Blame SOURCES/shadow-4.6-use-lckpwdf.patch

5ab9c0
commit 408b8a548243aebaa6d773beeae8ddf4bb6100f0
5ab9c0
Author: Tomas Mraz <tmraz@fedoraproject.org>
5ab9c0
Date:   Thu May 2 14:33:06 2019 +0200
5ab9c0
5ab9c0
    Use the lckpwdf() again if prefix is not set
5ab9c0
    
5ab9c0
    The implementation of prefix option dropped the use of lckpwdf().
5ab9c0
    However that is incorrect as other tools manipulating the shadow passwords
5ab9c0
    such as PAM use lckpwdf() and do not know anything about the
5ab9c0
    shadow's own locking mechanism.
5ab9c0
    
5ab9c0
    This reverts the implementation to use lckpwdf() if prefix option
5ab9c0
    is not used.
5ab9c0
5ab9c0
diff --git a/lib/commonio.c b/lib/commonio.c
5ab9c0
index 26e518f2..94dda779 100644
5ab9c0
--- a/lib/commonio.c
5ab9c0
+++ b/lib/commonio.c
5ab9c0
@@ -364,6 +364,7 @@ static void free_linked_list (struct commonio_db *db)
5ab9c0
 int commonio_setname (struct commonio_db *db, const char *name)
5ab9c0
 {
5ab9c0
 	snprintf (db->filename, sizeof (db->filename), "%s", name);
5ab9c0
+	db->setname = true;
5ab9c0
 	return 1;
5ab9c0
 }
5ab9c0
 
5ab9c0
@@ -414,37 +415,39 @@ cleanup_ENOMEM:
5ab9c0
 
5ab9c0
 int commonio_lock (struct commonio_db *db)
5ab9c0
 {
5ab9c0
-/*#ifdef HAVE_LCKPWDF*/ /* not compatible with prefix option*/
5ab9c0
-#if 0
5ab9c0
-	/*
5ab9c0
-	 * only if the system libc has a real lckpwdf() - the one from
5ab9c0
-	 * lockpw.c calls us and would cause infinite recursion!
5ab9c0
-	 */
5ab9c0
+	int i;
5ab9c0
 
5ab9c0
+#ifdef HAVE_LCKPWDF
5ab9c0
 	/*
5ab9c0
-	 * Call lckpwdf() on the first lock.
5ab9c0
-	 * If it succeeds, call *_lock() only once
5ab9c0
-	 * (no retries, it should always succeed).
5ab9c0
+	 * Only if the system libc has a real lckpwdf() - the one from
5ab9c0
+	 * lockpw.c calls us and would cause infinite recursion!
5ab9c0
+	 * It is also not used with the prefix option.
5ab9c0
 	 */
5ab9c0
-	if (0 == lock_count) {
5ab9c0
-		if (lckpwdf () == -1) {
5ab9c0
-			if (geteuid () != 0) {
5ab9c0
-				(void) fprintf (stderr,
5ab9c0
-				                "%s: Permission denied.\n",
5ab9c0
-				                Prog);
5ab9c0
+	if (!db->setname) {
5ab9c0
+		/*
5ab9c0
+		 * Call lckpwdf() on the first lock.
5ab9c0
+		 * If it succeeds, call *_lock() only once
5ab9c0
+		 * (no retries, it should always succeed).
5ab9c0
+		 */
5ab9c0
+		if (0 == lock_count) {
5ab9c0
+			if (lckpwdf () == -1) {
5ab9c0
+				if (geteuid () != 0) {
5ab9c0
+					(void) fprintf (stderr,
5ab9c0
+					                "%s: Permission denied.\n",
5ab9c0
+					                Prog);
5ab9c0
+				}
5ab9c0
+				return 0;	/* failure */
5ab9c0
 			}
5ab9c0
-			return 0;	/* failure */
5ab9c0
 		}
5ab9c0
-	}
5ab9c0
 
5ab9c0
-	if (commonio_lock_nowait (db, true) != 0) {
5ab9c0
-		return 1;	/* success */
5ab9c0
-	}
5ab9c0
+		if (commonio_lock_nowait (db, true) != 0) {
5ab9c0
+			return 1;	/* success */
5ab9c0
+		}
5ab9c0
 
5ab9c0
-	ulckpwdf ();
5ab9c0
-	return 0;		/* failure */
5ab9c0
-#else				/* !HAVE_LCKPWDF */
5ab9c0
-	int i;
5ab9c0
+		ulckpwdf ();
5ab9c0
+		return 0;		/* failure */
5ab9c0
+	}
5ab9c0
+#endif				/* !HAVE_LCKPWDF */
5ab9c0
 
5ab9c0
 	/*
5ab9c0
 	 * lckpwdf() not used - do it the old way.
5ab9c0
@@ -471,7 +474,6 @@ int commonio_lock (struct commonio_db *db)
5ab9c0
 		}
5ab9c0
 	}
5ab9c0
 	return 0;		/* failure */
5ab9c0
-#endif				/* !HAVE_LCKPWDF */
5ab9c0
 }
5ab9c0
 
