The Samba-Bugzilla – Attachment 5757 Details for
Bug 7488
hard coded 0 for superuser's UID and GID
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
samba-3.5.3-7488.diff (text/plain), 17.45 KB, created by
Joachim Schmitz (mail address dead)
on 2010-06-02 06:12:24 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Joachim Schmitz (mail address dead)
Created:
2010-06-02 06:12:24 UTC
Size:
17.45 KB
patch
obsolete
>diff -u ./nsswitch/libwbclient/wbc_async.c.orig ./nsswitch/libwbclient/wbc_async.c >--- ./nsswitch/libwbclient/wbc_async.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./nsswitch/libwbclient/wbc_async.c 2010-05-28 07:54:29.000000000 -0500 >@@ -21,6 +21,7 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >+#include "includes.h" > #include "replace.h" > #include "system/filesys.h" > #include "system/network.h" >@@ -252,7 +253,7 @@ > } > > if (!S_ISDIR(st.st_mode) || >- (st.st_uid != 0 && st.st_uid != geteuid())) { >+ (st.st_uid != SUPERUSER && st.st_uid != geteuid())) { > wbc_err = WBC_ERR_WINBIND_NOT_AVAILABLE; > goto post_status; > } >@@ -275,7 +276,7 @@ > > if ((lstat(sunaddr.sun_path, &st) == -1) > || !S_ISSOCK(st.st_mode) >- || (st.st_uid != 0 && st.st_uid != geteuid())) { >+ || (st.st_uid != SUPERUSER && st.st_uid != geteuid())) { > wbc_err = WBC_ERR_WINBIND_NOT_AVAILABLE; > goto post_status; > } >diff -u ./nsswitch/wb_common.c.orig ./nsswitch/wb_common.c >--- ./nsswitch/wb_common.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./nsswitch/wb_common.c 2010-05-26 08:37:55.000000000 -0500 >@@ -22,6 +22,7 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >+#include "includes.h" > #include "winbind_client.h" > > /* Global variables. These are effectively the client state information */ >@@ -181,7 +182,7 @@ > } > > if (!S_ISDIR(st.st_mode) || >- (st.st_uid != 0 && st.st_uid != geteuid())) { >+ (st.st_uid != SUPERUSER && st.st_uid != geteuid())) { > errno = ENOENT; > return -1; > } >@@ -210,7 +211,7 @@ > /* Check permissions on unix socket file */ > > if (!S_ISSOCK(st.st_mode) || >- (st.st_uid != 0 && st.st_uid != geteuid())) { >+ (st.st_uid != SUPERUSER && st.st_uid != geteuid())) { > errno = ENOENT; > return -1; > } >diff -u ./source3/auth/pass_check.c.orig ./source3/auth/pass_check.c >--- ./source3/auth/pass_check.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/auth/pass_check.c 2010-05-26 08:39:30.000000000 -0500 >@@ -389,8 +389,8 @@ > goto err; > } > >- set_effective_uid(0); >- set_effective_gid(0); >+ set_effective_uid(SUPERUSER); >+ set_effective_gid(SUPERGROUP); > > t = localtime(&expire_time); > if (t) { >@@ -406,7 +406,7 @@ > err: > > /* Go back to root, JRA. */ >- set_effective_uid(0); >+ set_effective_uid(SUPERUSER); > set_effective_gid(egid); > return (False); > } >diff -u ./source3/include/includes.h.orig ./source3/include/includes.h >--- ./source3/include/includes.h.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/include/includes.h 2010-05-28 03:46:26.000000000 -0500 >@@ -48,6 +48,15 @@ > > #include "local.h" > >+#ifdef __TANDEM >+#include <floss.h> >+#define SUPERUSER 65535 >+#define SUPERGROUP 255 >+#else >+#define SUPERUSER 0 >+#define SUPERGROUP 0 >+#endif >+ > #ifdef AIX > #define DEFAULT_PRINTING PRINT_AIX > #define PRINTCAP_NAME "/etc/qconfig" >diff -u ./source3/lib/afs_settoken.c.orig ./source3/lib/afs_settoken.c >--- ./source3/lib/afs_settoken.