mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
libreplace: Add getpeereid implementation.
This commit is contained in:
parent
76bb68fd2b
commit
71d41a015a
@ -473,6 +473,30 @@ fi
|
||||
LIBS=$old_LIBS
|
||||
CPPFLAGS="$libreplace_SAVE_CPPFLAGS"
|
||||
|
||||
AC_CACHE_CHECK([for SO_PEERCRED],libreplace_cv_HAVE_PEERCRED,[
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <sys/socket.h>],
|
||||
[struct ucred cred;
|
||||
socklen_t cred_len;
|
||||
int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);
|
||||
],
|
||||
libreplace_cv_HAVE_PEERCRED=yes,libreplace_cv_HAVE_PEERCRED=no,libreplace_cv_HAVE_PEERCRED=cross)])
|
||||
if test x"$libreplace_cv_HAVE_PEERCRED" = x"yes"; then
|
||||
AC_DEFINE(HAVE_PEERCRED,1,[Whether we can use SO_PEERCRED to get socket credentials])
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([for getpeereid],libreplace_cv_HAVE_GETPEEREID,[
|
||||
AC_TRY_LINK([#include <sys/types.h>
|
||||
#include <unistd.h>],
|
||||
[uid_t uid; gid_t gid; int ret;
|
||||
ret = getpeereid(0, &uid, &gid);
|
||||
],
|
||||
libreplace_cv_HAVE_GETPEEREID=yes,libreplace_cv_HAVE_GETPEEREID=no)])
|
||||
if test x"$libreplace_cv_HAVE_GETPEEREID" = xyes; then
|
||||
AC_DEFINE(HAVE_GETPEEREID,1,
|
||||
[Whether we have getpeereid to get socket credentials])
|
||||
fi
|
||||
|
||||
LIBREPLACEOBJ="${LIBREPLACEOBJ} ${LIBREPLACE_NETWORK_OBJS}"
|
||||
|
||||
echo "LIBREPLACE_NETWORK_CHECKS: END"
|
||||
|
@ -860,3 +860,31 @@ void *rep_memalign( size_t align, size_t size )
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_GETPEEREID
|
||||
int rep_getpeereid(int s, uid_t *uid, gid_t *gid)
|
||||
{
|
||||
#if defined(HAVE_PEERCRED)
|
||||
struct ucred cred;
|
||||
socklen_t cred_len = sizeof(struct ucred);
|
||||
int ret;
|
||||
|
||||
ret = getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &cred_len);
|
||||
if (ret != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (cred_len != sizeof(struct ucred)) {
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
*uid = cred.uid;
|
||||
*gid = cred.gid;
|
||||
return 0;
|
||||
#else
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
@ -112,6 +112,10 @@
|
||||
#include <bsd/string.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_BSD_UNISTD_H
|
||||
#include <bsd/unistd.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_STRING_H
|
||||
#include <string.h>
|
||||
#endif
|
||||
@ -826,4 +830,9 @@ char *rep_getpass(const char *prompt);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_GETPEEREID
|
||||
#define getpeereid rep_getpeereid
|
||||
int rep_getpeereid(int s, uid_t *uid, gid_t *gid);
|
||||
#endif
|
||||
|
||||
#endif /* _LIBREPLACE_REPLACE_H */
|
||||
|
@ -174,6 +174,16 @@ def configure(conf):
|
||||
if not conf.CHECK_FUNCS('strlcpy strlcat'):
|
||||
conf.CHECK_FUNCS_IN('strlcpy strlcat', 'bsd', headers='bsd/string.h',
|
||||
checklibc=True)
|
||||
if not conf.CHECK_FUNCS('getpeereid'):
|
||||
conf.CHECK_FUNCS_IN('getpeereid', 'bsd', headers='sys/types.h bsd/unistd.h')
|
||||
|
||||
conf.CHECK_CODE('''
|
||||
struct ucred cred;
|
||||
socklen_t cred_len;
|
||||
int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);''',
|
||||
'HAVE_PEERCRED',
|
||||
msg="Checking whether we can use SO_PEERCRED to get socket credentials",
|
||||
headers='sys/types.h sys/socket.h')
|
||||
|
||||
#Some OS (ie. freebsd) return EINVAL if the convertion could not be done, it's not what we expect
|
||||
#Let's detect those cases
|
||||
|
@ -123,8 +123,6 @@ _PUBLIC_ pid_t sys_fork(void);
|
||||
**/
|
||||
_PUBLIC_ pid_t sys_getpid(void);
|
||||
|
||||
_PUBLIC_ int sys_getpeereid( int s, uid_t *uid);
|
||||
|
||||
struct sockaddr;
|
||||
|
||||
_PUBLIC_ int sys_getnameinfo(const struct sockaddr *psa,
|
||||
|
@ -71,35 +71,6 @@ _PUBLIC_ pid_t sys_getpid(void)
|
||||
}
|
||||
|
||||
|
||||
_PUBLIC_ int sys_getpeereid( int s, uid_t *uid)
|
||||
{
|
||||
#if defined(HAVE_PEERCRED)
|
||||
struct ucred cred;
|
||||
socklen_t cred_len = sizeof(struct ucred);
|
||||
int ret;
|
||||
|
||||
ret = getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &cred_len);
|
||||
