Tomas Mraz [Tue, 15 Nov 2016 14:43:54 +0000 (15:43 +0100)]
Make the group and user allocation more effective.
Previously, the allocation was optimized for an outdated
deployment style (that of /etc/group alongside nss_db). The issue
here is that this results in extremely poor performance when using
SSSD, Winbind or nss_ldap.
There were actually two serious bugs here that have been addressed:
1) Running getgrent() loops won't work in most SSSD or Winbind
environments, as full group enumeration is disabled by default.
This could easily result in auto-allocating a group that was
already in use. (This might result in a security issue as well, if
the shared GID is a privileged group).
2) For system groups, the loop was always iterating through the
complete SYS_GID_MIN->SYS_GID_MAX range. On SSSD and Winbind, this
means hundreds of round-trips to LDAP (unless the GIDs were
specifically configured to be ignored by the SSSD or winbindd).
To a user with a slow connection to their LDAP server, this would
appear as if groupadd -r was hung. (Though it would eventually
complete).
This patch changes the algorithm to be more favorable for LDAP
environments, at the expense of some performance when using nss_db.
Given that the DB is a local service, this should have a negligible
effect from a user's perspective.
With the new algorithm, we simply first iterate through all entries
in the local database with gr_next(), recording the IDs that are in
use. We then start from the highest presumed-available entry and
call getgrgid() to see if it is available. We continue this until
we come to the first unused GID. We then select that and return it.
If we make it through all the remaining IDs without finding a free
one, we start over from the beginning of the range and try to find
room in one of the gaps in the range.
The patch was originally written by Stephen Gallagher and applied
identically also to the user allocation by Tomáš Mráz.
Mike Frysinger [Mon, 5 Dec 2016 22:15:29 +0000 (17:15 -0500)]
include getdef.h for getdef_bool prototype
Otherwise we get build warnings like:
sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
Mike Frysinger [Mon, 5 Dec 2016 21:02:55 +0000 (16:02 -0500)]
enable silent build output by default
Enable the automake feature to produce silent output by default.
When compiling code, we now see things like:
$ make
CC addgrps.o
CC age.o
CC audit_help.o
...
This can be disabled via configure's --disable-silent-rules or
by passing V=1 to make.
Custom output (like in the man subdirs) don't (yet) respect this
feature. More work will be needed to clean those up.
Mike Frysinger [Mon, 5 Dec 2016 20:57:34 +0000 (15:57 -0500)]
switch bz2 dist to xz
Since xz is fairly common nowadays, and is typically smaller/faster than
bzip2 for people to decompress, switch shadow over too. We also merge
the two init locations into configure.ac to match newer autotools style.
The min automake version is bumped to 1.11 too since that's when xz was
released.
The autoconf/automake guys want AC_INIT to be passed the details of the
package directly rather than going through AM_INIT_AUTOMAKE. Update them
both to use the newer style.
This also allows us to pass in contact details for the project.
We set the minimum autoconf version to 2.64 as that's the first one to
support passing the homepage URL in to AC_INIT. That's a pretty old
release by now, so it shouldn't be a problem.
These assignments were pasted as is into the Makefile and
ended up as part of a rule. (Usually the .PRECIOUS rule
which is why the build system never attempted to execute it
as commands, hiding the problem.)
Signed-off-by: Wolfgang Bumiller <wry.git@bumiller.com> Reported-by: Rahel A <ra00177@surrey.ac.uk>
Michael Vetter [Mon, 18 Jul 2016 13:18:08 +0000 (15:18 +0200)]
Fix sentence in usermod manual
Should have been: '[...] but only checkS [...]'.
So there was a missing 's'. Architectures isn't the right word either.
I decided to write the whole sentence new.
Some of the supplied tools use functions which are not signal-safe.
Most of the times it's exit() vs. _exit().
In other times it's how the standard output or standard error is
handled. FILE-related functions shall be avoided, therefore I replaced
them with write().
Also there is no need to call closelog(). At worst, it allows to
trigger a deadlock by issuing different signal types at bad timings.
But as these fixes are about race conditions, expect bad timings in
general for these bugs to be triggered. :)
W. Trevor King [Sat, 30 Apr 2016 00:10:23 +0000 (17:10 -0700)]
*/Makefile.am: Replace INCLUDES with AM_CPPFLAGS
Catch up with Automake's [1], which was part of v1.6b, cut 2002-07-28
[2]. Avoids:
$ autoreconf -v -f --install
...
libmisc/Makefile.am:4: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
...
src/Makefile.am:10: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
...
Consolidating with the earlier AM_CPPFLAGS avoids:
$ autoreconf -v -f --install
src/Makefile.am:72: warning: AM_CPPFLAGS multiply defined in condition TRUE ...
src/Makefile.am:10: ... 'AM_CPPFLAGS' previously defined here
autoreconf-2.69: Leaving directory `.'
[1]: http://git.savannah.gnu.org/cgit/automake.git/commit/?id=1415d22f6203206bc393fc4ea233123ba579222d
Summary: automake.in (generate_makefile): Suggest using AM_CPPFLAGS instead of INCLUDES
Date: 2002-07-09
[2]: http://git.savannah.gnu.org/cgit/automake.git/tag/?id=Release-1-6b
Tomas Mraz [Thu, 3 Mar 2016 14:37:01 +0000 (15:37 +0100)]
Add ability to clear or set lastlog record for user via lastlog command
This functionality is useful because there is now a feature
of Linux-PAM's pam_lastlog module to block expired users (users
which did not login recently enough) from login. This commit
complements it so the sysadmin is able to unblock such expired user.
Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
Serge Hallyn [Thu, 18 Feb 2016 17:20:43 +0000 (09:20 -0800)]
useradd: respect -r flag when allocating subuids
We intend to not create subuids for system users. However we are
checking for command line flags after we check whether -r flag
was set, so it was never found to be true. Fix that.
Stéphane Graber [Mon, 15 Feb 2016 23:11:10 +0000 (18:11 -0500)]
Tweak uid/gid map default configuration
- Use an allocation of 65536 uids and gids to allow for POSIX-compliant
user owned namespaces.
- Don't allocate a uid/gid map to system users.
Unfortunately checking for --system isn't quite enough as some
distribution wrappers always call useradd without --system and take care
of choosing a uid and gid themselves, so also check whether the
requested uid/gid is in the user range.
This is taken from a patch I wrote for Ubuntu a couple years ago and
which somehow didn't make it upstream.
The current implementation of subuid/subgid support in usermod requires the
user to be a local user present in /etc/passwd. There doesn't seem to be a
good reason for this; subuids should work equally well for users whose
records are in other NSS databases.
The functions __gr_dup and __pw_dup do not explicitly zero the
memory which hold the passwords after free. The gr_free and pw_free
functions do this explicitly.
To guarantee same behaviour, it's possible to call these *_free
functions directly from __*_dup, because the memory is initialized
with zeros at the beginning. Calling free(NULL) has no negative
effect and can be considered safe these days.
Allow deleting the group even if it is the primary group of a user
This is helpful when using configuration management tools such as
Puppet, where you are managing the groups in a central location and you
don't need this safeguard.
Signed-off-by: "Jesse W. Hathaway" <jesse@mbuki-mvuki.org> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>