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/lib/afs_settoken.c 2010-05-26 06:21:48.000000000 -0500 >@@ -236,7 +236,7 @@ > if (!afs_decode_token(token_string, &cell, &ticket, &ct)) > return False; > >- if (geteuid() != 0) >+ if (geteuid() != SUPERUSER) > ct.ViceId = getuid(); > > result = afs_settoken(cell, &ct, ticket); >diff -u ./source3/lib/debug.c.orig ./source3/lib/debug.c >--- ./source3/lib/debug.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/lib/debug.c 2010-05-26 06:22:26.000000000 -0500 >@@ -738,7 +738,7 @@ > * loop check do a new check as root. > */ > >- if( geteuid() != 0 ) >+ if( geteuid() != SUPERUSER ) > return; > > if(log_overflow || !need_to_check_log_size() ) >diff -u ./source3/lib/fault.c.orig ./source3/lib/fault.c >--- ./source3/lib/fault.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/lib/fault.c 2010-05-26 06:23:07.000000000 -0500 >@@ -304,7 +304,7 @@ > /* If we're running as non root we might not be able to dump the core > * file to the corepath. There must not be an unbecome_root() before > * we call abort(). */ >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > become_root(); > } > >diff -u ./source3/lib/messages_local.c.orig ./source3/lib/messages_local.c >--- ./source3/lib/messages_local.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/lib/messages_local.c 2010-05-26 06:23:56.000000000 -0500 >@@ -262,15 +262,15 @@ > > SMB_ASSERT(pid > 0); > >- if (euid != 0) { >+ if (euid != SUPERUSER) { > /* If we're not root become so to send the message. */ > save_re_uid(); >- set_effective_uid(0); >+ set_effective_uid(SUPERUSER); > } > > ret = kill(pid, SIGUSR1); > >- if (euid != 0) { >+ if (euid != SUPERUSER) { > /* Go back to who we were. */ > int saved_errno = errno; > restore_re_uid_fromroot(); >diff -u ./source3/lib/util_sec.c.orig ./source3/lib/util_sec.c >--- ./source3/lib/util_sec.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/lib/util_sec.c 2010-05-26 06:37:22.000000000 -0500 >@@ -84,7 +84,7 @@ > ****************************************************************************/ > bool non_root_mode(void) > { >- return (initial_uid != (uid_t)0); >+ return (initial_uid != (uid_t)SUPERUSER); > } > > /**************************************************************************** >@@ -129,26 +129,26 @@ > void gain_root_privilege(void) > { > #if USE_SETRESUID >- setresuid(0,0,0); >+ setresuid(SUPERUSER,SUPERUSER,SUPERUSER); > #endif > > #if USE_SETEUID >- seteuid(0); >+ seteuid(SUPERUSER); > #endif > > #if USE_SETREUID >- setreuid(0, 0); >+ setreuid(SUPERUSER, SUPERUSER); > #endif > > #if USE_SETUIDX >- setuidx(ID_EFFECTIVE, 0); >- setuidx(ID_REAL, 0); >+ setuidx(ID_EFFECTIVE, SUPERUSER); >+ setuidx(ID_REAL, SUPERUSER); > #endif > > /* this is needed on some systems */ >- setuid(0); >+ setuid(SUPERUSER); > >- assert_uid(0, 0); >+ assert_uid(SUPERUSER, SUPERUSER); > } > > >@@ -159,25 +159,25 @@ > void gain_root_group_privilege(void) > { > #if USE_SETRESUID >- setresgid(0,0,0); >+ setresgid(SUPERGROUP,SUPERGROUP,SUPERGROUP); > #endif > > #if USE_SETREUID >- setregid(0,0); >+ setregid(SUPERGROUP,SUPERGROUP); > #endif > > #if USE_SETEUID >- setegid(0); >+ setegid(SUPERGROUP); > #endif > > #if USE_SETUIDX >- setgidx(ID_EFFECTIVE, 0); >- setgidx(ID_REAL, 0); >+ setgidx(ID_EFFECTIVE, SUPERGROUP); >+ setgidx(ID_REAL, SUPERGROUP); > #endif > >- setgid(0); >+ setgid(SUPERGROUP); > >- assert_gid(0, 0); >+ assert_gid(SUPERGROUP, SUPERGROUP); > } > > >@@ -286,7 +286,7 @@ > > void restore_re_uid(void) > { >- set_effective_uid(0); >+ set_effective_uid(SUPERUSER); > restore_re_uid_fromroot(); > } > >@@ -338,7 +338,7 @@ > #endif > > #if USE_SETREUID >- setreuid(0, 0); >+ setreuid(SUPERUSER, SUPERUSER); > setreuid(uid, -1); > setreuid(-1, uid); > #endif >@@ -439,7 +439,7 @@ > > main() > { >- if (getuid() != 0) { >+ if (getuid() != SUPERUSER) { > #if (defined(AIX) && defined(USE_SETREUID)) > /* setreuid is badly broken on AIX 4.1, we avoid it completely */ > fprintf(stderr,"avoiding possibly broken setreuid\n"); >@@ -461,8 +461,8 @@ > gain_root_privilege(); > gain_root_group_privilege(); > become_user_permanently(1, 1); >- setuid(0); >- if (getuid() == 0) { >+ setuid(SUPERUSER); >+ if (getuid() == SUPERUSER) { > fprintf(stderr,"uid not set permanently\n"); > exit(1); > } >@@ -478,5 +478,5 @@ > ****************************************************************************/ > bool is_setuid_root(void) > { >- return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0); >+ return (geteuid() == (uid_t)SUPERUSER) && (getuid() != (uid_t)SUPERUSER); > } >diff -u ./source3/pam_smbpass/pam_smb_passwd.c.orig ./source3/pam_smbpass/pam_smb_passwd.c >--- ./source3/pam_smbpass/pam_smb_passwd.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/pam_smbpass/pam_smb_passwd.c 2010-05-26 08:58:18.000000000 -0500 >@@ -173,7 +173,7 @@ > > /* Password change by root, or for an expired token, doesn't > require authentication. Is this a good choice? */ >- if (getuid() != 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { >+ if (getuid() != SUPERUSER && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { > > /* tell user what is happening */ > #define greeting "Changing password for " >diff -u ./source3/printing/printing_db.c.orig ./source3/printing/printing_db.c >--- ./source3/printing/printing_db.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/printing/printing_db.c 2010-05-26 08:59:25.000000000 -0500 >@@ -98,7 +98,7 @@ > return NULL; > } > >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > become_root(); > done_become_root = True; > } >diff -u ./source3/smbd/sec_ctx.c.orig ./source3/smbd/sec_ctx.c >--- ./source3/smbd/sec_ctx.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/smbd/sec_ctx.c 2010-05-26 09:09:33.000000000 -0500 >@@ -106,20 +106,20 @@ > return; > } > >- if (geteuid() != 0) { >- set_effective_uid(0); >+ if (geteuid() != SUPERUSER) { >+ set_effective_uid(SUPERUSER); > >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > DEBUG(0, > ("Warning: You appear to have a trapdoor " > "uid system\n")); > } > } > >- if (getegid() != 0) { >- set_effective_gid(0); >+ if (getegid() != SUPERGROUP) { >+ set_effective_gid(SUPERGROUP); > >- if (getegid() != 0) { >+ if (getegid() != SUPERGROUP) { > DEBUG(0, > ("Warning: You appear to have a trapdoor " > "gid system\n")); >@@ -363,7 +363,7 @@ > { > /* May need to worry about supplementary groups at some stage */ > >- set_sec_ctx(0, 0, 0, NULL, NULL); >+ set_sec_ctx(SUPERUSER, SUPERGROUP, 0, NULL, NULL); > } > > /**************************************************************************** >diff -u ./source3/smbd/service.c.orig ./source3/smbd/service.c >--- ./source3/smbd/service.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/smbd/service.c 2010-05-26 09:10:28.000000000 -0500 >@@ -1113,7 +1113,7 @@ > > /* This must ONLY BE CALLED AS ROOT. As it exits this function as > * root. */ >- if (!non_root_mode() && (euid = geteuid()) != 0) { >+ if (!non_root_mode() && (euid = geteuid()) != SUPERUSER) { > DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot " > "(%u)\n", (unsigned int)euid )); > smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); >diff -u ./source3/utils/net_sam.c.orig ./source3/utils/net_sam.c >--- ./source3/utils/net_sam.