search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:password_hash LDB module - introduce a "userPassword" flag which enables/disables...
[Samba.git] / source3 / smbd / uid.c
blobdd6af6d9c018950f38ffffd5607a43d98a24b471
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22 #include "../librpc/gen_ndr/netlogon.h"
23 #include "libcli/security/security.h"
24
25 /* what user is current? */
26 extern struct current_user current_user;
27
28 /****************************************************************************
29 Become the guest user without changing the security context stack.
30 ****************************************************************************/
31
32 bool change_to_guest(void)
33 {
34 struct passwd *pass;
35
36 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
37 if (!pass) {
38 return false;
39 }
40
41 #ifdef AIX
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
43 setting IDs */
44 initgroups(pass->pw_name, pass->pw_gid);
45 #endif
46
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
48
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
51
52 TALLOC_FREE(pass);
53
54 return true;
55 }
56
57 /****************************************************************************
58 talloc free the conn->server_info if not used in the vuid cache.
59 ****************************************************************************/
60
61 static void free_conn_server_info_if_unused(connection_struct *conn)
62 {
63 unsigned int i;
64
65 for (i = 0; i < VUID_CACHE_SIZE; i++) {
66 struct vuid_cache_entry *ent;
67 ent = &conn->vuid_cache.array[i];
68 if (ent->vuid != UID_FIELD_INVALID &&
69 conn->server_info == ent->server_info) {
70 return;
71 }
72 }
73 /* Not used, safe to free. */
74 TALLOC_FREE(conn->server_info);
75 }
76
77 /*******************************************************************
78 Check if a username is OK.
79
80 This sets up conn->server_info with a copy related to this vuser that
81 later code can then mess with.
82 ********************************************************************/
83
84 static bool check_user_ok(connection_struct *conn,
85 uint16_t vuid,
86 const struct auth_serversupplied_info *server_info,
87 int snum)
88 {
89 bool valid_vuid = (vuid != UID_FIELD_INVALID);
90 unsigned int i;
91 bool readonly_share;
92 bool admin_user;
93
94 if (valid_vuid) {
95 struct vuid_cache_entry *ent;
96
97 for (i=0; i<VUID_CACHE_SIZE; i++) {
98 ent = &conn->vuid_cache.array[i];
99 if (ent->vuid == vuid) {
100 free_conn_server_info_if_unused(conn);
101 conn->server_info = ent->server_info;
102 conn->read_only = ent->read_only;
103 return(True);
104 }
105 }
106 }
107
108 if (!user_ok_token(server_info->unix_name,
109 server_info->info3->base.domain.string,
110 server_info->ptok, snum))
111 return(False);
112
113 readonly_share = is_share_read_only_for_token(
114 server_info->unix_name,
115 server_info->info3->base.domain.string,
116 server_info->ptok,
117 conn);
118
119 if (!readonly_share &&
120 !share_access_check(server_info->ptok, lp_servicename(snum),
121 FILE_WRITE_DATA)) {
122 /* smb.conf allows r/w, but the security descriptor denies
123 * write. Fall back to looking at readonly. */
124 readonly_share = True;
125 DEBUG(5,("falling back to read-only access-evaluation due to "
126 "security descriptor\n"));
127 }
128
129 if (!share_access_check(server_info->ptok, lp_servicename(snum),
130 readonly_share ?
131 FILE_READ_DATA : FILE_WRITE_DATA)) {
132 return False;
133 }
134
135 admin_user = token_contains_name_in_list(
136 server_info->unix_name,
137 server_info->info3->base.domain.string,
138 NULL, server_info->ptok, lp_admin_users(snum));
139
140 if (valid_vuid) {
141 struct vuid_cache_entry *ent =
142 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
143
144 conn->vuid_cache.next_entry =
145 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
146
147 TALLOC_FREE(ent->server_info);
148
149 /*
150 * If force_user was set, all server_info's are based on the same
151 * username-based faked one.
152 */
153
154 ent->server_info = copy_serverinfo(
155 conn, conn->force_user ? conn->server_info : server_info);
156
157 if (ent->server_info == NULL) {
158 ent->vuid = UID_FIELD_INVALID;
159 return false;
160 }
161
162 ent->vuid = vuid;
163 ent->read_only = readonly_share;
164 free_conn_server_info_if_unused(conn);
165 conn->server_info = ent->server_info;
166 }
167
168 conn->read_only = readonly_share;
169 if (admin_user) {
170 DEBUG(2,("check_user_ok: user %s is an admin user. "
171 "Setting uid as %d\n",
172 conn->server_info->unix_name,
173 sec_initial_uid() ));
174 conn->server_info->utok.uid = sec_initial_uid();
175 }
176
177 return(True);
178 }
179
180 /****************************************************************************
181 Clear a vuid out of the connection's vuid cache
182 This is only called on SMBulogoff.
183 ****************************************************************************/
184
185 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
186 {
187 int i;
188
189 for (i=0; i<VUID_CACHE_SIZE; i++) {
190 struct vuid_cache_entry *ent;
191
192 ent = &conn->vuid_cache.array[i];
193
194 if (ent->vuid == vuid) {
195 ent->vuid = UID_FIELD_INVALID;
196 /*
197 * We need to keep conn->server_info around
198 * if it's equal to ent->server_info as a SMBulogoff
199 * is often followed by a SMBtdis (with an invalid
200 * vuid). The debug code (or regular code in
201 * vfs_full_audit) wants to refer to the
202 * conn->server_info pointer to print debug
203 * statements. Theoretically this is a bug,
204 * as once the vuid is gone the server_info
205 * on the conn struct isn't valid any more,
206 * but there's enough code that assumes
207 * conn->server_info is never null that
208 * it's easier to hold onto the old pointer
209 * until we get a new sessionsetupX.
