Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Samba system utilities
4 : Copyright (C) Andrew Tridgell 1992-1998
5 : Copyright (C) Jeremy Allison 1998-2005
6 : Copyright (C) Timur Bakeyev 2005
7 : Copyright (C) Bjoern Jacke 2006-2007
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "system/syslog.h"
25 : #include "system/capability.h"
26 : #include "system/passwd.h"
27 : #include "system/filesys.h"
28 : #include "lib/util/setid.h"
29 : #include "lib/util/time.h"
30 :
31 : #ifdef HAVE_SYS_SYSCTL_H
32 : #include <sys/sysctl.h>
33 : #endif
34 :
35 : #ifdef HAVE_SYS_PRCTL_H
36 : #include <sys/prctl.h>
37 : #endif
38 :
39 : /*
40 : The idea is that this file will eventually have wrappers around all
41 : important system calls in samba. The aims are:
42 :
43 : - to enable easier porting by putting OS dependent stuff in here
44 :
45 : - to allow for hooks into other "pseudo-filesystems"
46 :
47 : - to allow easier integration of things like the japanese extensions
48 :
49 : - to support the philosophy of Samba to expose the features of
50 : the OS within the SMB model. In general whatever file/printer/variable
51 : expansions/etc make sense to the OS should be acceptable to Samba.
52 : */
53 :
54 : /*******************************************************************
55 : A send wrapper that will deal with EINTR or EAGAIN or EWOULDBLOCK.
56 : ********************************************************************/
57 :
58 0 : ssize_t sys_send(int s, const void *msg, size_t len, int flags)
59 : {
60 0 : ssize_t ret;
61 :
62 0 : do {
63 0 : ret = send(s, msg, len, flags);
64 0 : } while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
65 :
66 0 : return ret;
67 : }
68 :
69 : /*******************************************************************
70 : A recvfrom wrapper that will deal with EINTR.
71 : NB. As used with non-blocking sockets, return on EAGAIN/EWOULDBLOCK
72 : ********************************************************************/
73 :
74 10797 : ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
75 : {
76 0 : ssize_t ret;
77 :
78 0 : do {
79 10797 : ret = recvfrom(s, buf, len, flags, from, fromlen);
80 10797 : } while (ret == -1 && (errno == EINTR));
81 10797 : return ret;
82 : }
83 :
84 : /*******************************************************************
85 : A fcntl wrapper that will deal with EINTR.
86 : ********************************************************************/
87 :
88 205679 : int sys_fcntl_ptr(int fd, int cmd, void *arg)
89 : {
90 113 : int ret;
91 :
92 113 : do {
93 205679 : ret = fcntl(fd, cmd, arg);
94 205679 : } while (ret == -1 && errno == EINTR);
95 205679 : return ret;
96 : }
97 :
98 : /*******************************************************************
99 : A fcntl wrapper that will deal with EINTR.
100 : ********************************************************************/
101 :
102 0 : int sys_fcntl_long(int fd, int cmd, long arg)
103 : {
104 0 : int ret;
105 :
106 0 : do {
107 0 : ret = fcntl(fd, cmd, arg);
108 0 : } while (ret == -1 && errno == EINTR);
109 0 : return ret;
110 : }
111 :
112 : /*******************************************************************
113 : A fcntl wrapper that will deal with EINTR.
114 : ********************************************************************/
115 :
116 382750 : int sys_fcntl_int(int fd, int cmd, int arg)
117 : {
118 898 : int ret;
119 :
120 898 : do {
121 382750 : ret = fcntl(fd, cmd, arg);
122 382750 : } while (ret == -1 && errno == EINTR);
123 382750 : return ret;
124 : }
125 :
126 : /****************************************************************************
127 : Return the best approximation to a 'create time' under UNIX from a stat
128 : structure.
129 : ****************************************************************************/
130 :
131 39537889 : static struct timespec calc_create_time_stat(const struct stat *st)
132 : {
133 135549 : struct timespec ret, ret1;
134 39537889 : struct timespec c_time = get_ctimespec(st);
135 39537889 : struct timespec m_time = get_mtimespec(st);
136 39537889 : struct timespec a_time = get_atimespec(st);
137 :
138 39537889 : ret = timespec_compare(&c_time, &m_time) < 0 ? c_time : m_time;
139 39537889 : ret1 = timespec_compare(&ret, &a_time) < 0 ? ret : a_time;
140 :
141 39537889 : if(!null_timespec(ret1)) {
142 39536013 : return ret1;
143 : }
144 :
145 : /*
146 : * One of ctime, mtime or atime was zero (probably atime).
147 : * Just return MIN(ctime, mtime).
148 : */
149 1876 : return ret;
150 : }
151 :
152 : /****************************************************************************
153 : Return the best approximation to a 'create time' under UNIX from a stat_ex
154 : structure.
