diff -u ./nsswitch/libwbclient/wbc_async.c.orig ./nsswitch/libwbclient/wbc_async.c
--- ./nsswitch/libwbclient/wbc_async.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./nsswitch/libwbclient/wbc_async.c 2010-05-28 07:54:29.000000000 -0500
@@ -21,6 +21,7 @@
along with this program. If not, see .
*/
+#include "includes.h"
#include "replace.h"
#include "system/filesys.h"
#include "system/network.h"
@@ -252,7 +253,7 @@
}
if (!S_ISDIR(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
+ (st.st_uid != SUPERUSER && st.st_uid != geteuid())) {
wbc_err = WBC_ERR_WINBIND_NOT_AVAILABLE;
goto post_status;
}
@@ -275,7 +276,7 @@
if ((lstat(sunaddr.sun_path, &st) == -1)
|| !S_ISSOCK(st.st_mode)
- || (st.st_uid != 0 && st.st_uid != geteuid())) {
+ || (st.st_uid != SUPERUSER && st.st_uid != geteuid())) {
wbc_err = WBC_ERR_WINBIND_NOT_AVAILABLE;
goto post_status;
}
diff -u ./nsswitch/wb_common.c.orig ./nsswitch/wb_common.c
--- ./nsswitch/wb_common.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./nsswitch/wb_common.c 2010-05-26 08:37:55.000000000 -0500
@@ -22,6 +22,7 @@
along with this program. If not, see .
*/
+#include "includes.h"
#include "winbind_client.h"
/* Global variables. These are effectively the client state information */
@@ -181,7 +182,7 @@
}
if (!S_ISDIR(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
+ (st.st_uid != SUPERUSER && st.st_uid != geteuid())) {
errno = ENOENT;
return -1;
}
@@ -210,7 +211,7 @@
/* Check permissions on unix socket file */
if (!S_ISSOCK(st.st_mode) ||
- (st.st_uid != 0 && st.st_uid != geteuid())) {
+ (st.st_uid != SUPERUSER && st.st_uid != geteuid())) {
errno = ENOENT;
return -1;
}
diff -u ./source3/auth/pass_check.c.orig ./source3/auth/pass_check.c
--- ./source3/auth/pass_check.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/auth/pass_check.c 2010-05-26 08:39:30.000000000 -0500
@@ -389,8 +389,8 @@
goto err;
}
- set_effective_uid(0);
- set_effective_gid(0);
+ set_effective_uid(SUPERUSER);
+ set_effective_gid(SUPERGROUP);
t = localtime(&expire_time);
if (t) {
@@ -406,7 +406,7 @@
err:
/* Go back to root, JRA. */
- set_effective_uid(0);
+ set_effective_uid(SUPERUSER);
set_effective_gid(egid);
return (False);
}
diff -u ./source3/include/includes.h.orig ./source3/include/includes.h
--- ./source3/include/includes.h.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/include/includes.h 2010-05-28 03:46:26.000000000 -0500
@@ -48,6 +48,15 @@
#include "local.h"
+#ifdef __TANDEM
+#include
+#define SUPERUSER 65535
+#define SUPERGROUP 255
+#else
+#define SUPERUSER 0
+#define SUPERGROUP 0
+#endif
+
#ifdef AIX
#define DEFAULT_PRINTING PRINT_AIX
#define PRINTCAP_NAME "/etc/qconfig"
diff -u ./source3/lib/afs_settoken.c.orig ./source3/lib/afs_settoken.c
--- ./source3/lib/afs_settoken.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/lib/afs_settoken.c 2010-05-26 06:21:48.000000000 -0500
@@ -236,7 +236,7 @@
if (!afs_decode_token(token_string, &cell, &ticket, &ct))
return False;
- if (geteuid() != 0)
+ if (geteuid() != SUPERUSER)
ct.ViceId = getuid();
result = afs_settoken(cell, &ct, ticket);
diff -u ./source3/lib/debug.c.orig ./source3/lib/debug.c
--- ./source3/lib/debug.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/lib/debug.c 2010-05-26 06:22:26.000000000 -0500
@@ -738,7 +738,7 @@
* loop check do a new check as root.
