summaryrefslogtreecommitdiff
path: root/source4/ntvfs/posix
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-08-05 10:50:03 +1000
committerAndrew Tridgell <tridge@samba.org>2009-08-05 10:51:00 +1000
commitfd43e0ee09e3f82093e9a15dd6cbd2fbaa113426 (patch)
treeb9971f7c8b9758dec89f109a2e79dd0ad899f4f2 /source4/ntvfs/posix
parent3e3f64f05fa5d970b058c4b21b6ecd40b883e8e6 (diff)
downloadsamba-fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426.tar.gz
samba-fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426.tar.bz2
samba-fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426.zip
added a uid_wrapper library
This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
Diffstat (limited to 'source4/ntvfs/posix')
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 1adced44aa..f5a00c08a8 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -473,6 +473,14 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
max_bits |= SEC_STD_ALL;
}
+#ifdef UID_WRAPPER_REPLACE
+ /* when running with the uid wrapper, files will be created
+ owned by the ruid, but we may have a different simulated
+ euid. We need to force the permission bits as though the
+ files owner matches the euid */
+ max_bits |= SEC_STD_ALL;
+#endif
+
if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
*access_mask = max_bits;
return NT_STATUS_OK;