libreplace on Linux was (Re: Changing back to per-thread credentials on Linux (fixing native AIO).)

Andrew Bartlett abartlet at samba.org
Thu Jun 28 01:00:31 MDT 2012 

On Wed, 2012-06-27 at 15:52 -0700, Jeremy Allison wrote:
> On Thu, Jun 28, 2012 at 08:42:56AM +1000, Andrew Bartlett wrote:
> > Jeremy,
> > 
> > I think you developed this under autconf, because the wscript replace
> > mechanism doesn't look right.  You need it to look like the snprintf
> > tests, where we check for behaviour, not just missing functions (because
> > they are not missing).
> 
> Nope. Was developed under waf and ported to autoconf. 

I thought that was how you worked, so it has me quite puzzled. 

> I don't
> get what you're asking for here, as it looks (to me) like
> the snprintf waf tests. Can you explain more ?

The way the configure result changes the list of files to be part of the
libreplace is due to this block:

    for filename, functions in REPLACEMENT_FUNCTIONS.iteritems():
        for function in functions:
            if not bld.CONFIG_SET('HAVE_%s' % function.upper()):
                REPLACE_HOSTCC_SOURCE += ' %s' % filename
                break

So, in your case it seems that one of (upper case)
HAVE_{setresuid,setresgid,setreuid,setregid,setegid,seteuid,setuid,setgid,setgroups} is not set.  Otherwise, the file would not be included. 

For example the WORKING_STRPTIME case above works because if a working
strptime is found, it sets HAVE_WORKING_STRPTIME, which matches the
WORKING_STRPTIME in that list. 

> > The other concern I have is that libreplace has in general been about
> > ensuring that the Linux interface is available everywhere, but this
> > isn't the Linux interface, it is a custom Samba interface being called
> > by the Linux name.  
> 
> The main reason for putting it in libreplace is that it has to
> intercept all uses of the setxx[ug]id functions. This seems to
> be the natural place to add it.
> 
> I'm also hoping that we can eventually get thread-specific
> credentials on *BSD and Iluminos (Solaris/Nexenta) so this
> will be less of a Linux specific interface in the future.

I agree libreplace feels like the right place, but others put in a deal
of effort to have it vanish on linux, so I wanted to give them that
flag.  

The issue I have with the re-use of the names is that should a system
get thread-specific UID handling, it will be under a different name
anyway.  I do think that libreplace should do for a function what the
linux manpage says it does - otherwise, we have undocumented
thread-specific functions under the name of well documented function.  

It feels like the kind of trick that would have a experienced unix
sysadmin or developer not familiar with this particular chapter of Samba
history pulling their hair out for a half a day, until they found the
macro.  If you put it just in Samba, and call it samba_thread_seteuid()
etc, then my concerns go away.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list