5ab9c0
 static void dec_lock_count (void)
5ab9c0
diff --git a/lib/commonio.h b/lib/commonio.h
5ab9c0
index 40e5708f..64e83073 100644
5ab9c0
--- a/lib/commonio.h
5ab9c0
+++ b/lib/commonio.h
5ab9c0
@@ -143,6 +143,7 @@ struct commonio_db {
5ab9c0
 	bool isopen:1;
5ab9c0
 	bool locked:1;
5ab9c0
 	bool readonly:1;
5ab9c0
+	bool setname:1;
5ab9c0
 };
5ab9c0
 
5ab9c0
 extern int commonio_setname (struct commonio_db *, const char *);
5ab9c0
diff --git a/lib/groupio.c b/lib/groupio.c
5ab9c0
index ae2302b5..bffb06e0 100644
5ab9c0
--- a/lib/groupio.c
5ab9c0
+++ b/lib/groupio.c
5ab9c0
@@ -139,7 +139,8 @@ static /*@owned@*/struct commonio_db group_db = {
5ab9c0
 	false,			/* changed */
5ab9c0
 	false,			/* isopen */
5ab9c0
 	false,			/* locked */
5ab9c0
-	false			/* readonly */
5ab9c0
+	false,			/* readonly */
5ab9c0
+	false			/* setname */
5ab9c0
 };
5ab9c0
 
5ab9c0
 int gr_setdbname (const char *filename)
5ab9c0
diff --git a/lib/pwio.c b/lib/pwio.c
5ab9c0
index 7ee85377..127719cb 100644
5ab9c0
--- a/lib/pwio.c
5ab9c0
+++ b/lib/pwio.c
5ab9c0
@@ -114,7 +114,8 @@ static struct commonio_db passwd_db = {
5ab9c0
 	false,			/* changed */
5ab9c0
 	false,			/* isopen */
5ab9c0
 	false,			/* locked */
5ab9c0
-	false			/* readonly */
5ab9c0
+	false,			/* readonly */
5ab9c0
+	false			/* setname */
5ab9c0
 };
5ab9c0
 
5ab9c0
 int pw_setdbname (const char *filename)
5ab9c0
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
5ab9c0
index 5423626a..ffbdb263 100644
5ab9c0
--- a/lib/sgroupio.c
5ab9c0
+++ b/lib/sgroupio.c
5ab9c0
@@ -238,7 +238,8 @@ static struct commonio_db gshadow_db = {
5ab9c0
 	false,			/* changed */
5ab9c0
 	false,			/* isopen */
5ab9c0
 	false,			/* locked */
5ab9c0
-	false			/* readonly */
5ab9c0
+	false,			/* readonly */
5ab9c0
+	false			/* setname */
5ab9c0
 };
5ab9c0
 
5ab9c0
 int sgr_setdbname (const char *filename)
5ab9c0
diff --git a/lib/shadowio.c b/lib/shadowio.c
5ab9c0
index 5fa3d312..676b1f1a 100644
5ab9c0
--- a/lib/shadowio.c
5ab9c0
+++ b/lib/shadowio.c
5ab9c0
@@ -114,7 +114,8 @@ static struct commonio_db shadow_db = {
5ab9c0
 	false,			/* changed */
5ab9c0
 	false,			/* isopen */
5ab9c0
 	false,			/* locked */
5ab9c0
-	false			/* readonly */
5ab9c0
+	false,			/* readonly */
5ab9c0
+	false			/* setname */
5ab9c0
 };
5ab9c0
 
5ab9c0
 int spw_setdbname (const char *filename)
5ab9c0
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
5ab9c0
index a662e67e..dd779c59 100644
5ab9c0
--- a/lib/subordinateio.c
5ab9c0
+++ b/lib/subordinateio.c
5ab9c0
@@ -550,7 +550,8 @@ static struct commonio_db subordinate_uid_db = {
5ab9c0
 	false,			/* changed */
5ab9c0
 	false,			/* isopen */
5ab9c0
 	false,			/* locked */
5ab9c0
-	false			/* readonly */
5ab9c0
+	false,			/* readonly */
5ab9c0
+	false			/* setname */
5ab9c0
 };
5ab9c0
 
5ab9c0
 int sub_uid_setdbname (const char *filename)
5ab9c0
@@ -631,7 +632,8 @@ static struct commonio_db subordinate_gid_db = {
5ab9c0
 	false,			/* changed */
5ab9c0
 	false,			/* isopen */
5ab9c0
 	false,			/* locked */
5ab9c0
-	false			/* readonly */
5ab9c0
+	false,			/* readonly */
5ab9c0
+	false			/* setname */
5ab9c0
 };
5ab9c0
 
5ab9c0
 int sub_gid_setdbname (const char *filename)