added a uid_wrapper library
Andrew Bartlett
abartlet at samba.org
Tue Aug 4 19:00:36 MDT 2009
On Tue, 2009-08-04 at 19:51 -0500, Andrew Tridgell wrote:
> The branch, master has been updated
> via fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426 (commit)
> from 3e3f64f05fa5d970b058c4b21b6ecd40b883e8e6 (commit)
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426
> Author: Andrew Tridgell <tridge at samba.org>
> Date: Wed Aug 5 10:50:03 2009 +1000
>
> added a uid_wrapper library
>
> This library intercepts seteuid and related calls, and simulates them
> in a manner similar to the nss_wrapper and socket_wrapper
> libraries. This allows us to enable the vfs_unixuid NTVFS module in
> the build farm, which means we are more likely to catch errors in the
> token manipulation.
>
> The simulation is not complete, but it is enough for Samba4 for
> now. The major areas of incompleteness are:
>
> - no emulation of setreuid, setresuid or saved uids. These would be
> needed for use in Samba3
>
> - no emulation of ruid changing. That would also be needed for Samba3
>
> - no attempt to emulate file ownership changing, so code that (for
> example) tests whether st.st_uid matches geteuid() needs special
> handling
This looks really useful. I do wonder about a few things:
Why are the 'this does not work with UID wrapper' checks compile-time,
rather than run-time? As it is, this means we can't turn off all the
changes at run-time.
Also, shouldn't the 'skip' on the check in directory_create_or_exist()
should just be on the UID value, not on the permissions?
But despite these quibbles, this is a great leap forward, because it
brings a large and important part of the codebase back under a
testsuite.
Thanks!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090805/7bf24b77/attachment.pgp>
More information about the samba-technical
mailing list