関数 | |
| static int | setup_out_fd (void) |
| static int | smbrun_internal (const char *cmd, int *outfd, BOOL sanitize) |
| int | smbrun_no_sanitize (const char *cmd, int *outfd) |
| int | smbrun (const char *cmd, int *outfd) |
| int | smbrunsecret (const char *cmd, const char *secret) |
変数 | |
| current_user | current_user |
| static int setup_out_fd | ( | void | ) | [static] |
参照先 errno・fd・smb_mkstemp()・strerror()・tmpdir().
参照元 smbrun_internal().
00031 { 00032 int fd; 00033 pstring path; 00034 00035 slprintf(path, sizeof(path)-1, "%s/smb.XXXXXX", tmpdir()); 00036 00037 /* now create the file */ 00038 fd = smb_mkstemp(path); 00039 00040 if (fd == -1) { 00041 DEBUG(0,("setup_out_fd: Failed to create file %s. (%s)\n", 00042 path, strerror(errno) )); 00043 return -1; 00044 } 00045 00046 DEBUG(10,("setup_out_fd: Created tmp file %s\n", path )); 00047 00048 /* Ensure file only kept around by open fd. */ 00049 unlink(path); 00050 return fd; 00051 }
| static int smbrun_internal | ( | const char * | cmd, | |
| int * | outfd, | |||
| BOOL | sanitize | |||
| ) | [static] |
参照先 become_user_permanently()・CatchChild()・CatchChildLeaveStatus()・current_user・DMAPI_ACCESS_CAPABILITY・drop_effective_capability()・errno・escape_shell_string()・fd・_unix_token::gid・KERNEL_OPLOCK_CAPABILITY・setup_out_fd()・status・strerror()・sys_dup2()・sys_fork()・sys_lseek()・sys_waitpid()・_unix_token::uid・current_user::ut.
参照元 smbrun()・smbrun_no_sanitize().
00059 { 00060 pid_t pid; 00061 uid_t uid = current_user.ut.uid; 00062 gid_t gid = current_user.ut.gid; 00063 00064 /* 00065 * Lose any elevated privileges. 00066 */ 00067 drop_effective_capability(KERNEL_OPLOCK_CAPABILITY); 00068 drop_effective_capability(DMAPI_ACCESS_CAPABILITY); 00069 00070 /* point our stdout at the file we want output to go into */ 00071 00072 if (outfd && ((*outfd = setup_out_fd()) == -1)) { 00073 return -1; 00074 } 00075 00076 /* in this method we will exec /bin/sh with the correct 00077 arguments, after first setting stdout to point at the file */ 00078 00079 /* 00080 * We need to temporarily stop CatchChild from eating 00081 * SIGCLD signals as it also eats the exit status code. JRA. 00082 */ 00083 00084 CatchChildLeaveStatus(); 00085 00086 if ((pid=sys_fork()) < 0) { 00087 DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) )); 00088 CatchChild(); 00089 if (outfd) { 00090 close(*outfd); 00091 *outfd = -1; 00092 } 00093 return errno; 00094 } 00095 00096 if (pid) { 00097 /* 00098 * Parent. 00099 */ 00100 int status=0; 00101 pid_t wpid; 00102 00103 00104 /* the parent just waits for the child to exit */ 00105 while((wpid = sys_waitpid(pid,&status,0)) < 0) { 00106 if(errno == EINTR) { 00107 errno = 0; 00108 continue; 00109 } 00110 break; 00111 } 00112 00113 CatchChild(); 00114 00115 if (wpid != pid) { 00116 DEBUG(2,("waitpid(%d) : %s\n",(int)pid,strerror(errno))); 00117 if (outfd) { 00118 close(*outfd); 00119 *outfd = -1; 00120 } 00121 return -1; 00122 } 00123 00124 /* Reset the seek pointer. */ 00125 if (outfd) { 00126 sys_lseek(*outfd, 