summaryrefslogtreecommitdiffstats
path: root/lib/uid_wrapper/uid_wrapper.c
Commit message (Collapse)AuthorAgeFilesLines
* uwrap: Make sure we leave if the id is NULL.Andreas Schneider2015-01-281-0/+1
| | | | | | | CID #97616 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Support scenario where threads fork or creates threads.Robin Hack2015-01-281-221/+177
| | | | | | | | | | | | | | | | | When fork() is called here there is no need to disable uwrap as a whole. This change disables only uwrap for the thread which called fork(). uwrap catches calls of pthread_create() and pthread_exit() functions from libpthread library now. Pair-Programmed-With: Andreas Schneider <asn@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Robin Hack <hack.robin@gmail.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Prepare for overload of libpthread functions.Robin Hack2015-01-281-19/+140
| | | | | | | | | uwrap_bind_symbol are now renamed to uwrap_bind_symbol_libc and simlilar uwrap_bind_symbol_libpthread are introduced. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL macrosRobin Hack2015-01-281-8/+14
| | | | | | | | | Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL which make locking easier. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Rewrite uwrap_libc_fns struct to pass strict aliasing rules.Robin Hack2015-01-281-59/+116
| | | | | | | | | | Also rename struct uwrap_libc_fns fns to uwrap_libc_symbols and uwrap_load_lib_function to uwrap_bind_symbol (same for _uwrap_load_... variant. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Fix wrong data types in syscalls switch.Robin Hack2015-01-281-12/+12
| | | | | | Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Add support for getresuid() and getresgid() glibc/syscall.Robin Hack2015-01-281-0/+109
| | | | | | Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Extend support for (set|get)groups libc functions and syscalls.Robin Hack2015-01-281-11/+82
| | | | | | Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Extend support for syscalls called from threads or main process.Robin Hack2015-01-281-0/+36
| | | | | | | | | We need to distinguish if the syscall is called from main process or from a thread. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Small uwrap_init optimalization.Robin Hack2015-01-281-2/+2
| | | | | | | | Don't call libc_getuid/getgid function twice. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Add support for running with address sanitizer.Andreas Schneider2015-01-281-0/+7
| | | | | | | | The address sanitzer will complain about our hack with variable function attributes. This disables the checking of it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Reflect changes of uid/gid in threads to main process.Robin Hack2015-01-281-7/+50
| | | | | | | | | | | | When thread changes uid/gid this change must be reflected to main process. Syscalls changes only uid/gid of thread. Call of libc functions changes also uid/gid of main process. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Small optimalization of uwrap_init().Robin Hack2015-01-281-1/+2
| | | | | | | | Don't call getenv("UID_WRAPPER") on start of uwrap_init(). Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Optimalization of uid_wrapper_enabled() function.Robin Hack2015-01-281-4/+29
| | | | | | | | | | | | | | | Check only bool variable inside uwrap structure instead of calling whole uid_init(). In the best case only one mutex lock is need when check. NOTES: * This patch uses __atomic_load gcc builtin function. * uid_init() were moved outside uid_wrapper_enabled() function. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uid_wrapper: Fix race condition - uwrap_init.Robin Hack2015-01-281-5/+2
| | | | | | | | | Patch moves uwrap_id_mutex before if (uwrap.initialised) statement which can be passed by concurrent threads. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Fix race condition - glibc lookups.Robin Hack2015-01-281-3/+14
| | | | | | | | | Patch adds libc_symbol_binding_mutex which guards global table of libc functions and their lookup. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Add library constructor and move pthread_atfork inside.Robin Hack2015-01-281-9/+22
| | | | | | | | | Library constructor is used for pthread_atfork call. Moved here because pthread_atfork is cumulative and should be called only once. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Use UWRAP_LOCK/UNLOCK macros instead of pthread_mutex_lock/unlock calls.Robin Hack2015-01-281-31/+40
| | | | | | | | | New macros UWRAP_LOCK/UNLOCK has been created and all calls to pthread_mutex_lock/unlock has been replaced by these macros. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* uwrap: Fix the handle loop for older gcc versions.Andreas Schneider2015-01-281-1/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Support dropping all supplemetary groups with setgroups()Jakub Hrozek2014-07-311-2/+12
| | | | | | | | | | Dropping all supplementary groups is a common practice when changing UIDs. This patch adds support for dropping all supplementary groups when setgroups is called with size=0. Signed-off-by: Jakub Hrozek <jakub.hrozek@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Add logging if uwrap is enabled correctly.Andreas Schneider2014-07-311-0/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Log error if we are out of memory.Andreas Schneider2014-07-311-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Add a better logging function.Andreas Schneider2014-07-311-8/+67
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Check for HAVE_FUNCTION_ATTRIBUTE_FORMAT.Andreas Schneider2014-07-311-0/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Fall back to RTLD_NEXT if we can't find libc.Andreas Schneider2014-07-311-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Add mutex in uwrap_destructor().Andreas Schneider2014-07-311-0/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* uwrap: Fix memory leak on error.Andreas Schneider2014-07-311-0/+1
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib: Change uid_wrapper to preloadable version.Andreas Schneider2014-04-171-147/+1068
| | | | | | | This imports version 1.0.1 of uid_wrapper. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.Jeremy Allison2012-06-281-7/+8
| | | | | | Will allow thread-specific credentials to be added by modifying the central definitions. Deliberately left the setXX[ug]id() call in popt as this is not used in Samba.
* Include uid_wrapper correctly.Andreas Schneider2011-10-271-2/+2
|
* uid_wrapper: Add uwrap_setresgid().Andreas Schneider2011-10-271-0/+18
|
* uid_wrapper: Fix build on UNIX platforms.Andreas Schneider2011-10-271-0/+10
|
* uid_wrapper: Handle euid and egid 0.Andreas Schneider2011-10-271-7/+29
|
* uid_wrapper: Make sure we have initialized the wrapper.Andreas Schneider2011-10-271-0/+2
|
* uid_wrapper: Add uwrap_setresuid().Andreas Schneider2011-10-071-0/+11
| | | | | Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Oct 7 12:04:05 CEST 2011 on sn-devel-104
* uid_wrapper: Add uwrap_setregid().Andreas Schneider2011-10-071-0/+11
|
* uid_wrapper: Add uwrap_setreuid().Andreas Schneider2011-10-071-0/+11
|
* uid_wrapper: We have talloc_array_length, no need for an explicit lengthVolker Lendecke2011-10-061-9/+9
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* uid_wrapper: The gid wrapper does not require a destructorVolker Lendecke2010-10-201-2/+2
| | | | Don't use talloc_autofree_context
* s4:UID wrapper - Make it work on older distributionsMatthias Dieter Wallnöfer2010-02-051-2/+10
| | | | | | | | | | | On my older CentOS 4 installation I had the problem with the missing substitution prototypes ("uwrap_*"). So I added them to "uid_wrapper.h". Also, I made the head of the "uid_wrapper.c" file more like the one of "nss_wrapper.c" - it shouldn't change that much, I did it only to be consistent. This patch should fix the build on older distributions while keep it running on newer ones.
* fixed a uid_wrapper bug that caused a segv in the RAW-ACLS testAndrew Tridgell2009-08-051-8/+15
|
* make the UID_WRAPPER skip checks at runtimeAndrew Tridgell2009-08-051-0/+7
| | | | | | | This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code
* added a uid_wrapper libraryAndrew Tridgell2009-08-051-0/+147
This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
generated by cgit (git 2.34.1) at 2025-06-14 08:09:47 +0000