2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* what user is current? */
24 extern struct current_user current_user
;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 BOOL
change_to_guest(void)
32 static struct passwd
*pass
=NULL
;
35 /* Don't need to free() this as its stored in a static */
36 pass
= getpwnam_alloc(lp_guestaccount());
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
44 initgroups(pass
->pw_name
, pass
->pw_gid
);
47 set_sec_ctx(pass
->pw_uid
, pass
->pw_gid
, 0, NULL
, NULL
);
49 current_user
.conn
= NULL
;
50 current_user
.vuid
= UID_FIELD_INVALID
;
57 /****************************************************************************
58 Readonly share for this user ?
59 ****************************************************************************/
61 static BOOL
is_share_read_only_for_user(connection_struct
*conn
, user_struct
*vuser
)
64 const char *service
= lp_servicename(conn
->service
);
65 BOOL read_only_ret
= lp_readonly(conn
->service
);
70 str_list_copy(&list
, lp_readlist(conn
->service
));
72 if (!str_list_sub_basic(list
, vuser
->user
.smb_name
) ) {
73 DEBUG(0, ("is_share_read_only_for_user: ERROR: read list substitution failed\n"));
75 if (!str_list_substitute(list
, "%S", service
)) {
76 DEBUG(0, ("is_share_read_only_for_user: ERROR: read list service substitution failed\n"));
78 if (user_in_list(vuser
->user
.unix_name
, (const char **)list
, vuser
->groups
, vuser
->n_groups
)) {
84 str_list_copy(&list
, lp_writelist(conn
->service
));
86 if (!str_list_sub_basic(list
, vuser
->user
.smb_name
) ) {
87 DEBUG(0, ("is_share_read_only_for_user: ERROR: write list substitution failed\n"));
89 if (!str_list_substitute(list
, "%S", service
)) {
90 DEBUG(0, ("is_share_read_only_for_user: ERROR: write list service substitution failed\n"));
92 if (user_in_list(vuser
->user
.unix_name
, (const char **)list
, vuser
->groups
, vuser
->n_groups
)) {
93 read_only_ret
= False
;
98 DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user %s\n",
99 service
, read_only_ret
? "read-only" : "read-write", vuser
->user
.unix_name
));
101 return read_only_ret
;
104 /*******************************************************************
105 Check if a username is OK.
106 ********************************************************************/
108 static BOOL
check_user_ok(connection_struct
*conn
, user_struct
*vuser
,int snum
)
111 struct vuid_cache_entry
*ent
= NULL
;
114 for (i
=0;i
<conn
->vuid_cache
.entries
&& i
< VUID_CACHE_SIZE
;i
++) {
115 if (conn
->vuid_cache
.array
[i
].vuid
== vuser
->vuid
) {
116 ent
= &conn
->vuid_cache
.array
[i
];
117 conn
->read_only
= ent
->read_only
;
118 conn
->admin_user
= ent
->admin_user
;
123 if (!user_ok(vuser
->user
.unix_name
,snum
, vuser
->groups
, vuser
->n_groups
))
126 readonly_share
= is_share_read_only_for_user(conn
, vuser
);
128 if (!readonly_share
&&
129 !share_access_check(conn
, snum
, vuser
, FILE_WRITE_DATA
)) {
130 /* smb.conf allows r/w, but the security descriptor denies
131 * write. Fall back to looking at readonly. */
132 readonly_share
= True
;
133 DEBUG(5,("falling back to read-only access-evaluation due to security descriptor\n"));
136 if (!share_access_check(conn
, snum
, vuser
, readonly_share
? FILE_READ_DATA
: FILE_WRITE_DATA
)) {
140 i
= conn
->vuid_cache
.entries
% VUID_CACHE_SIZE
;
141 if (conn
->vuid_cache
.entries
< VUID_CACHE_SIZE
)
142 conn
->vuid_cache
.entries
++;
144 ent
= &conn
->vuid_cache
.array
[i
];
145 ent
->vuid
= vuser
->vuid
;
146 ent
->read_only
= readonly_share
;
148 if (user_in_list(vuser
->user
.unix_name
,lp_admin_users(conn
->service
), vuser
->groups
, vuser
->n_groups
)) {
149 ent
->admin_user
= True
;
151 ent
->admin_user
= False
;
154 conn
->read_only
= ent
->read_only
;
155 conn
->admin_user
= ent
->admin_user
;
160 /****************************************************************************
161 Become the user of a connection number without changing the security context
162 stack, but modify the currnet_user entries.
163 ****************************************************************************/
165 BOOL
change_to_user(connection_struct
*conn
, uint16 vuid
)
167 user_struct
*vuser
= get_valid_user_struct(vuid
);
172 BOOL must_free_token
= False
;
173 NT_USER_TOKEN
*token
= NULL
;
176 DEBUG(2,("change_to_user: Connection not open\n"));
181 * We need a separate check in security=share mode due to vuid
182 * always being UID_FIELD_INVALID. If we don't do this then
183 * in share mode security we are *always* changing uid's between
184 * SMB's - this hurts performance - Badly.
