diff --git a/Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch b/Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch new file mode 100644 index 0000000000000000000000000000000000000000..323f5c0bc379de47e2909cebc7a34118715e4232 --- /dev/null +++ b/Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch @@ -0,0 +1,112 @@ +From 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Fri, 23 Jul 2021 17:51:13 -0500 +Subject: [PATCH] Fix out of tree builds with respect to libsubid includes + +There's a better way to do this, and I hope to clean that up, +but this fixes out of tree builds for me right now. + +Closes #386 + +Signed-off-by: Serge Hallyn +--- + lib/Makefile.am | 2 ++ + libmisc/Makefile.am | 2 +- + libsubid/Makefile.am | 4 ++-- + src/Makefile.am | 6 ++++++ + 4 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/lib/Makefile.am b/lib/Makefile.am +index ecf3ee2..5ac2e11 100644 +--- a/lib/Makefile.am ++++ b/lib/Makefile.am +@@ -10,6 +10,8 @@ if HAVE_VENDORDIR + libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\" + endif + ++libshadow_la_CPPFLAGS += -I$(top_srcdir) ++ + libshadow_la_SOURCES = \ + commonio.c \ + commonio.h \ +diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am +index 9766a7e..9f237e0 100644 +--- a/libmisc/Makefile.am ++++ b/libmisc/Makefile.am +@@ -1,7 +1,7 @@ + + EXTRA_DIST = .indent.pro xgetXXbyYY.c + +-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS) ++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS) + + noinst_LTLIBRARIES = libmisc.la + +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am +index 8305156..99308c1 100644 +--- a/libsubid/Makefile.am ++++ b/libsubid/Makefile.am +@@ -20,8 +20,8 @@ MISCLIBS = \ + $(LIBPAM) + + libsubid_la_LIBADD = \ +- $(top_srcdir)/lib/libshadow.la \ +- $(top_srcdir)/libmisc/libmisc.la \ ++ $(top_builddir)/lib/libshadow.la \ ++ $(top_builddir)/libmisc/libmisc.la \ + $(MISCLIBS) -ldl + + AM_CPPFLAGS = \ +diff --git a/src/Makefile.am b/src/Makefile.am +index 3502701..7c1a349 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -10,6 +10,7 @@ sgidperms = 2755 + AM_CPPFLAGS = \ + -I${top_srcdir}/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -DLOCALEDIR=\"$(datadir)/locale\" + + # XXX why are login and su in /bin anyway (other than for +@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \ + list_subid_ranges_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + get_subid_owners_LDADD = \ +@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \ + get_subid_owners_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + new_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + new_subid_range_LDADD = \ +@@ -210,6 +214,7 @@ new_subid_range_LDADD = \ + free_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + free_subid_range_LDADD = \ +@@ -220,6 +225,7 @@ free_subid_range_LDADD = \ + + check_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libmisc + + check_subid_range_LDADD = \ +-- +1.8.3.1 + diff --git a/Fixes-the-linking-issues-when-libsubid-is-static-and.patch b/Fixes-the-linking-issues-when-libsubid-is-static-and.patch new file mode 100644 index 0000000000000000000000000000000000000000..4284b4d69b2f8d1a63163f8ca13501989e7ec46c --- /dev/null +++ b/Fixes-the-linking-issues-when-libsubid-is-static-and.patch @@ -0,0 +1,28 @@ +From fc832e4648d6e80e95aaa762a158453ee43fe1cb Mon Sep 17 00:00:00 2001 +From: "(GalaxyMaster)" +Date: Wed, 27 Oct 2021 20:14:42 +1100 +Subject: [PATCH] Fixes the linking issues when libsubid is static and linked + to binaries that also define the Prog and shadow_logfd variables. + +--- + libsubid/api.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsubid/api.c b/libsubid/api.c +index a7b904d..a51b4e0 100644 +--- a/libsubid/api.c ++++ b/libsubid/api.c +@@ -39,8 +39,8 @@ + #include "idmapping.h" + #include "subid.h" + +-const char *Prog = "(libsubid)"; +-FILE *shadow_logfd; ++static const char *Prog = "(libsubid)"; ++static FILE *shadow_logfd; + + bool libsubid_init(const char *progname, FILE * logfd) + { +-- +1.8.3.1 + diff --git a/Makefile-include-libeconf-dependency-in-new-idmap.patch b/Makefile-include-libeconf-dependency-in-new-idmap.patch new file mode 100644 index 0000000000000000000000000000000000000000..91b12772a5ea371e8279b95a71ec9086e9e51183 --- /dev/null +++ b/Makefile-include-libeconf-dependency-in-new-idmap.patch @@ -0,0 +1,32 @@ +From c6847011e8b656adacd9a0d2a78418cad0de34cb Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Mon, 2 Aug 2021 15:54:20 +0200 +Subject: [PATCH] Makefile: include libeconf dependency in new*idmap + +new*idmap has a dependency with libeconf since commit +c464ec55709dc931ba2f24073b8b1a86d5209ab0. I'm just adding it to the +Makefile to be able to compile in distributions that include libeconf. + +Signed-off-by: Iker Pedrosa +--- + src/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 7c1a349..6cc873b 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT) + endif + + chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl +-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl ++newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl ++newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl + chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) +-- +1.8.3.1 + diff --git a/Respect-enable-static-no-in-libsubid.patch b/Respect-enable-static-no-in-libsubid.patch new file mode 100644 index 0000000000000000000000000000000000000000..956f7e356cadc9289a37fa5507b9438866751c1a --- /dev/null +++ b/Respect-enable-static-no-in-libsubid.patch @@ -0,0 +1,45 @@ +From fa986b1d73605ecca54a4f19249227aeab827bf6 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Sun, 25 Jul 2021 17:18:02 +0000 +Subject: [PATCH] Respect --enable-static=no in libsubid + +libsubid's Makefile.am was always setting enable-shared in its LDFLAGS. +Do that only if not building static. + +Closes #387 + +Signed-off-by: Serge Hallyn +--- + configure.ac | 2 ++ + libsubid/Makefile.am | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 0f237cc..994836b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then + AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms]) + fi + ++AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes") ++ + AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes") + if test "$with_bcrypt" = "yes"; then + AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm]) +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am +index 99308c1..8bba02a 100644 +--- a/libsubid/Makefile.am ++++ b/libsubid/Makefile.am +@@ -1,6 +1,8 @@ + lib_LTLIBRARIES = libsubid.la ++if ENABLE_SHARED + libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \ + -shared -version-info @LIBSUBID_ABI_MAJOR@ ++endif + libsubid_la_SOURCES = api.c + + pkginclude_HEADERS = subid.h +-- +1.8.3.1 + diff --git a/Revert-useradd.c-fix-memleaks-of-grp.patch b/Revert-useradd.c-fix-memleaks-of-grp.patch new file mode 100644 index 0000000000000000000000000000000000000000..10e2d64396042a8e63f569f53bc14d562f38c168 --- /dev/null +++ b/Revert-useradd.c-fix-memleaks-of-grp.patch @@ -0,0 +1,30 @@ +From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Sat, 14 Aug 2021 19:37:24 -0500 +Subject: [PATCH] Revert "useradd.c:fix memleaks of grp" + +In some cases, the value which was being freed is not actually +safe to free. + +Closes #394 + +This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5. +--- + src/useradd.