0100
@@ -661,10 +661,14 @@
</para>
<para>
- Usernames must start with a lower case letter or an underscore,
- followed by lower case letters, digits, underscores, or dashes.
- They can end with a dollar sign.
- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ Usernames may contain only lower and upper case letters, digits,
+ underscores, or dashes. They can end with a dollar sign.
+
+ Dashes are not allowed at the beginning of the username.
+ Fully numeric usernames and usernames . or .. are
+ also disallowed. It is not recommended to use usernames beginning
+ with . character as their home directories will be hidden in
+ the <command>ls</command> output.
</para>
<para>
Usernames may only be up to 32 characters long.

86
shadow-4.8-long-entry.patch
View File

@ -1,86 +0,0 @@
diff -up shadow-4.8/lib/defines.h.long-entry shadow-4.8/lib/defines.h
--- shadow-4.8/lib/defines.h.long-entry 2020-01-13 10:29:45.288957339 +0100
+++ shadow-4.8/lib/defines.h 2020-01-13 10:30:47.482902954 +0100
@@ -388,6 +388,9 @@ extern char *strerror ();
# endif
#endif
+/* Maximum length of passwd entry */
+#define PASSWD_ENTRY_MAX_LENGTH 32768
+
#ifdef HAVE_SECURE_GETENV
# define shadow_getenv(name) secure_getenv(name)
# else
diff -up shadow-4.8/lib/pwio.c.long-entry shadow-4.8/lib/pwio.c
--- shadow-4.8/lib/pwio.c.long-entry 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/lib/pwio.c 2020-01-13 10:29:45.288957339 +0100
@@ -79,7 +79,10 @@ static int passwd_put (const void *ent,
|| (pw->pw_gid == (gid_t)-1)
|| (valid_field (pw->pw_gecos, ":\n") == -1)
|| (valid_field (pw->pw_dir, ":\n") == -1)
- || (valid_field (pw->pw_shell, ":\n") == -1)) {
+ || (valid_field (pw->pw_shell, ":\n") == -1)
+ || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
+ strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
+ strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}
diff -up shadow-4.8/lib/sgetpwent.c.long-entry shadow-4.8/lib/sgetpwent.c
--- shadow-4.8/lib/sgetpwent.c.long-entry 2019-10-05 03:23:58.000000000 +0200
+++ shadow-4.8/lib/sgetpwent.c 2020-01-13 10:29:45.288957339 +0100
@@ -57,7 +57,7 @@
struct passwd *sgetpwent (const char *buf)
{
static struct passwd pwent;
- static char pwdbuf[1024];
+ static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
register int i;
register char *cp;
char *fields[NFIELDS];
@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *bu
* the password structure remain valid.
*/
- if (strlen (buf) >= sizeof pwdbuf)
+ if (strlen (buf) >= sizeof pwdbuf) {
+ fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
return 0; /* fail if too long */
+ }
strcpy (pwdbuf, buf);
/*
diff -up shadow-4.8/lib/sgetspent.c.long-entry shadow-4.8/lib/sgetspent.c
--- shadow-4.8/lib/sgetspent.c.long-entry 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/lib/sgetspent.c 2020-01-13 10:29:45.289957322 +0100
@@ -48,7 +48,7 @@
*/
struct spwd *sgetspent (const char *string)
{
- static char spwbuf[1024];
+ static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
static struct spwd spwd;
char *fields[FIELDS];
char *cp;
@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *stri
*/
if (strlen (string) >= sizeof spwbuf) {
+ fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
return 0; /* fail if too long */
}
strcpy (spwbuf, string);
diff -up shadow-4.8/lib/shadowio.c.long-entry shadow-4.8/lib/shadowio.c
--- shadow-4.8/lib/shadowio.c.long-entry 2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8/lib/shadowio.c 2020-01-13 10:29:45.289957322 +0100
@@ -79,7 +79,9 @@ static int shadow_put (const void *ent,
if ( (NULL == sp)
|| (valid_field (sp->sp_namp, ":\n") == -1)
- || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+ || (valid_field (sp->sp_pwdp, ":\n") == -1)
+ || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
+ 1000 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}