155 : ****************************************************************************/
156 :
157 23176 : static struct timespec calc_create_time_stat_ex(const struct stat_ex *st)
158 : {
159 5 : struct timespec ret, ret1;
160 23176 : struct timespec c_time = st->st_ex_ctime;
161 23176 : struct timespec m_time = st->st_ex_mtime;
162 23176 : struct timespec a_time = st->st_ex_atime;
163 :
164 23176 : ret = timespec_compare(&c_time, &m_time) < 0 ? c_time : m_time;
165 23176 : ret1 = timespec_compare(&ret, &a_time) < 0 ? ret : a_time;
166 :
167 23176 : if(!null_timespec(ret1)) {
168 23118 : return ret1;
169 : }
170 :
171 : /*
172 : * One of ctime, mtime or atime was zero (probably atime).
173 : * Just return MIN(ctime, mtime).
174 : */
175 58 : return ret;
176 : }
177 :
178 : /****************************************************************************
179 : Return the 'create time' from a stat struct if it exists (birthtime) or else
180 : use the best approximation.
181 : ****************************************************************************/
182 :
183 39537453 : static void make_create_timespec(const struct stat *pst, struct stat_ex *dst,
184 : bool fake_dir_create_times)
185 : {
186 39537453 : if (S_ISDIR(pst->st_mode) && fake_dir_create_times) {
187 502 : dst->st_ex_btime.tv_sec = 315493200L; /* 1/1/1980 */
188 502 : dst->st_ex_btime.tv_nsec = 0;
189 502 : return;
190 : }
191 :
192 39536951 : dst->st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_BTIME;
193 :
194 : #if defined(HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC)
195 : dst->st_ex_btime = pst->st_birthtimespec;
196 : #elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC)
197 : dst->st_ex_btime.tv_sec = pst->st_birthtime;
198 : dst->st_ex_btime.tv_nsec = pst->st_birthtimenspec;
199 : #elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIME)
200 : dst->st_ex_btime.tv_sec = pst->st_birthtime;
201 : dst->st_ex_btime.tv_nsec = 0;
202 : #else
203 39536951 : dst->st_ex_btime = calc_create_time_stat(pst);
204 39536951 : dst->st_ex_iflags |= ST_EX_IFLAG_CALCULATED_BTIME;
205 : #endif
206 :
207 : /* Deal with systems that don't initialize birthtime correctly.
208 : * Pointed out by SATOH Fumiyasu <fumiyas@osstech.jp>.
209 : */
210 39536951 : if (null_timespec(dst->st_ex_btime)) {
211 938 : dst->st_ex_btime = calc_create_time_stat(pst);
212 938 : dst->st_ex_iflags |= ST_EX_IFLAG_CALCULATED_BTIME;
213 : }
214 : }
215 :
216 : /****************************************************************************
217 : If we update a timestamp in a stat_ex struct we may have to recalculate
218 : the birthtime. For now only implement this for write time, but we may
219 : also need to do it for atime and ctime. JRA.
220 : ****************************************************************************/
221 :
222 374738 : void update_stat_ex_mtime(struct stat_ex *dst,
223 : struct timespec write_ts)
224 : {
225 374738 : dst->st_ex_mtime = write_ts;
226 :
227 : /* We may have to recalculate btime. */
228 374738 : if (dst->st_ex_iflags & ST_EX_IFLAG_CALCULATED_BTIME) {
229 23176 : dst->st_ex_btime = calc_create_time_stat_ex(dst);
230 : }
231 374738 : }
232 :
233 2493750 : void update_stat_ex_create_time(struct stat_ex *dst,
234 : struct timespec create_time)
235 : {
236 2493750 : dst->st_ex_btime = create_time;
237 2493750 : dst->st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_BTIME;
238 2493750 : }
239 :
240 3461122 : void update_stat_ex_from_saved_stat(struct stat_ex *dst,
241 : const struct stat_ex *src)
242 : {
243 3461122 : if (!VALID_STAT(*src)) {
244 510990 : return;
245 : }
246 :
247 2941112 : if (!(src->st_ex_iflags & ST_EX_IFLAG_CALCULATED_BTIME)) {
248 973951 : update_stat_ex_create_time(dst, src->st_ex_btime);
249 : }
250 : }
251 :
252 39537453 : void init_stat_ex_from_stat (struct stat_ex *dst,
253 : const struct stat *src,
254 : bool fake_dir_create_times)
255 : {
256 39537453 : dst->st_ex_dev = src->st_dev;
257 39537453 : dst->st_ex_ino = src->st_ino;
258 39537453 : dst->st_ex_mode = src->st_mode;
259 39537453 : dst->st_ex_nlink = src->st_nlink;
260 39537453 : dst->st_ex_uid = src->st_uid;
261 39537453 : dst->st_ex_gid = src->st_gid;
262 39537453 : dst->st_ex_rdev = src->st_rdev;
263 39537453 : dst->st_ex_size = src->st_size;
264 39537453 : dst->st_ex_atime = get_atimespec(src);
265 39537453 : dst->st_ex_mtime = get_mtimespec(src);
266 39537453 : dst->st_ex_ctime = get_ctimespec(src);
267 39537453 : dst->st_ex_iflags = 0;
268 39537453 : make_create_timespec(src, dst, fake_dir_create_times);
269 : #ifdef HAVE_STAT_ST_BLKSIZE
270 39537453 : dst->st_ex_blksize = src->st_blksize;
271 : #else
272 : dst->st_ex_blksize = STAT_ST_BLOCKSIZE;
273 : #endif
274 :
275 : #ifdef HAVE_STAT_ST_BLOCKS
276 39537453 : dst->st_ex_blocks = src->st_blocks;
277 : #else
278 : dst->st_ex_blocks = src->st_size / dst->st_ex_blksize + 1;
279 : #endif
280 :
281 : #ifdef HAVE_STAT_ST_FLAGS
282 : dst->st_ex_flags = src->st_flags;
283 : #else
284 39537453 : dst->st_ex_flags = 0;
285 : #endif
286 39537453 : }
287 :
288 : /*******************************************************************
289 : A stat() wrapper.