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/useradd.c b/src/useradd.c +index f90127c..0d3f390 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -413,7 +413,6 @@ static void get_defaults (void) + } else { + def_group = grp->gr_gid; + def_gname = xstrdup (grp->gr_name); +- gr_free(grp); + } + } + +-- +1.8.3.1 + diff --git a/add-home_mode-xml-file.patch b/add-home_mode-xml-file.patch deleted file mode 100644 index 7e08541e8f6dc70911056be9b77ed2618a49343b..0000000000000000000000000000000000000000 --- a/add-home_mode-xml-file.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 56073640403f65193689d94a5024547181c8c4d8 Mon Sep 17 00:00:00 2001 -From: guiyao -Date: Wed, 15 Apr 2020 19:15:53 -0400 -Subject: [PATCH] add home_mode xml file - ---- - man/login.defs.d/HOME_MODE.xml | 43 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 43 insertions(+) - create mode 100644 man/login.defs.d/HOME_MODE.xml - -diff --git a/man/login.defs.d/HOME_MODE.xml b/man/login.defs.d/HOME_MODE.xml -new file mode 100644 -index 0000000..21aa55f ---- /dev/null -+++ b/man/login.defs.d/HOME_MODE.xml -@@ -0,0 +1,43 @@ -+ -+ -+ (number) -+ -+ -+ The mode for new home directories. If not specified, -+ the is used to create the mode. -+ -+ -+ useradd and newusers use this -+ to set the mode of the home directory they create. -+ -+ -+ --- -1.8.3.1 - diff --git a/fix-logmsg.patch b/fix-logmsg.patch deleted file mode 100644 index 1ceedbe5b67e8ab7ff6404714dd823f55fce411b..0000000000000000000000000000000000000000 --- a/fix-logmsg.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: shadow-4.5/src/useradd.c -=================================================================== ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -329,7 +329,7 @@ static void fail_exit (int code) - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); - #endif -- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name)); -+ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code)); - exit (code); - } - diff --git a/generate-mail-USER-with-the-proper-selinux-identity.patch b/generate-mail-USER-with-the-proper-selinux-identity.patch deleted file mode 100644 index d36dce04ef0c8221fbf6c282ecab7337e31e3b4e..0000000000000000000000000000000000000000 --- a/generate-mail-USER-with-the-proper-selinux-identity.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 8a1e92aff17be6266d0dc89321082e062af05832 Mon Sep 17 00:00:00 2001 -From: ikerexxe -Date: Wed, 5 Feb 2020 15:04:39 +0100 -Subject: [PATCH] useradd: generate /var/spool/mail/$USER with the proper - SELinux user identity - -Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home() - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527 ---- - src/useradd.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/src/useradd.c b/src/useradd.c -index a679392d..645d4a40 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -190,6 +190,7 @@ static bool home_added = false; - #define E_NAME_IN_USE 9 /* username already in use */ - #define E_GRP_UPDATE 10 /* can't update group file */ - #define E_HOMEDIR 12 /* can't create home directory */ -+#define E_MAILBOXFILE 13 /* can't create mailbox file */ - #define E_SE_UPDATE 14 /* can't update SELinux user mapping */ - #ifdef ENABLE_SUBIDS - #define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ -@@ -2210,6 +2211,16 @@ static void create_mail (void) - sprintf (file, "%s/%s/%s", prefix, spool, user_name); - else - sprintf (file, "%s/%s", spool, user_name); -+ -+#ifdef WITH_SELINUX -+ if (set_selinux_file_context (file) != 0) { -+ fprintf (stderr, -+ _("%s: cannot set SELinux context for mailbox file %s\n"), -+ Prog, file); -+ fail_exit (E_MAILBOXFILE); -+ } -+#endif -+ - fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0); - if (fd < 0) { - perror (_("Creating mailbox file")); -@@ -2234,6 +2245,15 @@ static void create_mail (void) - - fsync (fd); - close (fd); -+#ifdef WITH_SELINUX -+ /* Reset SELinux to create files with default contexts */ -+ if (reset_selinux_file_context () != 0) { -+ fprintf (stderr, -+ _("%s: cannot reset SELinux file creation context\n"), -+ Prog); -+ fail_exit (E_MAILBOXFILE); -+ } -+#endif - } - } - --- -2.24.1 - diff --git a/groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch b/groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch new file mode 100644 index 0000000000000000000000000000000000000000..5a790daa27bcad20e926d81bc0d6936af36f5d9e --- /dev/null +++ b/groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch @@ -0,0 +1,32 @@ +From a757b458ffb4fb9a40bcbb4f7869449431c67f83 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fran=C3=A7ois=20Rigault?= +Date: Mon, 1 Nov 2021 13:54:25 +0100 +Subject: [PATCH] groupdel: fix SIGSEGV when passwd does not exist + +When using groupdel with a prefix, groupdel will attempt to read a +passwd file to look for any user in the group. When the file does not +exist it cores with segmentation fault. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1986111 +Conflict: context adaptation +--- + libmisc/prefix_flag.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c +index cca553a..b6628ac 100644 +--- a/libmisc/prefix_flag.c ++++ b/libmisc/prefix_flag.c +@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent() + if(!passwd_db_file) { + return getpwent(); + } ++ if (!fp_pwent) { ++ return NULL; ++ } + return fgetpwent(fp_pwent); + } + extern void prefix_endpwent() +-- +1.8.3.1 + diff --git a/libmisc-fix-default-value-in-SHA_get_salt_rounds.patch b/libmisc-fix-default-value-in-SHA_get_salt_rounds.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c75f9d09837f0678bf24c73f0cea1a7786dd851 --- /dev/null +++ b/libmisc-fix-default-value-in-SHA_get_salt_rounds.patch @@ -0,0 +1,60 @@ +From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sat, 14 Aug 2021 13:24:34 -0400 +Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds() + +If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified, +use SHA_ROUNDS_DEFAULT. + +Previously, the code fell through, calling shadow_random(-1, -1). This +ultimately set rounds = (unsigned long) -1, which ends up being a very +large number! This then got capped to SHA_ROUNDS_MAX later in the +function. + +The new behavior matches BCRYPT_get_salt_rounds(). + +Bug: https://bugs.gentoo.org/808195 +Fixes: https://github.com/shadow-maint/shadow/issues/393 +--- + libmisc/salt.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/libmisc/salt.c b/libmisc/salt.c +index 91d528f..30eefb9 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c +@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre + if ((-1 == min_rounds) && (-1 == max_rounds)) { + rounds = SHA_ROUNDS_DEFAULT; + } ++ else { ++ if (-1 == min_rounds) { ++ min_rounds = max_rounds; ++ } + +- if (-1 == min_rounds) { +- min_rounds = max_rounds; +- } ++ if (-1 == max_rounds) { ++ max_rounds = min_rounds; ++ } + +- if (-1 == max_rounds) { +- max_rounds = min_rounds; +- } ++ if (min_rounds > max_rounds) { ++ max_rounds = min_rounds; ++ } + +- if (min_rounds > max_rounds) { +- max_rounds = min_rounds; ++ rounds = (unsigned long) shadow_random (min_rounds, max_rounds); + } +- +- rounds = (unsigned long) shadow_random (min_rounds, max_rounds); + } else if (0 == *prefered_rounds) { + rounds = SHA_ROUNDS_DEFAULT; + } else { +-- +1.8.3.1 + diff --git a/libsubid-link-to-PAM-libraries.patch b/libsubid-link-to-PAM-libraries.patch new file mode 100644 index 0000000000000000000000000000000000000000..930517cae7377b4dee94754e69b849e03e30aacb --- /dev/null +++ b/libsubid-link-to-PAM-libraries.patch @@ -0,0 +1,28 @@ +From f4a84efb468b8be21be124700ce35159c444e9d6 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Fri, 23 Jul 2021 14:38:08 +0800 +Subject: [PATCH] libsubid: link to PAM libraries + +libsubid.so links to libmisc.a, which contains several routines referring to +PAM functions. +--- + libsubid/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am +index 189165b..8305156 100644 +--- a/libsubid/Makefile.am ++++ b/libsubid/Makefile.am +@@ -16,7 +16,8 @@ MISCLIBS = \ + $(LIBCRYPT) \ + $(LIBACL) \ + $(LIBATTR) \ +- $(LIBTCB) ++ $(LIBTCB) \ ++ $(LIBPAM) + + libsubid_la_LIBADD = \ + $(top_srcdir)/lib/libshadow.la \ +-- +1.8.3.1 + diff --git a/man-zh_CN-fix-typo.patch b/man-zh_CN-fix-typo.patch deleted file mode 100644 index e0cb3687b8831926810391f0895d94533df79bbb..0000000000000000000000000000000000000000 --- a/man-zh_CN-fix-typo.