Merge pull request #449 from hallyn/2021-11-27/libsubid-symbols
2021 11 27/libsubid symbols
This commit is contained in:
commit
abb879fd4f
1
.gitignore
vendored
1
.gitignore
vendored
@ -48,3 +48,4 @@ Makefile.in
|
|||||||
/shadow.spec
|
/shadow.spec
|
||||||
/shadow-*.tar.*
|
/shadow-*.tar.*
|
||||||
/libmisc/getdate.c
|
/libmisc/getdate.c
|
||||||
|
/libsubid/subid.h
|
||||||
|
@ -6,7 +6,7 @@ autoreconf -v -f --install || exit 1
|
|||||||
CFLAGS="-O2 -Wall" \
|
CFLAGS="-O2 -Wall" \
|
||||||
--enable-man \
|
--enable-man \
|
||||||
--enable-maintainer-mode \
|
--enable-maintainer-mode \
|
||||||
--disable-shared \
|
--enable-shared \
|
||||||
--without-libpam \
|
--without-libpam \
|
||||||
--with-selinux \
|
--with-selinux \
|
||||||
"$@"
|
"$@"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
AC_PREREQ([2.69])
|
AC_PREREQ([2.69])
|
||||||
m4_define([libsubid_abi_major], 3)
|
m4_define([libsubid_abi_major], 4)
|
||||||
m4_define([libsubid_abi_minor], 0)
|
m4_define([libsubid_abi_minor], 0)
|
||||||
m4_define([libsubid_abi_micro], 0)
|
m4_define([libsubid_abi_micro], 0)
|
||||||
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
||||||
@ -741,6 +741,7 @@ AC_CONFIG_FILES([
|
|||||||
libmisc/Makefile
|
libmisc/Makefile
|
||||||
lib/Makefile
|
lib/Makefile
|
||||||
libsubid/Makefile
|
libsubid/Makefile
|
||||||
|
libsubid/subid.h
|
||||||
src/Makefile
|
src/Makefile
|
||||||
contrib/Makefile
|
contrib/Makefile
|
||||||
etc/Makefile
|
etc/Makefile
|
||||||
|
@ -4,6 +4,7 @@ libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
|
|||||||
-shared -version-info @LIBSUBID_ABI_MAJOR@
|
-shared -version-info @LIBSUBID_ABI_MAJOR@
|
||||||
endif
|
endif
|
||||||
libsubid_la_SOURCES = api.c
|
libsubid_la_SOURCES = api.c
|
||||||
|
libsubid_la_LDFLAGS = -export-symbols-regex '^subid_'
|
||||||
|
|
||||||
pkginclude_HEADERS = subid.h
|
pkginclude_HEADERS = subid.h
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
static const char *Prog = "(libsubid)";
|
static const char *Prog = "(libsubid)";
|
||||||
static FILE *shadow_logfd;
|
static FILE *shadow_logfd;
|
||||||
|
|
||||||
bool libsubid_init(const char *progname, FILE * logfd)
|
bool subid_init(const char *progname, FILE * logfd)
|
||||||
{
|
{
|
||||||
if (progname) {
|
if (progname) {
|
||||||
progname = strdup(progname);
|
progname = strdup(progname);
|
||||||
@ -70,12 +70,12 @@ int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_ra
|
|||||||
return list_owner_ranges(owner, id_type, ranges);
|
return list_owner_ranges(owner, id_type, ranges);
|
||||||
}
|
}
|
||||||
|
|
||||||
int get_subuid_ranges(const char *owner, struct subid_range **ranges)
|
int subid_get_uid_ranges(const char *owner, struct subid_range **ranges)
|
||||||
{
|
{
|
||||||
return get_subid_ranges(owner, ID_TYPE_UID, ranges);
|
return get_subid_ranges(owner, ID_TYPE_UID, ranges);
|
||||||
}
|
}
|
||||||
|
|
||||||
int get_subgid_ranges(const char *owner, struct subid_range **ranges)
|
int subid_get_gid_ranges(const char *owner, struct subid_range **ranges)
|
||||||
{
|
{
|
||||||
return get_subid_ranges(owner, ID_TYPE_GID, ranges);
|
return get_subid_ranges(owner, ID_TYPE_GID, ranges);
|
||||||
}
|
}
|
||||||
@ -86,12 +86,12 @@ int get_subid_owner(unsigned long id, enum subid_type id_type, uid_t **owner)
|
|||||||
return find_subid_owners(id, id_type, owner);
|
