summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Garman <scott.a.garman@intel.com>2011-06-28 22:15:39 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2011-06-30 19:57:07 (GMT)
commit5c7d37c51cb14c7758fdd04018321222070a0bf7 (patch)
treef3a949824299bea63b9bf2164475dec62d0f041d
parentb2a047d8db4562be2ea20dfee20ac2657ce3f161 (diff)
downloadpoky-5c7d37c51cb14c7758fdd04018321222070a0bf7.tar.gz
shadow-native: fix creation of home directories
Pseudo was recently changed so that when system() calls are made after a chroot(), the host binaries can no longer be found, breaking the system("mkdir -p") approach when useradd creates home directories. Instead, use mkdir(2) to create home directories with a helper function to ensure parent directories get created. (From OE-Core rev: 7d4099a964ec79b1ac4cf5348cf9f4221c3d4908) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/shadow/files/add_root_cmd_options.patch125
1 files changed, 98 insertions, 27 deletions
diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
index db969bb..c5f2bec 100644
--- a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
+++ b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
@@ -27,7 +27,7 @@ Signed-off-by: Scott Garman <scott.a.garman@intel.com>
27 27
28diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c 28diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c
29--- shadow-4.1.4.3.orig//src/gpasswd.c 2011-02-13 09:58:16.000000000 -0800 29--- shadow-4.1.4.3.orig//src/gpasswd.c 2011-02-13 09:58:16.000000000 -0800
30+++ shadow-4.1.4.3//src/gpasswd.c 2011-05-28 17:09:52.346013331 -0700 30+++ shadow-4.1.4.3//src/gpasswd.c 2011-06-28 15:12:03.539504372 -0700
31@@ -63,6 +63,7 @@ 31@@ -63,6 +63,7 @@
32 * (/etc/gshadow present) */ 32 * (/etc/gshadow present) */
33 static bool is_shadowgrp; 33 static bool is_shadowgrp;
@@ -146,7 +146,7 @@ diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c
146 #endif 146 #endif
147diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c 147diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c
148--- shadow-4.1.4.3.orig//src/groupadd.c 2011-02-13 09:58:16.000000000 -0800 148--- shadow-4.1.4.3.orig//src/groupadd.c 2011-02-13 09:58:16.000000000 -0800
149+++ shadow-4.1.4.3//src/groupadd.c 2011-05-28 17:09:52.346013331 -0700 149+++ shadow-4.1.4.3//src/groupadd.c 2011-06-28 15:12:03.539504372 -0700
150@@ -76,6 +76,7 @@ 150@@ -76,6 +76,7 @@
151 static gid_t group_id; 151 static gid_t group_id;
152 static /*@null@*/char *group_passwd; 152 static /*@null@*/char *group_passwd;
@@ -209,7 +209,7 @@ diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c
209 break; 209 break;
210diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c 210diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c
211--- shadow-4.1.4.3.orig//src/groupdel.c 2011-02-13 09:58:16.000000000 -0800 211--- shadow-4.1.4.3.orig//src/groupdel.c 2011-02-13 09:58:16.000000000 -0800
212+++ shadow-4.1.4.3//src/groupdel.c 2011-05-28 17:09:52.346013331 -0700 212+++ shadow-4.1.4.3//src/groupdel.c 2011-06-28 15:12:03.539504372 -0700
213@@ -36,6 +36,7 @@ 213@@ -36,6 +36,7 @@
214 214
215 #include <ctype.h> 215 #include <ctype.h>
@@ -341,7 +341,7 @@ diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c
341 { 341 {
342diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c 342diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c
343--- shadow-4.1.4.3.orig//src/groupmod.c 2011-02-13 09:58:16.000000000 -0800 343--- shadow-4.1.4.3.orig//src/groupmod.c 2011-02-13 09:58:16.000000000 -0800
344+++ shadow-4.1.4.3//src/groupmod.c 2011-05-28 17:09:52.346013331 -0700 344+++ shadow-4.1.4.3//src/groupmod.c 2011-06-28 15:12:03.539504372 -0700
345@@ -79,6 +79,7 @@ 345@@ -79,6 +79,7 @@
346 static char *group_passwd; 346 static char *group_passwd;
347 static gid_t group_id; 347 static gid_t group_id;
@@ -402,7 +402,7 @@ diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c
402 } 402 }
403diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c 403diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c
404--- shadow-4.1.4.3.orig//src/grpconv.c 2011-02-13 09:58:16.000000000 -0800 404--- shadow-4.1.4.3.orig//src/grpconv.c 2011-02-13 09:58:16.000000000 -0800
405+++ shadow-4.1.4.3//src/grpconv.c 2011-05-28 17:09:52.346013331 -0700 405+++ shadow-4.1.4.3//src/grpconv.c 2011-06-28 15:12:03.539504372 -0700
406@@ -39,6 +39,7 @@ 406@@ -39,6 +39,7 @@
407 407
408 #include <errno.h> 408 #include <errno.h>
@@ -528,7 +528,7 @@ diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c
528 _("%s: cannot lock %s; try again later.\n"), 528 _("%s: cannot lock %s; try again later.\n"),
529diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c 529diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c
530--- shadow-4.1.4.3.orig//src/grpunconv.c 2011-02-13 09:58:16.000000000 -0800 530--- shadow-4.1.4.3.orig//src/grpunconv.c 2011-02-13 09:58:16.000000000 -0800
531+++ shadow-4.1.4.3//src/grpunconv.c 2011-05-28 17:09:52.346013331 -0700 531+++ shadow-4.1.4.3//src/grpunconv.c 2011-06-28 15:12:03.539504372 -0700
532@@ -43,6 +43,7 @@ 532@@ -43,6 +43,7 @@
533 #include <stdlib.h> 533 #include <stdlib.h>
534 #include <string.h> 534 #include <string.h>
@@ -654,7 +654,7 @@ diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c
654 } 654 }
655diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c 655diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c
656--- shadow-4.1.4.3.orig//src/passwd.c 2011-02-13 09:58:16.000000000 -0800 656--- shadow-4.1.4.3.orig//src/passwd.c 2011-02-13 09:58:16.000000000 -0800
657+++ shadow-4.1.4.3//src/passwd.c 2011-05-28 17:09:52.346013331 -0700 657+++ shadow-4.1.4.3//src/passwd.c 2011-06-28 15:12:03.539504372 -0700
658@@ -75,6 +75,7 @@ 658@@ -75,6 +75,7 @@
659 static char *name; /* The name of user whose password is being changed */ 659 static char *name; /* The name of user whose password is being changed */
660 static char *myname; /* The current user's name */ 660 static char *myname; /* The current user's name */
@@ -719,7 +719,7 @@ diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c
719 /* only "files" supported for now */ 719 /* only "files" supported for now */
720diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c 720diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c
721--- shadow-4.1.4.3.orig//src/pwconv.c 2011-02-13 09:58:16.000000000 -0800 721--- shadow-4.1.4.3.orig//src/pwconv.c 2011-02-13 09:58:16.000000000 -0800
