Attachment 7899 Details for Bug 7488 – SUPERUSER/SUPERGROUP patch

[patch] SUPERUSER/SUPERGROUP patch

samba-git-bug7488.diff (text/plain), 16.49 KB, created by Joachim Schmitz (mail address dead) on 2012-09-17 19:44:48 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Joachim Schmitz (mail address dead)

Created: 2012-09-17 19:44:48 UTC

Size: 16.49 KB

patch

obsolete

>diff --git a/lib/replace/replace.h b/lib/replace/replace.h
>index c7f9c71..bccea3e 100644
>--- a/lib/replace/replace.h
>+++ b/lib/replace/replace.h
>@@ -45,6 +45,13 @@
> #include "win32_replace.h"
> #endif
> 
>+#ifdef __TANDEM
>+#define SUPERUSER_UID 65535
>+#define SUPERGROUP_GID 255
>+#else
>+#define SUPERUSER_UID 0
>+#define SUPERGROUP_GID 0
>+#endif
> 
> #ifdef HAVE_STDINT_H
> #include <stdint.h>
>diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
>index c56a76f..731137d 100644
>--- a/nsswitch/wb_common.c
>+++ b/nsswitch/wb_common.c
>@@ -189,7 +189,7 @@ static int winbind_named_pipe_sock(const char *dir)
> 	}
> 
> 	if (!S_ISDIR(st.st_mode) ||
>-	    (st.st_uid != 0 && st.st_uid != geteuid())) {
>+	    (st.st_uid != SUPERUSER_UID && st.st_uid != geteuid())) {
> 		errno = ENOENT;
> 		return -1;
> 	}
>@@ -218,7 +218,7 @@ static int winbind_named_pipe_sock(const char *dir)
> 	/* Check permissions on unix socket file */
> 
> 	if (!S_ISSOCK(st.st_mode) ||
>-	    (st.st_uid != 0 && st.st_uid != geteuid())) {
>+	    (st.st_uid != SUPERUSER_UID && st.st_uid != geteuid())) {
> 		errno = ENOENT;
> 		return -1;
> 	}
>diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
>index f2d1fc2..8c3eb97 100644
>--- a/source3/auth/pass_check.c
>+++ b/source3/auth/pass_check.c
>@@ -397,8 +397,8 @@ static bool dfs_auth(char *user, char *password)
> 		goto err;
> 	}
> 
>-	set_effective_uid(0);
>-	set_effective_gid(0);
>+	set_effective_uid(SUPERUSER_UID);
>+	set_effective_gid(SUPERGROUP_GID);
> 
> 	t = localtime(&expire_time);
> 	if (t) {
>@@ -414,7 +414,7 @@ static bool dfs_auth(char *user, char *password)
>       err:
> 
> 	/* Go back to root, JRA. */
>-	set_effective_uid(0);
>+	set_effective_uid(SUPERUSER_UID);
> 	set_effective_gid(egid);
> 	return (False);
> }
>diff --git a/source3/lib/messages_local.c b/source3/lib/messages_local.c
>index 6b63d72..2d0a809 100644
>--- a/source3/lib/messages_local.c
>+++ b/source3/lib/messages_local.c
>@@ -308,20 +308,20 @@ static NTSTATUS message_notify(struct server_id procid)
> 	 * sent to places we don't want.
