nss/libsubid: simplify the ranges variable for list_owner_ranges
Following alexey-tikhonov's suggestion. Since we've dropped the 'owner' field in the data returned for get_subid_ranges, we can just return a single allocated array of simple structs. This means we can return a ** instead of ***, and we can get rid of the subid_free_ranges() helper, since the caller can just free() the returned data. Signed-off-by: Serge Hallyn <serge@hallyn.com>
This commit is contained in:
parent
322db32971
commit
3d670ba7ed
@ -1,6 +1,6 @@
|
|||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
AC_PREREQ([2.69])
|
AC_PREREQ([2.69])
|
||||||
m4_define([libsubid_abi_major], 2)
|
m4_define([libsubid_abi_major], 3)
|
||||||
m4_define([libsubid_abi_minor], 0)
|
m4_define([libsubid_abi_minor], 0)
|
||||||
m4_define([libsubid_abi_micro], 0)
|
m4_define([libsubid_abi_micro], 0)
|
||||||
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
||||||
|
@ -300,16 +300,15 @@ struct subid_nss_ops {
|
|||||||
*
|
*
|
||||||
* @owner - string representing username being queried
|
* @owner - string representing username being queried
|
||||||
* @id_type - subuid or subgid
|
* @id_type - subuid or subgid
|
||||||
* @ranges - pointer to an array of struct subid_range pointers, or
|
* @ranges - pointer to an array of struct subid_range, or NULL. The
|
||||||
* NULL. The returned array of struct subid_range and its
|
* returned array must be freed by the caller.
|
||||||
* members must be freed by the caller.
|
|
||||||
* @count - pointer to an integer into which the number of returned ranges
|
* @count - pointer to an integer into which the number of returned ranges
|
||||||
* is written.
|
* is written.
|
||||||
|
|
||||||
* returns success if the module was able to determine an answer,
|
* returns success if the module was able to determine an answer,
|
||||||
* else an error status.
|
* else an error status.
|
||||||
*/
|
*/
|
||||||
enum subid_status (*list_owner_ranges)(const char *owner, enum subid_type id_type, struct subid_range ***ranges, int *count);
|
enum subid_status (*list_owner_ranges)(const char *owner, enum subid_type id_type, struct subid_range **ranges, int *count);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* nss_find_subid_owners: find uids who own a given subuid or subgid.
|
* nss_find_subid_owners: find uids who own a given subuid or subgid.
|
||||||
|
@ -17,23 +17,6 @@
|
|||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
|
|
||||||
/* subid_free_ranges: free a subid_range
|
|
||||||
*
|
|
||||||
* @ranges: an array of subid_ranges to free
|
|
||||||
* @count: number of items in the array
|
|
||||||
*
|
|
||||||
* The subid_range is a subordinate_range without the owner field,
|
|
||||||
* defined in subid.h
|
|
||||||
*/
|
|
||||||
void subid_free_ranges(struct subid_range **ranges, int count)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
for (i = 0; i < count; i++)
|
|
||||||
free(ranges[i]);
|
|
||||||
free(ranges);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* subordinate_dup: create a duplicate range
|
* subordinate_dup: create a duplicate range
|
||||||
*
|
*
|
||||||
@ -326,26 +309,21 @@ static bool have_range(struct commonio_db *db,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool append_range(struct subid_range ***ranges, const struct subordinate_range *new, int n)
|
static bool append_range(struct subid_range **ranges, const struct subordinate_range *new, int n)
|
||||||
{
|
{
|
||||||
struct subid_range *tmp;
|
|
||||||
if (!*ranges) {
|
if (!*ranges) {
|
||||||
*ranges = malloc(sizeof(struct subid_range *));
|
*ranges = malloc(sizeof(struct subid_range));
|
||||||
if (!*ranges)
|
if (!*ranges)
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
struct subid_range **new;
|
struct subid_range *alloced;
|
||||||
new = realloc(*ranges, (n + 1) * (sizeof(struct subid_range *)));
|
alloced = realloc(*ranges, (n + 1) * (sizeof(struct subid_range)));
|
||||||
if (!new)
|
if (!alloced)
|
||||||
return false;
|
return false;
|
||||||
*ranges = new;
|
*ranges = alloced;
|
||||||
}
|
}
|
||||||
(*ranges)[n] = NULL;
|
(*ranges)[n].start = new->start;
|
||||||
tmp = malloc(sizeof(*tmp));
|
(*ranges)[n].count = new->count;
|
||||||
if (!tmp)
|
|
||||||
return false;
|
|
||||||
memcpy(tmp, new, sizeof(*tmp));
|
|
||||||
(*ranges)[n] = tmp;
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -804,10 +782,10 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
|
|||||||
*
|
*
|
||||||
* The caller must free the subordinate range list.
|
* The caller must free the subordinate range list.
