Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]i…

…d() calls. Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
Orval1 · Jun 29, 2012 · 821bd95 · 821bd95
1 parent 7630fe5
commit 821bd95
Show file tree

Hide file tree

Showing 18 changed files with 362 additions and 112 deletions.
diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
@@ -22,6 +22,7 @@
 #include "replace.h"
 #include "system/passwd.h"
 #include <talloc.h>
+#include "../lib/util/setid.h"
 
 #else /* _SAMBA_BUILD_ */
 
@@ -72,7 +73,7 @@ _PUBLIC_ int uwrap_seteuid(uid_t euid)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return seteuid(euid);
+		return samba_seteuid(euid);
 	}
 	/* assume for now that the ruid stays as root */
 	if (euid == 0) {
@@ -89,7 +90,7 @@ _PUBLIC_ int uwrap_setreuid(uid_t ruid, uid_t euid)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return setreuid(ruid, euid);
+		return samba_setreuid(ruid, euid);
 	}
 	/* assume for now that the ruid stays as root */
 	if (euid == 0) {
@@ -106,7 +107,7 @@ _PUBLIC_ int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return setresuid(ruid, euid, suid);
+		return samba_setresuid(ruid, euid, suid);
 	}
 	/* assume for now that the ruid stays as root */
 	if (euid == 0) {
@@ -132,7 +133,7 @@ _PUBLIC_ int uwrap_setegid(gid_t egid)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return setegid(egid);
+		return samba_setegid(egid);
 	}
 	/* assume for now that the ruid stays as root */
 	if (egid == 0) {
@@ -149,7 +150,7 @@ _PUBLIC_ int uwrap_setregid(gid_t rgid, gid_t egid)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return setregid(rgid, egid);
+		return samba_setregid(rgid, egid);
 	}
 	/* assume for now that the ruid stays as root */
 	if (egid == 0) {
@@ -166,7 +167,7 @@ _PUBLIC_ int uwrap_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return setresgid(rgid, egid, sgid);
+		return samba_setresgid(rgid, egid, sgid);
 	}
 	/* assume for now that the ruid stays as root */
 	if (egid == 0) {
@@ -191,7 +192,7 @@ _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list)
 {
 	uwrap_init();
 	if (!uwrap.enabled) {
-		return setgroups(size, list);
+		return samba_setgroups(size, list);
 	}
 
 	talloc_free(uwrap.groups);

diff --git a/lib/uid_wrapper/uid_wrapper.h b/lib/uid_wrapper/uid_wrapper.h
@@ -36,35 +36,35 @@ gid_t uwrap_getgid(void);
 
 #ifdef UID_WRAPPER_REPLACE
 
-#ifdef seteuid
-#undef seteuid
+#ifdef samba_seteuid
+#undef samba_seteuid
 #endif
-#define seteuid	uwrap_seteuid
+#define samba_seteuid	uwrap_seteuid
 
-#ifdef setreuid
-#undef setreuid
+#ifdef samba_setreuid
+#undef samba_setreuid
 #endif
-#define setreuid	uwrap_setreuid
+#define samba_setreuid	uwrap_setreuid
 
-#ifdef setresuid
-#undef setresuid
+#ifdef samba_setresuid
+#undef samba_setresuid
 #endif
-#define setresuid	uwrap_setresuid
+#define samba_setresuid	uwrap_setresuid
 
-#ifdef setegid
-#undef setegid
+#ifdef samba_setegid
+#undef samba_setegid
 #endif
-#define setegid	uwrap_setegid
+#define samba_setegid	uwrap_setegid
 
-#ifdef setregid
-#undef setregid
+#ifdef samba_setregid
+#undef samba_setregid
 #endif
-#define setregid	uwrap_setregid
+#define samba_setregid	uwrap_setregid
 
-#ifdef setresgid
-#undef setresgid
+#ifdef samba_setresgid
+#undef samba_setresgid
 #endif
-#define setresgid	uwrap_setresgid
+#define samba_setresgid	uwrap_setresgid
 
 #ifdef geteuid
 #undef geteuid
@@ -76,10 +76,10 @@ gid_t uwrap_getgid(void);
 #endif
 #define getegid	uwrap_getegid
 
-#ifdef setgroups
-#undef setgroups
+#ifdef samba_setgroups
+#undef samba_setgroups
 #endif
-#define setgroups uwrap_setgroups
+#define samba_setgroups uwrap_setgroups
 