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 915cc6bb9cc8463576aea4b0262ad5f4f1700cd5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E8=B0=AD=E4=B9=9D=E9=BC=8E?= <109224573@qq.com> -Date: Mon, 3 Feb 2020 22:02:16 +0800 -Subject: [PATCH] =?UTF-8?q?man(zh=5FCN):=20fix=20typo=20=E7=8E=B0=E5=AE=9E?= - =?UTF-8?q?=20->=20=E6=98=BE=E7=A4=BA?= -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Anakin Zhang ---- - man/po/zh_CN.po | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/man/po/zh_CN.po b/man/po/zh_CN.po -index 2537807..85d1243 100644 ---- a/man/po/zh_CN.po -+++ b/man/po/zh_CN.po -@@ -334,7 +334,7 @@ msgstr ", " - #: expiry.1.xml:114(para) chsh.1.xml:103(para) chpasswd.8.xml:173(para) - #: chgpasswd.8.xml:133(para) chfn.1.xml:169(para) chage.1.xml:131(para) - msgid "Display help message and exit." --msgstr "现实帮助信息并退出。" -+msgstr "显示帮助信息并退出。" - - #: vipw.8.xml:126(term) - msgid ", " -@@ -3710,7 +3710,7 @@ msgstr " (boolean)" - - #: su.1.xml:34(para) login.defs.5.xml:34(para) login.1.xml:34(para) - msgid "Enable checking and display of mailbox status upon login." --msgstr "启用登录时检查和现实邮箱状态。" -+msgstr "启用登录时检查和显示邮箱状态。" - - #: su.1.xml:37(para) login.defs.5.xml:37(para) login.1.xml:37(para) - msgid "" -@@ -6372,7 +6372,7 @@ msgstr " (string)" - - #: login.defs.5.xml:34(para) login.1.xml:34(para) - msgid "If defined, this file will be displayed before each login prompt." --msgstr "如果定义了,此文件将在每次的登录提示之前现实。" -+msgstr "如果定义了,此文件将在每次的登录提示之前显示。" - - #: login.defs.5.xml:32(term) login.1.xml:32(term) - msgid " (number)" -@@ -7125,7 +7125,7 @@ msgstr "$HOME/.hushlogin" - - #: login.1.xml:385(para) - msgid "Suppress printing of system messages." --msgstr "阻止现实系统信息。" -+msgstr "阻止显示系统信息。" - - #: login.1.xml:399(para) - msgid "" -@@ -7453,7 +7453,7 @@ msgstr "" - msgid "" - "Print the lastlog records more recent than DAYS." --msgstr "只现实新于 DAYS 的最近登录记录。" -+msgstr "只显示新于 DAYS 的最近登录记录。" - - #: lastlog.8.xml:161(term) faillog.8.xml:202(term) - msgid "" -@@ -7465,7 +7465,7 @@ msgstr "" - - #: lastlog.8.xml:165(para) - msgid "Print the lastlog record of the specified user(s)." --msgstr "现实指定用户的最近登录记录。" -+msgstr "显示指定用户的最近登录记录。" - - #: lastlog.8.xml:168(para) faillog.8.xml:211(para) - msgid "" -@@ -7790,7 +7790,7 @@ msgstr "groups" - - #: groups.1.xml:65(refpurpose) - msgid "display current group names" --msgstr "现实当前组名" -+msgstr "显示当前组名" - - #: groups.1.xml:72(replaceable) - msgid "user" -@@ -9396,7 +9396,7 @@ msgstr "" - - #: chage.1.xml:164(para) - msgid "Show account aging information." --msgstr "现实账户年龄信息。" -+msgstr "显示账户年龄信息。" - - #: chage.1.xml:170(term) - msgid "" --- -2.23.0.windows.1 - diff --git a/newgrp-fix-segmentation-fault.patch b/newgrp-fix-segmentation-fault.patch new file mode 100644 index 0000000000000000000000000000000000000000..0549217060c4d4a2ece9a5686da363e17f19c6b8 --- /dev/null +++ b/newgrp-fix-segmentation-fault.patch @@ -0,0 +1,35 @@ +From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Wed, 10 Nov 2021 12:02:04 +0100 +Subject: [PATCH] newgrp: fix segmentation fault + +Fix segmentation fault in newgrp when xgetspnam() returns a NULL value +that is immediately freed. + +The error was committed in +https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57 + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553 + +Signed-off-by: Iker Pedrosa +--- + src/newgrp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/newgrp.c b/src/newgrp.c +index 730f47e..566f1c8 100644 +--- a/src/newgrp.c ++++ b/src/newgrp.c +@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp, + spwd = xgetspnam (pwd->pw_name); + if (NULL != spwd) { + pwd->pw_passwd = xstrdup (spwd->sp_pwdp); ++ spw_free (spwd); + } +- spw_free (spwd); + + if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) { + needspasswd = true; +-- +1.8.3.1 + diff --git a/pwck-fix-segfault-when-calling-fprintf.patch b/pwck-fix-segfault-when-calling-fprintf.patch new file mode 100644 index 0000000000000000000000000000000000000000..d649c13eac41820ca87e4f8e9eb1d9b91ee3cc0c --- /dev/null +++ b/pwck-fix-segfault-when-calling-fprintf.patch @@ -0,0 +1,30 @@ +From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Mon, 15 Nov 2021 12:40:15 +0100 +Subject: [PATCH] pwck: fix segfault when calling fprintf() + +As shadow_logfd variable is not set at the beginning of the program if +something fails and fprintf() is called a segmentation fault happens. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339 + +Signed-off-by: Iker Pedrosa +--- + src/pwck.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/pwck.c b/src/pwck.c +index 4248944..4ce86af 100644 +--- a/src/pwck.c ++++ b/src/pwck.c +@@ -857,6 +857,7 @@ int main (int argc, char **argv) + * Get my name so that I can use it to report errors. + */ + Prog = Basename (argv[0]); ++ shadow_logfd = stderr; + + (void) setlocale (LC_ALL, ""); + (void) bindtextdomain (PACKAGE, LOCALEDIR); +-- +1.8.3.1 + diff --git a/selinux-flag.patch b/selinux-flag.patch deleted file mode 100644 index 09367178bc1551443906c68e28d589eaefecce5c..0000000000000000000000000000000000000000 --- a/selinux-flag.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 73e2af119d62d76cd7edcd2109a122a22e143e91 Mon Sep 17 00:00:00 2001 -From: "guiyao" -Date: Wed, 15 Apr 2020 15:41:18 -0400 -Subject: [PATCH] selinux-flag - -backport selinux flag patch and modified for new code ---- - lib/semanage.c | 7 ++++++ - src/useradd.c | 69 ++++++++++++++++++++++++++++++---------------------------- - 2 files changed, 43 insertions(+), 33 deletions(-) - -diff --git a/lib/semanage.c b/lib/semanage.c -index e983f5f..7ec8969 100644 ---- a/lib/semanage.c -+++ b/lib/semanage.c -@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, const char *seuser_name) - - ret = 0; - -+ /* drop obsolete matchpathcon cache */ -+ matchpathcon_fini(); -+ - done: - semanage_seuser_key_free (key); - semanage_handle_destroy (handle); -@@ -369,6 +372,10 @@ int del_seuser (const char *login_name) - } - - ret = 0; -+ -+ /* drop obsolete matchpathcon cache */ -+ matchpathcon_fini(); -+ - done: - semanage_handle_destroy (handle); - return ret; -diff --git a/src/useradd.c b/src/useradd.c -index b294439..47394a3 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -2242,6 +2242,7 @@ static void create_mail (void) - */ - int main (int argc, char **argv) - { -+ int rv = E_SUCCESS; - #ifdef ACCT_TOOLS_SETUID - #ifdef USE_PAM - pam_handle_t *pamh = NULL; -@@ -2464,27 +2465,11 @@ int main (int argc, char **argv) - - usr_update (); - -- if (mflg) { -- create_home (); -- if (home_added) { -- copy_tree (def_template, prefix_user_home, false, false, -- (uid_t)-1, user_id, (gid_t)-1, user_gid); -- } else { -- fprintf (stderr, -- _("%s: warning: the home directory %s already exists.\n" -- "%s: Not copying any file from skel directory into it.