sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code

r26364: Branch Samba 4.0 for an alpha2 release.

Browse Source 
Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2007-12-10 06:39:42 +01:00 committed by Stefan Metzmacher
parent aab6b7eeb8
commit 7a891215d0
5 changed files with 349 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

341
source/lib/util/smbrun.c Normal file
View File

@ -0,0 +1,341 @@
/*
Unix SMB/CIFS implementation.
run a command as a specified user
Copyright (C) Andrew Tridgell 1992-1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
/* need to move this from here!! need some sleep ... */
struct current_user current_user;
/****************************************************************************
This is a utility function of smbrun().
****************************************************************************/
static int setup_out_fd(void)
{
int fd;
TALLOC_CTX *ctx = talloc_stackframe();
char *path = NULL;
path = talloc_asprintf(ctx,
"%s/smb.XXXXXX",
tmpdir());
if (!path) {
TALLOC_FREE(ctx);
errno = ENOMEM;
return -1;
}
/* now create the file */
fd = smb_mkstemp(path);
if (fd == -1) {
DEBUG(0,("setup_out_fd: Failed to create file %s. (%s)\n",
path, strerror(errno) ));
TALLOC_FREE(ctx);
return -1;
}
DEBUG(10,("setup_out_fd: Created tmp file %s\n", path ));
/* Ensure file only kept around by open fd. */
unlink(path);
TALLOC_FREE(ctx);
return fd;
}
/****************************************************************************
run a command being careful about uid/gid handling and putting the output in
outfd (or discard it if outfd is NULL).
****************************************************************************/
static int smbrun_internal(const char *cmd, int *outfd, BOOL sanitize)
{
pid_t pid;
uid_t uid = current_user.ut.uid;
gid_t gid = current_user.ut.gid;
/*
* Lose any elevated privileges.
*/
drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
/* point our stdout at the file we want output to go into */
if (outfd && ((*outfd = setup_out_fd()) == -1)) {
return -1;
}
/* in this method we will exec /bin/sh with the correct
arguments, after first setting stdout to point at the file */
/*
* We need to temporarily stop CatchChild from eating
* SIGCLD signals as it also eats the exit status code. JRA.
*/
CatchChildLeaveStatus();
if ((pid=sys_fork()) < 0) {
DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) ));
CatchChild();
if (outfd) {
close(*outfd);
*outfd = -1;
}
return errno;
}
if (pid) {
/*
* Parent.
*/
int status=0;
pid_t wpid;
/* the parent just waits for the child to exit */
while((wpid = sys_waitpid(pid,&status,0)) < 0) {
if(errno == EINTR) {
errno = 0;
continue;
}
break;
}
CatchChild();
if (wpid != pid) {
DEBUG(2,("waitpid(%d) : %s\n",(int)pid,strerror(errno)));
if (outfd) {
close(*outfd);
*outfd = -1;
}
return -1;
}
/* Reset the seek pointer. */
if (outfd) {
sys_lseek(*outfd, 0, SEEK_SET);
}
#if defined(WIFEXITED) && defined(WEXITSTATUS)
if (WIFEXITED(status)) {
return WEXITSTATUS(status);
}
#endif
return status;
}
CatchChild();
/* we are in the child. we exec /bin/sh to do the work for us. we
don't directly exec the command we want because it may be a
pipeline or anything else the config file specifies */
/* point our stdout at the file we want output to go into */
if (outfd) {
close(1);
if (sys_dup2(*outfd,1) != 1) {
DEBUG(2,("Failed to create stdout file descriptor\n"));
close(*outfd);
exit(80);
}
}
/* now completely lose our privileges. This is a fairly paranoid
way of doing it, but it does work on all systems that I know of */
become_user_permanently(uid, gid);
if (getuid() != uid || geteuid() != uid ||
getgid() != gid || getegid() != gid) {
/* we failed to lose our privileges - do not execute
the command */
exit(81); /* we can't print stuff at this stage,
instead use exit codes for debugging */
}
#ifndef __INSURE__
/* close all other file descriptors, leaving only 0, 1 and 2. 0 and
2 point to /dev/null from the startup code */
{
int fd;
for (fd=3;fd<256;fd++) close(fd);
}
#endif
{
const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd;
if (!newcmd) {
exit(82);
}
execl("/bin/sh","sh","-c",newcmd,NULL);
}
/* not reached */
exit(83);
return 1;
}
/****************************************************************************
Use only in known safe shell calls (printing).
****************************************************************************/
int smbrun_no_sanitize(const char *cmd, int *outfd)
{
return smbrun_internal(cmd, outfd, False);
}
/****************************************************************************
By default this now sanitizes shell expansion.
****************************************************************************/
int smbrun(const char *cmd, int *outfd)
{
return smbrun_internal(cmd, outfd, True);
}
/****************************************************************************
run a command being careful about uid/gid handling and putting the output in
outfd (or discard it if outfd is NULL).
sends the provided secret to the child stdin.
****************************************************************************/
int smbrunsecret(const char *cmd, const char *secret)
{
pid_t pid;
uid_t uid = current_user.ut.uid;
gid_t gid = current_user.ut.gid;
int ifd[2];
/*
* Lose any elevated privileges.
*/
drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
/* build up an input pipe */
if(pipe(ifd)) {
return -1;
}
/* in this method we will exec /bin/sh with the correct
arguments, after first setting stdout to point at the file */
/*
* We need to temporarily stop CatchChild from eating
* SIGCLD signals as it also eats the exit status code. JRA.
*/
CatchChildLeaveStatus();
if ((pid=sys_fork()) < 0) {
DEBUG(0, ("smbrunsecret: fork failed with error %s\n", strerror(errno)));
CatchChild();
return errno;
}
if (pid) {
/*
* Parent.
*/
int status = 0;
pid_t wpid;
size_t towrite;
ssize_t wrote;
close(ifd[0]);
/* send the secret */
towrite = strlen(secret);
wrote = write(ifd[1], secret, towrite);
if ( wrote != towrite ) {
DEBUG(0,("smbrunsecret: wrote %ld of %lu bytes\n",(long)wrote,(unsigned long)towrite));
}
fsync(ifd[1]);
close(ifd[1]);
/* the parent just waits for the child to exit */
while((wpid = sys_waitpid(pid, &status, 0)) < 0) {
if(errno == EINTR) {
errno = 0;
continue;
}
break;
}
CatchChild();
if (wpid != pid) {
DEBUG(2, ("waitpid(%d) : %s\n", (int)pid, strerror(errno)));
return -1;
}
#if defined(WIFEXITED) && defined(WEXITSTATUS)
if (WIFEXITED(status)) {
return WEXITSTATUS(status);
}
#endif
return status;
}
CatchChild();
/* we are in the child. we exec /bin/sh to do the work for us. we
don't directly exec the command we want because it may be a
pipeline or anything else the config file specifies */
close(ifd[1]);
close(0);
if (sys_dup2(ifd[0], 0) != 0) {
DEBUG(2,("Failed to create stdin file descriptor\n"));
close(ifd[0]);
exit(80);
}
/* now completely lose our privileges. This is a fairly paranoid
way of doing it, but it does work on all systems that I know of */
become_user_permanently(uid, gid);
if (getuid() != uid || geteuid() != uid ||
getgid() != gid || getegid() != gid) {
/* we failed to lose our privileges - do not execute
the command */
exit(81); /* we can't print stuff at this stage,
instead use exit codes for debugging */
}
#ifndef __INSURE__
/* close all other file descriptors, leaving only 0, 1 and 2. 0 and
2 point to /dev/null from the startup code */
{
int fd;
for (fd = 3; fd < 256; fd++) close(fd);
}
#endif
execl("/bin/sh", "sh", "-c", cmd, NULL);
/* not reached */
exit(82);
return 1;
}