return find_subid_owners(id, id_type, owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
int get_subuid_owners(uid_t uid, uid_t **owner)
|
int subid_get_uid_owners(uid_t uid, uid_t **owner)
|
||||||
{
|
{
|
||||||
return get_subid_owner((unsigned long)uid, ID_TYPE_UID, owner);
|
return get_subid_owner((unsigned long)uid, ID_TYPE_UID, owner);
|
||||||
}
|
}
|
||||||
|
|
||||||
int get_subgid_owners(gid_t gid, uid_t **owner)
|
int subid_get_gid_owners(gid_t gid, uid_t **owner)
|
||||||
{
|
{
|
||||||
return get_subid_owner((unsigned long)gid, ID_TYPE_GID, owner);
|
return get_subid_owner((unsigned long)gid, ID_TYPE_GID, owner);
|
||||||
}
|
}
|
||||||
@ -103,12 +103,12 @@ bool grant_subid_range(struct subordinate_range *range, bool reuse,
|
|||||||
return new_subid_range(range, id_type, reuse);
|
return new_subid_range(range, id_type, reuse);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool grant_subuid_range(struct subordinate_range *range, bool reuse)
|
bool subid_grant_uid_range(struct subordinate_range *range, bool reuse)
|
||||||
{
|
{
|
||||||
return grant_subid_range(range, reuse, ID_TYPE_UID);
|
return grant_subid_range(range, reuse, ID_TYPE_UID);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool grant_subgid_range(struct subordinate_range *range, bool reuse)
|
bool subid_grant_gid_range(struct subordinate_range *range, bool reuse)
|
||||||
{
|
{
|
||||||
return grant_subid_range(range, reuse, ID_TYPE_GID);
|
return grant_subid_range(range, reuse, ID_TYPE_GID);
|
||||||
}
|
}
|
||||||
@ -119,12 +119,12 @@ bool ungrant_subid_range(struct subordinate_range *range, enum subid_type id_typ
|
|||||||
return release_subid_range(range, id_type);
|
return release_subid_range(range, id_type);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ungrant_subuid_range(struct subordinate_range *range)
|
bool subid_ungrant_uid_range(struct subordinate_range *range)
|
||||||
{
|
{
|
||||||
return ungrant_subid_range(range, ID_TYPE_UID);
|
return ungrant_subid_range(range, ID_TYPE_UID);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ungrant_subgid_range(struct subordinate_range *range)
|
bool subid_ungrant_gid_range(struct subordinate_range *range)
|
||||||
{
|
{
|
||||||
return ungrant_subid_range(range, ID_TYPE_GID);
|
return ungrant_subid_range(range, ID_TYPE_GID);
|
||||||
}
|
}
|
||||||
|
@ -4,6 +4,10 @@
|
|||||||
|
|
||||||
#ifndef SUBID_RANGE_DEFINED
|
#ifndef SUBID_RANGE_DEFINED
|
||||||
#define SUBID_RANGE_DEFINED 1
|
#define SUBID_RANGE_DEFINED 1
|
||||||
|
#define SUBID_ABI_VERSION @LIBSUBID_ABI_MAJOR@.@LIBSUBID_ABI_MINOR@.@LIBSUBID_ABI_MICRO@
|
||||||
|
#define SUBID_ABI_MAJOR @LIBSUBID_ABI_MAJOR@
|
||||||
|
#define SUBID_ABI_MINOR @LIBSUBID_ABI_MINOR@
|
||||||
|
#define SUBID_ABI_MICRO @LIBSUBID_ABI_MICRO@
|
||||||
|
|
||||||
/* subid_range is just a starting point and size of a range */
|
/* subid_range is just a starting point and size of a range */
|
||||||
struct subid_range {
|
struct subid_range {
|
||||||
@ -32,7 +36,7 @@ enum subid_status {
|
|||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* libsubid_init: initialize libsubid
|
* subid_init: initialize libsubid
|
||||||
*
|
*
|
||||||
* @progname: Name to display as program. If NULL, then "(libsubid)" will be
|
* @progname: Name to display as program. If NULL, then "(libsubid)" will be
|
||||||
* shown in error messages.
