1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

36 Commits

Author SHA1 Message Date
Andreas Schneider
15feb84273 s3-lib: Add root_mode() which can deal with uid_wrapper.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:06 +02:00
Jeremy Allison
d81e20653b Move set_thread_credentials_permanently() to set_thread_credentials()
as we need to keep the saved set uid/gid otherwise there is an
interaction with open[at]() and NO_ATIME returning EPERM. As this
is meant for threaded code inside the process we don't need
to do an irreverisble change anyway.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 03:54:00 CEST 2012 on sn-devel-104
2012-07-11 03:54:00 +02:00
Jeremy Allison
b25619175f Fix typo we've had for a long time in set_re_uid() in the USE_SETRESUID case.
We only set the real euid, not the effective one. This is not
a security issue as this is *only* used in the quota code, and
only between code that brackets it with save_re_uid()/restore_re_uid(),
Also this is not used on most platforms (we use USE_SETREUID by
preference) but it's better to have this right. Bug to follow to get this
fixed in 3.6.next and 3.5.next.
2012-07-10 16:50:51 -07:00
Jeremy Allison
a559fcf156 Add function set_thread_credentials_permanently(). Panic if fail.
Not yet used.
2012-07-03 15:34:22 -07:00
Jeremy Allison
f81fd1ccc3 Try and fix the autoconf build on Solaris/Nexenta/etc.
Their AC_TRY_RUN doesn't include any current CPPFLAGS. Make
the set[res]uid checks independent of this. Needs a small
change to the waf build in order to code with the change.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 30 00:32:36 CEST 2012 on sn-devel-104
2012-06-30 00:32:36 +02:00
Jeremy Allison
485787f0df Move back to using per-thread credentials on Linux. Fixes the glibc native AIO lost wakeup problem.
See this post:

https://lists.samba.org/archive/samba-technical/2012-June/085101.html

for details.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 29 03:57:45 CEST 2012 on sn-devel-104
2012-06-29 03:57:45 +02:00
Jeremy Allison
821bd95156 Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
2012-06-28 17:15:16 -07:00
Andreas Schneider
7cb08171ce Include uid_wrapper correctly. 2011-10-27 13:32:02 +02:00
Volker Lendecke
1184e7de59 s3: Use the uid_wrapper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-10-06 12:15:27 +02:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Jeremy Allison
bc45c82904 r22096: become_root_uid_only() is unneeded - it's only used in
messages.c. Refactor to use become_root() instead and
make it local to messages.c
Jeremy.
(This used to be commit f3ffb3f984)
2007-10-10 12:19:11 -05:00
Volker Lendecke
a24714b9fd r21005: Add a debug message for EAGAIN error of setresuid.
Volker
(This used to be commit 70c589a832)
2007-10-10 12:17:26 -05:00
Jeremy Allison
e4e2be0d8b r17294: Make the code a little cleaner. Instead of using the two
calls make it :

become_root_uid_only()
operation
unbecome_root_uid_only()

saving errno across the second call. Most of our internal
change calls can be replaced with these simple calls.

Jeremy
(This used to be commit 4143aa83c0)
2007-10-10 11:38:24 -05:00
Jeremy Allison
a093a76dc1 r17293: After the results from the cluster tests in Germany,
fix the messaging code to call the efficient calls :

save_re_uid()
set_effective_uid(0);

messaging_op

restore_re_uid();

instead of using heavyweight become_root()/unbecome_root()
pairs around all messaging code. Fixup the messaging
code to ensure sec_init() is called (only once) so that non-root
processes still work when sending messages.

This is a lighter weight solution to become_root()/unbecome_root()
(which swaps all the supplemental groups) and should be more
efficient. I will migrate all server code over to using this
(a similar technique should be used in the passdb backend
where needed).

Jeremy.
(This used to be commit 4ace291278)
2007-10-10 11:38:24 -05:00
Andrew Bartlett
e2d301accf Clarify comment on set_effective_uid()
Andrew Bartlett
(This used to be commit ca24ae50ea)
2004-01-27 10:01:30 +00:00
Volker Lendecke
4f62277d89 After a phonecall with jra finally commit this.
This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.

