shadow/libmisc
Serge Hallyn 8492dee663 subids: support nsswitch
Closes #154

When starting any operation to do with subuid delegation, check
nsswitch for a module to use.  If none is specified, then use
the traditional /etc/subuid and /etc/subgid files.

Currently only one module is supported, and there is no fallback
to the files on errors.  Several possibilities could be considered:

1. in case of connection error, fall back to files
2. in case of unknown user, also fall back to files

etc...

When non-files nss module is used, functions to edit the range
are not supported.  It may make sense to support it, but it also
may make sense to require another tool to be used.

libsubordinateio also uses the nss_ helpers.  This is how for instance
lxc could easily be converted to supporting nsswitch.

Add a set of test cases, including a dummy libsubid_zzz module.  This
hardcodes values such that:

'ubuntu' gets 200000 - 300000
'user1' gets 100000 - 165536
'error' emulates an nss module error
'unknown' emulates a user unknown to the nss module
'conn' emulates a connection error ot the nss module

Changes to libsubid:

Change the list_owner_ranges api: return a count instead of making the array
null terminated.

This is a breaking change, so bump the libsubid abi major number.

Rename free_subuid_range and free_subgid_range to ungrant_subuid_range,
because otherwise it's confusing with free_subid_ranges which frees
    memory.

