[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-797-g58e5e1e

Andrew Tridgell tridge at samba.org
Tue Aug 4 19:21:54 MDT 2009 

The branch, master has been updated
       via  58e5e1ea8d4c5a9eb8d36aa8132fd1ba3985ca53 (commit)
      from  fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 58e5e1ea8d4c5a9eb8d36aa8132fd1ba3985ca53
Author: Andrew Tridgell <tridge at samba.org>
Date:   Wed Aug 5 11:21:06 2009 +1000

    make the UID_WRAPPER skip checks at runtime
    
    This fixes two issues pointed out by Andrew. It adds a runtime
    uwrap_enabled() call that wraps the skips needed for uid emulation. It
    also makes the skip in the directory_create_or_exist() function only
    change the uid checking code, not the permissions code

-----------------------------------------------------------------------

Summary of changes:
 lib/uid_wrapper/uid_wrapper.c  |    7 +++++++
 lib/uid_wrapper/uid_wrapper.h  |    2 ++
 lib/util/config.mk             |    2 +-
 lib/util/util.c                |   11 +++++++----
 source4/heimdal_build/config.h |    6 +++++-
 source4/include/includes.h     |    6 +++++-
 source4/ntvfs/posix/pvfs_acl.c |   14 +++++++-------
 7 files changed, 34 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index e009fa0..948ff65 100644
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -45,6 +45,13 @@ static void uwrap_init(void)
 	}
 }
 
+#undef uwrap_enabled
+_PUBLIC_ int uwrap_enabled(void)
+{
+	uwrap_init();
+	return uwrap.enabled?1:0;
+}
+
 _PUBLIC_ int uwrap_seteuid(uid_t euid)
 {
 	uwrap_init();
diff --git a/lib/uid_wrapper/uid_wrapper.h b/lib/uid_wrapper/uid_wrapper.h
index e2df613..5d7c99d 100644
--- a/lib/uid_wrapper/uid_wrapper.h
+++ b/lib/uid_wrapper/uid_wrapper.h
@@ -58,4 +58,6 @@
 #endif
 #define getgid	uwrap_getgid
 
+int uwrap_enabled(void);
+
 #endif /* __UID_WRAPPER_H__ */
diff --git a/lib/util/config.mk b/lib/util/config.mk
index 47e0268..6dc8354 100644
--- a/lib/util/config.mk
+++ b/lib/util/config.mk
@@ -2,7 +2,7 @@
 PUBLIC_DEPENDENCIES = \
 		LIBTALLOC LIBCRYPTO \
 		SOCKET_WRAPPER LIBREPLACE_NETWORK \
-		CHARSET EXECINFO
+		CHARSET EXECINFO UID_WRAPPER
 
 LIBSAMBA-UTIL_VERSION = 0.0.1
 LIBSAMBA-UTIL_SOVERSION = 0
diff --git a/lib/util/util.c b/lib/util/util.c
index dea1401..2a809d3 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -133,14 +133,17 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid,
 			umask(old_umask);
 			return false;
 		}
-		if ((st.st_uid != uid) || 
-		    ((st.st_mode & 0777) != dir_perms)) {
-#ifndef UID_WRAPPER_REPLACE
+		if (st.st_uid != uid && !uwrap_enabled()) {
+			DEBUG(0, ("invalid ownership on directory "
+				  "%s\n", dname));
+			umask(old_umask);
+			return false;
+		}
+		if ((st.st_mode & 0777) != dir_perms) {
 			DEBUG(0, ("invalid permissions on directory "
 				  "%s\n", dname));
 			umask(old_umask);
 			return false;
-#endif
 		}
 	}
 	return true;
diff --git a/source4/heimdal_build/config.h b/source4/heimdal_build/config.h
index 8830942..8c0e6b0 100644
--- a/source4/heimdal_build/config.h
+++ b/source4/heimdal_build/config.h
@@ -27,9 +27,13 @@
 
 #undef HAVE_KRB5_ENCRYPT_BLOCK
 
-#if defined(UID_WRAPPER) && !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
+#if defined(UID_WRAPPER)
+#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
 #define UID_WRAPPER_REPLACE
 #include "../uid_wrapper/uid_wrapper.h"
 #endif
+#else
+#define uwrap_enabled() 0
+#endif
 
 #endif
diff --git a/source4/include/includes.h b/source4/include/includes.h
index 37c6115..e94c0fe 100644
--- a/source4/include/includes.h
+++ b/source4/include/includes.h
@@ -73,9 +73,13 @@
 #define TALLOC_ABORT(reason) smb_panic(reason)
 #endif
 
-#if defined(UID_WRAPPER) && !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
+#if defined(UID_WRAPPER)
+#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
 #define UID_WRAPPER_REPLACE
 #include "../uid_wrapper/uid_wrapper.h"
 #endif
+#else
+#define uwrap_enabled() 0
+#endif
 
 #endif /* _INCLUDES_H */
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index f5a00c0..2328839 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -473,13 +473,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
 		max_bits |= SEC_STD_ALL;
 	}
 
-#ifdef UID_WRAPPER_REPLACE
-	/* when running with the uid wrapper, files will be created
-	   owned by the ruid, but we may have a different simulated 
-	   euid. We need to force the permission bits as though the 
-	   files owner matches the euid */
-	max_bits |= SEC_STD_ALL;
-#endif
+	if (!uwrap_enabled()) {
+		/* when running with the uid wrapper, files will be created
+		   owned by the ruid, but we may have a different simulated 
+		   euid. We need to force the permission bits as though the 
+		   files owner matches the euid */
+		max_bits |= SEC_STD_ALL;
+	}
 
 	if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
 		*access_mask = max_bits;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list