if (ret != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (cred_len != sizeof(struct ucred)) {
|
||||
errno = EINVAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
*uid = cred.uid;
|
||||
return 0;
|
||||
#else
|
||||
#if defined(HAVE_GETPEEREID)
|
||||
gid_t gid;
|
||||
return getpeereid(s, uid, &gid);
|
||||
#endif
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
#endif
|
||||
}
|
||||
|
||||
_PUBLIC_ int sys_getnameinfo(const struct sockaddr *psa,
|
||||
int salen,
|
||||
char *host,
|
||||
|
@ -6577,31 +6577,6 @@ AC_CHECK_MEMBERS([struct secmethod_table.method_attrlist], , ,
|
||||
AC_CHECK_MEMBERS([struct secmethod_table.method_version], , ,
|
||||
[#include <usersec.h>])
|
||||
|
||||
AC_CACHE_CHECK([for SO_PEERCRED],samba_cv_HAVE_PEERCRED,[
|
||||
AC_TRY_COMPILE([#include <sys/types.h>
|
||||
#include <sys/socket.h>],
|
||||
[struct ucred cred;
|
||||
socklen_t cred_len;
|
||||
int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);
|
||||
],
|
||||
samba_cv_HAVE_PEERCRED=yes,samba_cv_HAVE_PEERCRED=no,samba_cv_HAVE_PEERCRED=cross)])
|
||||
if test x"$samba_cv_HAVE_PEERCRED" = x"yes"; then
|
||||
AC_DEFINE(HAVE_PEERCRED,1,[Whether we can use SO_PEERCRED to get socket credentials])
|
||||
fi
|
||||
|
||||
AC_CACHE_CHECK([for getpeereid],samba_cv_HAVE_GETPEEREID,[
|
||||
AC_TRY_LINK([#include <sys/types.h>
|
||||
#include <unistd.h>],
|
||||
[uid_t uid; gid_t gid; int ret;
|
||||
ret = getpeereid(0, &uid, &gid);
|
||||
],
|
||||
samba_cv_HAVE_GETPEEREID=yes,samba_cv_HAVE_GETPEEREID=no)])
|
||||
if test x"$samba_cv_HAVE_GETPEEREID" = xyes; then
|
||||
AC_DEFINE(HAVE_GETPEEREID,1,
|
||||
[Whether we have getpeereid to get socket credentials])
|
||||
fi
|
||||
|
||||
|
||||
#################################################
|
||||
# Check to see if we should use the included popt
|
||||
|
||||
|
@ -1008,6 +1008,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
|
||||
NTSTATUS status;
|
||||
int sys_errno;
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
int rc;
|
||||
|
||||
DEBUG(10, ("dcerpc_ncacn_accept\n"));
|
||||
@ -1068,7 +1069,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
|
||||
|
||||
break;
|
||||
case NCALRPC:
|
||||
rc = sys_getpeereid(s, &uid);
|
||||
rc = getpeereid(s, &uid, &gid);
|
||||
if (rc < 0) {
|
||||
DEBUG(2, ("Failed to get ncalrpc connecting "
|
||||
"uid - %s!\n", strerror(errno)));
|
||||
|
@ -157,10 +157,11 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid)
|
||||
{
|
||||
int ret;
|
||||
uid_t ret_uid;
|
||||
gid_t ret_gid;
|
||||
|
||||
ret_uid = (uid_t)-1;
|
||||
|
||||
ret = sys_getpeereid(state->sock, &ret_uid);
|
||||
ret = getpeereid(state->sock, &ret_uid, &ret_gid);
|
||||
if (ret != 0) {
|
||||
DEBUG(1, ("check_client_uid: Could not get socket peer uid: %s; "
|
||||
"denying access\n", strerror(errno)));
|
||||
|
@ -37,6 +37,7 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
|
||||
struct winbindd_domain *domain;
|
||||
fstring name_domain, user;
|
||||
uid_t caller_uid;
|
||||
gid_t caller_gid;
|
||||
int res;
|
||||
|
||||
req = tevent_req_create(mem_ctx, &state,
|
||||
@ -71,7 +72,7 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
|
||||
|
||||
caller_uid = (uid_t)-1;
|
||||
|
||||
res = sys_getpeereid(cli->sock, &caller_uid);
|
||||
res = getpeereid(cli->sock, &caller_uid, &caller_gid);
|
||||
if (res != 0) {
|
||||
DEBUG(1,("winbindd_pam_logoff: failed to check peerid: %s\n",
|
||||
strerror(errno)));
|
||||
|
@ -356,14 +356,6 @@ return acl_get_perm_np(permset_d, perm);
|
||||
headers='unistd.h fcntl.h')
|
||||
conf.CHECK_DECLS('readahead', headers='fcntl.h', always=True)
|
||||
|
||||
conf.CHECK_CODE('''
|
||||
struct ucred cred;
|
||||
socklen_t cred_len;
|
||||
int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);''',
|
||||
'HAVE_PEERCRED',
|
||||
msg="Checking whether we can use SO_PEERCRED to get socket credentials",
|
||||
headers='sys/types.h sys/socket.h')
|
||||
|
||||
conf.CHECK_CODE('''
|
||||
#if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
|
||||
#include <sys/types.h>
|
||||
|
Loading…
Reference in New Issue
Block a user