290 : ********************************************************************/
291 :
292 5690028 : int sys_stat(const char *fname, SMB_STRUCT_STAT *sbuf,
293 : bool fake_dir_create_times)
294 : {
295 11179 : int ret;
296 11179 : struct stat statbuf;
297 5690028 : ret = stat(fname, &statbuf);
298 5690028 : if (ret == 0) {
299 : /* we always want directories to appear zero size */
300 5218679 : if (S_ISDIR(statbuf.st_mode)) {
301 4887600 : statbuf.st_size = 0;
302 : }
303 5218679 : init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
304 : }
305 5690028 : return ret;
306 : }
307 :
308 : /*******************************************************************
309 : An fstat() wrapper.
310 : ********************************************************************/
311 :
312 34214171 : int sys_fstat(int fd, SMB_STRUCT_STAT *sbuf, bool fake_dir_create_times)
313 : {
314 125539 : int ret;
315 125539 : struct stat statbuf;
316 34214171 : ret = fstat(fd, &statbuf);
317 34214171 : if (ret == 0) {
318 : /* we always want directories to appear zero size */
319 34213974 : if (S_ISDIR(statbuf.st_mode)) {
320 20509425 : statbuf.st_size = 0;
321 : }
322 34213974 : init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
323 : }
324 34214171 : return ret;
325 : }
326 :
327 : /*******************************************************************
328 : An lstat() wrapper.
329 : ********************************************************************/
330 :
331 82718 : int sys_lstat(const char *fname,SMB_STRUCT_STAT *sbuf,
332 : bool fake_dir_create_times)
333 : {
334 70 : int ret;
335 70 : struct stat statbuf;
336 82718 : ret = lstat(fname, &statbuf);
337 82718 : if (ret == 0) {
338 : /* we always want directories to appear zero size */
339 55310 : if (S_ISDIR(statbuf.st_mode)) {
340 27884 : statbuf.st_size = 0;
341 : }
342 55310 : init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
343 : }
344 82718 : return ret;
345 : }
346 :
347 : /*******************************************************************
348 : An fstatat() wrapper.
349 : ********************************************************************/
350 :
351 49865 : int sys_fstatat(int fd,
352 : const char *pathname,
353 : SMB_STRUCT_STAT *sbuf,
354 : int flags,
355 : bool fake_dir_create_times)
356 : {
357 156 : int ret;
358 156 : struct stat statbuf;
359 :
360 49865 : ret = fstatat(fd, pathname, &statbuf, flags);
361 49865 : if (ret != 0) {
362 375 : return -1;
363 : }
364 :
365 : /* we always want directories to appear zero size */
366 49490 : if (S_ISDIR(statbuf.st_mode)) {
367 12418 : statbuf.st_size = 0;
368 : }
369 49490 : init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
370 49490 : return 0;
371 : }
372 :
373 : /*******************************************************************
374 : An posix_fallocate() wrapper.
