Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <unistd.h>
|
2021-04-15 20:22:29 +05:30
|
|
|
#include "subid.h"
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
#include "stdlib.h"
|
|
|
|
|
#include "prototypes.h"
|
|
|
|
|
|
|
|
|
|
/* Test program for the subid freeing routine */
|
|
|
|
|
|
|
|
|
|
const char *Prog;
|
2021-05-09 04:12:14 +05:30
|
|
|
FILE *shadow_logfd = NULL;
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
|
|
|
|
|
void usage(void)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "Usage: %s [-g] user start count\n", Prog);
|
|
|
|
|
fprintf(stderr, " Release a user's subuid (or with -g, subgid) range\n");
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char *argv[])
|
|
|
|
|
{
|
|
|
|
|
int c;
|
|
|
|
|
bool ok;
|
|
|
|
|
struct subordinate_range range;
|
|
|
|
|
bool group = false; // get subuids by default
|
|
|
|
|
|
|
|
|
|
Prog = Basename (argv[0]);
|
2021-05-09 04:12:14 +05:30
|
|
|
shadow_logfd = stderr;
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
while ((c = getopt(argc, argv, "g")) != EOF) {
|
|
|
|
|
switch(c) {
|
|
|
|
|
case 'g': group = true; break;
|
|
|
|
|
default: usage();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
argv = &argv[optind];
|
|
|
|
|
argc = argc - optind;
|
|
|
|
|
if (argc < 3)
|
|
|
|
|
usage();
|
|
|
|
|
range.owner = argv[0];
|
|
|
|
|
range.start = atoi(argv[1]);
|
|
|
|
|
range.count = atoi(argv[2]);
|
|
|
|
|
if (group)
|
2021-11-27 22:19:03 +05:30
|
|
|
ok = subid_ungrant_gid_range(&range);
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
else
|
2021-11-27 22:19:03 +05:30
|
|
|
ok = subid_ungrant_uid_range(&range);
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
|
|
|
|
|
if (!ok) {
|
|
|
|
|
fprintf(stderr, "Failed freeing id range\n");
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|