idtools: add support for libsubid

when building with cgo, add support for libsubid to read the
additional sub IDs for the user instead of parsing the /etc/sub?id
files.

Signed-off-by: Giuseppe Scrivano <[email protected]>

Makefile

@@ -29,7 +29,7 @@ GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
 GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
 EPOCH_TEST_COMMIT := 0418ebf59f9e1f564831c0ba9378b7f8e40a1c73
 NATIVETAGS :=
-AUTOTAGS := $(shell ./hack/btrfs_tag.sh) $(shell ./hack/libdm_tag.sh)
+AUTOTAGS := $(shell ./hack/btrfs_tag.sh) $(shell ./hack/libdm_tag.sh) $(shell ./hack/libsubid_tag.sh)
 BUILDFLAGS := -tags "$(AUTOTAGS) $(TAGS)" $(FLAGS)
 GO ?= go
 TESTFLAGS := $(shell go test -race $(BUILDFLAGS) ./pkg/stringutils 2>&1 > /dev/null && echo -race)

hack/libsubid_tag.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+if test $(${GO:-go} env GOOS) != "linux" ; then
+	echo no_libsubid
+	exit 0
+fi
+tmpdir="$PWD/tmp.$RANDOM"
+mkdir -p "$tmpdir"
+trap 'rm -fr "$tmpdir"' EXIT
+cc -o "$tmpdir"/libsubid_tag -l subid -x c - > /dev/null 2> /dev/null << EOF
+#include <shadow/subid.h>
+int main() {
+	struct subid_range *ranges = NULL;
+	get_subuid_ranges("root", &ranges);
+	free(ranges);
+	return 0;
+}
+EOF
+if test $? -ne 0 ; then
+	echo no_libsubid
+fi

pkg/idtools/idtools.go

@@ -146,11 +146,11 @@ type IDMappings struct {
 // using the data from /etc/sub{uid,gid} ranges, creates the
 // proper uid and gid remapping ranges for that user/group pair
 func NewIDMappings(username, groupname string) (*IDMappings, error) {
-	subuidRanges, err := parseSubuid(username)
+	subuidRanges, err := readSubuid(username)
 	if err != nil {
 		return nil, err
 	}
-	subgidRanges, err := parseSubgid(groupname)
+	subgidRanges, err := readSubgid(groupname)
 	if err != nil {
 		return nil, err
 	}
@@ -244,14 +244,6 @@ func createIDMap(subidRanges ranges) []IDMap {
 	return idMap
 }
 
-func parseSubuid(username string) (ranges, error) {
-	return parseSubidFile(subuidFileName, username)
-}
-
-func parseSubgid(username string) (ranges, error) {
-	return parseSubidFile(subgidFileName, username)
-}
-
 // parseSubidFile will read the appropriate file (/etc/subuid or /etc/subgid)
 // and return all found ranges for a specified username. If the special value
 // "ALL" is supplied for username, then all ranges in the file will be returned

pkg/idtools/idtools_supported.go

@@ -0,0 +1,61 @@
+// +build linux,cgo,!no_libsubid
+
+package idtools
+
+import (
+	"unsafe"
+
+	"github.com/pkg/errors"
+)
+
+/*
+#cgo LDFLAGS: -l subid
+#include <shadow/subid.h>
+#include <stdlib.h>
+const char *Prog = "storage";
+struct subid_range get_range(struct subid_range *ranges, int i)
+{
+    return ranges[i];
+}
+*/
+import "C"
+
+func readSubid(username string, isUser bool) (ranges, error) {
+	var ret ranges
+	if username == "ALL" {
+		return nil, errors.New("username ALL not supported")
+	}
+
+	cUsername := C.CString(username)
+	defer C.free(unsafe.Pointer(cUsername))
+
+	var nRanges C.int
+	var cRanges *C.struct_subid_range
+	if isUser {
+		nRanges = C.get_subuid_ranges(cUsername, &cRanges)
+	} else {
+		nRanges = C.get_subgid_ranges(cUsername, &cRanges)
+	}
+	if nRanges < 0 {
+		return nil, errors.New("cannot read subids")
+	}
+	defer C.free(unsafe.Pointer(cRanges))
+
+	for i := 0; i < int(nRanges); i++ {
+		r := C.get_range(cRanges, C.int(i))
+		newRange := subIDRange{
+			Start:  int(r.start),
+			Length: int(r.count),
+		}
+		ret = append(ret, newRange)
+	}
+	return ret, nil
+}
+
+func readSubuid(username string) (ranges, error) {
+	return readSubid(username, true)
+}
+
+func readSubgid(username string) (ranges, error) {
+	return readSubid(username, false)
+}

pkg/idtools/idtools_unsupported.go

@@ -0,0 +1,11 @@
+// +build !linux no_libsubid !cgo
+
+package idtools
+
+func readSubuid(username string) (ranges, error) {
+	return parseSubidFile(subuidFileName, username)
+}
+
+func readSubgid(username string) (ranges, error) {
+	return parseSubidFile(subgidFileName, username)
+}

pkg/idtools/usergroupadd_linux.go

@@ -91,7 +91,7 @@ func createSubordinateRanges(name string) error {
 
 	// first, we should verify that ranges weren't automatically created
 	// by the distro tooling
-	ranges, err := parseSubuid(name)
+	ranges, err := readSubuid(name)
 	if err != nil {
 		return fmt.Errorf("Error while looking for subuid ranges for user %q: %v", name, err)
 	}
@@ -107,7 +107,7 @@ func createSubordinateRanges(name string) error {
 		}
 	}
 
-	ranges, err = parseSubgid(name)
+	ranges, err = readSubgid(name)
 	if err != nil {
 		return fmt.Errorf("Error while looking for subgid ranges for user %q: %v", name, err)
 	}
@@ -126,7 +126,7 @@ func createSubordinateRanges(name string) error {
 }
 
 func findNextUIDRange() (int, error) {
-	ranges, err := parseSubuid("ALL")
+	ranges, err := readSubuid("ALL")
 	if err != nil {
 		return -1, fmt.Errorf("Couldn't parse all ranges in /etc/subuid file: %v", err)
 	}
@@ -135,7 +135,7 @@ func findNextUIDRange() (int, error) {
 }
 
 func findNextGIDRange() (int, error) {
-	ranges, err := parseSubgid("ALL")
+	ranges, err := readSubgid("ALL")
 	if err != nil {
 		return -1, fmt.Errorf("Couldn't parse all ranges in /etc/subgid file: %v", err)
 	}