|
||||||
*/
|
*/
|
||||||
int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range ***in_ranges)
|
int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **in_ranges)
|
||||||
{
|
{
|
||||||
// TODO - need to handle owner being either uid or username
|
// TODO - need to handle owner being either uid or username
|
||||||
struct subid_range **ranges = NULL;
|
struct subid_range *ranges = NULL;
|
||||||
const struct subordinate_range *range;
|
const struct subordinate_range *range;
|
||||||
struct commonio_db *db;
|
struct commonio_db *db;
|
||||||
enum subid_status status;
|
enum subid_status status;
|
||||||
@ -845,7 +823,7 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
|
|||||||
while ((range = commonio_next(db)) != NULL) {
|
while ((range = commonio_next(db)) != NULL) {
|
||||||
if (0 == strcmp(range->owner, owner)) {
|
if (0 == strcmp(range->owner, owner)) {
|
||||||
if (!append_range(&ranges, range, count++)) {
|
if (!append_range(&ranges, range, count++)) {
|
||||||
subid_free_ranges(ranges, count-1);
|
free(ranges);
|
||||||
ranges = NULL;
|
ranges = NULL;
|
||||||
count = -1;
|
count = -1;
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -25,7 +25,7 @@ extern int sub_uid_unlock (void);
|
|||||||
extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
|
extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
|
||||||
extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
|
extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
|
||||||
extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
|
extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
|
||||||
extern int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range ***ranges);
|
extern int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges);
|
||||||
extern bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, bool reuse);
|
extern bool new_subid_range(struct subordinate_range *range, enum subid_type id_type, bool reuse);
|
||||||
extern bool release_subid_range(struct subordinate_range *range, enum subid_type id_type);
|
extern bool release_subid_range(struct subordinate_range *range, enum subid_type id_type);
|
||||||
extern int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids);
|
extern int find_subid_owners(unsigned long id, enum subid_type id_type, uid_t **uids);
|
||||||
|
@ -66,17 +66,17 @@ bool libsubid_init(const char *progname, FILE * logfd)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static
|
static
|
||||||
int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_range ***ranges)
|
int get_subid_ranges(const char *owner, enum subid_type id_type, struct subid_range **ranges)
|
||||||
{
|
{
|
||||||
return list_owner_ranges(owner, id_type, ranges);
|
return list_owner_ranges(owner, id_type, ranges);
|
||||||
}
|
}
|
||||||
|
|
||||||
int get_subuid_ranges(const char *owner, struct subid_range ***ranges)
|
int get_subuid_ranges(const char *owner, struct subid_range **ranges)
|
||||||
{
|
{
|
||||||
return get_subid_ranges(owner, ID_TYPE_UID, ranges);
|
return get_subid_ranges(owner, ID_TYPE_UID, ranges);
|
||||||
}
|
}
|
||||||
|
|
||||||
int get_subgid_ranges(const char *owner, struct subid_range ***ranges)
|
int get_subgid_ranges(const char *owner, struct subid_range **ranges)
|
||||||
{
|
{
|
||||||
return get_subid_ranges(owner, ID_TYPE_GID, ranges);
|
return get_subid_ranges(owner, ID_TYPE_GID, ranges);
|
||||||
}
|
}
|
||||||
|
@ -50,32 +50,27 @@ bool libsubid_init(const char *progname, FILE *logfd);
|
|||||||
* get_subuid_ranges: return a list of UID ranges for a user
|
* get_subuid_ranges: return a list of UID ranges for a user
|
||||||
*
|
*
|
||||||
* @owner: username being queried
|
* @owner: username being queried
|
||||||
* @ranges: a pointer to a subordinate range ** in which the result will be
|
* @ranges: a pointer to an array of subid_range structs in which the result
|
||||||
* returned.
|
* will be returned.
|
||||||
|
*
|
||||||
|
* The caller must free(ranges) when done.
|
||||||
*
|
*
|
||||||
* returns: number of ranges found, ir < 0 on error.
|
* returns: number of ranges found, ir < 0 on error.
|
||||||
*/
|
*/
|
||||||
int get_subuid_ranges(const char *owner, struct subid_range ***ranges);
|
int get_subuid_ranges(const char *owner, struct subid_range **ranges);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_subgid_ranges: return a list of GID ranges for a user
|
* get_subgid_ranges: return a list of GID ranges for a user
|
||||||
*
|
*
|
||||||
* @owner: username being queried
|
* @owner: username being queried
|
||||||
* @ranges: a pointer to a subordinate range ** in which the result will be
|
* @ranges: a pointer to an array of subid_range structs in which the result
|
||||||
* returned.
|
* will be returned.
|
||||||
|
*
|
||||||
|
* The caller must free(ranges) when done.
|
||||||
*
|
*
|
||||||
* returns: number of ranges found, ir < 0 on error.
|
* returns: number of ranges found, ir < 0 on error.
