diff options
19 files changed, 333 insertions, 1936 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch new file mode 100644 index 0000000000..85dde8e1bb --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch @@ -0,0 +1,109 @@ +Upstream-Status: Inappropriate [OE specific] + +Subject: useradd.c: create parent directories when necessary + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 49 insertions(+), 23 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 4bd969d..cb5dd6c 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -1893,6 +1893,35 @@ static void usr_update (void) + } + + /* ++ * mkdir_p - create directories, including parent directories when needed ++ * ++ * similar to `mkdir -p' ++ */ ++void mkdir_p(const char *path) { ++ int len = strlen(path); ++ char newdir[len + 1]; ++ mode_t mode = 0755; ++ int i = 0; ++ ++ if (path[i] == '\0') { ++ return; ++ } ++ ++ /* skip the leading '/' */ ++ i++; ++ ++ while(path[i] != '\0') { ++ if (path[i] == '/') { ++ strncpy(newdir, path, i); ++ newdir[i] = '\0'; ++ mkdir(newdir, mode); ++ } ++ i++; ++ } ++ mkdir(path, mode); ++} ++ ++/* + * create_home - create the user's home directory + * + * create_home() creates the user's home directory if it does not +@@ -1907,36 +1936,33 @@ static void create_home (void) + fail_exit (E_HOMEDIR); + } + #endif +- /* XXX - create missing parent directories. --marekm */ +- if (mkdir (user_home, 0) != 0) { +- fprintf (stderr, +- _("%s: cannot create directory %s\n"), +- Prog, user_home); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_ADD_USER, Prog, +- "adding home directory", +- user_name, (unsigned int) user_id, +- SHADOW_AUDIT_FAILURE); +-#endif +- fail_exit (E_HOMEDIR); +- } +- chown (user_home, user_id, user_gid); +- chmod (user_home, +- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); +- home_added = true; ++ mkdir_p(user_home); ++ } ++ if (access (user_home, F_OK) != 0) { + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, + "adding home directory", + user_name, (unsigned int) user_id, +- SHADOW_AUDIT_SUCCESS); ++ SHADOW_AUDIT_FAILURE); + #endif +-#ifdef WITH_SELINUX +- /* Reset SELinux to create files with default contexts */ +- if (reset_selinux_file_context () != 0) { +- fail_exit (E_HOMEDIR); +- } ++ fail_exit (E_HOMEDIR); ++ } ++ chown (user_home, user_id, user_gid); ++ chmod (user_home, ++ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); ++ home_added = true; ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "adding home directory", ++ user_name, (unsigned int) user_id, ++ SHADOW_AUDIT_SUCCESS); + #endif ++#ifdef WITH_SELINUX ++ /* Reset SELinux to create files with default contexts */ ++ if (reset_selinux_file_context () != 0) { ++ fail_exit (E_HOMEDIR); + } ++#endif + } + + /* +-- +1.7.9.5 + diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch b/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch deleted file mode 100644 index 40444967ab..0000000000 --- a/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch +++ /dev/null @@ -1,75 +0,0 @@ -Add a --root command option to groupmems utility. - -This option allows the utility to be chrooted when run under pseudo. - -Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com> - -diff -Naur old/src/groupmems.c new/src/groupmems.c ---- old/src/groupmems.c 2011-02-13 11:58:16.000000000 -0600 -+++ new/src/groupmems.c 2013-05-30 04:45:38.000000000 -0500 -@@ -60,6 +60,7 @@ - #define EXIT_MEMBER_EXISTS 7 /* member of group already exists */ - #define EXIT_INVALID_USER 8 /* specified user does not exist */ - #define EXIT_INVALID_GROUP 9 /* specified group does not exist */ -+#define EXIT_BAD_ARG 10 /* invalid argument to option */ - - /* - * Global variables -@@ -79,6 +80,7 @@ - static bool is_shadowgrp; - static bool sgr_locked = false; - #endif -+static const char *newroot = ""; - - /* local function prototypes */ - static char *whoami (void); -@@ -368,6 +370,7 @@ - "Options:\n" - " -g, --group groupname change groupname instead of the user's group\n" - " (root only)\n" -+ " -R, --root CHROOT_DIR directory to chroot into\n" - "\n" - "Actions:\n" - " -a, --add username add username to the members of the group\n" -@@ -391,10 +394,11 @@ - {"group", required_argument, NULL, 'g'}, - {"list", no_argument, NULL, 'l'}, - {"purge", no_argument, NULL, 'p'}, -+ {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; - -- while ((arg = getopt_long (argc, argv, "a:d:g:lp", long_options, -+ while ((arg = getopt_long (argc, argv, "a:d:g:lpR:", long_options, - &option_index)) != EOF) { - switch (arg) { - case 'a': -@@ -416,6 +420,28 @@ - purge = true; - ++exclusive; - break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (EXIT_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (EXIT_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (EXIT_BAD_ARG); -+ } -+ break; - default: - usage (); - } diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch deleted file mode 100644 index ab87e35535..0000000000 --- a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch +++ /dev/null @@ -1,1384 +0,0 @@ -Add a --root command option to the following utilties: - -* useradd -* groupadd -* usermod -* groupmod -* userdel -* groupdel -* passwd -* gpasswd -* pwconv -* pwunconv -* grpconv -* grpunconv - -This option allows the utilities to be chrooted when run under pseudo. -They can then be used to manipulate user and group account information -in target sysroots. - -The useradd utility was also modified to create home directories -recursively when necessary. - -Upstream-Status: Inappropriate [Other] -Workaround is specific to our build system. - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -2011-09-29 Fix the parsing of the --root option in gpasswd, useradd, usermod: - -In programs which need to scan the command line in two passes to handle ---root option separately from the rest of the arguments, replace the first -calls to getopt_long with a simple iteration over the argument list since -getopt_long has the bad habit of reordering arguments on the command line. - -Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com> - -diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c ---- shadow-4.1.4.3.orig//src/gpasswd.c 2011-09-29 12:00:45.211000091 +0100 -+++ shadow-4.1.4.3//src/gpasswd.c 2011-09-29 12:09:54.590000090 +0100 -@@ -63,6 +63,7 @@ - * (/etc/gshadow present) */ - static bool is_shadowgrp; - #endif -+static const char *newroot = ""; - - /* Flags set by options */ - static bool aflg = false; -@@ -97,6 +98,7 @@ - static void usage (void); - static RETSIGTYPE catch_signals (int killed); - static bool is_valid_user_list (const char *users); -+static void process_root_flag (int argc, char **argv); - static void process_flags (int argc, char **argv); - static void check_flags (int argc, int opt_index); - static void open_files (void); -@@ -136,6 +138,7 @@ - "Options:\n" - " -a, --add USER add USER to GROUP\n" - " -d, --delete USER remove USER from GROUP\n" -+ " -Q --root CHROOT_DIR directory to chroot into\n" - " -r, --remove-password remove the GROUP's password\n" - " -R, --restrict restrict access to GROUP to its members\n" - " -M, --members USER,... set the list of members of GROUP\n" -@@ -226,6 +229,57 @@ - } - - /* -+ * process_root_flag - chroot if given the --root option -+ * -+ * We do this outside of process_flags() because -+ * the is_shadow_pwd boolean needs to be set before -+ * process_flags(), and if we do need to chroot() we -+ * must do so before is_shadow_pwd gets set. -+ */ -+static void process_root_flag (int argc, char **argv) -+{ -+ /* -+ * Parse the command line options. -+ */ -+ int i; -+ char *root; -+ -+ for (i = 0; i < argc; i++) { -+ if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-Q")) { -+ if (i + 1 == argc) { -+ fprintf (stderr, -+ _("%s: option '%s' requires an argument\n"), -+ Prog, argv[i]); -+ exit (E_BAD_ARG); -+ } -+ root = argv[i + 1]; -+ -+ if ('/' != root[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, root); -+ exit (E_BAD_ARG); -+ } -+ newroot = root; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ } -+ } -+} -+ -+/* - * process_flags - process the command line options and arguments - */ - static void process_flags (int argc, char **argv) -@@ -235,6 +289,7 @@ - static struct option long_options[] = { - {"add", required_argument, NULL, 'a'}, - {"delete", required_argument, NULL, 'd'}, -+ {"root", required_argument, NULL, 'Q'}, - {"remove-password", no_argument, NULL, 'r'}, - {"restrict", no_argument, NULL, 'R'}, - {"administrators", required_argument, NULL, 'A'}, -@@ -242,7 +297,7 @@ - {NULL, 0, NULL, '\0'} - }; - -- while ((flag = getopt_long (argc, argv, "a:A:d:gM:rR", long_options, &option_index)) != -1) { -+ while ((flag = getopt_long (argc, argv, "a:A:d:gM:Q:rR", long_options, &option_index)) != -1) { - switch (flag) { - case 'a': /* add a user */ - aflg = true; -@@ -283,6 +338,9 @@ - } - Mflg = true; - break; -+ case 'Q': -+ /* no-op since we handled this in process_root_flag() earlier */ -+ break; - case 'r': /* remove group password */ - rflg = true; - break; -@@ -995,6 +1053,8 @@ - setbuf (stdout, NULL); - setbuf (stderr, NULL); - -+ process_root_flag (argc, argv); -+ - #ifdef SHADOWGRP - is_shadowgrp = sgr_file_present (); - #endif -diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c ---- shadow-4.1.4.3.orig//src/groupadd.c 2011-09-29 12:00:45.212000091 +0100 -+++ shadow-4.1.4.3//src/groupadd.c 2011-09-29 11:59:28.386000092 +0100 -@@ -76,6 +76,7 @@ - static gid_t group_id; - static /*@null@*/char *group_passwd; - static /*@null@*/char *empty_list = NULL; -+static const char *newroot = ""; - - static bool oflg = false; /* permit non-unique group ID to be specified with -g */ - static bool gflg = false; /* ID value for the new group */ -@@ -120,6 +121,7 @@ - (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" - " (non-unique) GID\n"), stderr); - (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); - (void) fputs (_(" -r, --system create a system account\n"), stderr); - (void) fputs ("\n", stderr); - exit (E_USAGE); -@@ -383,12 +385,13 @@ - {"key", required_argument, NULL, 'K'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"root", required_argument, NULL, 'R'}, - {"system", no_argument, NULL, 'r'}, - {NULL, 0, NULL, '\0'} - }; - - while ((c = -- getopt_long (argc, argv, "fg:hK:op:r", long_options, -+ getopt_long (argc, argv, "fg:hK:op:R:r", long_options, - &option_index)) != -1) { - switch (c) { - case 'f': -@@ -440,6 +443,28 @@ - pflg = true; - group_passwd = optarg; - break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; - case 'r': - rflg = true; - break; -diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c ---- shadow-4.1.4.3.orig//src/groupdel.c 2011-09-29 12:00:45.212000091 +0100 -+++ shadow-4.1.4.3//src/groupdel.c 2011-09-29 11:59:28.386000092 +0100 -@@ -36,6 +36,7 @@ - - #include <ctype.h> - #include <fcntl.h> -+#include <getopt.h> - #include <grp.h> - #include <pwd.h> - #ifdef ACCT_TOOLS_SETUID -@@ -59,6 +60,7 @@ - - static char *group_name; - static gid_t group_id = -1; -+static const char *newroot = ""; - - #ifdef SHADOWGRP - static bool is_shadow_grp; -@@ -70,12 +72,14 @@ - /*@-exitarg@*/ - #define E_SUCCESS 0 /* success */ - #define E_USAGE 2 /* invalid command syntax */ -+#define E_BAD_ARG 3 /* invalid argument to option */ - #define E_NOTFOUND 6 /* specified group doesn't exist */ - #define E_GROUP_BUSY 8 /* can't remove user's primary group */ - #define E_GRP_UPDATE 10 /* can't update group file */ - - /* local function prototypes */ - static void usage (void); -+static void process_flags (int argc, char **argv); - static void grp_update (void); - static void close_files (void); - static void open_files (void); -@@ -86,11 +90,78 @@ - */ - static void usage (void) - { -- fputs (_("Usage: groupdel group\n"), stderr); -+ (void) fprintf (stderr, -+ _("Usage: groupdel [options]\n" -+ "\n" -+ "Options:\n"), -+ Prog); -+ (void) fputs (_(" -g, --group GROUP group name to delete\n"), stderr); -+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); -+ (void) fputs ("\n", stderr); - exit (E_USAGE); - } - - /* -+ * process_flags - perform command line argument setting -+ * -+ * process_flags() interprets the command line arguments and sets -+ * the values that the user will be created with accordingly. The -+ * values are checked for sanity. -+ */ -+static void process_flags (int argc, char **argv) -+{ -+ { -+ /* -+ * Parse the command line options. -+ */ -+ int c; -+ static struct option long_options[] = { -+ {"group", required_argument, NULL, 'g'}, -+ {"help", no_argument, NULL, 'h'}, -+ {"root", required_argument, NULL, 'R'}, -+ {NULL, 0, NULL, '\0'} -+ }; -+ while ((c = getopt_long (argc, argv, -+ "g:R:", -+ long_options, NULL)) != -1) { -+ switch (c) { -+ case 'g': -+ group_name = optarg; -+ break; -+ case 'h': -+ usage (); -+ break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ default: -+ usage (); -+ } -+ } -+ } -+} -+ -+/* - * grp_update - update group file entries - * - * grp_update() writes the new records to the group files. -@@ -328,14 +399,14 @@ - (void) bindtextdomain (PACKAGE, LOCALEDIR); - (void) textdomain (PACKAGE); - -- if (argc != 2) { -+ if (argc == 1) { - usage (); - } - -- group_name = argv[1]; -- - OPENLOG ("groupdel"); - -+ process_flags (argc, argv); -+ - #ifdef ACCT_TOOLS_SETUID - #ifdef USE_PAM - { -diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c ---- shadow-4.1.4.3.orig//src/groupmod.c 2011-09-29 12:00:45.212000091 +0100 -+++ shadow-4.1.4.3//src/groupmod.c 2011-09-29 11:59:28.387000092 +0100 -@@ -79,6 +79,7 @@ - static char *group_passwd; - static gid_t group_id; - static gid_t group_newid; -+static char *newroot = ""; - - struct cleanup_info_mod info_passwd; - struct cleanup_info_mod info_group; -@@ -126,6 +127,7 @@ - (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), stderr); - (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" - " PASSWORD\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); - (void) fputs ("\n", stderr); - exit (E_USAGE); - } -@@ -346,10 +348,11 @@ - {"new-name", required_argument, NULL, 'n'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; - while ((c = -- getopt_long (argc, argv, "g:hn:op:", -+ getopt_long (argc, argv, "g:hn:op:R:", - long_options, &option_index)) != -1) { - switch (c) { - case 'g': -@@ -373,6 +376,28 @@ - group_passwd = optarg; - pflg = true; - break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; - default: - usage (); - } -diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c ---- shadow-4.1.4.3.orig//src/grpconv.c 2011-09-29 12:00:45.213000091 +0100 -+++ shadow-4.1.4.3//src/grpconv.c 2011-09-29 11:59:28.387000092 +0100 -@@ -39,6 +39,7 @@ - - #include <errno.h> - #include <fcntl.h> -+#include <getopt.h> - #include <grp.h> - #include <stdio.h> - #include <stdlib.h> -@@ -50,6 +51,14 @@ - #ifdef SHADOWGRP - #include "groupio.h" - #include "sgroupio.h" -+ -+/* -+ * exit status values -+ */ -+/*@-exitarg@*/ -+#define E_USAGE 2 /* invalid command syntax */ -+#define E_BAD_ARG 3 /* invalid argument to option */ -+ - /* - * Global variables - */ -@@ -57,9 +66,12 @@ - - static bool gr_locked = false; - static bool sgr_locked = false; -+static const char *newroot = ""; - - /* local function prototypes */ - static void fail_exit (int status); -+static void usage (void); -+static void process_flags (int argc, char **argv); - - static void fail_exit (int status) - { -@@ -82,6 +94,77 @@ - exit (status); - } - -+/* -+ * usage - display usage message and exit -+ */ -+static void usage (void) -+{ -+ (void) fprintf (stderr, -+ _("Usage: grpconv [options]\n" -+ "\n" -+ "Options:\n"), -+ Prog); -+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); -+ (void) fputs ("\n", stderr); -+ exit (E_USAGE); -+} -+ -+/* -+ * process_flags - perform command line argument setting -+ * -+ * process_flags() interprets the command line arguments and sets -+ * the values that the user will be created with accordingly. The -+ * values are checked for sanity. -+ */ -+static void process_flags (int argc, char **argv) -+{ -+ { -+ /* -+ * Parse the command line options. -+ */ -+ int c; -+ static struct option long_options[] = { -+ {"help", no_argument, NULL, 'h'}, -+ {"root", required_argument, NULL, 'R'}, -+ {NULL, 0, NULL, '\0'} -+ }; -+ while ((c = getopt_long (argc, argv, -+ "R:", -+ long_options, NULL)) != -1) { -+ switch (c) { -+ case 'h': -+ usage (); -+ break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ default: -+ usage (); -+ } -+ } -+ } -+} -+ - int main (int argc, char **argv) - { - const struct group *gr; -@@ -89,9 +172,6 @@ - const struct sgrp *sg; - struct sgrp sgent; - -- if (1 != argc) { -- (void) fputs (_("Usage: grpconv\n"), stderr); -- } - Prog = Basename (argv[0]); - - (void) setlocale (LC_ALL, ""); -@@ -100,6 +180,8 @@ - - OPENLOG ("grpconv"); - -+ process_flags (argc, argv); -+ - if (gr_lock () == 0) { - fprintf (stderr, - _("%s: cannot lock %s; try again later.