diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/uid_wrapper/config.m4 | 16 | ||||
| -rw-r--r-- | lib/uid_wrapper/config.mk | 9 | ||||
| -rw-r--r-- | lib/uid_wrapper/uid_wrapper.c | 147 | ||||
| -rw-r--r-- | lib/uid_wrapper/uid_wrapper.h | 61 | ||||
| -rw-r--r-- | lib/util/config.mk | 1 | ||||
| -rw-r--r-- | lib/util/util.c | 2 |
6 files changed, 236 insertions, 0 deletions
diff --git a/lib/uid_wrapper/config.m4 b/lib/uid_wrapper/config.m4 new file mode 100644 index 0000000000..db6537bf95 --- /dev/null +++ b/lib/uid_wrapper/config.m4 @@ -0,0 +1,16 @@ +AC_ARG_ENABLE(uid-wrapper, +AS_HELP_STRING([--enable-uid-wrapper], [Turn on uid wrapper library (default=no)])) + +HAVE_UID_WRAPPER=no + +if eval "test x$developer = xyes"; then + enable_uid_wrapper=yes +fi + +if eval "test x$enable_uid_wrapper = xyes"; then + AC_DEFINE(UID_WRAPPER,1,[Use uid wrapper library]) + HAVE_UID_WRAPPER=yes +fi + +AC_SUBST(HAVE_UID_WRAPPER) +AC_SUBST(UID_WRAPPER_OBJS) diff --git a/lib/uid_wrapper/config.mk b/lib/uid_wrapper/config.mk new file mode 100644 index 0000000000..1bebc68118 --- /dev/null +++ b/lib/uid_wrapper/config.mk @@ -0,0 +1,9 @@ +############################## +# Start SUBSYSTEM UID_WRAPPER +[SUBSYSTEM::UID_WRAPPER] +PRIVATE_DEPENDENCIES = LIBTALLOC +# End SUBSYSTEM UID_WRAPPER +############################## + +UID_WRAPPER_OBJ_FILES = $(uidwrappersrcdir)/uid_wrapper.o + diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c new file mode 100644 index 0000000000..e009fa0b5c --- /dev/null +++ b/lib/uid_wrapper/uid_wrapper.c @@ -0,0 +1,147 @@ +/* + Copyright (C) Andrew Tridgell 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#define UID_WRAPPER_NOT_REPLACE +#include "includes.h" +#include "system/passwd.h" +#include "system/filesys.h" + +#ifndef _PUBLIC_ +#define _PUBLIC_ +#endif + +/* + we keep the virtualised euid/egid/groups information here + */ +static struct { + bool initialised; + bool enabled; + uid_t euid; + gid_t egid; + unsigned ngroups; + gid_t *groups; +} uwrap; + +static void uwrap_init(void) +{ + if (uwrap.initialised) return; + uwrap.initialised = true; + if (getenv("UID_WRAPPER")) { + uwrap.enabled = true; + } +} + +_PUBLIC_ int uwrap_seteuid(uid_t euid) +{ + uwrap_init(); + if (!uwrap.enabled) { + return seteuid(euid); + } + /* assume for now that the ruid stays as root */ + uwrap.euid = euid; + return 0; +} + +_PUBLIC_ uid_t uwrap_geteuid(void) +{ + uwrap_init(); + if (!uwrap.enabled) { + return geteuid(); + } + return uwrap.euid; +} + +_PUBLIC_ int uwrap_setegid(gid_t egid) +{ + uwrap_init(); + if (!uwrap.enabled) { + return setegid(egid); + } + /* assume for now that the ruid stays as root */ + uwrap.egid = egid; + return 0; +} + +_PUBLIC_ uid_t uwrap_getegid(void) +{ + uwrap_init(); + if (!uwrap.enabled) { + return getegid(); + } + return uwrap.egid; +} + +_PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list) +{ + uwrap_init(); + if (!uwrap.enabled) { + return setgroups(size, list); + } + + talloc_free(uwrap.groups); + uwrap.ngroups = 0; + + uwrap.groups = talloc_array(talloc_autofree_context(), gid_t, size); + if (uwrap.groups == NULL) { + errno = ENOMEM; + return -1; + } + memcpy(uwrap.groups, list, size*sizeof(gid_t)); + uwrap.ngroups = size; + return 0; +} + +_PUBLIC_ int uwrap_getgroups(int size, gid_t *list) +{ + uwrap_init(); + if (!uwrap.enabled) { + return getgroups(size, list); + } + + if (size > uwrap.ngroups) { + size = uwrap.ngroups; + } + if (size == 0) { + return uwrap.ngroups; + } + if (size < uwrap.ngroups) { + errno = EINVAL; + return -1; + } + memcpy(list, uwrap.groups, size*sizeof(gid_t)); + return 0; +} + +_PUBLIC_ uid_t uwrap_getuid(void) +{ + uwrap_init(); + if (!uwrap.enabled) { + return getuid(); + } + /* we don't simulate ruid changing */ + return 0; +} + +_PUBLIC_ gid_t uwrap_getgid(void) +{ + uwrap_init(); + if (!uwrap.enabled) { + return getgid(); + } + /* we don't simulate rgid changing */ + return 0; +} diff --git a/lib/uid_wrapper/uid_wrapper.h b/lib/uid_wrapper/uid_wrapper.h new file mode 100644 index 0000000000..e2df613f50 --- /dev/null +++ b/lib/uid_wrapper/uid_wrapper.h @@ -0,0 +1,61 @@ +/* + Copyright (C) Andrew Tridgell 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef __UID_WRAPPER_H__ +#define __UID_WRAPPER_H__ + +#ifdef seteuid +#undef seteuid +#endif +#define seteuid uwrap_seteuid + +#ifdef setegid +#undef setegid +#endif +#define setegid uwrap_setegid + +#ifdef geteuid +#undef geteuid +#endif +#define geteuid uwrap_geteuid + +#ifdef getegid +#undef getegid +#endif +#define getegid uwrap_getegid + +#ifdef setgroups +#undef setgroups +#endif +#define setgroups uwrap_setgroups + +#ifdef getgroups +#undef getgroups +#endif +#define getgroups uwrap_getgroups + +#ifdef getuid +#undef getuid +#endif +#define getuid uwrap_getuid + +#ifdef getgid +#undef getgid +#endif +#define getgid uwrap_getgid + +#endif /* __UID_WRAPPER_H__ */ diff --git a/lib/util/config.mk b/lib/util/config.mk index ad39096c56..47e026865e 100644 --- a/lib/util/config.mk +++ b/lib/util/config.mk @@ -54,6 +54,7 @@ PUBLIC_HEADERS += $(addprefix $(libutilsrcdir)/, util.h \ ASN1_UTIL_OBJ_FILES = $(libutilsrcdir)/asn1.o [SUBSYSTEM::UNIX_PRIVS] +PRIVATE_DEPENDENCIES = UID_WRAPPER UNIX_PRIVS_OBJ_FILES = $(libutilsrcdir)/unix_privs.o diff --git a/lib/util/util.c b/lib/util/util.c index f49d25865c..dea140148f 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -135,10 +135,12 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, uid_t uid, } if ((st.st_uid != uid) || ((st.st_mode & 0777) != dir_perms)) { +#ifndef UID_WRAPPER_REPLACE DEBUG(0, ("invalid permissions on directory " "%s\n", dname)); umask(old_umask); return false; +#endif } } return true; |