> 	 */
> 
>-	SMB_ASSERT(pid > 0);
>+	SMB_ASSERT(pid > SUPERUSER_UID);
> 	if (pid <= 0) {
> 		return NT_STATUS_INVALID_HANDLE;
> 	}
> 
>-	if (euid != 0) {
>+	if (euid != SUPERUSER_UID) {
> 		/* If we're not root become so to send the message. */
> 		save_re_uid();
>-		set_effective_uid(0);
>+		set_effective_uid(SUPERUSER_UID);
> 	}
> 
> 	ret = kill(pid, SIGUSR1);
> 
>-	if (euid != 0) {
>+	if (euid != SUPERUSER_UID) {
> 		/* Go back to who we were. */
> 		int saved_errno = errno;
> 		restore_re_uid_fromroot();
>diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
>index ac999e3..ab937fd 100644
>--- a/source3/lib/util_sec.c
>+++ b/source3/lib/util_sec.c
>@@ -25,6 +25,11 @@
> #else
> /* we are running this code in autoconf test mode to see which type of setuid
>    function works */
>+
>+/* as we don't get these two via includes.h -> replace.h here */
>+#define SUPERUSER_UID 0
>+#define SUPERGROUP_GID 0
>+
> #if defined(HAVE_UNISTD_H)
> #include <unistd.h>
> #endif
>@@ -87,7 +92,7 @@ are we running in non-root mode?
> ****************************************************************************/
> bool non_root_mode(void)
> {
>-	return (initial_uid != (uid_t)0);
>+	return (initial_uid != (uid_t)SUPERUSER_UID);
> }
> 
> /****************************************************************************
>@@ -132,26 +137,26 @@ static void assert_gid(gid_t rgid, gid_t egid)
> void gain_root_privilege(void)
> {	
> #if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS)
>-	samba_setresuid(0,0,0);
>+	samba_setresuid(SUPERUSER_UID, SUPERUSER_UID, SUPERUSER_UID);
> #endif
>     
> #if USE_SETEUID
>-	samba_seteuid(0);
>+	samba_seteuid(SUPERUSER_UID);
> #endif
> 
> #if USE_SETREUID
>-	samba_setreuid(0, 0);
>+	samba_setreuid(SUPERUSER_UID, SUPERUSER_UID);
> #endif
> 
> #if USE_SETUIDX
>-	samba_setuidx(ID_EFFECTIVE, 0);
>-	samba_setuidx(ID_REAL, 0);
>+	samba_setuidx(ID_EFFECTIVE, SUPERUSER_UID);
>+	samba_setuidx(ID_REAL, SUPERUSER_UID);
> #endif
> 
> 	/* this is needed on some systems */
>-	samba_setuid(0);
>+	samba_setuid(SUPERUSER_UID);
> 
>-	assert_uid(0, 0);
>+	assert_uid(SUPERUSER_UID, SUPERUSER_UID);
> }
> 
> 
>@@ -162,25 +167,25 @@ void gain_root_privilege(void)
> void gain_root_group_privilege(void)
> {
> #if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS)
>-	samba_setresgid(0,0,0);
>+	samba_setresgid(SUPERGROUP_GID, SUPERGROUP_GID, SUPERGROUP_GID);
> #endif
> 
> #if USE_SETREUID
>-	samba_setregid(0,0);
>+	samba_setregid(SUPERGROUP_GID, SUPERGROUP_GID);
> #endif
> 
> #if USE_SETEUID
>-	samba_setegid(0);
>+	samba_setegid(SUPERGROUP_GID);
> #endif
> 
> #if USE_SETUIDX
>-	samba_setgidx(ID_EFFECTIVE, 0);
>-	samba_setgidx(ID_REAL, 0);
>+	samba_setgidx(ID_EFFECTIVE, SUPERGROUP_GID);
>+	samba_setgidx(ID_REAL, SUPERGROUP_GID);
> #endif
> 
>-	samba_setgid(0);
>+	samba_setgid(SUPERGROUP_GID);
> 
>-	assert_gid(0, 0);
>+	assert_gid(SUPERGROUP_GID, SUPERGROUP_GID);
> }
> 
> 
>@@ -289,7 +294,7 @@ void restore_re_uid_fromroot(void)
> 
> void restore_re_uid(void)
> {
>-	set_effective_uid(0);
>+	set_effective_uid(SUPERUSER_UID);
> 	restore_re_uid_fromroot();
> }
> 
>@@ -341,7 +346,7 @@ int set_re_uid(void)
> #endif
> 
> #if USE_SETREUID
>-	samba_setreuid(0, 0);
>+	samba_setreuid(SUPERUSER_UID, SUPERUSER_UID);
> 	samba_setreuid(uid, -1);
> 	samba_setreuid(-1, uid);
> #endif
