2013-01-22 01:14:35 -08:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2012- Eric W. Biederman
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _SUBORDINATEIO_H
|
|
|
|
#define _SUBORDINATEIO_H
|
|
|
|
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 14:54:22 +02:00
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#ifdef ENABLE_SUBIDS
|
|
|
|
|
2013-01-22 01:14:35 -08:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-18 18:03:54 -05:00
|
|
|
#include "../libsubid/subid.h"
|
|
|
|
|
2013-01-22 01:14:35 -08:00
|
|
|
extern int sub_uid_close(void);
|
|
|
|
extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count);
|
|
|
|
extern bool sub_uid_file_present (void);
|
|
|
|
extern bool sub_uid_assigned(const char *owner);
|
|
|
|
extern int sub_uid_lock (void);
|
|
|
|
extern int sub_uid_setdbname (const char *filename);
|
|
|
|
extern /*@observer@*/const char *sub_uid_dbname (void);
|
|
|
|
extern int sub_uid_open (int mode);
|
|
|
|
extern int sub_uid_unlock (void);
|
|
|
|
extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
|
|
|
|
extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
|
|
|
|
extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-18 18:03:54 -05:00
|
|
|
extern struct subordinate_range **list_owner_ranges(const char *owner, enum subid_type id_type);
|
|
|
|
extern bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, bool reuse);
|
|
|
|
extern bool release_subid_range(struct subordinate_range *range, enum subid_type id_type);
|
|
|
|
extern int find_subid_owners(unsigned long id, uid_t **uids, enum subid_type id_type);
|
|
|
|
extern void free_subordinate_ranges(struct subordinate_range **ranges);
|
2013-01-22 01:14:35 -08:00
|
|
|
|
|
|
|
extern int sub_gid_close(void);
|
|
|
|
extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
|
|
|
|
extern bool sub_gid_file_present (void);
|
|
|
|
extern bool sub_gid_assigned(const char *owner);
|
|
|
|
extern int sub_gid_lock (void);
|
|
|
|
extern int sub_gid_setdbname (const char *filename);
|
|
|
|
extern /*@observer@*/const char *sub_gid_dbname (void);
|
|
|
|
extern int sub_gid_open (int mode);
|
|
|
|
extern int sub_gid_unlock (void);
|
|
|
|
extern int sub_gid_add (const char *owner, gid_t start, unsigned long count);
|
|
|
|
extern int sub_gid_remove (const char *owner, gid_t start, unsigned long count);
|
|
|
|
extern uid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count);
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 14:54:22 +02:00
|
|
|
#endif /* ENABLE_SUBIDS */
|
2013-01-22 01:14:35 -08:00
|
|
|
|
|
|
|
#endif
|