0, SEEK_SET); 00127 } 00128 00129 #if defined(WIFEXITED) && defined(WEXITSTATUS) 00130 if (WIFEXITED(status)) { 00131 return WEXITSTATUS(status); 00132 } 00133 #endif 00134 00135 return status; 00136 } 00137 00138 CatchChild(); 00139 00140 /* we are in the child. we exec /bin/sh to do the work for us. we 00141 don't directly exec the command we want because it may be a 00142 pipeline or anything else the config file specifies */ 00143 00144 /* point our stdout at the file we want output to go into */ 00145 if (outfd) { 00146 close(1); 00147 if (sys_dup2(*outfd,1) != 1) { 00148 DEBUG(2,("Failed to create stdout file descriptor\n")); 00149 close(*outfd); 00150 exit(80); 00151 } 00152 } 00153 00154 /* now completely lose our privileges. This is a fairly paranoid 00155 way of doing it, but it does work on all systems that I know of */ 00156 00157 become_user_permanently(uid, gid); 00158 00159 if (getuid() != uid || geteuid() != uid || 00160 getgid() != gid || getegid() != gid) { 00161 /* we failed to lose our privileges - do not execute 00162 the command */ 00163 exit(81); /* we can't print stuff at this stage, 00164 instead use exit codes for debugging */ 00165 } 00166 00167 #ifndef __INSURE__ 00168 /* close all other file descriptors, leaving only 0, 1 and 2. 0 and 00169 2 point to /dev/null from the startup code */ 00170 { 00171 int fd; 00172 for (fd=3;fd<256;fd++) close(fd); 00173 } 00174 #endif 00175 00176 { 00177 const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd; 00178 if (!newcmd) { 00179 exit(82); 00180 } 00181 execl("/bin/sh","sh","-c",newcmd,NULL); 00182 } 00183 00184 /* not reached */ 00185 exit(83); 00186 return 1; 00187 }
| int smbrun_no_sanitize | ( | const char * | cmd, | |
| int * | outfd | |||
| ) |
参照先 smbrun_internal().
参照元 print_run_command().
00194 { 00195 return smbrun_internal(cmd, outfd, False); 00196 }
| int smbrun | ( | const char * | cmd, | |
| int * | outfd | |||
| ) |
参照先 smbrun_internal().
参照元 _reg_abort_shutdown()・_reg_shutdown_ex()・_srv_net_share_add()・_srv_net_share_del()・_srv_net_share_set_info()・add_port_hook()・add_printer_hook()・api_RNetShareAdd()・check_magic()・close_cnum()・delete_printer_hook()・enumports_hook()・fetch_account_info()・ldapsam_rename_sam_account()・log_nt_token()・map_username()・msg_deliver()・pdb_default_create_user()・rcinit_start()・rcinit_status()・rcinit_stop()・smb_add_user_group()・smb_create_group()・smb_create_user()・smb_delete_group()・smb_delete_user()・smb_delete_user_group()・smb_set_primary_group()・tdbsam_rename_sam_account()・wins_hook().
00203 { 00204 return smbrun_internal(cmd, outfd, True); 00205 }
| int smbrunsecret | ( | const char * | cmd, | |
| const char * | secret | |||
| ) |
参照先 become_user_permanently()・CatchChild()・CatchChildLeaveStatus()・current_user・DMAPI_ACCESS_CAPABILITY・drop_effective_capability()・errno・fd・_unix_token::gid・KERNEL_OPLOCK_CAPABILITY・status・strerror()・sys_dup2()・sys_fork()・sys_waitpid()・_unix_token::uid・current_user::ut.
参照元 change_oem_password()・script_check_user_credentials().