\n"), -diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c ---- shadow-4.1.4.3.orig//src/grpunconv.c 2011-09-29 12:00:45.213000091 +0100 -+++ shadow-4.1.4.3//src/grpunconv.c 2011-09-29 11:59:28.387000092 +0100 -@@ -43,6 +43,7 @@ - #include <stdlib.h> - #include <string.h> - #include <fcntl.h> -+#include <getopt.h> - #include <time.h> - #include <unistd.h> - #include <grp.h> -@@ -51,6 +52,14 @@ - #ifdef SHADOWGRP - #include "groupio.h" - #include "sgroupio.h" -+ -+/* -+ * exit status values -+ */ -+/*@-exitarg@*/ -+#define E_USAGE 2 /* invalid command syntax */ -+#define E_BAD_ARG 3 /* invalid argument to option */ -+ - /* - * Global variables - */ -@@ -58,9 +67,12 @@ - - static bool gr_locked = false; - static bool sgr_locked = false; -+static const char *newroot = ""; - - /* local function prototypes */ - static void fail_exit (int status); -+static void usage (void); -+static void process_flags (int argc, char **argv); - - static void fail_exit (int status) - { -@@ -83,6 +95,77 @@ - exit (status); - } - -+/* -+ * usage - display usage message and exit -+ */ -+static void usage (void) -+{ -+ (void) fprintf (stderr, -+ _("Usage: grpunconv [options]\n" -+ "\n" -+ "Options:\n"), -+ Prog); -+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); -+ (void) fputs ("\n", stderr); -+ exit (E_USAGE); -+} -+ -+/* -+ * process_flags - perform command line argument setting -+ * -+ * process_flags() interprets the command line arguments and sets -+ * the values that the user will be created with accordingly. The -+ * values are checked for sanity. -+ */ -+static void process_flags (int argc, char **argv) -+{ -+ { -+ /* -+ * Parse the command line options. -+ */ -+ int c; -+ static struct option long_options[] = { -+ {"help", no_argument, NULL, 'h'}, -+ {"root", required_argument, NULL, 'R'}, -+ {NULL, 0, NULL, '\0'} -+ }; -+ while ((c = getopt_long (argc, argv, -+ "R:", -+ long_options, NULL)) != -1) { -+ switch (c) { -+ case 'h': -+ usage (); -+ break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ default: -+ usage (); -+ } -+ } -+ } -+} -+ - int main (int argc, char **argv) - { - const struct group *gr; -@@ -100,6 +183,8 @@ - - OPENLOG ("grpunconv"); - -+ process_flags (argc, argv); -+ - if (sgr_file_present () == 0) { - exit (0); /* no /etc/gshadow, nothing to do */ - } -diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c ---- shadow-4.1.4.3.orig//src/passwd.c 2011-09-29 12:00:45.214000091 +0100 -+++ shadow-4.1.4.3//src/passwd.c 2011-09-29 11:59:28.388000092 +0100 -@@ -75,6 +75,7 @@ - static char *name; /* The name of user whose password is being changed */ - static char *myname; /* The current user's name */ - static bool amroot; /* The caller's real UID was 0 */ -+static const char *newroot = ""; - - static bool - aflg = false, /* -a - show status for all users */ -@@ -174,6 +175,7 @@ - " -n, --mindays MIN_DAYS set minimum number of days before password\n" - " change to MIN_DAYS\n" - " -q, --quiet quiet mode\n" -+ " -R, --root CHROOT_DIR directory to chroot into\n" - " -r, --repository REPOSITORY change password in REPOSITORY repository\n" - " -S, --status report password status on the named account\n" - " -u, --unlock unlock the password of the named account\n" -@@ -803,6 +805,7 @@ - {"lock", no_argument, NULL, 'l'}, - {"mindays", required_argument, NULL, 'n'}, - {"quiet", no_argument, NULL, 'q'}, -+ {"root", required_argument, NULL, 'R'}, - {"repository", required_argument, NULL, 'r'}, - {"status", no_argument, NULL, 'S'}, - {"unlock", no_argument, NULL, 'u'}, -@@ -811,7 +814,7 @@ - {NULL, 0, NULL, '\0'} - }; - -- while ((c = getopt_long (argc, argv, "adei:kln:qr:Suw:x:", -+ while ((c = getopt_long (argc, argv, "adei:kln:qR:r:Suw:x:", - long_options, &option_index)) != -1) { - switch (c) { - case 'a': -@@ -858,6 +861,28 @@ - case 'q': - qflg = true; /* ok for users */ - break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; - case 'r': - /* -r repository (files|nis|nisplus) */ - /* only "files" supported for now */ -diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c ---- shadow-4.1.4.3.orig//src/pwconv.c 2011-09-29 12:00:45.214000091 +0100 -+++ shadow-4.1.4.3//src/pwconv.c 2011-09-29 11:59:28.388000092 +0100 -@@ -59,6 +59,7 @@ - - #include <errno.h> - #include <fcntl.h> -+#include <getopt.h> - #include <pwd.h> - #include <stdio.h> - #include <stdlib.h> -@@ -79,6 +80,7 @@ - #define E_SUCCESS 0 /* success */ - #define E_NOPERM 1 /* permission denied */ - #define E_USAGE 2 /* invalid command syntax */ -+#define E_BAD_ARG 3 /* invalid argument to option */ - #define E_FAILURE 3 /* unexpected failure, nothing done */ - #define E_MISSING 4 /* unexpected failure, passwd file missing */ - #define E_PWDBUSY 5 /* passwd file(s) busy */ -@@ -90,9 +92,12 @@ - - static bool spw_locked = false; - static bool pw_locked = false; -+static const char *newroot = ""; - - /* local function prototypes */ - static void fail_exit (int status); -+static void usage (void); -+static void process_flags (int argc, char **argv); - - static void fail_exit (int status) - { -@@ -115,6 +120,77 @@ - exit (status); - } - -+/* -+ * usage - display usage message and exit -+ */ -+static void usage (void) -+{ -+ (void) fprintf (stderr, -+ _("Usage: pwconv [options]\n" -+ "\n" -+ "Options:\n"), -+ Prog); -+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); -+ (void) fputs ("\n", stderr); -+ exit (E_USAGE); -+} -+ -+/* -+ * process_flags - perform command line argument setting -+ * -+ * process_flags() interprets the command line arguments and sets -+ * the values that the user will be created with accordingly. The -+ * values are checked for sanity. -+ */ -+static void process_flags (int argc, char **argv) -+{ -+ { -+ /* -+ * Parse the command line options. -+ */ -+ int c; -+ static struct option long_options[] = { -+ {"help", no_argument, NULL, 'h'}, -+ {"root", required_argument, NULL, 'R'}, -+ {NULL, 0, NULL, '\0'} -+ }; -+ while ((c = getopt_long (argc, argv, -+ "R:", -+ long_options, NULL)) != -1) { -+ switch (c) { -+ case 'h': -+ usage (); -+ break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ default: -+ usage (); -+ } -+ } -+ } -+} -+ - int main (int argc, char **argv) - { - const struct passwd *pw; -@@ -122,9 +198,6 @@ - const struct spwd *sp; - struct spwd spent; - -- if (1 != argc) { -- (void) fputs (_("Usage: pwconv\n"), stderr); -- } - Prog = Basename (argv[0]); - - (void) setlocale (LC_ALL, ""); -@@ -133,6 +206,8 @@ - - OPENLOG ("pwconv"); - -+ process_flags (argc, argv); -+ - if (pw_lock () == 0) { - fprintf (stderr, - _("%s: cannot lock %s; try again later.