Don't limit subuid/subgid support to local users
The current implementation of subuid/subgid support in usermod requires the user to be a local user present in /etc/passwd. There doesn't seem to be a good reason for this; subuids should work equally well for users whose records are in other NSS databases. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1475749 Author: Steve Langasek <steve.langasek@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
Serge Hallyn
parent
3c32fd4a29
commit
a887847ca2
114
src/usermod.c
114
src/usermod.c
@ -1719,60 +1719,6 @@ static void usr_update (void)
|
|||||||
fail_exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
if (Vflg) {
|
|
||||||
struct ulong_range_list_entry *ptr;
|
|
||||||
for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
|
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
|
||||||
sub_uid_dbname ());
|
|
||||||
fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (vflg) {
|
|
||||||
struct ulong_range_list_entry *ptr;
|
|
||||||
for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to add uid range %lu-%lu from '%s'\n"),
|
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
|
||||||
sub_uid_dbname ());
|
|
||||||
fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (Wflg) {
|
|
||||||
struct ulong_range_list_entry *ptr;
|
|
||||||
for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
|
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
|
||||||
sub_gid_dbname ());
|
|
||||||
fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (wflg) {
|
|
||||||
struct ulong_range_list_entry *ptr;
|
|
||||||
for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to add gid range %lu-%lu from '%s'\n"),
|
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
|
||||||
sub_gid_dbname ());
|
|
||||||
fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2176,16 +2122,66 @@ int main (int argc, char **argv)
|
|||||||
*/
|
*/
|
||||||
open_files ();
|
open_files ();
|
||||||
if ( cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg
|
if ( cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg
|
||||||
|| sflg || uflg || Uflg
|
|| sflg || uflg || Uflg) {
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
|| vflg || Vflg || wflg || Wflg
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
) {
|
|
||||||
usr_update ();
|
usr_update ();
|
||||||
}
|
}
|
||||||
if (Gflg || lflg) {
|
if (Gflg || lflg) {
|
||||||
grp_update ();
|
grp_update ();
|
||||||
}
|
}
|
||||||
|
#ifdef ENABLE_SUBIDS
|
||||||
|
if (Vflg) {
|
||||||
|
struct ulong_range_list_entry *ptr;
|
||||||
|
for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
|
||||||
|
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
||||||
|
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
|
||||||
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
|
sub_uid_dbname ());
|
||||||
|
fail_exit (E_SUB_UID_UPDATE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (vflg) {
|
||||||
|
struct ulong_range_list_entry *ptr;
|
||||||
|
for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) {
|
||||||
|
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
||||||
|
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: failed to add uid range %lu-%lu from '%s'\n"),
|
||||||
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
|
sub_uid_dbname ());
|
||||||
|
fail_exit (E_SUB_UID_UPDATE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (Wflg) {
|
||||||
|
struct ulong_range_list_entry *ptr;
|
||||||
|
for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) {
|
||||||
|
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
||||||
|
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
|
||||||
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
|
sub_gid_dbname ());
|
||||||
|
fail_exit (E_SUB_GID_UPDATE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (wflg) {
|
||||||
|
struct ulong_range_list_entry *ptr;
|
||||||
|
for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) {
|
||||||
|
unsigned long count = ptr->range.last - ptr->range.first + 1;
|
||||||
|
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: failed to add gid range %lu-%lu from '%s'\n"),
|
||||||
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
|
sub_gid_dbname ());
|
||||||
|
fail_exit (E_SUB_GID_UPDATE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* ENABLE_SUBIDS */
|
||||||
close_files ();
|
close_files ();
|
||||||
|
|
||||||
#ifdef WITH_TCB
|
#ifdef WITH_TCB
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user