mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
lib: Change uid_wrapper to preloadable version.
This imports version 1.0.1 of uid_wrapper. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
f318a44ec7
commit
6d23354f72
@ -206,17 +206,6 @@
|
||||
#define mkdir(d,m) _mkdir(d)
|
||||
#endif
|
||||
|
||||
#ifdef UID_WRAPPER
|
||||
# ifndef UID_WRAPPER_DISABLE
|
||||
# ifndef UID_WRAPPER_NOT_REPLACE
|
||||
# define UID_WRAPPER_REPLACE
|
||||
# endif /* UID_WRAPPER_NOT_REPLACE */
|
||||
# include "../uid_wrapper/uid_wrapper.h"
|
||||
# endif /* UID_WRAPPER_DISABLE */
|
||||
#else /* UID_WRAPPER */
|
||||
# define uwrap_enabled() 0
|
||||
#endif /* UID_WRAPPER */
|
||||
|
||||
/*
|
||||
this allows us to use a uniform error handling for our xattr
|
||||
wrappers
|
||||
|
@ -376,15 +376,4 @@ struct addrinfo {
|
||||
#endif /* SOCKET_WRAPPER_DISABLE */
|
||||
#endif /* SOCKET_WRAPPER */
|
||||
|
||||
#ifdef UID_WRAPPER
|
||||
# ifndef UID_WRAPPER_DISABLE
|
||||
# ifndef UID_WRAPPER_NOT_REPLACE
|
||||
# define UID_WRAPPER_REPLACE
|
||||
# endif /* UID_WRAPPER_NOT_REPLACE */
|
||||
# include "../uid_wrapper/uid_wrapper.h"
|
||||
# endif /* UID_WRAPPER_DISABLE */
|
||||
#else /* UID_WRAPPER */
|
||||
# define uwrap_enabled() 0
|
||||
#endif /* UID_WRAPPER */
|
||||
|
||||
#endif
|
||||
|
@ -97,15 +97,4 @@
|
||||
#endif /* NSS_WRAPPER_DISABLE */
|
||||
#endif /* NSS_WRAPPER */
|
||||
|
||||
#ifdef UID_WRAPPER
|
||||
# ifndef UID_WRAPPER_DISABLE
|
||||
# ifndef UID_WRAPPER_NOT_REPLACE
|
||||
# define UID_WRAPPER_REPLACE
|
||||
# endif /* UID_WRAPPER_NOT_REPLACE */
|
||||
# include "../uid_wrapper/uid_wrapper.h"
|
||||
# endif /* UID_WRAPPER_DISABLE */
|
||||
#else /* UID_WRAPPER */
|
||||
# define uwrap_enabled() 0
|
||||
#endif /* UID_WRAPPER */
|
||||
|
||||
#endif
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,101 +0,0 @@
|
||||
/*
|
||||
Copyright (C) Andrew Tridgell 2009
|
||||
Copyright (c) 2011 Andreas Schneider <asn@samba.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef __UID_WRAPPER_H__
|
||||
#define __UID_WRAPPER_H__
|
||||
#ifndef uwrap_enabled
|
||||
|
||||
int uwrap_enabled(void);
|
||||
int uwrap_seteuid(uid_t euid);
|
||||
int uwrap_setreuid(uid_t reuid, uid_t euid);
|
||||
int uwrap_setresuid(uid_t reuid, uid_t euid, uid_t suid);
|
||||
uid_t uwrap_geteuid(void);
|
||||
int uwrap_setegid(gid_t egid);
|
||||
int uwrap_setregid(gid_t rgid, gid_t egid);
|
||||
int uwrap_setresgid(gid_t regid, gid_t egid, gid_t sgid);
|
||||
uid_t uwrap_getegid(void);
|
||||
int uwrap_setgroups(size_t size, const gid_t *list);
|
||||
int uwrap_getgroups(int size, gid_t *list);
|
||||
uid_t uwrap_getuid(void);
|
||||
gid_t uwrap_getgid(void);
|
||||
|
||||
#ifdef UID_WRAPPER_REPLACE
|
||||
|
||||
#ifdef samba_seteuid
|
||||
#undef samba_seteuid
|
||||
#endif
|
||||
#define samba_seteuid uwrap_seteuid
|
||||
|
||||
#ifdef samba_setreuid
|
||||
#undef samba_setreuid
|
||||
#endif
|
||||
#define samba_setreuid uwrap_setreuid
|
||||
|
||||
#ifdef samba_setresuid
|
||||
#undef samba_setresuid
|
||||
#endif
|
||||
#define samba_setresuid uwrap_setresuid
|
||||
|
||||
#ifdef samba_setegid
|
||||
#undef samba_setegid
|
||||
#endif
|
||||
#define samba_setegid uwrap_setegid
|
||||
|
||||
#ifdef samba_setregid
|
||||
#undef samba_setregid
|
||||
#endif
|
||||
#define samba_setregid uwrap_setregid
|
||||
|
||||
#ifdef samba_setresgid
|
||||
#undef samba_setresgid
|
||||
#endif
|
||||
#define samba_setresgid uwrap_setresgid
|
||||
|
||||
#ifdef geteuid
|
||||
#undef geteuid
|
||||
#endif
|
||||
#define geteuid uwrap_geteuid
|
||||
|
||||
#ifdef getegid
|
||||
#undef getegid
|
||||
#endif
|
||||
#define getegid uwrap_getegid
|
||||
|
||||
#ifdef samba_setgroups
|
||||
#undef samba_setgroups
|
||||
#endif
|
||||
#define samba_setgroups uwrap_setgroups
|
||||
|
||||
#ifdef getgroups
|
||||
#undef getgroups
|
||||
#endif
|
||||
#define getgroups uwrap_getgroups
|
||||
|
||||
#ifdef getuid
|
||||
#undef getuid
|
||||
#endif
|
||||
#define getuid uwrap_getuid
|
||||
|
||||
#ifdef getgid
|
||||
#undef getgid
|
||||
#endif
|
||||
#define getgid uwrap_getgid
|
||||
|
||||
#endif /* UID_WRAPPER_REPLACE */
|
||||
#endif /* uwrap_enabled */
|
||||
#endif /* __UID_WRAPPER_H__ */
|
@ -1,17 +1,59 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
import Options
|
||||
import os
|
||||
|
||||
def set_options(opt):
|
||||
gr = opt.option_group('developer options')
|
||||
gr.add_option('--enable-uid-wrapper',
|
||||
help=("Turn on uid wrapper library (default=no)"),
|
||||
action="store_true", dest='enable_uid_wrapper', default=False)
|
||||
VERSION="1.0.1"
|
||||
|
||||
def configure(conf):
|
||||
if (Options.options.enable_uid_wrapper or
|
||||
Options.options.developer or
|
||||
Options.options.enable_selftest):
|
||||
conf.DEFINE('UID_WRAPPER', 1)
|
||||
conf.ADD_GLOBAL_DEPENDENCY('uid_wrapper')
|
||||
if conf.CHECK_BUNDLED_SYSTEM('uid_wrapper', minversion=VERSION, set_target=False):
|
||||
conf.DEFINE('USING_SYSTEM_UID_WRAPPER', 1)
|
||||
libuid_wrapper_so_path = 'libuid_wrapper.so'
|
||||
else:
|
||||
# check HAVE_GCC_THREAD_LOCAL_STORAGE
|
||||
conf.CHECK_CODE('''
|
||||
__thread int tls;
|
||||
|
||||
int main(void) {
|
||||
return 0;
|
||||
}
|
||||
''',
|
||||
'HAVE_GCC_THREAD_LOCAL_STORAGE',
|
||||
addmain=False,
|
||||
msg='Checking for thread local storage')
|
||||
|
||||
# check HAVE_DESTRUCTOR_ATTRIBUTE
|
||||
conf.CHECK_CODE('''
|
||||
void test_destructor_attribute(void) __attribute__ ((destructor));
|
||||
|
||||
void test_destructor_attribute(void)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
int main(void) {
|
||||
return 0;
|
||||
}
|
||||
''',
|
||||
'HAVE_DESTRUCTOR_ATTRIBUTE',
|
||||
addmain=False,
|
||||
msg='Checking for library destructor support')
|
||||
|
||||
# Create full path to uid_wrapper
|
||||
srcdir = os.path.realpath(conf.srcdir)
|
||||
libuid_wrapper_so_path = srcdir + '/bin/default/lib/uid_wrapper/libuid-wrapper.so'
|
||||
|
||||
conf.DEFINE('LIBUID_WRAPPER_SO_PATH', libuid_wrapper_so_path)
|
||||
conf.DEFINE('UID_WRAPPER', 1)
|
||||
|
||||
def build(bld):
|
||||
if not bld.CONFIG_SET("USING_SYSTEM_UID_WRAPPER"):
