[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jul 3 18:38:01 MDT 2012
The branch, master has been updated
via 6449022 Add waf/configure tests for openat.
via 90881da Move copy_unix_token() from locking/locking.c to lib/util.c.
via a559fcf Add function set_thread_credentials_permanently(). Panic if fail.
via ed85252 Allow init_aio_threadpool() to be setup for different threadpool handles with different completion functions.
from 0ed3433 doc: Remove references to deprecated 'share modes' parameter.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6449022d3e05726879f9e268464ae89ce119103e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 3 13:34:21 2012 -0700
Add waf/configure tests for openat.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jul 4 02:37:59 CEST 2012 on sn-devel-104
commit 90881da68509ad673c1e921831ef4f36cabb9ea8
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 3 15:32:10 2012 -0700
Move copy_unix_token() from locking/locking.c to lib/util.c.
Make public.
commit a559fcf156f4ee8c98daac52fcf3447993b9ba14
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jul 3 12:39:23 2012 -0700
Add function set_thread_credentials_permanently(). Panic if fail.
Not yet used.
commit ed8525265dae72b7e910a371559db585a4ef55db
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 29 16:18:10 2012 -0700
Allow init_aio_threadpool() to be setup for different threadpool handles with different completion functions.
-----------------------------------------------------------------------
Summary of changes:
source3/configure.in | 18 ++++++++++++++
source3/include/proto.h | 5 ++++
source3/lib/util.c | 30 +++++++++++++++++++++++
source3/lib/util_sec.c | 48 +++++++++++++++++++++++++++++++++++++
source3/locking/locking.c | 29 ----------------------
source3/modules/vfs_aio_pthread.c | 29 ++++++++++++++-------
source3/wscript | 5 ++++
7 files changed, 125 insertions(+), 39 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/configure.in b/source3/configure.in
index abb4de6..150f189 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -5792,6 +5792,24 @@ if test x"$samba_cv_HAVE_POSIX_FADVISE" = x"yes"; then
fi
############################################
+# See if we have the openat syscall.
+
+AC_CACHE_CHECK([for openat],
+ samba_cv_HAVE_OPENAT,[
+ AC_TRY_LINK([
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <fcntl.h>],
+ [int fd = openat(AT_FDCWD, ".", O_RDONLY);],
+ samba_cv_HAVE_OPENAT=yes,
+ samba_cv_HAVE_OPENAT=no)])
+
+if test x"$samba_cv_HAVE_OPENAT" = x"yes"; then
+ AC_DEFINE(HAVE_OPENAT,1, [Whether openat is available])
+fi
+
+############################################
# See if we have the Linux splice syscall.
case "$host_os" in
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 4080f23..b7f2852 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -497,6 +497,7 @@ bool map_open_params_to_ntcreate(const char *smb_base_fname,
uint32 *pcreate_disposition,
uint32 *pcreate_options,
uint32_t *pprivate_flags);
+struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok);
void init_modules(void);
/* The following definitions come from lib/util_builtin.c */
@@ -544,6 +545,10 @@ void save_re_gid(void);
void restore_re_gid(void);
int set_re_uid(void);
void become_user_permanently(uid_t uid, gid_t gid);
+int set_thread_credentials_permanently(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset);
bool is_setuid_root(void) ;
/* The following definitions come from lib/util_sid.c */
diff --git a/source3/lib/util.c b/source3/lib/util.c
index f1b8158..697f7b1 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2460,3 +2460,33 @@ bool map_open_params_to_ntcreate(const char *smb_base_fname,
return True;
}
+
+/*************************************************************************
+ Return a talloced copy of a struct security_unix_token. NULL on fail.
+*************************************************************************/
+
+struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok)
+{
+ struct security_unix_token *cpy;
+
+ cpy = talloc(ctx, struct security_unix_token);
+ if (!cpy) {
+ return NULL;
+ }
+
+ cpy->uid = tok->uid;
+ cpy->gid = tok->gid;
+ cpy->ngroups = tok->ngroups;
+ if (tok->ngroups) {
+ /* Make this a talloc child of cpy. */
+ cpy->groups = (gid_t *)talloc_memdup(
+ cpy, tok->groups, tok->ngroups * sizeof(gid_t));
+ if (!cpy->groups) {
+ TALLOC_FREE(cpy);
+ return NULL;
+ }
+ } else {
+ cpy->groups = NULL;
+ }
+ return cpy;
+}
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 11d85a1..7c05f17 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -410,6 +410,54 @@ void become_user_permanently(uid_t uid, gid_t gid)
assert_gid(gid, gid);
}
+/**********************************************************
+ Function to set thread specific credentials in an
+ irreversible way. Must be thread-safe code.
+**********************************************************/
+
+int set_thread_credentials_permanently(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset)
+{
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ /*
+ * With Linux thread-specific credentials
+ * we know we have setresuid/setresgid
+ * available.