4
swat/install/index.esp
View File

@ -1,7 +1,7 @@
<% page_header("columns", "Server Installation", "install");
if (session.authinfo.user_class == "ADMINISTRATOR"
|| session.authinfo.user_class == "SYSTEM") {
if ((session.authinfo.user_class == "ADMINISTRATOR")
|| (session.authinfo.user_class == "SYSTEM")) {
%>

4
swat/install/provision.esp
View File

@ -12,8 +12,8 @@ var f = FormObj("Provisioning", 0, 2);
var i;
var lp = loadparm_init();
if (session.authinfo.user_class == "ADMINISTRATOR"
|| session.authinfo.user_class == "SYSTEM") {
if ((session.authinfo.user_class == "ADMINISTRATOR")
|| (session.authinfo.user_class == "SYSTEM")) {
if (lp.get("realm") == "") {
lp.set("realm", lp.get("workgroup") + ".example.com");

4
swat/install/samba3.esp
View File

@ -15,8 +15,8 @@
<h1>Import from Samba3</h1>
<%
if (session.authinfo.user_class == "ADMINISTRATOR"
|| session.authinfo.user_class == "SYSTEM") {
if ((session.authinfo.user_class == "ADMINISTRATOR")
|| (session.authinfo.user_class == "SYSTEM")) {
if (form['submit'] == "Cancel") {
redirect("/");

4
swat/install/vampire.esp
View File

@ -14,8 +14,8 @@ var f = FormObj("Provisioning", 0, 2);
var i;
var lp = loadparm_init();
if (session.authinfo.user_class == "ADMINISTRATOR"
|| session.authinfo.user_class == "SYSTEM") {
if ((session.authinfo.user_class == "ADMINISTRATOR")
|| (session.authinfo.user_class == "SYSTEM")) {
if (lp.get("realm") == "") {
lp.set("realm", lp.get("workgroup") + ".example.com");