1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

lib: Change uid_wrapper to preloadable version.

This imports version 1.0.1 of uid_wrapper.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andreas Schneider 2014-01-17 14:43:01 +01:00 committed by Stefan Metzmacher
parent f318a44ec7
commit 6d23354f72
11 changed files with 1142 additions and 324 deletions

View File

@ -206,17 +206,6 @@
#define mkdir(d,m) _mkdir(d)
#endif
#ifdef UID_WRAPPER
# ifndef UID_WRAPPER_DISABLE
# ifndef UID_WRAPPER_NOT_REPLACE
# define UID_WRAPPER_REPLACE
# endif /* UID_WRAPPER_NOT_REPLACE */
# include "../uid_wrapper/uid_wrapper.h"
# endif /* UID_WRAPPER_DISABLE */
#else /* UID_WRAPPER */
# define uwrap_enabled() 0
#endif /* UID_WRAPPER */
/*
this allows us to use a uniform error handling for our xattr
wrappers

View File

@ -376,15 +376,4 @@ struct addrinfo {
#endif /* SOCKET_WRAPPER_DISABLE */
#endif /* SOCKET_WRAPPER */
#ifdef UID_WRAPPER
# ifndef UID_WRAPPER_DISABLE
# ifndef UID_WRAPPER_NOT_REPLACE
# define UID_WRAPPER_REPLACE
# endif /* UID_WRAPPER_NOT_REPLACE */
# include "../uid_wrapper/uid_wrapper.h"
# endif /* UID_WRAPPER_DISABLE */
#else /* UID_WRAPPER */
# define uwrap_enabled() 0
#endif /* UID_WRAPPER */
#endif

View File

@ -97,15 +97,4 @@
#endif /* NSS_WRAPPER_DISABLE */
#endif /* NSS_WRAPPER */
#ifdef UID_WRAPPER
# ifndef UID_WRAPPER_DISABLE
# ifndef UID_WRAPPER_NOT_REPLACE
# define UID_WRAPPER_REPLACE
# endif /* UID_WRAPPER_NOT_REPLACE */
# include "../uid_wrapper/uid_wrapper.h"
# endif /* UID_WRAPPER_DISABLE */
#else /* UID_WRAPPER */
# define uwrap_enabled() 0
#endif /* UID_WRAPPER */
#endif

File diff suppressed because it is too large Load Diff

View File

@ -1,101 +0,0 @@
/*
Copyright (C) Andrew Tridgell 2009
Copyright (c) 2011 Andreas Schneider <asn@samba.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __UID_WRAPPER_H__
#define __UID_WRAPPER_H__
#ifndef uwrap_enabled
int uwrap_enabled(void);
int uwrap_seteuid(uid_t euid);
int uwrap_setreuid(uid_t reuid, uid_t euid);
int uwrap_setresuid(uid_t reuid, uid_t euid, uid_t suid);
uid_t uwrap_geteuid(void);
int uwrap_setegid(gid_t egid);
int uwrap_setregid(gid_t rgid, gid_t egid);
int uwrap_setresgid(gid_t regid, gid_t egid, gid_t sgid);
uid_t uwrap_getegid(void);
int uwrap_setgroups(size_t size, const gid_t *list);
int uwrap_getgroups(int size, gid_t *list);
uid_t uwrap_getuid(void);
gid_t uwrap_getgid(void);
#ifdef UID_WRAPPER_REPLACE
#ifdef samba_seteuid
#undef samba_seteuid
#endif
#define samba_seteuid uwrap_seteuid
#ifdef samba_setreuid
#undef samba_setreuid
#endif
#define samba_setreuid uwrap_setreuid
#ifdef samba_setresuid
#undef samba_setresuid
#endif
#define samba_setresuid uwrap_setresuid
#ifdef samba_setegid
#undef samba_setegid
#endif
#define samba_setegid uwrap_setegid
#ifdef samba_setregid
#undef samba_setregid
#endif
#define samba_setregid uwrap_setregid
#ifdef samba_setresgid
#undef samba_setresgid
#endif
#define samba_setresgid uwrap_setresgid
#ifdef geteuid
#undef geteuid
#endif
#define geteuid uwrap_geteuid
#ifdef getegid
#undef getegid
#endif
#define getegid uwrap_getegid
#ifdef samba_setgroups
#undef samba_setgroups
#endif
#define samba_setgroups uwrap_setgroups
#ifdef getgroups
#undef getgroups
#endif
#define getgroups uwrap_getgroups
#ifdef getuid
#undef getuid
#endif
#define getuid uwrap_getuid
#ifdef getgid
#undef getgid
#endif
#define getgid uwrap_getgid
#endif /* UID_WRAPPER_REPLACE */
#endif /* uwrap_enabled */
#endif /* __UID_WRAPPER_H__ */

