samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

170 lines

3.2 KiB

C

Raw Normal View History

added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`/*`
			`Copyright (C) Andrew Tridgell 2009`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

s4:UID wrapper - Make it work on older distributions On my older CentOS 4 installation I had the problem with the missing substitution prototypes ("uwrap_*"). So I added them to "uid_wrapper.h". Also, I made the head of the "uid_wrapper.c" file more like the one of "nss_wrapper.c" - it shouldn't change that much, I did it only to be consistent. This patch should fix the build on older distributions while keep it running on newer ones. 2010-01-30 14:25:51 +01:00			`#ifdef _SAMBA_BUILD_`

added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`#define UID_WRAPPER_NOT_REPLACE`
s4:UID wrapper - Make it work on older distributions On my older CentOS 4 installation I had the problem with the missing substitution prototypes ("uwrap_*"). So I added them to "uid_wrapper.h". Also, I made the head of the "uid_wrapper.c" file more like the one of "nss_wrapper.c" - it shouldn't change that much, I did it only to be consistent. This patch should fix the build on older distributions while keep it running on newer ones. 2010-01-30 14:25:51 +01:00			`#include "../replace/replace.h"`
			`#include <talloc.h>`
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`#include "system/passwd.h"`
s4:UID wrapper - Make it work on older distributions On my older CentOS 4 installation I had the problem with the missing substitution prototypes ("uwrap_*"). So I added them to "uid_wrapper.h". Also, I made the head of the "uid_wrapper.c" file more like the one of "nss_wrapper.c" - it shouldn't change that much, I did it only to be consistent. This patch should fix the build on older distributions while keep it running on newer ones. 2010-01-30 14:25:51 +01:00
			`#else /* _SAMBA_BUILD_ */`

			`#error uid_wrapper_only_supported_in_samba_yet`

			`#endif`
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00
			`#ifndef _PUBLIC_`
			`#define _PUBLIC_`
			`#endif`

			`/*`
			`we keep the virtualised euid/egid/groups information here`
			`*/`
			`static struct {`
			`bool initialised;`
			`bool enabled;`
			`uid_t euid;`
			`gid_t egid;`
			`unsigned ngroups;`
			`gid_t *groups;`
			`} uwrap;`

			`static void uwrap_init(void)`
			`{`
			`if (uwrap.initialised) return;`
			`uwrap.initialised = true;`
			`if (getenv("UID_WRAPPER")) {`
			`uwrap.enabled = true;`
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test 2009-08-05 13:31:06 +10:00			`/* put us in one group */`
			`uwrap.ngroups = 1;`
			`uwrap.groups = talloc_array(talloc_autofree_context(), gid_t, 1);`
			`uwrap.groups[0] = 0;`
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`}`
			`}`

make the UID_WRAPPER skip checks at runtime This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code 2009-08-05 11:21:06 +10:00			`#undef uwrap_enabled`
			`_PUBLIC_ int uwrap_enabled(void)`
			`{`
			`uwrap_init();`
			`return uwrap.enabled?1:0;`
			`}`

added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`_PUBLIC_ int uwrap_seteuid(uid_t euid)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return seteuid(euid);`
			`}`
			`/* assume for now that the ruid stays as root */`
			`uwrap.euid = euid;`
			`return 0;`
			`}`

			`_PUBLIC_ uid_t uwrap_geteuid(void)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return geteuid();`
			`}`
			`return uwrap.euid;`
			`}`

			`_PUBLIC_ int uwrap_setegid(gid_t egid)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return setegid(egid);`
			`}`
			`/* assume for now that the ruid stays as root */`
			`uwrap.egid = egid;`
			`return 0;`
			`}`

			`_PUBLIC_ uid_t uwrap_getegid(void)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return getegid();`
			`}`
			`return uwrap.egid;`
			`}`

			`_PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return setgroups(size, list);`
			`}`

			`talloc_free(uwrap.groups);`
			`uwrap.ngroups = 0;`
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test 2009-08-05 13:31:06 +10:00			`uwrap.groups = NULL;`

			`if (size != 0) {`
			`uwrap.groups = talloc_array(talloc_autofree_context(), gid_t, size);`
			`if (uwrap.groups == NULL) {`
			`errno = ENOMEM;`
			`return -1;`
			`}`
			`memcpy(uwrap.groups, list, size*sizeof(gid_t));`
			`uwrap.ngroups = size;`
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`}`
			`return 0;`
			`}`

			`_PUBLIC_ int uwrap_getgroups(int size, gid_t *list)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return getgroups(size, list);`
			`}`

			`if (size > uwrap.ngroups) {`
			`size = uwrap.ngroups;`
			`}`
			`if (size == 0) {`
			`return uwrap.ngroups;`
			`}`
			`if (size < uwrap.ngroups) {`
			`errno = EINVAL;`
			`return -1;`
			`}`
			`memcpy(list, uwrap.groups, size*sizeof(gid_t));`
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test 2009-08-05 13:31:06 +10:00			`return uwrap.ngroups;`
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling 2009-08-05 10:50:03 +10:00			`}`

			`_PUBLIC_ uid_t uwrap_getuid(void)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return getuid();`
			`}`
			`/* we don't simulate ruid changing */`
			`return 0;`
			`}`

			`_PUBLIC_ gid_t uwrap_getgid(void)`
			`{`
			`uwrap_init();`
			`if (!uwrap.enabled) {`
			`return getgid();`
			`}`
			`/* we don't simulate rgid changing */`
			`return 0;`
			`}`

170 lines 3.2 KiB C Raw Normal View History Unescape Escape

170 lines

3.2 KiB

C

Raw Normal View History