375 : ********************************************************************/
376 0 : int sys_posix_fallocate(int fd, off_t offset, off_t len)
377 : {
378 : #if defined(HAVE_POSIX_FALLOCATE)
379 0 : return posix_fallocate(fd, offset, len);
380 : #elif defined(F_RESVSP64)
381 : /* this handles XFS on IRIX */
382 : struct flock64 fl;
383 : off_t new_len = offset + len;
384 : int ret;
385 : struct stat64 sbuf;
386 :
387 : /* unlikely to get a too large file on a 64bit system but ... */
388 : if (new_len < 0)
389 : return EFBIG;
390 :
391 : fl.l_whence = SEEK_SET;
392 : fl.l_start = offset;
393 : fl.l_len = len;
394 :
395 : ret=fcntl(fd, F_RESVSP64, &fl);
396 :
397 : if (ret != 0)
398 : return errno;
399 :
400 : /* Make sure the file gets enlarged after we allocated space: */
401 : fstat64(fd, &sbuf);
402 : if (new_len > sbuf.st_size)
403 : ftruncate64(fd, new_len);
404 : return 0;
405 : #else
406 : return ENOSYS;
407 : #endif
408 : }
409 :
410 : /*******************************************************************
411 : An fallocate() function that matches the semantics of the Linux one.
412 : ********************************************************************/
413 :
414 : #ifdef HAVE_LINUX_FALLOC_H
415 : #include <linux/falloc.h>
416 : #endif
417 :
418 186 : int sys_fallocate(int fd, uint32_t mode, off_t offset, off_t len)
419 : {
420 : #if defined(HAVE_LINUX_FALLOCATE)
421 186 : int lmode = 0;
422 :
423 186 : if (mode & VFS_FALLOCATE_FL_KEEP_SIZE) {
424 186 : lmode |= FALLOC_FL_KEEP_SIZE;
425 186 : mode &= ~VFS_FALLOCATE_FL_KEEP_SIZE;
426 : }
427 :
428 : #if defined(HAVE_FALLOC_FL_PUNCH_HOLE)
429 186 : if (mode & VFS_FALLOCATE_FL_PUNCH_HOLE) {
430 186 : lmode |= FALLOC_FL_PUNCH_HOLE;
431 186 : mode &= ~VFS_FALLOCATE_FL_PUNCH_HOLE;
432 : }
433 : #endif /* HAVE_FALLOC_FL_PUNCH_HOLE */
434 :
435 186 : if (mode != 0) {
436 0 : DEBUG(2, ("unmapped fallocate flags: %lx\n",
437 : (unsigned long)mode));
438 0 : errno = EINVAL;
439 0 : return -1;
440 : }
441 186 : return fallocate(fd, lmode, offset, len);
442 : #else /* HAVE_LINUX_FALLOCATE */
443 : /* TODO - plumb in fallocate from other filesysetms like VXFS etc. JRA. */
444 : errno = ENOSYS;
445 : return -1;
446 : #endif /* HAVE_LINUX_FALLOCATE */
447 : }
448 :
449 : /*******************************************************************
450 : An fdopendir wrapper.
451 : ********************************************************************/
452 :
453 308340 : DIR *sys_fdopendir(int fd)
454 : {
455 : #if defined(HAVE_FDOPENDIR)
456 308340 : return fdopendir(fd);
457 : #else
458 : errno = ENOSYS;
459 : return NULL;
460 : #endif
461 : }
462 :
463 : /*******************************************************************
464 : An mknod() wrapper.
465 : ********************************************************************/
466 :
467 0 : int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev)
468 : {
469 : #if defined(HAVE_MKNOD)
470 0 : return mknod(path, mode, dev);
471 : #else
472 : /* No mknod system call. */
473 : errno = ENOSYS;
474 : return -1;
475 : #endif
476 : }
477 :
478 : /*******************************************************************
479 : A mknodat() wrapper.
480 : ********************************************************************/
481 :
482 2 : int sys_mknodat(int dirfd, const char *path, mode_t mode, SMB_DEV_T dev)
483 : {
484 : #if defined(HAVE_MKNODAT)
485 2 : return mknodat(dirfd, path, mode, dev);
486 : #else
487 : /* No mknod system call. */
488 : errno = ENOSYS;
489 : return -1;
490 : #endif
491 : }
492 :
493 : /*******************************************************************
494 : System wrapper for getwd. Always returns MALLOC'ed memory, or NULL
495 : on error (malloc fail usually).
496 : ********************************************************************/
497 :
498 104985 : char *sys_getwd(void)
499 : {
500 : #ifdef GETCWD_TAKES_NULL
501 104985 : return getcwd(NULL, 0);
502 : #elif defined(HAVE_GETCWD)
503 : char *wd = NULL, *s = NULL;
504 : size_t allocated = PATH_MAX;
505 :
506 : while (1) {
507 : s = SMB_REALLOC_ARRAY(s, char, allocated);
508 : if (s == NULL) {
509 : return NULL;
510 : }
511 : wd = getcwd(s, allocated);
512 : if (wd) {
513 : break;
514 : }
515 : if (errno != ERANGE) {
516 : int saved_errno = errno;
517 : SAFE_FREE(s);
518 : errno = saved_errno;
519 : break;
520 : }
521 : allocated *= 2;
522 : if (allocated < PATH_MAX) {
523 : SAFE_FREE(s);
524 : break;
525 : }
526 : }
527 : return wd;
528 : #else
529 : char *wd = NULL;
530 : char *s = SMB_MALLOC_ARRAY(char, PATH_MAX);
531 : if (s == NULL) {
532 : return NULL;
533 : }
534 : wd = getwd(s);
535 : if (wd == NULL) {
536 : int saved_errno = errno;
537 : SAFE_FREE(s);
538 : errno = saved_errno;
539 : }
540 : return wd;
541 : #endif
542 : }
543 :
544 : #if defined(HAVE_POSIX_CAPABILITIES)
545 :
546 : /**************************************************************************
547 : Try and abstract process capabilities (for systems that have them).