|
* shown in error messages.
|
||||||
@ -45,10 +49,10 @@ enum subid_status {
|
|||||||
*
|
*
|
||||||
* Returns false if an error occurred.
|
* Returns false if an error occurred.
|
||||||
*/
|
*/
|
||||||
bool libsubid_init(const char *progname, FILE *logfd);
|
bool subid_init(const char *progname, FILE *logfd);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_subuid_ranges: return a list of UID ranges for a user
|
* subid_get_uid_ranges: return a list of UID ranges for a user
|
||||||
*
|
*
|
||||||
* @owner: username being queried
|
* @owner: username being queried
|
||||||
* @ranges: a pointer to an array of subid_range structs in which the result
|
* @ranges: a pointer to an array of subid_range structs in which the result
|
||||||
@ -58,10 +62,10 @@ bool libsubid_init(const char *progname, FILE *logfd);
|
|||||||
*
|
*
|
||||||
* returns: number of ranges found, ir < 0 on error.
|
* returns: number of ranges found, ir < 0 on error.
|
||||||
*/
|
*/
|
||||||
int get_subuid_ranges(const char *owner, struct subid_range **ranges);
|
int subid_get_uid_ranges(const char *owner, struct subid_range **ranges);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_subgid_ranges: return a list of GID ranges for a user
|
* subid_get_gid_ranges: return a list of GID ranges for a user
|
||||||
*
|
*
|
||||||
* @owner: username being queried
|
* @owner: username being queried
|
||||||
* @ranges: a pointer to an array of subid_range structs in which the result
|
* @ranges: a pointer to an array of subid_range structs in which the result
|
||||||
@ -71,10 +75,10 @@ int get_subuid_ranges(const char *owner, struct subid_range **ranges);
|
|||||||
*
|
*
|
||||||
* returns: number of ranges found, ir < 0 on error.
|
* returns: number of ranges found, ir < 0 on error.
|
||||||
*/
|
*/
|
||||||
int get_subgid_ranges(const char *owner, struct subid_range **ranges);
|
int subid_get_gid_ranges(const char *owner, struct subid_range **ranges);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_subuid_owners: return a list of uids to which the given uid has been
|
* subid_get_uid_owners: return a list of uids to which the given uid has been
|
||||||
* delegated.
|
* delegated.
|
||||||
*
|
*
|
||||||
* @uid: The subuid being queried
|
* @uid: The subuid being queried
|
||||||
@ -83,10 +87,10 @@ int get_subgid_ranges(const char *owner, struct subid_range **ranges);
|
|||||||
*
|
*
|
||||||
* Returns the number of uids returned, or < 0 on error.
|
* Returns the number of uids returned, or < 0 on error.
|
||||||
*/
|
*/
|
||||||
int get_subuid_owners(uid_t uid, uid_t **owner);
|
int subid_get_uid_owners(uid_t uid, uid_t **owner);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_subgid_owners: return a list of uids to which the given gid has been
|
* subid_get_gid_owners: return a list of uids to which the given gid has been
|
||||||
* delegated.
|
* delegated.
