subid: Add is_same_user for unified ID lookups

Each identifier is resolved via getpw_uid_or_nam and compared
numerically. Accepts usernames, numeric UIDs, or a mix of both.

Numeric resolution ensures stale entries for deleted users cannot
produce false matches, and handles systems with overlapping UIDs.

We do not perform a streq(3) on the passed strings themselves.
In this way we ensure the user is resolvable on the system
eliminating the ability to return results from deleted users
with stale entries.

Returns false if either identifier cannot be resolved, or if the
resolved UIDs do not match.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index acd3f1ffdccb5237729d7c910616664c62c2d1a6..1357918a2d4970909d6ec9cb33b42fd3cf475cf0 100644 (file)
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -22,6 +22,8 @@
 #include "alloc/malloc.h"
 #include "alloc/reallocf.h"
 #include "atoi/a2i.h"
+#include "atoi/getnum.h"
+#include "shadow/passwd/getpw.h"
 #include "string/ctype/strisascii/strisdigit.h"
 #include "string/sprintf/snprintf.h"
 #include "string/strcmp/streq.h"
@@ -142,6 +144,27 @@ static struct commonio_ops subordinate_ops = {
        NULL,                   /* close_hook */
 };
 
+// is_same_user: test whether two strings identify the same user.
+static bool
+is_same_user(const char *a, const char *b)
+{
+       uid_t                uid_a;
+       uid_t                uid_b;
+       const struct passwd  *pw;
+
+       pw = getpw_uid_or_nam(a);
+       if (NULL == pw)
+               return false;
+       uid_a = pw->pw_uid;
+
+       pw = getpw_uid_or_nam(b);
+       if (NULL == pw)
+               return false;
+       uid_b = pw->pw_uid;
+
+       return uid_a == uid_b;
+}
+
 /*
  * range_exists: check whether @owner owns any ranges
  *