548 : ****************************************************************************/
549 :
550 : /* Set the POSIX capabilities needed for the given purpose into the effective
551 : * capability set of the current process. Make sure they are always removed
552 : * from the inheritable set, because there is no circumstance in which our
553 : * children should inherit our elevated privileges.
554 : */
555 7158 : static bool set_process_capability(enum smbd_capability capability,
556 : bool enable)
557 : {
558 : /* "5" is the number of "num_cap_vals++" below */
559 7158 : cap_value_t cap_vals[5] = {0};
560 7158 : size_t num_cap_vals = 0;
561 :
562 5 : cap_t cap;
563 :
564 : #if defined(HAVE_PRCTL) && defined(PR_GET_KEEPCAPS) && defined(PR_SET_KEEPCAPS)
565 : /* On Linux, make sure that any capabilities we grab are sticky
566 : * across UID changes. We expect that this would allow us to keep both
567 : * the effective and permitted capability sets, but as of circa 2.6.16,
568 : * only the permitted set is kept. It is a bug (which we work around)
569 : * that the effective set is lost, but we still require the effective
570 : * set to be kept.
571 : */
572 7158 : if (!prctl(PR_GET_KEEPCAPS)) {
573 882 : prctl(PR_SET_KEEPCAPS, 1);
574 : }
575 : #endif
576 :
577 7158 : cap = cap_get_proc();
578 7158 : if (cap == NULL) {
579 0 : DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
580 : strerror(errno)));
581 0 : return False;
582 : }
583 :
584 7158 : switch (capability) {
585 : /*
586 : * WARNING: If you add any #ifdef for a fresh
587 : * capability, bump up the array size in the
588 : * declaration of cap_vals[] above just to be
589 : * trivially safe to never overwrite cap_vals[].
590 : */
591 3147 : case KERNEL_OPLOCK_CAPABILITY:
592 : #ifdef CAP_NETWORK_MGT
593 : /* IRIX has CAP_NETWORK_MGT for oplocks. */
594 : cap_vals[num_cap_vals++] = CAP_NETWORK_MGT;
595 : #endif
596 3147 : break;
597 3147 : case DMAPI_ACCESS_CAPABILITY:
598 : #ifdef CAP_DEVICE_MGT
599 : /* IRIX has CAP_DEVICE_MGT for DMAPI access. */
600 : cap_vals[num_cap_vals++] = CAP_DEVICE_MGT;
601 : #elif CAP_MKNOD
602 : /* Linux has CAP_MKNOD for DMAPI access. */
603 3147 : cap_vals[num_cap_vals++] = CAP_MKNOD;
604 : #endif
605 3147 : break;
606 0 : case LEASE_CAPABILITY:
607 : #ifdef CAP_LEASE
608 0 : cap_vals[num_cap_vals++] = CAP_LEASE;
609 : #endif
610 0 : break;
611 864 : case DAC_OVERRIDE_CAPABILITY:
612 : #ifdef CAP_DAC_OVERRIDE
613 864 : cap_vals[num_cap_vals++] = CAP_DAC_OVERRIDE;
614 : #endif
615 : }
616 :
617 7158 : if (num_cap_vals == 0) {
618 3147 : cap_free(cap);
619 3147 : return True;
620 : }
621 :
622 4011 : cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
623 : enable ? CAP_SET : CAP_CLEAR);
624 :
625 : /* We never want to pass capabilities down to our children, so make
626 : * sure they are not inherited.
627 : */
628 4011 : cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
629 :
630 4011 : if (cap_set_proc(cap) == -1) {
631 864 : DBG_ERR("%s capability %d: cap_set_proc failed: %s\n",
632 : enable ? "adding" : "dropping",
633 : capability, strerror(errno));
634 864 : cap_free(cap);
635 864 : return False;
636 : }
637 3147 : DBG_INFO("%s capability %d\n",
638 : enable ? "added" : "dropped", capability);
639 :
640 3147 : cap_free(cap);
641 3147 : return True;
642 : }
643 :
644 : #endif /* HAVE_POSIX_CAPABILITIES */
645 :
646 : /****************************************************************************
647 : Gain the oplock capability from the kernel if possible.
