1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165 | diff -u shadow-4.1.5.1/debian/changelog shadow-4.1.5.1/debian/changelog
--- shadow-4.1.5.1/debian/changelog
+++ shadow-4.1.5.1/debian/changelog
@@ -1,3 +1,9 @@
+shadow (1:4.1.5.1-1.1ubuntu6) UNRELEASED; urgency=medium
+
+ * extrausers support for useradd and groupadd (LP: #1323732)
+
+ -- Sergio Schvezov <sergio.schvezov@canonical.com> Thu, 25 Jun 2015 15:26:55 -0300
+
shadow (1:4.1.5.1-1.1ubuntu5) wily; urgency=medium
* debian/rules: Re-enable audit support. (LP: #1414817)
diff -u shadow-4.1.5.1/debian/patches/series shadow-4.1.5.1/debian/patches/series
--- shadow-4.1.5.1/debian/patches/series
+++ shadow-4.1.5.1/debian/patches/series
@@ -39,0 +40 @@
+1011_extrausers_toggle.patch
only in patch2:
unchanged:
--- shadow-4.1.5.1.orig/debian/patches/1011_extrausers_toggle.patch
+++ shadow-4.1.5.1/debian/patches/1011_extrausers_toggle.patch
@@ -0,0 +1,142 @@
+Description: Add a longopt for useradd and groupadd to use libnss-extrausers locations
+Author: Sergio Schvezov <sergio.schvezov@canonical.com>
+
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -324,6 +324,22 @@
+ #define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
+ #endif
+
++#ifndef EXTRAUSERS_GROUP_FILE
++#define EXTRAUSERS_GROUP_FILE "/var/lib/extrausers/group"
++#endif
++
++#ifndef EXTRAUSERS_SHADOWGROUP_FILE
++#define EXTRAUSERS_SHADOWGROUP_FILE "/var/lib/extrausers/gshadow"
++#endif
++
++#ifndef EXTRAUSERS_SUBUID_FILE
++#define EXTRAUSERS_SUBUID_FILE "/var/lib/extrausers/subuid"
++#endif
++
++#ifndef EXTRAUSERS_SUBGID_FILE
++#define EXTRAUSERS_SUBGID_FILE "/var/lib/extrausers/subgid"
++#endif
++
+ #ifndef NULL
+ #define NULL ((void *) 0)
+ #endif
+--- a/src/groupadd.c
++++ b/src/groupadd.c
+@@ -102,6 +102,12 @@
+ static void check_flags (void);
+ static void check_perms (void);
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+ * usage - display usage message and exit
+ */
+@@ -123,6 +129,7 @@
+ (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
+ (void) fputs (_(" -r, --system create a system account\n"), usageout);
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -386,12 +393,16 @@
+ {"password", required_argument, NULL, 'p'},
+ {"system", no_argument, NULL, 'r'},
+ {"root", required_argument, NULL, 'R'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+
+ while ((c = getopt_long (argc, argv, "fg:hK:op:rR:",
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'f':
+ /*
+ * "force" - do nothing, just exit(0), if the
+@@ -598,6 +609,13 @@
+
+ check_perms ();
+
++ if (use_extrausers) {
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ #ifdef SHADOWGRP
+ is_shadow_grp = sgr_file_present ();
+ #endif
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -137,6 +137,12 @@
+ static gid_t sub_gid_start; /* New subordinate gid range */
+ static unsigned long sub_gid_count;
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ static bool
+ bflg = false, /* new default root of home directory */
+ cflg = false, /* comment (GECOS) field for new account */
+@@ -770,6 +776,7 @@
+ #ifdef WITH_SELINUX
+ (void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), usageout);
+ #endif /* WITH_SELINUX */
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -1044,6 +1051,7 @@
+ #ifdef WITH_SELINUX
+ {"selinux-user", required_argument, NULL, 'Z'},
+ #endif /* WITH_SELINUX */
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+ while ((c = getopt_long (argc, argv,
+@@ -1054,6 +1062,9 @@
+ #endif /* !WITH_SELINUX */
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'b':
+ if ( ( !VALID (optarg) )
+ || ( optarg[0] != '/' )) {
+@@ -2104,6 +2115,18 @@
+ }
+ }
+
++ if (use_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ /* TODO expose this information in other tools */
++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ /*
+ * Do the hard stuff:
+ * - open the files,
|