Winbind patch

[Trond Eivind Glomsrød]

Here is a set of fixes for winbind - it avoid using getenv when
running suid (when using the nsswitch modules), and also adds a lock 
for being used in multithreaded apps.

--- samba-2.2.2/source/nsswitch/wb_common.c.winsfixes	Sat Oct 13 17:09:29 2001
+++ samba-2.2.2/source/nsswitch/wb_common.c	Tue Nov 13 18:13:19 2001
@@ -25,6 +25,19 @@
 
 #include "winbind_nss_config.h"
 #include "winbindd_nss.h"
+#include <unistd.h>
+#include <sys/types.h>
+
+/*
+ * Use __secure_getenv() on glibc, use getenv only when not running setuid otherwise
+ */
+
+#ifdef __GLIBC__
+#define getenv(foo) __secure_getenv(foo)
+#else
+#define getenv(foo) ((getuid()==geteuid())&&(getgid()==getegid())) ? getenv(foo): NULL
+#endif
+
 
 /* Global variables.  These are effectively the client state information */
 
@@ -328,6 +341,7 @@
 
 	/* Check for our tricky environment variable */
 
+        
 	if (getenv(WINBINDD_DONT_ENV)) {
 		return NSS_STATUS_NOTFOUND;
 	}
--- samba-2.2.2/source/nsswitch/winbind_nss.c.winsfixes	Sat Oct 13 17:09:29 2001
+++ samba-2.2.2/source/nsswitch/winbind_nss.c	Tue Nov 13 18:16:54 2001
@@ -24,6 +24,7 @@
 
 #include "winbind_nss_config.h"
 #include "winbindd_nss.h"
+#include <pthread.h>
 
 /* Prototypes from common.c */
 
@@ -282,6 +283,13 @@
 static int ndx_pw_cache;                 /* Current index into pwd cache */
 static int num_pw_cache;                 /* Current size of pwd cache */
 
+/*
+ * Mutex for the globals above
+ */
+
+static pthread_mutex_t globalsmutex=PTHREAD_MUTEX_INITIALIZER;
+
+
 /* Rewind "file pointer" to start of ntdom password database */
 
 NSS_STATUS
@@ -290,12 +298,13 @@
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: setpwent\n", getpid());
 #endif
-
-	if (num_pw_cache > 0) {
+        pthread_mutex_lock(&globalsmutex);
+        if (num_pw_cache > 0) {
 		ndx_pw_cache = num_pw_cache = 0;
 		free_response(&getpwent_response);
 	}
 
+        pthread_mutex_unlock(&globalsmutex);
 	return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
 }
 
@@ -307,13 +316,13 @@
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: endpwent\n", getpid());
 #endif
-
-	if (num_pw_cache > 0) {
+        pthread_mutex_lock(&globalsmutex);
+        if (num_pw_cache > 0) {
 		ndx_pw_cache = num_pw_cache = 0;
 		free_response(&getpwent_response);
 	}
-
-	return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
+        pthread_mutex_unlock(&globalsmutex);
+        return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
 }
 
 /* Fetch the next password entry from ntdom password database */
@@ -328,9 +337,11 @@
 	struct winbindd_request request;
 	static int called_again;
 
+        
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: getpwent\n", getpid());
 #endif
+        pthread_mutex_lock(&globalsmutex);
 
 	/* Return an entry from the cache if we have one, or if we are
 	   called again because we exceeded our static buffer.  */
@@ -370,6 +381,7 @@
 		/* Check data is valid */
 
 		if (pw_cache == NULL) {
+                        pthread_mutex_unlock(&globalsmutex);
 			return NSS_STATUS_NOTFOUND;
 		}
 
@@ -381,7 +393,8 @@
 		if (ret == NSS_STATUS_TRYAGAIN) {
 			called_again = True;
 			*errnop = errno = ERANGE;
-			return ret;
+                        pthread_mutex_unlock(&globalsmutex);
+                        return ret;
 		}
 
 		*errnop = errno = 0;
@@ -395,8 +408,8 @@
 			free_response(&getpwent_response);
 		}
 	}
-
-	return ret;
+        pthread_mutex_unlock(&globalsmutex);
+        return ret;
 }
 
 /* Return passwd struct from uid */

-- 
Trond Eivind Glomsrød
Red Hat, Inc.