From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 1 Sep 2023 14:23:53 +0000 (+0000)
Subject: pwd: Set maximum range for SUBUID/SUBGIDs by default
X-Git-Tag: 0.9.29~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9eef0cb603bc51a5b34f042fced6e4d0bfa8d9d8;p=pakfire.git

pwd: Set maximum range for SUBUID/SUBGIDs by default

This allows us to continue even if we cannot read anything from
/etc/subuid or /etc/subgid.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/pakfire.c b/src/libpakfire/pakfire.c
index a4ab9f9cb..7406f0178 100644
--- a/src/libpakfire/pakfire.c
+++ b/src/libpakfire/pakfire.c
@@ -783,7 +783,7 @@ static int pakfire_setup_user(struct pakfire* pakfire) {
 		goto ERROR;
 
 	// Store UID
-	pakfire->user.uid = uid;
+	pakfire->user.uid = pakfire->user.subuids.id = uid;
 
 	// Store username
 	r = pakfire_string_set(pakfire->user.name, user.pw_name);
@@ -801,13 +801,26 @@ static int pakfire_setup_user(struct pakfire* pakfire) {
 		goto ERROR;
 
 	// Store GID
-	pakfire->group.gid = gid;
+	pakfire->group.gid = pakfire->group.subgids.id = gid;
 
 	// Store name
 	r = pakfire_string_set(pakfire->group.name, group.gr_name);
 	if (r)
 		goto ERROR;
 
+	/*
+		Set default ranges for SUBUID/SUBGID
+
+		For root, we set the entire range, but for unprivileged users,
+		we can only map our own UID/GID. This may later be overwritten
+		from /etc/sub{u,g}id.
+	*/
+	if (uid == 0)
+		pakfire->user.subuids.length = pakfire->group.subgids.length = 0xffffffff - 1;
+	else
+		pakfire->user.subuids.length = pakfire->group.subgids.length = 1;
+
+	// Read SUBUID/SUBGIDs from file
 	if (!pakfire_on_root(pakfire)) {
 		// Fetch SUBUIDs
 		r = pakfire_getsubuid(pakfire, pakfire->user.name, &pakfire->user.subuids);