\n"), -- Prog, user_home, Prog); -- } -- -- } -- -- /* Do not create mail directory for system accounts */ -- if (!rflg) { -- create_mail (); -- } -- - close_files (); - -+ nscd_flush_cache ("passwd"); -+ nscd_flush_cache ("group"); -+ - /* - * tallylog_reset needs to be able to lookup - * a valid existing user name, -@@ -2495,25 +2480,43 @@ int main (int argc, char **argv) - } - - #ifdef WITH_SELINUX -- if (Zflg) { -- if (set_seuser (user_name, user_selinux) != 0) { -- fprintf (stderr, -- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -- Prog, user_name, user_selinux); -+ if (Zflg && *user_selinux) { -+ if (is_selinux_enabled () > 0) { -+ if (set_seuser (user_name, user_selinux) != 0) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -+ Prog, user_name, user_selinux); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding SELinux user mapping", -- user_name, (unsigned int) user_id, 0); --#endif /* WITH_AUDIT */ -- fail_exit (E_SE_UPDATE); -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding SELinux user mapping", -+ user_name, (unsigned int) user_id, 0); -+#endif /* WITH_AUDIT */ -+ rv = E_SE_UPDATE; -+ } - } - } --#endif /* WITH_SELINUX */ -+#endif -+ -+ if (mflg) { -+ create_home (); -+ if (home_added) { -+ copy_tree (def_template, prefix_user_home, false, true, -+ (uid_t)-1, user_id, (gid_t)-1, user_gid); -+ } else { -+ fprintf (stderr, -+ _("%s: warning: the home directory already exists.\n" -+ "Not copying any file from skel directory into it.\n"), -+ Prog); -+ } -+ } -+ -+ /* Do not create mail directory for system accounts */ -+ if (!rflg) { -+ create_mail (); -+ } - -- nscd_flush_cache ("passwd"); -- nscd_flush_cache ("group"); - sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); - -- return E_SUCCESS; -+ return rv; - } - --- -1.8.3.1 - diff --git a/semanage-close-the-selabel-handle.patch b/semanage-close-the-selabel-handle.patch new file mode 100644 index 0000000000000000000000000000000000000000..a138e1ee816f4f23362b785975b98175f2ef82c3 --- /dev/null +++ b/semanage-close-the-selabel-handle.patch @@ -0,0 +1,61 @@ +From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Fri, 8 Oct 2021 13:13:13 +0200 +Subject: [PATCH] semanage: close the selabel handle + +Close the selabel handle to update the file_context. This means that the +file_context will be remmaped and used by selabel_lookup() to return +the appropriate context to label the home folder. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081 + +Signed-off-by: Iker Pedrosa +--- + lib/prototypes.h | 1 + + lib/selinux.c | 5 +++++ + lib/semanage.c | 1 + + 3 files changed, 7 insertions(+) + +diff --git a/lib/prototypes.h b/lib/prototypes.h +index 1d1586d..b697e0e 100644 +--- a/lib/prototypes.h ++++ b/lib/prototypes.h +@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const + /* selinux.c */ + #ifdef WITH_SELINUX + extern int set_selinux_file_context (const char *dst_name, mode_t mode); ++extern void reset_selinux_handle (void); + extern int reset_selinux_file_context (void); + extern int check_selinux_permit (const char *perm_name); + #endif +diff --git a/lib/selinux.c b/lib/selinux.c +index c83545f..b075d4c 100644 +--- a/lib/selinux.c ++++ b/lib/selinux.c +@@ -50,6 +50,11 @@ static void cleanup(void) + } + } + ++void reset_selinux_handle (void) ++{ ++ cleanup(); ++} ++ + /* + * set_selinux_file_context - Set the security context before any file or + * directory creation. +diff --git a/lib/semanage.c b/lib/semanage.c +index 0d30456..a5bf921 100644 +--- a/lib/semanage.c ++++ b/lib/semanage.c +@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name) + } + + ret = 0; ++ reset_selinux_handle(); + + done: + semanage_seuser_key_free (key); +-- +1.8.3.1 + diff --git a/shadow-4.5-goodname.patch b/shadow-4.8-goodname.patch similarity index 64% rename from shadow-4.5-goodname.patch rename to shadow-4.8-goodname.patch index 3c41dbac35548b234d98ff14602663f233b4f426..f3c18d5d38d6e9db695458bed68ea48b6132ddb2 100644 --- a/shadow-4.5-goodname.patch +++ b/shadow-4.8-goodname.patch @@ -1,20 +1,7 @@ -From a386a250712771e44e2020060e6a3ca690f72129 Mon Sep 17 00:00:00 2001 -From: "guiyao" -Date: Wed, 15 Apr 2020 15:18:25 -0400 -Subject: [PATCH] shadow: shadow-4.5-goodname - -backport patch and do some modify for new code ---- - libmisc/chkname.c | 40 +++++++++++++++++++++++++++++----------- - man/groupadd.8.xml | 10 ++++++---- - man/useradd.8.xml | 12 ++++++++---- - 3 files changed, 43 insertions(+), 19 deletions(-) - -diff --git a/libmisc/chkname.c b/libmisc/chkname.c -index bdd1e72..957c966 100644 ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -55,26 +55,44 @@ static bool is_valid_name (const char *name) +diff -up shadow-4.8/libmisc/chkname.c.goodname shadow-4.8/libmisc/chkname.c +--- shadow-4.8/libmisc/chkname.c.goodname 2020-01-13 09:44:41.968507996 +0100 ++++ shadow-4.8/libmisc/chkname.c 2020-01-13 09:46:27.863727732 +0100 +@@ -55,26 +55,44 @@ static bool is_valid_name (const char *n } /* @@ -33,13 +20,13 @@ index bdd1e72..957c966 100644 - if (('\0' == *name) || - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + if ('\0' == *name || -+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) || -+ '\0' == name[1])) || -+ !((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ *name == '_' || -+ *name == '.')) { ++ ('.' == *name && (('.' == name[1] && '\0' == name[2]) || ++ '\0' == name[1])) || ++ !((*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ *name == '_' || ++ *name == '.')) { return false; } @@ -51,15 +38,14 @@ index bdd1e72..957c966 100644 - ('_' == *name) || - ('-' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) -- )) { + if (!((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ *name == '_' || -+ *name == '.' || -+ *name == '-' || -+ (*name == '$' && name[1] == '\0') -+ )) { ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ *name == '_' || ++ *name == '.' || ++ *name == '-' || ++ (*name == '$' && name[1] == '\0') + )) { return false; } + numeric &= isdigit(*name); @@ -70,10 +56,9 @@ index bdd1e72..957c966 100644 } bool is_valid_user_name (const char *name) -diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml -index 1e58f09..47a4c95 100644 ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml +diff -up shadow-4.8/man/groupadd.8.xml.goodname shadow-4.8/man/groupadd.8.xml +--- shadow-4.8/man/groupadd.8.xml.goodname 2019-07-23 17:26:08.000000000 +0200 ++++ shadow-4.8/man/groupadd.8.xml 2020-01-13 09:44:41.968507996 +0100 @@ -273,10 +273,12 @@ CAVEATS @@ -91,11 +76,10 @@ index 1e58f09..47a4c95 100644 Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index 03612ce..4e9e0dc 100644 ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -662,10 +662,14 @@ +diff -up shadow-4.8/man/useradd.8.xml.goodname shadow-4.8/man/useradd.8.xml +--- shadow-4.8/man/useradd.8.xml.goodname 2019-10-05 03:23:58.000000000 +0200 ++++ shadow-4.8/man/useradd.8.xml 2020-01-13 09:44:41.968507996 +0100 +@@ -661,10 +661,14 @@ @@ -114,6 +98,3 @@ index 03612ce..4e9e0dc 100644 Usernames may only be up to 32 characters long. --- -1.8.3.1 - diff --git a/long-password-entry.patch b/shadow-4.8-long-entry.patch similarity index 54% rename from long-password-entry.patch rename to shadow-4.8-long-entry.patch index ff05cc45d03297fe115ecbb8ae7e7a8f1cd3e9e6..64d96367e43fcef3a543f1eb19da6aa8c9f622d1 100644 --- a/long-password-entry.patch +++ b/shadow-4.8-long-entry.patch @@ -1,18 +1,20 @@ -diff --git a/lib/defines.h b/lib/defines.h ---- a/lib/defines.h -+++ b/lib/defines.h -@@ -388,4 +388,7 @@ extern char *strerror (); - # define shadow_getenv(name) getenv(name) +diff -up shadow-4.8/lib/defines.h.long-entry shadow-4.8/lib/defines.h +--- shadow-4.8/lib/defines.h.long-entry 2020-01-13 10:29:45.288957339 +0100 ++++ shadow-4.8/lib/defines.h 2020-01-13 10:30:47.482902954 +0100 +@@ -388,6 +388,9 @@ extern char *strerror (); + # endif #endif +/* Maximum length of passwd entry */ +#define PASSWD_ENTRY_MAX_LENGTH 32768 + - #endif /* _DEFINES_H_ */ -diff --git a/lib/pwio.c b/lib/pwio.c ---- a/lib/pwio.c -+++ b/lib/pwio.c -@@ -79,7 +79,10 @@ static int passwd_put (const void *ent, FILE * file) + #ifdef HAVE_SECURE_GETENV + # define shadow_getenv(name) secure_getenv(name) + # else +diff -up shadow-4.8/lib/pwio.c.long-entry shadow-4.8/lib/pwio.c +--- shadow-4.8/lib/pwio.c.long-entry 2019-07-23 17:26:08.000000000 +0200 ++++ shadow-4.8/lib/pwio.c 2020-01-13 10:29:45.288957339 +0100 +@@ -79,7 +79,10 @@ static int passwd_put (const void *ent, || (pw->pw_gid == (gid_t)-1) || (valid_field (pw->pw_gecos, ":\n") == -1) || (valid_field (pw->pw_dir, ":\n") == -1) @@ -24,9 +26,9 @@ diff --git a/lib/pwio.c b/lib/pwio.c return -1; } -diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c ---- a/lib/sgetpwent.c -+++ b/lib/sgetpwent.c +diff -up shadow-4.8/lib/sgetpwent.c.long-entry shadow-4.8/lib/sgetpwent.c +--- shadow-4.8/lib/sgetpwent.c.long-entry 2019-10-05 03:23:58.000000000 +0200 ++++ shadow-4.8/lib/sgetpwent.c 2020-01-13 10:29:45.288957339 +0100 @@ -57,7 +57,7 @@ struct passwd *sgetpwent (const char *buf) { @@ -36,7 +38,7 @@ diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c register int i; register char *cp; char *fields[NFIELDS]; -@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *buf) +@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *bu * the password structure remain valid. */ @@ -48,9 +50,9 @@ diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c strcpy (pwdbuf, buf); /* -diff --git a/lib/sgetspent.c b/lib/sgetspent.c ---- a/lib/sgetspent.c -+++ b/lib/sgetspent.c +diff -up shadow-4.8/lib/sgetspent.c.long-entry shadow-4.8/lib/sgetspent.c +--- shadow-4.8/lib/sgetspent.c.long-entry 2019-07-23 17:26:08.000000000 +0200 ++++ shadow-4.8/lib/sgetspent.c 2020-01-13 10:29:45.289957322 +0100 @@ -48,7 +48,7 @@ */ struct spwd *sgetspent (const char *string) @@ -60,7 +62,7 @@ diff --git a/lib/sgetspent.c b/lib/sgetspent.c static struct spwd spwd; char *fields[FIELDS]; char *cp; -@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *string) +@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *stri */ if (strlen (string) >= sizeof spwbuf) { @@ -68,10 +70,10 @@ diff --git a/lib/sgetspent.c b/lib/sgetspent.c return 0; /* fail if too long */ } strcpy (spwbuf, string); -diff --git a/lib/shadowio.c b/lib/shadowio.c ---- a/lib/shadowio.c -+++ b/lib/shadowio.c -@@ -79,7 +79,9 @@ static int shadow_put (const void *ent, FILE * file) +diff -up shadow-4.8/lib/shadowio.c.long-entry shadow-4.8/lib/shadowio.c +--- shadow-4.8/lib/shadowio.c.long-entry 2019-07-23 17:26:08.000000000 +0200 ++++ shadow-4.8/lib/shadowio.c 2020-01-13 10:29:45.289957322 +0100 +@@ -79,7 +79,9 @@ static int shadow_put (const void *ent, if ( (NULL == sp) || (valid_field (sp->sp_namp, ":\n") == -1) diff --git a/shadow-4.8.1.tar.xz b/shadow-4.8.1.tar.xz deleted file mode 100644 index 986e648556d982c250bcbd236be79a974c1f030d..0000000000000000000000000000000000000000 Binary files a/shadow-4.8.1.tar.xz and /dev/null differ diff --git a/null-time.patch b/shadow-4.9-null-tm.patch similarity index 56% rename from null-time.patch rename to shadow-4.9-null-tm.patch index fcf22f0e88e7d3bc1cb6338769d8cb930d480fd1..249b27b8d0fdd5424995d0ebb066378be0048e97 100644 --- a/null-time.patch +++ b/shadow-4.9-null-tm.patch @@ -1,8 +1,8 @@ Index: shadow-4.5/src/chage.c =================================================================== ---- a/src/chage.c -+++ b/src/chage.c -@@ -167,6 +167,10 @@ static void date_to_str (char *buf, size_t maxsize, time_t date) +--- shadow-4.5.orig/src/chage.c ++++ shadow-4.5/src/chage.c +@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size struct tm *tp; tp = gmtime (&date); @@ -13,32 +13,11 @@ Index: shadow-4.5/src/chage.c #ifdef HAVE_STRFTIME (void) strftime (buf, maxsize, "%Y-%m-%d", tp); #else -Index: shadow-4.5/src/faillog.c -=================================================================== ---- a/src/faillog.c -+++ b/src/faillog.c -@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force) - } - - tm = localtime (&fl.fail_time); -+ if (tm == NULL) { -+ cp = "(unknown)"; -+ } else { - #ifdef HAVE_STRFTIME -- strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm); -- cp = ptime; -+ strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm); -+ cp = ptime; - #endif -+ } - printf ("%-9s %5d %5d ", - pw->pw_name, fl.fail_cnt, fl.fail_max); - /* FIXME: cp is not defined ifndef HAVE_STRFTIME */ Index: shadow-4.5/src/lastlog.c =================================================================== ---- a/src/lastlog.c -+++ b/src/lastlog.c -@@ -159,13 +159,17 @@ static void print_one (/*@null@*/const struct passwd *pw) +--- shadow-4.5.orig/src/lastlog.c ++++ shadow-4.5/src/lastlog.c +@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s ll_time = ll.ll_time; tm = localtime (&ll_time); @@ -62,9 +41,9 @@ Index: shadow-4.5/src/lastlog.c cp = _("**Never logged in**\0"); Index: shadow-4.5/src/passwd.c =================================================================== ---- a/src/passwd.c -+++ b/src/passwd.c -@@ -456,6 +456,9 @@ static /*@observer@*/const char *date_to_str (time_t t) +--- shadow-4.5.orig/src/passwd.c ++++ shadow-4.5/src/passwd.c +@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to struct tm *tm; tm = gmtime (&t); @@ -76,9 +55,9 @@ Index: shadow-4.5/src/passwd.c #else /* !HAVE_STRFTIME */ Index: shadow-4.5/src/usermod.c =================================================================== ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -216,6 +216,10 @@ static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize, +--- shadow-4.5.orig/src/usermod.c ++++ shadow-4.5/src/usermod.c +@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@ } else { time_t t = (time_t) date; tp = gmtime (&t); @@ -89,6 +68,3 @@ Index: shadow-4.5/src/usermod.c #ifdef HAVE_STRFTIME strftime (buf, maxsize, "%Y-%m-%d", tp); #else --- -2.19.1 - diff --git a/shadow-4.9.tar.xz b/shadow-4.9.