|
||||
# We need to do it this way or the library wont work.
|
||||
# Using private_library=True will add symbol version which
|
||||
# breaks preloading!
|
||||
bld.SAMBA_LIBRARY('uid_wrapper',
|
||||
source='uid_wrapper.c',
|
||||
cflags='-DNDEBUG',
|
||||
deps='dl',
|
||||
install=False,
|
||||
realname='libuid-wrapper.so')
|
||||
|
||||
|
@ -1,10 +0,0 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
|
||||
bld.SAMBA_LIBRARY('uid_wrapper',
|
||||
source='uid_wrapper.c',
|
||||
deps='talloc util_setid',
|
||||
private_library=True,
|
||||
enabled=bld.CONFIG_SET("UID_WRAPPER"),
|
||||
)
|
||||
|
@ -146,7 +146,7 @@ _PUBLIC_ bool file_check_permissions(const char *fname,
|
||||
return false;
|
||||
}
|
||||
|
||||
if (pst->st_uid != uid && !uwrap_enabled()) {
|
||||
if (pst->st_uid != uid && !uid_wrapper_enabled()) {
|
||||
DEBUG(0, ("invalid ownership of file '%s': "
|
||||
"owned by uid %u, should be %u\n",
|
||||
fname, (unsigned int)pst->st_uid,
|
||||
@ -271,7 +271,7 @@ _PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
|
||||
dname));
|
||||
return false;
|
||||
}
|
||||
if (st.st_uid != uid && !uwrap_enabled()) {
|
||||
if (st.st_uid != uid && !uid_wrapper_enabled()) {
|
||||
DEBUG(0, ("invalid ownership on directory "
|
||||
"%s\n", dname));
|
||||
return false;
|
||||
|
@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-util',
|
||||
server_id.c dprintf.c parmlist.c bitmap.c pidfile.c
|
||||
tevent_debug.c util_process.c''',
|
||||
deps='DYNCONFIG',
|
||||
public_deps='talloc tevent execinfo uid_wrapper pthread LIBCRYPTO charset util_setid',
|
||||
public_deps='talloc tevent execinfo pthread LIBCRYPTO charset util_setid',
|
||||
public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
|
||||
header_path= [ ('dlinklist.h samba_util.h', '.'), ('*', 'util') ],
|
||||
local_include=False,
|
||||
|
@ -395,7 +395,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
|
||||
ret = fchown(fd, new_uid, new_gid);
|
||||
}
|
||||
if (errno == EPERM) {
|
||||
if (uwrap_enabled()) {
|
||||
if (uid_wrapper_enabled()) {
|
||||
ret = 0;
|
||||
} else {
|
||||
/* try again as root if we have SEC_PRIV_RESTORE or
|
||||
@ -531,7 +531,7 @@ static NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
|
||||
|
||||
if (name == NULL) {
|
||||
max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
|
||||
} else if (uid == name->st.st_uid || uwrap_enabled()) {
|
||||
} else if (uid == name->st.st_uid || uid_wrapper_enabled()) {
|
||||
/* use the IxUSR bits */
|
||||
if ((name->st.st_mode & S_IWUSR)) {
|
||||
max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
|
||||
|
Loading…
Reference in New Issue
Block a user