~serge-hallyn/ubuntu/raring/shadow/shadow-userns

Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>

References: <87d2wxshu0.fsf@xmission.com>

Date: Tue, 22 Jan 2013 01:15:05 -0800

In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of

"Tue, 22 Jan 2013 01:11:19 -0800")

Message-ID: <87fw1tr33a.fsf@xmission.com>

User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)

MIME-Version: 1.0

Content-Type: text/plain

X-XM-AID: U2FsdGVkX19KHX5xUOkaLY5iIEqDVLxZKDTByyA0Xk8=

X-SA-Exim-Connect-IP: 98.207.153.68

X-SA-Exim-Mail-From: ebiederm@xmission.com

Subject: [PATCH 05/11] Implement find_new_sub_uids find_new_sub_gids

X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)

X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)

X-UID: 2075

Status: RO

Content-Length: 8108

Lines: 235

Functions for finding new subordinate uid and gids ranges for use

with useradd.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

---

lib/prototypes.h | 9 ++++

libmisc/Makefile.am | 2 +

libmisc/find_new_sub_gids.c | 87 +++++++++++++++++++++++++++++++++++++++++++

libmisc/find_new_sub_uids.c | 87 +++++++++++++++++++++++++++++++++++++++++++

4 files changed, 185 insertions(+), 0 deletions(-)

create mode 100644 libmisc/find_new_sub_gids.c

create mode 100644 libmisc/find_new_sub_uids.c

Index: shadow/lib/prototypes.h

===================================================================

--- shadow.orig/lib/prototypes.h 2013-02-01 15:27:52.044080373 -0600

+++ shadow/lib/prototypes.h 2013-02-01 15:27:52.040080373 -0600

@@ -149,6 +149,15 @@

uid_t *uid,

/*@null@*/uid_t const *preferred_uid);

+/* find_new_sub_gids.c */

+extern int find_new_sub_gids (const char *owner,

+ gid_t *range_start, unsigned long *range_count);

+/* find_new_sub_uids.c */

+extern int find_new_sub_uids (const char *owner,

+ uid_t *range_start, unsigned long *range_count);

/* get_gid.c */

extern int get_gid (const char *gidstr, gid_t *gid);

Index: shadow/libmisc/Makefile.am

===================================================================

--- shadow.orig/libmisc/Makefile.am 2013-02-01 15:27:52.044080373 -0600

+++ shadow/libmisc/Makefile.am 2013-02-01 15:27:52.040080373 -0600

@@ -25,6 +25,8 @@

failure.h \

find_new_gid.c \

find_new_uid.c \

+ find_new_sub_gids.c \

+ find_new_sub_uids.c \

getdate.h \

getdate.y \

getgr_nam_gid.c \

100

Index: shadow/libmisc/find_new_sub_gids.c

101

===================================================================

102

--- /dev/null 1970-01-01 00:00:00.000000000 +0000

103

+++ shadow/libmisc/find_new_sub_gids.c 2013-02-01 15:27:52.040080373 -0600

104

@@ -0,0 +1,87 @@

105

+/*

106

107

+ *

108

+ * Redistribution and use in source and binary forms, with or without

109

+ * modification, are permitted provided that the following conditions

110

+ * are met:

111

+ * 1. Redistributions of source code must retain the above copyright

112

+ * notice, this list of conditions and the following disclaimer.

113

+ * 2. Redistributions in binary form must reproduce the above copyright

114

+ * notice, this list of conditions and the following disclaimer in the

115

+ * documentation and/or other materials provided with the distribution.

116

+ * 3. The name of the copyright holders or contributors may not be used to

117

+ * endorse or promote products derived from this software without

118

+ * specific prior written permission.

119

+ *

120

+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

121

+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

122

+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

123

+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

124

+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

125

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

126

+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

127

+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

128

+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

129

+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

130

+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

131

+ */

132

133

+#include <config.h>

134

135

+#include <assert.h>

136

+#include <stdio.h>

137

+#include <errno.h>

138

139

+#include "prototypes.h"

140

+#include "subordinateio.h"

141

+#include "getdef.h"

142

143

+/*

144

+ * find_new_sub_gids - Find a new unused range of GIDs.

145

+ *

146

+ * If successful, find_new_sub_gids provides a range of unused

147

+ * user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range.

148

+ *

149

+ * Return 0 on success, -1 if no unused GIDs are available.

