- bsc#1190146: Fix empty subid range

Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=113
2021-09-20 09:46:44 +00:00 · 2021-09-20 09:46:44 +00:00 · c9c98a79f2
commit c9c98a79f2
parent c08b0a69cc
3 changed files with 104 additions and 0 deletions
--- a/shadow-4.9-useradd-subuid.patch
+++ b/shadow-4.9-useradd-subuid.patch
@ -0,0 +1,94 @@
+This patch contains:
+https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249#diff-9a7a2bfccabec64213bd054801b9efca8ad55636afbc49e0107714c0f8ffabbe
+and 
+https://github.com/shadow-maint/shadow/commit/049b08481acc2040e2079ae06e64d0bb36326528#
+Index: shadow-4.9/src/useradd.c
+===================================================================
+--- shadow-4.9.orig/src/useradd.c
+++ shadow-4.9/src/useradd.c
+@@ -146,9 +146,7 @@ static bool is_sub_gid = false;
+ static bool sub_uid_locked = false;
+ static bool sub_gid_locked = false;
+ static uid_t sub_uid_start;	/* New subordinate uid range */
+-static unsigned long sub_uid_count;
+ static gid_t sub_gid_start;	/* New subordinate gid range */
+-static unsigned long sub_gid_count;
+ #endif				/* ENABLE_SUBIDS */
+ static bool pw_locked = false;
+ static bool gr_locked = false;
+@@ -239,7 +237,7 @@ static void open_shadow (void);
+ static void faillog_reset (uid_t);
+ static void lastlog_reset (uid_t);
+ static void tallylog_reset (const char *);
+-static void usr_update (void);
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
+ static void create_home (void);
+ static void create_mail (void);
+ static void check_uid_range(int rflg, uid_t user_id);
+@@ -2118,7 +2116,7 @@ static void tallylog_reset (const char *
+  *	usr_update() creates the password file entries for this user
+  *	and will update the group entries if required.
+  */
+-static void usr_update (void)
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
+ {
+ 	struct passwd pwent;
+ 	struct spwd spent;
+@@ -2181,14 +2179,14 @@ static void usr_update (void)
+ 	}
+ #ifdef ENABLE_SUBIDS
+ 	if (is_sub_uid &&
+-	    (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
+		(sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
+ 		fprintf (stderr,
+ 		         _("%s: failed to prepare the new %s entry\n"),
+ 		         Prog, sub_uid_dbname ());
+ 		fail_exit (E_SUB_UID_UPDATE);
+ 	}
+ 	if (is_sub_gid &&
+-	    (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
+	    (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
+ 		fprintf (stderr,
+ 		         _("%s: failed to prepare the new %s entry\n"),
+ 		         Prog, sub_uid_dbname ());
+@@ -2484,9 +2482,9 @@ int main (int argc, char **argv)
+ #ifdef ENABLE_SUBIDS
+ 	uid_t uid_min;
+ 	uid_t uid_max;
+#endif
+ 	unsigned long subuid_count;
+ 	unsigned long subgid_count;
+-#endif
+ 
+ 	/*
+ 	 * Get my name so that I can use it to report errors.
+@@ -2688,16 +2686,16 @@ int main (int argc, char **argv)
+ 	}
+ 
+ #ifdef ENABLE_SUBIDS
+-	if (is_sub_uid && sub_uid_count != 0) {
+-		if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
+	if (is_sub_uid && subuid_count != 0) {
+		if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
+ 			fprintf (stderr,
+ 			         _("%s: can't create subordinate user IDs\n"),
+ 			         Prog);
+ 			fail_exit(E_SUB_UID_UPDATE);
+ 		}
+ 	}
+-	if (is_sub_gid && sub_gid_count != 0) {
+-		if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
+	if (is_sub_gid && subgid_count != 0) {
+		if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
+ 			fprintf (stderr,
+ 			         _("%s: can't create subordinate group IDs\n"),
+ 			         Prog);
+@@ -2706,7 +2704,7 @@ int main (int argc, char **argv)
+ 	}
+ #endif				/* ENABLE_SUBIDS */
+ 
+-	usr_update ();
+	usr_update (subuid_count, subgid_count);
+ 
+ 	if (mflg) {
+ 		create_home ();
--- a/shadow.changes
+++ b/shadow.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com>
+
+- bsc#1190146: Fix empty subid range
+  Add shadow-4.9-useradd-subuid.patch
+  https://github.com/shadow-maint/shadow/pull/399
+
 -------------------------------------------------------------------
 Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter <mvetter@suse.com>

--- a/shadow.spec
+++ b/shadow.spec
@ -69,6 +69,8 @@ Patch12:        shadow-fix-sigabrt.patch
 Patch13:        shadow-passwd-handle-null.patch
 # PATCH-FIX-UPSTREAM shadow-4.9-sgent-free.patch mvetter@suse.de -- Fix double free (boo#1190145)
 Patch14:        shadow-4.9-sgent-free.patch
+# PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch mvetter@suse.de -- Fix generating empty subid range and undeclared subid_count (boo#1190146)
+Patch15:        shadow-4.9-useradd-subuid.patch
 BuildRequires:  audit-devel > 2.3
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -147,6 +149,7 @@ Development files for libsubid3.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO