2 * Copyright (c) 2012 - Eric Biederman
9 #include "prototypes.h"
13 #include "subordinateio.h"
15 struct subordinate_range {
23 static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
25 const struct subordinate_range *rangeent = ent;
26 struct subordinate_range *range;
28 range = (struct subordinate_range *) malloc (sizeof *range);
32 range->owner = strdup (rangeent->owner);
33 if (NULL == range->owner) {
37 range->start = rangeent->start;
38 range->count = rangeent->count;
43 static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
45 struct subordinate_range *rangeent = ent;
47 free ((void *)(rangeent->owner));
51 static void *subordinate_parse (const char *line)
53 static struct subordinate_range range;
54 static char rangebuf[1024];
57 char *fields[NFIELDS];
60 * Copy the string to a temporary buffer so the substrings can
61 * be modified to be NULL terminated.
63 if (strlen (line) >= sizeof rangebuf)
64 return NULL; /* fail if too long */
65 strcpy (rangebuf, line);
68 * Save a pointer to the start of each colon separated
69 * field. The fields are converted into NUL terminated strings.
72 for (cp = rangebuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) {
74 while (('\0' != *cp) && (':' != *cp)) {
87 * There must be exactly NFIELDS colon separated fields or
88 * the entry is invalid. Also, fields must be non-blank.
90 if (i != NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0')
92 range.owner = fields[0];
93 if (getulong (fields[1], &range.start) == 0)
95 if (getulong (fields[2], &range.count) == 0)
101 static int subordinate_put (const void *ent, FILE * file)
103 const struct subordinate_range *range = ent;
105 return fprintf(file, "%s:%lu:%lu\n",
108 range->count) < 0 ? -1 : 0;
111 static struct commonio_ops subordinate_ops = {
112 subordinate_dup, /* dup */
113 subordinate_free, /* free */
115 subordinate_parse, /* parse */
116 subordinate_put, /* put */
119 NULL, /* open_hook */
120 NULL, /* close_hook */
123 static /*@observer@*/ /*@null*/const struct subordinate_range *subordinate_next(struct commonio_db *db)
128 static bool is_range_free(struct commonio_db *db, unsigned long start,
131 const struct subordinate_range *range;
132 unsigned long end = start + count - 1;
135 while ((range = commonio_next(db)) != NULL) {
136 unsigned long first = range->start;
137 unsigned long last = first + range->count - 1;
139 if ((end >= first) && (start <= last))
145 static const bool range_exists(struct commonio_db *db, const char *owner)
147 const struct subordinate_range *range;
149 while ((range = commonio_next(db)) != NULL) {
150 if (0 == strcmp(range->owner, owner))
156 static const struct subordinate_range *find_range(struct commonio_db *db,
157 const char *owner, unsigned long val)
159 const struct subordinate_range *range;
161 while ((range = commonio_next(db)) != NULL) {
162 unsigned long first = range->start;
163 unsigned long last = first + range->count - 1;
165 if (0 != strcmp(range->owner, owner))
168 if ((val >= first) && (val <= last))
174 static bool have_range(struct commonio_db *db,
175 const char *owner, unsigned long start, unsigned long count)
177 const struct subordinate_range *range;
183 end = start + count - 1;
184 range = find_range (db, owner, start);
188 last = range->start + range->count - 1;
189 if (last >= (start + count - 1))
194 range = find_range(db, owner, start);
199 static int subordinate_range_cmp (const void *p1, const void *p2)
201 struct subordinate_range *range1, *range2;
203 if ((*(struct commonio_entry **) p1)->eptr == NULL)
205 if ((*(struct commonio_entry **) p2)->eptr == NULL)
208 range1 = ((struct subordinate_range *) (*(struct commonio_entry **) p1)->eptr);
209 range2 = ((struct subordinate_range *) (*(struct commonio_entry **) p2)->eptr);
211 if (range1->start < range2->start)
213 else if (range1->start > range2->start)
215 else if (range1->count < range2->count)
217 else if (range1->count > range2->count)
220 return strcmp(range1->owner, range2->owner);
223 static unsigned long find_free_range(struct commonio_db *db,
224 unsigned long min, unsigned long max,
227 const struct subordinate_range *range;
228 unsigned long low, high;
230 /* When given invalid parameters fail */
231 if ((count == 0) || (max < min))
234 /* Sort by range then by owner */
235 commonio_sort (db, subordinate_range_cmp);
239 while ((range = commonio_next(db)) != NULL) {
240 unsigned long first = range->start;
241 unsigned long last = first + range->count - 1;
243 /* Find the top end of the hole before this range */
248 /* Is the hole before this range large enough? */
249 if ((high > low) && ((high - low) >= count))
252 /* Compute the low end of the next hole */
253 if (low < (last + 1))
259 /* Is the remaining unclaimed area large enough? */
260 if (((max - low) + 1) >= count)
266 static int add_range(struct commonio_db *db,
267 const char *owner, unsigned long start, unsigned long count)
269 struct subordinate_range range;
274 /* See if the range is already present */
275 if (have_range(db, owner, start, count))
278 /* Otherwise append the range */
279 return commonio_append(db, &range);
282 static int remove_range(struct commonio_db *db,
283 const char *owner, unsigned long start, unsigned long count)
285 struct commonio_entry *ent;
291 end = start + count - 1;
292 for (ent = db->head; ent; ent = ent->next) {
293 struct subordinate_range *range = ent->eptr;
297 /* Skip unparsed entries */
301 first = range->start;
302 last = first + range->count - 1;
304 /* Skip entries with a different owner */
305 if (0 != strcmp(range->owner, owner))
308 /* Skip entries outside of the range to remove */
309 if ((end < first) || (start > last))
312 if (start <= first) {
314 /* to be removed: [start, end]
315 * range: [first, last] */
316 /* entry completely contained in the
318 commonio_del_entry (db, ent);
320 /* to be removed: [start, end]
321 * range: [first, last] */
322 /* Remove only the start of the entry */
323 range->start = end + 1;
324 range->count = (last - range->start) + 1;
331 /* to be removed: [start, end]
332 * range: [first, last] */
333 /* Remove only the end of the entry */
334 range->count = start - range->start;
339 /* to be removed: [start, end]
340 * range: [first, last] */
341 /* Remove the middle of the range
342 * This requires to create a new range */
343 struct subordinate_range tail;
344 tail.owner = range->owner;
345 tail.start = end + 1;
346 tail.count = (last - tail.start) + 1;
348 if (commonio_append(db, &tail) == 0) {
352 range->count = start - range->start;
363 static struct commonio_db subordinate_uid_db = {
364 "/etc/subuid", /* filename */
365 &subordinate_ops, /* ops */
379 int sub_uid_setdbname (const char *filename)
381 return commonio_setname (&subordinate_uid_db, filename);
384 /*@observer@*/const char *sub_uid_dbname (void)
386 return subordinate_uid_db.filename;
389 bool sub_uid_file_present (void)
391 return commonio_present (&subordinate_uid_db);
394 int sub_uid_lock (void)
396 return commonio_lock (&subordinate_uid_db);
399 int sub_uid_open (int mode)
401 return commonio_open (&subordinate_uid_db, mode);
404 bool is_sub_uid_range_free(uid_t start, unsigned long count)
406 return is_range_free (&subordinate_uid_db, start, count);
409 bool sub_uid_assigned(const char *owner)
411 return range_exists (&subordinate_uid_db, owner);
414 bool have_sub_uids(const char *owner, uid_t start, unsigned long count)
416 return have_range (&subordinate_uid_db, owner, start, count);
419 int sub_uid_add (const char *owner, uid_t start, unsigned long count)
421 return add_range (&subordinate_uid_db, owner, start, count);
424 int sub_uid_remove (const char *owner, uid_t start, unsigned long count)
426 return remove_range (&subordinate_uid_db, owner, start, count);
429 int sub_uid_close (void)
431 return commonio_close (&subordinate_uid_db);
434 int sub_uid_unlock (void)
436 return commonio_unlock (&subordinate_uid_db);
439 uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count)
442 start = find_free_range (&subordinate_uid_db, min, max, count);
443 return start == ULONG_MAX ? (uid_t) -1 : start;
446 static struct commonio_db subordinate_gid_db = {
447 "/etc/subgid", /* filename */
448 &subordinate_ops, /* ops */
462 int sub_gid_setdbname (const char *filename)
464 return commonio_setname (&subordinate_gid_db, filename);
467 /*@observer@*/const char *sub_gid_dbname (void)
469 return subordinate_gid_db.filename;
472 bool sub_gid_file_present (void)
474 return commonio_present (&subordinate_gid_db);
477 int sub_gid_lock (void)
479 return commonio_lock (&subordinate_gid_db);
482 int sub_gid_open (int mode)
484 return commonio_open (&subordinate_gid_db, mode);
487 bool is_sub_gid_range_free(gid_t start, unsigned long count)
489 return is_range_free (&subordinate_gid_db, start, count);
492 bool have_sub_gids(const char *owner, gid_t start, unsigned long count)
494 return have_range(&subordinate_gid_db, owner, start, count);
497 bool sub_gid_assigned(const char *owner)
499 return range_exists (&subordinate_gid_db, owner);
502 int sub_gid_add (const char *owner, gid_t start, unsigned long count)
504 return add_range (&subordinate_gid_db, owner, start, count);
507 int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
509 return remove_range (&subordinate_gid_db, owner, start, count);
512 int sub_gid_close (void)
514 return commonio_close (&subordinate_gid_db);
517 int sub_gid_unlock (void)
519 return commonio_unlock (&subordinate_gid_db);
522 gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
525 start = find_free_range (&subordinate_gid_db, min, max, count);
526 return start == ULONG_MAX ? (gid_t) -1 : start;
528 #else /* !ENABLE_SUBIDS */
529 extern int errno; /* warning: ANSI C forbids an empty source file */
530 #endif /* !ENABLE_SUBIDS */