This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
+#undef uwrap_enabled
+_PUBLIC_ int uwrap_enabled(void)
+{
+ uwrap_init();
+ return uwrap.enabled?1:0;
+}
+
_PUBLIC_ int uwrap_seteuid(uid_t euid)
{
uwrap_init();
_PUBLIC_ int uwrap_seteuid(uid_t euid)
{
uwrap_init();
#endif
#define getgid uwrap_getgid
#endif
#define getgid uwrap_getgid
+int uwrap_enabled(void);
+
#endif /* __UID_WRAPPER_H__ */
#endif /* __UID_WRAPPER_H__ */
PUBLIC_DEPENDENCIES = \
LIBTALLOC LIBCRYPTO \
SOCKET_WRAPPER LIBREPLACE_NETWORK \
PUBLIC_DEPENDENCIES = \
LIBTALLOC LIBCRYPTO \
SOCKET_WRAPPER LIBREPLACE_NETWORK \
+ CHARSET EXECINFO UID_WRAPPER
LIBSAMBA-UTIL_VERSION = 0.0.1
LIBSAMBA-UTIL_SOVERSION = 0
LIBSAMBA-UTIL_VERSION = 0.0.1
LIBSAMBA-UTIL_SOVERSION = 0
umask(old_umask);
return false;
}
umask(old_umask);
return false;
}
- if ((st.st_uid != uid) ||
- ((st.st_mode & 0777) != dir_perms)) {
-#ifndef UID_WRAPPER_REPLACE
+ if (st.st_uid != uid && !uwrap_enabled()) {
+ DEBUG(0, ("invalid ownership on directory "
+ "%s\n", dname));
+ umask(old_umask);
+ return false;
+ }
+ if ((st.st_mode & 0777) != dir_perms) {
DEBUG(0, ("invalid permissions on directory "
"%s\n", dname));
umask(old_umask);
return false;
DEBUG(0, ("invalid permissions on directory "
"%s\n", dname));
umask(old_umask);
return false;
#undef HAVE_KRB5_ENCRYPT_BLOCK
#undef HAVE_KRB5_ENCRYPT_BLOCK
-#if defined(UID_WRAPPER) && !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
+#if defined(UID_WRAPPER)
+#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
#define UID_WRAPPER_REPLACE
#include "../uid_wrapper/uid_wrapper.h"
#endif
#define UID_WRAPPER_REPLACE
#include "../uid_wrapper/uid_wrapper.h"
#endif
+#else
+#define uwrap_enabled() 0
+#endif
#define TALLOC_ABORT(reason) smb_panic(reason)
#endif
#define TALLOC_ABORT(reason) smb_panic(reason)
#endif
-#if defined(UID_WRAPPER) && !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
+#if defined(UID_WRAPPER)
+#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
#define UID_WRAPPER_REPLACE
#include "../uid_wrapper/uid_wrapper.h"
#endif
#define UID_WRAPPER_REPLACE
#include "../uid_wrapper/uid_wrapper.h"
#endif
+#else
+#define uwrap_enabled() 0
+#endif
max_bits |= SEC_STD_ALL;
}
max_bits |= SEC_STD_ALL;
}
-#ifdef UID_WRAPPER_REPLACE
- /* when running with the uid wrapper, files will be created
- owned by the ruid, but we may have a different simulated
- euid. We need to force the permission bits as though the
- files owner matches the euid */
- max_bits |= SEC_STD_ALL;
-#endif
+ if (!uwrap_enabled()) {
+ /* when running with the uid wrapper, files will be created
+ owned by the ruid, but we may have a different simulated
+ euid. We need to force the permission bits as though the
+ files owner matches the euid */
+ max_bits |= SEC_STD_ALL;
+ }
if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
*access_mask = max_bits;
if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
*access_mask = max_bits;
git.samba.org / ira / wip.git / commitdiff