subid: start using SUB_UID_STORE_BY_UID/GID

author Pat Riehecky <riehecky@fnal.gov>

Wed, 11 Mar 2026 17:28:42 +0000 (12:28 -0500)

committer Serge Hallyn <serge@hallyn.com>

Mon, 30 Mar 2026 02:49:28 +0000 (21:49 -0500)
author Pat Riehecky <riehecky@fnal.gov>
Wed, 11 Mar 2026 17:28:42 +0000 (12:28 -0500)
committer Serge Hallyn <serge@hallyn.com>
Mon, 30 Mar 2026 02:49:28 +0000 (21:49 -0500)
diff --git a/lib/subordinateio.c b/lib/subordinateio.c

index 2960674b70c09e6f0b788d997521bb3be5361523..09c7e677444ded20285309d2987d123c5859992e 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -634,7 +634,21 @@ int sub_uid_add (const char *owner, uid_t start, unsigned long count)
                 errno = EOPNOTSUPP;
                 return 0;
         }
-       return add_range (&subordinate_uid_db, owner, start, count);
+       if (getdef_bool("SUB_UID_STORE_BY_UID")) {
+               char                 uid_string[ID_SIZE];
+               const struct passwd  *pw;
+
+               pw = getpw_uid_or_nam(owner);
+               if (NULL == pw)
+                       return 0;
+
+               if (stprintf_a(uid_string, "%u", pw->pw_uid) == -1)
+                       return 0;
+
+               return add_range(&subordinate_uid_db, uid_string, start, count);
+       } else {
+               return add_range(&subordinate_uid_db, owner, start, count);
+       }
  }
  
  /* Return 1 on success.  on failure, return 0 and set errno appropriately */
@@ -772,7 +786,21 @@ int sub_gid_add (const char *owner, gid_t start, unsigned long count)
                 errno = EOPNOTSUPP;
                 return 0;
         }
-       return add_range (&subordinate_gid_db, owner, start, count);
+       if (getdef_bool("SUB_GID_STORE_BY_UID")) {
+               char                 uid_string[ID_SIZE];
+               const struct passwd  *pw;
+
+               pw = getpw_uid_or_nam(owner);
+               if (NULL == pw)
+                       return 0;
+
+               if (stprintf_a(uid_string, "%u", pw->pw_uid) == -1)
+                       return 0;
+
+               return add_range(&subordinate_gid_db, uid_string, start, count);
+       } else {
+               return add_range(&subordinate_gid_db, owner, start, count);
+       }
  }
  
  /* Return 1 on success.  on failure, return 0 and set errno appropriately */
author	Pat Riehecky <riehecky@fnal.gov>
	Wed, 11 Mar 2026 17:28:42 +0000 (12:28 -0500)
committer	Serge Hallyn <serge@hallyn.com>
	Mon, 30 Mar 2026 02:49:28 +0000 (21:49 -0500)