2016-03-03 22:54:15 +08:00
|
|
|
/*
|
|
|
|
|
|
|
|
nsjail - CLONE_NEWUSER routines
|
|
|
|
-----------------------------------------
|
|
|
|
|
|
|
|
Copyright 2014 Google Inc. All Rights Reserved.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "user.h"
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <grp.h>
|
2017-10-18 20:27:34 +08:00
|
|
|
#include <limits.h>
|
2017-10-01 22:11:46 +08:00
|
|
|
#include <linux/securebits.h>
|
2017-05-27 05:07:47 +08:00
|
|
|
#include <pwd.h>
|
2016-03-03 22:54:15 +08:00
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stddef.h>
|
2017-10-18 20:46:17 +08:00
|
|
|
#include <stdint.h>
|
2016-03-03 22:54:15 +08:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
2017-10-01 22:11:46 +08:00
|
|
|
#include <sys/prctl.h>
|
2017-10-18 20:46:17 +08:00
|
|
|
#include <sys/queue.h>
|
2017-02-08 01:31:50 +08:00
|
|
|
#include <sys/syscall.h>
|
2017-05-27 05:07:47 +08:00
|
|
|
#include <sys/types.h>
|
2016-03-03 22:54:15 +08:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2017-10-18 20:46:17 +08:00
|
|
|
#include "common.h"
|
2016-03-03 22:54:15 +08:00
|
|
|
#include "log.h"
|
2016-10-12 08:01:12 +08:00
|
|
|
#include "subproc.h"
|
2016-03-03 22:54:15 +08:00
|
|
|
#include "util.h"
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userSetResGid(gid_t gid) {
|
2017-10-17 21:16:27 +08:00
|
|
|
LOG_D("setresgid(%d)", gid);
|
|
|
|
#if defined(__NR_setresgid32)
|
2017-10-19 08:14:58 +08:00
|
|
|
if (syscall(__NR_setresgid32, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
|
2017-10-17 21:16:27 +08:00
|
|
|
PLOG_W("setresgid32(%d)", (int)gid);
|
|
|
|
return false;
|
|
|
|
}
|
2017-10-26 06:26:02 +08:00
|
|
|
#else /* defined(__NR_setresgid32) */
|
2017-10-17 21:16:27 +08:00
|
|
|
if (syscall(__NR_setresgid, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
|
|
|
|
PLOG_W("setresgid(%d)", gid);
|
|
|
|
return false;
|
|
|
|
}
|
2017-10-19 08:14:58 +08:00
|
|
|
#endif /* defined(__NR_setresuid32) */
|
2017-10-17 21:16:27 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userSetResUid(uid_t uid) {
|
2017-10-17 21:16:27 +08:00
|
|
|
LOG_D("setresuid(%d)", uid);
|
|
|
|
#if defined(__NR_setresuid32)
|
2017-10-19 08:14:58 +08:00
|
|
|
if (syscall(__NR_setresuid32, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
|
2017-10-17 21:16:27 +08:00
|
|
|
PLOG_W("setresuid32(%d)", (int)uid);
|
|
|
|
return false;
|
|
|
|
}
|
2017-10-26 06:26:02 +08:00
|
|
|
#else /* defined(__NR_setresuid32) */
|
2017-10-17 21:16:27 +08:00
|
|
|
if (syscall(__NR_setresuid, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
|
|
|
|
PLOG_W("setresuid(%d)", uid);
|
|
|
|
return false;
|
|
|
|
}
|
2017-10-19 08:14:58 +08:00
|
|
|
#endif /* defined(__NR_setresuid32) */
|
2017-10-17 21:16:27 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userSetGroups(pid_t pid) {
|
2016-03-03 22:54:15 +08:00
|
|
|
/*
|
2017-10-17 21:22:23 +08:00
|
|
|
* No need to write 'deny' to /proc/pid/setgroups if our euid==0, as writing to
|
|
|
|
* uid_map/gid_map will succeed anyway
|
2016-03-03 22:54:15 +08:00
|
|
|
*/
|
|
|
|
if (geteuid() == 0) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
char fname[PATH_MAX];
|
|
|
|
snprintf(fname, sizeof(fname), "/proc/%d/setgroups", pid);