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..efe30aa9556d00f3648359c03340db3d7dbb4e2c Binary files /dev/null and b/shadow-4.9.tar.xz differ diff --git a/shadow.spec b/shadow.spec index 5b55aa55f2379d99ba9f15cb2395b9409e334758..20bd0d350c0296e05c36b4bda7abde25cf132f59 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,32 +1,42 @@ Name: shadow -Version: 4.8.1 -Release: 7 +Version: 4.9 +Release: 1 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files URL: http://pkg-shadow.alioth.debian.org/ -Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz Source2: shadow-utils.useradd Source3: shadow-utils.login.defs Source4: shadow-bsd.txt Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Source6: chpasswd Source7: newusers + +%global includesubiddir %{_includedir}/shadow + # fix unknown item 'LASTLOG_MAX_UID' -Patch0: shadow-4.5-goodname.patch -Patch1: fix-logmsg.patch -Patch2: null-time.patch -Patch3: long-password-entry.patch -Patch4: usermod-unlock.patch -Patch5: selinux-flag.patch -Patch6: add-home_mode-xml-file.patch -Patch7: shadow-4.1.5.1-var-lock.patch -Patch8: shadow-utils-fix-lock-file-residue.patch -Patch9: generate-mail-USER-with-the-proper-selinux-identity.patch -Patch10: man-zh_CN-fix-typo.patch -Patch11: useradd-free-grp-to-avoid-leak.patch -Patch12: useradd.c-fix-memleaks-of-grp.patch -Patch13: useradd.c-fix-memleak-in-get_groups.patch +Patch0: shadow-4.8-goodname.patch +Patch1: shadow-4.9-null-tm.patch +Patch2: shadow-4.8-long-entry.patch +Patch3: usermod-unlock.patch +Patch4: useradd-create-directories-after-the-SELinux-user.patch +Patch5: shadow-4.1.5.1-var-lock.patch +Patch6: shadow-utils-fix-lock-file-residue.patch +Patch7: Makefile-include-libeconf-dependency-in-new-idmap.patch +Patch8: usermod-allow-all-group-types-with-G-option.patch +Patch9: useradd-avoid-generating-an-empty-subid-range.patch +Patch10: libmisc-fix-default-value-in-SHA_get_salt_rounds.patch +Patch11: semanage-close-the-selabel-handle.patch +Patch12: Revert-useradd.c-fix-memleaks-of-grp.patch +Patch13: useradd-change-SELinux-labels-for-home-files.patch +Patch14: libsubid-link-to-PAM-libraries.patch +Patch15: Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch +Patch16: Respect-enable-static-no-in-libsubid.patch +Patch17: Fixes-the-linking-issues-when-libsubid-is-static-and.patch +Patch18: pwck-fix-segfault-when-calling-fprintf.patch +Patch19: newgrp-fix-segmentation-fault.patch +Patch20: groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -47,6 +57,13 @@ This package includes the necessary programs for converting plain password files to the shadow password format and to manage user and group accounts. +%package subid-devel +Summary: Development package for shadow-utils-subid +License: BSD and GPLv2+ + +%description subid-devel +Development files for shadow-utils-subid. + %package_help %prep @@ -70,7 +87,7 @@ autoreconf -fiv --with-selinux \ --without-libcrack \ --with-libpam \ - --disable-shared \ + --enable-shared \ --with-group-name-max-length=32 %make_build @@ -141,6 +158,14 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do lang=$(basename $dir) done +# Move subid.h to its own folder +echo $(ls) +mkdir -p $RPM_BUILD_ROOT/%{includesubiddir} +install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/ + +# Remove .la files created by libsubid +rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la + %files -f shadow.lang %doc NEWS doc/HOWTO README %{!?_licensedir:%global license %%doc} @@ -169,10 +194,18 @@ done %{_sysconfdir}/pam.d/groupmems %{_sysconfdir}/pam.d/newusers +%files subid-devel +%{_libdir}/libsubid.so.* +%{includesubiddir}/subid.h +%{_libdir}/libsubid.so + %files help %{_mandir}/*/* %changelog +* Thu Dec 30 2021 panxiaohe - 2:4.9-1 +- update to 4.9 + * Thu Sep 30 2021 steven Y.Gui - 2:4.8.1-7 - backport some patches to fix memory leak diff --git a/useradd-avoid-generating-an-empty-subid-range.patch b/useradd-avoid-generating-an-empty-subid-range.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f0ffb2127ac168a609f95dba8c3140bc2e064aa --- /dev/null +++ b/useradd-avoid-generating-an-empty-subid-range.patch @@ -0,0 +1,107 @@ +From 9dd720a28578eef5be8171697aae0906e4c53249 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Tue, 10 Aug 2021 09:07:03 +0200 +Subject: [PATCH] useradd: avoid generating an empty subid range + +useradd generates an empty subid range when adding a new user. This is +caused because there are two variables, one local and the other one +global, that have a very similar name and they are used indistinctly in +the code. The local variable loads the SUB_*ID_COUNT configuration from +the login.defs file, while the global variable, which holds a value of +0, is used to generate the subid range. Causing the empty subid range +problem. + +I've merged the two variables in the local one and removed the global +variable. I prefer to do it this way to reduce the scope of it but I'm +open to doing it the other way round. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1990653 + +Signed-off-by: Iker Pedrosa +Conflict: context adaptation +--- + src/useradd.c | 20 +++++++++----------- + 1 file changed, 9 insertions(+), 11 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index baeffb3..9abeea6 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -142,9 +142,7 @@ static bool is_sub_gid = false; + static bool sub_uid_locked = false; + static bool sub_gid_locked = false; + static uid_t sub_uid_start; /* New subordinate uid range */ +-static unsigned long sub_uid_count; + static gid_t sub_gid_start; /* New subordinate gid range */ +-static unsigned long sub_gid_count; + #endif /* ENABLE_SUBIDS */ + static bool pw_locked = false; + static bool gr_locked = false; +@@ -234,7 +232,7 @@ static void open_shadow (void); + static void faillog_reset (uid_t); + static void lastlog_reset (uid_t); + static void tallylog_reset (const char *); +-static void usr_update (void); ++static void usr_update (unsigned long subuid_count, unsigned long subgid_count); + static void create_home (void); + static void create_mail (void); + static void check_uid_range(int rflg, uid_t user_id); +@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name) + * usr_update() creates the password file entries for this user + * and will update the group entries if required. + */ +-static void usr_update (void) ++static void usr_update (unsigned long subuid_count, unsigned long subgid_count) + { + struct passwd pwent; + struct spwd spent; +@@ -2155,14 +2153,14 @@ static void usr_update (void) + } + #ifdef ENABLE_SUBIDS + if (is_sub_uid && +- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) { ++ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), + Prog, sub_uid_dbname ()); + fail_exit (E_SUB_UID_UPDATE); + } + if (is_sub_gid && +- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) { ++ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), + Prog, sub_uid_dbname ()); +@@ -2624,16 +2622,16 @@ int main (int argc, char **argv) + } + + #ifdef ENABLE_SUBIDS +- if (is_sub_uid && sub_uid_count != 0) { +- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) { ++ if (is_sub_uid && subuid_count != 0) { ++ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) { + fprintf (stderr, + _("%s: can't create subordinate user IDs\n"), + Prog); + fail_exit(E_SUB_UID_UPDATE); + } + } +- if (is_sub_gid && sub_gid_count != 0) { +- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) { ++ if (is_sub_gid && subgid_count != 0) { ++ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) { + fprintf (stderr, + _("%s: can't create subordinate group IDs\n"), + Prog); +@@ -2642,7 +2640,7 @@ int main (int argc, char **argv) + } + #endif /* ENABLE_SUBIDS */ + +- usr_update (); ++ usr_update (subuid_count, subgid_count); + + close_files (); + +-- +1.8.3.1 + diff --git a/useradd-change-SELinux-labels-for-home-files.patch b/useradd-change-SELinux-labels-for-home-files.patch new file mode 100644 index 0000000000000000000000000000000000000000..700b1f1e6e258843a089fa2124d6a79be3531e35 --- /dev/null +++ b/useradd-change-SELinux-labels-for-home-files.patch @@ -0,0 +1,34 @@ +From 06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Fri, 12 Nov 2021 15:23:30 +0100 +Subject: [PATCH] useradd: change SELinux labels for home files + +Change SELinux labels for files copied from the skeleton directory to +the home directory. + +This could cause gnome's graphical user adding to fail without copying +the full skeleton files. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2022658 + +Signed-off-by: Iker Pedrosa +--- + src/useradd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/useradd.c b/src/useradd.c +index b463a17..f7c9795 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2704,7 +2704,7 @@ int main (int argc, char **argv) + if (mflg) { + create_home (); + if (home_added) { +- copy_tree (def_template, prefix_user_home, false, false, ++ copy_tree (def_template, prefix_user_home, false, true, + (uid_t)-1, user_id, (gid_t)-1, user_gid); + } else { + fprintf (stderr, +-- +1.8.3.1 + diff --git a/useradd-create-directories-after-the-SELinux-user.patch b/useradd-create-directories-after-the-SELinux-user.patch new file mode 100644 index 0000000000000000000000000000000000000000..36bd2a6e4549c95937ad3c640076f7bd91434c8e --- /dev/null +++ b/useradd-create-directories-after-the-SELinux-user.patch @@ -0,0 +1,89 @@ +From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Fri, 8 Oct 2021 13:09:59 +0200 +Subject: [PATCH] useradd: create directories after the SELinux user + +Create the home and mail folders after the SELinux user has been set for +the added user. This will allow the folders to be created with the +SELinux user label. + +Signed-off-by: Iker Pedrosa +Conflict: context adaptation +--- + src/useradd.c | 46 +++++++++++++++++++++++----------------------- + 1 file changed, 23 insertions(+), 23 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 6269c01..b463a17 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2670,27 +2670,12 @@ int main (int argc, char **argv) + + usr_update (); + +- if (mflg) { +- create_home (); +- if (home_added) { +- copy_tree (def_template, prefix_user_home, false, false, +- (uid_t)-1, user_id, (gid_t)-1, user_gid); +- } else { +- fprintf (stderr, +- _("%s: warning: the home directory %s already exists.\n" +- "%s: Not copying any file from skel directory into it.\n"), +- Prog, user_home, Prog); +- } +- +- } +- +- /* Do not create mail directory for system accounts */ +- if (!rflg) { +- create_mail (); +- } +- + close_files (); + ++ nscd_flush_cache ("passwd"); ++ nscd_flush_cache ("group"); ++ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); ++ + /* + * tallylog_reset needs to be able to lookup + * a valid existing user name, +@@ -2716,15 +2701,30 @@ int main (int argc, char **argv) + } + #endif /* WITH_SELINUX */ + ++ if (mflg) { ++ create_home (); ++ if (home_added) { ++ copy_tree (def_template, prefix_user_home, false, false, ++ (uid_t)-1, user_id, (gid_t)-1, user_gid); ++ } else { ++ fprintf (stderr, ++ _("%s: warning: the home directory %s already exists.\n" ++ "%s: Not copying any file from skel directory into it.\n"), ++ Prog, user_home, Prog); ++ } ++ ++ } ++ ++ /* Do not create mail directory for system accounts */ ++ if (!rflg) { ++ create_mail (); ++ } ++ + if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name, + "useradd")) { + exit(1); + } + +- nscd_flush_cache ("passwd"); +- nscd_flush_cache ("group"); +- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); +- + return E_SUCCESS; + } + +-- +1.8.3.1 + diff --git a/useradd-free-grp-to-avoid-leak.patch b/useradd-free-grp-to-avoid-leak.patch deleted file mode 100644 index c96f18c20cc379e3b7f9ffd267eb67363ef4b9d5..0000000000000000000000000000000000000000 --- a/useradd-free-grp-to-avoid-leak.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 569bd1d54f4be070d4ac88042586d9334343702d Mon Sep 17 00:00:00 2001 -From: ikerexxe -Date: Tue, 27 Oct 2020 11:35:53 +0100 -Subject: [PATCH] useradd: free grp to avoid leak - -covscan issue: -Error: RESOURCE_LEAK (CWE-772): [#def39] [important] -src/useradd.c:728: alloc_fn: Storage is returned from allocation function "get_local_group". -src/useradd.c:728: var_assign: Assigning: "grp" = storage returned from "get_local_group(list)". -src/useradd.c:728: overwrite_var: Overwriting "grp" in "grp = get_local_group(list)" leaks the storage that "grp" points to. -726| * GID values, otherwise the string is looked up as is. -727| */ -728|-> grp = get_local_group (list); -729| -730| /* ---- - src/useradd.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 3544acd0..107e65f8 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -729,7 +729,7 @@ static int set_defaults (void) - static int get_groups (char *list) - { - char *cp; -- const struct group *grp; -+ struct group *grp; - int errors = 0; - int ngroups = 0; - -@@ -808,6 +808,7 @@ static int get_groups (char *list) - * Add the group name to the user's list of groups. - */ - user_groups[ngroups++] = xstrdup (grp->gr_name); -+ free (grp); - } while (NULL != list); - - user_groups[ngroups] = (char *) 0; --- - diff --git a/useradd.c-fix-memleak-in-get_groups.patch b/useradd.c-fix-memleak-in-get_groups.patch deleted file mode 100644 index a8bdbbffb29d6d819d1e57233777aa151f453637..0000000000000000000000000000000000000000 --- a/useradd.c-fix-memleak-in-get_groups.patch +++ /dev/null @@ -1,41 +0,0 @@ -From fd9d79a1a3438ba7703939cfcd45fc266782c64e Mon Sep 17 00:00:00 2001 -From: whzhe -Date: Thu, 17 Dec 2020 03:27:15 -0500 -Subject: [PATCH] useradd.c:fix memleak in get_groups - -Signed-off-by: whzhe ---- - src/useradd.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 107e65f8..822b67f5 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -793,6 +793,7 @@ static int get_groups (char *list) - fprintf (stderr, - _("%s: group '%s' is a NIS group.\n"), - Prog, grp->gr_name); -+ gr_free(grp); - continue; - } - #endif -@@ -801,6 +802,7 @@ static int get_groups (char *list) - fprintf (stderr, - _("%s: too many groups specified (max %d).\n"), - Prog, ngroups); -+ gr_free(grp); - break; - } - -@@ -808,7 +810,7 @@ static int get_groups (char *list) - * Add the group name to the user's list of groups. - */ - user_groups[ngroups++] = xstrdup (grp->gr_name); -- free (grp); -+ gr_free (grp); - } while (NULL != list); - - user_groups[ngroups] = (char *) 0; --- - diff --git a/useradd.c-fix-memleaks-of-grp.patch b/useradd.c-fix-memleaks-of-grp.patch deleted file mode 100644 index 52b634f65acff96ef83727edea83429e7048ffa6..0000000000000000000000000000000000000000 --- a/useradd.c-fix-memleaks-of-grp.patch +++ /dev/null @@ -1,24 +0,0 @@ -From c44b71cec25d60efc51aec9de3abce1f6efbfcf5 Mon Sep 17 00:00:00 2001 -From: whzhe51 -Date: Sat, 19 Dec 2020 04:29:06 -0500 -Subject: [PATCH] useradd.c:fix memleaks of grp Signed-off-by: whzhe51 - - ---- - src/useradd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/useradd.c b/src/useradd.c -index 107e65f8..29c54e44 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -411,6 +411,7 @@ static void get_defaults (void) - } else { - def_group = grp->gr_gid; - def_gname = xstrdup (grp->gr_name); -+ gr_free(grp); - } - } - --- - diff --git a/usermod-allow-all-group-types-with-G-option.patch b/usermod-allow-all-group-types-with-G-option.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ac899f19a91de1b8409a590be5dacc479b731d1 --- /dev/null +++ b/usermod-allow-all-group-types-with-G-option.patch @@ -0,0 +1,322 @@ +From e481437ab9ebe9a8bf8fbaabe986d42b2f765991 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Tue, 3 Aug 2021 08:57:20 +0200 +Subject: [PATCH] usermod: allow all group types with -G option + +The only way of removing a group from the supplementary list is to use +-G option, and list all groups that the user is a member of except for +the one that wants to be removed. The problem lies when there's a user +that contains both local and remote groups, and the group to be removed +is a local one. As we need to include the remote group with -G option +the command will fail. + +This reverts commit 140510de9de4771feb3af1d859c09604043a4c9b. This way, +it would be possible to remove the remote groups from the supplementary +list. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641 +Resolves: https://github.com/shadow-maint/shadow/issues/338 + +Signed-off-by: Iker Pedrosa +--- + src/usermod.c | 220 ++++++++++++++++++++-------------------------------------- + 1 file changed, 77 insertions(+), 143 deletions(-) + +diff --git a/src/usermod.c b/src/usermod.c +index 03bb9b9..a0c03af 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -187,7 +187,6 @@ static bool sub_gid_locked = false; + static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize, + long int date); + static int get_groups (char *); +-static struct group * get_local_group (char * grp_name); + static /*@noreturn@*/void usage (int status); + static void new_pwent (struct passwd *); + static void new_spent (struct spwd *); +@@ -201,9 +200,7 @@ static void grp_update (void); + + static void process_flags (int, char **); + static void close_files (void); +-static void close_group_files (void); + static void open_files (void); +-static void open_group_files (void); + static void usr_update (void); + static void move_home (void); + static void update_lastlog (void); +@@ -261,11 +258,6 @@ static int get_groups (char *list) + } + + /* +- * Open the group files +- */ +- open_group_files (); +- +- /* + * So long as there is some data to be converted, strip off each + * name and look it up. A mix of numerical and string values for + * group identifiers is permitted. +@@ -284,7 +276,7 @@ static int get_groups (char *list) + * Names starting with digits are treated as numerical GID + * values, otherwise the string is looked up as is. + */ +- grp = get_local_group (list); ++ grp = prefix_getgr_nam_gid (list); + + /* + * There must be a match, either by GID value or by +@@ -334,8 +326,6 @@ static int get_groups (char *list) + gr_free ((struct group *)grp); + } while (NULL != list); + +- close_group_files (); +- + user_groups[ngroups] = (char *) 0; + + /* +@@ -348,44 +338,6 @@ static int get_groups (char *list) + return 0; + } + +-/* +- * get_local_group - checks if a given group name exists locally +- * +- * get_local_group() checks if a given group name exists locally. +- * If the name exists the group information is returned, otherwise NULL is +- * returned. +- */ +-static struct group * get_local_group(char * grp_name) +-{ +- const struct group *grp; +- struct group *result_grp = NULL; +- long long int gid; +- char *endptr; +- +- gid = strtoll (grp_name, &endptr, 10); +- if ( ('\0' != *grp_name) +- && ('\0' == *endptr) +- && (ERANGE != errno) +- && (gid == (gid_t)gid)) { +- grp = gr_locate_gid ((gid_t) gid); +- } +- else { +- grp = gr_locate(grp_name); +- } +- +- if (grp != NULL) { +- result_grp = __gr_dup (grp); +- if (NULL == result_grp) { +- fprintf (stderr, +- _("%s: Out of memory. Cannot find group '%s'.\n"), +- Prog, grp_name); +- fail_exit (E_GRP_UPDATE); +- } +- } +- +- return result_grp; +-} +- + #ifdef ENABLE_SUBIDS + struct ulong_range + { +@@ -1523,7 +1475,50 @@ static void close_files (void) + } + + if (Gflg || lflg) { +- close_group_files (); ++ if (gr_close () == 0) { ++ fprintf (stderr, ++ _("%s: failure while writing changes to %s\n"), ++ Prog, gr_dbname ()); ++ SYSLOG ((LOG_ERR, ++ "failure while writing changes to %s", ++ gr_dbname ())); ++ fail_exit (E_GRP_UPDATE); ++ } ++#ifdef SHADOWGRP ++ if (is_shadow_grp) { ++ if (sgr_close () == 0) { ++ fprintf (stderr, ++ _("%s: failure while writing changes to %s\n"), ++ Prog, sgr_dbname ()); ++ SYSLOG ((LOG_ERR, ++ "failure while writing changes to %s", ++ sgr_dbname ())); ++ fail_exit (E_GRP_UPDATE); ++ } ++ } ++#endif ++#ifdef SHADOWGRP ++ if (is_shadow_grp) { ++ if (sgr_unlock () == 0) { ++ fprintf (stderr, ++ _("%s: failed to unlock %s\n"), ++ Prog, sgr_dbname ()); ++ SYSLOG ((LOG_ERR, ++ "failed to unlock %s", ++ sgr_dbname ())); ++ /* continue */ ++ } ++ } ++#endif ++ if (gr_unlock () == 0) { ++ fprintf (stderr, ++ _("%s: failed to unlock %s\n"), ++ Prog, gr_dbname ()); ++ SYSLOG ((LOG_ERR, ++ "failed to unlock %s", ++ gr_dbname ())); ++ /* continue */ ++ } + } + + if (is_shadow_pwd) { +@@ -1593,60 +1588,6 @@ static void close_files (void) + } + + /* +- * close_group_files - close all of the files that were opened +- * +- * close_group_files() closes all of the files that were opened related +- * with groups. This causes any modified entries to be written out. +- */ +-static void close_group_files (void) +-{ +- if (gr_close () == 0) { +- fprintf (stderr, +- _("%s: failure while writing changes to %s\n"), +- Prog, gr_dbname ()); +- SYSLOG ((LOG_ERR, +- "failure while writing changes to %s", +- gr_dbname ())); +- fail_exit (E_GRP_UPDATE); +- } +-#ifdef SHADOWGRP +- if (is_shadow_grp) { +- if (sgr_close () == 0) { +- fprintf (stderr, +- _("%s: failure while writing changes to %s\n"), +- Prog, sgr_dbname ()); +- SYSLOG ((LOG_ERR, +- "failure while writing changes to %s", +- sgr_dbname ())); +- fail_exit (E_GRP_UPDATE); +- } +- } +-#endif +-#ifdef SHADOWGRP +- if (is_shadow_grp) { +- if (sgr_unlock () == 0) { +- fprintf (stderr, +- _("%s: failed to unlock %s\n"), +- Prog, sgr_dbname ()); +- SYSLOG ((LOG_ERR, +- "failed to unlock %s", +- sgr_dbname ())); +- /* continue */ +- } +- } +-#endif +- if (gr_unlock () == 0) { +- fprintf (stderr, +- _("%s: failed to unlock %s\n"), +- Prog, gr_dbname ()); +- SYSLOG ((LOG_ERR, +- "failed to unlock %s", +- gr_dbname ())); +- /* continue */ +- } +-} +- +-/* + * open_files - lock and open the password files + * + * open_files() opens the two password files. +@@ -1681,7 +1622,38 @@ static void open_files (void) + } + + if (Gflg || lflg) { +- open_group_files (); ++ /* ++ * Lock and open the group file. This will load all of the ++ * group entries. ++ */ ++ if (gr_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, gr_dbname ()); ++ fail_exit (E_GRP_UPDATE); ++ } ++ gr_locked = true; ++ if (gr_open (O_CREAT | O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, gr_dbname ()); ++ fail_exit (E_GRP_UPDATE); ++ } ++#ifdef SHADOWGRP ++ if (is_shadow_grp && (sgr_lock () == 0)) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sgr_dbname ()); ++ fail_exit (E_GRP_UPDATE); ++ } ++ sgr_locked = true; ++ if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sgr_dbname ()); ++ fail_exit (E_GRP_UPDATE); ++ } ++#endif + } + #ifdef ENABLE_SUBIDS + if (vflg || Vflg) { +@@ -1718,44 +1690,6 @@ static void open_files (void) + } + + /* +- * open_group_files - lock and open the group files +- * +- * open_group_files() loads all of the group entries. +- */ +-static void open_group_files (void) +-{ +- if (gr_lock () == 0) { +- fprintf (stderr, +- _("%s: cannot lock %s; try again later.\n"), +- Prog, gr_dbname ()); +- fail_exit (E_GRP_UPDATE); +- } +- gr_locked = true; +- if (gr_open (O_CREAT | O_RDWR) == 0) { +- fprintf (stderr, +- _("%s: cannot open %s\n"), +- Prog, gr_dbname ()); +- fail_exit (E_GRP_UPDATE); +- } +- +-#ifdef SHADOWGRP +- if (is_shadow_grp && (sgr_lock () == 0)) { +- fprintf (stderr, +- _("%s: cannot lock %s; try again later.\n"), +- Prog, sgr_dbname ()); +- fail_exit (E_GRP_UPDATE); +- } +- sgr_locked = true; +- if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { +- fprintf (stderr, +- _("%s: cannot open %s\n"), +- Prog, sgr_dbname ()); +- fail_exit (E_GRP_UPDATE); +- } +-#endif +-} +- +-/* + * usr_update - create the user entries + * + * usr_update() creates the password file entries for this user and +-- +1.8.3.1 +