Hi,
looks like the actual patches are missing for some reason. Attached
are the two patches that add support for libnss-extrausers.
Cheers,
Michael
Description: Add support to passwd for updating libnss-extrausers locations
Author: Michael Terry <michael.te...@canonical.com>
Index: shadow-4.1.5.1/lib/defines.h
===================================================================
--- shadow-4.1.5.1.orig/lib/defines.h
+++ shadow-4.1.5.1/lib/defines.h
@@ -316,6 +316,14 @@ char *strchr (), *strrchr (), *strtok ()
#endif
#endif
+#ifndef EXTRAUSERS_PASSWD_FILE
+#define EXTRAUSERS_PASSWD_FILE "/var/lib/extrausers/passwd"
+#endif
+
+#ifndef EXTRAUSERS_SHADOW_FILE
+#define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
+#endif
+
#ifndef NULL
#define NULL ((void *) 0)
#endif
Index: shadow-4.1.5.1/src/passwd.c
===================================================================
--- shadow-4.1.5.1.orig/src/passwd.c
+++ shadow-4.1.5.1/src/passwd.c
@@ -544,8 +544,15 @@ static void update_noshadow (void)
{
const struct passwd *pw;
struct passwd *npw;
+ bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
+ access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
if (pw_lock () == 0) {
+ if (try_extrausers) {
+ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
+ update_noshadow ();
+ return;
+ }
(void) fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, pw_dbname ());
@@ -553,6 +560,20 @@ static void update_noshadow (void)
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
+ if (try_extrausers) {
+ if (pw_unlock () == 0) {
+ (void) fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, pw_dbname ());
+ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
+ /* continue */
+ }
+ pw_locked = false;
+
+ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
+ update_noshadow ();
+ return;
+ }
(void) fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, pw_dbname ());
@@ -561,6 +582,21 @@ static void update_noshadow (void)
}
pw = pw_locate (name);
if (NULL == pw) {
+ if (try_extrausers) {
+ (void) pw_close ();
+ if (pw_unlock () == 0) {
+ (void) fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, pw_dbname ());
+ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
+ /* continue */
+ }
+ pw_locked = false;
+
+ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
+ update_noshadow ();
+ return;
+ }
(void) fprintf (stderr,
_("%s: user '%s' does not exist in %s\n"),
Prog, name, pw_dbname ());
@@ -598,8 +634,15 @@ static void update_shadow (void)
{
const struct spwd *sp;
struct spwd *nsp;
+ bool try_extrausers = strcmp (spw_dbname (), EXTRAUSERS_SHADOW_FILE) != 0 &&
+ access (EXTRAUSERS_SHADOW_FILE, F_OK) == 0;
if (spw_lock () == 0) {
+ if (try_extrausers) {
+ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
+ update_shadow ();
+ return;
+ }
(void) fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, spw_dbname ());
@@ -607,6 +650,20 @@ static void update_shadow (void)
}
spw_locked = true;
if (spw_open (O_RDWR) == 0) {
+ if (try_extrausers) {
+ if (spw_unlock () == 0) {
+ (void) fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+ Prog, spw_dbname ());
+ SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
+ /* continue */
+ }
+ spw_locked = false;
+
+ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
+ update_shadow ();
+ return;
+ }
(void) fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
@@ -617,7 +674,9 @@ static void update_shadow (void)
if (NULL == sp) {
/* Try to update the password in /etc/passwd instead. */
(void) spw_close ();
- update_noshadow ();
+ if (!try_extrausers) {
+ update_noshadow ();
+ }
if (spw_unlock () == 0) {
(void) fprintf (stderr,
_("%s: failed to unlock %s\n"),
@@ -626,6 +685,10 @@ static void update_shadow (void)
/* continue */
}
spw_locked = false;
+ if (try_extrausers) {
+ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
+ update_shadow ();
+ }
return;
}
nsp = __spw_dup (sp);
Index: shadow-4.1.5.1/lib/commonio.c
===================================================================
--- shadow-4.1.5.1.orig/lib/commonio.c
+++ shadow-4.1.5.1/lib/commonio.c
@@ -401,6 +401,7 @@ int commonio_lock_nowait (struct commoni
int commonio_lock (struct commonio_db *db)
{
#ifdef HAVE_LCKPWDF
+ if (strncmp(db->filename, "/etc/", 5) == 0) {
/*
* only if the system libc has a real lckpwdf() - the one from
* lockpw.c calls us and would cause infinite recursion!