|
2017-10-09 05:00:45 +08:00
|
|
|
const char* denystr = "deny";
|
2017-10-19 20:56:45 +08:00
|
|
|
if (!utilWriteBufToFile(fname, denystr, strlen(denystr), O_WRONLY | O_CLOEXEC)) {
|
2016-03-03 22:54:15 +08:00
|
|
|
LOG_E("utilWriteBufToFile('%s', '%s') failed", fname, denystr);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userUidMapSelf(struct nsjconf_t* nsjconf, pid_t pid) {
|
2016-03-03 22:54:15 +08:00
|
|
|
char fname[PATH_MAX];
|
|
|
|
snprintf(fname, sizeof(fname), "/proc/%d/uid_map", pid);
|
2017-02-08 07:36:32 +08:00
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
char map[4096] = {[0] = '\0'};
|
2017-02-08 07:36:32 +08:00
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
struct idmap_t* p;
|
2017-10-26 06:26:02 +08:00
|
|
|
TAILQ_FOREACH(p, &nsjconf->uids, pointers) {
|
2017-05-28 07:05:27 +08:00
|
|
|
if (p->is_newidmap) {
|
|
|
|
continue;
|
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
utilSSnPrintf(map, sizeof(map), "%lu %lu %zu\n", (unsigned long)p->inside_id,
|
2017-10-09 05:00:45 +08:00
|
|
|
(unsigned long)p->outside_id, p->count);
|
2017-02-08 07:36:32 +08:00
|
|
|
}
|
|
|
|
|
2017-05-28 07:05:27 +08:00
|
|
|
if (strlen(map) == 0) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-03-03 22:54:15 +08:00
|
|
|
LOG_D("Writing '%s' to '%s'", map, fname);
|
2017-10-19 20:56:45 +08:00
|
|
|
if (!utilWriteBufToFile(fname, map, strlen(map), O_WRONLY | O_CLOEXEC)) {
|
2016-03-03 22:54:15 +08:00
|
|
|
LOG_E("utilWriteBufToFile('%s', '%s') failed", fname, map);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2016-09-25 20:30:19 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userGidMapSelf(struct nsjconf_t* nsjconf, pid_t pid) {
|
2016-09-25 20:30:19 +08:00
|
|
|
char fname[PATH_MAX];
|
2016-03-03 22:54:15 +08:00
|
|
|
snprintf(fname, sizeof(fname), "/proc/%d/gid_map", pid);
|
2017-02-08 07:36:32 +08:00
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
char map[4096] = {[0] = '\0'};
|
2017-02-08 07:36:32 +08:00
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
struct idmap_t* p;
|
2017-10-26 06:26:02 +08:00
|
|
|
TAILQ_FOREACH(p, &nsjconf->gids, pointers) {
|
2017-05-28 07:05:27 +08:00
|
|
|
if (p->is_newidmap) {
|
|
|
|
continue;
|
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
utilSSnPrintf(map, sizeof(map), "%lu %lu %zu\n", (unsigned long)p->inside_id,
|
2017-10-09 05:00:45 +08:00
|
|
|
(unsigned long)p->outside_id, p->count);
|
2017-02-08 07:36:32 +08:00
|
|
|
}
|
|
|
|
|
2017-05-28 07:05:27 +08:00
|
|
|
if (strlen(map) == 0) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-03-03 22:54:15 +08:00
|
|
|
LOG_D("Writing '%s' to '%s'", map, fname);
|
2017-10-19 20:56:45 +08:00
|
|
|
if (!utilWriteBufToFile(fname, map, strlen(map), O_WRONLY | O_CLOEXEC)) {
|
2016-03-03 22:54:15 +08:00
|
|
|
LOG_E("utilWriteBufToFile('%s', '%s') failed", fname, map);
|
|
|
|
return false;
|
|
|
|
}
|
2017-02-08 07:36:32 +08:00
|
|
|
|
2016-03-03 22:54:15 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-10-12 08:01:12 +08:00
|
|
|
/* Use /usr/bin/newgidmap for writing the gid map */
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userGidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
