Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
#include "subid.h"
|
|
|
|
|
#include <stdbool.h>
|
|
|
|
|
|
|
|
|
|
struct subordinate_range **get_subuid_ranges(const char *owner);
|
|
|
|
|
struct subordinate_range **get_subgid_ranges(const char *owner);
|
|
|
|
|
void subid_free_ranges(struct subordinate_range **ranges);
|
|
|
|
|
|
|
|
|
|
int get_subuid_owners(uid_t uid, uid_t **owner);
|
2020-06-20 08:39:20 +05:30
|
|
|
int get_subgid_owners(gid_t gid, uid_t **owner);
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
|
|
|
|
|
/* range should be pre-allocated with owner and count filled in, start is
|
|
|
|
|
* ignored, can be 0 */
|
|
|
|
|
bool grant_subuid_range(struct subordinate_range *range, bool reuse);
|
|
|
|
|
bool grant_subgid_range(struct subordinate_range *range, bool reuse);
|
|
|
|
|
|
|
|
|
|
bool free_subuid_range(struct subordinate_range *range);
|
|
|
|
|
bool free_subgid_range(struct subordinate_range *range);
|