I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.

Volker
(This used to be commit 556c62f935)
2003-10-23 16:49:46 +00:00
Volker Lendecke
ee868462a0 Add a descriptive comment to our usage of setresuid. lib/afs.c needs
to be changed if we decide to set our real uid. Jeremy?

Volker
(This used to be commit 1fed55aa78)
2003-09-23 14:49:17 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
1d582af3c0 Spelling fixes.
(This used to be commit a5ac2ac4ad)
2002-03-24 23:25:05 +00:00
Andrew Tridgell
1736b99a50 reverted tims patch that broke configure
why does anything but smbd care about sec_init() anyway??
(This used to be commit 569505b771)
2002-02-18 10:23:02 +00:00
Tim Potter
606fdc7c5c Whoops, typo.
(This used to be commit e7abb79fb3)
2002-02-17 18:56:30 +00:00
Tim Potter
d159876d64 Do a smb_panic() if sec_initial_[ug]id() or non_root_mode() is called
without before sec_init().  This should avoid the formation of another
magic function club.  (-:
(This used to be commit 1b941e2c63)
2002-02-17 18:32:59 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
2fc8e32ad3 Parionia to ensure people don't install libsmb based programs setuid root.
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.

Andrew Bartlett
(This used to be commit 0c8e9339d8)
2001-10-31 01:52:34 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Andrew Bartlett
9a846daf44 Restore the profiling data shmem parinoia. This whole area needs to be
fixed - an mmaped file or the like would be a good idea.
(This used to be commit bc1385fc5e)
2001-09-15 02:10:22 +00:00
Andrew Tridgell
03efd16d34 added sec_initial_uid() function so we can ask if a file is owned by
the initial uid
(This used to be commit 9449544428)
2001-07-08 18:22:46 +00:00
Andrew Tridgell
85a310c7f3 fixed inetd operation as non-root
(This used to be commit 9a9da44455)
2001-07-06 02:25:03 +00:00
Andrew Tridgell
413ad23faf make sure we have BOOL in autoconf usage of util_sec.c
(This used to be commit 72f63f5144)
2001-06-25 01:20:47 +00:00
Andrew Tridgell
8b79a473fa - make the regresison test mode code build in by default. This should
allow us to have test targets without special configure options
- fixed make proto so that it actually does something
(This used to be commit 55109a7525)
2001-06-25 00:46:34 +00:00
Andrew Tridgell
868d010aa1 added the ability to test smbd safely as an ordinary user. The way it works is
that libsmb/ creates a local tcp socket then launches smbd as a subprocess
attached to that socket. smbd thinks it is being launched from inetd.

to use it do the following:

- compile with -DSMB_REGRESSION_TEST
- run like this (also works with smbtorture etc)
    export SMBD_TEST=1
    export LIBSMB_PROG=bin/smbd
    smbclient //server/share -Uuser%pass

obviously you need to setup a smb.conf etc. Using --prefix to configure
is useful.

The aim of all this stuff is to add a decent set of regression tests
to the build farm, so we know if smbd actually runs correctly on all the
platforms, not just builds. We can run smbtorture, masktest, locktest etc,
plus a bunch of smbclient scripts and any new tests we write.

This doesn't help much with nmbd (at least not yet) but its a good start.
(This used to be commit 7e8e6ae9a8)
2001-06-22 15:14:45 +00:00
Tim Potter
4cf7fcc505 Fixed compiler warning.
(This used to be commit 6553f1d027)
2000-12-06 02:52:54 +00:00
Jeremy Allison
27ce49e3e6 Moved over lib/util_sec (with added fixes) as the HEAD source
seems to have drifted a little.
Jeremy.
(This used to be commit ebcdb4afee)
2000-02-08 11:32:43 +00:00
Andrew Tridgell
173f7e66dc util_sec.c from 2.0.6
(This used to be commit 955d187139)
1999-12-17 01:39:47 +00:00