2017-10-16 21:19:07 +08:00
|
|
|
size_t idx = 0;
|
2017-05-27 05:07:47 +08:00
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
const char* argv[1024];
|
2017-05-27 05:07:47 +08:00
|
|
|
char parms[1024][256];
|
|
|
|
|
|
|
|
argv[idx++] = "/usr/bin/newgidmap";
|
|
|
|
|
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%u", (unsigned)pid);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
struct idmap_t* p;
|
2017-05-28 07:16:48 +08:00
|
|
|
bool use = false;
|
2017-10-26 06:26:02 +08:00
|
|
|
TAILQ_FOREACH(p, &nsjconf->gids, pointers) {
|
2017-05-28 07:05:27 +08:00
|
|
|
if (p->is_newidmap == false) {
|
|
|
|
continue;
|
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
if ((idx + 4) >= ARRAYSIZE(argv)) {
|
2017-10-02 01:01:36 +08:00
|
|
|
LOG_W("Too many arguments for '/usr/bin/newgidmap'");
|
2016-09-25 20:30:19 +08:00
|
|
|
return false;
|
|
|
|
}
|
2017-05-28 07:16:48 +08:00
|
|
|
use = true;
|
2016-10-12 08:01:12 +08:00
|
|
|
|
2017-05-27 05:07:47 +08:00
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%u", (unsigned)p->inside_id);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
|
|
|
|
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%u", (unsigned)p->outside_id);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
|
|
|
|
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%zu", p->count);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
|
|
|
|
argv[idx] = NULL;
|
2016-09-25 20:30:19 +08:00
|
|
|
|
2017-05-28 07:16:48 +08:00
|
|
|
if (!use) {
|
2017-05-28 07:05:27 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-10-12 08:01:12 +08:00
|
|
|
if (subprocSystem(argv, environ) != 0) {
|
|
|
|
LOG_E("'/usr/bin/newgidmap' failed");
|
2016-10-12 06:59:10 +08:00
|
|
|
return false;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-10-12 08:01:12 +08:00
|
|
|
/* Use /usr/bin/newuidmap for writing the uid map */
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userUidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
2017-10-16 21:19:07 +08:00
|
|
|
size_t idx = 0;
|
2017-05-27 05:07:47 +08:00
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
const char* argv[1024];
|
2017-05-27 05:07:47 +08:00
|
|
|
char parms[1024][256];
|
|
|
|
|
|
|
|
argv[idx++] = "/usr/bin/newuidmap";
|
|
|
|
|
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%u", (unsigned)pid);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
|
|
|
|
2017-05-28 07:16:48 +08:00
|
|
|
bool use = false;
|
2017-10-09 05:00:45 +08:00
|
|
|
struct idmap_t* p;
|
2017-10-26 06:26:02 +08:00
|
|
|
TAILQ_FOREACH(p, &nsjconf->uids, pointers) {
|
2017-05-28 07:05:27 +08:00
|
|
|
if (p->is_newidmap == false) {
|
|
|
|
continue;
|
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
if ((idx + 4) >= ARRAYSIZE(argv)) {
|
2017-10-02 01:01:36 +08:00
|
|
|
LOG_W("Too many arguments for '/usr/bin/newuidmap'");
|
2016-09-25 20:30:19 +08:00
|
|
|
return false;
|
|
|
|
}
|
2017-05-28 07:16:48 +08:00
|
|
|
use = true;
|
2016-10-12 08:01:12 +08:00
|
|
|
|
2017-05-27 05:07:47 +08:00
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%u", (unsigned)p->inside_id);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
|
|
|
|
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%u", (unsigned)p->outside_id);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
|
|
|
|
|
|
|
snprintf(parms[idx], sizeof(parms[idx]), "%zu", p->count);
|
|
|
|
argv[idx] = parms[idx];
|
|
|
|
idx++;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
|
|
|
|
argv[idx] = NULL;
|
2016-09-25 20:30:19 +08:00
|
|
|
|
2017-05-28 07:16:48 +08:00
|
|
|
if (!use) {
|
2017-05-28 07:05:27 +08:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-10-12 08:01:12 +08:00
|
|
|
if (subprocSystem(argv, environ) != 0) {
|
|
|
|
LOG_E("'/usr/bin/newuidmap' failed");
|
2016-10-12 06:59:10 +08:00
|
|
|
return false;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static bool userUidGidMap(struct nsjconf_t* nsjconf, pid_t pid) {
|
2017-05-28 07:05:27 +08:00
|
|
|
if (!userGidMapSelf(nsjconf, pid)) {
|
|
|
|
return false;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
2017-05-28 07:05:27 +08:00
|
|
|
if (!userGidMapExternal(nsjconf, pid)) {
|
|
|
|
return false;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
2017-05-28 07:05:27 +08:00
|
|
|
if (!userUidMapSelf(nsjconf, pid)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (!userUidMapExternal(nsjconf, pid)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
2016-09-25 20:30:19 +08:00
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
bool userInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
|
2016-03-03 22:54:15 +08:00
|
|
|
if (userSetGroups(pid) == false) {
|
|
|
|
return false;
|
|
|
|
}
|
2017-10-01 21:54:04 +08:00
|
|
|
if (nsjconf->clone_newuser == false) {
|
|
|
|
return true;
|
|
|
|
}
|
2016-03-03 22:54:15 +08:00
|
|
|
if (userUidGidMap(nsjconf, pid) == false) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
2017-02-08 01:31:50 +08:00
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
bool userInitNsFromChild(struct nsjconf_t* nsjconf) {
|
2017-02-08 01:31:50 +08:00
|
|
|
/*
|
|
|
|
* Best effort because of /proc/self/setgroups
|
|
|
|
*/
|
2017-02-08 01:40:36 +08:00
|
|
|
LOG_D("setgroups(0, NULL)");
|
2017-10-09 05:00:45 +08:00
|
|
|
gid_t* group_list = NULL;
|
2017-02-08 01:31:50 +08:00
|
|
|
if (setgroups(0, group_list) == -1) {
|
|
|
|
PLOG_D("setgroups(NULL) failed");
|
|
|
|
}
|
2017-10-01 11:16:01 +08:00
|
|
|
|
2017-10-02 01:01:36 +08:00
|
|
|
/*
|
2017-10-17 21:22:23 +08:00
|
|
|
* Make sure all capabilities are retained after the subsequent setuid/setgid, as they will
|
|
|
|
* be needed for privileged operations: mounts, uts change etc.
|
2017-10-02 01:01:36 +08:00
|
|
|
*/
|
2017-10-26 06:26:02 +08:00
|
|
|
if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP, 0UL, 0UL, 0UL) ==
|
|
|
|
-1) {
|
2017-10-02 01:01:36 +08:00
|
|
|
PLOG_E("prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS | SECBIT_NO_SETUID_FIXUP)");
|
2017-10-01 22:11:46 +08:00
|
|
|
return false;
|
2017-10-01 11:16:01 +08:00
|
|
|
}
|
|
|
|
|
2017-10-17 21:16:27 +08:00
|
|
|
if (!userSetResGid(TAILQ_FIRST(&nsjconf->gids)->inside_id)) {
|
2017-02-08 07:36:32 +08:00
|
|
|
PLOG_E("setresgid(%u)", TAILQ_FIRST(&nsjconf->gids)->inside_id);
|
2017-02-08 01:31:50 +08:00
|
|
|
return false;
|
|
|
|
}
|
2017-10-17 21:16:27 +08:00
|
|
|
if (!userSetResUid(TAILQ_FIRST(&nsjconf->uids)->inside_id)) {
|
2017-02-08 07:36:32 +08:00
|
|
|
PLOG_E("setresuid(%u)", TAILQ_FIRST(&nsjconf->uids)->inside_id);
|
2017-02-08 01:31:50 +08:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2017-05-27 05:07:47 +08:00
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static uid_t cmdParseUid(const char* id) {
|
2017-05-27 05:07:47 +08:00
|
|
|
if (id == NULL || strlen(id) == 0) {
|
|
|
|
return getuid();
|
|
|
|
}
|
2017-10-09 05:00:45 +08:00
|
|
|
struct passwd* pw = getpwnam(id);
|
2017-05-27 05:07:47 +08:00
|
|
|
if (pw != NULL) {
|
|
|
|
return pw->pw_uid;
|
|
|
|
}
|
|
|
|
if (utilIsANumber(id)) {
|
2017-10-09 05:00:45 +08:00
|
|
|
return (uid_t)strtoull(id, NULL, 0);
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
2017-12-02 09:53:32 +08:00
|
|
|
return (uid_t)-1;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
|
|
|
|
2017-10-26 06:26:02 +08:00
|
|
|
static gid_t cmdParseGid(const char* id) {
|
2017-05-27 05:07:47 +08:00
|
|
|
if (id == NULL || strlen(id) == 0) {
|
|
|
|
return getgid();
|
|
|
|
}
|
2017-10-09 05:00:45 +08:00
|
|
|
struct group* gr = getgrnam(id);
|
2017-05-27 05:07:47 +08:00
|
|
|
if (gr != NULL) {
|
|
|
|
return gr->gr_gid;
|
|
|
|
}
|
|
|
|
if (utilIsANumber(id)) {
|
2017-10-09 05:00:45 +08:00
|
|
|
return (gid_t)strtoull(id, NULL, 0);
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
2017-12-02 09:53:32 +08:00
|
|
|
return (gid_t)-1;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
bool userParseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt,
|
2017-10-26 06:26:02 +08:00
|
|
|
bool is_gid, bool is_newidmap) {
|
2017-05-27 05:07:47 +08:00
|
|
|
uid_t inside_id;
|
|
|
|
uid_t outside_id;
|
|
|
|
|
|
|
|
if (is_gid) {
|
|
|
|
inside_id = cmdParseGid(i_id);
|
2017-10-09 05:00:45 +08:00
|
|
|
if (inside_id == (uid_t)-1) {
|
2017-05-28 07:05:27 +08:00
|
|
|
LOG_W("Cannot parse '%s' as GID", i_id);
|
|
|
|
return false;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
|
|
|
outside_id = cmdParseGid(o_id);
|
2017-12-02 09:53:32 +08:00
|
|
|
if (outside_id == (uid_t)-1) {
|
2017-05-28 07:05:27 +08:00
|
|
|
LOG_W("Cannot parse '%s' as GID", o_id);
|
|
|
|
return false;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
inside_id = cmdParseUid(i_id);
|
2017-10-09 05:00:45 +08:00
|
|
|
if (inside_id == (uid_t)-1) {
|
2017-05-28 07:05:27 +08:00
|
|
|
LOG_W("Cannot parse '%s' as UID", i_id);
|
|
|
|
return false;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
|
|
|
outside_id = cmdParseUid(o_id);
|
2017-12-02 09:53:32 +08:00
|
|
|
if (outside_id == (uid_t)-1) {
|
2017-05-28 07:05:27 +08:00
|
|
|
LOG_W("Cannot parse '%s' as UID", o_id);
|
|
|
|
return false;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-10-09 05:00:45 +08:00
|
|
|
struct idmap_t* p = utilMalloc(sizeof(struct idmap_t));
|
2017-05-27 05:07:47 +08:00
|
|
|
p->inside_id = inside_id;
|
|
|
|
p->outside_id = outside_id;
|
|
|
|
p->count = cnt;
|
2017-05-28 07:05:27 +08:00
|
|
|
p->is_newidmap = is_newidmap;
|
|
|
|
|
|
|
|
if (is_gid) {
|
|
|
|
TAILQ_INSERT_TAIL(&nsjconf->gids, p, pointers);
|
|
|
|
} else {
|
|
|
|
TAILQ_INSERT_TAIL(&nsjconf->uids, p, pointers);
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
2017-05-27 05:07:47 +08:00
|
|
|
}
|