|
||||||
*
|
*
|
||||||
* @uid: The subgid being queried
|
* @uid: The subgid being queried
|
||||||
@ -95,10 +99,10 @@ int get_subuid_owners(uid_t uid, uid_t **owner);
|
|||||||
*
|
*
|
||||||
* Returns the number of uids returned, or < 0 on error.
|
* Returns the number of uids returned, or < 0 on error.
|
||||||
*/
|
*/
|
||||||
int get_subgid_owners(gid_t gid, uid_t **owner);
|
int subid_get_gid_owners(gid_t gid, uid_t **owner);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* grant_subuid_range: assign a subuid range to a user
|
* subid_grant_uid_range: assign a subuid range to a user
|
||||||
*
|
*
|
||||||
* @range: pointer to a struct subordinate_range detailing the UID range
|
* @range: pointer to a struct subordinate_range detailing the UID range
|
||||||
* to allocate. ->owner must be the username, and ->count must be
|
* to allocate. ->owner must be the username, and ->count must be
|
||||||
@ -109,10 +113,10 @@ int get_subgid_owners(gid_t gid, uid_t **owner);
|
|||||||
* then the range from (range->start, range->start + range->count) will
|
* then the range from (range->start, range->start + range->count) will
|
||||||
* be delegated to range->owner.
|
* be delegated to range->owner.
|
||||||
*/
|
*/
|
||||||
bool grant_subuid_range(struct subordinate_range *range, bool reuse);
|
bool subid_grant_uid_range(struct subordinate_range *range, bool reuse);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* grant_subsid_range: assign a subgid range to a user
|
* subid_grant_gid_range: assign a subgid range to a user
|
||||||
*
|
*
|
||||||
* @range: pointer to a struct subordinate_range detailing the GID range
|
* @range: pointer to a struct subordinate_range detailing the GID range
|
||||||
* to allocate. ->owner must be the username, and ->count must be
|
* to allocate. ->owner must be the username, and ->count must be
|
||||||
@ -123,10 +127,10 @@ bool grant_subuid_range(struct subordinate_range *range, bool reuse);
|
|||||||
* then the range from (range->start, range->start + range->count) will
|
* then the range from (range->start, range->start + range->count) will
|
||||||
* be delegated to range->owner.
|
* be delegated to range->owner.
|
||||||
*/
|
*/
|
||||||
bool grant_subgid_range(struct subordinate_range *range, bool reuse);
|
bool subid_grant_gid_range(struct subordinate_range *range, bool reuse);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ungrant_subuid_range: remove a subuid allocation.
|
* subid_ungrant_uid_range: remove a subuid allocation.
|
||||||
*
|
*
|
||||||
* @range: pointer to a struct subordinate_range detailing the UID allocation
|
* @range: pointer to a struct subordinate_range detailing the UID allocation
|
||||||
* to remove.
|
* to remove.
|
||||||
@ -134,10 +138,10 @@ bool grant_subgid_range(struct subordinate_range *range, bool reuse);
|
|||||||
* Returns true if successful, false if it failed, for instance if the
|
* Returns true if successful, false if it failed, for instance if the
|
||||||
* delegation did not exist.
|
* delegation did not exist.
|
||||||
*/
|
*/
|
||||||
bool ungrant_subuid_range(struct subordinate_range *range);
|
bool subid_ungrant_uid_range(struct subordinate_range *range);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ungrant_subuid_range: remove a subgid allocation.
|
* subid_ungrant_gid_range: remove a subgid allocation.
|
||||||
*
|
*
|
||||||
* @range: pointer to a struct subordinate_range detailing the GID allocation
|
* @range: pointer to a struct subordinate_range detailing the GID allocation
|
||||||
* to remove.
|
* to remove.
|
||||||
@ -145,7 +149,7 @@ bool ungrant_subuid_range(struct subordinate_range *range);
|
|||||||
* Returns true if successful, false if it failed, for instance if the
|
* Returns true if successful, false if it failed, for instance if the
|
||||||
* delegation did not exist.