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/utils/net_sam.c 2010-05-26 09:14:28.000000000 -0500 >@@ -2139,7 +2139,7 @@ > {NULL, NULL, 0, NULL, NULL} > }; > >- if (getuid() != 0) { >+ if (getuid() != SUPERUSER) { > d_fprintf(stderr, _("You are not root, most things won't " > "work\n")); > } >diff -u ./source3/utils/net_usershare.c.orig ./source3/utils/net_usershare.c >--- ./source3/utils/net_usershare.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/utils/net_usershare.c 2010-05-26 09:15:07.000000000 -0500 >@@ -769,7 +769,7 @@ > /* If we're not root, check if we're restricted to sharing out directories > that we own only. */ > >- if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) { >+ if ((myeuid != SUPERUSER) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) { > d_fprintf(stderr, _("net usershare add: cannot share path %s as " > "we are restricted to only sharing directories we own.\n" > "\tAsk the administrator to add the line \"usershare owner only = false\" \n" >diff -u ./source3/utils/smbpasswd.c.orig ./source3/utils/smbpasswd.c >--- ./source3/utils/smbpasswd.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/utils/smbpasswd.c 2010-05-26 09:18:14.000000000 -0500 >@@ -95,7 +95,7 @@ > switch(ch) { > case 'L': > #if !defined(NSS_WRAPPER) >- if (getuid() != 0) { >+ if (getuid() != SUPERUSER) { > fprintf(stderr, "smbpasswd -L can only be used by root.\n"); > exit(1); > } >@@ -574,7 +574,7 @@ > set_auth_parameters(argc, argv); > #endif /* HAVE_SET_AUTH_PARAMETERS */ > >- if (getuid() == 0) { >+ if (getuid() == SUPERUSER) { > local_flags = LOCAL_AM_ROOT; > } > >diff -u ./source3/web/cgi.c.orig ./source3/web/cgi.c >--- ./source3/web/cgi.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/web/cgi.c 2010-05-26 09:19:10.000000000 -0500 >@@ -320,7 +320,7 @@ > exit(0); > } > >- setuid(0); >+ setuid(SUPERUSER); > setuid(pwd->pw_uid); > if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { > printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", >@@ -407,7 +407,7 @@ > ***************************************************************************/ > bool am_root(void) > { >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > return( True); > } else { > return( False); >diff -u ./source3/web/startstop.c.orig ./source3/web/startstop.c >--- ./source3/web/startstop.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/web/startstop.c 2010-05-26 09:20:47.000000000 -0500 >@@ -27,7 +27,7 @@ > { > char *binfile = NULL; > >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > return; > } > >@@ -47,7 +47,7 @@ > { > char *binfile = NULL; > >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > return; > } > >@@ -67,7 +67,7 @@ > { > char *binfile = NULL; > >- if (geteuid() != 0) { >+ if (geteuid() != SUPERUSER) { > return; > } > >@@ -88,7 +88,7 @@ > { > pid_t pid = pidfile_pid("smbd"); > >- if (geteuid() != 0) return; >+ if (geteuid() != SUPERUSER) return; > > if (pid <= 0) return; > >@@ -100,7 +100,7 @@ > { > pid_t pid = pidfile_pid("nmbd"); > >- if (geteuid() != 0) return; >+ if (geteuid() != SUPERUSER) return; > > if (pid <= 0) return; > >@@ -112,7 +112,7 @@ > { > pid_t pid = pidfile_pid("winbindd"); > >- if (geteuid() != 0) return; >+ if (geteuid() != SUPERUSER) return; > > if (pid <= 0) return; > >@@ -122,7 +122,7 @@ > /* kill a specified process */ > void kill_pid(struct server_id pid) > { >- if (geteuid() != 0) return; >+ if (geteuid() != SUPERUSER) return; > > if (procid_to_pid(&pid) <= 0) return; > >diff -u ./source3/web/statuspage.c.orig ./source3/web/statuspage.c >--- ./source3/web/statuspage.