From 0b3607a7d6db68d8fe27c46186cc61db603a273e Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 16 Jun 2022 11:42:45 +0200 Subject: [PATCH] idtools: add lookup by UID with libsubid We lost this feature when we moved to using libsubid for looking up user additional ranges. If the lookup using the username fails then attempt again using the UID, since /etc/subuid and /etc/subgid allow that. Closes: https://github.com/containers/storage/issues/1264 Signed-off-by: Giuseppe Scrivano --- pkg/idtools/idtools_supported.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pkg/idtools/idtools_supported.go b/pkg/idtools/idtools_supported.go index 6e6e3b22bc..c964653690 100644 --- a/pkg/idtools/idtools_supported.go +++ b/pkg/idtools/idtools_supported.go @@ -1,8 +1,10 @@ +//go:build linux && cgo && libsubid // +build linux,cgo,libsubid package idtools import ( + "os/user" "unsafe" "github.com/pkg/errors" @@ -32,19 +34,34 @@ import "C" func readSubid(username string, isUser bool) (ranges, error) { var ret ranges + uidstr := "" + if username == "ALL" { return nil, errors.New("username ALL not supported") } + if u, err := user.Lookup(username); err == nil { + uidstr = u.Uid + } + cUsername := C.CString(username) defer C.free(unsafe.Pointer(cUsername)) + cuidstr := C.CString(uidstr) + defer C.free(unsafe.Pointer(cuidstr)) + var nRanges C.int var cRanges *C.struct_subid_range if isUser { nRanges = C.subid_get_uid_ranges(cUsername, &cRanges) + if nRanges <= 0 { + nRanges = C.subid_get_uid_ranges(cuidstr, &cRanges) + } } else { nRanges = C.subid_get_gid_ranges(cUsername, &cRanges) + if nRanges <= 0 { + nRanges = C.subid_get_gid_ranges(cuidstr, &cRanges) + } } if nRanges < 0 { return nil, errors.New("cannot read subids")