 #ifdef getgroups
 #undef getgroups

diff --git a/lib/uid_wrapper/wscript_build b/lib/uid_wrapper/wscript_build
@@ -3,7 +3,7 @@
 
 bld.SAMBA_LIBRARY('uid_wrapper',
                   source='uid_wrapper.c',
-                  deps='talloc',
+                  deps='talloc util_setid',
                   private_library=True,
                   enabled=bld.CONFIG_SET("UID_WRAPPER"),
                   )

diff --git a/lib/util/setid.c b/lib/util/setid.c
@@ -0,0 +1,182 @@
+/*
+   Unix SMB/CIFS implementation.
+   setXXid() functions for Samba.
+   Copyright (C) Jeremy Allison 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTOCONF_TEST
+#include "replace.h"
+#include "system/passwd.h"
+#include "include/includes.h"
+
+#ifdef UID_WRAPPER_REPLACE
+
+#ifdef samba_seteuid
+#undef samba_seteuid
+#endif
+
+#ifdef samba_setreuid
+#undef samba_setreuid
+#endif
+
+#ifdef samba_setresuid
+#undef samba_setresuid
+#endif
+
+#ifdef samba_setegid
+#undef samba_setegid
+#endif
+
+#ifdef samba_setregid
+#undef samba_setregid
+#endif
+
+#ifdef samba_setresgid
+#undef samba_setresgid
+#endif
+
+#ifdef samba_setgroups
+#undef samba_setgroups
+#endif
+
+/* uid_wrapper will have redefined these. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+int samba_setreuid(uid_t ruid, uid_t euid);
+int samba_setregid(gid_t rgid, gid_t egid);
+int samba_seteuid(uid_t euid);
+int samba_setegid(gid_t egid);
+int samba_setuid(uid_t uid);
+int samba_setgid(gid_t gid);
+int samba_setuidx(int flags, uid_t uid);
+int samba_setgidx(int flags, gid_t gid);
+int samba_setgroups(size_t setlen, const gid_t *gidset);
+
+#endif
+#endif
+
+#include "../lib/util/setid.h"
+
+/* All the setXX[ug]id functions and setgroups Samba uses. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+#if defined(HAVE_SETRESUID)
+	return setresuid(ruid, euid, suid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+#if defined(HAVE_SETRESGID)
+	return setresgid(rgid, egid, sgid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setreuid(uid_t ruid, uid_t euid)
+{
+#if defined(HAVE_SETREUID)
+	return setreuid(ruid, euid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setregid(gid_t rgid, gid_t egid)
+{
+#if defined(HAVE_SETREGID)
+	return setregid(rgid, egid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_seteuid(uid_t euid)
+{
+#if defined(HAVE_SETEUID)
+	return seteuid(euid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setegid(gid_t egid)
+{
+#if defined(HAVE_SETEGID)
+	return setegid(egid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setuid(uid_t uid)
+{
+#if defined(HAVE_SETUID)
+	return setuid(uid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setgid(gid_t gid)
+{
+#if defined(HAVE_SETGID)
+	return setgid(gid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setuidx(int flags, uid_t uid)
+{
+#if defined(HAVE_SETUIDX)
+	return setuidx(flags, uid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setgidx(int flags, gid_t gid)
+{
+#if defined(HAVE_SETGIDX)
+	return setgidx(flags, gid);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
+
+int samba_setgroups(size_t setlen, const gid_t *gidset)
+{
+#if defined(HAVE_SETGROUPS)
+	return setgroups(setlen, gidset);
+#else
+	errno = ENOSYS;
+	return -1;
+#endif
+}
diff --git a/lib/util/setid.h b/lib/util/setid.h
@@ -0,0 +1,43 @@
+/*
+   Unix SMB/CIFS implementation.
+   setXXid() functions for Samba.
+   Copyright (C) Jeremy Allison 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SETID_H
+#define _SETID_H
+
+/*
+ * NB. We don't wrap initgroups although on some systems
+ * this can call setgroups. On systems with thread-specific
+ * credentials (Linux so far) we know they have getgrouplist()
+ * which doesn't make a system call.
+ */
+
+/* All the setXX[ug]id functions and setgroups Samba uses. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+int samba_setreuid(uid_t ruid, uid_t euid);
+int samba_setregid(gid_t rgid, gid_t egid);
+int samba_seteuid(uid_t euid);
+int samba_setegid(gid_t egid);
+int samba_setuid(uid_t uid);
+int samba_setgid(gid_t gid);
+int samba_setuidx(int flags, uid_t uid);
+int samba_setgidx(int flags, gid_t gid);
+int samba_setgroups(size_t setlen, const gid_t *gidset);
+
+#endif