70
shadow-4.9-null-tm.patch
View File

@ -1,70 +0,0 @@
Index: shadow-4.5/src/chage.c
===================================================================
--- shadow-4.5.orig/src/chage.c
+++ shadow-4.5/src/chage.c
@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
struct tm *tp;
tp = gmtime (&date);
+ if (tp == NULL) {
+ (void) snprintf (buf, maxsize, "(unknown)");
+ return;
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
#else
Index: shadow-4.5/src/lastlog.c
===================================================================
--- shadow-4.5.orig/src/lastlog.c
+++ shadow-4.5/src/lastlog.c
@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
ll_time = ll.ll_time;
tm = localtime (&ll_time);
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
#ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
- cp = ptime;
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+ cp = ptime;
#else
- cp = asctime (tm);
- cp[24] = '\0';
+ cp = asctime (tm);
+ cp[24] = '\0';
#endif
+ }
if (ll.ll_time == (time_t) 0) {
cp = _("**Never logged in**\0");
Index: shadow-4.5/src/passwd.c
===================================================================
--- shadow-4.5.orig/src/passwd.c
+++ shadow-4.5/src/passwd.c
@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
struct tm *tm;
tm = gmtime (&t);
+ if (tm == NULL) {
+ return "(unknown)";
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
#else /* !HAVE_STRFTIME */
Index: shadow-4.5/src/usermod.c
===================================================================
--- shadow-4.5.orig/src/usermod.c
+++ shadow-4.5/src/usermod.c
@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
} else {
time_t t = (time_t) date;
tp = gmtime (&t);
+ if (tp == NULL) {
+ strncpy (buf, "unknown", maxsize);
+ return;
+ }
#ifdef HAVE_STRFTIME
strftime (buf, maxsize, "%Y-%m-%d", tp);
#else

BIN
shadow-4.9.tar.xz
View File

Binary file not shown.

