added a uid_wrapper library

Andrew Bartlett abartlet at samba.org
Tue Aug 4 19:00:36 MDT 2009


On Tue, 2009-08-04 at 19:51 -0500, Andrew Tridgell wrote:
> The branch, master has been updated
>        via  fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426 (commit)
>       from  3e3f64f05fa5d970b058c4b21b6ecd40b883e8e6 (commit)
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -----------------------------------------------------------------
> commit fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426
> Author: Andrew Tridgell <tridge at samba.org>
> Date:   Wed Aug 5 10:50:03 2009 +1000
> 
>     added a uid_wrapper library
>     
>     This library intercepts seteuid and related calls, and simulates them
>     in a manner similar to the nss_wrapper and socket_wrapper
>     libraries. This allows us to enable the vfs_unixuid NTVFS module in
>     the build farm, which means we are more likely to catch errors in the
>     token manipulation.
>     
>     The simulation is not complete, but it is enough for Samba4 for
>     now. The major areas of incompleteness are:
>     
>      - no emulation of setreuid, setresuid or saved uids. These would be
>        needed for use in Samba3
>     
>      - no emulation of ruid changing. That would also be needed for Samba3
>     
>      - no attempt to emulate file ownership changing, so code that (for
>        example) tests whether st.st_uid matches geteuid() needs special
>        handling

This looks really useful.  I do wonder about a few things:

Why are the 'this does not work with UID wrapper' checks compile-time,
rather than run-time?  As it is, this means we can't turn off all the
changes at run-time.

Also, shouldn't the 'skip' on the check in directory_create_or_exist()
should just be on the UID value, not on the permissions?

But despite these quibbles, this is a great leap forward, because it
brings a large and important part of the codebase back under a
testsuite.

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090805/7bf24b77/attachment.pgp>


More information about the samba-technical mailing list