648 : ****************************************************************************/
649 :
650 : #if defined(HAVE_POSIX_CAPABILITIES) && defined(CAP_DAC_OVERRIDE)
651 : static bool have_cap_dac_override = true;
652 : #else
653 : static bool have_cap_dac_override = false;
654 : #endif
655 :
656 386656 : void set_effective_capability(enum smbd_capability capability)
657 : {
658 386656 : bool ret = false;
659 :
660 386656 : if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
661 : #if defined(HAVE_POSIX_CAPABILITIES)
662 864 : ret = set_process_capability(capability, True);
663 : #endif /* HAVE_POSIX_CAPABILITIES */
664 : }
665 :
666 : /*
667 : * Fallback to become_root() if CAP_DAC_OVERRIDE is not
668 : * available.
669 : */
670 386656 : if (capability == DAC_OVERRIDE_CAPABILITY) {
671 386656 : if (!ret) {
672 386656 : have_cap_dac_override = false;
673 : }
674 386656 : if (!have_cap_dac_override) {
675 386656 : become_root();
676 : }
677 : }
678 386656 : }
679 :
680 392950 : void drop_effective_capability(enum smbd_capability capability)
681 : {
682 392950 : if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
683 : #if defined(HAVE_POSIX_CAPABILITIES)
684 6294 : set_process_capability(capability, False);
685 : #endif /* HAVE_POSIX_CAPABILITIES */
686 : } else {
687 386656 : unbecome_root();
688 : }
689 392950 : }
690 :
691 : /**************************************************************************
692 : Wrapper for random().
693 : ****************************************************************************/
694 :
695 1800 : long sys_random(void)
696 : {
697 : #if defined(HAVE_RANDOM)
698 1800 : return (long)random();
699 : #elif defined(HAVE_RAND)
700 : return (long)rand();
701 : #else
702 : DEBUG(0,("Error - no random function available !\n"));
703 : exit(1);
704 : #endif
705 : }
706 :
707 : /**************************************************************************
708 : Wrapper for srandom().
709 : ****************************************************************************/
710 :
711 43 : void sys_srandom(unsigned int seed)
712 : {
713 : #if defined(HAVE_SRANDOM)
714 43 : srandom(seed);
715 : #elif defined(HAVE_SRAND)
716 : srand(seed);
717 : #else
718 : DEBUG(0,("Error - no srandom function available !\n"));
719 : exit(1);
720 : #endif
721 43 : }
722 :
723 : #ifndef NGROUPS_MAX
724 : #define NGROUPS_MAX 32 /* Guess... */
725 : #endif
726 :
727 : /**************************************************************************
728 : Returns equivalent to NGROUPS_MAX - using sysconf if needed.
729 : ****************************************************************************/
730 :
731 47007 : int setgroups_max(void)
732 : {
733 : #if defined(SYSCONF_SC_NGROUPS_MAX)
734 47007 : int ret = sysconf(_SC_NGROUPS_MAX);
735 47007 : return (ret == -1) ? NGROUPS_MAX : ret;
736 : #else
737 : return NGROUPS_MAX;
738 : #endif
739 : }
740 :
741 47007 : int getgroups_max(void)
742 : {
743 : #if defined(DARWINOS)
744 : /*
745 : * On MacOS sysconf(_SC_NGROUPS_MAX) returns 16 due to MacOS's group
746 : * nesting. However, The initgroups() manpage states the following:
747 : * "Note that OS X supports group membership in an unlimited number
748 : * of groups. The OS X kernel uses the group list stored in the process
749 : * credentials only as an initial cache. Additional group memberships
750 : * are determined by communication between the operating system and the
751 : * opendirectoryd daemon."
752 : */
753 : return INT_MAX;
754 : #else
755 47007 : return setgroups_max();
756 : #endif
757 : }
758 :
759 : /**************************************************************************
760 : Wrap setgroups and getgroups for systems that declare getgroups() as
761 : returning an array of gid_t, but actually return an array of int.
762 : ****************************************************************************/
763 :
764 : #if defined(HAVE_BROKEN_GETGROUPS)
765 :
766 : #ifdef HAVE_BROKEN_GETGROUPS
767 : #define GID_T int
768 : #else
769 : #define GID_T gid_t
770 : #endif
771 :
772 : static int sys_broken_getgroups(int setlen, gid_t *gidset)
773 : {
774 : GID_T *group_list;
775 : int i, ngroups;
776 :
777 : if(setlen == 0) {
778 : return getgroups(0, NULL);
779 : }
780 :
781 : /*
782 : * Broken case. We need to allocate a
783 : * GID_T array of size setlen.
