rpms / shadow-utils

Clone
Source Code
GIT

Blame SOURCES/shadow-4.9-subordinateio-compare-owner-ID.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic-beta c7-beta c8 c8-beta c8s c9 c9-beta
  1.   4cce766dd6ea89d8ecb0b3838a9ac13816fc46a5
  2.   SOURCES
  3.   shadow-4.9-subordinateio-compare-owner-ID.patch
Blob History Raw
b6bfd5 
From 3ec32f9975f262073f8fbdecd2bfaee4a1d3db48 Mon Sep 17 00:00:00 2001
b6bfd5 
From: Iker Pedrosa <ipedrosa@redhat.com>
b6bfd5 
Date: Wed, 13 Jul 2022 09:55:14 +0200
b6bfd5 
Subject: [PATCH] subordinateio: also compare the owner ID
b6bfd5
b6bfd5 
IDs already populate /etc/subuid and /etc/subgid files so it's necessary
b6bfd5 
not only to check for the owner name but also for the owner ID of a
b6bfd5 
given range.
b6bfd5
b6bfd5 
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2093311
b6bfd5
b6bfd5 
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
b6bfd5 
---
b6bfd5 
 lib/subordinateio.c | 50 +++++++++++++++++++++++++++++++++++++++++++++
b6bfd5 
 1 file changed, 50 insertions(+)
b6bfd5
b6bfd5 
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
b6bfd5 
index 9ca70b8b..6bc45283 100644
b6bfd5 
--- a/lib/subordinateio.c
b6bfd5 
+++ b/lib/subordinateio.c
b6bfd5 
@@ -17,6 +17,8 @@
b6bfd5 
 #include <ctype.h>
b6bfd5 
 #include <fcntl.h>
b6bfd5
b6bfd5 
+#define ID_SIZE 31
b6bfd5 
+
b6bfd5 
 /*
b6bfd5 
  * subordinate_dup: create a duplicate range
b6bfd5 
  *
b6bfd5 
@@ -745,6 +747,40 @@ gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
b6bfd5 
 	return start == ULONG_MAX ? (gid_t) -1 : start;
b6bfd5 
 }
b6bfd5
b6bfd5 
+static bool get_owner_id(const char *owner, enum subid_type id_type, char *id)
b6bfd5 
+{
b6bfd5 
+	struct passwd *pw;
b6bfd5 
+	struct group *gr;
b6bfd5 
+	int ret = 0;
b6bfd5 
+
b6bfd5 
+	switch (id_type) {
b6bfd5 
+	case ID_TYPE_UID:
b6bfd5 
+		pw = getpwnam(owner);
b6bfd5 
+		if (pw == NULL) {
b6bfd5 
+			return false;
b6bfd5 
+		}
b6bfd5 
+		ret = snprintf(id, ID_SIZE, "%u", pw->pw_uid);
b6bfd5 
+		if (ret < 0 || ret >= ID_SIZE) {
b6bfd5 
+			return false;
b6bfd5 
+		}
b6bfd5 
+		break;
b6bfd5 
+	case ID_TYPE_GID:
b6bfd5 
+		gr = getgrnam(owner);
b6bfd5 
+		if (gr == NULL) {
b6bfd5 
+			return false;
b6bfd5 
+		}
b6bfd5 
+		ret = snprintf(id, ID_SIZE, "%u", gr->gr_gid);
b6bfd5 
+		if (ret < 0 || ret >= ID_SIZE) {
b6bfd5 
+			return false;
b6bfd5 
+		}
b6bfd5 
+		break;
b6bfd5 
+	default:
b6bfd5 
+		return false;
b6bfd5 
+	}
b6bfd5 
+
b6bfd5 
+	return true;
b6bfd5 
+}
b6bfd5 
+
b6bfd5 
 /*
b6bfd5 
  * int list_owner_ranges(const char *owner, enum subid_type id_type, struct subordinate_range ***ranges)
b6bfd5 
  *
b6bfd5 
@@ -770,6 +806,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
b6bfd5 
 	enum subid_status status;
b6bfd5 
 	int count = 0;
b6bfd5 
 	struct subid_nss_ops *h;
b6bfd5 
+	char id[ID_SIZE];
b6bfd5 
+	bool have_owner_id;
b6bfd5
b6bfd5 
 	*in_ranges = NULL;
b6bfd5
b6bfd5 
@@ -798,6 +836,8 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
b6bfd5 
 		return -1;
b6bfd5 
 	}
b6bfd5
b6bfd5 
+	have_owner_id = get_owner_id(owner, id_type, id);
b6bfd5 
+
b6bfd5 
 	commonio_rewind(db);
b6bfd5 
 	while ((range = commonio_next(db)) != NULL) {
b6bfd5 
 		if (0 == strcmp(range->owner, owner)) {
b6bfd5 
@@ -808,6 +848,16 @@ int list_owner_ranges(const char *owner, enum subid_type id_type, struct subid_r
b6bfd5 
 				goto out;
b6bfd5 
 			}
b6bfd5 
 		}
b6bfd5 
+
b6bfd5 
+		// Let's also compare with the ID
b6bfd5 
+		if (have_owner_id == true && 0 == strcmp(range->owner, id)) {
b6bfd5 
+			if (!append_range(&ranges, range, count++)) {
b6bfd5 
+				free(ranges);
b6bfd5 
+				ranges = NULL;
b6bfd5 
+				count = -1;
b6bfd5 
+				goto out;
b6bfd5 
+			}
b6bfd5 
+		}
b6bfd5 
 	}
b6bfd5
b6bfd5 
 out:
b6bfd5 
--
b6bfd5 
2.36.1
b6bfd5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation