have_range: open the subid db if needed

author Serge Hallyn <serge@hallyn.com>

Fri, 28 Jun 2024 06:30:40 +0000 (01:30 -0500)

committer Alejandro Colomar <alx@kernel.org>

Fri, 28 Jun 2024 21:39:37 +0000 (23:39 +0200)
author Serge Hallyn <serge@hallyn.com>
Fri, 28 Jun 2024 06:30:40 +0000 (01:30 -0500)
committer Alejandro Colomar <alx@kernel.org>
Fri, 28 Jun 2024 21:39:37 +0000 (23:39 +0200)
diff --git a/lib/subordinateio.c b/lib/subordinateio.c

index e7cd4b48207a5a00e84714115767b2e0ab52aaa0..d8e7633c44aca022fef4115d43fea294145fb55d 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -274,40 +274,8 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
         return NULL;
  }
  
-/*
- * have_range: check whether @owner is authorized to use the range
- *             (@start .. @start+@count-1).
- * @db: database to check
- * @owner: owning uid being queried
- * @start: start of range
- * @count: number of uids in range
- *
- * Returns true if @owner is authorized to use the range, false otherwise.
- */
  static bool have_range(struct commonio_db *db,
-                      const char *owner, unsigned long start, unsigned long count)
-{
-       const struct subordinate_range *range;
-       unsigned long end;
-
-       if (count == 0)
-               return false;
-
-       end = start + count - 1;
-       range = find_range (db, owner, start);
-       while (range) {
-               unsigned long last;
-
-               last = range->start + range->count - 1;
-               if (last >= (start + count - 1))
-                       return true;
-
-               count = end - last;
-               start = last + 1;
-               range = find_range(db, owner, start);
-       }
-       return false;
-}
+                      const char *owner, unsigned long start, unsigned long count);
  
  static bool append_range(struct subid_range **ranges, const struct subordinate_range *new, int n)
  {
@@ -574,6 +542,64 @@ static struct commonio_db subordinate_uid_db = {
         false                   /* setname */
  };
  
+/*
+ * have_range: check whether @owner is authorized to use the range
+ *             (@start .. @start+@count-1).
+ * @db: database to check
+ * @owner: owning uid being queried
+ * @start: start of range
+ * @count: number of uids in range
+ *
+ * Returns true if @owner is authorized to use the range, false otherwise.
+ */
+static bool have_range(struct commonio_db *db,
+                      const char *owner, unsigned long start, unsigned long count)
+{
+       const struct subordinate_range *range;
+       unsigned long end;
+       bool doclose = false;
+       bool ret = false;
+       int rc;
+
+       if (count == 0)
+               return false;
+
+       if (!db->isopen) {
+               doclose = true;
+               if (db == &subordinate_uid_db)
+                       rc = sub_uid_open(O_RDONLY);
+               else
+                       rc = sub_gid_open(O_RDONLY);
+               if (rc < 0)
+                       return false;
+       }
+
+       end = start + count - 1;
+       range = find_range (db, owner, start);
+       while (range) {
+               unsigned long last;
+
+               last = range->start + range->count - 1;
+               if (last >= (start + count - 1)) {
+                       ret = true;
+                       break;
+               }
+
+               count = end - last;
+               start = last + 1;
+               range = find_range(db, owner, start);
+       }
+
+       if (doclose) {
+               if (db == &subordinate_uid_db)
+                       sub_uid_close();
+               else
+                       sub_gid_close();
+       }
+
+       return ret;
+}
+
  int sub_uid_setdbname (const char *filename)
  {
         return commonio_setname (&subordinate_uid_db, filename);
author	Serge Hallyn <serge@hallyn.com>
	Fri, 28 Jun 2024 06:30:40 +0000 (01:30 -0500)
committer	Alejandro Colomar <alx@kernel.org>
	Fri, 28 Jun 2024 21:39:37 +0000 (23:39 +0200)