Attachment 7900 Details for Bug 7488 – SUPERUSER/SUPERGROUP patch #2

[patch] SUPERUSER/SUPERGROUP patch #2

samba-git-bug7488#2.diff (text/plain), 4.87 KB, created by Joachim Schmitz (mail address dead) on 2012-09-18 08:44:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Joachim Schmitz (mail address dead)

Created: 2012-09-18 08:44:05 UTC

Size: 4.87 KB

patch

obsolete

>diff --git a/lib/util/debug.c b/lib/util/debug.c
>index 15a2452b..da6e098 100644
>--- a/lib/util/debug.c
>+++ b/lib/util/debug.c
>@@ -672,7 +672,7 @@ void check_log_size( void )
> #if _SAMBA_BUILD_ == 3
> 	if (geteuid() != sec_initial_uid())
> #else
>-	if( geteuid() != 0)
>+	if( geteuid() != SUPERUSER_UID)
> #endif
> 	{
> 		/* We don't check sec_initial_uid() here as it isn't
>diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
>index 60acd3c..13e864a 100644
>--- a/source3/pam_smbpass/pam_smb_acct.c
>+++ b/source3/pam_smbpass/pam_smb_acct.c
>@@ -74,7 +74,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
> 		_log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name );
> 	}
> 
>-	if (geteuid() != 0) {
>+	if (geteuid() != SUPERUSER_UID) {
> 		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
> 		return PAM_AUTHINFO_UNAVAIL;
> 	}
>diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
>index 4270bcc..6ddf588 100644
>--- a/source3/pam_smbpass/pam_smb_auth.c
>+++ b/source3/pam_smbpass/pam_smb_auth.c
>@@ -105,7 +105,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
> 		_log_err(pamh, LOG_DEBUG, "username [%s] obtained", name );
> 	}
> 
>-	if (geteuid() != 0) {
>+	if (geteuid() != SUPERUSER_UID) {
> 		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
> 		retval = PAM_AUTHINFO_UNAVAIL;
> 		AUTH_RETURN;
>diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
>index 0a7e32a..8a6b1b2 100644
>--- a/source3/pam_smbpass/pam_smb_passwd.c
>+++ b/source3/pam_smbpass/pam_smb_passwd.c
>@@ -125,7 +125,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
>         _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
>     }
> 
>-    if (geteuid() != 0) {
>+    if (geteuid() != SUPERUSER_UID) {
> 	_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
> 	return PAM_AUTHINFO_UNAVAIL;
>     }
>diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
>index c64b63a..fbff6c7 100644
>--- a/source3/smbd/quotas.c
>+++ b/source3/smbd/quotas.c
>@@ -600,7 +600,7 @@ bool disk_quotas_vxfs(const char *name, char *path, uint64_t *bsize, uint64_t *d
>   /* pstrcat(qfname, "/quotas") ; */	/* possibly examine and adjust "name" */
> 
>   euser_id = geteuid();
>-  set_effective_uid(0);
>+  set_effective_uid(SUPERUSER_UID);
> 
>   DEBUG(5,("disk_quotas: looking for VxFS quotas file \"%s\"\n", qfname));
>   if((file=open(qfname, O_RDONLY,0))<0) {
>diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
>index fe99ee2..3f36d60 100644
>--- a/source3/smbd/vfs.c
>+++ b/source3/smbd/vfs.c
>@@ -1893,7 +1893,7 @@ NTSTATUS vfs_chown_fsp(files_struct *fsp, uid_t uid, gid_t gid)
> 		}
> 	}
> 
>-	as_root = (geteuid() == 0);
>+	as_root = (geteuid() == SUPERUSER_UID);
> 
> 	if (as_root) {
> 		/*
>diff --git a/source3/torture/wbc_async.c b/source3/torture/wbc_async.c
>index 9252b58..f49d94d 100644
>--- a/source3/torture/wbc_async.c
>+++ b/source3/torture/wbc_async.c
>@@ -252,7 +252,7 @@ static struct tevent_req *wb_connect_send(TALLOC_CTX *mem_ctx,
> 	}
> 
> 	if (!S_ISDIR(st.st_mode) ||
>-	    (st.st_uid != 0 && st.st_uid != geteuid())) {
>+	    (st.st_uid != SUPERUSER_UID && st.st_uid != geteuid())) {
> 		wbc_err = WBC_ERR_WINBIND_NOT_AVAILABLE;
> 		goto post_status;
> 	}
>@@ -275,7 +275,7 @@ static struct tevent_req *wb_connect_send(TALLOC_CTX *mem_ctx,
> 
> 	if ((lstat(sunaddr.sun_path, &st) == -1)
> 	    || !S_ISSOCK(st.st_mode)
>-	    || (st.st_uid != 0 && st.st_uid != geteuid())) {
>+	    || (st.st_uid != SUPERUSER_UID && st.st_uid != geteuid())) {
> 		wbc_err = WBC_ERR_WINBIND_NOT_AVAILABLE;
> 		goto post_status;
> 	}
>diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
>index 99bf1b4..1ba9aff 100644
>--- a/source4/heimdal/lib/krb5/context.c
>+++ b/source4/heimdal/lib/krb5/context.c
>@@ -1464,7 +1464,7 @@ _krb5_homedir_access(krb5_context context)
> 
> #ifdef HAVE_GETEUID
>     /* is never allowed for root */
>-    if (geteuid() == 0)
>+    if (geteuid() == SUPERUSER_UID)
> 	return FALSE;
> #endif
> 
>diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c
>index b6da790..6b05637 100644
>--- a/source4/ntvfs/unixuid/vfs_unixuid.c
>+++ b/source4/ntvfs/unixuid/vfs_unixuid.c
>@@ -74,7 +74,7 @@ static struct security_unix_token *save_unix_security(TALLOC_CTX *mem_ctx)
> */
> static NTSTATUS set_unix_security(struct security_unix_token *sec)
> {
>-	samba_seteuid(0);
>+	samba_seteuid(SUPERUSER_UID);
> 
> 	if (samba_setgroups(sec->ngroups, sec->groups) != 0) {
> 		return NT_STATUS_ACCESS_DENIED;
>@@ -116,7 +116,7 @@ static int unixuid_event_nesting_hook(struct tevent_context *ev,
> 			return -1;
> 		}
> 		*(struct security_unix_token **)stack_ptr = sec_ctx;
>-		if (samba_seteuid(0) != 0 || samba_setegid(0) != 0) {
>+		if (samba_seteuid(SUPERUSER_UID) != 0 || samba_setegid(SUPERGROUP_GID) != 0) {
> 			DEBUG(0,("%s: Failed to change to root\n", location));
> 			return -1;			
> 		}

Actions: View

Attachments on bug 7488: 5757 | 7899 | 7900