The branch, master has been updated via 733457a selftest/Samba3: enable uid wrapper in nmbd, winbindd and smbd via 97d6795 s3:configure.developer: add --enable-uid-wrapper via 1184e7d s3: Use the uid_wrapper via c682ee3 uid_wrapper: We have talloc_array_length, no need for an explicit length from f6b7bd4 lib/util: consolidate module loading
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 733457a94ecfa09712ad115eded66d6b3e56c042 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 7 19:48:02 2011 +0200 selftest/Samba3: enable uid wrapper in nmbd, winbindd and smbd metze Signed-off-by: Andreas Schneider <a...@samba.org> Autobuild-User: Andreas Schneider <a...@cryptomilk.org> Autobuild-Date: Thu Oct 6 13:49:05 CEST 2011 on sn-devel-104 commit 97d679536150c5365a78b84e68da18e9f6b9d0c2 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Jul 7 19:47:20 2011 +0200 s3:configure.developer: add --enable-uid-wrapper metze Signed-off-by: Andreas Schneider <a...@samba.org> commit 1184e7de5947aa83209f14d07e14cf61c782710d Author: Volker Lendecke <v...@samba.org> Date: Sun Feb 20 00:05:06 2011 +0100 s3: Use the uid_wrapper Signed-off-by: Stefan Metzmacher <me...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> commit c682ee32b8155776f73665c5671fec0dee83a8ab Author: Volker Lendecke <v...@samba.org> Date: Sat Feb 19 23:21:07 2011 +0100 uid_wrapper: We have talloc_array_length, no need for an explicit length Signed-off-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/uid_wrapper/config.m4 | 3 +++ lib/uid_wrapper/uid_wrapper.c | 18 +++++++++--------- selftest/target/Samba3.pm | 6 ++++++ source3/Makefile.in | 10 +++++++--- source3/configure.developer | 1 + source3/configure.in | 1 + source3/lib/system.c | 1 + source3/lib/util_sec.c | 1 + source3/smbd/sec_ctx.c | 1 + source3/wscript | 1 + source3/wscript_build | 4 ++-- 11 files changed, 33 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/uid_wrapper/config.m4 b/lib/uid_wrapper/config.m4 index db6537b..2cd573e 100644 --- a/lib/uid_wrapper/config.m4 +++ b/lib/uid_wrapper/config.m4 @@ -10,6 +10,9 @@ fi if eval "test x$enable_uid_wrapper = xyes"; then AC_DEFINE(UID_WRAPPER,1,[Use uid wrapper library]) HAVE_UID_WRAPPER=yes + + # this is only used for samba3 + UID_WRAPPER_OBJS="../lib/uid_wrapper/uid_wrapper.o" fi AC_SUBST(HAVE_UID_WRAPPER) diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c index c676797..05d226b 100644 --- a/lib/uid_wrapper/uid_wrapper.c +++ b/lib/uid_wrapper/uid_wrapper.c @@ -40,7 +40,6 @@ static struct { bool enabled; uid_t euid; gid_t egid; - unsigned ngroups; gid_t *groups; } uwrap; @@ -51,7 +50,6 @@ static void uwrap_init(void) if (getenv("UID_WRAPPER")) { uwrap.enabled = true; /* put us in one group */ - uwrap.ngroups = 1; uwrap.groups = talloc_array(NULL, gid_t, 1); uwrap.groups[0] = 0; } @@ -112,7 +110,6 @@ _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list) } talloc_free(uwrap.groups); - uwrap.ngroups = 0; uwrap.groups = NULL; if (size != 0) { @@ -122,30 +119,33 @@ _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list) return -1; } memcpy(uwrap.groups, list, size*sizeof(gid_t)); - uwrap.ngroups = size; } return 0; } _PUBLIC_ int uwrap_getgroups(int size, gid_t *list) { + size_t ngroups; + uwrap_init(); if (!uwrap.enabled) { return getgroups(size, list); } - if (size > uwrap.ngroups) { - size = uwrap.ngroups; + ngroups = talloc_array_length(uwrap.groups); + + if (size > ngroups) { + size = ngroups; } if (size == 0) { - return uwrap.ngroups; + return ngroups; } - if (size < uwrap.ngroups) { + if (size < ngroups) { errno = EINVAL; return -1; } memcpy(list, uwrap.groups, size*sizeof(gid_t)); - return uwrap.ngroups; + return ngroups; } _PUBLIC_ uid_t uwrap_getuid(void) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index a5c11d9..45d99ce 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -555,6 +555,8 @@ sub check_or_start($$$$) { $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; + $ENV{UID_WRAPPER} = "1"; + if ($nmbd ne "yes") { $SIG{USR1} = $SIG{ALRM} = $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { my $signame = shift; @@ -599,6 +601,8 @@ sub check_or_start($$$$) { $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; + $ENV{UID_WRAPPER} = "1"; + if ($winbindd ne "yes") { $SIG{USR1} = $SIG{ALRM} = $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { my $signame = shift; @@ -645,6 +649,8 @@ sub check_or_start($$$$) { $ENV{NSS_WRAPPER_GROUP} = $env_vars->{NSS_WRAPPER_GROUP}; $ENV{NSS_WRAPPER_WINBIND_SO_PATH} = $env_vars->{NSS_WRAPPER_WINBIND_SO_PATH}; + $ENV{UID_WRAPPER} = "1"; + if ($smbd ne "yes") { $SIG{USR1} = $SIG{ALRM} = $SIG{INT} = $SIG{QUIT} = $SIG{TERM} = sub { my $signame = shift; diff --git a/source3/Makefile.in b/source3/Makefile.in index a048090..1bb987e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -403,10 +403,12 @@ LIBREPLACE_OBJ = @LIBREPLACE_OBJS@ SOCKET_WRAPPER_OBJ = @SOCKET_WRAPPER_OBJS@ NSS_WRAPPER_OBJ = @NSS_WRAPPER_OBJS@ +UID_WRAPPER_OBJ = @UID_WRAPPER_OBJS@ LIBSAMBAUTIL_OBJ = \ $(LIBREPLACE_OBJ) \ $(SOCKET_WRAPPER_OBJ) \ + $(UID_WRAPPER_OBJ) \ $(NSS_WRAPPER_OBJ) UTIL_OBJ = ../lib/util/rbtree.o ../lib/util/signal.o ../lib/util/time.o \ @@ -1990,9 +1992,10 @@ bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) -bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) +bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) $(LIBTALLOC) @echo Linking $@ - @$(CC) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + @$(CC) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ + $(LIBTALLOC_LIBS) bin/pdbtest@EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @@ -2785,10 +2788,11 @@ bin/winbindd@EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ $(LIBTALLOC $(PASSDB_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) \ $(ZLIB_LIBS) -bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) $(LIBTDB) +bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) $(LIBTDB) $(LIBTALLOC) @echo "Linking $@" @$(CC) -o $@ $(VLP_OBJ) $(LDFLAGS) $(DYNEXP) \ $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \ + $(LIBTALLOC_LIBS) \ $(LIBTDB_LIBS) @WINBIND_NSS@: $(BINARY_PREREQS) $(WINBIND_NSS_OBJ) diff --git a/source3/configure.developer b/source3/configure.developer index 5033670..ee8fa89 100755 --- a/source3/configure.developer +++ b/source3/configure.developer @@ -3,4 +3,5 @@ --enable-developer \ --enable-socket-wrapper \ --enable-nss-wrapper \ + --enable-uid-wrapper \ "$@" diff --git a/source3/configure.in b/source3/configure.in index 0687285..7405cfd 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -126,6 +126,7 @@ fi m4_include(../lib/socket_wrapper/config.m4) m4_include(../lib/nss_wrapper/config.m4) +m4_include(../lib/uid_wrapper/config.m4) m4_include(m4/swat.m4) diff --git a/source3/lib/system.c b/source3/lib/system.c index 2f7a55f..0aefd6d 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -25,6 +25,7 @@ #include "system/capability.h" #include "system/passwd.h" #include "system/filesys.h" +#include "lib/uid_wrapper/uid_wrapper.h" #ifdef HAVE_SYS_PRCTL_H #include <sys/prctl.h> diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index d7984ac..0e2eee4 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -19,6 +19,7 @@ #ifndef AUTOCONF_TEST #include "includes.h" +#include "lib/uid_wrapper/uid_wrapper.h" #else /* we are running this code in autoconf test mode to see which type of setuid function works */ diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index f8c8847..446810d 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -23,6 +23,7 @@ #include "libcli/security/security_token.h" #include "auth.h" #include "smbprofile.h" +#include "lib/uid_wrapper/uid_wrapper.h" extern struct current_user current_user; diff --git a/source3/wscript b/source3/wscript index d776428..bb0354a 100644 --- a/source3/wscript +++ b/source3/wscript @@ -25,6 +25,7 @@ def set_options(opt): opt.RECURSE('../dynconfig') opt.RECURSE('selftest') opt.RECURSE('../lib/nss_wrapper') + opt.RECURSE('../lib/uid_wrapper') opt.RECURSE('../lib/socket_wrapper') opt.RECURSE('../lib/tevent') opt.RECURSE('../lib/tdb_compat') diff --git a/source3/wscript_build b/source3/wscript_build index 74a6880..693148f 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -817,7 +817,7 @@ bld.SAMBA3_SUBSYSTEM('KRBCLIENT', bld.SAMBA3_SUBSYSTEM('samba3core', source=LIB_SRC, - deps='LIBTSOCKET LIBCRYPTO ndr security NDR_SECURITY samba-util NDR_MESSAGING LIBASYNC_REQ tdb-wrap3 UTIL_TDB UTIL_PW SAMBA_VERSION KRB5_WRAP flag_mapping util_reg PTHREADPOOL interfaces cap string_init param util_str CHARSET3 namearray dbwrap util_sec util_malloc memcache ccan errors3 samba-modules', + deps='LIBTSOCKET LIBCRYPTO ndr security NDR_SECURITY samba-util NDR_MESSAGING LIBASYNC_REQ tdb-wrap3 UTIL_TDB UTIL_PW SAMBA_VERSION KRB5_WRAP flag_mapping util_reg PTHREADPOOL interfaces cap string_init param util_str CHARSET3 namearray dbwrap util_sec util_malloc memcache ccan errors3 samba-modules uid_wrapper', vars=locals()) bld.SAMBA3_LIBRARY('smbd_shim', @@ -912,7 +912,7 @@ bld.SAMBA3_LIBRARY('smbd_base', LIBCLI_SAMR libcli_lsa3 LIBRPCCLI_NETLOGON cli_spoolss RPC_NDR_SRVSVC npa_tstream INIT_NETLOGON INIT_SAMR cli_smb_common RPC_SERVER smbd_conn param_service - smbd_shim + smbd_shim uid_wrapper ''', private_library=True, vars=locals()) -- Samba Shared Repository