722+++ shadow-4.1.4.3//src/pwconv.c 2011-05-28 17:09:52.346013331 -0700 722+++ shadow-4.1.4.3//src/pwconv.c 2011-06-28 15:12:03.539504372 -0700
723@@ -59,6 +59,7 @@ 723@@ -59,6 +59,7 @@
724 724
725 #include <errno.h> 725 #include <errno.h>
@@ -848,7 +848,7 @@ diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c
848 _("%s: cannot lock %s; try again later.\n"), 848 _("%s: cannot lock %s; try again later.\n"),
849diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c 849diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c
850--- shadow-4.1.4.3.orig//src/pwunconv.c 2011-02-13 09:58:16.000000000 -0800 850--- shadow-4.1.4.3.orig//src/pwunconv.c 2011-02-13 09:58:16.000000000 -0800
851+++ shadow-4.1.4.3//src/pwunconv.c 2011-05-28 17:09:52.356013600 -0700 851+++ shadow-4.1.4.3//src/pwunconv.c 2011-06-28 15:12:03.539504372 -0700
852@@ -35,6 +35,7 @@ 852@@ -35,6 +35,7 @@
853 #ident "$Id: pwunconv.c 2852 2009-04-30 21:44:35Z nekral-guest $" 853 #ident "$Id: pwunconv.c 2852 2009-04-30 21:44:35Z nekral-guest $"
854 854
@@ -970,7 +970,7 @@ diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c
970 exit (0); 970 exit (0);
971diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c 971diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
972--- shadow-4.1.4.3.orig//src/useradd.c 2011-02-13 09:58:16.000000000 -0800 972--- shadow-4.1.4.3.orig//src/useradd.c 2011-02-13 09:58:16.000000000 -0800
973+++ shadow-4.1.4.3//src/useradd.c 2011-05-28 17:10:25.446909971 -0700 973+++ shadow-4.1.4.3//src/useradd.c 2011-06-28 15:12:14.608787030 -0700
974@@ -112,6 +112,7 @@ 974@@ -112,6 +112,7 @@
975 #ifdef WITH_SELINUX 975 #ifdef WITH_SELINUX
976 static const char *user_selinux = ""; 976 static const char *user_selinux = "";
@@ -1085,26 +1085,97 @@ diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
1085 case 'r': 1085 case 'r':
1086 rflg = true; 1086 rflg = true;
1087 break; 1087 break;
1088@@ -1748,8 +1808,16 @@ 1088@@ -1735,6 +1795,36 @@
1089 }
1090 }
1091 #endif
1092+
1093+/*
1094+ * mkdir_p - create directories, including parent directories when needed
1095+ *
1096+ * similar to mkdir -p
1097+ */
1098+void mkdir_p(const char *path) {
1099+ int len = strlen(path);
1100+ char newdir[len + 1];
1101+ mode_t mode = 0755;
1102+ int i = 0;
1103+
1104+ if (path[i] == '\0') {
1105+ return;
1106+ }
1107+
1108+ /* skip the leading '/' */
1109+ i++;
1110+
1111+ while(path[i] != '\0') {
1112+ if (path[i] == '/') {
1113+ strncpy(newdir, path, i);
1114+ newdir[i] = '\0';
1115+ mkdir(newdir, mode);
1116+ }
1117+ i++;
1118+ }
1119+ mkdir(path, mode);
1120+}
1121+
1122 /*
1123 * create_home - create the user's home directory
1124 *
1125@@ -1748,34 +1838,31 @@
1089 #ifdef WITH_SELINUX 1126 #ifdef WITH_SELINUX
1090 selinux_file_context (user_home); 1127 selinux_file_context (user_home);
1091 #endif 1128 #endif
1092- /* XXX - create missing parent directories. --marekm */ 1129- /* XXX - create missing parent directories. --marekm */
1093- if (mkdir (user_home, 0) != 0) { 1130- if (mkdir (user_home, 0) != 0) {
1094+ /* shell out to invoke mkdir -p 1131- fprintf (stderr,
1095+ * creating a subshell under pseudo's chroot() breaks the jail 1132- _("%s: cannot create directory %s\n"),
1096+ * (bug in pseudo), so make sure we include the full host path 1133- Prog, user_home);
1097+ * to the sysroot when the --root option is in use. 1134-#ifdef WITH_AUDIT
1098+ */ 1135- audit_logger (AUDIT_ADD_USER, Prog,
1099+ int sysroot_path_len = strlen(newroot); 1136- "adding home directory",
1100+ int home_path_len = strlen(user_home); 1137- user_name, (unsigned int) user_id,
1101+ char cmd[sysroot_path_len + home_path_len + 10]; 1138- SHADOW_AUDIT_FAILURE);
1102+ sprintf(cmd, "mkdir -p %s%s", newroot, user_home); 1139-#endif
1103+ if (system (cmd) != 0) { 1140- fail_exit (E_HOMEDIR);
1104 fprintf (stderr, 1141- }
1105 _("%s: cannot create directory %s\n"), 1142- chown (user_home, user_id, user_gid);
1106 Prog, user_home); 1143- chmod (user_home,
1107@@ -1861,6 +1929,7 @@ 1144- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1145- home_added = true;
1146+ mkdir_p(user_home);
1147+ }
1148+ if (access (user_home, F_OK) != 0) {
1149 #ifdef WITH_AUDIT
1150 audit_logger (AUDIT_ADD_USER, Prog,
1151 "adding home directory",
1152 user_name, (unsigned int) user_id,
1153- SHADOW_AUDIT_SUCCESS);
1154+ SHADOW_AUDIT_FAILURE);
1155+#endif
1156+ fail_exit (E_HOMEDIR);
1157+ }
1158+ chown (user_home, user_id, user_gid);
1159+ chmod (user_home,
1160+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1161+ home_added = true;
1162+#ifdef WITH_AUDIT
1163+ audit_logger (AUDIT_ADD_USER, Prog,
1164+ "adding home directory",
1165+ user_name, (unsigned int) user_id,
1166+ SHADOW_AUDIT_SUCCESS);
1167 #endif
1168 #ifdef WITH_SELINUX
1169- /* Reset SELinux to create files with default contexts */
1170- setfscreatecon (NULL);
1171+ /* Reset SELinux to create files with default contexts */
1172+ setfscreatecon (NULL);
1173 #endif
1174- }
1175 }
1176
1177 /*
1178@@ -1861,6 +1948,7 @@
1108 */ 1179 */
1109 user_groups[0] = (char *) 0; 1180 user_groups[0] = (char *) 0;
1110 1181
@@ -1114,7 +1185,7 @@ diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
1114 #ifdef SHADOWGRP 1185 #ifdef SHADOWGRP
1115diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c 1186diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c
1116--- shadow-4.1.4.3.orig//src/userdel.c 2011-02-13 09:58:16.000000000 -0800 1187--- shadow-4.1.4.3.orig//src/userdel.c 2011-02-13 09:58:16.000000000 -0800
1117+++ shadow-4.1.4.3//src/userdel.c 2011-05-28 17:09:52.356013600 -0700 1188+++ shadow-4.1.4.3//src/userdel.c 2011-06-28 15:12:03.549503721 -0700
1118@@ -79,6 +79,7 @@ 1189@@ -79,6 +79,7 @@
1119 static char *user_name; 1190 static char *user_name;
1120 static uid_t user_id; 1191 static uid_t user_id;
@@ -1169,7 +1240,7 @@ diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c
1169 break; 1240 break;
1170diff -urN shadow-4.1.4.3.orig//src/usermod.c shadow-4.1.4.3//src/usermod.c 1241diff -urN shadow-4.1.4.3.orig//src/usermod.c shadow-4.1.4.3//src/usermod.c
1171--- shadow-4.1.4.3.orig//src/usermod.c 2011-02-13 09:58:16.000000000 -0800 1242--- shadow-4.1.4.3.orig//src/usermod.c 2011-02-13 09:58:16.000000000 -0800
1172+++ shadow-4.1.4.3//src/usermod.c 2011-05-28 17:09:52.356013600 -0700 1243+++ shadow-4.1.4.3//src/usermod.c 2011-06-28 15:12:03.549503721 -0700
1173@@ -110,6 +110,7 @@ 1244@@ -110,6 +110,7 @@
1174 static long user_newinactive; 1245 static long user_newinactive;
1175 static long sys_ngroups; 1246 static long sys_ngroups;