*/
- if( geteuid() != 0 )
+ if( geteuid() != SUPERUSER )
return;
if(log_overflow || !need_to_check_log_size() )
diff -u ./source3/lib/fault.c.orig ./source3/lib/fault.c
--- ./source3/lib/fault.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/lib/fault.c 2010-05-26 06:23:07.000000000 -0500
@@ -304,7 +304,7 @@
/* If we're running as non root we might not be able to dump the core
* file to the corepath. There must not be an unbecome_root() before
* we call abort(). */
- if (geteuid() != 0) {
+ if (geteuid() != SUPERUSER) {
become_root();
}
diff -u ./source3/lib/messages_local.c.orig ./source3/lib/messages_local.c
--- ./source3/lib/messages_local.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/lib/messages_local.c 2010-05-26 06:23:56.000000000 -0500
@@ -262,15 +262,15 @@
SMB_ASSERT(pid > 0);
- if (euid != 0) {
+ if (euid != SUPERUSER) {
/* If we're not root become so to send the message. */
save_re_uid();
- set_effective_uid(0);
+ set_effective_uid(SUPERUSER);
}
ret = kill(pid, SIGUSR1);
- if (euid != 0) {
+ if (euid != SUPERUSER) {
/* Go back to who we were. */
int saved_errno = errno;
restore_re_uid_fromroot();
diff -u ./source3/lib/util_sec.c.orig ./source3/lib/util_sec.c
--- ./source3/lib/util_sec.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/lib/util_sec.c 2010-05-26 06:37:22.000000000 -0500
@@ -84,7 +84,7 @@
****************************************************************************/
bool non_root_mode(void)
{
- return (initial_uid != (uid_t)0);
+ return (initial_uid != (uid_t)SUPERUSER);
}
/****************************************************************************
@@ -129,26 +129,26 @@
void gain_root_privilege(void)
{
#if USE_SETRESUID
- setresuid(0,0,0);
+ setresuid(SUPERUSER,SUPERUSER,SUPERUSER);
#endif
#if USE_SETEUID
- seteuid(0);
+ seteuid(SUPERUSER);
#endif
#if USE_SETREUID
- setreuid(0, 0);
+ setreuid(SUPERUSER, SUPERUSER);
#endif
#if USE_SETUIDX
- setuidx(ID_EFFECTIVE, 0);
- setuidx(ID_REAL, 0);
+ setuidx(ID_EFFECTIVE, SUPERUSER);
+ setuidx(ID_REAL, SUPERUSER);
#endif
/* this is needed on some systems */
- setuid(0);
+ setuid(SUPERUSER);
- assert_uid(0, 0);
+ assert_uid(SUPERUSER, SUPERUSER);
}
@@ -159,25 +159,25 @@
void gain_root_group_privilege(void)
{
#if USE_SETRESUID
- setresgid(0,0,0);
+ setresgid(SUPERGROUP,SUPERGROUP,SUPERGROUP);
#endif
#if USE_SETREUID
- setregid(0,0);
+ setregid(SUPERGROUP,SUPERGROUP);
#endif
#if USE_SETEUID
- setegid(0);
+ setegid(SUPERGROUP);
#endif
#if USE_SETUIDX
- setgidx(ID_EFFECTIVE, 0);
- setgidx(ID_REAL, 0);
+ setgidx(ID_EFFECTIVE, SUPERGROUP);
+ setgidx(ID_REAL, SUPERGROUP);
#endif
- setgid(0);
+ setgid(SUPERGROUP);
- assert_gid(0, 0);
+ assert_gid(SUPERGROUP, SUPERGROUP);
}
@@ -286,7 +286,7 @@
void restore_re_uid(void)
{
- set_effective_uid(0);
+ set_effective_uid(SUPERUSER);
restore_re_uid_fromroot();
}
@@ -338,7 +338,7 @@
#endif
#if USE_SETREUID
- setreuid(0, 0);
+ setreuid(SUPERUSER, SUPERUSER);
setreuid(uid, -1);
setreuid(-1, uid);
#endif
@@ -439,7 +439,7 @@
main()
{
- if (getuid() != 0) {
+ if (getuid() != SUPERUSER) {
#if (defined(AIX) && defined(USE_SETREUID))
/* setreuid is badly broken on AIX 4.1, we avoid it completely */