1562
shadow-add-sm3-crypt-support.patch
View File

File diff suppressed because it is too large Load Diff

56
shadow.spec
View File

@ -1,11 +1,11 @@
Name: shadow
Version: 4.9
Release: 8
Version: 4.13
Release: 1
Epoch: 2
License: BSD and GPLv2+
Summary: Tools for managing accounts and shadow password files
URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt
@ -16,39 +16,9 @@ Source7: newusers
%global includesubiddir %{_includedir}/shadow
# fix unknown item 'LASTLOG_MAX_UID'
Patch0: shadow-4.8-goodname.patch
Patch1: shadow-4.9-null-tm.patch
Patch2: shadow-4.8-long-entry.patch
Patch3: usermod-unlock.patch
Patch4: useradd-create-directories-after-the-SELinux-user.patch
Patch5: Makefile-include-libeconf-dependency-in-new-idmap.patch
Patch6: usermod-allow-all-group-types-with-G-option.patch
Patch7: useradd-avoid-generating-an-empty-subid-range.patch
Patch8: libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
Patch9: semanage-close-the-selabel-handle.patch
Patch10: Revert-useradd.c-fix-memleaks-of-grp.patch
Patch11: useradd-change-SELinux-labels-for-home-files.patch
Patch12: libsubid-link-to-PAM-libraries.patch
Patch13: Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch
Patch14: Respect-enable-static-no-in-libsubid.patch
Patch15: Fixes-the-linking-issues-when-libsubid-is-static-and.patch
Patch16: pwck-fix-segfault-when-calling-fprintf.patch
Patch17: newgrp-fix-segmentation-fault.patch
Patch18: groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch
Patch19: backport-useradd-modify-check-ID-range-for-system-users.patch
Patch20: shadow-add-sm3-crypt-support.patch
Patch21: backport-Add-header-guards.patch
Patch22: backport-Change-to-strncat.patch
Patch23: backport-Do-not-return-garbage-in-run_parts.patch
Patch24: backport-Handle-ERANGE-error-correctly.patch
Patch25: backport-Initialize-local-variables.patch
Patch26: backport-Remove-commented-out-code-and-FIXMEs.patch
Patch27: backport-Remove-redeclared-variable.patch
Patch28: backport-libmisc-add-check-fopen-return-value-in-read_random_.patch
Patch29: backport-passwd-erase-password-copy-on-all-error-branches.patch
Patch30: backport-chpasswd-add-get_salt-for-generating-salt-value.patch
Patch31: backport-chpasswd-fix-function-problem-with-R-parameter.patch
Patch32: backport-useradd-check-if-subid-range-exists-for-user.patch
Patch0: usermod-unlock.patch
Patch1: backport-useradd-check-if-subid-range-exists-for-user.patch
Patch2: shadow-add-sm3-crypt-support.patch
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
BuildRequires: libacl-devel, libattr-devel
@ -61,8 +31,8 @@ Requires(pre): coreutils
Requires(post): coreutils
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Provides: shadow-utils
Obsoletes: shadow-utils
Provides: shadow-utils = %{version}-%{release}
Obsoletes: shadow-utils < %{version}-%{release}
%description
This package includes the necessary programs for converting plain
@ -176,7 +146,7 @@ mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
# Remove .la files created by libsubid
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.{la,a}
%files -f shadow.lang
%doc NEWS doc/HOWTO README
@ -194,6 +164,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_sbindir}/adduser
%attr(0755,root,root) %{_sbindir}/user*
%attr(0755,root,root) %{_sbindir}/group*
%{_bindir}/getsubids
%{_sbindir}/grpck
%{_sbindir}/pwck
%{_sbindir}/*conv
@ -215,7 +186,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_mandir}/*/*
%changelog
* Thu Dec 1 2022 xiongshenglan<xionshenglan@huawei.com> - 2:4.9-8
* Wed Feb 8 2023 yunjia_w<yunjia.wang@huawei.com> - 2:4.13-1
- update version to 4.13
* Thu Dec 1 2022 xiongshenglan<xiongshenglan@huawei.com> - 2:4.9-8
- backport useradd check if subid range exists for user
* Tue Nov 22 2022 yunjia_w<yunjia.wang@huawei.com> - 2:4.9-7
@ -224,7 +198,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
* Mon Oct 31 2022 yunjia_w<yunjia.wang@huawei.com> - 2:4.9-6
- add some backport to optimize some functions
* Sat Mar 26 2022 fushanqing <fushanqing@kylinos.cn> - 2:4.9-5
* Tue Aug 23 2022 fushanqing <fushanqing@kylinos.cn> - 2:4.9-5
- remove patch 'shadow-4.1.5.1-var-lock.patch' and 'shadow-utils-fix-lock-file-residue.patch'
* Tue Aug 2 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2:4.9-4