@@ -428,7 +429,9 @@ int commonio_lock (struct commonio_db *d
ulckpwdf ();
return 0; /* failure */
-#else /* !HAVE_LCKPWDF */
+ } else /* strncmp(db->filename, "/etc/", 5) == 0 */
+#endif /* HAVE_LCKPWDF */
+ {
int i;
/*
@@ -456,7 +459,7 @@ int commonio_lock (struct commonio_db *d
}
}
return 0; /* failure */
-#endif /* !HAVE_LCKPWDF */
+ }
}
static void dec_lock_count (void)
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -324,6 +324,22 @@
#define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
#endif
+#ifndef EXTRAUSERS_GROUP_FILE
+#define EXTRAUSERS_GROUP_FILE "/var/lib/extrausers/group"
+#endif
+
+#ifndef EXTRAUSERS_SHADOWGROUP_FILE
+#define EXTRAUSERS_SHADOWGROUP_FILE "/var/lib/extrausers/gshadow"
+#endif
+
+#ifndef EXTRAUSERS_SUBUID_FILE
+#define EXTRAUSERS_SUBUID_FILE "/var/lib/extrausers/subuid"
+#endif
+
+#ifndef EXTRAUSERS_SUBGID_FILE
+#define EXTRAUSERS_SUBGID_FILE "/var/lib/extrausers/subgid"
+#endif
+
#ifndef NULL
#define NULL ((void *) 0)
#endif
--- a/src/groupadd.c
+++ b/src/groupadd.c
@@ -102,6 +102,12 @@
static void check_flags (void);
static void check_perms (void);
+#ifndef EXTRAUSERS_OPT
+#define EXTRAUSERS_OPT 100000
+#endif
+
+static bool use_extrausers = false;
+
/*
* usage - display usage message and exit
*/
@@ -123,6 +129,7 @@
(void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
(void) fputs (_(" -r, --system create a system account\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
(void) fputs ("\n", usageout);
exit (status);
}
@@ -386,12 +393,16 @@
{"password", required_argument, NULL, 'p'},
{"system", no_argument, NULL, 'r'},
{"root", required_argument, NULL, 'R'},
+ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv, "fg:hK:op:rR:",
long_options, NULL)) != -1) {
switch (c) {
+ case EXTRAUSERS_OPT:
+ use_extrausers = true;
+ break;
case 'f':
/*
* "force" - do nothing, just exit(0), if the
@@ -598,7 +609,18 @@
check_perms ();
+ if (use_extrausers) {
+ fprintf (stderr, "ENTER EXTRAUSERS_GROUP_FILE");
+ gr_setdbname (EXTRAUSERS_GROUP_FILE);
+ fprintf (stderr, "EXIT EXTRAUSERS_GROUP_FILE");
+ }
+
#ifdef SHADOWGRP
+ if (use_extrausers) {
+ fprintf (stderr, "ENTER EXTRAUSERS_SHADOWGROUP_FILE");
+ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
+ fprintf (stderr, "EXIT EXTRAUSERS_SHADOWGROUP_FILE");
+ }
is_shadow_grp = sgr_file_present ();
#endif
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -137,6 +137,12 @@
static gid_t sub_gid_start; /* New subordinate gid range */
static unsigned long sub_gid_count;
+#ifndef EXTRAUSERS_OPT
+#define EXTRAUSERS_OPT 100000
+#endif
+
+static bool use_extrausers = false;
+
static bool
bflg = false, /* new default root of home directory */
cflg = false, /* comment (GECOS) field for new account */
@@ -770,6 +776,7 @@
#ifdef WITH_SELINUX
(void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), usageout);
#endif /* WITH_SELINUX */
+ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
(void) fputs ("\n", usageout);
exit (status);
}
@@ -1044,6 +1051,7 @@
#ifdef WITH_SELINUX
{"selinux-user", required_argument, NULL, 'Z'},
#endif /* WITH_SELINUX */
+ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
{NULL, 0, NULL, '\0'}
};
while ((c = getopt_long (argc, argv,
@@ -1054,6 +1062,9 @@
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
switch (c) {
+ case EXTRAUSERS_OPT:
+ use_extrausers = true;
+ break;
case 'b':
if ( ( !VALID (optarg) )
|| ( optarg[0] != '/' )) {
@@ -2104,6 +2115,18 @@
}
}
+ if (use_extrausers) {
+ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
+ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
+ gr_setdbname (EXTRAUSERS_GROUP_FILE);
+ /* TODO expose this information in other tools */
+ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
+ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
+#ifdef SHADOWGRP
+ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
+#endif
+ }
+
/*
* Do the hard stuff:
* - open the files,
