emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

2009-07-18 Peter Vrabec <pvrabec@redhat.com>

Browse Source 
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
	system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
	reverse order, accounts are packed close to SYS_?ID_MAX if
	SYS_?ID_MIN is already used but there are still dome gaps.
This commit is contained in:
nekral-guest 2009-07-18 00:35:35 +00:00
parent b0bcb01888
commit 56c7096000
4 changed files with 117 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -4,6 +4,10 @@
getpwent / getgrent for system accounts. Trying the low-IDs with getpwent / getgrent for system accounts. Trying the low-IDs with
getpwuid / getgrgid should be more efficient on LDAP configured getpwuid / getgrgid should be more efficient on LDAP configured
systems with many accounts. systems with many accounts.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if
SYS_?ID_MIN is already used but there are still dome gaps.
2009-07-05 Piarres Beobide <pi+debian@beobide.net> 2009-07-05 Piarres Beobide <pi+debian@beobide.net>

3
NEWS
View File

@ -8,6 +8,9 @@ shadow-4.1.4.1 -> shadow-4.1.4.2 UNRELEASED
- addition of system users or groups - addition of system users or groups
* Speed improvement. This should be noticeable in case of LDAP configured * Speed improvement. This should be noticeable in case of LDAP configured
systems. This should impact useradd, groupadd, and newusers systems. This should impact useradd, groupadd, and newusers
* Since system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if SYS_?ID_MIN
is already used but there are still dome gaps.
- su - su
* Preserve the DISPLAY and XAUTHORITY environment variables. This was * Preserve the DISPLAY and XAUTHORITY environment variables. This was

65
libmisc/find_new_gid.c
View File

@ -52,7 +52,7 @@ int find_new_gid (bool sys_group,
/*@null@*/gid_t const *preferred_gid) /*@null@*/gid_t const *preferred_gid)
{ {
const struct group *grp; const struct group *grp;
gid_t gid_min, gid_max, group_id; gid_t gid_min, gid_max, group_id, id;
bool *used_gids; bool *used_gids;
assert (gid != NULL); assert (gid != NULL);
@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL); gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL); gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
} else { } else {
gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL); gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1; gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
} }
@ -80,7 +80,6 @@ int find_new_gid (bool sys_group,
return 0; return 0;
} }
group_id = gid_min;
/* /*
* Search the entire group file, * Search the entire group file,
@ -90,19 +89,33 @@ int find_new_gid (bool sys_group,
* but we also check the local database (gr_rewind/gr_next) in case * but we also check the local database (gr_rewind/gr_next) in case
* some groups were created but the changes were not committed yet. * some groups were created but the changes were not committed yet.
*/ */
if (sys_group ) { if (sys_group) {
/* setgrent / getgrent / endgrent can be very slow with /* setgrent / getgrent / endgrent can be very slow with
* LDAP configurations (and many accounts). * LDAP configurations (and many accounts).
* Since there is a limited amount of IDs to be tested * Since there is a limited amount of IDs to be tested
* for system accounts, we just check the existence * for system accounts, we just check the existence
* of IDs with getgrgid. * of IDs with getgrgid.
*/ */
for (group_id = gid_min; group_id <= gid_max; group_id++) { group_id = gid_max;
if (getgrgid (group_id) != NULL) { for (id = gid_max; id >= gid_min; id--) {
if (getgrgid (id) != NULL) {
group_id = id - 1;
used_gids[id] = true;
}
}
gr_rewind ();
while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
group_id = grp->gr_gid - 1;
}
/* create index of used GIDs */
if (grp->gr_gid <= gid_max) {
used_gids[grp->gr_gid] = true; used_gids[grp->gr_gid] = true;
} }
} }
} else { } else {
group_id = gid_min;
setgrent (); setgrent ();
while ((grp = getgrent ()) != NULL) { while ((grp = getgrent ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
@ -114,7 +127,7 @@ int find_new_gid (bool sys_group,
} }
} }
endgrent (); endgrent ();
}
gr_rewind (); gr_rewind ();
while ((grp = gr_next ()) != NULL) { while ((grp = gr_next ()) != NULL) {
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
@ -125,22 +138,6 @@ int find_new_gid (bool sys_group,
used_gids[grp->gr_gid] = true; used_gids[grp->gr_gid] = true;
} }
} }
/* find free system account in reverse order */
if (sys_group) {
for (group_id = gid_max; group_id >= gid_min; group_id--) {
if (false == used_gids[group_id]) {
break;
}
}
if ( group_id < gid_min ) {
fprintf (stderr,
_("%s: Can't get unique GID (no more available GIDs)\n"),
Prog);
SYSLOG ((LOG_WARN,
"no more available GID on the system"));
return -1;
}
} }
/* /*
@ -148,6 +145,23 @@ int find_new_gid (bool sys_group,
* will give us GID_MAX+1 even if not unique. Search for the first * will give us GID_MAX+1 even if not unique. Search for the first
* free GID starting with GID_MIN. * free GID starting with GID_MIN.
*/ */
if (sys_group) {
if (group_id == gid_min - 1) {
for (group_id = gid_max; group_id >= gid_min; group_id--) {
if (false == used_gids[group_id]) {
break;
}
}
if ( group_id < gid_min ) {
fprintf (stderr,
_("%s: Can't get unique system GID (no more available GIDs)\n"),
Prog);
SYSLOG ((LOG_WARN,
"no more available GID on the system"));
return -1;
}
}
} else {
if (group_id == gid_max + 1) { if (group_id == gid_max + 1) {
for (group_id = gid_min; group_id < gid_max; group_id++) { for (group_id = gid_min; group_id < gid_max; group_id++) {
if (false == used_gids[group_id]) { if (false == used_gids[group_id]) {
@ -155,11 +169,14 @@ int find_new_gid (bool sys_group,
} }
} }
if (group_id == gid_max) { if (group_id == gid_max) {
fprintf (stderr, _("%s: Can't get unique GID (no more available GIDs)\n"), Prog); fprintf (stderr,
_("%s: Can't get unique GID (no more available GIDs)\n"),
Prog);
SYSLOG ((LOG_WARN, "no more available GID on the system")); SYSLOG ((LOG_WARN, "no more available GID on the system"));
return -1; return -1;
} }
} }
}
*gid = group_id; *gid = group_id;
return 0; return 0;

