On Thu, May 11, 2006 at 02:12:22PM -0400, Ryan Novosielski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Continuing on:
>
> Linking bin/winbindd
> /usr/ccs/bin/ld: Unsatisfied symbols:
> seteuid (first referenced in nsswitch/winbindd_pam.o) (code)
> make: *** [bin/winbindd] Error 1
>
> Problem here appears to be that 'seteuid' is not available on HP-UX, at
> least not on HP-UX 11i earlier than v2 May 2005:
>
> http://devrsrc1.external.hp.com/STKT/impacts/i171.html?jumpid=reg_R1002_USEN
>
> Here are notes on what to use instead, however I'm pretty sure that that
> was already known as it is no doubt needed elsewhere in the package:
>
> http://devrsrc1.external.hp.com/STKS/impacts/i133.html?jumpid=reg_R1002_USEN
>
> There are also conditionals in configure.in (that never seem to show up
> in the configure output, interestingly enough). This was not broken in
> 3.0.22, however, none of the winbindd* files attempted to use seteuid in
> 3.0.22.
Ok, try this patch. Gunther please review as it affects winbindd code.
I think it's ok...
Jeremy.
Index: nsswitch/winbindd_cred_cache.c
===================================================================
--- nsswitch/winbindd_cred_cache.c (revision 15527)
+++ nsswitch/winbindd_cred_cache.c (working copy)
@@ -105,7 +105,7 @@
if ((entry->renew_until < time(NULL)) && (entry->pass != NULL)) {
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = kerberos_kinit_password_ext(entry->principal_name,
entry->pass,
@@ -116,7 +116,7 @@
False, /* no PAC required
anymore */
True,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not re-kinit: %s\n",
error_message(ret)));
@@ -132,13 +132,13 @@
goto done;
}
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = smb_krb5_renew_ticket(entry->ccname,
entry->principal_name,
entry->service,
&new_start);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not renew tickets: %s\n", error_message(ret)));
Index: nsswitch/winbindd_pam.c
===================================================================
--- nsswitch/winbindd_pam.c (revision 15527)
+++ nsswitch/winbindd_pam.c (working copy)
@@ -478,7 +478,7 @@
if (!internal_ccache) {
- seteuid(uid);
+ set_effective_uid(uid);
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
@@ -533,7 +533,7 @@
}
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
/************************ NON-ROOT **********************/
@@ -631,7 +631,7 @@
SAFE_FREE(client_princ_out);
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
return result;
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