>@@ -429,7 +434,7 @@ int set_thread_credentials(uid_t uid,
> 
> 	/* Become root. */
> 	/* Set ru=0, eu=0 */
>-	if (samba_setresuid(0, 0, -1) != 0) {
>+	if (samba_setresuid(SUPERUSER_UID, SUPERUSER_UID, -1) != 0) {
> 		return -1;
> 	}
> 	/* Set our primary gid. */
>@@ -490,7 +495,7 @@ static int have_syscall(void)
> 
> main()
> {
>-        if (getuid() != 0) {
>+        if (getuid() != SUPERUSER_UID) {
> #if (defined(AIX) && defined(USE_SETREUID))
> 		/* setreuid is badly broken on AIX 4.1, we avoid it completely */
>                 fprintf(stderr,"avoiding possibly broken setreuid\n");
>@@ -512,8 +517,8 @@ main()
> 	gain_root_privilege();
> 	gain_root_group_privilege();
> 	become_user_permanently(1, 1);
>-	samba_setuid(0);
>-	if (getuid() == 0) {
>+	samba_setuid(SUPERUSER_UID);
>+	if (getuid() == SUPERUSER_UID) {
> 		fprintf(stderr,"uid not set permanently\n");
> 		exit(1);
> 	}
>@@ -529,5 +534,5 @@ Check if we are setuid root.  Used in libsmb and smbpasswd paranoia checks.
> ****************************************************************************/
> bool is_setuid_root(void) 
> {
>-	return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
>+	return (geteuid() == (uid_t)SUPERUSER_UID) && (getuid() != (uid_t)SUPERUSER_UID);
> }
>diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
>index ce0b118..0a7e32a 100644
>--- a/source3/pam_smbpass/pam_smb_passwd.c
>+++ b/source3/pam_smbpass/pam_smb_passwd.c
>@@ -172,7 +172,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
> 
> 	/* Password change by root, or for an expired token, doesn't
>            require authentication.  Is this a good choice? */
>-        if (getuid() != 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
>+        if (getuid() != SUPERUSER_UID && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
> 
>             /* tell user what is happening */
> 		if (asprintf(&Announce, "Changing password for %s", user) == -1) {
>diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
>index 83674a2..6a832f2 100644
>--- a/source3/smbd/sec_ctx.c
>+++ b/source3/smbd/sec_ctx.c
>@@ -112,20 +112,20 @@ static void gain_root(void)
> 		return;
> 	}
> 
>-	if (geteuid() != 0) {
>-		set_effective_uid(0);
>+	if (geteuid() != SUPERUSER_UID) {
>+		set_effective_uid(SUPERUSER_UID);
> 
>-		if (geteuid() != 0) {
>+		if (geteuid() != SUPERUSER_UID) {
> 			DEBUG(0,
> 			      ("Warning: You appear to have a trapdoor "
> 			       "uid system\n"));
> 		}
> 	}
> 
>-	if (getegid() != 0) {
>-		set_effective_gid(0);
>+	if (getegid() != SUPERGROUP_GID) {
>+		set_effective_gid(SUPERGROUP_GID);
> 
>-		if (getegid() != 0) {
>+		if (getegid() != SUPERGROUP_GID) {
> 			DEBUG(0,
> 			      ("Warning: You appear to have a trapdoor "
> 			       "gid system\n"));
>@@ -369,7 +369,7 @@ void set_root_sec_ctx(void)
> {
> 	/* May need to worry about supplementary groups at some stage */
> 
>-	set_sec_ctx(0, 0, 0, NULL, NULL);
>+	set_sec_ctx(SUPERUSER_UID, SUPERGROUP_GID, 0, NULL, NULL);
> }
> 
> /****************************************************************************
>diff --git a/source3/smbd/service.c b/source3/smbd/service.c
>index b2d3d4d..7d05f70 100644
>--- a/source3/smbd/service.c
>+++ b/source3/smbd/service.c
>@@ -911,7 +911,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
> 
> 	TALLOC_FREE(smb_fname_cpath);
> 	/* We must exit this function as root. */
