summaryrefslogtreecommitdiff
path: root/lib/uid_wrapper
AgeCommit message (Collapse)AuthorFilesLines
2017-11-25build: Move uid_wrapper to third_partyAndreas Schneider2-2513/+0
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-08-03lib: Fix integer overflowed argument issue with strtoul()Andreas Schneider1-1/+15
This fixes CID 1415704 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Aug 3 15:06:34 CEST 2017 on sn-devel-144
2017-07-31lib: Fix 1415704 CID Integer overflowed argumentVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2017-07-25uwrap: Update to version 1.2.4Andreas Schneider2-39/+266
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-07uid_wrapper: use conf.blddir to construct libnss_wrapper_so_pathStefan Metzmacher1-2/+2
conf.blddir might not the the same as conf.srcdir + '/bin'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2016-03-22lib: Update uid_wrapper to version 1.2.1Andreas Schneider2-2/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-11-05uwrap: Bump version to 1.2.0Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Nov 5 12:30:02 CET 2015 on sn-devel-104
2015-11-05uwrap: Fix build warning with release buildAndreas Schneider1-0/+8
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Add the EINVAL check to setegid()Andreas Schneider1-0/+6
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Allow setgid calls only for privileged usersAndreas Schneider1-2/+57
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Allow setregid calls only for privileged usersAndreas Schneider1-2/+85
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Allow setresgid calls only for privileged usersAndreas Schneider1-55/+107
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Move the EINVAL check down in seteuid()Andreas Schneider1-4/+5
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Allow setuid calls only for privileged usersAndreas Schneider1-2/+57
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Allow setreuid calls only for privileged usersAndreas Schneider1-7/+84
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Allow setresuid calls only for privileged usersAndreas Schneider1-33/+89
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Fix a possible null pointer dereferenceAndreas Schneider1-0/+16
If uid_wrapper is loaded but not enabled (UID_WRAPPER environment variable not set), then we dereference a NULL pointer while forking. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Improve debug outputAndreas Schneider1-15/+15
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-11-05uwrap: Fix debug line in uwrap_init()Andreas Schneider1-2/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-10-16build: Build *_wrapper without -DNDEBUG for in-tree useAndrew Bartlett1-1/+0
These binaires are not installed, so are only used in make test, and there we need debug output. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Oct 16 16:36:22 CEST 2015 on sn-devel-104
2015-10-09build: Move __attribute__ ((destructor)) and ((constructor)) tests to wafsambaAndrew Bartlett1-34/+0
This allows us to use them in talloc as well. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-21uwrap: Bump version to 1.1.1Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Aug 21 17:48:45 CEST 2015 on sn-devel-104
2015-08-21uwrap: Removed double newlineAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-21uwrap: Fix build if getres(uid|gid) are not available.Andreas Schneider1-4/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2015-08-14waf: Check for Linux has 32-bit credential callsAndreas Schneider1-1/+37
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 14 18:04:53 CEST 2015 on sn-devel-104
2015-01-28uwrap: Bump version to 1.1.0.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 28 19:44:39 CET 2015 on sn-devel-104
2015-01-28uwrap: Make sure we leave if the id is NULL.Andreas Schneider1-0/+1
CID #97616 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Support scenario where threads fork or creates threads.Robin Hack1-221/+177
When fork() is called here there is no need to disable uwrap as a whole. This change disables only uwrap for the thread which called fork(). uwrap catches calls of pthread_create() and pthread_exit() functions from libpthread library now. Pair-Programmed-With: Andreas Schneider <asn@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Robin Hack <hack.robin@gmail.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Prepare for overload of libpthread functions.Robin Hack1-19/+140
uwrap_bind_symbol are now renamed to uwrap_bind_symbol_libc and simlilar uwrap_bind_symbol_libpthread are introduced. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL macrosRobin Hack1-8/+14
Introduce UWRAP_LOCK_ALL and UWRAP_UNLOCK_ALL which make locking easier. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Rewrite uwrap_libc_fns struct to pass strict aliasing rules.Robin Hack1-59/+116
Also rename struct uwrap_libc_fns fns to uwrap_libc_symbols and uwrap_load_lib_function to uwrap_bind_symbol (same for _uwrap_load_... variant. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Fix wrong data types in syscalls switch.Robin Hack1-12/+12
Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Add support for getresuid() and getresgid() glibc/syscall.Robin Hack2-0/+111
Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Extend support for (set|get)groups libc functions and syscalls.Robin Hack1-11/+82
Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Extend support for syscalls called from threads or main process.Robin Hack1-0/+36
We need to distinguish if the syscall is called from main process or from a thread. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Small uwrap_init optimalization.Robin Hack1-2/+2
Don't call libc_getuid/getgid function twice. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Add support for running with address sanitizer.Andreas Schneider2-0/+27
The address sanitzer will complain about our hack with variable function attributes. This disables the checking of it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Reflect changes of uid/gid in threads to main process.Robin Hack1-7/+50
When thread changes uid/gid this change must be reflected to main process. Syscalls changes only uid/gid of thread. Call of libc functions changes also uid/gid of main process. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Small optimalization of uwrap_init().Robin Hack1-1/+2
Don't call getenv("UID_WRAPPER") on start of uwrap_init(). Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Optimalization of uid_wrapper_enabled() function.Robin Hack2-4/+42
Check only bool variable inside uwrap structure instead of calling whole uid_init(). In the best case only one mutex lock is need when check. NOTES: * This patch uses __atomic_load gcc builtin function. * uid_init() were moved outside uid_wrapper_enabled() function. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uid_wrapper: Fix race condition - uwrap_init.Robin Hack1-5/+2
Patch moves uwrap_id_mutex before if (uwrap.initialised) statement which can be passed by concurrent threads. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Fix race condition - glibc lookups.Robin Hack1-3/+14
Patch adds libc_symbol_binding_mutex which guards global table of libc functions and their lookup. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Add library constructor and move pthread_atfork inside.Robin Hack2-9/+39
Library constructor is used for pthread_atfork call. Moved here because pthread_atfork is cumulative and should be called only once. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Use UWRAP_LOCK/UNLOCK macros instead of pthread_mutex_lock/unlock calls.Robin Hack1-31/+40
New macros UWRAP_LOCK/UNLOCK has been created and all calls to pthread_mutex_lock/unlock has been replaced by these macros. Signed-off-by: Robin Hack <hack.robin@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-01-28uwrap: Fix the handle loop for older gcc versions.Andreas Schneider1-1/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2014-10-06lib: uid_wrapper: Fix setgroups and syscall detection on a system without ↵Jeremy Allison1-0/+7
native uid_wrapper library. Originally from youzhong@gmail.com. https://bugzilla.samba.org/show_bug.cgi?id=10851 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-07-31uwrap: Support dropping all supplemetary groups with setgroups()Jakub Hrozek1-2/+12
Dropping all supplementary groups is a common practice when changing UIDs. This patch adds support for dropping all supplementary groups when setgroups is called with size=0. Signed-off-by: Jakub Hrozek <jakub.hrozek@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2014-07-31uwrap: Add logging if uwrap is enabled correctly.Andreas Schneider1-0/+8
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2014-07-31uwrap: Log error if we are out of memory.Andreas Schneider1-0/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2014-07-31uwrap: Add a better logging function.Andreas Schneider1-8/+67
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 13:42:04 +0000