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/web/statuspage.c 2010-05-26 09:22:55.000000000 -0500 >@@ -211,7 +211,7 @@ > procid_str_static(&crec->pid), > crec->machine, crec->addr, > tstring(talloc_tos(),crec->start)); >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > printf("<td><input type=submit value=\"X\" name=\"kill_%s\"></td>\n", > procid_str_static(&crec->pid)); > } >@@ -349,7 +349,7 @@ > > fflush(stdout); > printf("<tr><td>%s</td><td>%s</td>\n", _("smbd:"), smbd_running()?_("running"):_("not running")); >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > if (smbd_running()) { > nr_running++; > printf("<td><input type=submit name=\"smbd_stop\" value=\"%s\"></td>\n", _("Stop smbd")); >@@ -362,7 +362,7 @@ > > fflush(stdout); > printf("<tr><td>%s</td><td>%s</td>\n", _("nmbd:"), nmbd_running()?_("running"):_("not running")); >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > if (nmbd_running()) { > nr_running++; > printf("<td><input type=submit name=\"nmbd_stop\" value=\"%s\"></td>\n", _("Stop nmbd")); >@@ -376,7 +376,7 @@ > #ifdef WITH_WINBIND > fflush(stdout); > printf("<tr><td>%s</td><td>%s</td>\n", _("winbindd:"), winbindd_running()?_("running"):_("not running")); >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > if (winbindd_running()) { > nr_running++; > printf("<td><input type=submit name=\"winbindd_stop\" value=\"%s\"></td>\n", _("Stop winbindd")); >@@ -388,7 +388,7 @@ > printf("</tr>\n"); > #endif > >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > printf("<tr><td></td><td></td>\n"); > if (nr_running >= 1) { > /* stop, restart all */ >@@ -407,7 +407,7 @@ > printf("<p><h3>%s</h3>\n", _("Active Connections")); > printf("<table border=1>\n"); > printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th>\n", _("PID"), _("Client"), _("IP address"), _("Date")); >- if (geteuid() == 0) { >+ if (geteuid() == SUPERUSER) { > printf("<th>%s</th>\n", _("Kill")); > } > printf("</tr>\n"); >diff -u ./testsuite/smbd/sec_ctx_root.c.orig ./testsuite/smbd/sec_ctx_root.c >--- ./testsuite/smbd/sec_ctx_root.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./testsuite/smbd/sec_ctx_root.c 2010-05-26 09:23:36.000000000 -0500 >@@ -43,7 +43,7 @@ > > getgroups(actual_ngroups, actual_groups); > >- if (geteuid() != 0 || getegid() != 0 || actual_ngroups != 0) { >+ if (geteuid() != SUPERUSER || getegid() != SUPERGROUP || actual_ngroups != 0) { > printf("FAIL: root id not set\n"); > return 1; > } >diff -u ./testsuite/smbd/sec_ctx_stack.c.orig ./testsuite/smbd/sec_ctx_stack.c >--- ./testsuite/smbd/sec_ctx_stack.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./testsuite/smbd/sec_ctx_stack.c 2010-05-26 09:24:36.000000000 -0500 >@@ -71,7 +71,7 @@ > return 1; > } > } else { >- if ((geteuid() != 0) || (getegid() != 0)) { >+ if ((geteuid() != SUPERUSER) || (getegid() != SUPERGROUP)) { > printf("FAIL: incorrect context popped\n"); > return 1; > } >diff -u ./source3/client/smbspool.c.orig ./source3/client/smbspool.c >--- ./source3/client/smbspool.c.orig 2010-05-17 06:51:23.000000000 -0500 >+++ ./source3/client/smbspool.c 2010-05-26 08:46:16.000000000 -0500 >@@ -517,7 +517,11 @@ > } > > /* give a chance for a passwordless NTLMSSP session setup */ >+#ifdef __TANDEM >+ pwd = getpwnam(getlogin()); >+#else > pwd = getpwuid(geteuid()); >+#endif > if (pwd == NULL) { > return NULL; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 7488
: 5757 |
7899
|
7900