- getsubids: provide system binary and man page (#1980780)

- pwck: fix segfault when calling fprintf() (#2021339) - newgrp: fix segmentation fault (#2019553) - groupdel: fix SIGSEGV when passwd does not exist (#1986111) Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-11-19 09:44:08 +01:00 · 2021-11-19 09:44:08 +01:00 · 957f0eb09e
commit 957f0eb09e
parent a2d5d3dbda
5 changed files with 345 additions and 2 deletions
--- a/shadow-4.9-getsubids.patch
+++ b/shadow-4.9-getsubids.patch
@ -0,0 +1,245 @@
+diff -up shadow-4.9/man/getsubids.1.xml.getsubids shadow-4.9/man/getsubids.1.xml
+--- shadow-4.9/man/getsubids.1.xml.getsubids	2021-11-18 16:27:33.951053120 +0100
+++ shadow-4.9/man/getsubids.1.xml	2021-11-18 16:27:33.951053120 +0100
+@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+   Copyright (c) 2021 Iker Pedrosa
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. The name of the copyright holders or contributors may not be used to
+      endorse or promote products derived from this software without
+      specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!-- SHADOW-CONFIG-HERE -->
+]>
+
+<refentry id='getsubids.1'>
+  <refentryinfo>
+    <author>
+      <firstname>Iker</firstname>
+      <surname>Pedrosa</surname>
+      <contrib>Creation, 2021</contrib>
+    </author>
+  </refentryinfo>
+  <refmeta>
+    <refentrytitle>getsubids</refentrytitle>
+    <manvolnum>1</manvolnum>
+    <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
+    <refmiscinfo class="source">shadow-utils</refmiscinfo>
+    <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
+  </refmeta>
+  <refnamediv id='name'>
+    <refname>getsubids</refname>
+    <refpurpose>get the subordinate id ranges for a user</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv id='synopsis'>
+    <cmdsynopsis>
+      <command>getsubids</command>
+      <arg choice='opt'>
+        <replaceable>options</replaceable>
+      </arg>
+      <arg choice='plain'>
+        <replaceable>USER</replaceable>
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id='description'>
+    <title>DESCRIPTION</title>
+    <para>
+      The <command>getsubids</command> command lists the subordinate user ID
+      ranges for a given user. The subordinate group IDs can be listed using
+      the <option>-g</option> option.
+    </para>
+  </refsect1>
+
+  <refsect1 id='options'>
+    <title>OPTIONS</title>
+    <para>
+      The options which apply to the <command>getsubids</command> command are:
+    </para>
+    <variablelist remap='IP'>
+      <varlistentry>
+        <term>
+          <option>-g</option>
+        </term>
+        <listitem>
+          <para>
+            List the subordinate group ID ranges.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='example'>
+    <title>EXAMPLE</title>
+    <para>
+      For example, to obtain the subordinate UIDs of the testuser:
+    </para>
+    <para>
+<programlisting>
+$ getsubids testuser
+0: testuser 100000 65536
+</programlisting>
+    </para>
+    <para>
+      This command output provides (in order from left to right) the list
+      index, username, UID range start, and number of UIDs in range.
+    </para>
+  </refsect1>
+
+  <refsect1 id='see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>.
+      <citerefentry>
+        <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+    </para>
+  </refsect1>
+</refentry>
+diff -up shadow-4.9/man/Makefile.am.getsubids shadow-4.9/man/Makefile.am
+--- shadow-4.9/man/Makefile.am.getsubids	2021-07-22 23:55:35.000000000 +0200
+++ shadow-4.9/man/Makefile.am	2021-11-18 16:27:33.951053120 +0100
+@@ -62,6 +62,7 @@ man_MANS += $(man_nopam)
+ endif
+ 
+ man_subids = \
+	man1/getsubids.1 \
