[Pkg-shadow-devel] [PATCH 00/11] pkg-shadow support subordinate ids with user namespaces

Serge E. Hallyn serge at hallyn.com
Thu Aug 22 19:26:19 UTC 2013


>  6] Documenting the APIs would be useful. Especially the ones in
>     lib/subordinateio.c (after 5 minutes, I get lost with the
>     is_range_free, range_exists, find_range, have_range, ...)

Here is a start,

Subject: [PATCH 1/1] Document the subuid related functions in subordinateio.c

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 lib/subordinateio.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index 6c0a00d..0ba117b 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -20,6 +20,14 @@ struct subordinate_range {
 
 #define NFIELDS 3
 
+/*
+ * subordinate_dup: create a duplicate range
+ *
+ * @ent: a pointer to a subordinate_range struct
+ *
+ * Returns a pointer to a newly allocated duplicate subordinate_range struct
+ * or NULL on failure
+ */
 static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
 {
 	const struct subordinate_range *rangeent = ent;
@@ -40,6 +48,11 @@ static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
 	return range;
 }
 
+/*
+ * subordinate_free: free a subordinate_range struct
+ *
+ * @ent: pointer to a subordinate_range struct to free.
+ */
 static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
 {
 	struct subordinate_range *rangeent = ent;
@@ -48,6 +61,15 @@ static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
 	free (rangeent);
 }
 
+/*
+ * subordinate_parse:
+ *
+ * @line: a line to parse
+ *
+ * Returns a pointer to a subordinate_range struct representing the values
+ * in @line, or NULL on failure.  Note that the returned value should not
+ * be freed by the caller.
+ */
 static void *subordinate_parse (const char *line)
 {
 	static struct subordinate_range range;
@@ -98,6 +120,14 @@ static void *subordinate_parse (const char *line)
 	return ⦥
 }
 
+/*
+ * subordinate_put: print a subordinate_range value to a file
+ *
+ * @ent: a pointer to a subordinate_range struct to print out.
+ * @file: file to which to print.
+ *
+ * Returns 0 on success, -1 on error.
+ */
 static int subordinate_put (const void *ent, FILE * file)
 {
 	const struct subordinate_range *range = ent;
@@ -125,6 +155,14 @@ static /*@observer@*/ /*@null*/const struct subordinate_range *subordinate_next(
 	return (const struct subordinate_range *)commonio_next (db);
 }
 
+/*
+ * range_exists: Check whether @owner owns any ranges
+ *
+ * @db: database to query
+ * @owner: owner being queried
+ *
+ * Returns true if @owner owns any subuid ranges, false otherwise.
+ */
 static const bool range_exists(struct commonio_db *db, const char *owner)
 {
 	const struct subordinate_range *range;
@@ -136,6 +174,17 @@ static const bool range_exists(struct commonio_db *db, const char *owner)
 	return false;
 }
 
+/*
+ * find_range: find a range which @owner is authorized to use which includes
+ *             subuid @val.
+ *
+ * @db: database to query
+ * @owner: owning uid being queuried
+ * @val: subuid being searched for.
+ *
+ * Returns a range of subuids belonging to @owner and including the subuid
+ * @val, or NULL if no such range exists.
+ */
 static const struct subordinate_range *find_range(struct commonio_db *db,
 						  const char *owner, unsigned long val)
 {
@@ -154,6 +203,16 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
 	return NULL;
 }
 
+/*
+ * have_range: check whether @owner is authorized to use the range
+ *             (@start .. @start+ at count-1).
+ * @db: database to check
+ * @owner: owning uid being queried
+ * @start: start of range
+ * @count: number of uids in range
+ *
+ * Returns true if @owner is authorized to use the range, false otherwise.
+ */
 static bool have_range(struct commonio_db *db,
 		       const char *owner, unsigned long start, unsigned long count)
 {
@@ -179,6 +238,17 @@ static bool have_range(struct commonio_db *db,
 	return false;
 }
 
+/*
+ * subordinate_range_cmp: compare uid ranges
+ *
+ * @p1: pointer to a commonio_entry struct to compare
+ * @p2: pointer to second commonio_entry struct to compare
+ *
+ * Returns 0 if the entries are the same.  Otherwise return -1
+ * if the range in p1 is lower than that in p2, or (if the ranges are
+ * equal) if the owning uid in p1 is lower than p2's.  Return 1 if p1's
+ * range or owning uid is great than p2's.
+ */
 static int subordinate_range_cmp (const void *p1, const void *p2)
 {
 	struct subordinate_range *range1, *range2;
@@ -203,6 +273,16 @@ static int subordinate_range_cmp (const void *p1, const void *p2)
 		return strcmp(range1->owner, range2->owner);
 }
 
+/*
+ * find_free_range: find an unused consecutive sequence of ids to allocate
+ *                  to a user.
+ * @db: database to search
+ * @min: the first uid in the range to find
+ * @max: the highest uid to find
+ * @count: the number of uids needed
+ *
+ * Return the lowest new uid, or ULONG_MAX on failure.
+ */
 static unsigned long find_free_range(struct commonio_db *db,
 				     unsigned long min, unsigned long max,
 				     unsigned long count)
@@ -249,6 +329,17 @@ fail:
 	return ULONG_MAX;
 }
 
+/*
+ * add_range: add a subuid range to an owning uid's list of authorized
+ *            subuids.
+ * @db: database to which to add
+ * @owner: uid which owns the subuid
+ * @start: the first uid in the owned range
+ * @count: the number of uids in the range
+ *
+ * Return 1 if the range is already present or on succcess.  On error
+ * return 0 and set errno appropriately.
+ */
 static int add_range(struct commonio_db *db,
 	const char *owner, unsigned long start, unsigned long count)
 {
@@ -265,6 +356,17 @@ static int add_range(struct commonio_db *db,
 	return commonio_append(db, &range);
 }
 
+/*
+ * remove_range:  remove a range of subuids from an owning uid's list
+ *                of authorized subuids.
+ * @db: database to work on
+ * @owner: owning uid whose range is being removed
+ * @start: start of the range to be removed
+ * @count: number of uids in the range.
+ *
+ * Returns 0 on failure, 1 on success.  Failure means that we needed to
+ * create a new range to represent the new limits, and failed doing so.
+ */
 static int remove_range (struct commonio_db *db,
                          const char *owner,
                          unsigned long start, unsigned long count)
-- 
1.8.3.2




More information about the Pkg-shadow-devel mailing list