>-	if (geteuid() != 0) {
>+	if (geteuid() != SUPERUSER_UID) {
> 		change_to_root_user();
> 	}
> 	if (on_err_call_dis_hook) {
>@@ -1044,7 +1044,7 @@ connection_struct *make_connection(struct smbd_server_connection *sconn,
> 
> 	/* This must ONLY BE CALLED AS ROOT. As it exits this function as
> 	 * root. */
>-	if (!non_root_mode() && (euid = geteuid()) != 0) {
>+	if (!non_root_mode() && (euid = geteuid()) != SUPERUSER_UID) {
> 		DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot "
> 			 "(%u)\n", (unsigned int)euid ));
> 		smb_panic("make_connection: PANIC ERROR. Called as nonroot\n");
>diff --git a/source3/stf/comfychair.py b/source3/stf/comfychair.py
>index 247915d..81ed2bf 100644
>--- a/source3/stf/comfychair.py
>+++ b/source3/stf/comfychair.py
>@@ -115,6 +115,7 @@ why."""
>     def require_root(self):
>         """Skip this test unless run by root."""
>         import os
>+        # how to deal with non-0 SUPERUSER_UID here?
>         self.require(os.getuid() == 0,
>                      "must be root to run this test")
> 
>diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
>index d33c354..3a295c7 100644
>--- a/source3/utils/net_sam.c
>+++ b/source3/utils/net_sam.c
>@@ -2270,7 +2270,7 @@ int net_sam(struct net_context *c, int argc, const char **argv)
> 		{NULL, NULL, 0, NULL, NULL}
> 	};
> 
>-	if (getuid() != 0) {
>+	if (getuid() != SUPERUSER_UID) {
> 		d_fprintf(stderr, _("You are not root, most things won't "
> 			  "work\n"));
> 	}
>diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c
>index 382fe2f..7ce2c1c 100644
>--- a/source3/utils/net_usershare.c
>+++ b/source3/utils/net_usershare.c
>@@ -783,7 +783,7 @@ static int net_usershare_add(struct net_context *c, int argc, const char **argv)
> 	/* If we're not root, check if we're restricted to sharing out directories
> 	   that we own only. */
> 
>-	if ((myeuid != 0) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
>+	if ((myeuid != SUPERUSER_UID) && lp_usershare_owner_only() && (myeuid != sbuf.st_ex_uid)) {
> 		d_fprintf(stderr, _("net usershare add: cannot share path %s as "
> 			"we are restricted to only sharing directories we own.\n"
> 			"\tAsk the administrator to add the line \"usershare owner only = false\" \n"
>diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
>index 66c80da..88e863e 100644
>--- a/source3/utils/smbpasswd.c
>+++ b/source3/utils/smbpasswd.c
>@@ -98,7 +98,7 @@ static int process_options(int argc, char **argv, int local_flags)
> 		switch(ch) {
> 		case 'L':
> #if !defined(NSS_WRAPPER)
>-			if (getuid() != 0) {
>+			if (getuid() != SUPERUSER_UID) {
> 				fprintf(stderr, "smbpasswd -L can only be used by root.\n");
> 				exit(1);
> 			}
>@@ -580,7 +580,7 @@ int main(int argc, char **argv)
> 	set_auth_parameters(argc, argv);
> #endif /* HAVE_SET_AUTH_PARAMETERS */
> 
>-	if (getuid() == 0) {
>+	if (getuid() == SUPERUSER_UID) {
> 		local_flags = LOCAL_AM_ROOT;
> 	}
> 
>diff --git a/source3/web/cgi.c b/source3/web/cgi.c
>index b97ed25..b12af62 100644
>--- a/source3/web/cgi.c
>+++ b/source3/web/cgi.c
>@@ -329,7 +329,7 @@ static void cgi_web_auth(void)
> 
> 	C_user = SMB_STRDUP(user);
> 
>-	if (!samba_setuid(0)) {
>+	if (!samba_setuid(SUPERUSER_UID)) {
> 		C_pass = secrets_fetch_generic("root", "SWAT");
> 		if (C_pass == NULL) {
> 			char *tmp_pass = NULL;
>@@ -441,7 +441,7 @@ is this root?
