73 lines
1.7 KiB
C
Raw Normal View History

subids: support nsswitch Closes #154 When starting any operation to do with subuid delegation, check nsswitch for a module to use. If none is specified, then use the traditional /etc/subuid and /etc/subgid files. Currently only one module is supported, and there is no fallback to the files on errors. Several possibilities could be considered: 1. in case of connection error, fall back to files 2. in case of unknown user, also fall back to files etc... When non-files nss module is used, functions to edit the range are not supported. It may make sense to support it, but it also may make sense to require another tool to be used. libsubordinateio also uses the nss_ helpers. This is how for instance lxc could easily be converted to supporting nsswitch. Add a set of test cases, including a dummy libsubid_zzz module. This hardcodes values such that: 'ubuntu' gets 200000 - 300000 'user1' gets 100000 - 165536 'error' emulates an nss module error 'unknown' emulates a user unknown to the nss module 'conn' emulates a connection error ot the nss module Changes to libsubid: Change the list_owner_ranges api: return a count instead of making the array null terminated. This is a breaking change, so bump the libsubid abi major number. Rename free_subuid_range and free_subgid_range to ungrant_subuid_range, because otherwise it's confusing with free_subid_ranges which frees memory. Run libsubid tests in jenkins Switch argument order in find_subid_owners Move the db locking into subordinateio.c Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-01-31 17:38:20 -06:00
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <prototypes.h>
#include <stdbool.h>
#include <dlfcn.h>
extern bool nss_is_initialized();
extern struct subid_nss_ops *get_subid_nss_handle();
void test1() {
// nsswitch1 has no subid: entry
setenv("LD_LIBRARY_PATH", ".", 1);
printf("Test with no subid entry\n");
nss_init("./nsswitch1.conf");
if (!nss_is_initialized() || get_subid_nss_handle())
exit(1);
// second run should change nothing
printf("Test with no subid entry, second run\n");
nss_init("./nsswitch1.conf");
if (!nss_is_initialized() || get_subid_nss_handle())
exit(1);
}
void test2() {
// nsswitch2 has a subid: files entry
printf("test with 'files' subid entry\n");
nss_init("./nsswitch2.conf");
if (!nss_is_initialized() || get_subid_nss_handle())
exit(1);
// second run should change nothing
printf("test with 'files' subid entry, second run\n");
nss_init("./nsswitch2.conf");
if (!nss_is_initialized() || get_subid_nss_handle())
exit(1);
}
void test3() {
// nsswitch3 has a subid: testnss entry
printf("test with 'test' subid entry\n");
nss_init("./nsswitch3.conf");
if (!nss_is_initialized() || !get_subid_nss_handle())
exit(1);
// second run should change nothing
printf("test with 'test' subid entry, second run\n");
nss_init("./nsswitch3.conf");
if (!nss_is_initialized() || !get_subid_nss_handle())
exit(1);
}
const char *Prog;
int main(int argc, char *argv[])
{
int which;
Prog = Basename(argv[0]);
if (argc < 1)
exit(1);
which = atoi(argv[1]);
switch(which) {
case 1: test1(); break;
case 2: test2(); break;
case 3: test3(); break;
default: exit(1);
}
printf("nss parsing tests done\n");
exit(0);
}