|
||||||
*/
|
*/
|
||||||
int get_subgid_ranges(const char *owner, struct subid_range ***ranges);
|
int get_subgid_ranges(const char *owner, struct subid_range **ranges);
|
||||||
|
|
||||||
/*
|
|
||||||
* subid_free_ranges: free an array of subordinate_ranges returned by either
|
|
||||||
* get_subuid_ranges() or get_subgid_ranges().
|
|
||||||
*
|
|
||||||
* @ranges: the ranges to free
|
|
||||||
* @count: the number of ranges in @ranges
|
|
||||||
*/
|
|
||||||
void subid_free_ranges(struct subid_range **ranges, int count);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get_subuid_owners: return a list of uids to which the given uid has been
|
* get_subuid_owners: return a list of uids to which the given uid has been
|
||||||
|
@ -17,7 +17,7 @@ void usage(void)
|
|||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
int i, count=0;
|
int i, count=0;
|
||||||
struct subid_range **ranges;
|
struct subid_range *ranges;
|
||||||
const char *owner;
|
const char *owner;
|
||||||
|
|
||||||
Prog = Basename (argv[0]);
|
Prog = Basename (argv[0]);
|
||||||
@ -39,8 +39,7 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
for (i = 0; i < count; i++) {
|
for (i = 0; i < count; i++) {
|
||||||
printf("%d: %s %lu %lu\n", i, owner,
|
printf("%d: %s %lu %lu\n", i, owner,
|
||||||
ranges[i]->start, ranges[i]->count);
|
ranges[i].start, ranges[i].count);
|
||||||
}
|
}
|
||||||
subid_free_ranges(ranges, count);
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -101,9 +101,9 @@ enum subid_status shadow_subid_find_subid_owners(unsigned long id, enum subid_ty
|
|||||||
return SUBID_STATUS_SUCCESS;
|
return SUBID_STATUS_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range ***in_ranges, int *count)
|
enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_range **in_ranges, int *count)
|
||||||
{
|
{
|
||||||
struct subid_range **ranges;
|
struct subid_range *ranges;
|
||||||
|
|
||||||
*count = 0;
|
*count = 0;
|
||||||
if (strcmp(owner, "error") == 0)
|
if (strcmp(owner, "error") == 0)
|
||||||
@ -113,7 +113,7 @@ enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_t
|
|||||||
if (strcmp(owner, "conn") == 0)
|
if (strcmp(owner, "conn") == 0)
|
||||||
return SUBID_STATUS_ERROR_CONN;
|
return SUBID_STATUS_ERROR_CONN;
|
||||||
|
|
||||||
*ranges = NULL;
|
*in_ranges = NULL;
|
||||||
if (strcmp(owner, "user1") != 0 && strcmp(owner, "ubuntu") != 0 &&
|
if (strcmp(owner, "user1") != 0 && strcmp(owner, "ubuntu") != 0 &&
|
||||||
strcmp(owner, "group1") != 0)
|
strcmp(owner, "group1") != 0)
|
||||||
return SUBID_STATUS_SUCCESS;
|
return SUBID_STATUS_SUCCESS;
|
||||||
@ -121,21 +121,15 @@ enum subid_status shadow_subid_list_owner_ranges(const char *owner, enum subid_t
|
|||||||
return SUBID_STATUS_SUCCESS;
|
return SUBID_STATUS_SUCCESS;
|
||||||
if (id_type == ID_TYPE_UID && strcmp(owner, "group1") == 0)
|
if (id_type == ID_TYPE_UID && strcmp(owner, "group1") == 0)
|
||||||
return SUBID_STATUS_SUCCESS;
|
return SUBID_STATUS_SUCCESS;
|
||||||
ranges = (struct subid_range **)malloc(sizeof(struct subid_range *));
|
ranges = (struct subid_range *)malloc(sizeof(struct subid_range));
|
||||||
if (!*ranges)
|
if (!*ranges)
|
||||||
return SUBID_STATUS_ERROR;
|
return SUBID_STATUS_ERROR;
|
||||||
ranges[0] = (struct subid_range *)malloc(sizeof(struct subid_range));
|
|
||||||
if (!ranges[0]) {
|
|
||||||
free(*ranges);
|
|
||||||
*ranges = NULL;
|
|
||||||
return SUBID_STATUS_ERROR;
|
|
||||||
}
|
|
||||||
if (strcmp(owner, "user1") == 0 || strcmp(owner, "group1") == 0) {
|
if (strcmp(owner, "user1") == 0 || strcmp(owner, "group1") == 0) {
|
||||||
ranges[0]->start = 100000;
|
ranges[0].start = 100000;
|
||||||
ranges[0]->count = 65536;
|
ranges[0].count = 65536;
|
||||||
} else {
|
} else {
|
||||||
ranges[0]->start = 200000;
|
ranges[0].start = 200000;
|
||||||
ranges[0]->count = 100000;
|
ranges[0].count = 100000;
|
||||||
}
|
}
|
||||||
|
|
||||||
*count = 1;
|
*count = 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user