summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2012-03-24 16:00:36 +0100
committerJelmer Vernooij <jelmer@samba.org>2012-03-24 16:00:36 +0100
commit71d41a015add73e0fb355dd9713e99febd71d46f (patch)
tree866bc9255d36231a0749a59a05c0eb2d05491836
parent76bb68fd2b9e09eb4c033417f0f1174f18c04797 (diff)
downloadsamba-71d41a015add73e0fb355dd9713e99febd71d46f.tar.gz
samba-71d41a015add73e0fb355dd9713e99febd71d46f.tar.bz2
samba-71d41a015add73e0fb355dd9713e99febd71d46f.zip
libreplace: Add getpeereid implementation.
-rw-r--r--lib/replace/libreplace_network.m424
-rw-r--r--lib/replace/replace.c28
-rw-r--r--lib/replace/replace.h9
-rw-r--r--lib/replace/wscript10
-rw-r--r--lib/util/samba_util.h2
-rw-r--r--lib/util/system.c29
-rw-r--r--source3/configure.in25
-rw-r--r--source3/rpc_server/rpc_server.c3
-rw-r--r--source3/winbindd/winbindd_ccache_access.c3
-rw-r--r--source3/winbindd/winbindd_pam_logoff.c3
-rw-r--r--source3/wscript8
11 files changed, 77 insertions, 67 deletions
diff --git a/lib/replace/libreplace_network.m4 b/lib/replace/libreplace_network.m4
index eadcc6bfc1..bb2a84324e 100644
--- a/lib/replace/libreplace_network.m4
+++ b/lib/replace/libreplace_network.m4
@@ -473,6 +473,30 @@ fi
LIBS=$old_LIBS
CPPFLAGS="$libreplace_SAVE_CPPFLAGS"
+AC_CACHE_CHECK([for SO_PEERCRED],libreplace_cv_HAVE_PEERCRED,[
+AC_TRY_COMPILE([#include <sys/types.h>
+#include <sys/socket.h>],
+[struct ucred cred;
+ socklen_t cred_len;
+ int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);
+],
+libreplace_cv_HAVE_PEERCRED=yes,libreplace_cv_HAVE_PEERCRED=no,libreplace_cv_HAVE_PEERCRED=cross)])
+if test x"$libreplace_cv_HAVE_PEERCRED" = x"yes"; then
+ AC_DEFINE(HAVE_PEERCRED,1,[Whether we can use SO_PEERCRED to get socket credentials])
+fi
+
+AC_CACHE_CHECK([for getpeereid],libreplace_cv_HAVE_GETPEEREID,[
+AC_TRY_LINK([#include <sys/types.h>
+#include <unistd.h>],
+[uid_t uid; gid_t gid; int ret;
+ ret = getpeereid(0, &uid, &gid);
+],
+libreplace_cv_HAVE_GETPEEREID=yes,libreplace_cv_HAVE_GETPEEREID=no)])
+if test x"$libreplace_cv_HAVE_GETPEEREID" = xyes; then
+ AC_DEFINE(HAVE_GETPEEREID,1,
+ [Whether we have getpeereid to get socket credentials])
+fi
+
LIBREPLACEOBJ="${LIBREPLACEOBJ} ${LIBREPLACE_NETWORK_OBJS}"
echo "LIBREPLACE_NETWORK_CHECKS: END"
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index f1454cbcd6..d7f9cc1758 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -860,3 +860,31 @@ void *rep_memalign( size_t align, size_t size )
#endif
}
#endif
+
+#ifndef HAVE_GETPEEREID
+int rep_getpeereid(int s, uid_t *uid, gid_t *gid)
+{
+#if defined(HAVE_PEERCRED)
+ struct ucred cred;
+ socklen_t cred_len = sizeof(struct ucred);
+ int ret;
+
+ ret = getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &cred_len);
+ if (ret != 0) {
+ return -1;
+ }
+
+ if (cred_len != sizeof(struct ucred)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ *uid = cred.uid;
+ *gid = cred.gid;
+ return 0;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+#endif
diff --git a/lib/replace/replace.h b/lib/replace/replace.h
