summaryrefslogtreecommitdiff
path: root/lib/util
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-06-28 11:59:51 -0700
committerJeremy Allison <jra@samba.org>2012-06-28 17:15:16 -0700
commit821bd95156e8cc6d843aecb0a27d4a08761b7dac (patch)
treea35f1f0059005555bc3fe548760a9cf01e896d55 /lib/util
parent7630fe50bd7d0783d1f6b253cbee46cccca3f774 (diff)
downloadsamba-821bd95156e8cc6d843aecb0a27d4a08761b7dac.tar.gz
samba-821bd95156e8cc6d843aecb0a27d4a08761b7dac.tar.bz2
samba-821bd95156e8cc6d843aecb0a27d4a08761b7dac.zip
Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.
Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
Diffstat (limited to 'lib/util')
-rw-r--r--lib/util/setid.c182
-rw-r--r--lib/util/setid.h43
-rw-r--r--lib/util/unix_privs.c5
-rwxr-xr-xlib/util/wscript_build7
4 files changed, 234 insertions, 3 deletions
diff --git a/lib/util/setid.c b/lib/util/setid.c
new file mode 100644
index 0000000000..8b2efc076f
--- /dev/null
+++ b/lib/util/setid.c
@@ -0,0 +1,182 @@
+/*
+ Unix SMB/CIFS implementation.
+ setXXid() functions for Samba.
+ Copyright (C) Jeremy Allison 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTOCONF_TEST
+#include "replace.h"
+#include "system/passwd.h"
+#include "include/includes.h"
+
+#ifdef UID_WRAPPER_REPLACE
+
+#ifdef samba_seteuid
+#undef samba_seteuid
+#endif
+
+#ifdef samba_setreuid
+#undef samba_setreuid
+#endif
+
+#ifdef samba_setresuid
+#undef samba_setresuid
+#endif
+
+#ifdef samba_setegid
+#undef samba_setegid
+#endif
+
+#ifdef samba_setregid
+#undef samba_setregid
+#endif
+
+#ifdef samba_setresgid
+#undef samba_setresgid
+#endif
+
+#ifdef samba_setgroups
+#undef samba_setgroups
+#endif
+
+/* uid_wrapper will have redefined these. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+int samba_setreuid(uid_t ruid, uid_t euid);
+int samba_setregid(gid_t rgid, gid_t egid);
+int samba_seteuid(uid_t euid);
+int samba_setegid(gid_t egid);
+int samba_setuid(uid_t uid);
+int samba_setgid(gid_t gid);
+int samba_setuidx(int flags, uid_t uid);
+int samba_setgidx(int flags, gid_t gid);
+int samba_setgroups(size_t setlen, const gid_t *gidset);
+
+#endif
+#endif
+
+#include "../lib/util/setid.h"
+
+/* All the setXX[ug]id functions and setgroups Samba uses. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+#if defined(HAVE_SETRESUID)
+ return setresuid(ruid, euid, suid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+#if defined(HAVE_SETRESGID)
+ return setresgid(rgid, egid, sgid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setreuid(uid_t ruid, uid_t euid)
+{
+#if defined(HAVE_SETREUID)
+ return setreuid(ruid, euid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setregid(gid_t rgid, gid_t egid)
+{
+#if defined(HAVE_SETREGID)
+ return setregid(rgid, egid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_seteuid(uid_t euid)
+{
+#if defined(HAVE_SETEUID)
+ return seteuid(euid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setegid(gid_t egid)
+{
+#if defined(HAVE_SETEGID)
+ return setegid(egid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setuid(uid_t uid)
+{
+#if defined(HAVE_SETUID)
+ return setuid(uid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setgid(gid_t gid)
+{
+#if defined(HAVE_SETGID)
+ return setgid(gid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setuidx(int flags, uid_t uid)
+{
+#if defined(HAVE_SETUIDX)
+ return setuidx(flags, uid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setgidx(int flags, gid_t gid)
+{
+#if defined(HAVE_SETGIDX)
+ return setgidx(flags, gid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setgroups(size_t setlen, const gid_t *gidset)
+{
+#if defined(HAVE_SETGROUPS)
+ return setgroups(setlen, gidset);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
diff --git a/lib/util/setid.h b/lib/util/setid.h
new file mode 100644
index 0000000000..59ae44c4d2
--- /dev/null
+++ b/lib/util/setid.h
@@ -0,0 +1,43 @@
+/*
+ Unix SMB/CIFS implementation.
+ setXXid() functions for Samba.
+ Copyright (C) Jeremy Allison 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SETID_H
+#define _SETID_H
+
+/*
+ * NB. We don't wrap initgroups although on some systems
+ * this can call setgroups. On systems with thread-specific
+ * credentials (Linux so far) we know they have getgrouplist()
+ * which doesn't make a system call.
+ */
+
+/* All the setXX[ug]id functions and setgroups Samba uses. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+int samba_setreuid(uid_t ruid, uid_t euid);
+int samba_setregid(gid_t rgid, gid_t egid);
+int samba_seteuid(uid_t euid);
+int samba_setegid(gid_t egid);
+int samba_setuid(uid_t uid);
+int samba_setgid(gid_t gid);
+int samba_setuidx(int flags, uid_t uid);
+int samba_setgidx(int flags, gid_t gid);
+int samba_setgroups(size_t setlen, const gid_t *gidset);
+
+#endif
diff --git a/lib/util/unix_privs.c b/lib/util/unix_privs.c
index baa54fd558..3dd244dad1 100644
--- a/lib/util/unix_privs.c
+++ b/lib/util/unix_privs.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "system/passwd.h"
#include "../lib/util/unix_privs.h"
+#include "../lib/util/setid.h"
/**
* @file
@@ -52,7 +53,7 @@ struct saved_state {
static int privileges_destructor(struct saved_state *s)
{
if (geteuid() != s->uid &&
- seteuid(s->uid) != 0) {
+ samba_seteuid(s->uid) != 0) {
smb_panic("Failed to restore privileges");
}
return 0;
@@ -71,7 +72,7 @@ void *root_privileges(void)
if (!s) return NULL;
s->uid = geteuid();
if (s->uid != 0) {
- seteuid(0);
+ samba_seteuid(0);
}
talloc_set_destructor(s, privileges_destructor);
return s;
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 82943a08f2..e601ecd4ed 100755
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -9,7 +9,7 @@ bld.SAMBA_LIBRARY('samba-util',
util_str.c util_str_common.c substitute.c ms_fnmatch.c
server_id.c dprintf.c parmlist.c bitmap.c''',
deps='DYNCONFIG',
- public_deps='talloc execinfo uid_wrapper pthread LIBCRYPTO charset',
+ public_deps='talloc execinfo uid_wrapper pthread LIBCRYPTO charset util_setid',
public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
header_path= [ ('dlinklist.h samba_util.h', '.'), ('*', 'util') ],
local_include=False,
@@ -62,6 +62,11 @@ bld.SAMBA_LIBRARY('tevent-util',
vnum='0.0.1'
)
+bld.SAMBA_LIBRARY('util_setid',
+ source='setid.c',
+ local_include=False,
+ private_library=True
+ )
bld.SAMBA_SUBSYSTEM('util_ldb',
source='util_ldb.c',