+ */
+
+ /* Become root. */
+ /* Set ru=0, eu=0 */
+ if (samba_setresuid(0, 0, -1) != 0) {
+ return -1;
+ }
+ /* Set our primary gid. */
+ /* Set rg=gid, eg=gid, sg=gid */
+ if (samba_setresgid(gid, gid, gid) != 0) {
+ return -1;
+ }
+ /* Set extra groups list. */
+ if (samba_setgroups(setlen, gidset) != 0) {
+ return -1;
+ }
+ /* Become the requested user. No way back after this. */
+ /* Set ru=uid, eu=uid, su=uid */
+ if (samba_setresuid(uid, uid, uid) != 0) {
+ return -1;
+ }
+ if (geteuid() != uid || getuid() != uid ||
+ getegid() != gid || getgid() != gid) {
+ smb_panic("set_thread_credentials_permanently failed\n");
+ return -1;
+ }
+ return 0;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
#ifdef AUTOCONF_TEST
/****************************************************************************
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 95e9b77..d3ab7f3 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -882,35 +882,6 @@ bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp)
return True;
}
-/*************************************************************************
- Return a talloced copy of a struct security_unix_token. NULL on fail.
- (Should this be in locking.c.... ?).
-*************************************************************************/
-
-static struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok)
-{
- struct security_unix_token *cpy;
-
- cpy = talloc(ctx, struct security_unix_token);
- if (!cpy) {
- return NULL;
- }
-
- cpy->uid = tok->uid;
- cpy->gid = tok->gid;
- cpy->ngroups = tok->ngroups;
- if (tok->ngroups) {
- /* Make this a talloc child of cpy. */
- cpy->groups = (gid_t *)talloc_memdup(
- cpy, tok->groups, tok->ngroups * sizeof(gid_t));
- if (!cpy->groups) {
- TALLOC_FREE(cpy);
- return NULL;
- }
- }
- return cpy;
-}
-
/****************************************************************************
Adds a delete on close token.
****************************************************************************/
diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_pthread.c
index 695ba12..7167818 100644
--- a/source3/modules/vfs_aio_pthread.c
+++ b/source3/modules/vfs_aio_pthread.c
@@ -55,29 +55,34 @@ static void aio_pthread_handle_completion(struct event_context *event_ctx,
Ensure thread pool is initialized.
***********************************************************************/
-static bool init_aio_threadpool(struct vfs_handle_struct *handle)
+static bool init_aio_threadpool(struct event_context *ev_ctx,
+ struct pthreadpool **pp_pool,
+ void (*completion_fn)(struct event_context *,
+ struct fd_event *,
+ uint16,
+ void *))
{
struct fd_event *sock_event = NULL;
int ret = 0;
- if (pool) {
+ if (*pp_pool) {
return true;
}
- ret = pthreadpool_init(aio_pending_size, &pool);
+ ret = pthreadpool_init(aio_pending_size, pp_pool);
if (ret) {
errno = ret;
return false;
}
- sock_event = tevent_add_fd(handle->conn->sconn->ev_ctx,
+ sock_event = tevent_add_fd(ev_ctx,
NULL,
- pthreadpool_signal_fd(pool),
+ pthreadpool_signal_fd(*pp_pool),
TEVENT_FD_READ,
- aio_pthread_handle_completion,
+ completion_fn,
NULL);
if (sock_event == NULL) {
- pthreadpool_destroy(pool);
- pool = NULL;
+ pthreadpool_destroy(*pp_pool);
+ *pp_pool = NULL;
return false;
}
@@ -172,7 +177,9 @@ static int aio_pthread_read(struct vfs_handle_struct *handle,
struct aio_private_data *pd = NULL;
int ret;
- if (!init_aio_threadpool(handle)) {
+ if (!init_aio_threadpool(handle->conn->sconn->ev_ctx,
+ &pool,
+ aio_pthread_handle_completion)) {
return -1;
}
@@ -209,7 +216,9 @@ static int aio_pthread_write(struct vfs_handle_struct *handle,
struct aio_private_data *pd = NULL;
int ret;
- if (!init_aio_threadpool(handle)) {
+ if (!init_aio_threadpool(handle->conn->sconn->ev_ctx,
+ &pool,
+ aio_pthread_handle_completion)) {
return -1;
}
diff --git a/source3/wscript b/source3/wscript
index 5fcf86e..12529e5 100755
--- a/source3/wscript
+++ b/source3/wscript
@@ -353,6 +353,11 @@ return acl_get_perm_np(permset_d, perm);
headers='unistd.h fcntl.h')
conf.CHECK_DECLS('readahead', headers='fcntl.h', always=True)
+ conf.CHECK_CODE('int fd = openat(AT_FDCWD, ".", O_RDONLY);',
+ 'HAVE_OPENAT',
+ msg='Checking for openat',
+ headers='fcntl.h')
+
if Options.options.with_aio_support:
conf.CHECK_FUNCS_IN('aio_read', 'aio')
conf.CHECK_FUNCS_IN('aio_read', 'rt')
--
Samba Shared Repository
More information about the samba-cvs
mailing list