Allow disabling of subordinate IDs.

* configure.in: Add configure options --enable-subordinate-ids / --disable-subordinate-ids. Enabled by default. * lib/prototypes.h: Include <config.h> before using its macros. * lib/commonio.h, lib/commonio.c: Define commonio_append only when ENABLE_SUBIDS is defined. * lib/prototypes.h, libmisc/find_new_sub_gids.c, libmisc/find_new_sub_uids.c: Likewise. * lib/subordinateio.h, lib/subordinateio.c: Likewise. * libmisc/user_busy.c: Only check if subordinate IDs are in use if ENABLE_SUBIDS is defined. * src/Makefile.am: Create newgidmap and newuidmap only if ENABLE_SUBIDS is defined. * src/newusers.c: Check for ENABLE_SUBIDS to enable support for subordinate IDs. * src/useradd.c: Likewise. * src/userdel.c: Likewise. * src/usermod.c: Likewise. * man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1, man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined. * man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1, man5/subgid.5, and man5/subuid.5 (not translated yet). * man/generate_mans.mak: Add xsltproc conditionals subids/no_subids. * man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids condition. * man/login.defs.d/SUB_UID_COUNT.xml: Likewise. * man/usermod.8.xml: Document options for subordinate IDs and reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 14:54:22 +02:00
parent 1fb1486c8a
commit d611d54ed4
21 changed files with 259 additions and 41 deletions
--- a/libmisc/user_busy.c
+++ b/libmisc/user_busy.c
@@ -41,7 +41,9 @@
 #include <fcntl.h>
 #include "defines.h"
 #include "prototypes.h"
+#ifdef ENABLE_SUBIDS
 #include "subordinateio.h"
+#endif				/* ENABLE_SUBIDS */

 #ifdef __linux__
 static int check_status (const char *name, const char *sname, uid_t uid);
@@ -128,9 +130,12 @@ static int check_status (const char *name, const char *sname, uid_t uid)
 				if (   (ruid == (unsigned long) uid)
 				    || (euid == (unsigned long) uid)
 				    || (suid == (unsigned long) uid)
+#ifdef ENABLE_SUBIDS
 				    || have_sub_uids(name, ruid, 1)
 				    || have_sub_uids(name, euid, 1)
-				    || have_sub_uids(name, suid, 1)) {
+				    || have_sub_uids(name, suid, 1)
+#endif				/* ENABLE_SUBIDS */
+				   ) {
 					(void) fclose (sfile);
 					return 1;
 				}
@@ -158,7 +163,9 @@ static int user_busy_processes (const char *name, uid_t uid)
 	struct stat sbroot;
 	struct stat sbroot_process;

+#ifdef ENABLE_SUBIDS
 	sub_uid_open (O_RDONLY);
+#endif				/* ENABLE_SUBIDS */

 	proc = opendir ("/proc");
 	if (proc == NULL) {
@@ -238,7 +245,9 @@ static int user_busy_processes (const char *name, uid_t uid)
 	}

 	(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
 	sub_uid_close();
+#endif				/* ENABLE_SUBIDS */
 	return 0;
 }
 #endif				/* __linux__ */