index 3f289d7f47..f2b1952376 100644
--- a/lib/replace/replace.h
+++ b/lib/replace/replace.h
@@ -112,6 +112,10 @@
#include <bsd/string.h>
#endif
+#ifdef HAVE_BSD_UNISTD_H
+#include <bsd/unistd.h>
+#endif
+
#ifdef HAVE_STRING_H
#include <string.h>
#endif
@@ -826,4 +830,9 @@ char *rep_getpass(const char *prompt);
#endif
#endif
+#ifndef HAVE_GETPEEREID
+#define getpeereid rep_getpeereid
+int rep_getpeereid(int s, uid_t *uid, gid_t *gid);
+#endif
+
#endif /* _LIBREPLACE_REPLACE_H */
diff --git a/lib/replace/wscript b/lib/replace/wscript
index e1dc1e6a30..025dda460d 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -174,6 +174,16 @@ def configure(conf):
if not conf.CHECK_FUNCS('strlcpy strlcat'):
conf.CHECK_FUNCS_IN('strlcpy strlcat', 'bsd', headers='bsd/string.h',
checklibc=True)
+ if not conf.CHECK_FUNCS('getpeereid'):
+ conf.CHECK_FUNCS_IN('getpeereid', 'bsd', headers='sys/types.h bsd/unistd.h')
+
+ conf.CHECK_CODE('''
+ struct ucred cred;
+ socklen_t cred_len;
+ int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);''',
+ 'HAVE_PEERCRED',
+ msg="Checking whether we can use SO_PEERCRED to get socket credentials",
+ headers='sys/types.h sys/socket.h')
#Some OS (ie. freebsd) return EINVAL if the convertion could not be done, it's not what we expect
#Let's detect those cases
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 0c3fd1aeaf..f989231102 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -123,8 +123,6 @@ _PUBLIC_ pid_t sys_fork(void);
**/
_PUBLIC_ pid_t sys_getpid(void);
-_PUBLIC_ int sys_getpeereid( int s, uid_t *uid);
-
struct sockaddr;
_PUBLIC_ int sys_getnameinfo(const struct sockaddr *psa,
diff --git a/lib/util/system.c b/lib/util/system.c
index a7141bf9b0..f34fabd292 100644
--- a/lib/util/system.c
+++ b/lib/util/system.c
@@ -71,35 +71,6 @@ _PUBLIC_ pid_t sys_getpid(void)
}
-_PUBLIC_ int sys_getpeereid( int s, uid_t *uid)
-{
-#if defined(HAVE_PEERCRED)
- struct ucred cred;
- socklen_t cred_len = sizeof(struct ucred);
- int ret;
-
- ret = getsockopt(s, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &cred_len);
- if (ret != 0) {
- return -1;
- }
-
- if (cred_len != sizeof(struct ucred)) {
- errno = EINVAL;
- return -1;
- }
-
- *uid = cred.uid;
- return 0;
-#else
-#if defined(HAVE_GETPEEREID)
- gid_t gid;
- return getpeereid(s, uid, &gid);
-#endif
- errno = ENOSYS;
- return -1;
-#endif
-}
-
_PUBLIC_ int sys_getnameinfo(const struct sockaddr *psa,
int salen,
char *host,
diff --git a/source3/configure.in b/source3/configure.in
index ffa2b808a3..11bd744dc9 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -6577,31 +6577,6 @@ AC_CHECK_MEMBERS([struct secmethod_table.method_attrlist], , ,
AC_CHECK_MEMBERS([struct secmethod_table.method_version], , ,
[#include <usersec.h>])
-AC_CACHE_CHECK([for SO_PEERCRED],samba_cv_HAVE_PEERCRED,[
-AC_TRY_COMPILE([#include <sys/types.h>
-#include <sys/socket.h>],
-[struct ucred cred;
- socklen_t cred_len;
- int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);
-],
-samba_cv_HAVE_PEERCRED=yes,samba_cv_HAVE_PEERCRED=no,samba_cv_HAVE_PEERCRED=cross)])