\n"), -diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c ---- shadow-4.1.4.3.orig//src/pwunconv.c 2011-09-29 12:00:45.214000091 +0100 -+++ shadow-4.1.4.3//src/pwunconv.c 2011-09-29 11:59:28.388000092 +0100 -@@ -35,6 +35,7 @@ - #ident "$Id: pwunconv.c 2852 2009-04-30 21:44:35Z nekral-guest $" - - #include <fcntl.h> -+#include <getopt.h> - #include <pwd.h> - #include <stdio.h> - #include <sys/types.h> -@@ -46,15 +47,24 @@ - #include "shadowio.h" - - /* -+ * exit status values -+ */ -+/*@-exitarg@*/ -+#define E_USAGE 2 /* invalid command syntax */ -+#define E_BAD_ARG 3 /* invalid argument to option */ -+/* - * Global variables - */ - char *Prog; - - static bool spw_locked = false; - static bool pw_locked = false; -+static const char *newroot = ""; - - /* local function prototypes */ - static void fail_exit (int status); -+static void usage (void); -+static void process_flags (int argc, char **argv); - - static void fail_exit (int status) - { -@@ -75,6 +85,76 @@ - exit (status); - } - -+/* -+ * usage - display usage message and exit -+ */ -+static void usage (void) -+{ -+ (void) fprintf (stderr, -+ _("Usage: pwunconv [options]\n" -+ "\n" -+ "Options:\n"), -+ Prog); -+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); -+ (void) fputs ("\n", stderr); -+ exit (E_USAGE); -+} -+ -+/* -+ * process_flags - perform command line argument setting -+ * -+ * process_flags() interprets the command line arguments and sets -+ * the values that the user will be created with accordingly. The -+ * values are checked for sanity. -+ */ -+static void process_flags (int argc, char **argv) -+{ -+ { -+ /* -+ * Parse the command line options. -+ */ -+ int c; -+ static struct option long_options[] = { -+ {"help", no_argument, NULL, 'h'}, -+ {"root", required_argument, NULL, 'R'}, -+ {NULL, 0, NULL, '\0'} -+ }; -+ while ((c = getopt_long (argc, argv, -+ "R:", -+ long_options, NULL)) != -1) { -+ switch (c) { -+ case 'h': -+ usage (); -+ break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ default: -+ usage (); -+ } -+ } -+ } -+} - - int main (int argc, char **argv) - { -@@ -93,6 +173,8 @@ - - OPENLOG ("pwunconv"); - -+ process_flags (argc, argv); -+ - if (!spw_file_present ()) { - /* shadow not installed, do nothing */ - exit (0); -diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c ---- shadow-4.1.4.3.orig//src/useradd.c 2011-09-29 12:00:45.215000091 +0100 -+++ shadow-4.1.4.3//src/useradd.c 2011-09-29 11:59:28.520000092 +0100 -@@ -112,6 +112,7 @@ - #ifdef WITH_SELINUX - static const char *user_selinux = ""; - #endif -+static const char *newroot = ""; - - static long user_expire = -1; - static bool is_shadow_pwd; -@@ -189,6 +190,7 @@ - static void new_spent (struct spwd *); - static void grp_update (void); - -+static void process_root_flag (int argc, char **argv); - static void process_flags (int argc, char **argv); - static void close_files (void); - static void open_files (void); -@@ -711,6 +713,7 @@ - (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" - " (non-unique) UID\n"), stderr); - (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr); -+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); - (void) fputs (_(" -r, --system create a system account\n"), stderr); - (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr); - (void) fputs (_(" -u, --uid UID user ID of the new account\n"), stderr); -@@ -943,6 +946,57 @@ - } - - /* -+ * process_root_flag - chroot if given the --root option -+ * -+ * We do this outside of process_flags() because -+ * the is_shadow_pwd boolean needs to be set before -+ * process_flags(), and if we do need to chroot() we -+ * must do so before is_shadow_pwd gets set. -+ */ -+static void process_root_flag (int argc, char **argv) -+{ -+ /* -+ * Parse the command line options. -+ */ -+ int i; -+ char *root; -+ -+ for (i = 0; i < argc; i++) { -+ if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-R")) { -+ if (i + 1 == argc) { -+ fprintf (stderr, -+ _("%s: option '%s' requires an argument\n"), -+ Prog, argv[i]); -+ exit (E_BAD_ARG); -+ } -+ root = argv[i + 1]; -+ -+ if ('/' != root[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, root); -+ exit (E_BAD_ARG); -+ } -+ newroot = root; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ } -+ } -+} -+ -+/* - * process_flags - perform command line argument setting - * - * process_flags() interprets the command line arguments and sets -@@ -978,6 +1032,7 @@ - {"no-user-group", no_argument, NULL, 'N'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"root", required_argument, NULL, 'R'}, - {"system", no_argument, NULL, 'r'}, - {"shell", required_argument, NULL, 's'}, - #ifdef WITH_SELINUX -@@ -989,9 +1044,9 @@ - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:", -+ "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:", - #else -- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U", -+ "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U", - #endif - long_options, NULL)) != -1) { - switch (c) { -@@ -1156,6 +1211,9 @@ - } - user_pass = optarg; - break; -+ case 'R': -+ /* no-op since we handled this in process_root_flag() earlier */ -+ break; - case 'r': - rflg = true; - break; -@@ -1735,6 +1793,36 @@ - } - } - #endif -+ -+/* -+ * mkdir_p - create directories, including parent directories when needed -+ * -+ * similar to mkdir -p -+ */ -+void mkdir_p(const char *path) { -+ int len = strlen(path); -+ char newdir[len + 1]; -+ mode_t mode = 0755; -+ int i = 0; -+ -+ if (path[i] == '\0') { -+ return; -+ } -+ -+ /* skip the leading '/' */ -+ i++; -+ -+ while(path[i] != '\0') { -+ if (path[i] == '/') { -+ strncpy(newdir, path, i); -+ newdir[i] = '\0'; -+ mkdir(newdir, mode); -+ } -+ i++; -+ } -+ mkdir(path, mode); -+} -+ - /* - * create_home - create the user's home directory - * -@@ -1748,34 +1836,31 @@ - #ifdef WITH_SELINUX - selinux_file_context (user_home); - #endif -- /* XXX - create missing parent directories. --marekm */ -- if (mkdir (user_home, 0) != 0) { -- fprintf (stderr, -- _("%s: cannot create directory %s\n"), -- Prog, user_home); --#ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding home directory", -- user_name, (unsigned int) user_id, -- SHADOW_AUDIT_FAILURE); --#endif -- fail_exit (E_HOMEDIR); -- } -- chown (user_home, user_id, user_gid); -- chmod (user_home, -- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -- home_added = true; -+ mkdir_p(user_home); -+ } -+ if (access (user_home, F_OK) != 0) { - #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", - user_name, (unsigned int) user_id, -- SHADOW_AUDIT_SUCCESS); -+ SHADOW_AUDIT_FAILURE); -+#endif -+ fail_exit (E_HOMEDIR); -+ } -+ chown (user_home, user_id, user_gid); -+ chmod (user_home, -+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -+ home_added = true; -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding home directory", -+ user_name, (unsigned int) user_id, -+ SHADOW_AUDIT_SUCCESS); - #endif - #ifdef WITH_SELINUX -- /* Reset SELinux to create files with default contexts */ -- setfscreatecon (NULL); -+ /* Reset SELinux to create files with default contexts */ -+ setfscreatecon (NULL); - #endif -- } - } - - /* -@@ -1861,6 +1946,7 @@ - */ - user_groups[0] = (char *) 0; - -+ process_root_flag (argc, argv); - - is_shadow_pwd = spw_file_present (); - #ifdef SHADOWGRP -diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c ---- shadow-4.1.4.3.orig//src/userdel.c 2011-09-29 12:00:45.216000091 +0100 -+++ shadow-4.1.4.3//src/userdel.c 2011-09-29 11:59:28.389000092 +0100 -@@ -79,6 +79,7 @@ - static char *user_name; - static uid_t user_id; - static char *user_home; -+static const char *newroot = ""; - - static bool fflg = false; - static bool rflg = false; -@@ -119,6 +120,7 @@ - " -f, --force force removal of files,\n" - " even if not owned by user\n" - " -h, --help display this help message and exit\n" -+ " -R, --root CHROOT_DIR directory to chroot into\n" - " -r, --remove remove home directory and mail spool\n" - "\n"), stderr); - exit (E_USAGE); -@@ -768,12 +770,34 @@ - {"remove", no_argument, NULL, 'r'}, - {NULL, 0, NULL, '\0'} - }; -- while ((c = getopt_long (argc, argv, "fhr", -+ while ((c = getopt_long (argc, argv, "fhR:r", - long_options, NULL)) != -1) { - switch (c) { - case 'f': /* force remove even if not owned by user */ - fflg = true; - break; -+ case 'R': -+ if ('/' != optarg[0]) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } -+ newroot = optarg; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; - case 'r': /* remove home dir and mailbox */ - rflg = true; - break; -diff -urN shadow-4.1.4.3.orig//src/usermod.c shadow-4.1.4.3//src/usermod.c ---- shadow-4.1.4.3.orig//src/usermod.c 2011-09-29 12:00:45.216000091 +0100 -+++ shadow-4.1.4.3//src/usermod.c 2011-09-29 11:59:28.390000092 +0100 -@@ -110,6 +110,7 @@ - static long user_newinactive; - static long sys_ngroups; - static char **user_groups; /* NULL-terminated list */ -+static const char *newroot = ""; - - static bool - aflg = false, /* append to existing secondary group set */ -@@ -164,6 +165,7 @@ - #endif - static void grp_update (void); - -+static void process_root_flag (int, char **); - static void process_flags (int, char **); - static void close_files (void); - static void open_files (void); -@@ -323,6 +325,7 @@ - " new location (use only with -d)\n" - " -o, --non-unique allow using duplicate (non-unique) UID\n" - " -p, --password PASSWORD use encrypted password for the new password\n" -+ " -R --root CHROOT_DIR directory to chroot into\n" - " -s, --shell SHELL new login shell for the user account\n" - " -u, --uid UID new UID for the user account\n" - " -U, --unlock unlock the user account\n" -@@ -802,6 +805,58 @@ - } - - /* -+ * process_root_flag - chroot if given the --root option -+ * -+ * We do this outside of process_flags() because -+ * the is_shadow_pwd boolean needs to be set before -+ * process_flags(), and if we do need to chroot() we -+ * must do so before is_shadow_pwd gets set. -+ */ -+static void process_root_flag (int argc, char **argv) -+{ -+ /* -+ * Parse the command line options. -+ */ -+ int i; -+ char *root; -+ -+ for (i = 0; i < argc; i++) { -+ if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-R")) { -+ if (i + 1 == argc) { -+ fprintf (stderr, -+ _("%s: option '%s' requires an argument\n"), -+ Prog, argv[i]); -+ exit (E_BAD_ARG); -+ } -+ root = argv[i + 1]; -+ -+ if ( (!VALID (root) ) -+ || ( ('/' != root[0]) ) ) { -+ fprintf (stderr, -+ _("%s: invalid chroot path '%s'\n"), -+ Prog, root); -+ exit (E_BAD_ARG); -+ } -+ newroot = root; -+ -+ if (access (newroot, F_OK) != 0) { -+ fprintf(stderr, -+ _("%s: chroot directory %s does not exist\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ if ( chroot(newroot) != 0 ) { -+ fprintf(stderr, -+ _("%s: unable to chroot to directory %s\n"), -+ Prog, newroot); -+ exit (E_BAD_ARG); -+ } -+ break; -+ } -+ } -+} -+ -+/* - * process_flags - perform command line argument setting - * - * process_flags() interprets the command line arguments and sets the -@@ -895,6 +950,7 @@ - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"root", required_argument, NULL, 'R'}, - #ifdef WITH_SELINUX - {"selinux-user", required_argument, NULL, 'Z'}, - #endif -@@ -905,9 +961,9 @@ - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "ac:d:e:f:g:G:hl:Lmop:s:u:UZ:", -+ "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:", - #else -- "ac:d:e:f:g:G:hl:Lmop:s:u:U", -+ "ac:d:e:f:g:G:hl:Lmop:R:s:u:U", - #endif - long_options, NULL)) != -1) { - switch (c) { -@@ -999,6 +1055,9 @@ - user_pass = optarg; - pflg = true; - break; -+ case 'R': -+ /* no-op since we handled this in process_root_flag() earlier */ -+ break; - case 's': - if (!VALID (optarg)) { - fprintf (stderr, -@@ -1715,6 +1774,8 @@ - - OPENLOG ("usermod"); - -+ process_root_flag (argc, argv); -+ - is_shadow_pwd = spw_file_present (); - #ifdef SHADOWGRP - is_shadow_grp = sgr_file_present (); diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch index eafb935a3a..68da25f406 100644 --- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch @@ -3,20 +3,19 @@ Upstream-Status: Inappropriate [OE specific] Allow for setting password in clear text. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - --- src/Makefile.am | 8 ++++---- src/groupadd.c | 8 +++++++- - src/groupmod.c | 9 ++++++++- + src/groupmod.c | 8 +++++++- src/useradd.c | 9 +++++++-- - src/usermod.c | 10 ++++++++-- - 5 files changed, 34 insertions(+), 10 deletions(-) + src/usermod.c | 8 +++++++- + 5 files changed, 32 insertions(+), 9 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am -index 6a3b4c5..1ffdbc6 100644 +index 25e288d..856b087 100644 --- a/src/Makefile.am +++ b/src/Makefile.am -@@ -76,10 +76,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) +@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) @@ -29,47 +28,46 @@ index 6a3b4c5..1ffdbc6 100644 grpck_LDADD = $(LDADD) $(LIBSELINUX) grpconv_LDADD = $(LDADD) $(LIBSELINUX) grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -@@ -99,9 +99,9 @@ su_SOURCES = \ +@@ -111,9 +111,9 @@ su_SOURCES = \ suauth.c su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) sulogin_LDADD = $(LDADD) $(LIBCRYPT) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) +-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) ++useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) + userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) +-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) ++usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) vipw_LDADD = $(LDADD) $(LIBSELINUX) install-am: all-am diff --git a/src/groupadd.c b/src/groupadd.c -index 66b38de..3157486 100644 +index f716f57..4e28c26 100644 --- a/src/groupadd.c +++ b/src/groupadd.c -@@ -124,6 +124,7 @@ static void usage (void) +@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status) (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" - " (non-unique) GID\n"), stderr); - (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), stderr); -+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear text password for the new group\n"), stderr); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); - (void) fputs (_(" -r, --system create a system account\n"), stderr); - (void) fputs ("\n", stderr); -@@ -388,13 +389,14 @@ static void process_flags (int argc, char **argv) - {"key", required_argument, NULL, 'K'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, + " (non-unique) GID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs ("\n", usageout); +@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv) + {"key", required_argument, NULL, 'K'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {"system", no_argument, NULL, 'r'}, + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, {NULL, 0, NULL, '\0'} }; - while ((c = -- getopt_long (argc, argv, "fg:hK:op:R:r", long_options, -+ getopt_long (argc, argv, "fg:hK:op:P:R:r", long_options, - &option_index)) != -1) { +- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", ++ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:", + long_options, NULL)) != -1) { switch (c) { case 'f': -@@ -446,6 +448,10 @@ static void process_flags (int argc, char **argv) +@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv) pflg = true; group_passwd = optarg; break; @@ -77,37 +75,35 @@ index 66b38de..3157486 100644 + pflg = true; + group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + break; - case 'R': - if ('/' != optarg[0]) { - fprintf (stderr, + case 'r': + rflg = true; + break; diff --git a/src/groupmod.c b/src/groupmod.c -index 27eb159..17acbc3 100644 +index d9d3807..68f49d1 100644 --- a/src/groupmod.c +++ b/src/groupmod.c -@@ -127,6 +127,8 @@ static void usage (void) - (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), stderr); +@@ -127,6 +127,7 @@ static void usage (int status) + (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" - " PASSWORD\n"), stderr); -+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this (clear text)\n" -+ " PASSWORD\n"), stderr); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); - (void) fputs ("\n", stderr); - exit (E_USAGE); -@@ -348,11 +350,12 @@ static void process_flags (int argc, char **argv) - {"new-name", required_argument, NULL, 'n'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, + " PASSWORD\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs ("\n", usageout); + exit (status); +@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv) + {"new-name", required_argument, NULL, 'n'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, + {"root", required_argument, NULL, 'R'}, {NULL, 0, NULL, '\0'} }; - while ((c = -- getopt_long (argc, argv, "g:hn:op:R:", -+ getopt_long (argc, argv, "g:hn:op:P:R:", - long_options, &option_index)) != -1) { +- while ((c = getopt_long (argc, argv, "g:hn:op:R:", ++ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:", + long_options, NULL)) != -1) { switch (c) { case 'g': -@@ -376,6 +379,10 @@ static void process_flags (int argc, char **argv) +@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv) group_passwd = optarg; pflg = true; break; @@ -115,84 +111,81 @@ index 27eb159..17acbc3 100644 + group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + pflg = true; + break; - case 'R': - if ('/' != optarg[0]) { - fprintf (stderr, + case 'R': /* no-op, handled in process_root_flag () */ + break; + default: diff --git a/src/useradd.c b/src/useradd.c -index 2102630..390909c 100644 +index b3bd451..4416f90 100644 --- a/src/useradd.c +++ b/src/useradd.c -@@ -716,6 +716,7 @@ static void usage (void) +@@ -773,6 +773,7 @@ static void usage (int status) (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" - " (non-unique) UID\n"), stderr); - (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr); -+ (void) fputs (_(" -P, --clear-password PASSWORD clear text password of the new account\n"), stderr); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); - (void) fputs (_(" -r, --system create a system account\n"), stderr); - (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr); -@@ -1035,6 +1036,7 @@ static void process_flags (int argc, char **argv) - {"no-user-group", no_argument, NULL, 'N'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, + " (non-unique) UID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); +@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) + {"no-user-group", no_argument, NULL, 'N'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {"system", no_argument, NULL, 'r'}, - {"shell", required_argument, NULL, 's'}, -@@ -1047,9 +1049,9 @@ static void process_flags (int argc, char **argv) + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, + {"shell", required_argument, NULL, 's'}, +@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:", -+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:UZ:", - #else -- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U", -+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:U", - #endif +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", ++ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:", + #else /* !WITH_SELINUX */ +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", ++ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U", + #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { -@@ -1214,6 +1216,9 @@ static void process_flags (int argc, char **argv) +@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) } user_pass = optarg; break; -+ case 'P': /* set clear text password */ ++ case 'P': /* set clear text password */ + user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + break; - case 'R': - /* no-op since we handled this in process_root_flag() earlier */ + case 'r': + rflg = true; break; diff --git a/src/usermod.c b/src/usermod.c -index 8363597..f4c1cee 100644 +index e7d4351..b79f7a3 100644 --- a/src/usermod.c +++ b/src/usermod.c -@@ -325,6 +325,7 @@ static void usage (void) - " new location (use only with -d)\n" - " -o, --non-unique allow using duplicate (non-unique) UID\n" - " -p, --password PASSWORD use encrypted password for the new password\n" -+ " -P, --clear-password PASSWORD use clear text password for the new password\n" - " -R --root CHROOT_DIR directory to chroot into\n" - " -s, --shell SHELL new login shell for the user account\n" - " -u, --uid UID new UID for the user account\n" -@@ -950,6 +951,7 @@ static void process_flags (int argc, char **argv) - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, +@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status) + " new location (use only with -d)\n"), usageout); + (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); + (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); + (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); +@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv) + {"move-home", no_argument, NULL, 'm'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, + {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - #ifdef WITH_SELINUX - {"selinux-user", required_argument, NULL, 'Z'}, -@@ -961,9 +963,9 @@ static void process_flags (int argc, char **argv) + {"root", required_argument, NULL, 'R'}, + {"shell", required_argument, NULL, 's'}, + {"uid", required_argument, NULL, 'u'}, +@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv) + {NULL, 0, NULL, '\0'} }; while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:", -+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UZ:", - #else -- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U", -+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U", - #endif - long_options, NULL)) != -1) { - switch (c) { -@@ -1055,6 +1057,10 @@ static void process_flags (int argc, char **argv) +- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U" ++ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U" + #ifdef ENABLE_SUBIDS + "v:w:V:W:" + #endif /* ENABLE_SUBIDS */ +@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv) user_pass = optarg; pflg = true; break; @@ -200,9 +193,9 @@ index 8363597..f4c1cee 100644 + user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); + pflg = true; + break; - case 'R': - /* no-op since we handled this in process_root_flag() earlier */ + case 'R': /* no-op, handled in process_root_flag () */ break; + case 's': -- 1.7.9.5 diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch new file mode 100644 index 0000000000..4fa3d184ed --- /dev/null +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -0,0 +1,46 @@ +Upstream-Status: Inappropriate [OE specific] + +commonio.c: fix unexpected open failure in chroot environment + +When using commands with '-R <newroot>' option in our pseudo environment, +we would usually get the 'Pemission Denied' error. This patch serves as +a workaround to this problem. + +Note that this patch doesn't change the logic in the code, it just expands +the codes. + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + lib/commonio.