fprintf(stderr,"avoiding possibly broken setreuid\n");
@@ -461,8 +461,8 @@
gain_root_privilege();
gain_root_group_privilege();
become_user_permanently(1, 1);
- setuid(0);
- if (getuid() == 0) {
+ setuid(SUPERUSER);
+ if (getuid() == SUPERUSER) {
fprintf(stderr,"uid not set permanently\n");
exit(1);
}
@@ -478,5 +478,5 @@
****************************************************************************/
bool is_setuid_root(void)
{
- return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
+ return (geteuid() == (uid_t)SUPERUSER) && (getuid() != (uid_t)SUPERUSER);
}
diff -u ./source3/pam_smbpass/pam_smb_passwd.c.orig ./source3/pam_smbpass/pam_smb_passwd.c
--- ./source3/pam_smbpass/pam_smb_passwd.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/pam_smbpass/pam_smb_passwd.c 2010-05-26 08:58:18.000000000 -0500
@@ -173,7 +173,7 @@
/* Password change by root, or for an expired token, doesn't
require authentication. Is this a good choice? */
- if (getuid() != 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
+ if (getuid() != SUPERUSER && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
/* tell user what is happening */
#define greeting "Changing password for "
diff -u ./source3/printing/printing_db.c.orig ./source3/printing/printing_db.c
--- ./source3/printing/printing_db.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/printing/printing_db.c 2010-05-26 08:59:25.000000000 -0500
@@ -98,7 +98,7 @@
return NULL;
}
- if (geteuid() != 0) {
+ if (geteuid() != SUPERUSER) {
become_root();
done_become_root = True;
}
diff -u ./source3/smbd/sec_ctx.c.orig ./source3/smbd/sec_ctx.c
--- ./source3/smbd/sec_ctx.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/smbd/sec_ctx.c 2010-05-26 09:09:33.000000000 -0500
@@ -106,20 +106,20 @@
return;
}
- if (geteuid() != 0) {
- set_effective_uid(0);
+ if (geteuid() != SUPERUSER) {
+ set_effective_uid(SUPERUSER);
- if (geteuid() != 0) {
+ if (geteuid() != SUPERUSER) {
DEBUG(0,
("Warning: You appear to have a trapdoor "
"uid system\n"));
}
}
- if (getegid() != 0) {
- set_effective_gid(0);
+ if (getegid() != SUPERGROUP) {
+ set_effective_gid(SUPERGROUP);
- if (getegid() != 0) {
+ if (getegid() != SUPERGROUP) {
DEBUG(0,
("Warning: You appear to have a trapdoor "
"gid system\n"));
@@ -363,7 +363,7 @@
{
/* May need to worry about supplementary groups at some stage */
- set_sec_ctx(0, 0, 0, NULL, NULL);
+ set_sec_ctx(SUPERUSER, SUPERGROUP, 0, NULL, NULL);
}
/****************************************************************************
diff -u ./source3/smbd/service.c.orig ./source3/smbd/service.c
--- ./source3/smbd/service.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/smbd/service.c 2010-05-26 09:10:28.000000000 -0500
@@ -1113,7 +1113,7 @@
/* This must ONLY BE CALLED AS ROOT. As it exits this function as
* root. */
- if (!non_root_mode() && (euid = geteuid()) != 0) {
+ if (!non_root_mode() && (euid = geteuid()) != SUPERUSER) {
DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot "
"(%u)\n", (unsigned int)euid ));
smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
diff -u ./source3/utils/net_sam.c.orig ./source3/utils/net_sam.c