|
* delegation did not exist.
|
||||||
*/
|
*/
|
||||||
bool ungrant_subgid_range(struct subordinate_range *range);
|
bool subid_ungrant_gid_range(struct subordinate_range *range);
|
||||||
|
|
||||||
#define SUBID_NFIELDS 3
|
#define SUBID_NFIELDS 3
|
||||||
#endif
|
#endif
|
@ -39,9 +39,9 @@ int main(int argc, char *argv[])
|
|||||||
range.start = atoi(argv[1]);
|
range.start = atoi(argv[1]);
|
||||||
range.count = atoi(argv[2]);
|
range.count = atoi(argv[2]);
|
||||||
if (group)
|
if (group)
|
||||||
ok = ungrant_subgid_range(&range);
|
ok = subid_ungrant_gid_range(&range);
|
||||||
else
|
else
|
||||||
ok = ungrant_subuid_range(&range);
|
ok = subid_ungrant_uid_range(&range);
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
fprintf(stderr, "Failed freeing id range\n");
|
fprintf(stderr, "Failed freeing id range\n");
|
||||||
|
@ -25,11 +25,11 @@ int main(int argc, char *argv[])
|
|||||||
usage();
|
usage();
|
||||||
}
|
}
|
||||||
if (argc == 3 && strcmp(argv[1], "-g") == 0)
|
if (argc == 3 && strcmp(argv[1], "-g") == 0)
|
||||||
n = get_subgid_owners(atoi(argv[2]), &uids);
|
n = subid_get_gid_owners(atoi(argv[2]), &uids);
|
||||||
else if (argc == 2 && strcmp(argv[1], "-h") == 0)
|
else if (argc == 2 && strcmp(argv[1], "-h") == 0)
|
||||||
usage();
|
usage();
|
||||||
else
|
else
|
||||||
n = get_subuid_owners(atoi(argv[1]), &uids);
|
n = subid_get_uid_owners(atoi(argv[1]), &uids);
|
||||||
if (n < 0) {
|
if (n < 0) {
|
||||||
fprintf(stderr, "No owners found\n");
|
fprintf(stderr, "No owners found\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
|
@ -28,11 +28,11 @@ int main(int argc, char *argv[])
|
|||||||
owner = argv[1];
|
owner = argv[1];
|
||||||
if (argc == 3 && strcmp(argv[1], "-g") == 0) {
|
if (argc == 3 && strcmp(argv[1], "-g") == 0) {
|
||||||
owner = argv[2];
|
owner = argv[2];
|
||||||
count = get_subgid_ranges(owner, &ranges);
|
count = subid_get_gid_ranges(owner, &ranges);
|
||||||
} else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
|
} else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
|
||||||
usage();
|
usage();
|
||||||
} else {
|
} else {
|
||||||
count = get_subuid_ranges(owner, &ranges);
|
count = subid_get_uid_ranges(owner, &ranges);
|
||||||
}
|
}
|
||||||
if (!ranges) {
|
if (!ranges) {
|
||||||
fprintf(stderr, "Error fetching ranges\n");
|
fprintf(stderr, "Error fetching ranges\n");
|
||||||
|
@ -45,9 +45,9 @@ int main(int argc, char *argv[])
|
|||||||
if (argc > 1)
|
if (argc > 1)
|
||||||
range.count = atoi(argv[1]);
|
range.count = atoi(argv[1]);
|
||||||
if (group)
|
if (group)
|
||||||
ok = grant_subgid_range(&range, !makenew);
|
ok = subid_grant_gid_range(&range, !makenew);
|
||||||
else
|
else
|
||||||
ok = grant_subuid_range(&range, !makenew);
|
ok = subid_grant_uid_range(&range, !makenew);
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
fprintf(stderr, "Failed creating new id range\n");
|
fprintf(stderr, "Failed creating new id range\n");
|
||||||
|
Loading…
Reference in New Issue
Block a user