784 : */
785 :
786 : if(setlen < 0) {
787 : errno = EINVAL;
788 : return -1;
789 : }
790 :
791 : if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
792 : DEBUG(0,("sys_getgroups: Malloc fail.\n"));
793 : return -1;
794 : }
795 :
796 : if((ngroups = getgroups(setlen, group_list)) < 0) {
797 : int saved_errno = errno;
798 : SAFE_FREE(group_list);
799 : errno = saved_errno;
800 : return -1;
801 : }
802 :
803 : /*
804 : * We're safe here as if ngroups > setlen then
805 : * getgroups *must* return EINVAL.
806 : * pubs.opengroup.org/onlinepubs/009695399/functions/getgroups.html
807 : */
808 :
809 : for(i = 0; i < ngroups; i++)
810 : gidset[i] = (gid_t)group_list[i];
811 :
812 : SAFE_FREE(group_list);
813 : return ngroups;
814 : }
815 :
816 : static int sys_broken_setgroups(int setlen, gid_t *gidset)
817 : {
818 : GID_T *group_list;
819 : int i ;
820 :
821 : if (setlen == 0)
822 : return 0 ;
823 :
824 : if (setlen < 0 || setlen > setgroups_max()) {
825 : errno = EINVAL;
826 : return -1;
827 : }
828 :
829 : /*
830 : * Broken case. We need to allocate a
831 : * GID_T array of size setlen.
832 : */
833 :
834 : if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
835 : DEBUG(0,("sys_setgroups: Malloc fail.\n"));
836 : return -1;
837 : }
838 :
839 : for(i = 0; i < setlen; i++)
840 : group_list[i] = (GID_T) gidset[i];
841 :
842 : if(samba_setgroups(setlen, group_list) != 0) {
843 : int saved_errno = errno;
844 : SAFE_FREE(group_list);
845 : errno = saved_errno;
846 : return -1;
847 : }
848 :
849 : SAFE_FREE(group_list);
850 : return 0 ;
851 : }
852 :
853 : #endif /* HAVE_BROKEN_GETGROUPS */
854 :
855 : /* This is a list of systems that require the first GID passed to setgroups(2)
856 : * to be the effective GID. If your system is one of these, add it here.
857 : */
858 : #if defined (FREEBSD) || defined (DARWINOS)
859 : #define USE_BSD_SETGROUPS
860 : #endif
861 :
862 : #if defined(USE_BSD_SETGROUPS)
863 : /* Depending on the particular BSD implementation, the first GID that is
864 : * passed to setgroups(2) will either be ignored or will set the credential's
865 : * effective GID. In either case, the right thing to do is to guarantee that
866 : * gidset[0] is the effective GID.
867 : */
868 : static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset)
869 : {
870 : gid_t *new_gidset = NULL;
871 : int max;
872 : int ret;
873 :
874 : /* setgroups(2) will fail with EINVAL if we pass too many groups. */
875 : max = setgroups_max();
876 :
877 : /* No group list, just make sure we are setting the effective GID. */
878 : if (setlen == 0) {
879 : return samba_setgroups(1, &primary_gid);
880 : }
881 :
882 : /* If the primary gid is not the first array element, grow the array
883 : * and insert it at the front.
884 : */
885 : if (gidset[0] != primary_gid) {
886 : new_gidset = SMB_MALLOC_ARRAY(gid_t, setlen + 1);
887 : if (new_gidset == NULL) {
888 : return -1;
889 : }
890 :
891 : memcpy(new_gidset + 1, gidset, (setlen * sizeof(gid_t)));
892 : new_gidset[0] = primary_gid;
893 : setlen++;
894 : }
895 :
896 : if (setlen > max) {
897 : DEBUG(3, ("forced to truncate group list from %d to %d\n",
898 : setlen, max));
899 : setlen = max;
900 : }
901 :
902 : #if defined(HAVE_BROKEN_GETGROUPS)
903 : ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset);
904 : #else
905 : ret = samba_setgroups(setlen, new_gidset ? new_gidset : gidset);
906 : #endif
907 :
908 : if (new_gidset) {
909 : int errsav = errno;
910 : SAFE_FREE(new_gidset);
911 : errno = errsav;
912 : }
913 :
914 : return ret;
915 : }
916 :
917 : #endif /* USE_BSD_SETGROUPS */
918 :
919 : /**************************************************************************
920 : Wrapper for getgroups. Deals with broken (int) case.
921 : ****************************************************************************/
922 :
923 7621946 : int sys_getgroups(int setlen, gid_t *gidset)
924 : {
925 : #if defined(HAVE_BROKEN_GETGROUPS)
926 : return sys_broken_getgroups(setlen, gidset);
927 : #else
928 7621946 : return getgroups(setlen, gidset);
929 : #endif
930 : }
931 :
932 : /**************************************************************************
933 : Wrapper for setgroups. Deals with broken (int) case and BSD case.