--- ./source3/utils/net_sam.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/utils/net_sam.c 2010-05-26 09:14:28.000000000 -0500
@@ -2139,7 +2139,7 @@
{NULL, NULL, 0, NULL, NULL}
};
- if (getuid() != 0) {
+ if (getuid() != SUPERUSER) {
d_fprintf(stderr, _("You are not root, most things won't "
"work\n"));
}
diff -u ./source3/utils/net_usershare.c.orig ./source3/utils/net_usershare.c
--- ./source3/utils/net_usershare.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/utils/net_usershare.c 2010-05-26 09:15:07.000000000 -0500
@@ -769,7 +769,7 @@
/* If we're not root, check if we're restricted to sharing out directories
that we own only. */
- if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
+ if ((myeuid != SUPERUSER) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
d_fprintf(stderr, _("net usershare add: cannot share path %s as "
"we are restricted to only sharing directories we own.\n"
"\tAsk the administrator to add the line \"usershare owner only = false\" \n"
diff -u ./source3/utils/smbpasswd.c.orig ./source3/utils/smbpasswd.c
--- ./source3/utils/smbpasswd.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/utils/smbpasswd.c 2010-05-26 09:18:14.000000000 -0500
@@ -95,7 +95,7 @@
switch(ch) {
case 'L':
#if !defined(NSS_WRAPPER)
- if (getuid() != 0) {
+ if (getuid() != SUPERUSER) {
fprintf(stderr, "smbpasswd -L can only be used by root.\n");
exit(1);
}
@@ -574,7 +574,7 @@
set_auth_parameters(argc, argv);
#endif /* HAVE_SET_AUTH_PARAMETERS */
- if (getuid() == 0) {
+ if (getuid() == SUPERUSER) {
local_flags = LOCAL_AM_ROOT;
}
diff -u ./source3/web/cgi.c.orig ./source3/web/cgi.c
--- ./source3/web/cgi.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/web/cgi.c 2010-05-26 09:19:10.000000000 -0500
@@ -320,7 +320,7 @@
exit(0);
}
- setuid(0);
+ setuid(SUPERUSER);
setuid(pwd->pw_uid);
if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
printf("%sFailed to become user %s - uid=%d/%d
%s\n",
@@ -407,7 +407,7 @@
***************************************************************************/
bool am_root(void)
{
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
return( True);
} else {
return( False);
diff -u ./source3/web/startstop.c.orig ./source3/web/startstop.c
--- ./source3/web/startstop.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/web/startstop.c 2010-05-26 09:20:47.000000000 -0500
@@ -27,7 +27,7 @@
{
char *binfile = NULL;
- if (geteuid() != 0) {
+ if (geteuid() != SUPERUSER) {
return;
}
@@ -47,7 +47,7 @@
{
char *binfile = NULL;
- if (geteuid() != 0) {
+ if (geteuid() != SUPERUSER) {
return;
}
@@ -67,7 +67,7 @@
{
char *binfile = NULL;
- if (geteuid() != 0) {
+ if (geteuid() != SUPERUSER) {
return;
}
@@ -88,7 +88,7 @@
{
pid_t pid = pidfile_pid("smbd");
- if (geteuid() != 0) return;
+ if (geteuid() != SUPERUSER) return;
if (pid <= 0) return;
@@ -100,7 +100,7 @@
{
pid_t pid = pidfile_pid("nmbd");
- if (geteuid() != 0) return;
+ if (geteuid() != SUPERUSER) return;
if (pid <= 0) return;
@@ -112,7 +112,7 @@
{
pid_t pid = pidfile_pid("winbindd");
- if (geteuid() != 0) return;
+ if (geteuid() != SUPERUSER) return;
if (pid <= 0) return;
@@ -122,7 +122,7 @@
