From 486fa4a134a79e0a25091efc749ccc131dc18f69 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 9 Sep 2013 16:28:18 +0200 Subject: [PATCH] libwbclient: Handle uid_wrapper for pipe access. Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher --- nsswitch/wb_common.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c index 23b78874c11..c1350aafd80 100644 --- a/nsswitch/wb_common.c +++ b/nsswitch/wb_common.c @@ -168,6 +168,35 @@ static int make_safe_fd(int fd) return new_fd; } +/** + * @internal + * + * @brief Check if we have priviliged access. + * + * This checks if we have uid_wrapper running and if yes turns it of so that we + * can check if we have access. + * + * @param[in] uid The uid to compare if we have access. + * + * @return If we have access it returns true, else false. + */ +static bool winbind_privileged_access(uid_t uid) +{ + uid_t euid; + + if (uid_wrapper_enabled()) { + setenv("UID_WRAPPER_MYUID", "1", 1); + } + + euid = geteuid(); + + if (uid_wrapper_enabled()) { + unsetenv("UID_WRAPPER_MYUID"); + } + + return (uid == euid); +} + /* Connect to winbindd socket */ static int winbind_named_pipe_sock(const char *dir) @@ -186,8 +215,9 @@ static int winbind_named_pipe_sock(const char *dir) return -1; } + /* This tells uid_wrapper to return the userid for the geteuid check */ if (!S_ISDIR(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { + !winbind_privileged_access(st.st_uid)) { errno = ENOENT; return -1; } @@ -215,8 +245,9 @@ static int winbind_named_pipe_sock(const char *dir) SAFE_FREE(path); /* Check permissions on unix socket file */ + /* This tells uid_wrapper to return the userid for the geteuid check */ if (!S_ISSOCK(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { + !winbind_privileged_access(st.st_uid)) { errno = ENOENT; return -1; } -- 2.11.4.GIT