107
useradd-avoid-generating-an-empty-subid-range.patch
View File

@ -1,107 +0,0 @@
From 9dd720a28578eef5be8171697aae0906e4c53249 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 10 Aug 2021 09:07:03 +0200
Subject: [PATCH] useradd: avoid generating an empty subid range
useradd generates an empty subid range when adding a new user. This is
caused because there are two variables, one local and the other one
global, that have a very similar name and they are used indistinctly in
the code. The local variable loads the SUB_*ID_COUNT configuration from
the login.defs file, while the global variable, which holds a value of
0, is used to generate the subid range. Causing the empty subid range
problem.
I've merged the two variables in the local one and removed the global
variable. I prefer to do it this way to reduce the scope of it but I'm
open to doing it the other way round.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1990653
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Conflict: context adaptation
---
src/useradd.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index baeffb3..9abeea6 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -142,9 +142,7 @@ static bool is_sub_gid = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
static uid_t sub_uid_start; /* New subordinate uid range */
-static unsigned long sub_uid_count;
static gid_t sub_gid_start; /* New subordinate gid range */
-static unsigned long sub_gid_count;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool gr_locked = false;
@@ -234,7 +232,7 @@ static void open_shadow (void);
static void faillog_reset (uid_t);
static void lastlog_reset (uid_t);
static void tallylog_reset (const char *);
-static void usr_update (void);
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
static void create_home (void);
static void create_mail (void);
static void check_uid_range(int rflg, uid_t user_id);
@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name)
* usr_update() creates the password file entries for this user
* and will update the group entries if required.
*/
-static void usr_update (void)
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
{
struct passwd pwent;
struct spwd spent;
@@ -2155,14 +2153,14 @@ static void usr_update (void)
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid &&
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
if (is_sub_gid &&
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
@@ -2624,16 +2622,16 @@ int main (int argc, char **argv)
}
#ifdef ENABLE_SUBIDS
- if (is_sub_uid && sub_uid_count != 0) {
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
+ if (is_sub_uid && subuid_count != 0) {
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate user IDs\n"),
Prog);
fail_exit(E_SUB_UID_UPDATE);
}
}
- if (is_sub_gid && sub_gid_count != 0) {
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
+ if (is_sub_gid && subgid_count != 0) {
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate group IDs\n"),
Prog);
@@ -2642,7 +2640,7 @@ int main (int argc, char **argv)
}
#endif /* ENABLE_SUBIDS */
- usr_update ();
+ usr_update (subuid_count, subgid_count);
close_files ();
--
1.8.3.1

34
useradd-change-SELinux-labels-for-home-files.patch
View File

@ -1,34 +0,0 @@
From 06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 12 Nov 2021 15:23:30 +0100
Subject: [PATCH] useradd: change SELinux labels for home files
Change SELinux labels for files copied from the skeleton directory to
the home directory.
This could cause gnome's graphical user adding to fail without copying
the full skeleton files.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2022658
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/useradd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index b463a17..f7c9795 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2704,7 +2704,7 @@ int main (int argc, char **argv)
if (mflg) {
create_home ();
if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
+ copy_tree (def_template, prefix_user_home, false, true,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,
--
1.8.3.1

89
useradd-create-directories-after-the-SELinux-user.patch
View File

@ -1,89 +0,0 @@
From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Fri, 8 Oct 2021 13:09:59 +0200
Subject: [PATCH] useradd: create directories after the SELinux user
Create the home and mail folders after the SELinux user has been set for
the added user. This will allow the folders to be created with the
SELinux user label.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Conflict: context adaptation
---
src/useradd.c | 46 +++++++++++++++++++++++-----------------------
1 file changed, 23 insertions(+), 23 deletions(-)
diff --git a/src/useradd.c b/src/useradd.c
index 6269c01..b463a17 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2670,27 +2670,12 @@ int main (int argc, char **argv)
usr_update ();
- if (mflg) {
- create_home ();
- if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
- } else {
- fprintf (stderr,
- _("%s: warning: the home directory %s already exists.\n"
- "%s: Not copying any file from skel directory into it.\n"),
- Prog, user_home, Prog);
- }
-
- }
-
- /* Do not create mail directory for system accounts */
- if (!rflg) {
- create_mail ();
- }
-
close_files ();
+ nscd_flush_cache ("passwd");
+ nscd_flush_cache ("group");
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+
/*
* tallylog_reset needs to be able to lookup
* a valid existing user name,
@@ -2716,15 +2701,30 @@ int main (int argc, char **argv)
}
#endif /* WITH_SELINUX */
+ if (mflg) {
+ create_home ();
+ if (home_added) {
+ copy_tree (def_template, prefix_user_home, false, false,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else {
+ fprintf (stderr,
+ _("%s: warning: the home directory %s already exists.\n"
+ "%s: Not copying any file from skel directory into it.\n"),
+ Prog, user_home, Prog);
+ }
+
+ }
+
+ /* Do not create mail directory for system accounts */
+ if (!rflg) {
+ create_mail ();
+ }
+
if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name,
"useradd")) {
exit(1);
}
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
-
return E_SUCCESS;
}
--
1.8.3.1