+ 	man1/newgidmap.1 \
+ 	man1/newuidmap.1 \
+ 	man5/subgid.5 \
+@@ -80,6 +81,7 @@ man_XMANS = \
+ 	expiry.1.xml \
+ 	faillog.5.xml \
+ 	faillog.8.xml \
+	getsubids.1.xml \
+ 	gpasswd.1.xml \
+ 	groupadd.8.xml \
+ 	groupdel.8.xml \
+diff -up shadow-4.9/src/getsubids.c.getsubids shadow-4.9/src/getsubids.c
+--- shadow-4.9/src/getsubids.c.getsubids	2021-11-18 16:27:33.951053120 +0100
+++ shadow-4.9/src/getsubids.c	2021-11-18 16:27:33.951053120 +0100
+@@ -0,0 +1,46 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "subid.h"
+#include "prototypes.h"
+
+const char *Prog;
+FILE *shadow_logfd = NULL;
+
+void usage(void)
+{
+	fprintf(stderr, "Usage: %s [-g] user\n", Prog);
+	fprintf(stderr, "    list subuid ranges for user\n");
+	fprintf(stderr, "    pass -g to list subgid ranges\n");
+	exit(EXIT_FAILURE);
+}
+
+int main(int argc, char *argv[])
+{
+	int i, count=0;
+	struct subid_range *ranges;
+	const char *owner;
+
+	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
+	if (argc < 2)
+		usage();
+	owner = argv[1];
+	if (argc == 3 && strcmp(argv[1], "-g") == 0) {
+		owner = argv[2];
+		count = get_subgid_ranges(owner, &ranges);
+	} else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
+		usage();
+	} else {
+		count = get_subuid_ranges(owner, &ranges);
+	}
+	if (!ranges) {
+		fprintf(stderr, "Error fetching ranges\n");
+		exit(1);
+	}
+	for (i = 0; i < count; i++) {
+		printf("%d: %s %lu %lu\n", i, owner,
+			ranges[i].start, ranges[i].count);
+	}
+	return 0;
+}
+diff -up shadow-4.9/src/list_subid_ranges.c.getsubids shadow-4.9/src/list_subid_ranges.c
+diff -up shadow-4.9/src/Makefile.am.getsubids shadow-4.9/src/Makefile.am
+--- shadow-4.9/src/Makefile.am.getsubids	2021-11-18 16:27:33.943053061 +0100
+++ shadow-4.9/src/Makefile.am	2021-11-18 16:28:03.647272392 +0100
+@@ -157,8 +157,8 @@ if FCAPS
+ 	setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
+ endif
+ 
+-noinst_PROGRAMS += list_subid_ranges  \
+-					get_subid_owners \
+bin_PROGRAMS    +=  getsubids
+noinst_PROGRAMS +=  get_subid_owners \
+ 					new_subid_range \
+ 					free_subid_range \
+ 					check_subid_range
+@@ -174,13 +174,13 @@ MISCLIBS = \
+ 	$(LIBCRYPT) \
+ 	$(LIBTCB)
+ 
+-list_subid_ranges_LDADD = \
+getsubids_LDADD = \
+ 	$(top_builddir)/lib/libshadow.la \
+ 	$(top_builddir)/libmisc/libmisc.la \
+ 	$(top_builddir)/libsubid/libsubid.la \
+ 	$(MISCLIBS) -ldl
+ 
+-list_subid_ranges_CPPFLAGS = \
+getsubids_CPPFLAGS = \
+ 	-I$(top_srcdir)/lib \
+ 	-I$(top_srcdir)/libmisc \
+ 	-I$(top_srcdir)/libsubid
--- a/shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
+++ b/shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
@ -0,0 +1,13 @@
+diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c
+--- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist	2021-11-19 09:21:36.997091941 +0100
+++ shadow-4.9/libmisc/prefix_flag.c	2021-11-19 09:22:19.001341010 +0100
+@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
+ 	if(!passwd_db_file) {
+ 		return getpwent();
+ 	}
+	if (!fp_pwent) {
+		return NULL;
+	}
+ 	return fgetpwent(fp_pwent);
+ }
+ extern void prefix_endpwent()
--- a/shadow-4.9-newgrp-fix-segmentation-fault.patch
+++ b/shadow-4.9-newgrp-fix-segmentation-fault.patch
@ -0,0 +1,35 @@
+From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001
+From: Iker Pedrosa <ipedrosa@redhat.com>
+Date: Wed, 10 Nov 2021 12:02:04 +0100
+Subject: [PATCH] newgrp: fix segmentation fault
+
+Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
+that is immediately freed.
+
+The error was committed in
+https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553
+
+Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
+---
+ src/newgrp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/newgrp.c b/src/newgrp.c
