From 58e5e1ea8d4c5a9eb8d36aa8132fd1ba3985ca53 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Aug 2009 11:21:06 +1000 Subject: make the UID_WRAPPER skip checks at runtime This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code --- lib/uid_wrapper/uid_wrapper.c | 7 +++++++ lib/uid_wrapper/uid_wrapper.h | 2 ++ lib/util/config.mk | 2 +- lib/util/util.c | 11 +++++++---- source4/heimdal_build/config.h | 6 +++++- source4/include/includes.h | 6 +++++- source4/ntvfs/posix/pvfs_acl.c | 14 +++++++------- 7 files changed, 34 insertions(+), 14 deletions(-) diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c index e009fa0b5c..948ff65b35 100644 --- a/lib/uid_wrapper/uid_wrapper.c +++ b/lib/uid_wrapper/uid_wrapper.c @@ -45,6 +45,13 @@ static void uwrap_init(void) } } +#undef uwrap_enabled +_PUBLIC_ int uwrap_enabled(void) +{ + uwrap_init(); + return uwrap.enabled?1:0; +} + _PUBLIC_ int uwrap_seteuid(uid_t euid) { uwrap_init(); diff --git a/lib/uid_wrapper/uid_wrapper.h b/lib/uid_wrapper/uid_wrapper.h index e2df613f50..5d7c99d2b2 100644 --- a/lib/uid_wrapper/uid_wrapper.h +++ b/lib/uid_wrapper/uid_wrapper.h @@ -58,4 +58,6 @@ #endif #define getgid uwrap_getgid +int uwrap_enabled(void); + #endif /* __UID_WRAPPER_H__ */ diff --git a/lib/util/config.mk b/lib/util/config.mk index 47e026865e..6dc8354948 100644 --- a/lib/util/config.mk +++ b/lib/util/config.mk @@ -2,7 +2,7 @@ PUBLIC_DEPENDENCIES = \ LIBTALLOC LIBCRYPTO \ SOCKET_WRAPPER LIBREPLACE_NETWORK \ - CHARSET EXECINFO + CHARSET EXECINFO UID_WRAPPER LIBSAMBA-UTIL_VERSION = 0.0.1 LIBSAMBA-UTIL_SOVERSION = 0 diff --git a/lib/util/util.c b/lib/util/util.c index dea140148f..2a809d3ccb 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -133,14 +133,17 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid, umask(old_umask); return false; } - if ((st.st_uid != uid) || - ((st.st_mode & 0777) != dir_perms)) { -#ifndef UID_WRAPPER_REPLACE + if (st.st_uid != uid && !uwrap_enabled()) { + DEBUG(0, ("invalid ownership on directory " + "%s\n", dname)); + umask(old_umask); + return false; + } + if ((st.st_mode & 0777) != dir_perms) { DEBUG(0, ("invalid permissions on directory " "%s\n", dname)); umask(old_umask); return false; -#endif } } return true; diff --git a/source4/heimdal_build/config.h b/source4/heimdal_build/config.h index 8830942e30..8c0e6b0475 100644 --- a/source4/heimdal_build/config.h +++ b/source4/heimdal_build/config.h @@ -27,9 +27,13 @@ #undef HAVE_KRB5_ENCRYPT_BLOCK -#if defined(UID_WRAPPER) && !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE) +#if defined(UID_WRAPPER) +#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE) #define UID_WRAPPER_REPLACE #include "../uid_wrapper/uid_wrapper.h" #endif +#else +#define uwrap_enabled() 0 +#endif #endif diff --git a/source4/include/includes.h b/source4/include/includes.h index 37c6115f0f..e94c0fe633 100644 --- a/source4/include/includes.h +++ b/source4/include/includes.h @@ -73,9 +73,13 @@ #define TALLOC_ABORT(reason) smb_panic(reason) #endif -#if defined(UID_WRAPPER) && !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE) +#if defined(UID_WRAPPER) +#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE) #define UID_WRAPPER_REPLACE #include "../uid_wrapper/uid_wrapper.h" #endif +#else +#define uwrap_enabled() 0 +#endif #endif /* _INCLUDES_H */ diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index f5a00c08a8..232883911e 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -473,13 +473,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, max_bits |= SEC_STD_ALL; } -#ifdef UID_WRAPPER_REPLACE - /* when running with the uid wrapper, files will be created - owned by the ruid, but we may have a different simulated - euid. We need to force the permission bits as though the - files owner matches the euid */ - max_bits |= SEC_STD_ALL; -#endif + if (!uwrap_enabled()) { + /* when running with the uid wrapper, files will be created + owned by the ruid, but we may have a different simulated + euid. We need to force the permission bits as though the + files owner matches the euid */ + max_bits |= SEC_STD_ALL; + } if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) { *access_mask = max_bits; -- cgit