Solving the recursive 'wrong uid' problem in Samba4

Andrew Bartlett abartlet at samba.org
Tue Mar 3 11:18:07 GMT 2009 

I spent part of today looking into the UID wrong problem that hits
production use of Samba4.

The basic problem is that when we call event_loop_once inside code that
has changed Samba's UID, the event loop runs with a different UID.

Tridge proposed that we modify event_loop_once to optionally run a hook
to change the UID back to root, run the loop once, and to restore the
UID.

I would like to take the design a step further - create a new function:

int event_loop_until(struct tevent_context *ev, (*until_fn)(void *),
void *private) {
	void *hook_state = NULL;
	if (ev->hook) {
		ret = ev->hook(&hook_state, true);
		if (ret != 0) {
			return ret;
		}
	}
	while (until_fn(private)) {
		ret = event_loop_once(ev);
		if (ret != 0) {
			break;
		}
	}
	
	if (ev->hook) {
		int ev_ret = ev->hook(&hook_state, false);
		if (ev_ret != 0) {
			return ev_ret;
		}
	}

	return ret;
}

This would remove the loop form all the calling libraries that currently
call event_loop_once, but allow a single place where we can reset the
UID etc before we start doing events, and put things back where they
were on the exit from the event loop.

The hook would be set onto the event context in the Samba server only,
when it is first created.  It would be a no-op when the current UID is
already root, so would only really 'do work' in the NTVFS layer. 

The ultimate aim would be to remove this function, because all the
semi-async code is gone, but this won't happen for a while.  In the
meantime it might avoid the serious issue we currently have with nested
events.  This allows the storage of the nested security contexts to be
on the program stack, so there is much less risk of getting it mixed
up. 

It's late here, and I've probably not been clear, but I wanted to float
the idea overnight,

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090303/4864798c/attachment.bin

More information about the samba-technical mailing list