210 * As everything is hung off the
211 * conn pointer as a talloc context we're not
212 * leaking memory here. See bug #6315. JRA.
213 */
214 if (conn->server_info == ent->server_info) {
215 ent->server_info = NULL;
216 } else {
217 TALLOC_FREE(ent->server_info);
218 }
219 ent->read_only = False;
220 }
221 }
222 }
223
224 /****************************************************************************
225 Become the user of a connection number without changing the security context
226 stack, but modify the current_user entries.
227 ****************************************************************************/
228
229 bool change_to_user(connection_struct *conn, uint16 vuid)
230 {
231 const struct auth_serversupplied_info *server_info = NULL;
232 user_struct *vuser = get_valid_user_struct(conn->sconn, vuid);
233 int snum;
234 gid_t gid;
235 uid_t uid;
236 char group_c;
237 int num_groups = 0;
238 gid_t *group_list = NULL;
239
240 if (!conn) {
241 DEBUG(2,("change_to_user: Connection not open\n"));
242 return(False);
243 }
244
245 /*
246 * We need a separate check in security=share mode due to vuid
247 * always being UID_FIELD_INVALID. If we don't do this then
248 * in share mode security we are *always* changing uid's between
249 * SMB's - this hurts performance - Badly.
250 */
251
252 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
253 (current_user.ut.uid == conn->server_info->utok.uid)) {
254 DEBUG(4,("change_to_user: Skipping user change - already "
255 "user\n"));
256 return(True);
257 } else if ((current_user.conn == conn) &&
258 (vuser != NULL) && (current_user.vuid == vuid) &&
259 (current_user.ut.uid == vuser->server_info->utok.uid)) {
260 DEBUG(4,("change_to_user: Skipping user change - already "
261 "user\n"));
262 return(True);
263 }
264
265 snum = SNUM(conn);
266
267 server_info = vuser ? vuser->server_info : conn->server_info;
268
269 if (!server_info) {
270 /* Invalid vuid sent - even with security = share. */
271 DEBUG(2,("change_to_user: Invalid vuid %d used on "
272 "share %s.\n",vuid, lp_servicename(snum) ));
273 return false;
274 }
275
276 if (!check_user_ok(conn, vuid, server_info, snum)) {
277 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
278 "not permitted access to share %s.\n",
279 server_info->sanitized_username,
280 server_info->unix_name, vuid,
281 lp_servicename(snum)));
282 return false;
283 }
284
285 /* security = share sets force_user. */
286 if (!conn->force_user && !vuser) {
287 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
288 "share %s.\n",vuid, lp_servicename(snum) ));
289 return False;
290 }
291
292 /*
293 * conn->server_info is now correctly set up with a copy we can mess
294 * with for force_group etc.
295 */
296
297 uid = conn->server_info->utok.uid;
298 gid = conn->server_info->utok.gid;
299 num_groups = conn->server_info->utok.ngroups;
300 group_list = conn->server_info->utok.groups;
301
302 /*
303 * See if we should force group for this service.
304 * If so this overrides any group set in the force
305 * user code.
306 */
307
308 if((group_c = *lp_force_group(snum))) {
309
310 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
311
312 if(group_c == '+') {
313
314 /*
315 * Only force group if the user is a member of
316 * the service group. Check the group memberships for
317 * this user (we already have this) to
318 * see if we should force the group.
319 */
320
321 int i;
322 for (i = 0; i < num_groups; i++) {
323 if (group_list[i]
324 == conn->force_group_gid) {
325 conn->server_info->utok.gid =
326 conn->force_group_gid;
327 gid = conn->force_group_gid;
328 gid_to_sid(&conn->server_info->ptok
329 ->sids[1], gid);
330 break;
331 }
332 }
333 } else {
334 conn->server_info->utok.gid = conn->force_group_gid;
335 gid = conn->force_group_gid;
336 gid_to_sid(&conn->server_info->ptok->sids[1],
337 gid);
338 }
339 }
340
341 /* Now set current_user since we will immediately also call
342 set_sec_ctx() */
343
344 current_user.ut.ngroups = num_groups;
345 current_user.ut.groups = group_list;
346
347 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
348 conn->server_info->ptok);
349
350 current_user.conn = conn;
351 current_user.vuid = vuid;
352
353 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
354 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
355
356 return(True);
357 }
358
359 /****************************************************************************
360 Go back to being root without changing the security context stack,
361 but modify the current_user entries.
362 ****************************************************************************/
363
364 bool change_to_root_user(void)
365 {
366 set_root_sec_ctx();
367
368 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
369 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
370
371 current_user.conn = NULL;
372 current_user.vuid = UID_FIELD_INVALID;
373
374 return(True);
375 }
376
377 /****************************************************************************
378 Become the user of an authenticated connected named pipe.
379 When this is called we are currently running as the connection
380 user. Doesn't modify current_user.
381 ****************************************************************************/
382
383 bool become_authenticated_pipe_user(struct pipes_struct *p)
384 {
385 if (!push_sec_ctx())
386 return False;
387
388 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
389 p->server_info->utok.ngroups, p->server_info->utok.groups,
390 p->server_info->ptok);
391
392 return True;
393 }
394
395 /****************************************************************************
396 Unbecome the user of an authenticated connected named pipe.
397 When this is called we are running as the authenticated pipe
398 user and need to go back to being the connection user. Doesn't modify
399 current_user.
400 ****************************************************************************/
401
402 bool unbecome_authenticated_pipe_user(void)
403 {
404 return pop_sec_ctx();
405 }
406
407 /****************************************************************************
408 Utility functions used by become_xxx/unbecome_xxx.
409 ****************************************************************************/
410
411 static void push_conn_ctx(void)
412 {
413 struct conn_ctx *ctx_p;
414
415 /* Check we don't overflow our stack */
416
417 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
418 DEBUG(0, ("Connection context stack overflow!\n"));
419 smb_panic("Connection context stack overflow!\n");
420 }
421
422 /* Store previous user context */
423 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
424
425 ctx_p->conn = current_user.conn;
426 ctx_p->vuid = current_user.vuid;
427
428 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
429 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
430
431 conn_ctx_stack_ndx++;
432 }
433
434 static void pop_conn_ctx(void)
435 {
436 struct conn_ctx *ctx_p;
437
438 /* Check for stack underflow. */
439
440 if (conn_ctx_stack_ndx == 0) {
441 DEBUG(0, ("Connection context stack underflow!\n"));
442 smb_panic("Connection context stack underflow!\n");
443 }
444
445 conn_ctx_stack_ndx--;
446 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
447
448 current_user.conn = ctx_p->conn;
449 current_user.vuid = ctx_p->vuid;
450
451 ctx_p->conn = NULL;
452 ctx_p->vuid = UID_FIELD_INVALID;
453 }
454
455 /****************************************************************************
456 Temporarily become a root user. Must match with unbecome_root(). Saves and
457 restores the connection context.
458 ****************************************************************************/
459
460 void become_root(void)
461 {
462 /*
463 * no good way to handle push_sec_ctx() failing without changing
464 * the prototype of become_root()
465 */
466 if (!push_sec_ctx()) {
467 smb_panic("become_root: push_sec_ctx failed");
468 }
469 push_conn_ctx();
470 set_root_sec_ctx();
471 }
472
473 /* Unbecome the root user */
474
475 void unbecome_root(void)
476 {
477 pop_sec_ctx();
478 pop_conn_ctx();
479 }
480
481 /****************************************************************************
482 Push the current security context then force a change via change_to_user().
483 Saves and restores the connection context.
484 ****************************************************************************/
485
486 bool become_user(connection_struct *conn, uint16 vuid)
487 {
488 if (!push_sec_ctx())
489 return False;
490
491 push_conn_ctx();
492
493 if (!change_to_user(conn, vuid)) {
494 pop_sec_ctx();
495 pop_conn_ctx();
496 return False;
497 }
498
499 return True;
500 }
501
502 bool unbecome_user(void)
503 {
504 pop_sec_ctx();
505 pop_conn_ctx();
506 return True;
507 }
508
509 /****************************************************************************
510 Return the current user we are running effectively as on this connection.
511 I'd like to make this return conn->server_info->utok.uid, but become_root()
512 doesn't alter this value.
513 ****************************************************************************/
514
515 uid_t get_current_uid(connection_struct *conn)
516 {
517 return current_user.ut.uid;
518 }
519
520 /****************************************************************************
521 Return the current group we are running effectively as on this connection.
522 I'd like to make this return conn->server_info->utok.gid, but become_root()
523 doesn't alter this value.
524 ****************************************************************************/
525
526 gid_t get_current_gid(connection_struct *conn)
527 {
528 return current_user.ut.gid;
529 }
530
531 /****************************************************************************
532 Return the UNIX token we are running effectively as on this connection.
533 I'd like to make this return &conn->server_info->utok, but become_root()
534 doesn't alter this value.
535 ****************************************************************************/
536
537 const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn)
538 {
539 return &current_user.ut;
540 }
541
542 const struct security_token *get_current_nttok(connection_struct *conn)
543 {
544 return current_user.nt_user_token;
545 }
546
547 uint16_t get_current_vuid(connection_struct *conn)
548 {
549 return current_user.vuid;
550 }
Samba GIT mirror