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/lib/commonio.c b/lib/commonio.c +index cc536bf..51cafd9 100644 +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode) + db->cursor = NULL; + db->changed = false; + +- fd = open (db->filename, +- (db->readonly ? O_RDONLY : O_RDWR) +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); +- saved_errno = errno; ++ if (db->readonly) { ++ fd = open (db->filename, ++ (true ? O_RDONLY : O_RDWR) ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ saved_errno = errno; ++ } else { ++ fd = open (db->filename, ++ (false ? O_RDONLY : O_RDWR) ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ saved_errno = errno; ++ } ++ + db->fp = NULL; + if (fd >= 0) { + #ifdef WITH_TCB +-- +1.7.9.5 + diff --git a/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch b/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch deleted file mode 100644 index 80ebdc22a4..0000000000 --- a/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch +++ /dev/null @@ -1,36 +0,0 @@ -shadow: Fix parsing of gshadow entries - -Upstream-Status: Backport [http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3096] - -newgrp command does not function properly. -Even with the valid password, it outputs: "'Invalid password'" - -Signed-off-by: Roy.Li <rongqing.li@windriver.com> - -2010-02-14 Michael Bunk <mb@computer-leipzig.com> - - * NEWS, lib/gshadow.c: Fix parsing of gshadow entries. - -diff -urpN a/lib/gshadow.c b/lib/gshadow.c ---- a/lib/gshadow.c 2013-07-11 10:18:15.745450428 +0800 -+++ b/lib/gshadow.c 2013-07-11 10:17:30.465450280 +0800 -@@ -222,6 +222,7 @@ void endsgent (void) - if (NULL == buf) { - return NULL; - } -+ buflen = BUFSIZ; - } - - if (NULL == fp) { -@@ -229,9 +230,9 @@ void endsgent (void) - } - - #ifdef USE_NIS -- while (fgetsx (buf, (int) sizeof buf, fp) == buf) -+ while (fgetsx (buf, (int) buflen, fp) == buf) - #else -- if (fgetsx (buf, (int) sizeof buf, fp) == buf) -+ if (fgetsx (buf, (int) buflen, fp) == buf) - #endif - { - while ( ((cp = strrchr (buf, '\n')) == NULL) diff --git a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch new file mode 100644 index 0000000000..02cb91aafd --- /dev/null +++ b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch @@ -0,0 +1,28 @@ +Upstream-Status: Pending + +Subject: fix installation failure with subids disabled + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/Makefile.am | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 25e288d..076f8ef 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -52,7 +52,10 @@ usbin_PROGRAMS = \ + noinst_PROGRAMS = id sulogin + + suidbins = su +-suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap ++suidubins = chage chfn chsh expiry gpasswd newgrp passwd ++if ENABLE_SUBIDS ++suidubins += newgidmap newuidmap ++endif + if ACCT_TOOLS_SETUID + suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod + endif +-- +1.7.9.5 + diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch deleted file mode 100644 index 651474674b..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch +++ /dev/null @@ -1,31 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj <raj.khem@gmail.com> -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj <raj.khem@gmail.com> -# -# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 - -http://bugs.gentoo.org/283725 -https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480 - -Upstream-Status: Pending - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -Index: shadow-4.1.4.2/libmisc/env.c -=================================================================== ---- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700 -+++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700 -@@ -251,7 +251,7 @@ void sanitize_env (void) - if (strncmp (*cur, *bad, strlen (*bad)) != 0) { - continue; - } -- if (strchr (*cur, '/') != NULL) { -+ if (strchr (*cur, '/') == NULL) { - continue; /* OK */ - } - for (move = cur; NULL != *move; move++) { diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch deleted file mode 100644 index 640200b796..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch +++ /dev/null @@ -1,36 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj <raj.khem@gmail.com> -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj <raj.khem@gmail.com> -# -# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 - -http://bugs.gentoo.org/300790 -http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html - -2009-11-05 Nicolas François <nicolas.francois@centraliens.net> - - * NEWS, src/groupmod.c: Fixed groupmod when configured with - --enable-account-tools-setuid. - -Upstream-Status: Pending - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -Index: shadow-4.1.4.2/src/groupmod.c -=================================================================== ---- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700 -+++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700 -@@ -720,7 +720,7 @@ int main (int argc, char **argv) - { - struct passwd *pampw; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ -- if (NULL == pamh) { -+ if (NULL == pampw) { - fprintf (stderr, - _("%s: Cannot determine your user name.\n"), - Prog); diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch deleted file mode 100644 index 0dc4d75b97..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch +++ /dev/null @@ -1,31 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj <raj.khem@gmail.com> -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj <raj.khem@gmail.com> -# -# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 - -http://bugs.gentoo.org/show_bug.cgi?id=301957 -https://alioth.debian.org/scm/browser.php?group_id=30580 - -Upstream-Status: Pending - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -Index: shadow-4.1.4.2/src/su.c -=================================================================== ---- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700 -+++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700 -@@ -378,7 +378,7 @@ int main (int argc, char **argv) - #endif - #endif /* !USE_PAM */ - -- sanitize_env (); -+ /* sanitize_env (); */ - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch deleted file mode 100644 index a793f09a4e..0000000000 --- a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch +++ /dev/null @@ -1,106 +0,0 @@ -# patch is from openembedded: -# commit 2db61370333f7a2fc1dbb86385734883387e0217 -# Author: Martin Jansa <Martin.Jansa@gmail.com> -# Date: Fri Apr 2 07:34:46 2010 +0200 -# -# shadow: fix do_install with automake-1.11 -# -# Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> -# -# comment added by Kevin Tian <kevin.tian@intel.com> - -man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice - -Upstream-Status: Pending - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am ---- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100 -+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200 -@@ -163,7 +163,6 @@ - $(man_MANS) \ - $(man_XMANS) \ - $(addprefix login.defs.d/,$(login_defs_v)) \ -- $(man_nopam) \ - id.1 \ - id.1.xml \ - sulogin.8 \ -diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am ---- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200 -@@ -52,7 +52,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 - - include ../generate_translations.mak -diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am ---- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200 -@@ -46,7 +46,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 \ - logoutd.8 - -diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am ---- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100 -+++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200 -@@ -49,7 +49,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 \ - shadow.3 \ - sulogin.8 -diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am ---- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200 -@@ -49,7 +49,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - getspnam.3 \ - id.1 \ - shadow.3 \ -diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am ---- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200 -+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200 -@@ -54,7 +54,6 @@ - - EXTRA_DIST = \ - $(man_MANS) \ -- $(man_nopam) \ - id.1 \ - sulogin.8 - -diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am ---- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200 -+++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200 -@@ -53,8 +53,7 @@ - endif - - EXTRA_DIST = \ -- $(man_MANS) \ -- $(man_nopam) -+ $(man_MANS) - - include ../generate_translations.mak - ---- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200 -+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200 -@@ -1,7 +1,6 @@ - mandir = @mandir@/ru - - man_MANS = \ -- $(man_nopam) \ - chage.1 \ - chfn.1 \ - chgpasswd.8 \ diff --git a/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch b/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch deleted file mode 100644 index 6a27ed387d..0000000000 --- a/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch +++ /dev/null @@ -1,23 +0,0 @@ -Upstream-Status: pending - -Automake 1.12 has deprecated automatic de-ANSI-fication support - -This patch avoids this issue with automake 1.12: - -| configure.in:22: error: automatic de-ANSI-fication support has been removed - -Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> -2012/05/02 - -Index: shadow-4.1.4.3/configure.in -=================================================================== ---- shadow-4.1.4.3.orig/configure.in -+++ shadow-4.1.4.3/configure.in -@@ -19,7 +19,6 @@ AC_PROG_CC - AC_ISC_POSIX - AC_PROG_LN_S - AC_PROG_YACC --AM_C_PROTOTYPES - AM_PROG_LIBTOOL - - dnl Checks for libraries. diff --git a/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch b/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch deleted file mode 100644 index 7cd45afebb..0000000000 --- a/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch +++ /dev/null @@ -1,63 +0,0 @@ - -This patch is from Slackware, I tried to find the actual -author to add that attribution. The comment below is the -best summary, I will not repeat it here. - -Upstream-Status: Backport from slackware - -Signed-off-by: Saul Wold <sgw@linux.intel.com> - -Index: shadow-4.1.4.3/lib/encrypt.c -=================================================================== ---- shadow-4.1.4.3.orig/lib/encrypt.c -+++ shadow-4.1.4.3/lib/encrypt.c -@@ -45,15 +45,40 @@ char *pw_encrypt (const char *clear, con - static char cipher[128]; - char *cp; - -- cp = crypt (clear, salt); -- if (!cp) { -- /* -- * Single Unix Spec: crypt() may return a null pointer, -- * and set errno to indicate an error. The caller doesn't -- * expect us to return NULL, so... -- */ -- perror ("crypt"); -- exit (EXIT_FAILURE); -+ cp = crypt (clear, salt); -+ if (!cp) { -+ /* -+ * In glibc-2.17 and newer, crypt() will return NULL if -+ * it was called using an invalid salt format. Previous -+ * versions of glibc would go ahead and compute a DES hash -+ * using the invalid salt. The salt value in this case was -+ * always '!'. We might arrive at this place if either the -+ * user does not exist, or if the hash in /etc/shadow doesn't -+ * have the proper magic for one of the supported hash -+ * formats (for example, if the account was locked using -+ * "passwd -l". To handle this situation, we will recompute -+ * the hash using a hardcoded salt as was previously done -+ * by glibc. The hash returned by the old glibc function -+ * always began with "!!", which would ensure that it could -+ * never match an otherwise valid hash in /etc/shadow that -+ * was disabled with a "!" at the beginning (since the second -+ * character would never be "!" as well), so we will also -+ * prepend the resulting hash with "!!". Finally, in case -+ * crypt() failed for some other reason we will check to see -+ * if we still get NULL from crypt even with the valid salt -+ * and will fail if that's the case. -+ */ -+ -+ /* Recalculate hash using a hardcoded, valid SHA512 salt: */ -+ cp = crypt (clear, "$6$8IIcy/1EPOk/"); -+ -+ if (!cp) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } else { -+ sprintf (cipher, "!!%s", cp); -+ return cipher; -+ } - } - - /* The GNU crypt does not return NULL if the algorithm is not diff --git a/meta/recipes-extended/shadow/files/useradd.patch b/meta/recipes-extended/shadow/files/useradd.patch deleted file mode 100644 index ff5016c0bf..0000000000 --- a/meta/recipes-extended/shadow/files/useradd.patch +++ /dev/null @@ -1,17 +0,0 @@ -Work around a bug introduced with the --root option which was causing -all other arguments to be ignored. - -Upstream-Status: inappropriate -Signed-off-by: Phil Blundell <philb@gnu.org> - ---- a/src/useradd.c~ 2011-09-01 15:36:40.398234861 +0100 -+++ b/src/useradd.c 2011-09-01 17:29:00.782004133 +0100 -@@ -1957,6 +1957,8 @@ - - get_defaults (); - -+ optind = 1; -+ - process_flags (argc, argv); - - #ifdef ACCT_TOOLS_SETUID diff --git a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch new file mode 100644 index 0000000000..37dc153fca --- /dev/null +++ b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch @@ -0,0 +1,33 @@ +Upstream-Status: Pending + +usermod: fix compilation failure with subids disabled + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + src/usermod.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/usermod.c b/src/usermod.c +index e7d4351..685b50a 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv) + Prog, (unsigned long) user_newid); + exit (E_UID_IN_USE); + } +- ++#ifdef ENABLE_SUBIDS + if ( (vflg || Vflg) + && !is_sub_uid) { + fprintf (stderr, +@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv) + Prog, sub_gid_dbname (), "-w", "-W"); + exit (E_USAGE); + } ++#endif + } + + /* +-- +1.7.9.5 + diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb index 0e0410043b..0e0410043b 100644 --- a/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb +++ b/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb index 697569c47e..697569c47e 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 6848e054b3..40f58f0d12 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -1,50 +1,39 @@ SUMMARY = "Tools to change and administer password and group data" HOMEPAGE = "http://pkg-shadow.alioth.debian.org" BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" -SECTION = "base utils" +SECTION = "base/utils" LICENSE = "BSD | Artistic-1.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \ +LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" DEPENDS = "shadow-native" DEPENDS_class-native = "" DEPENDS_class-nativesdk = "" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.bz2 \ - file://shadow.automake-1.11.patch \ - file://shadow_fix_for_automake-1.12.patch \ +SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://shadow-4.1.3-dots-in-usernames.patch \ - file://shadow-4.1.4.2-env-reset-keep-locale.patch \ + file://usermod-fix-compilation-failure-with-subids-disabled.patch \ + file://fix-installation-failure-with-subids-disabled.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " SRC_URI_append_class-target = " \ file://login_defs_pam.sed \ - file://shadow-4.1.4.2-groupmod-pam-check.patch \ - file://shadow-4.1.4.2-su_no_sanitize_env.patch \ file://shadow-update-pam-conf.patch \ - file://slackware_fix_for_glib-2.17_crypt.patch \ - file://fix-etc-gshadow-reading.patch \ " SRC_URI_append_class-native = " \ - file://add_root_cmd_options.patch \ file://disable-syslog.patch \ - file://useradd.patch \ - file://add_root_cmd_groupmems.patch \ file://allow-for-setting-password-in-clear-text.patch \ + file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ + file://0001-useradd.c-create-parent-directories-when-necessary.patch \ " SRC_URI_append_class-nativesdk = " \ - file://add_root_cmd_options.patch \ file://disable-syslog.patch \ - file://useradd.patch \ - file://add_root_cmd_groupmems.patch \ " -SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" -SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" - -PR = "r14" +SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" +SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -61,6 +50,7 @@ EXTRA_OECONF += "--without-audit \ --without-libcrack \ --without-selinux \ --with-group-name-max-length=24 \ + --enable-subordinate-ids=no \ ${NSCDOPT}" NSCDOPT = "" @@ -166,11 +156,11 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" pkg_postinst_${PN} () { if [ "x$D" != "x" ]; then - rootarg="--root=$D" + rootarg="--root $D" else rootarg="" fi - pwconv $rootarg - grpconv $rootarg + pwconv $rootarg || exit 1 + grpconv $rootarg || exit 1 } diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.2.1.bb index 5675cb8cc9..5675cb8cc9 100644 --- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb +++ b/meta/recipes-extended/shadow/shadow_4.2.1.bb |