From c9c98a79f2a7d8a0cb5329c03a4687e046c40c2a5e8ca6bb0ae5cf0a002c0a40 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Mon, 20 Sep 2021 09:46:44 +0000 Subject: [PATCH] - bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=113 --- shadow-4.9-useradd-subuid.patch | 94 +++++++++++++++++++++++++++++++++ shadow.changes | 7 +++ shadow.spec | 3 ++ 3 files changed, 104 insertions(+) create mode 100644 shadow-4.9-useradd-subuid.patch diff --git a/shadow-4.9-useradd-subuid.patch b/shadow-4.9-useradd-subuid.patch new file mode 100644 index 0000000..ce3edb9 --- /dev/null +++ b/shadow-4.9-useradd-subuid.patch @@ -0,0 +1,94 @@ +This patch contains: +https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249#diff-9a7a2bfccabec64213bd054801b9efca8ad55636afbc49e0107714c0f8ffabbe +and +https://github.com/shadow-maint/shadow/commit/049b08481acc2040e2079ae06e64d0bb36326528# +Index: shadow-4.9/src/useradd.c +=================================================================== +--- shadow-4.9.orig/src/useradd.c ++++ shadow-4.9/src/useradd.c +@@ -146,9 +146,7 @@ static bool is_sub_gid = false; + static bool sub_uid_locked = false; + static bool sub_gid_locked = false; + static uid_t sub_uid_start; /* New subordinate uid range */ +-static unsigned long sub_uid_count; + static gid_t sub_gid_start; /* New subordinate gid range */ +-static unsigned long sub_gid_count; + #endif /* ENABLE_SUBIDS */ + static bool pw_locked = false; + static bool gr_locked = false; +@@ -239,7 +237,7 @@ static void open_shadow (void); + static void faillog_reset (uid_t); + static void lastlog_reset (uid_t); + static void tallylog_reset (const char *); +-static void usr_update (void); ++static void usr_update (unsigned long subuid_count, unsigned long subgid_count); + static void create_home (void); + static void create_mail (void); + static void check_uid_range(int rflg, uid_t user_id); +@@ -2118,7 +2116,7 @@ static void tallylog_reset (const char * + * usr_update() creates the password file entries for this user + * and will update the group entries if required. + */ +-static void usr_update (void) ++static void usr_update (unsigned long subuid_count, unsigned long subgid_count) + { + struct passwd pwent; + struct spwd spent; +@@ -2181,14 +2179,14 @@ static void usr_update (void) + } + #ifdef ENABLE_SUBIDS + if (is_sub_uid && +- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) { ++ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), + Prog, sub_uid_dbname ()); + fail_exit (E_SUB_UID_UPDATE); + } + if (is_sub_gid && +- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) { ++ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) { + fprintf (stderr, + _("%s: failed to prepare the new %s entry\n"), + Prog, sub_uid_dbname ()); +@@ -2484,9 +2482,9 @@ int main (int argc, char **argv) + #ifdef ENABLE_SUBIDS + uid_t uid_min; + uid_t uid_max; ++#endif + unsigned long subuid_count; + unsigned long subgid_count; +-#endif + + /* + * Get my name so that I can use it to report errors. +@@ -2688,16 +2686,16 @@ int main (int argc, char **argv) + } + + #ifdef ENABLE_SUBIDS +- if (is_sub_uid && sub_uid_count != 0) { +- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) { ++ if (is_sub_uid && subuid_count != 0) { ++ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) { + fprintf (stderr, + _("%s: can't create subordinate user IDs\n"), + Prog); + fail_exit(E_SUB_UID_UPDATE); + } + } +- if (is_sub_gid && sub_gid_count != 0) { +- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) { ++ if (is_sub_gid && subgid_count != 0) { ++ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) { + fprintf (stderr, + _("%s: can't create subordinate group IDs\n"), + Prog); +@@ -2706,7 +2704,7 @@ int main (int argc, char **argv) + } + #endif /* ENABLE_SUBIDS */ + +- usr_update (); ++ usr_update (subuid_count, subgid_count); + + if (mflg) { + create_home (); diff --git a/shadow.changes b/shadow.changes index 6040f59..4f403b5 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter + +- bsc#1190146: Fix empty subid range + Add shadow-4.9-useradd-subuid.patch + https://github.com/shadow-maint/shadow/pull/399 + ------------------------------------------------------------------- Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter diff --git a/shadow.spec b/shadow.spec index a26b24a..d0c0b4b 100644 --- a/shadow.spec +++ b/shadow.spec @@ -69,6 +69,8 @@ Patch12: shadow-fix-sigabrt.patch Patch13: shadow-passwd-handle-null.patch # PATCH-FIX-UPSTREAM shadow-4.9-sgent-free.patch mvetter@suse.de -- Fix double free (boo#1190145) Patch14: shadow-4.9-sgent-free.patch +# PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch mvetter@suse.de -- Fix generating empty subid range and undeclared subid_count (boo#1190146) +Patch15: shadow-4.9-useradd-subuid.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -147,6 +149,7 @@ Development files for libsubid3. %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO