1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167 | diff -u shadow-4.1.5.1/debian/changelog shadow-4.1.5.1/debian/changelog
--- shadow-4.1.5.1/debian/changelog
+++ shadow-4.1.5.1/debian/changelog
@@ -1,3 +1,9 @@
+shadow (1:4.1.5.1-1.1ubuntu6) UNRELEASED; urgency=medium
+
+ * extrausers support for useradd and groupadd (LP: #1323732)
+
+ -- Sergio Schvezov <sergio.schvezov@canonical.com> Thu, 25 Jun 2015 15:26:55 -0300
+
shadow (1:4.1.5.1-1.1ubuntu5) wily; urgency=medium
* debian/rules: Re-enable audit support. (LP: #1414817)
diff -u shadow-4.1.5.1/debian/patches/series shadow-4.1.5.1/debian/patches/series
--- shadow-4.1.5.1/debian/patches/series
+++ shadow-4.1.5.1/debian/patches/series
@@ -39,0 +40 @@
+1011_extrausers_toggle.patch
only in patch2:
unchanged:
--- shadow-4.1.5.1.orig/debian/patches/1011_extrausers_toggle.patch
+++ shadow-4.1.5.1/debian/patches/1011_extrausers_toggle.patch
@@ -0,0 +1,144 @@
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -324,6 +324,22 @@
+ #define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
+ #endif
+
++#ifndef EXTRAUSERS_GROUP_FILE
++#define EXTRAUSERS_GROUP_FILE "/var/lib/extrausers/group"
++#endif
++
++#ifndef EXTRAUSERS_SHADOWGROUP_FILE
++#define EXTRAUSERS_SHADOWGROUP_FILE "/var/lib/extrausers/gshadow"
++#endif
++
++#ifndef EXTRAUSERS_SUBUID_FILE
++#define EXTRAUSERS_SUBUID_FILE "/var/lib/extrausers/subuid"
++#endif
++
++#ifndef EXTRAUSERS_SUBGID_FILE
++#define EXTRAUSERS_SUBGID_FILE "/var/lib/extrausers/subgid"
++#endif
++
+ #ifndef NULL
+ #define NULL ((void *) 0)
+ #endif
+--- a/src/groupadd.c
++++ b/src/groupadd.c
+@@ -102,6 +102,12 @@
+ static void check_flags (void);
+ static void check_perms (void);
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+ * usage - display usage message and exit
+ */
+@@ -123,6 +129,7 @@
+ (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
+ (void) fputs (_(" -r, --system create a system account\n"), usageout);
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
++ (void) fputs (_(" -E, --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -386,12 +393,16 @@
+ {"password", required_argument, NULL, 'p'},
+ {"system", no_argument, NULL, 'r'},
+ {"root", required_argument, NULL, 'R'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+
+ while ((c = getopt_long (argc, argv, "fg:hK:op:rR:",
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'f':
+ /*
+ * "force" - do nothing, just exit(0), if the
+@@ -598,7 +609,18 @@
+
+ check_perms ();
+
++ if (use_extrausers) {
++ fprintf (stderr, "ENTER EXTRAUSERS_GROUP_FILE");
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ fprintf (stderr, "EXIT EXTRAUSERS_GROUP_FILE");
++ }
++
+ #ifdef SHADOWGRP
++ if (use_extrausers) {
++ fprintf (stderr, "ENTER EXTRAUSERS_SHADOWGROUP_FILE");
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++ fprintf (stderr, "EXIT EXTRAUSERS_SHADOWGROUP_FILE");
++ }
+ is_shadow_grp = sgr_file_present ();
+ #endif
+
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -137,6 +137,12 @@
+ static gid_t sub_gid_start; /* New subordinate gid range */
+ static unsigned long sub_gid_count;
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ static bool
+ bflg = false, /* new default root of home directory */
+ cflg = false, /* comment (GECOS) field for new account */
+@@ -770,6 +776,7 @@
+ #ifdef WITH_SELINUX
+ (void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), usageout);
+ #endif /* WITH_SELINUX */
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -1044,6 +1051,7 @@
+ #ifdef WITH_SELINUX
+ {"selinux-user", required_argument, NULL, 'Z'},
+ #endif /* WITH_SELINUX */
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+ while ((c = getopt_long (argc, argv,
+@@ -1054,6 +1062,9 @@
+ #endif /* !WITH_SELINUX */
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'b':
+ if ( ( !VALID (optarg) )
+ || ( optarg[0] != '/' )) {
+@@ -2104,6 +2115,18 @@
+ }
+ }
+
++ if (use_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ /* TODO expose this information in other tools */
++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ /*
+ * Do the hard stuff:
+ * - open the files,
|