summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in5
-rw-r--r--source3/lib/util_sec.c55
-rw-r--r--source3/lib/util_sock.c28
-rw-r--r--source3/libsmb/cliconnect.c5
-rw-r--r--source3/smbd/server.c12
5 files changed, 59 insertions, 46 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index bf13115445..6f2334a068 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -709,11 +709,14 @@ winbindd_proto:
-h _WINBINDD_PROTO_H_ nsswitch/winbindd_proto.h \
$(WINBINDD_OBJ1)
+delproto:
+ @/bin/rm -f include/proto.h
+
include/proto.h:
@echo rebuilding include/proto.h
@cd $(srcdir) && $(AWK) -f script/mkproto.awk `echo $(PROTO_OBJ) | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort -u | egrep -v 'ubiqx/|wrapped'` > include/proto.h
-proto: include/proto.h
+proto: delproto include/proto.h
etags:
etags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/`
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 164e6ab506..c62df82396 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -44,6 +44,31 @@ extern int DEBUGLEVEL;
#define smb_panic(x) exit(1)
#endif
+/* are we running as non-root? This is used by the regresison test code,
+ and potentially also for sites that want non-root smbd */
+static uid_t initial_uid;
+
+/****************************************************************************
+remember what uid we got started as - this allows us to run correctly
+as non-root while catching trapdoor systems
+****************************************************************************/
+void sec_init(void)
+{
+ initial_uid = geteuid();
+ if (initial_uid != (uid_t)0) {
+ /* the DEBUG() subsystem has not been initialised when this is called */
+ fprintf(stderr, "WARNING: running as non-root. Some functionality will be missing\n");
+ }
+}
+
+/****************************************************************************
+are we running in non-root mode?
+****************************************************************************/
+BOOL non_root_mode(void)
+{
+ return (initial_uid != (uid_t)0);
+}
+
/****************************************************************************
abort if we haven't set the uid correctly
****************************************************************************/
@@ -51,13 +76,13 @@ static void assert_uid(uid_t ruid, uid_t euid)
{
if ((euid != (uid_t)-1 && geteuid() != euid) ||
(ruid != (uid_t)-1 && getuid() != ruid)) {
-#ifndef SMB_REGRESSION_TEST
- DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
- (int)ruid, (int)euid,
- (int)getuid(), (int)geteuid()));
- smb_panic("failed to set uid\n");
- exit(1);
-#endif
+ if (!non_root_mode()) {
+ DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
+ (int)ruid, (int)euid,
+ (int)getuid(), (int)geteuid()));
+ smb_panic("failed to set uid\n");
+ exit(1);
+ }
}
}
@@ -68,14 +93,14 @@ static void assert_gid(gid_t rgid, gid_t egid)
{
if ((egid != (gid_t)-1 && getegid() != egid) ||
(rgid != (gid_t)-1 && getgid() != rgid)) {
-#ifndef SMB_REGRESSION_TEST
- DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
- (int)rgid, (int)egid,
- (int)getgid(), (int)getegid(),
- (int)getuid(), (int)geteuid()));
- smb_panic("failed to set gid\n");
- exit(1);
-#endif
+ if (!non_root_mode()) {
+ DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
+ (int)rgid, (int)egid,
+ (int)getgid(), (int)getegid(),
+ (int)getuid(), (int)geteuid()));
+ smb_panic("failed to set gid\n");
+ exit(1);
+ }
}
}
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 426d0572f1..7f8b83ec7d 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -1146,36 +1146,33 @@ int create_pipe_socket(char *dir, int dir_perms,
return s;
}
-#ifdef SMB_REGRESSION_TEST
/*******************************************************************
this is like socketpair but uses tcp. It is used by the Samba
-user testing
+regression test code
+The function guarantees that nobody else can attach to the socket,
+or if they do that this function fails and the socket gets closed
+returns 0 on success, -1 on failure
+the resulting file descriptors are symmetrical
******************************************************************/
static int socketpair_tcp(int fd[2])
{
int listener;
struct sockaddr sock;
socklen_t socklen = sizeof(sock);
- int len = socklen;
- int one = 1;
int connect_done = 0;
-
+
fd[0] = fd[1] = listener = -1;
memset(&sock, 0, sizeof(sock));
if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
- setsockopt(listener,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one));
-
if (listen(listener, 1) != 0) goto failed;
if (getsockname(listener, &sock, &socklen) != 0) goto failed;
if ((fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
- setsockopt(fd[1],SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one));
-
set_blocking(fd[1], 0);
if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) == -1) {
@@ -1184,9 +1181,7 @@ static int socketpair_tcp(int fd[2])
connect_done = 1;
}
- if ((fd[0] = accept(listener, &sock, &len)) == -1) goto failed;
-
- setsockopt(fd[0],SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one));
+ if ((fd[0] = accept(listener, &sock, &socklen)) == -1) goto failed;
close(listener);
if (connect_done == 0) {
@@ -1208,9 +1203,12 @@ static int socketpair_tcp(int fd[2])
/*******************************************************************
run a program on a local tcp socket, this is used to launch smbd
-in the test code
+when regression testing
+the return value is a socket which is attached to a subprocess
+running "prog". stdin and stdout are attached. stderr is left
+attached to the original stderr
******************************************************************/
-int sock_exec(char *prog)
+int sock_exec(const char *prog)
{
int fd[2];
if (socketpair_tcp(fd) != 0) return -1;
@@ -1225,4 +1223,4 @@ int sock_exec(char *prog)
close(fd[1]);
return fd[0];
}
-#endif
+
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 034208f3b2..67eef52583 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -579,12 +579,9 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
if (cli->port == 0) cli->port = 139; /* Set to default */
-#ifdef SMB_REGRESSION_TEST
if (getenv("LIBSMB_PROG")) {
cli->fd = sock_exec(getenv("LIBSMB_PROG"));
- } else
-#endif
- {
+ } else {
cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip,
cli->port, cli->timeout);
}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index f4c82839bb..17b7774b1d 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -621,17 +621,7 @@ static void usage(char *pname)
setluid(0);
#endif
- /*
- * gain_root_privilege uses an assert than will cause a core
- * dump if euid != 0. Ensure this is the case.
- */
-
-#ifndef SMB_REGRESSION_TEST
- if(geteuid() != (uid_t)0) {
- fprintf(stderr, "%s: Version %s : Must have effective user id of zero to run.\n", argv[0], VERSION);
- exit(1);
- }
-#endif
+ sec_init();
append_log = True;