When using nss-module, avoid using '/etc/sub[ug]id'

Use 'want_sub[ug]id_file' to short-circuit acess to '/etc/sub[ug]id' when
nss-moduleis active

diff --git a/src/newgidmap.c b/src/newgidmap.c
index cac4d11fa7d8800f8ab893b6fa56878d2c4b332f..e52cd4fa7e55595ae9d7ef739a507f0c583c0c99 100644 (file)
--- a/src/newgidmap.c
+++ b/src/newgidmap.c
@@ -214,7 +214,7 @@ int main(int argc, char **argv)
                return EXIT_FAILURE;
        }
 
-       if (!sub_gid_open(O_RDONLY)) {
+       if (want_subgid_file() && !sub_gid_open(O_RDONLY)) {
                fprintf (stderr,
                         _("%s: cannot open %s: %s\n"),
                         Prog, sub_gid_dbname (), strerror (errno));
@@ -230,7 +230,8 @@ int main(int argc, char **argv)
 
        write_setgroups(proc_dir_fd, allow_setgroups);
        write_mapping(proc_dir_fd, ranges, mappings, "gid_map", pw->pw_uid);
-       sub_gid_close();
+       if (want_subgid_file())
+               sub_gid_close();
 
        return EXIT_SUCCESS;
 }

diff --git a/src/newuidmap.c b/src/newuidmap.c
index 8aa33090421272f92703c66022e3188e9bb06b70..474194c1138593f76f252c380e7e72b2825a34fa 100644 (file)
--- a/src/newuidmap.c
+++ b/src/newuidmap.c
@@ -143,7 +143,7 @@ int main(int argc, char **argv)
                return EXIT_FAILURE;
        }
 
-       if (!sub_uid_open(O_RDONLY)) {
+       if (want_subuid_file() && !sub_uid_open(O_RDONLY)) {
                fprintf (stderr,
                         _("%s: cannot open %s: %s\n"),
                         Prog, sub_uid_dbname (), strerror (errno));
@@ -158,7 +158,8 @@ int main(int argc, char **argv)
        verify_ranges(pw, ranges, mappings);
 
        write_mapping(proc_dir_fd, ranges, mappings, "uid_map", pw->pw_uid);
-       sub_uid_close();
+       if (want_subuid_file())
+               sub_uid_close();
 
        return EXIT_SUCCESS;
 }

diff --git a/src/newusers.c b/src/newusers.c
index f7ba15ddd1a181d97e22e3bf661154492a1fb609..cce72f6c6247eb8d190a31b8496125644f13ce23 100644 (file)
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -1077,8 +1077,8 @@ int main (int argc, char **argv)
        is_shadow_grp = sgr_file_present ();
 #endif
 #ifdef ENABLE_SUBIDS
-       is_sub_uid = sub_uid_file_present () && !rflg;
-       is_sub_gid = sub_gid_file_present () && !rflg;
+       is_sub_uid = want_subuid_file() && sub_uid_file_present() && !rflg;
+       is_sub_gid = want_subgid_file() && sub_gid_file_present() && !rflg;
 #endif                         /* ENABLE_SUBIDS */
 
        open_files ();
@@ -1251,7 +1251,7 @@ int main (int argc, char **argv)
                /*
                 * Add subordinate uids if the user does not have them.
                 */
-               if (is_sub_uid && want_subuid_file() && !local_sub_uid_assigned(fields[0])) {
+               if (is_sub_uid && !local_sub_uid_assigned(fields[0])) {
                        uid_t sub_uid_start = 0;
                        unsigned long sub_uid_count = 0;
                        if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) != 0)
@@ -1273,7 +1273,7 @@ int main (int argc, char **argv)
                /*
                 * Add subordinate gids if the user does not have them.
                 */
-               if (is_sub_gid && want_subgid_file() && !local_sub_gid_assigned(fields[0])) {
+               if (is_sub_gid && !local_sub_gid_assigned(fields[0])) {
                        gid_t sub_gid_start = 0;
                        unsigned long sub_gid_count = 0;
                        if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) != 0) {

diff --git a/src/useradd.c b/src/useradd.c
index 69a9b6d6a824d0dab3970e7f09f5e634d2a3dc98..2b3b42b683b42641cc10dead162b0fed3ad80d4a 100644 (file)
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2448,10 +2448,12 @@ int main (int argc, char **argv)
        uid_max = getdef_ulong ("UID_MAX", 60000UL);
        subuid_count = getdef_ulong ("SUB_UID_COUNT", 65536);
        subgid_count = getdef_ulong ("SUB_GID_COUNT", 65536);
-       is_sub_uid = subuid_count > 0 && sub_uid_file_present () &&
+       is_sub_uid = want_subuid_file () &&
+           subuid_count > 0 && sub_uid_file_present () &&
            (!rflg || Fflg) &&
            (!user_id || (user_id <= uid_max && user_id >= uid_min));
-       is_sub_gid = subgid_count > 0 && sub_gid_file_present () &&
+       is_sub_gid = want_subgid_file() &&
+           subgid_count > 0 && sub_gid_file_present() &&
            (!rflg || Fflg) &&
            (!user_id || (user_id <= uid_max && user_id >= uid_min));
 #endif                         /* ENABLE_SUBIDS */

diff --git a/src/userdel.c b/src/userdel.c
index 2f8d59fa7e560e7571cac6d4634ce48d72481042..5b1a8a86635e12eaef34faa6c935f9ac878671f2 100644 (file)
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -1028,8 +1028,8 @@ int main (int argc, char **argv)
        is_shadow_grp = sgr_file_present ();
 #endif                         /* SHADOWGRP */
 #ifdef ENABLE_SUBIDS
-       is_sub_uid = sub_uid_file_present ();
-       is_sub_gid = sub_gid_file_present ();
+       is_sub_uid = want_subuid_file() && sub_uid_file_present();
+       is_sub_gid = want_subgid_file() && sub_gid_file_present();
 #endif                         /* ENABLE_SUBIDS */
 
        /*

diff --git a/src/usermod.c b/src/usermod.c
index 02414da9d6ef2e073b5c90ef3070ebd1a55a6c9b..ceb0ad60e2f3ee6f7be631f7505e8c7591be57d8 100644 (file)
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -2185,8 +2185,8 @@ int main (int argc, char **argv)
        is_shadow_grp = sgr_file_present ();
 #endif
 #ifdef ENABLE_SUBIDS
-       is_sub_uid = sub_uid_file_present ();
-       is_sub_gid = sub_gid_file_present ();
+       is_sub_uid = want_subuid_file() && sub_uid_file_present();
+       is_sub_gid = want_subgid_file() && sub_gid_file_present();
 #endif                         /* ENABLE_SUBIDS */
 
        process_flags (argc, argv);