From 485787f0dfa64bbada7c971ec44f04a1095b4229 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 28 Jun 2012 13:41:19 -0700 Subject: Move back to using per-thread credentials on Linux. Fixes the glibc native AIO lost wakeup problem. See this post: https://lists.samba.org/archive/samba-technical/2012-June/085101.html for details. Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Jun 29 03:57:45 CEST 2012 on sn-devel-104 --- source3/configure.in | 19 ++++++++++++++++++- source3/lib/util_sec.c | 18 +++++++++--------- source3/wscript | 12 +++++++++++- 3 files changed, 38 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/configure.in b/source3/configure.in index 5df54cfff9..ba376f08a9 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -953,7 +953,7 @@ AC_CHECK_FUNCS(setsid glob strpbrk crypt16 getauthuid) AC_CHECK_FUNCS(sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) AC_CHECK_FUNCS(initgroups select rdchk getgrnam getgrent pathconf) AC_CHECK_FUNCS(getgrset) -AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf) +AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups syscall sysconf) AC_CHECK_FUNCS(atexit grantpt posix_fallocate) AC_CHECK_FUNCS(fallocate) AC_CHECK_FUNCS(fseeko setluid getpwanam) @@ -2766,6 +2766,23 @@ AC_CHECK_FUNCS(getpagesize) # look for a method of setting the effective uid seteuid=no; +case "$host_os" in +*linux*) +if test $seteuid = no; then +AC_CACHE_CHECK([for Linux thread-specific credentials],samba_cv_USE_LINUX_THREAD_CREDENTIALS,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_LINUX_THREAD_CREDENTIALS 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_LINUX_THREAD_CREDENTIALS=yes,samba_cv_USE_LINUX_THREAD_CREDENTIALS=no,samba_cv_USE_LINUX_THREAD_CREDENTIALS=cross)]) +if test x"$samba_cv_USE_LINUX_THREAD_CREDENTIALS" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETREUID,1,[Whether we can use Linux thread-specific credentials]) +fi +fi +;; +esac + if test $seteuid = no; then AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[ AC_TRY_RUN([ diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index bbb75dbbd4..cee11d9f96 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -134,7 +134,7 @@ static void assert_gid(gid_t rgid, gid_t egid) ****************************************************************************/ void gain_root_privilege(void) { -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(0,0,0); #endif @@ -164,7 +164,7 @@ void gain_root_privilege(void) ****************************************************************************/ void gain_root_group_privilege(void) { -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresgid(0,0,0); #endif @@ -201,7 +201,7 @@ void gain_root_group_privilege(void) ****************************************************************************/ void set_effective_uid(uid_t uid) { -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) /* Set the effective as well as the real uid. */ if (samba_setresuid(uid,uid,-1) == -1) { if (errno == EAGAIN) { @@ -233,7 +233,7 @@ void set_effective_uid(uid_t uid) ****************************************************************************/ void set_effective_gid(gid_t gid) { -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresgid(-1,gid,-1); #endif @@ -272,7 +272,7 @@ void save_re_uid(void) void restore_re_uid_fromroot(void) { -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID samba_setreuid(saved_ruid, -1); @@ -311,7 +311,7 @@ void save_re_gid(void) ****************************************************************************/ void restore_re_gid(void) { -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresgid(saved_rgid, saved_egid, -1); #elif USE_SETREUID samba_setregid(saved_rgid, -1); @@ -339,7 +339,7 @@ int set_re_uid(void) { uid_t uid = geteuid(); -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(geteuid(), -1, -1); #endif @@ -378,7 +378,7 @@ void become_user_permanently(uid_t uid, gid_t gid) gain_root_privilege(); gain_root_group_privilege(); -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresgid(gid,gid,gid); samba_setgid(gid); samba_setresuid(uid,uid,uid); @@ -422,7 +422,7 @@ static int have_syscall(void) { errno = 0; -#if USE_SETRESUID +#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(-1,-1,-1); #endif diff --git a/source3/wscript b/source3/wscript index 5b21c3bf31..449bf20e05 100755 --- a/source3/wscript +++ b/source3/wscript @@ -80,7 +80,7 @@ def configure(conf): conf.CHECK_FUNCS('setsid glob strpbrk crypt16 getauthuid') conf.CHECK_FUNCS('sigprocmask sigblock sigaction sigset innetgr') conf.CHECK_FUNCS('initgroups select poll rdchk getgrnam getgrent pathconf') - conf.CHECK_FUNCS('setpriv setgidx setuidx setgroups sysconf') + conf.CHECK_FUNCS('setpriv setgidx setuidx setgroups syscall sysconf') conf.CHECK_FUNCS('atexit grantpt fallocate posix_fallocate') conf.CHECK_FUNCS('fseeko setluid') conf.CHECK_FUNCS('getpwnam', headers='sys/types.h pwd.h') @@ -729,6 +729,16 @@ int i; i = PAM_RADIO_TYPE; conf.DEFINE('WITH_PAM_MODULES', 1) seteuid = False + if not seteuid: + seteuid = conf.CHECK_CODE(''' + #define AUTOCONF_TEST 1 + #define USE_LINUX_THREAD_CREDENTIALS 1 + #include "./lib/util_sec.c" + ''', + 'USE_LINUX_THREAD_CREDENTIALS', + addmain=False, + execute=True, + msg="Checking whether we can use Linux thread-specific credentials") if not seteuid: seteuid = conf.CHECK_CODE(''' #define AUTOCONF_TEST 1 -- cgit