/* kill a specified process */
void kill_pid(struct server_id pid)
{
- if (geteuid() != 0) return;
+ if (geteuid() != SUPERUSER) return;
if (procid_to_pid(&pid) <= 0) return;
diff -u ./source3/web/statuspage.c.orig ./source3/web/statuspage.c
--- ./source3/web/statuspage.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/web/statuspage.c 2010-05-26 09:22:55.000000000 -0500
@@ -211,7 +211,7 @@
procid_str_static(&crec->pid),
crec->machine, crec->addr,
tstring(talloc_tos(),crec->start));
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
printf(" | \n",
procid_str_static(&crec->pid));
}
@@ -349,7 +349,7 @@
fflush(stdout);
printf("| %s | %s | \n", _("smbd:"), smbd_running()?_("running"):_("not running"));
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
if (smbd_running()) {
nr_running++;
printf(" | \n", _("Stop smbd"));
@@ -362,7 +362,7 @@
fflush(stdout);
printf("
| %s | %s | \n", _("nmbd:"), nmbd_running()?_("running"):_("not running"));
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
if (nmbd_running()) {
nr_running++;
printf(" | \n", _("Stop nmbd"));
@@ -376,7 +376,7 @@
#ifdef WITH_WINBIND
fflush(stdout);
printf("
| %s | %s | \n", _("winbindd:"), winbindd_running()?_("running"):_("not running"));
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
if (winbindd_running()) {
nr_running++;
printf(" | \n", _("Stop winbindd"));
@@ -388,7 +388,7 @@
printf("
\n");
#endif
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
printf(" | | \n");
if (nr_running >= 1) {
/* stop, restart all */
@@ -407,7 +407,7 @@
printf("%s
\n", _("Active Connections"));
printf("\n");
printf("| %s | %s | %s | %s | \n", _("PID"), _("Client"), _("IP address"), _("Date"));
- if (geteuid() == 0) {
+ if (geteuid() == SUPERUSER) {
printf("%s | \n", _("Kill"));
}
printf("
|---|
\n");
diff -u ./testsuite/smbd/sec_ctx_root.c.orig ./testsuite/smbd/sec_ctx_root.c
--- ./testsuite/smbd/sec_ctx_root.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./testsuite/smbd/sec_ctx_root.c 2010-05-26 09:23:36.000000000 -0500
@@ -43,7 +43,7 @@
getgroups(actual_ngroups, actual_groups);
- if (geteuid() != 0 || getegid() != 0 || actual_ngroups != 0) {
+ if (geteuid() != SUPERUSER || getegid() != SUPERGROUP || actual_ngroups != 0) {
printf("FAIL: root id not set\n");
return 1;
}
diff -u ./testsuite/smbd/sec_ctx_stack.c.orig ./testsuite/smbd/sec_ctx_stack.c
--- ./testsuite/smbd/sec_ctx_stack.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./testsuite/smbd/sec_ctx_stack.c 2010-05-26 09:24:36.000000000 -0500
@@ -71,7 +71,7 @@
return 1;
}
} else {
- if ((geteuid() != 0) || (getegid() != 0)) {
+ if ((geteuid() != SUPERUSER) || (getegid() != SUPERGROUP)) {
printf("FAIL: incorrect context popped\n");
return 1;
}
diff -u ./source3/client/smbspool.c.orig ./source3/client/smbspool.c
--- ./source3/client/smbspool.c.orig 2010-05-17 06:51:23.000000000 -0500
+++ ./source3/client/smbspool.c 2010-05-26 08:46:16.000000000 -0500
@@ -517,7 +517,11 @@
}
/* give a chance for a passwordless NTLMSSP session setup */
+#ifdef __TANDEM
+ pwd = getpwnam(getlogin());
+#else
pwd = getpwuid(geteuid());
+#endif
if (pwd == NULL) {
return NULL;
}