diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-08-05 10:50:03 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-08-05 10:51:00 +1000 |
commit | fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426 (patch) | |
tree | b9971f7c8b9758dec89f109a2e79dd0ad899f4f2 /source4/ntvfs | |
parent | 3e3f64f05fa5d970b058c4b21b6ecd40b883e8e6 (diff) | |
download | samba-fd43e0ee09e3f82093e9a15dd6cbd2fbaa113426.tar.gz |
added a uid_wrapper library
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
Diffstat (limited to 'source4/ntvfs')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 8 | ||||
-rw-r--r-- | source4/ntvfs/unixuid/config.mk | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 1adced44aa..f5a00c08a8 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -473,6 +473,14 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, max_bits |= SEC_STD_ALL; } +#ifdef UID_WRAPPER_REPLACE + /* when running with the uid wrapper, files will be created + owned by the ruid, but we may have a different simulated + euid. We need to force the permission bits as though the + files owner matches the euid */ + max_bits |= SEC_STD_ALL; +#endif + if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) { *access_mask = max_bits; return NT_STATUS_OK; diff --git a/source4/ntvfs/unixuid/config.mk b/source4/ntvfs/unixuid/config.mk index 6377657cec..105ba2f535 100644 --- a/source4/ntvfs/unixuid/config.mk +++ b/source4/ntvfs/unixuid/config.mk @@ -3,7 +3,7 @@ [MODULE::ntvfs_unixuid] INIT_FUNCTION = ntvfs_unixuid_init SUBSYSTEM = ntvfs -PRIVATE_DEPENDENCIES = SAMDB NSS_WRAPPER +PRIVATE_DEPENDENCIES = SAMDB NSS_WRAPPER UID_WRAPPER # End MODULE ntvfs_unixuid ################################################ |