diff options
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_sec.c | 55 | ||||
-rw-r--r-- | source3/lib/util_sock.c | 28 |
2 files changed, 53 insertions, 30 deletions
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index 164e6ab506..c62df82396 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -44,6 +44,31 @@ extern int DEBUGLEVEL; #define smb_panic(x) exit(1) #endif +/* are we running as non-root? This is used by the regresison test code, + and potentially also for sites that want non-root smbd */ +static uid_t initial_uid; + +/**************************************************************************** +remember what uid we got started as - this allows us to run correctly +as non-root while catching trapdoor systems +****************************************************************************/ +void sec_init(void) +{ + initial_uid = geteuid(); + if (initial_uid != (uid_t)0) { + /* the DEBUG() subsystem has not been initialised when this is called */ + fprintf(stderr, "WARNING: running as non-root. Some functionality will be missing\n"); + } +} + +/**************************************************************************** +are we running in non-root mode? +****************************************************************************/ +BOOL non_root_mode(void) +{ + return (initial_uid != (uid_t)0); +} + /**************************************************************************** abort if we haven't set the uid correctly ****************************************************************************/ @@ -51,13 +76,13 @@ static void assert_uid(uid_t ruid, uid_t euid) { if ((euid != (uid_t)-1 && geteuid() != euid) || (ruid != (uid_t)-1 && getuid() != ruid)) { -#ifndef SMB_REGRESSION_TEST - DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n", - (int)ruid, (int)euid, - (int)getuid(), (int)geteuid())); - smb_panic("failed to set uid\n"); - exit(1); -#endif + if (!non_root_mode()) { + DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n", + (int)ruid, (int)euid, + (int)getuid(), (int)geteuid())); + smb_panic("failed to set uid\n"); + exit(1); + } } } @@ -68,14 +93,14 @@ static void assert_gid(gid_t rgid, gid_t egid) { if ((egid != (gid_t)-1 && getegid() != egid) || (rgid != (gid_t)-1 && getgid() != rgid)) { -#ifndef SMB_REGRESSION_TEST - DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n", - (int)rgid, (int)egid, - (int)getgid(), (int)getegid(), - (int)getuid(), (int)geteuid())); - smb_panic("failed to set gid\n"); - exit(1); -#endif + if (!non_root_mode()) { + DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n", + (int)rgid, (int)egid, + (int)getgid(), (int)getegid(), + (int)getuid(), (int)geteuid())); + smb_panic("failed to set gid\n"); + exit(1); + } } } diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 426d0572f1..7f8b83ec7d 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -1146,36 +1146,33 @@ int create_pipe_socket(char *dir, int dir_perms, return s; } -#ifdef SMB_REGRESSION_TEST /******************************************************************* this is like socketpair but uses tcp. It is used by the Samba -user testing +regression test code +The function guarantees that nobody else can attach to the socket, +or if they do that this function fails and the socket gets closed +returns 0 on success, -1 on failure +the resulting file descriptors are symmetrical ******************************************************************/ static int socketpair_tcp(int fd[2]) { int listener; struct sockaddr sock; socklen_t socklen = sizeof(sock); - int len = socklen; - int one = 1; int connect_done = 0; - + fd[0] = fd[1] = listener = -1; memset(&sock, 0, sizeof(sock)); if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed; - setsockopt(listener,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one)); - if (listen(listener, 1) != 0) goto failed; if (getsockname(listener, &sock, &socklen) != 0) goto failed; if ((fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed; - setsockopt(fd[1],SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one)); - set_blocking(fd[1], 0); if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) == -1) { @@ -1184,9 +1181,7 @@ static int socketpair_tcp(int fd[2]) connect_done = 1; } - if ((fd[0] = accept(listener, &sock, &len)) == -1) goto failed; - - setsockopt(fd[0],SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one)); + if ((fd[0] = accept(listener, &sock, &socklen)) == -1) goto failed; close(listener); if (connect_done == 0) { @@ -1208,9 +1203,12 @@ static int socketpair_tcp(int fd[2]) /******************************************************************* run a program on a local tcp socket, this is used to launch smbd -in the test code +when regression testing +the return value is a socket which is attached to a subprocess +running "prog". stdin and stdout are attached. stderr is left +attached to the original stderr ******************************************************************/ -int sock_exec(char *prog) +int sock_exec(const char *prog) { int fd[2]; if (socketpair_tcp(fd) != 0) return -1; @@ -1225,4 +1223,4 @@ int sock_exec(char *prog) close(fd[1]); return fd[0]; } -#endif + |