diff options
author | Balint Reczey <balint@balintreczey.hu> | 2022-01-21 23:41:15 +0100 |
---|---|---|
committer | Balint Reczey <balint@balintreczey.hu> | 2022-01-21 23:41:15 +0100 |
commit | 0c04b92a9afe5e09a20307d8a5ec98d97ed00f47 (patch) | |
tree | 27f51b8f32e23b65d2ef2bbbae00c19fd036e81d /libsubid | |
parent | 749c1780621163ca5108f164861324bafa9e0ae8 (diff) | |
download | shadow-0c04b92a9afe5e09a20307d8a5ec98d97ed00f47.tar.gz |
New upstream version 4.11.1+dfsg1upstream/4.11.1+dfsg1
Diffstat (limited to 'libsubid')
-rw-r--r-- | libsubid/Makefile.am | 11 | ||||
-rw-r--r-- | libsubid/Makefile.in | 58 | ||||
-rw-r--r-- | libsubid/api.c | 62 | ||||
-rw-r--r-- | libsubid/subid.h | 40 | ||||
-rw-r--r-- | libsubid/subid.h.in | 155 |
5 files changed, 239 insertions, 87 deletions
diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am index 189165b0..09ec3416 100644 --- a/libsubid/Makefile.am +++ b/libsubid/Makefile.am @@ -1,7 +1,6 @@ lib_LTLIBRARIES = libsubid.la -libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \ - -shared -version-info @LIBSUBID_ABI_MAJOR@ libsubid_la_SOURCES = api.c +libsubid_la_LDFLAGS = -version-info @LIBSUBID_ABI_MAJOR@ -export-symbols-regex '^subid_' pkginclude_HEADERS = subid.h @@ -9,6 +8,7 @@ MISCLIBS = \ $(LIBAUDIT) \ $(LIBSELINUX) \ $(LIBSEMANAGE) \ + $(LIBCRACK) \ $(LIBCRYPT_NOPAM) \ $(LIBSKEY) \ $(LIBMD) \ @@ -16,11 +16,12 @@ MISCLIBS = \ $(LIBCRYPT) \ $(LIBACL) \ $(LIBATTR) \ - $(LIBTCB) + $(LIBTCB) \ + $(LIBPAM) libsubid_la_LIBADD = \ - $(top_srcdir)/lib/libshadow.la \ - $(top_srcdir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ $(MISCLIBS) -ldl AM_CPPFLAGS = \ diff --git a/libsubid/Makefile.in b/libsubid/Makefile.in index 4270a8b6..8d11b158 100644 --- a/libsubid/Makefile.in +++ b/libsubid/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15.1 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2017 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -105,7 +105,7 @@ DIST_COMMON = $(srcdir)/Makefile.am $(pkginclude_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = +CONFIG_CLEAN_FILES = subid.h CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ @@ -141,9 +141,10 @@ am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -libsubid_la_DEPENDENCIES = $(top_srcdir)/lib/libshadow.la \ - $(top_srcdir)/libmisc/libmisc.la $(am__DEPENDENCIES_2) +libsubid_la_DEPENDENCIES = $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la $(am__DEPENDENCIES_2) am_libsubid_la_OBJECTS = api.lo libsubid_la_OBJECTS = $(am_libsubid_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -167,7 +168,8 @@ am__v_at_0 = @ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/api.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -214,7 +216,8 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags -am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/subid.h.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -375,15 +378,14 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ lib_LTLIBRARIES = libsubid.la -libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \ - -shared -version-info @LIBSUBID_ABI_MAJOR@ - libsubid_la_SOURCES = api.c +libsubid_la_LDFLAGS = -version-info @LIBSUBID_ABI_MAJOR@ -export-symbols-regex '^subid_' pkginclude_HEADERS = subid.h MISCLIBS = \ $(LIBAUDIT) \ $(LIBSELINUX) \ $(LIBSEMANAGE) \ + $(LIBCRACK) \ $(LIBCRYPT_NOPAM) \ $(LIBSKEY) \ $(LIBMD) \ @@ -391,11 +393,12 @@ MISCLIBS = \ $(LIBCRYPT) \ $(LIBACL) \ $(LIBATTR) \ - $(LIBTCB) + $(LIBTCB) \ + $(LIBPAM) libsubid_la_LIBADD = \ - $(top_srcdir)/lib/libshadow.la \ - $(top_srcdir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ $(MISCLIBS) -ldl AM_CPPFLAGS = \ @@ -424,8 +427,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -436,6 +439,8 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +subid.h: $(top_builddir)/config.status $(srcdir)/subid.h.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @@ -481,7 +486,13 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -583,7 +594,10 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -656,7 +670,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/api.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -702,7 +716,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/api.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -723,9 +737,9 @@ uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgincludeHEADERS .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \ - ctags-am distclean distclean-compile distclean-generic \ +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libLTLIBRARIES clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ diff --git a/libsubid/api.c b/libsubid/api.c index a7b904d0..00da74f6 100644 --- a/libsubid/api.c +++ b/libsubid/api.c @@ -1,30 +1,7 @@ /* - * Copyright (c) 2020 Serge Hallyn - * All rights reserved. + * SPDX-FileCopyrightText: 2020 Serge Hallyn * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the copyright holders or contributors may not be used to - * endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * SPDX-License-Identifier: BSD-3-Clause */ #include <config.h> @@ -38,29 +15,30 @@ #include "subordinateio.h" #include "idmapping.h" #include "subid.h" +#include "shadowlog.h" -const char *Prog = "(libsubid)"; -FILE *shadow_logfd; - -bool libsubid_init(const char *progname, FILE * logfd) +bool subid_init(const char *progname, FILE * logfd) { + FILE *shadow_logfd; if (progname) { progname = strdup(progname); - if (progname) - Prog = progname; - else + if (!progname) return false; + log_set_progname(progname); + } else { + log_set_progname("(libsubid)"); } if (logfd) { - shadow_logfd = logfd; + log_set_logfd(logfd); return true; } shadow_logfd = fopen("/dev/null", "w"); if (!shadow_logfd) { - shadow_logfd = stderr; + log_set_logfd(stderr); return false; } + log_set_logfd(shadow_logfd); return true; } @@ -70,12 +48,12 @@ int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_ra return list_owner_ranges(owner, id_type, ranges); } -int get_subuid_ranges(const char *owner, struct subid_range **ranges) +int subid_get_uid_ranges(const char *owner, struct subid_range **ranges) { return get_subid_ranges(owner, ID_TYPE_UID, ranges); } -int get_subgid_ranges(const char *owner, struct subid_range **ranges) +int subid_get_gid_ranges(const char *owner, struct subid_range **ranges) { return get_subid_ranges(owner, ID_TYPE_GID, ranges); } @@ -86,12 +64,12 @@ int get_subid_owner(unsigned long id, enum subid_type id_type, uid_t **owner) return find_subid_owners(id, id_type, owner); } -int get_subuid_owners(uid_t uid, uid_t **owner) +int subid_get_uid_owners(uid_t uid, uid_t **owner) { return get_subid_owner((unsigned long)uid, ID_TYPE_UID, owner); } -int get_subgid_owners(gid_t gid, uid_t **owner) +int subid_get_gid_owners(gid_t gid, uid_t **owner) { return get_subid_owner((unsigned long)gid, ID_TYPE_GID, owner); } @@ -103,12 +81,12 @@ bool grant_subid_range(struct subordinate_range *range, bool reuse, return new_subid_range(range, id_type, reuse); } -bool grant_subuid_range(struct subordinate_range *range, bool reuse) +bool subid_grant_uid_range(struct subordinate_range *range, bool reuse) { return grant_subid_range(range, reuse, ID_TYPE_UID); } -bool grant_subgid_range(struct subordinate_range *range, bool reuse) +bool subid_grant_gid_range(struct subordinate_range *range, bool reuse) { return grant_subid_range(range, reuse, ID_TYPE_GID); } @@ -119,12 +97,12 @@ bool ungrant_subid_range(struct subordinate_range *range, enum subid_type id_typ return release_subid_range(range, id_type); } -bool ungrant_subuid_range(struct subordinate_range *range) +bool subid_ungrant_uid_range(struct subordinate_range *range) { return ungrant_subid_range(range, ID_TYPE_UID); } -bool ungrant_subgid_range(struct subordinate_range *range) +bool subid_ungrant_gid_range(struct subordinate_range *range) { return ungrant_subid_range(range, ID_TYPE_GID); } diff --git a/libsubid/subid.h b/libsubid/subid.h index eabafe4d..01476713 100644 --- a/libsubid/subid.h +++ b/libsubid/subid.h @@ -4,6 +4,10 @@ #ifndef SUBID_RANGE_DEFINED #define SUBID_RANGE_DEFINED 1 +#define SUBID_ABI_VERSION 4.0.0 +#define SUBID_ABI_MAJOR 4 +#define SUBID_ABI_MINOR 0 +#define SUBID_ABI_MICRO 0 /* subid_range is just a starting point and size of a range */ struct subid_range { @@ -32,7 +36,7 @@ enum subid_status { }; /* - * libsubid_init: initialize libsubid + * subid_init: initialize libsubid * * @progname: Name to display as program. If NULL, then "(libsubid)" will be * shown in error messages. @@ -45,10 +49,10 @@ enum subid_status { * * Returns false if an error occurred. */ -bool libsubid_init(const char *progname, FILE *logfd); +bool subid_init(const char *progname, FILE *logfd); /* - * get_subuid_ranges: return a list of UID ranges for a user + * subid_get_uid_ranges: return a list of UID ranges for a user * * @owner: username being queried * @ranges: a pointer to an array of subid_range structs in which the result @@ -58,10 +62,10 @@ bool libsubid_init(const char *progname, FILE *logfd); * * returns: number of ranges found, ir < 0 on error. */ -int get_subuid_ranges(const char *owner, struct subid_range **ranges); +int subid_get_uid_ranges(const char *owner, struct subid_range **ranges); /* - * get_subgid_ranges: return a list of GID ranges for a user + * subid_get_gid_ranges: return a list of GID ranges for a user * * @owner: username being queried * @ranges: a pointer to an array of subid_range structs in which the result @@ -71,10 +75,10 @@ int get_subuid_ranges(const char *owner, struct subid_range **ranges); * * returns: number of ranges found, ir < 0 on error. */ -int get_subgid_ranges(const char *owner, struct subid_range **ranges); +int subid_get_gid_ranges(const char *owner, struct subid_range **ranges); /* - * get_subuid_owners: return a list of uids to which the given uid has been + * subid_get_uid_owners: return a list of uids to which the given uid has been * delegated. * * @uid: The subuid being queried @@ -83,10 +87,10 @@ int get_subgid_ranges(const char *owner, struct subid_range **ranges); * * Returns the number of uids returned, or < 0 on error. */ -int get_subuid_owners(uid_t uid, uid_t **owner); +int subid_get_uid_owners(uid_t uid, uid_t **owner); /* - * get_subgid_owners: return a list of uids to which the given gid has been + * subid_get_gid_owners: return a list of uids to which the given gid has been * delegated. * * @uid: The subgid being queried @@ -95,10 +99,10 @@ int get_subuid_owners(uid_t uid, uid_t **owner); * * Returns the number of uids returned, or < 0 on error. */ -int get_subgid_owners(gid_t gid, uid_t **owner); +int subid_get_gid_owners(gid_t gid, uid_t **owner); /* - * grant_subuid_range: assign a subuid range to a user + * subid_grant_uid_range: assign a subuid range to a user * * @range: pointer to a struct subordinate_range detailing the UID range * to allocate. ->owner must be the username, and ->count must be @@ -109,10 +113,10 @@ int get_subgid_owners(gid_t gid, uid_t **owner); * then the range from (range->start, range->start + range->count) will * be delegated to range->owner. */ -bool grant_subuid_range(struct subordinate_range *range, bool reuse); +bool subid_grant_uid_range(struct subordinate_range *range, bool reuse); /* - * grant_subsid_range: assign a subgid range to a user + * subid_grant_gid_range: assign a subgid range to a user * * @range: pointer to a struct subordinate_range detailing the GID range * to allocate. ->owner must be the username, and ->count must be @@ -123,10 +127,10 @@ bool grant_subuid_range(struct subordinate_range *range, bool reuse); * then the range from (range->start, range->start + range->count) will * be delegated to range->owner. */ -bool grant_subgid_range(struct subordinate_range *range, bool reuse); +bool subid_grant_gid_range(struct subordinate_range *range, bool reuse); /* - * ungrant_subuid_range: remove a subuid allocation. + * subid_ungrant_uid_range: remove a subuid allocation. * * @range: pointer to a struct subordinate_range detailing the UID allocation * to remove. @@ -134,10 +138,10 @@ bool grant_subgid_range(struct subordinate_range *range, bool reuse); * Returns true if successful, false if it failed, for instance if the * delegation did not exist. */ -bool ungrant_subuid_range(struct subordinate_range *range); +bool subid_ungrant_uid_range(struct subordinate_range *range); /* - * ungrant_subuid_range: remove a subgid allocation. + * subid_ungrant_gid_range: remove a subgid allocation. * * @range: pointer to a struct subordinate_range detailing the GID allocation * to remove. @@ -145,7 +149,7 @@ bool ungrant_subuid_range(struct subordinate_range *range); * Returns true if successful, false if it failed, for instance if the * delegation did not exist. */ -bool ungrant_subgid_range(struct subordinate_range *range); +bool subid_ungrant_gid_range(struct subordinate_range *range); #define SUBID_NFIELDS 3 #endif diff --git a/libsubid/subid.h.in b/libsubid/subid.h.in new file mode 100644 index 00000000..21b22a26 --- /dev/null +++ b/libsubid/subid.h.in @@ -0,0 +1,155 @@ +#include <sys/types.h> +#include <stdio.h> +#include <stdbool.h> + +#ifndef SUBID_RANGE_DEFINED +#define SUBID_RANGE_DEFINED 1 +#define SUBID_ABI_VERSION @LIBSUBID_ABI_MAJOR@.@LIBSUBID_ABI_MINOR@.