+index 730f47e8..566f1c89 100644
+--- a/src/newgrp.c
+++ b/src/newgrp.c
+@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp,
+ 	spwd = xgetspnam (pwd->pw_name);
+ 	if (NULL != spwd) {
+ 		pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
+		spw_free (spwd);
+ 	}
+-	spw_free (spwd);
+ 
+ 	if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
+ 		needspasswd = true;
+-- 
+2.31.1
+
--- a/shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
+++ b/shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
@ -0,0 +1,30 @@
+From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001
+From: Iker Pedrosa <ipedrosa@redhat.com>
+Date: Mon, 15 Nov 2021 12:40:15 +0100
+Subject: [PATCH] pwck: fix segfault when calling fprintf()
+
+As shadow_logfd variable is not set at the beginning of the program if
+something fails and fprintf() is called a segmentation fault happens.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
+
+Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
+---
+ src/pwck.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/pwck.c b/src/pwck.c
+index 4248944a..4ce86af2 100644
+--- a/src/pwck.c
+++ b/src/pwck.c
+@@ -857,6 +857,7 @@ int main (int argc, char **argv)
+ 	 * Get my name so that I can use it to report errors.
+ 	 */
+ 	Prog = Basename (argv[0]);
+	shadow_logfd = stderr;
+ 
+ 	(void) setlocale (LC_ALL, "");
+ 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
+-- 
+2.31.1
+
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.9
-Release: 7%{?dist}
+Release: 8%{?dist}
 Epoch: 2
 License: BSD and GPLv2+
 URL: https://github.com/shadow-maint/shadow
@ -57,8 +57,16 @@ Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
 Patch18: shadow-4.9-semanage-close-the-selabel-handle.patch
 # https://github.com/shadow-maint/shadow/commit/4624e9fca1b02b64e25e8b2280a0186182ab73ba
 Patch19: shadow-4.9-revert-useradd-fix-memleak.patch
-# https://github.com/shadow-maint/shadow/pull/439
+# https://github.com/shadow-maint/shadow/commit/06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2
 Patch20: shadow-4.9-useradd-copy-tree-argument.patch
+# https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f
+Patch21: shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
+# https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948
+Patch22: shadow-4.9-newgrp-fix-segmentation-fault.patch
+# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734
+Patch23: shadow-4.9-getsubids.patch
+# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
+Patch24: shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch

 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@ -139,6 +147,10 @@ Development files for shadow-utils-subid.
 %patch18 -p1 -b .semanage-close-the-selabel-handle
 %patch19 -p1 -b .revert-useradd-fix-memleak
 %patch20 -p1 -b .useradd-copy-tree-argument
+%patch21 -p1 -b .pwck-fix-segfault-when-calling-fprintf
+%patch22 -p1 -b .newgrp-fix-segmentation-fault
+%patch23 -p1 -b .getsubids
+%patch24 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@ -303,12 +315,20 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la

 %files subid
 %{_libdir}/libsubid.so.*
+%{_bindir}/getsubids
+%{_mandir}/man1/getsubids.1*

 %files subid-devel
 %{includesubiddir}/subid.h
 %{_libdir}/libsubid.so

 %changelog
+* Fri Nov 19 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-8
+- getsubids: provide system binary and man page (#1980780)
+- pwck: fix segfault when calling fprintf() (#2021339)
+- newgrp: fix segmentation fault (#2019553)
+- groupdel: fix SIGSEGV when passwd does not exist (#1986111)
+
 * Fri Nov 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-7
 - useradd: change SELinux labels for home files (#2022658)