934 : ****************************************************************************/
935 :
936 9923830 : int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset)
937 : {
938 : #if !defined(HAVE_SETGROUPS)
939 : errno = ENOSYS;
940 : return -1;
941 : #endif /* HAVE_SETGROUPS */
942 :
943 : #if defined(USE_BSD_SETGROUPS)
944 : return sys_bsd_setgroups(primary_gid, setlen, gidset);
945 : #elif defined(HAVE_BROKEN_GETGROUPS)
946 : return sys_broken_setgroups(setlen, gidset);
947 : #else
948 9923830 : return samba_setgroups(setlen, gidset);
949 : #endif
950 : }
951 :
952 : /****************************************************************************
953 : Return the major devicenumber for UNIX extensions.
954 : ****************************************************************************/
955 :
956 576 : uint32_t unix_dev_major(SMB_DEV_T dev)
957 : {
958 : #if defined(HAVE_DEVICE_MAJOR_FN)
959 576 : return (uint32_t)major(dev);
960 : #else
961 : return (uint32_t)(dev >> 8);
962 : #endif
963 : }
964 :
965 : /****************************************************************************
966 : Return the minor devicenumber for UNIX extensions.
967 : ****************************************************************************/
968 :
969 576 : uint32_t unix_dev_minor(SMB_DEV_T dev)
970 : {
971 : #if defined(HAVE_DEVICE_MINOR_FN)
972 576 : return (uint32_t)minor(dev);
973 : #else
974 : return (uint32_t)(dev & 0xff);
975 : #endif
976 : }
977 :
978 : /**************************************************************************
979 : Wrapper for realpath.
980 : ****************************************************************************/
981 :
982 3529080 : char *sys_realpath(const char *path)
983 : {
984 12206 : char *result;
985 :
986 : #ifdef REALPATH_TAKES_NULL
987 3529080 : result = realpath(path, NULL);
988 : #else
989 : result = SMB_MALLOC_ARRAY(char, PATH_MAX + 1);
990 : if (result) {
991 : char *resolved_path = realpath(path, result);
992 : if (!resolved_path) {
993 : SAFE_FREE(result);
994 : } else {
995 : /* SMB_ASSERT(result == resolved_path) ? */
996 : result = resolved_path;
997 : }
998 : }
999 : #endif
1000 3529080 : return result;
1001 : }
1002 :
1003 : #if 0
1004 : /*******************************************************************
1005 : Return the number of CPUs.
1006 : ********************************************************************/
1007 :
1008 : int sys_get_number_of_cores(void)
1009 : {
1010 : int ret = -1;
1011 :
1012 : #if defined(HAVE_SYSCONF)
1013 : #if defined(_SC_NPROCESSORS_ONLN)
1014 : ret = (int)sysconf(_SC_NPROCESSORS_ONLN);
1015 : #endif
1016 : #if defined(_SC_NPROCESSORS_CONF)
1017 : if (ret < 1) {
1018 : ret = (int)sysconf(_SC_NPROCESSORS_CONF);
1019 : }
1020 : #endif
1021 : #elif defined(HAVE_SYSCTL) && defined(CTL_HW)
1022 : int name[2];
1023 : unsigned int len = sizeof(ret);
1024 :
1025 : name[0] = CTL_HW;
1026 : #if defined(HW_AVAILCPU)
1027 : name[1] = HW_AVAILCPU;
1028 :
1029 : if (sysctl(name, 2, &ret, &len, NULL, 0) == -1) {
1030 : ret = -1;
1031 : }
1032 : #endif
1033 : #if defined(HW_NCPU)
1034 : if(ret < 1) {
1035 : name[0] = CTL_HW;
1036 : name[1] = HW_NCPU;
1037 : if (sysctl(nm, 2, &count, &len, NULL, 0) == -1) {
1038 : ret = -1;
1039 : }
1040 : }
1041 : #endif
1042 : #endif
1043 : if (ret < 1) {
1044 : ret = 1;
1045 : }
1046 : return ret;
1047 : }
1048 : #endif
1049 :
1050 201183 : bool sys_have_proc_fds(void)
1051 : {
1052 1273 : static bool checked = false;
1053 1273 : static bool have_proc_fds = false;
1054 1273 : struct stat sb;
1055 1273 : int ret;
1056 :
1057 201183 : if (checked) {
1058 172089 : return have_proc_fds;
1059 : }
1060 :
1061 29094 : ret = stat("/proc/self/fd/0", &sb);
1062 29091 : have_proc_fds = (ret == 0);
1063 29091 : checked = true;
1064 :
1065 29091 : return have_proc_fds;
1066 : }
1067 :
1068 144084 : char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf)
1069 : {
1070 399 : int written =
1071 144084 : snprintf(buf->buf, sizeof(buf->buf), "/proc/self/fd/%d", fd);
1072 :
1073 144084 : SMB_ASSERT(sys_have_proc_fds() && (written >= 0));
1074 :
1075 144083 : return buf->buf;
1076 : }
|