322
usermod-allow-all-group-types-with-G-option.patch
View File

@ -1,322 +0,0 @@
From e481437ab9ebe9a8bf8fbaabe986d42b2f765991 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 3 Aug 2021 08:57:20 +0200
Subject: [PATCH] usermod: allow all group types with -G option
The only way of removing a group from the supplementary list is to use
-G option, and list all groups that the user is a member of except for
the one that wants to be removed. The problem lies when there's a user
that contains both local and remote groups, and the group to be removed
is a local one. As we need to include the remote group with -G option
the command will fail.
This reverts commit 140510de9de4771feb3af1d859c09604043a4c9b. This way,
it would be possible to remove the remote groups from the supplementary
list.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641
Resolves: https://github.com/shadow-maint/shadow/issues/338
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
src/usermod.c | 220 ++++++++++++++++++++--------------------------------------
1 file changed, 77 insertions(+), 143 deletions(-)
diff --git a/src/usermod.c b/src/usermod.c
index 03bb9b9..a0c03af 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -187,7 +187,6 @@ static bool sub_gid_locked = false;
static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize,
long int date);
static int get_groups (char *);
-static struct group * get_local_group (char * grp_name);
static /*@noreturn@*/void usage (int status);
static void new_pwent (struct passwd *);
static void new_spent (struct spwd *);
@@ -201,9 +200,7 @@ static void grp_update (void);
static void process_flags (int, char **);
static void close_files (void);
-static void close_group_files (void);
static void open_files (void);
-static void open_group_files (void);
static void usr_update (void);
static void move_home (void);
static void update_lastlog (void);
@@ -261,11 +258,6 @@ static int get_groups (char *list)
}
/*
- * Open the group files
- */
- open_group_files ();
-
- /*
* So long as there is some data to be converted, strip off each
* name and look it up. A mix of numerical and string values for
* group identifiers is permitted.
@@ -284,7 +276,7 @@ static int get_groups (char *list)
* Names starting with digits are treated as numerical GID
* values, otherwise the string is looked up as is.
*/
- grp = get_local_group (list);
+ grp = prefix_getgr_nam_gid (list);
/*
* There must be a match, either by GID value or by
@@ -334,8 +326,6 @@ static int get_groups (char *list)
gr_free ((struct group *)grp);
} while (NULL != list);
- close_group_files ();
-
user_groups[ngroups] = (char *) 0;
/*
@@ -348,44 +338,6 @@ static int get_groups (char *list)
return 0;
}
-/*
- * get_local_group - checks if a given group name exists locally
- *
- * get_local_group() checks if a given group name exists locally.
- * If the name exists the group information is returned, otherwise NULL is
- * returned.
- */
-static struct group * get_local_group(char * grp_name)
-{
- const struct group *grp;
- struct group *result_grp = NULL;
- long long int gid;
- char *endptr;
-
- gid = strtoll (grp_name, &endptr, 10);
- if ( ('\0' != *grp_name)
- && ('\0' == *endptr)
- && (ERANGE != errno)
- && (gid == (gid_t)gid)) {
- grp = gr_locate_gid ((gid_t) gid);
- }
- else {
- grp = gr_locate(grp_name);
- }
-
- if (grp != NULL) {
- result_grp = __gr_dup (grp);
- if (NULL == result_grp) {
- fprintf (stderr,
- _("%s: Out of memory. Cannot find group '%s'.\n"),
- Prog, grp_name);
- fail_exit (E_GRP_UPDATE);
- }
- }
-
- return result_grp;
-}
-
#ifdef ENABLE_SUBIDS
struct ulong_range
{
@@ -1523,7 +1475,50 @@ static void close_files (void)
}
if (Gflg || lflg) {
- close_group_files ();
+ if (gr_close () == 0) {
+ fprintf (stderr,
+ _("%s: failure while writing changes to %s\n"),
+ Prog, gr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failure while writing changes to %s",
+ gr_dbname ()));
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp) {