@LIBSUBID_ABI_MICRO@ +#define SUBID_ABI_MAJOR @LIBSUBID_ABI_MAJOR@ +#define SUBID_ABI_MINOR @LIBSUBID_ABI_MINOR@ +#define SUBID_ABI_MICRO @LIBSUBID_ABI_MICRO@ + +/* subid_range is just a starting point and size of a range */ +struct subid_range { + unsigned long start; + unsigned long count; +}; + +/* subordinage_range is a subid_range plus an owner, representing + * a range in /etc/subuid or /etc/subgid */ +struct subordinate_range { + const char *owner; + unsigned long start; + unsigned long count; +}; + +enum subid_type { + ID_TYPE_UID = 1, + ID_TYPE_GID = 2 +}; + +enum subid_status { + SUBID_STATUS_SUCCESS = 0, + SUBID_STATUS_UNKNOWN_USER = 1, + SUBID_STATUS_ERROR_CONN = 2, + SUBID_STATUS_ERROR = 3, +}; + +/* + * subid_init: initialize libsubid + * + * @progname: Name to display as program. If NULL, then "(libsubid)" will be + * shown in error messages. + * @logfd: Open file pointer to pass error messages to. If NULL, then + * /dev/null will be opened and messages will be sent there. The + * default if libsubid_init() is not called is stderr (2). + * + * This function does not need to be called. If not called, then the defaults + * will be used. + * + * Returns false if an error occurred. + */ +bool subid_init(const char *progname, FILE *logfd); + +/* + * subid_get_uid_ranges: return a list of UID ranges for a user + * + * @owner: username being queried + * @ranges: a pointer to an array of subid_range structs in which the result + * will be returned. + * + * The caller must free(ranges) when done. + * + * returns: number of ranges found, ir < 0 on error. + */ +int subid_get_uid_ranges(const char *owner, struct subid_range **ranges); + +/* + * subid_get_gid_ranges: return a list of GID ranges for a user + * + * @owner: username being queried + * @ranges: a pointer to an array of subid_range structs in which the result + * will be returned. + * + * The caller must free(ranges) when done. + * + * returns: number of ranges found, ir < 0 on error. + */ +int subid_get_gid_ranges(const char *owner, struct subid_range **ranges); + +/* + * subid_get_uid_owners: return a list of uids to which the given uid has been + * delegated. + * + * @uid: The subuid being queried + * @owners: a pointer to an array of uids into which the results are placed. + * The returned array must be freed by the caller. + * + * Returns the number of uids returned, or < 0 on error. + */ +int subid_get_uid_owners(uid_t uid, uid_t **owner); + +/* + * subid_get_gid_owners: return a list of uids to which the given gid has been + * delegated. + * + * @uid: The subgid being queried + * @owners: a pointer to an array of uids into which the results are placed. + * The returned array must be freed by the caller. + * + * Returns the number of uids returned, or < 0 on error. + */ +int subid_get_gid_owners(gid_t gid, uid_t **owner); + +/* + * subid_grant_uid_range: assign a subuid range to a user + * + * @range: pointer to a struct subordinate_range detailing the UID range + * to allocate. ->owner must be the username, and ->count must be + * filled in. ->start is ignored, and will contain the start + * of the newly allocated range, upon success. + * + * Returns true if the delegation succeeded, false otherwise. If true, + * then the range from (range->start, range->start + range->count) will + * be delegated to range->owner. + */ +bool subid_grant_uid_range(struct subordinate_range *range, bool reuse); + +/* + * subid_grant_gid_range: assign a subgid range to a user + * + * @range: pointer to a struct subordinate_range detailing the GID range + * to allocate. ->owner must be the username, and ->count must be + * filled in. ->start is ignored, and will contain the start + * of the newly allocated range, upon success. + * + * Returns true if the delegation succeeded, false otherwise. If true, + * then the range from (range->start, range->start + range->count) will + * be delegated to range->owner. + */ +bool subid_grant_gid_range(struct subordinate_range *range, bool reuse); + +/* + * subid_ungrant_uid_range: remove a subuid allocation. + * + * @range: pointer to a struct subordinate_range detailing the UID allocation + * to remove. + * + * Returns true if successful, false if it failed, for instance if the + * delegation did not exist. + */ +bool subid_ungrant_uid_range(struct subordinate_range *range); + +/* + * subid_ungrant_gid_range: remove a subgid allocation. + * + * @range: pointer to a struct subordinate_range detailing the GID allocation + * to remove. + * + * Returns true if successful, false if it failed, for instance if the + * delegation did not exist. + */ +bool subid_ungrant_gid_range(struct subordinate_range *range); + +#define SUBID_NFIELDS 3 +#endif |