sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code
samba-mirror/lib/uid_wrapper/uid_wrapper.c

255 lines
4.6 KiB
C
Raw Normal View History

added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
/*
Copyright (C) Andrew Tridgell 2009
uid_wrapper: Add uwrap_setresgid().
2011-10-08 10:52:02 +02:00
Copyright (c) 2011 Andreas Schneider <asn@samba.org>
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
s4:UID wrapper - Make it work on older distributions On my older CentOS 4 installation I had the problem with the missing substitution prototypes ("uwrap_*"). So I added them to "uid_wrapper.h". Also, I made the head of the "uid_wrapper.c" file more like the one of "nss_wrapper.c" - it shouldn't change that much, I did it only to be consistent. This patch should fix the build on older distributions while keep it running on newer ones.
2010-01-30 14:25:51 +01:00
#ifdef _SAMBA_BUILD_
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
#define UID_WRAPPER_NOT_REPLACE
Include uid_wrapper correctly.
2011-10-27 12:00:53 +02:00
#include "replace.h"
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
#include "system/passwd.h"
Include uid_wrapper correctly.
2011-10-27 12:00:53 +02:00
#include <talloc.h>
s4:UID wrapper - Make it work on older distributions On my older CentOS 4 installation I had the problem with the missing substitution prototypes ("uwrap_*"). So I added them to "uid_wrapper.h". Also, I made the head of the "uid_wrapper.c" file more like the one of "nss_wrapper.c" - it shouldn't change that much, I did it only to be consistent. This patch should fix the build on older distributions while keep it running on newer ones.
2010-01-30 14:25:51 +01:00
#else /* _SAMBA_BUILD_ */
#error uid_wrapper_only_supported_in_samba_yet
#endif
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
#ifndef _PUBLIC_
#define _PUBLIC_
#endif
/*
we keep the virtualised euid/egid/groups information here
*/
static struct {
bool initialised;
bool enabled;
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
uid_t myuid;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
uid_t euid;
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
uid_t mygid;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
gid_t egid;
gid_t *groups;
} uwrap;
static void uwrap_init(void)
{
if (uwrap.initialised) return;
uwrap.initialised = true;
if (getenv("UID_WRAPPER")) {
uwrap.enabled = true;
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test
2009-08-05 13:31:06 +10:00
/* put us in one group */
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
uwrap.myuid = uwrap.euid = geteuid();
uwrap.mygid = uwrap.egid = getegid();
uid_wrapper: The gid wrapper does not require a destructor Don't use talloc_autofree_context
2010-10-09 09:44:43 +02:00
uwrap.groups = talloc_array(NULL, gid_t, 1);
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test
2009-08-05 13:31:06 +10:00
uwrap.groups[0] = 0;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
}
}
make the UID_WRAPPER skip checks at runtime This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code
2009-08-05 11:21:06 +10:00
#undef uwrap_enabled
_PUBLIC_ int uwrap_enabled(void)
{
uwrap_init();
return uwrap.enabled?1:0;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#ifdef HAVE_SETEUID
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
_PUBLIC_ int uwrap_seteuid(uid_t euid)
{
uwrap_init();
if (!uwrap.enabled) {
return seteuid(euid);
}
/* assume for now that the ruid stays as root */
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
if (euid == 0) {
uwrap.euid = uwrap.myuid;
} else {
uwrap.euid = euid;
}
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
return 0;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#endif
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#ifdef HAVE_SETREUID
uid_wrapper: Add uwrap_setreuid().
2011-10-06 16:25:32 +02:00
_PUBLIC_ int uwrap_setreuid(uid_t ruid, uid_t euid)
{
uwrap_init();
if (!uwrap.enabled) {
return setreuid(ruid, euid);
}
/* assume for now that the ruid stays as root */
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
if (euid == 0) {
uwrap.euid = uwrap.myuid;
} else {
uwrap.euid = euid;
}
uid_wrapper: Add uwrap_setreuid().
2011-10-06 16:25:32 +02:00
return 0;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#endif
uid_wrapper: Add uwrap_setreuid().