150

+ */

151

+int find_new_sub_gids (const char *owner,

152

+ gid_t *range_start, unsigned long *range_count)

153

154

+ unsigned long min, max;

155

+ unsigned long count;

156

+ gid_t start;

157

158

+ assert (range_start != NULL);

159

+ assert (range_count != NULL);

160

161

+ min = getdef_ulong ("SUB_GID_MIN", 100000UL);

162

+ max = getdef_ulong ("SUB_GID_MAX", 600100000UL);

163

+ count = getdef_ulong ("SUB_GID_COUNT", 10000);

164

165

+ /* Is there a preferred range that works? */

166

+ if ((*range_count != 0) &&

167

+ (*range_start >= min) &&

168

+ (((*range_start) + (*range_count) - 1) <= max) &&

169

+ is_sub_gid_range_free(*range_start, *range_count)) {

170

+ return 0;

171

+ }

172

173

+ if (max < (min + count)) {

174

+ (void) fprintf (stderr,

175

+ _("%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu)\n"),

176

+ Prog, min, max);

177

+ return -1;

178

+ }

179

+ start = sub_gid_find_free_range(min, max, count);

180

+ if (start == (gid_t)-1) {

181

+ fprintf (stderr,

182

+ _("%s: Can't get unique secondary GID range\n"),

183

+ Prog);

184

+ SYSLOG ((LOG_WARN, "no more available secondary GIDs on the system"));

185

+ return -1;

186

+ }

187

+ *range_start = start;

188

+ *range_count = count;

189

+ return 0;

190

191

192

Index: shadow/libmisc/find_new_sub_uids.c

193

===================================================================

194

--- /dev/null 1970-01-01 00:00:00.000000000 +0000

195

+++ shadow/libmisc/find_new_sub_uids.c 2013-02-01 15:27:52.040080373 -0600

196

@@ -0,0 +1,87 @@

197

+/*

198

199

+ *

200

+ * Redistribution and use in source and binary forms, with or without

201

+ * modification, are permitted provided that the following conditions

202

+ * are met:

203

+ * 1. Redistributions of source code must retain the above copyright

204

+ * notice, this list of conditions and the following disclaimer.

205

+ * 2. Redistributions in binary form must reproduce the above copyright

206

+ * notice, this list of conditions and the following disclaimer in the

207

+ * documentation and/or other materials provided with the distribution.

208

+ * 3. The name of the copyright holders or contributors may not be used to

209

+ * endorse or promote products derived from this software without

210

+ * specific prior written permission.

211

+ *

212

+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

213

+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

214

+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

215

+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

216

+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

217

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

218

+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

219

+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

220

+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

221

+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

222

+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

223

+ */

224

225

+#include <config.h>

226

227

+#include <assert.h>

228

+#include <stdio.h>

229

+#include <errno.h>

230

231

+#include "prototypes.h"

232

+#include "subordinateio.h"

233

+#include "getdef.h"

234

235

+/*

236

+ * find_new_sub_uids - Find a new unused range of UIDs.

237

+ *

238

+ * If successful, find_new_sub_uids provides a range of unused

239

+ * user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range.

240

+ *

241

+ * Return 0 on success, -1 if no unused UIDs are available.

242

+ */

243

+int find_new_sub_uids (const char *owner,

244

+ uid_t *range_start, unsigned long *range_count)

245

246

+ unsigned long min, max;

247

+ unsigned long count;

248

+ uid_t start;

249

250

+ assert (range_start != NULL);

251

+ assert (range_count != NULL);

252

253

+ min = getdef_ulong ("SUB_UID_MIN", 100000UL);

254

+ max = getdef_ulong ("SUB_UID_MAX", 600100000UL);

255

+ count = getdef_ulong ("SUB_UID_COUNT", 10000);

256

257

+ /* Is there a preferred range that works? */

258

+ if ((*range_count != 0) &&

259

+ (*range_start >= min) &&

260

+ (((*range_start) + (*range_count) - 1) <= max) &&

261

+ is_sub_uid_range_free(*range_start, *range_count)) {

262

+ return 0;

263

+ }

264

265

+ if (max < (min + count)) {

266

+ (void) fprintf (stderr,

267

+ _("%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu)\n"),

268

+ Prog, min, max);

269

+ return -1;

270

+ }

271

+ start = sub_uid_find_free_range(min, max, count);

272

+ if (start == (uid_t)-1) {

273

+ fprintf (stderr,

274

+ _("%s: Can't get unique secondary UID range\n"),

275

+ Prog);

276

+ SYSLOG ((LOG_WARN, "no more available secondary UIDs on the system"));

277

+ return -1;

278

+ }

279

+ *range_start = start;

280

+ *range_count = count;

281

+ return 0;

282

283

Older »