Imported Upstream version 4.2

This commit is contained in:
Christian Perrier
2014-03-01 19:59:36 +01:00
parent db1dc7288b
commit 65b471a2f2
706 changed files with 46966 additions and 139295 deletions
+162 -2
View File
@@ -32,7 +32,7 @@
#include <config.h>
#ident "$Id: useradd.c 3743 2012-05-25 11:51:53Z nekral-guest $"
#ident "$Id$"
#include <assert.h>
#include <ctype.h>
@@ -65,6 +65,9 @@
#include "sgroupio.h"
#endif
#include "shadowio.h"
#ifdef ENABLE_SUBIDS
#include "subordinateio.h"
#endif /* ENABLE_SUBIDS */
#ifdef WITH_TCB
#include "tcbfuncs.h"
#endif
@@ -121,6 +124,16 @@ static bool is_shadow_pwd;
static bool is_shadow_grp;
static bool sgr_locked = false;
#endif
#ifdef ENABLE_SUBIDS
static bool is_sub_uid = false;
static bool is_sub_gid = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
static uid_t sub_uid_start; /* New subordinate uid range */
static unsigned long sub_uid_count;
static gid_t sub_gid_start; /* New subordinate gid range */
static unsigned long sub_gid_count;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool gr_locked = false;
static bool spw_locked = false;
@@ -168,6 +181,10 @@ static bool home_added = false;
#define E_GRP_UPDATE 10 /* can't update group file */
#define E_HOMEDIR 12 /* can't create home directory */
#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
#ifdef ENABLE_SUBIDS
#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
#endif /* ENABLE_SUBIDS */
#define DGROUP "GROUP="
#define DHOME "HOME="
@@ -268,6 +285,34 @@ static void fail_exit (int code)
}
}
#endif
#ifdef ENABLE_SUBIDS
if (sub_uid_locked) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking subordinate user file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
}
if (sub_gid_locked) {
if (sub_gid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking subordinate group file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1378,6 +1423,20 @@ static void close_files (void)
}
#endif
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid && (sub_uid_close () == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
fail_exit (E_SUB_UID_UPDATE);
}
if (is_sub_gid && (sub_gid_close () == 0)) {
fprintf (stderr,
_("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
fail_exit (E_SUB_GID_UPDATE);
}
#endif /* ENABLE_SUBIDS */
if (is_shadow_pwd) {
if (spw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
@@ -1432,6 +1491,36 @@ static void close_files (void)
sgr_locked = false;
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking subordinate user file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
sub_uid_locked = false;
}
if (is_sub_gid) {
if (sub_gid_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"unlocking subordinate group file",
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
/* continue */
}
sub_gid_locked = false;
}
#endif /* ENABLE_SUBIDS */
}
/*
@@ -1486,6 +1575,38 @@ static void open_files (void)
}
}
#endif
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (sub_uid_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
}
if (is_sub_gid) {
if (sub_gid_lock () == 0) {
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, sub_gid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
}
static void open_shadow (void)
@@ -1732,13 +1853,29 @@ static void usr_update (void)
#endif
fail_exit (E_PW_UPDATE);
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid &&
(sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
if (is_sub_gid &&
(sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_GID_UPDATE);
}
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding user",
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
#endif
/*
* Do any group file updates for this user.
*/
@@ -1884,6 +2021,10 @@ int main (int argc, char **argv)
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
#ifdef ENABLE_SUBIDS
is_sub_uid = sub_uid_file_present ();
is_sub_gid = sub_gid_file_present ();
#endif /* ENABLE_SUBIDS */
get_defaults ();
@@ -2034,6 +2175,25 @@ int main (int argc, char **argv)
grp_add ();
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid) {
if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate user IDs\n"),
Prog);
fail_exit(E_SUB_UID_UPDATE);
}
}
if (is_sub_gid) {
if (find_new_sub_gids(user_name, &sub_gid_start, &sub_gid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate group IDs\n"),
Prog);
fail_exit(E_SUB_GID_UPDATE);
}
}
#endif /* ENABLE_SUBIDS */
usr_update ();
if (mflg) {