2011-10-06 16:25:32 +02:00
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#ifdef HAVE_SETRESUID
uid_wrapper: Add uwrap_setresuid(). Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Oct 7 12:04:05 CEST 2011 on sn-devel-104
2011-10-07 10:30:23 +02:00
_PUBLIC_ int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
{
uwrap_init();
if (!uwrap.enabled) {
return setresuid(ruid, euid, suid);
}
/* assume for now that the ruid stays as root */
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
if (euid == 0) {
uwrap.euid = uwrap.myuid;
} else {
uwrap.euid = euid;
}
uid_wrapper: Add uwrap_setresuid(). Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Oct 7 12:04:05 CEST 2011 on sn-devel-104
2011-10-07 10:30:23 +02:00
return 0;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#endif
uid_wrapper: Add uwrap_setresuid(). Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Oct 7 12:04:05 CEST 2011 on sn-devel-104
2011-10-07 10:30:23 +02:00
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
_PUBLIC_ uid_t uwrap_geteuid(void)
{
uwrap_init();
if (!uwrap.enabled) {
return geteuid();
}
return uwrap.euid;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#ifdef HAVE_SETEGID
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
_PUBLIC_ int uwrap_setegid(gid_t egid)
{
uwrap_init();
if (!uwrap.enabled) {
return setegid(egid);
}
/* assume for now that the ruid stays as root */
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
if (egid == 0) {
uwrap.egid = uwrap.mygid;
} else {
uwrap.egid = egid;
}
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
return 0;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#endif
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#ifdef HAVE_SETREGID
uid_wrapper: Add uwrap_setregid().
2011-10-06 16:52:03 +02:00
_PUBLIC_ int uwrap_setregid(gid_t rgid, gid_t egid)
{
uwrap_init();
if (!uwrap.enabled) {
return setregid(rgid, egid);
}
/* assume for now that the ruid stays as root */
uid_wrapper: Handle euid and egid 0.
2011-10-07 18:58:58 +02:00
if (egid == 0) {
uwrap.egid = uwrap.mygid;
} else {
uwrap.egid = egid;
}
uid_wrapper: Add uwrap_setregid().
2011-10-06 16:52:03 +02:00
return 0;
}
uid_wrapper: Fix build on UNIX platforms.
2011-10-08 10:08:37 +02:00
#endif
uid_wrapper: Add uwrap_setregid().
2011-10-06 16:52:03 +02:00
uid_wrapper: Add uwrap_setresgid().
2011-10-08 10:52:02 +02:00
#ifdef HAVE_SETRESGID
_PUBLIC_ int uwrap_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
{
uwrap_init();
if (!uwrap.enabled) {
return setresgid(rgid, egid, sgid);
}
/* assume for now that the ruid stays as root */
if (egid == 0) {
uwrap.egid = uwrap.mygid;
} else {
uwrap.egid = egid;
}
return 0;
}
#endif
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
_PUBLIC_ uid_t uwrap_getegid(void)
{
uwrap_init();
if (!uwrap.enabled) {
return getegid();
}
return uwrap.egid;
}
_PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list)
{
uwrap_init();
if (!uwrap.enabled) {
return setgroups(size, list);
}
talloc_free(uwrap.groups);
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test
2009-08-05 13:31:06 +10:00
uwrap.groups = NULL;
if (size != 0) {
uid_wrapper: The gid wrapper does not require a destructor Don't use talloc_autofree_context
2010-10-09 09:44:43 +02:00
uwrap.groups = talloc_array(NULL, gid_t, size);
fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test
2009-08-05 13:31:06 +10:00
if (uwrap.groups == NULL) {
errno = ENOMEM;
return -1;
}
memcpy(uwrap.groups, list, size*sizeof(gid_t));
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
}
return 0;
}
_PUBLIC_ int uwrap_getgroups(int size, gid_t *list)
{
uid_wrapper: We have talloc_array_length, no need for an explicit length Signed-off-by: Andreas Schneider <asn@samba.org>
2011-02-19 23:21:07 +01:00
size_t ngroups;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
uwrap_init();
if (!uwrap.enabled) {
return getgroups(size, list);
}
uid_wrapper: We have talloc_array_length, no need for an explicit length Signed-off-by: Andreas Schneider <asn@samba.org>
2011-02-19 23:21:07 +01:00
ngroups = talloc_array_length(uwrap.groups);
if (size > ngroups) {
size = ngroups;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
}
if (size == 0) {
uid_wrapper: We have talloc_array_length, no need for an explicit length Signed-off-by: Andreas Schneider <asn@samba.org>
2011-02-19 23:21:07 +01:00
return ngroups;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
}
uid_wrapper: We have talloc_array_length, no need for an explicit length Signed-off-by: Andreas Schneider <asn@samba.org>
2011-02-19 23:21:07 +01:00
if (size < ngroups) {
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
errno = EINVAL;
return -1;
}
memcpy(list, uwrap.groups, size*sizeof(gid_t));
uid_wrapper: We have talloc_array_length, no need for an explicit length Signed-off-by: Andreas Schneider <asn@samba.org>
2011-02-19 23:21:07 +01:00
return ngroups;
added a uid_wrapper library This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-05 10:50:03 +10:00
}
_PUBLIC_ uid_t uwrap_getuid(void)
{
uwrap_init();
if (!uwrap.enabled) {
return getuid();
}
/* we don't simulate ruid changing */
return 0;
}
_PUBLIC_ gid_t uwrap_getgid(void)
{
uwrap_init();
if (!uwrap.enabled) {
return getgid();
}
/* we don't simulate rgid changing */
return 0;
}
Copy Permalink