47
libmisc/find_new_uid.c
View File

@ -52,7 +52,7 @@ int find_new_uid (bool sys_user,
/*@null@*/uid_t const *preferred_uid) /*@null@*/uid_t const *preferred_uid)
{ {
const struct passwd *pwd; const struct passwd *pwd;
uid_t uid_min, uid_max, user_id; uid_t uid_min, uid_max, user_id, id;
bool *used_uids; bool *used_uids;
assert (uid != NULL); assert (uid != NULL);
@ -61,7 +61,7 @@ int find_new_uid (bool sys_user,
uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
} else { } else {
uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 1UL); uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1; uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max); uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
} }
@ -80,7 +80,6 @@ int find_new_uid (bool sys_user,
return 0; return 0;
} }
user_id = uid_min;
/* /*
* Search the entire password file, * Search the entire password file,
@ -97,12 +96,26 @@ int find_new_uid (bool sys_user,
* for system accounts, we just check the existence * for system accounts, we just check the existence
* of IDs with getpwuid. * of IDs with getpwuid.
*/ */
for (user_id = uid_min; user_id <= uid_max; user_id++) { user_id = uid_max;
if (getpwuid (user_id) != NULL) { for (id = uid_max; id >= uid_min; id--) {
used_uids[user_id] = true; if (getpwuid (id) != NULL) {
user_id = id - 1;
used_uids[id] = true;
}
}
pw_rewind ();
while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
user_id = pwd->pw_uid - 1;
}
/* create index of used UIDs */
if (pwd->pw_uid <= uid_max) {
used_uids[pwd->pw_uid] = true;
} }
} }
} else { } else {
user_id = uid_min;
setpwent (); setpwent ();
while ((pwd = getpwent ()) != NULL) { while ((pwd = getpwent ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
@ -114,7 +127,7 @@ int find_new_uid (bool sys_user,
} }
} }
endpwent (); endpwent ();
}
pw_rewind (); pw_rewind ();
while ((pwd = pw_next ()) != NULL) { while ((pwd = pw_next ()) != NULL) {
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
@ -125,9 +138,15 @@ int find_new_uid (bool sys_user,
used_uids[pwd->pw_uid] = true; used_uids[pwd->pw_uid] = true;
} }
} }
}
/* find free system account in reverse order */ /*
* If a user with UID equal to UID_MAX exists, the above algorithm
* will give us UID_MAX+1 even if not unique. Search for the first
* free UID starting with UID_MIN.
*/
if (sys_user) { if (sys_user) {
if (user_id == uid_min - 1) {
for (user_id = uid_max; user_id >= uid_min; user_id--) { for (user_id = uid_max; user_id >= uid_min; user_id--) {
if (false == used_uids[user_id]) { if (false == used_uids[user_id]) {
break; break;
@ -142,12 +161,7 @@ int find_new_uid (bool sys_user,
return -1; return -1;
} }
} }
} else {
/*
* If a user with UID equal to UID_MAX exists, the above algorithm
* will give us UID_MAX+1 even if not unique. Search for the first
* free UID starting with UID_MIN.
*/
if (user_id == uid_max + 1) { if (user_id == uid_max + 1) {
for (user_id = uid_min; user_id < uid_max; user_id++) { for (user_id = uid_min; user_id < uid_max; user_id++) {
if (false == used_uids[user_id]) { if (false == used_uids[user_id]) {
@ -155,11 +169,14 @@ int find_new_uid (bool sys_user,
} }
} }
if (user_id == uid_max) { if (user_id == uid_max) {
fprintf (stderr, _("%s: Can't get unique UID (no more available UIDs)\n"), Prog); fprintf (stderr,
_("%s: Can't get unique UID (no more available UIDs)\n"),
Prog);
SYSLOG ((LOG_WARN, "no more available UID on the system")); SYSLOG ((LOG_WARN, "no more available UID on the system"));
return -1; return -1;
} }
} }
}
*uid = user_id; *uid = user_id;
return 0; return 0;