-if test x"$samba_cv_HAVE_PEERCRED" = x"yes"; then
- AC_DEFINE(HAVE_PEERCRED,1,[Whether we can use SO_PEERCRED to get socket credentials])
-fi
-
-AC_CACHE_CHECK([for getpeereid],samba_cv_HAVE_GETPEEREID,[
-AC_TRY_LINK([#include <sys/types.h>
-#include <unistd.h>],
-[uid_t uid; gid_t gid; int ret;
- ret = getpeereid(0, &uid, &gid);
-],
-samba_cv_HAVE_GETPEEREID=yes,samba_cv_HAVE_GETPEEREID=no)])
-if test x"$samba_cv_HAVE_GETPEEREID" = xyes; then
- AC_DEFINE(HAVE_GETPEEREID,1,
- [Whether we have getpeereid to get socket credentials])
-fi
-
-
#################################################
# Check to see if we should use the included popt
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index 89885b9230..675d0d5e93 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -1008,6 +1008,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
NTSTATUS status;
int sys_errno;
uid_t uid;
+ gid_t gid;
int rc;
DEBUG(10, ("dcerpc_ncacn_accept\n"));
@@ -1068,7 +1069,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
break;
case NCALRPC:
- rc = sys_getpeereid(s, &uid);
+ rc = getpeereid(s, &uid, &gid);
if (rc < 0) {
DEBUG(2, ("Failed to get ncalrpc connecting "
"uid - %s!\n", strerror(errno)));
diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c
index 411b2b4c3a..5557b959f0 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -157,10 +157,11 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid)
{
int ret;
uid_t ret_uid;
+ gid_t ret_gid;
ret_uid = (uid_t)-1;
- ret = sys_getpeereid(state->sock, &ret_uid);
+ ret = getpeereid(state->sock, &ret_uid, &ret_gid);
if (ret != 0) {
DEBUG(1, ("check_client_uid: Could not get socket peer uid: %s; "
"denying access\n", strerror(errno)));
diff --git a/source3/winbindd/winbindd_pam_logoff.c b/source3/winbindd/winbindd_pam_logoff.c
index c32a63e146..b3c60adf85 100644
--- a/source3/winbindd/winbindd_pam_logoff.c
+++ b/source3/winbindd/winbindd_pam_logoff.c
@@ -37,6 +37,7 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain;
fstring name_domain, user;
uid_t caller_uid;
+ gid_t caller_gid;
int res;
req = tevent_req_create(mem_ctx, &state,
@@ -71,7 +72,7 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
caller_uid = (uid_t)-1;
- res = sys_getpeereid(cli->sock, &caller_uid);
+ res = getpeereid(cli->sock, &caller_uid, &caller_gid);
if (res != 0) {
DEBUG(1,("winbindd_pam_logoff: failed to check peerid: %s\n",
strerror(errno)));
diff --git a/source3/wscript b/source3/wscript
index 476fb109b5..5b480f0ee7 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -357,14 +357,6 @@ return acl_get_perm_np(permset_d, perm);
conf.CHECK_DECLS('readahead', headers='fcntl.h', always=True)
conf.CHECK_CODE('''
- struct ucred cred;
- socklen_t cred_len;
- int ret = getsockopt(0, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len);''',
- 'HAVE_PEERCRED',
- msg="Checking whether we can use SO_PEERCRED to get socket credentials",
- headers='sys/types.h sys/socket.h')
-
- conf.CHECK_CODE('''
#if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
#include <sys/types.h>
#else