Winbind patch
Trond Eivind Glomsrød
teg at redhat.com
Tue Nov 27 14:52:06 GMT 2001
Here is a set of fixes for winbind - it avoid using getenv when
running suid (when using the nsswitch modules), and also adds a lock
for being used in multithreaded apps.
--- samba-2.2.2/source/nsswitch/wb_common.c.winsfixes Sat Oct 13 17:09:29 2001
+++ samba-2.2.2/source/nsswitch/wb_common.c Tue Nov 13 18:13:19 2001
@@ -25,6 +25,19 @@
#include "winbind_nss_config.h"
#include "winbindd_nss.h"
+#include <unistd.h>
+#include <sys/types.h>
+
+/*
+ * Use __secure_getenv() on glibc, use getenv only when not running setuid otherwise
+ */
+
+#ifdef __GLIBC__
+#define getenv(foo) __secure_getenv(foo)
+#else
+#define getenv(foo) ((getuid()==geteuid())&&(getgid()==getegid())) ? getenv(foo): NULL
+#endif
+
/* Global variables. These are effectively the client state information */
@@ -328,6 +341,7 @@
/* Check for our tricky environment variable */
+
if (getenv(WINBINDD_DONT_ENV)) {
return NSS_STATUS_NOTFOUND;
}
--- samba-2.2.2/source/nsswitch/winbind_nss.c.winsfixes Sat Oct 13 17:09:29 2001
+++ samba-2.2.2/source/nsswitch/winbind_nss.c Tue Nov 13 18:16:54 2001
@@ -24,6 +24,7 @@
#include "winbind_nss_config.h"
#include "winbindd_nss.h"
+#include <pthread.h>
/* Prototypes from common.c */
@@ -282,6 +283,13 @@
static int ndx_pw_cache; /* Current index into pwd cache */
static int num_pw_cache; /* Current size of pwd cache */
+/*
+ * Mutex for the globals above
+ */
+
+static pthread_mutex_t globalsmutex=PTHREAD_MUTEX_INITIALIZER;
+
+
/* Rewind "file pointer" to start of ntdom password database */
NSS_STATUS
@@ -290,12 +298,13 @@
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: setpwent\n", getpid());
#endif
-
- if (num_pw_cache > 0) {
+ pthread_mutex_lock(&globalsmutex);
+ if (num_pw_cache > 0) {
ndx_pw_cache = num_pw_cache = 0;
free_response(&getpwent_response);
}
+ pthread_mutex_unlock(&globalsmutex);
return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
}
@@ -307,13 +316,13 @@
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: endpwent\n", getpid());
#endif
-
- if (num_pw_cache > 0) {
+ pthread_mutex_lock(&globalsmutex);
+ if (num_pw_cache > 0) {
ndx_pw_cache = num_pw_cache = 0;
free_response(&getpwent_response);
}
-
- return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
+ pthread_mutex_unlock(&globalsmutex);
+ return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
}
/* Fetch the next password entry from ntdom password database */
@@ -328,9 +337,11 @@
struct winbindd_request request;
static int called_again;
+
#ifdef DEBUG_NSS
fprintf(stderr, "[%5d]: getpwent\n", getpid());
#endif
+ pthread_mutex_lock(&globalsmutex);
/* Return an entry from the cache if we have one, or if we are
called again because we exceeded our static buffer. */
@@ -370,6 +381,7 @@
/* Check data is valid */
if (pw_cache == NULL) {
+ pthread_mutex_unlock(&globalsmutex);
return NSS_STATUS_NOTFOUND;
}
@@ -381,7 +393,8 @@
if (ret == NSS_STATUS_TRYAGAIN) {
called_again = True;
*errnop = errno = ERANGE;
- return ret;
+ pthread_mutex_unlock(&globalsmutex);
+ return ret;
}
*errnop = errno = 0;
@@ -395,8 +408,8 @@
free_response(&getpwent_response);
}
}
-
- return ret;
+ pthread_mutex_unlock(&globalsmutex);
+ return ret;
}
/* Return passwd struct from uid */
--
Trond Eivind Glomsrød
Red Hat, Inc.
More information about the samba
mailing list