Run libsubid tests in jenkins

Switch argument order in find_subid_owners

Move the db locking into subordinateio.c

Signed-off-by: Serge Hallyn <serge@hallyn.com>
2021-04-16 21:02:37 -05:00
..
.indent.pro Commit the last version from the PLD CVS repository. 2007-10-07 14:36:51 +00:00
addgrps.c * NEWS, libmisc/addgrps.c: Fix allocator loop. Continue to 2011-06-02 15:36:29 +00:00
age.c * libmisc/env.c, libmisc/age.c: Added splint annotations. 2009-04-23 17:33:21 +00:00
audit_help.c * libmisc/audit_help.c (audit_logger):pgname is not used. We let 2010-08-21 15:22:39 +00:00
basename.c Miscellaneous: 2011-09-18 21:02:43 +00:00
btrfs.c silence compiler warnings 2020-01-12 07:31:26 -06:00
chkname.c chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards 2019-10-04 18:40:41 -05:00
chkname.h Updated copyright dates. 2008-05-25 23:31:10 +00:00
chowndir.c * libmisc/chowndir.c: Add splint annotations. 2011-08-14 14:00:14 +00:00
chowntty.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
cleanup_group.c * libmisc/cleanup_group.c: Fix compilation when compiled without 2008-12-23 00:39:54 +00:00
cleanup_user.c * libmisc/audit_help.c: Added audit_logger_message() to log 2008-12-22 21:52:43 +00:00
cleanup.c * lib/prototypes.h, libmisc/cleanup.c, lib/spawn.c, src/chage.c: 2011-10-18 20:23:33 +00:00
console.c Fix some issues found in Coverity scan. 2018-10-10 12:22:04 +02:00
copydir.c 2012-02-13 Mike Frysinger <vapier@gentoo.org> 2012-02-13 19:16:29 +00:00
entry.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
env.c * libmisc/isexpired.c: Added parenthesis. 2011-06-16 21:25:36 +00:00
failure.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
failure.h spelling: cumulative 2017-10-22 18:33:13 +00:00
find_new_gid.c remove unused variables 2019-10-12 20:03:32 -05:00
find_new_sub_gids.c remove unused and misleading 'owner' argument from find_new_sub* 2020-04-17 16:32:44 -05:00
find_new_sub_uids.c remove unused and misleading 'owner' argument from find_new_sub* 2020-04-17 16:32:44 -05:00
find_new_uid.c remove unused variables 2019-10-12 20:03:32 -05:00
getdate.h * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
getdate.y spelling: gratuitously 2017-10-22 19:17:02 +00:00
getgr_nam_gid.c * lib/prototypes.h, libmisc/getgr_nam_gid.c: getgr_nam_gid() 2011-08-14 13:16:26 +00:00
getrange.c * libmisc/get_gid.c, libmisc/get_uid.c, libmisc/Makefile.am, 2009-03-08 20:26:56 +00:00
gettime.c gettime: Use secure_getenv over getenv. 2019-03-31 16:00:01 +01:00
hushed.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
idmapping.c Fix hurd build 2020-04-17 21:50:48 +02:00
idmapping.h subids: support nsswitch 2021-04-16 21:02:37 -05:00
isexpired.c * libmisc/isexpired.c: Added parenthesis. 2011-06-16 21:25:36 +00:00
limits.c * man/limits.5.xml, libmisc/limits.c: Sort limit identifiers. 2011-11-06 18:39:47 +00:00
list.c * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c, 2010-08-21 15:32:53 +00:00
log.c * lib/prototypes.h: Replace HAVE_UTMPX_H by USE_UTMPX. 2009-04-27 20:15:09 +00:00
loginprompt.c * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that 2011-09-18 20:41:38 +00:00
mail.c * libmisc/mail.c, libmisc/copydir.c: Added missing include of 2009-04-27 20:09:18 +00:00
Makefile.am try again to fix libmisc sharing problem 2021-04-11 17:42:04 -05:00
motd.c * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c, 2010-08-21 15:32:53 +00:00
myname.c * libmisc/myname.c: Updated splint annotations. 2009-04-26 17:10:49 +00:00
obscure.c Add yescrypt support 2021-02-01 22:11:10 +01:00
pam_pass_non_interactive.c spelling: interactive 2017-10-22 20:24:32 +00:00
pam_pass.c * libmisc/pam_pass.c: Removed comment regarding pam_misc. This is 2009-05-09 13:15:17 +00:00
prefix_flag.c libmisc: Accept --root=path and --prefix=path option syntax 2020-02-07 21:57:12 +00:00
pwd2spwd.c Make the sp_lstchg shadow field reproducible (re. #71) 2019-03-31 16:00:01 +01:00
pwd_init.c Make sure every source files are distributed with a copyright and license. 2008-04-27 00:40:09 +00:00
pwdcheck.c * libmisc/pwdcheck.c (passwd_check): The progname is not used. 2009-04-23 20:17:02 +00:00
remove_tree.c Integrate review comments from Julien Cristau 2010-09-05 15:34:42 +00:00
rlogin.c * lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs. 2009-04-30 21:08:49 +00:00
root_flag.c libmisc: Accept --root=path and --prefix=path option syntax 2020-02-07 21:57:12 +00:00
salt.c Add yescrypt support 2021-02-01 22:11:10 +01:00
setugid.c Updated copyrights. 2010-08-22 13:04:54 +00:00
setupenv.c spelling: else 2017-10-22 19:08:39 +00:00
shell.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
strtoday.c spelling: cumulative 2017-10-22 18:33:13 +00:00
sub.c Fix typo in comment. 2013-08-04 15:56:32 +02:00
sulog.c Updated copyrights. 2010-08-22 13:04:54 +00:00
ttytype.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
tz.c Updated copyrights. 2010-08-22 13:04:54 +00:00
ulimit.c * libmisc/limits.c: Add brackets and parenthesis. 2008-06-15 21:59:41 +00:00
user_busy.c Do not mistake a regular user process for a namespaced one 2020-01-21 09:16:10 +01:00
utmp.c Support systems that only have utmpx 2018-06-24 00:13:12 -05:00
valid.c crypt() in glibc/eglibc 2.17 now fails if passed 2013-07-28 18:41:11 +02:00
xgetgrgid.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetgrnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetpwnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetpwuid.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetspnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetXXbyYY.c Re-indent. 2011-11-06 18:40:06 +00:00
xmalloc.c xfree: move xfree() function to xmalloc.c 2020-10-15 21:52:06 -04:00
yesno.c * libmisc/yesno.c: Ignore the return value of puts. 2009-04-23 11:14:56 +00:00