View File

@ -1,17 +1,59 @@
#!/usr/bin/env python
import Options
import os
def set_options(opt):
gr = opt.option_group('developer options')
gr.add_option('--enable-uid-wrapper',
help=("Turn on uid wrapper library (default=no)"),
action="store_true", dest='enable_uid_wrapper', default=False)
VERSION="1.0.1"
def configure(conf):
if (Options.options.enable_uid_wrapper or
Options.options.developer or
Options.options.enable_selftest):
conf.DEFINE('UID_WRAPPER', 1)
conf.ADD_GLOBAL_DEPENDENCY('uid_wrapper')
if conf.CHECK_BUNDLED_SYSTEM('uid_wrapper', minversion=VERSION, set_target=False):
conf.DEFINE('USING_SYSTEM_UID_WRAPPER', 1)
libuid_wrapper_so_path = 'libuid_wrapper.so'
else:
# check HAVE_GCC_THREAD_LOCAL_STORAGE
conf.CHECK_CODE('''
__thread int tls;
int main(void) {
return 0;
}
''',
'HAVE_GCC_THREAD_LOCAL_STORAGE',
addmain=False,
msg='Checking for thread local storage')
# check HAVE_DESTRUCTOR_ATTRIBUTE
conf.CHECK_CODE('''
void test_destructor_attribute(void) __attribute__ ((destructor));
void test_destructor_attribute(void)
{
return;
}
int main(void) {
return 0;
}
''',
'HAVE_DESTRUCTOR_ATTRIBUTE',
addmain=False,
msg='Checking for library destructor support')
# Create full path to uid_wrapper
srcdir = os.path.realpath(conf.srcdir)
libuid_wrapper_so_path = srcdir + '/bin/default/lib/uid_wrapper/libuid-wrapper.so'
conf.DEFINE('LIBUID_WRAPPER_SO_PATH', libuid_wrapper_so_path)
conf.DEFINE('UID_WRAPPER', 1)
def build(bld):
if not bld.CONFIG_SET("USING_SYSTEM_UID_WRAPPER"):
# We need to do it this way or the library wont work.
# Using private_library=True will add symbol version which
# breaks preloading!
bld.SAMBA_LIBRARY('uid_wrapper',
source='uid_wrapper.c',
cflags='-DNDEBUG',
deps='dl',
install=False,
realname='libuid-wrapper.so')

View File

@ -1,10 +0,0 @@
#!/usr/bin/env python
bld.SAMBA_LIBRARY('uid_wrapper',
source='uid_wrapper.c',
deps='talloc util_setid',
private_library=True,
enabled=bld.CONFIG_SET("UID_WRAPPER"),
)

View File

@ -146,7 +146,7 @@ _PUBLIC_ bool file_check_permissions(const char *fname,
return false;
}
if (pst->st_uid != uid && !uwrap_enabled()) {
if (pst->st_uid != uid && !uid_wrapper_enabled()) {
DEBUG(0, ("invalid ownership of file '%s': "
"owned by uid %u, should be %u\n",
fname, (unsigned int)pst->st_uid,
@ -271,7 +271,7 @@ _PUBLIC_ bool directory_create_or_exist_strict(const char *dname,
dname));
return false;
}
if (st.st_uid != uid && !uwrap_enabled()) {
if (st.st_uid != uid && !uid_wrapper_enabled()) {
DEBUG(0, ("invalid ownership on directory "
"%s\n", dname));
return false;

View File

@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-util',
server_id.c dprintf.c parmlist.c bitmap.c pidfile.c
tevent_debug.c util_process.c''',
deps='DYNCONFIG',
public_deps='talloc tevent execinfo uid_wrapper pthread LIBCRYPTO charset util_setid',
public_deps='talloc tevent execinfo pthread LIBCRYPTO charset util_setid',
public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
header_path= [ ('dlinklist.h samba_util.h', '.'), ('*', 'util') ],
local_include=False,

View File

@ -395,7 +395,7 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
ret = fchown(fd, new_uid, new_gid);
}
if (errno == EPERM) {
if (uwrap_enabled()) {
if (uid_wrapper_enabled()) {
ret = 0;
} else {
/* try again as root if we have SEC_PRIV_RESTORE or
@ -531,7 +531,7 @@ static NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
if (name == NULL) {
max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;
} else if (uid == name->st.st_uid || uwrap_enabled()) {
} else if (uid == name->st.st_uid || uid_wrapper_enabled()) {
/* use the IxUSR bits */
if ((name->st.st_mode & S_IWUSR)) {
max_bits |= SEC_RIGHTS_FILE_ALL | SEC_STD_ALL;

View File

@ -42,7 +42,6 @@ def set_options(opt):
opt.RECURSE('source4/lib/tls')
opt.RECURSE('lib/nss_wrapper')
opt.RECURSE('lib/socket_wrapper')
opt.RECURSE('lib/uid_wrapper')
opt.RECURSE('pidl')
opt.RECURSE('source3')
opt.RECURSE('lib/util')