00214 { 00215 pid_t pid; 00216 uid_t uid = current_user.ut.uid; 00217 gid_t gid = current_user.ut.gid; 00218 int ifd[2]; 00219 00220 /* 00221 * Lose any elevated privileges. 00222 */ 00223 drop_effective_capability(KERNEL_OPLOCK_CAPABILITY); 00224 drop_effective_capability(DMAPI_ACCESS_CAPABILITY); 00225 00226 /* build up an input pipe */ 00227 if(pipe(ifd)) { 00228 return -1; 00229 } 00230 00231 /* in this method we will exec /bin/sh with the correct 00232 arguments, after first setting stdout to point at the file */ 00233 00234 /* 00235 * We need to temporarily stop CatchChild from eating 00236 * SIGCLD signals as it also eats the exit status code. JRA. 00237 */ 00238 00239 CatchChildLeaveStatus(); 00240 00241 if ((pid=sys_fork()) < 0) { 00242 DEBUG(0, ("smbrunsecret: fork failed with error %s\n", strerror(errno))); 00243 CatchChild(); 00244 return errno; 00245 } 00246 00247 if (pid) { 00248 /* 00249 * Parent. 00250 */ 00251 int status = 0; 00252 pid_t wpid; 00253 size_t towrite; 00254 ssize_t wrote; 00255 00256 close(ifd[0]); 00257 /* send the secret */ 00258 towrite = strlen(secret); 00259 wrote = write(ifd[1], secret, towrite); 00260 if ( wrote != towrite ) { 00261 DEBUG(0,("smbrunsecret: wrote %ld of %lu bytes\n",(long)wrote,(unsigned long)towrite)); 00262 } 00263 fsync(ifd[1]); 00264 close(ifd[1]); 00265 00266 /* the parent just waits for the child to exit */ 00267 while((wpid = sys_waitpid(pid, &status, 0)) < 0) { 00268 if(errno == EINTR) { 00269 errno = 0; 00270 continue; 00271 } 00272 break; 00273 } 00274 00275 CatchChild(); 00276 00277 if (wpid != pid) { 00278 DEBUG(2, ("waitpid(%d) : %s\n", (int)pid, strerror(errno))); 00279 return -1; 00280 } 00281 00282 #if defined(WIFEXITED) && defined(WEXITSTATUS) 00283 if (WIFEXITED(status)) { 00284 return WEXITSTATUS(status); 00285 } 00286 #endif 00287 00288 return status; 00289 } 00290 00291 CatchChild(); 00292 00293 /* we are in the child. we exec /bin/sh to do the work for us. we 00294 don't directly exec the command we want because it may be a 00295 pipeline or anything else the config file specifies */ 00296 00297 close(ifd[1]); 00298 close(0); 00299 if (sys_dup2(ifd[0], 0) != 0) { 00300 DEBUG(2,("Failed to create stdin file descriptor\n")); 00301 close(ifd[0]); 00302 exit(80); 00303 } 00304 00305 /* now completely lose our privileges. This is a fairly paranoid 00306 way of doing it, but it does work on all systems that I know of */ 00307 00308 become_user_permanently(uid, gid); 00309 00310 if (getuid() != uid || geteuid() != uid || 00311 getgid() != gid || getegid() != gid) { 00312 /* we failed to lose our privileges - do not execute 00313 the command */ 00314 exit(81); /* we can't print stuff at this stage, 00315 instead use exit codes for debugging */ 00316 } 00317 00318 #ifndef __INSURE__ 00319 /* close all other file descriptors, leaving only 0, 1 and 2. 0 and 00320 2 point to /dev/null from the startup code */ 00321 { 00322 int fd; 00323 for (fd = 3; fd < 256; fd++) close(fd); 00324 } 00325 #endif 00326 00327 execl("/bin/sh", "sh", "-c", cmd, NULL); 00328 00329 /* not reached */ 00330 exit(82); 00331 return 1; 00332 }
| struct current_user current_user |
参照元 afs_login()・api_RDosPrintJobDel()・api_WPrintQueueCtrl()・call_nt_transact_get_user_quota()・call_nt_transact_set_user_quota()・call_trans2qfsinfo()・call_trans2setfsinfo()・can_access_file()・can_access_file_acl()・can_delete_file_in_directory()・change_to_guest()・change_to_root_user()・change_to_user()・close_directory()・close_remove_share_mode()・current_user_in_group()・fake_perms_fstat()・fake_perms_stat()・fcb_or_dos_open()・get_current_user()・get_current_user_gid_first()・get_current_user_gid_next()・init_sec_ctx()・open_directory()・open_fake_file()・open_file()・open_file_ntcreate()・open_file_stat()・pop_conn_ctx()・pop_sec_ctx()・print_access_check()・print_fsp_open()・print_queue_update()・print_run_command()・push_conn_ctx()・reply_close()・set_sec_ctx()・smb_set_file_disposition_info()・smb_set_nt_acl_nfs4()・smbrun_internal()・smbrunsecret()・try_chown()・uid_entry_in_group()・unpack_nt_owners()・user_can_read_file()・user_can_write_file().
1.4.7