+ if (sgr_close () == 0) {
+ fprintf (stderr,
+ _("%s: failure while writing changes to %s\n"),
+ Prog, sgr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failure while writing changes to %s",
+ sgr_dbname ()));
+ fail_exit (E_GRP_UPDATE);
+ }
+ }
+#endif
+#ifdef SHADOWGRP
+ if (is_shadow_grp) {
+ if (sgr_unlock () == 0) {
+ fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, sgr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failed to unlock %s",
+ sgr_dbname ()));
+ /* continue */
+ }
+ }
+#endif
+ if (gr_unlock () == 0) {
+ fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, gr_dbname ());
+ SYSLOG ((LOG_ERR,
+ "failed to unlock %s",
+ gr_dbname ()));
+ /* continue */
+ }
}
if (is_shadow_pwd) {
@@ -1593,60 +1588,6 @@ static void close_files (void)
}
/*
- * close_group_files - close all of the files that were opened
- *
- * close_group_files() closes all of the files that were opened related
- * with groups. This causes any modified entries to be written out.
- */
-static void close_group_files (void)
-{
- if (gr_close () == 0) {
- fprintf (stderr,
- _("%s: failure while writing changes to %s\n"),
- Prog, gr_dbname ());
- SYSLOG ((LOG_ERR,
- "failure while writing changes to %s",
- gr_dbname ()));
- fail_exit (E_GRP_UPDATE);
- }
-#ifdef SHADOWGRP
- if (is_shadow_grp) {
- if (sgr_close () == 0) {
- fprintf (stderr,
- _("%s: failure while writing changes to %s\n"),
- Prog, sgr_dbname ());
- SYSLOG ((LOG_ERR,
- "failure while writing changes to %s",
- sgr_dbname ()));
- fail_exit (E_GRP_UPDATE);
- }
- }
-#endif
-#ifdef SHADOWGRP
- if (is_shadow_grp) {
- if (sgr_unlock () == 0) {
- fprintf (stderr,
- _("%s: failed to unlock %s\n"),
- Prog, sgr_dbname ());
- SYSLOG ((LOG_ERR,
- "failed to unlock %s",
- sgr_dbname ()));
- /* continue */
- }
- }
-#endif
- if (gr_unlock () == 0) {
- fprintf (stderr,
- _("%s: failed to unlock %s\n"),
- Prog, gr_dbname ());
- SYSLOG ((LOG_ERR,
- "failed to unlock %s",
- gr_dbname ()));
- /* continue */
- }
-}
-
-/*
* open_files - lock and open the password files
*
* open_files() opens the two password files.
@@ -1681,7 +1622,38 @@ static void open_files (void)
}
if (Gflg || lflg) {
- open_group_files ();
+ /*
+ * Lock and open the group file. This will load all of the
+ * group entries.
+ */
+ if (gr_lock () == 0) {
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, gr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+ gr_locked = true;
+ if (gr_open (O_CREAT | O_RDWR) == 0) {
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, gr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp && (sgr_lock () == 0)) {
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, sgr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+ sgr_locked = true;
+ if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, sgr_dbname ());
+ fail_exit (E_GRP_UPDATE);
+ }
+#endif
}
#ifdef ENABLE_SUBIDS
if (vflg || Vflg) {
@@ -1718,44 +1690,6 @@ static void open_files (void)
}
/*
- * open_group_files - lock and open the group files
- *
- * open_group_files() loads all of the group entries.
- */
-static void open_group_files (void)
-{
- if (gr_lock () == 0) {
- fprintf (stderr,
- _("%s: cannot lock %s; try again later.\n"),
- Prog, gr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
- gr_locked = true;
- if (gr_open (O_CREAT | O_RDWR) == 0) {
- fprintf (stderr,
- _("%s: cannot open %s\n"),
- Prog, gr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
-
-#ifdef SHADOWGRP
- if (is_shadow_grp && (sgr_lock () == 0)) {
- fprintf (stderr,
- _("%s: cannot lock %s; try again later.\n"),
- Prog, sgr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
- sgr_locked = true;
- if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
- fprintf (stderr,
- _("%s: cannot open %s\n"),
- Prog, sgr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
-#endif
-}
-
-/*
* usr_update - create the user entries
*
* usr_update() creates the password file entries for this user and
--
1.8.3.1