>   ***************************************************************************/
> bool am_root(void)
> {
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 		return( True);
> 	} else {
> 		return( False);
>diff --git a/source3/web/startstop.c b/source3/web/startstop.c
>index ec8f802..02d36c7 100644
>--- a/source3/web/startstop.c
>+++ b/source3/web/startstop.c
>@@ -27,7 +27,7 @@ void start_smbd(void)
> {
> 	char *binfile = NULL;
> 
>-	if (geteuid() != 0) {
>+	if (geteuid() != SUPERUSER_UID) {
> 		 return;
> 	}
> 
>@@ -47,7 +47,7 @@ void start_nmbd(void)
> {
> 	char *binfile = NULL;
> 
>-	if (geteuid() != 0) {
>+	if (geteuid() != SUPERUSER_UID) {
> 		return;
> 	}
> 
>@@ -67,7 +67,7 @@ void start_winbindd(void)
> {
> 	char *binfile = NULL;
> 
>-	if (geteuid() != 0) {
>+	if (geteuid() != SUPERUSER_UID) {
> 		return;
> 	}
> 
>@@ -88,7 +88,7 @@ void stop_smbd(void)
> {
> 	pid_t pid = pidfile_pid(lp_piddir(), "smbd");
> 
>-	if (geteuid() != 0) return;
>+	if (geteuid() != SUPERUSER_UID) return;
> 
> 	if (pid <= 0) return;
> 
>@@ -100,7 +100,7 @@ void stop_nmbd(void)
> {
> 	pid_t pid = pidfile_pid(lp_piddir(), "nmbd");
> 
>-	if (geteuid() != 0) return;
>+	if (geteuid() != SUPERUSER_UID) return;
> 
> 	if (pid <= 0) return;
> 
>@@ -112,7 +112,7 @@ void stop_winbindd(void)
> {
> 	pid_t pid = pidfile_pid(lp_piddir(), "winbindd");
> 
>-	if (geteuid() != 0) return;
>+	if (geteuid() != SUPERUSER_UID) return;
> 
> 	if (pid <= 0) return;
> 
>@@ -122,7 +122,7 @@ void stop_winbindd(void)
> /* kill a specified process */
> void kill_pid(struct server_id pid)
> {
>-	if (geteuid() != 0) return;
>+	if (geteuid() != SUPERUSER_UID) return;
> 
> 	if (procid_to_pid(&pid) <= 0) return;
> 
>diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c
>index d257970..3af79f3 100644
>--- a/source3/web/statuspage.c
>+++ b/source3/web/statuspage.c
>@@ -217,7 +217,7 @@ static int traverse_fn2(const struct connections_key *key,
> 	       procid_str_static(&crec->pid),
> 	       crec->machine, crec->addr,
> 	       tstring(talloc_tos(),crec->start));
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 		printf("<td><input type=submit value=\"X\" name=\"kill_%s\"></td>\n",
> 		       procid_str_static(&crec->pid));
> 	}
>@@ -361,7 +361,7 @@ output_page:
> 
> 	fflush(stdout);
> 	printf("<tr><td>%s</td><td>%s</td>\n", _("smbd:"), smbd_running()?_("running"):_("not running"));
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 	    if (smbd_running()) {
> 		nr_running++;
> 		printf("<td><input type=submit name=\"smbd_stop\" value=\"%s\"></td>\n", _("Stop smbd"));
>@@ -374,7 +374,7 @@ output_page:
> 
> 	fflush(stdout);
> 	printf("<tr><td>%s</td><td>%s</td>\n", _("nmbd:"), nmbd_running()?_("running"):_("not running"));
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 	    if (nmbd_running()) {
> 		nr_running++;
> 		printf("<td><input type=submit name=\"nmbd_stop\" value=\"%s\"></td>\n", _("Stop nmbd"));
>@@ -388,7 +388,7 @@ output_page:
> #ifdef WITH_WINBIND
> 	fflush(stdout);
> 	printf("<tr><td>%s</td><td>%s</td>\n", _("winbindd:"), winbindd_running()?_("running"):_("not running"));
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 	    if (winbindd_running()) {
> 		nr_running++;
> 		printf("<td><input type=submit name=\"winbindd_stop\" value=\"%s\"></td>\n", _("Stop winbindd"));
>@@ -400,7 +400,7 @@ output_page:
> 	printf("</tr>\n");
> #endif
> 
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 	    printf("<tr><td></td><td></td>\n");
> 	    if (nr_running >= 1) {
> 	        /* stop, restart all */
>@@ -419,7 +419,7 @@ output_page:
> 	printf("<p><h3>%s</h3>\n", _("Active Connections"));
> 	printf("<table border=1>\n");
> 	printf("<tr><th>%s</th><th>%s</th><th>%s</th><th>%s</th>\n", _("PID"), _("Client"), _("IP address"), _("Date"));
>-	if (geteuid() == 0) {
>+	if (geteuid() == SUPERUSER_UID) {
> 		printf("<th>%s</th>\n", _("Kill"));
> 	}
> 	printf("</tr>\n");
>diff --git a/testsuite/smbd/sec_ctx_root.c b/testsuite/smbd/sec_ctx_root.c
>index 0969978..b9fd4de 100644
>--- a/testsuite/smbd/sec_ctx_root.c
>+++ b/testsuite/smbd/sec_ctx_root.c
>@@ -43,12 +43,12 @@ int main (int argc, char **argv)
> 
> 	getgroups(actual_ngroups, actual_groups);
> 
>-	if (geteuid() != 0 || getegid() != 0 || actual_ngroups != 0) {
>+	if (geteuid() != SUPERUSER_UID || getegid() != SUPERGROUP_GID || actual_ngroups != 0) {
> 		printf("FAIL: root id not set\n");
> 		return 1;
> 	}
> 
>-	if (current_user.uid != 0 || current_user.gid != 0 ||
>+	if (current_user.uid != SUPERUSER_UID || current_user.gid != SUPERGROUP_GID ||
> 	    current_user.ngroups != 0 || current_user.groups) {
> 		printf("FAIL: current_user not set correctly\n");
> 		return 1;
>diff --git a/testsuite/smbd/sec_ctx_stack.c b/testsuite/smbd/sec_ctx_stack.c
>index 98dd0e1..67446bd 100644
>--- a/testsuite/smbd/sec_ctx_stack.c
>+++ b/testsuite/smbd/sec_ctx_stack.c
>@@ -71,7 +71,7 @@ int main (int argc, char **argv)
> 				return 1;
> 			}
> 		} else {
>-			if ((geteuid() != 0) || (getegid() != 0)) {
>+			if ((geteuid() != SUPERUSER_UID) || (getegid() != SUPERGROUP_GID)) {
> 				printf("FAIL: incorrect context popped\n");
> 				return 1;
> 			}

Actions: View

Attachments on bug 7488: 5757 | 7899 | 7900