187 if((lp_security() == SEC_SHARE
) && (current_user
.conn
== conn
) &&
188 (current_user
.uid
== conn
->uid
)) {
189 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
191 } else if ((current_user
.conn
== conn
) &&
192 (vuser
!= 0) && (current_user
.vuid
== vuid
) &&
193 (current_user
.uid
== vuser
->uid
)) {
194 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
200 if ((vuser
) && !check_user_ok(conn
, vuser
, snum
)) {
201 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
202 vuser
->user
.smb_name
, vuser
->user
.unix_name
, vuid
, lp_servicename(snum
)));
206 if (conn
->force_user
) /* security = share sets this too */ {
209 current_user
.groups
= conn
->groups
;
210 current_user
.ngroups
= conn
->ngroups
;
211 token
= conn
->nt_user_token
;
213 uid
= conn
->admin_user
? 0 : vuser
->uid
;
215 current_user
.ngroups
= vuser
->n_groups
;
216 current_user
.groups
= vuser
->groups
;
217 token
= vuser
->nt_user_token
;
219 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid
, lp_servicename(snum
) ));
224 * See if we should force group for this service.
225 * If so this overrides any group set in the force
229 if((group_c
= *lp_force_group(snum
))) {
230 BOOL is_guest
= False
;
235 * Only force group if the user is a member of
236 * the service group. Check the group memberships for
237 * this user (we already have this) to
238 * see if we should force the group.
242 for (i
= 0; i
< current_user
.ngroups
; i
++) {
243 if (current_user
.groups
[i
] == conn
->gid
) {
253 * We've changed the group list in the token - we must
257 if (vuser
&& vuser
->guest
)
260 token
= create_nt_token(uid
, gid
, current_user
.ngroups
, current_user
.groups
, is_guest
);
262 DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
265 must_free_token
= True
;
268 set_sec_ctx(uid
, gid
, current_user
.ngroups
, current_user
.groups
, token
);
271 * Free the new token (as set_sec_ctx copies it).
275 delete_nt_token(&token
);
277 current_user
.conn
= conn
;
278 current_user
.vuid
= vuid
;
280 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
281 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
286 /****************************************************************************
287 Go back to being root without changing the security context stack,
288 but modify the current_user entries.
289 ****************************************************************************/
291 BOOL
change_to_root_user(void)
295 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
296 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
298 current_user
.conn
= NULL
;
299 current_user
.vuid
= UID_FIELD_INVALID
;
304 /****************************************************************************
305 Become the user of an authenticated connected named pipe.
306 When this is called we are currently running as the connection
307 user. Doesn't modify current_user.
308 ****************************************************************************/
310 BOOL
become_authenticated_pipe_user(pipes_struct
*p
)
315 set_sec_ctx(p
->pipe_user
.uid
, p
->pipe_user
.gid
,
316 p
->pipe_user
.ngroups
, p
->pipe_user
.groups
, p
->pipe_user
.nt_user_token
);
321 /****************************************************************************
322 Unbecome the user of an authenticated connected named pipe.
323 When this is called we are running as the authenticated pipe
324 user and need to go back to being the connection user. Doesn't modify
326 ****************************************************************************/
328 BOOL
unbecome_authenticated_pipe_user(void)
330 return pop_sec_ctx();
333 /****************************************************************************
334 Utility functions used by become_xxx/unbecome_xxx.
335 ****************************************************************************/
338 connection_struct
*conn
;
342 /* A stack of current_user connection contexts. */
344 static struct conn_ctx conn_ctx_stack
[MAX_SEC_CTX_DEPTH
];
345 static int conn_ctx_stack_ndx
;
347 static void push_conn_ctx(void)
349 struct conn_ctx
*ctx_p
;
351 /* Check we don't overflow our stack */
353 if (conn_ctx_stack_ndx
== MAX_SEC_CTX_DEPTH
) {
354 DEBUG(0, ("Connection context stack overflow!\n"));
355 smb_panic("Connection context stack overflow!\n");
358 /* Store previous user context */
359 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
361 ctx_p
->conn
= current_user
.conn
;
362 ctx_p
->vuid
= current_user
.vuid
;
364 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
365 (unsigned int)ctx_p
->vuid
, conn_ctx_stack_ndx
));
367 conn_ctx_stack_ndx
++;
370 static void pop_conn_ctx(void)
372 struct conn_ctx
*ctx_p
;
374 /* Check for stack underflow. */
376 if (conn_ctx_stack_ndx
== 0) {
377 DEBUG(0, ("Connection context stack underflow!\n"));
378 smb_panic("Connection context stack underflow!\n");
381 conn_ctx_stack_ndx
--;
382 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
384 current_user
.conn
= ctx_p
->conn
;
385 current_user
.vuid
= ctx_p
->vuid
;
388 ctx_p
->vuid
= UID_FIELD_INVALID
;
391 /****************************************************************************
392 Temporarily become a root user. Must match with unbecome_root(). Saves and
393 restores the connection context.
394 ****************************************************************************/
396 void become_root(void)
403 /* Unbecome the root user */
405 void unbecome_root(void)
411 /****************************************************************************
412 Push the current security context then force a change via change_to_user().
413 Saves and restores the connection context.
414 ****************************************************************************/
416 BOOL
become_user(connection_struct
*conn
, uint16 vuid
)
423 if (!change_to_user(conn
, vuid
)) {
432 BOOL
unbecome_user(void)