search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libsmbconf: Convert smbconf_set_parameter() to sbcErr.
[Samba.git] / source3 / smbd / uid.c
blobb554b36054b9573e71db8a66fe76cd7afb9ce821
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28 #include "ntdomain.h"
29
30 /* what user is current? */
31 extern struct current_user current_user;
32
33 /****************************************************************************
34 Become the guest user without changing the security context stack.
35 ****************************************************************************/
36
37 bool change_to_guest(void)
38 {
39 struct passwd *pass;
40
41 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
42 if (!pass) {
43 return false;
44 }
45
46 #ifdef AIX
47 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
48 setting IDs */
49 initgroups(pass->pw_name, pass->pw_gid);
50 #endif
51
52 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
53
54 current_user.conn = NULL;
55 current_user.vuid = UID_FIELD_INVALID;
56
57 TALLOC_FREE(pass);
58
59 return true;
60 }
61
62 /****************************************************************************
63 talloc free the conn->session_info if not used in the vuid cache.
64 ****************************************************************************/
65
66 static void free_conn_session_info_if_unused(connection_struct *conn)
67 {
68 unsigned int i;
69
70 for (i = 0; i < VUID_CACHE_SIZE; i++) {
71 struct vuid_cache_entry *ent;
72 ent = &conn->vuid_cache.array[i];
73 if (ent->vuid != UID_FIELD_INVALID &&
74 conn->session_info == ent->session_info) {
75 return;
76 }
77 }
78 /* Not used, safe to free. */
79 TALLOC_FREE(conn->session_info);
80 }
81
82 /*******************************************************************
83 Check if a username is OK.
84
85 This sets up conn->session_info with a copy related to this vuser that
86 later code can then mess with.
87 ********************************************************************/
88
89 static bool check_user_ok(connection_struct *conn,
90 uint16_t vuid,
91 const struct auth_serversupplied_info *session_info,
92 int snum)
93 {
94 bool valid_vuid = (vuid != UID_FIELD_INVALID);
95 unsigned int i;
96 bool readonly_share;
97 bool admin_user;
98
99 if (valid_vuid) {
100 struct vuid_cache_entry *ent;
101
102 for (i=0; i<VUID_CACHE_SIZE; i++) {
103 ent = &conn->vuid_cache.array[i];
104 if (ent->vuid == vuid) {
105 free_conn_session_info_if_unused(conn);
106 conn->session_info = ent->session_info;
107 conn->read_only = ent->read_only;
108 return(True);
109 }
110 }
111 }
112
113 if (!user_ok_token(session_info->unix_name,
114 session_info->info3->base.domain.string,
115 session_info->security_token, snum))
116 return(False);
117
118 readonly_share = is_share_read_only_for_token(
119 session_info->unix_name,
120 session_info->info3->base.domain.string,
121 session_info->security_token,
122 conn);
123
124 if (!readonly_share &&
125 !share_access_check(session_info->security_token, lp_servicename(snum),
126 FILE_WRITE_DATA)) {
127 /* smb.conf allows r/w, but the security descriptor denies
128 * write. Fall back to looking at readonly. */
129 readonly_share = True;
130 DEBUG(5,("falling back to read-only access-evaluation due to "
131 "security descriptor\n"));
132 }
133
134 if (!share_access_check(session_info->security_token, lp_servicename(snum),
135 readonly_share ?
136 FILE_READ_DATA : FILE_WRITE_DATA)) {
137 return False;
138 }
139
140 admin_user = token_contains_name_in_list(
141 session_info->unix_name,
142 session_info->info3->base.domain.string,
143 NULL, session_info->security_token, lp_admin_users(snum));
144
145 if (valid_vuid) {
146 struct vuid_cache_entry *ent =
147 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
148
149 conn->vuid_cache.next_entry =
150 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
151
152 TALLOC_FREE(ent->session_info);
153
154 /*
155 * If force_user was set, all session_info's are based on the same
156 * username-based faked one.
157 */
158
159 ent->session_info = copy_serverinfo(
160 conn, conn->force_user ? conn->session_info : session_info);
161
162 if (ent->session_info == NULL) {
163 ent->vuid = UID_FIELD_INVALID;
164 return false;
165 }
166
167 ent->vuid = vuid;
168 ent->read_only = readonly_share;
169 free_conn_session_info_if_unused(conn);
170 conn->session_info = ent->session_info;
171 }
172
173 conn->read_only = readonly_share;
174 if (admin_user) {
175 DEBUG(2,("check_user_ok: user %s is an admin user. "
176 "Setting uid as %d\n",
177 conn->session_info->unix_name,
178 sec_initial_uid() ));
179 conn->session_info->utok.uid = sec_initial_uid();
180 }
181
182 return(True);
183 }
184
185 /****************************************************************************
186 Clear a vuid out of the connection's vuid cache
187 This is only called on SMBulogoff.
188 ****************************************************************************/
189
190 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
191 {
192 int i;
193
194 for (i=0; i<VUID_CACHE_SIZE; i++) {
195 struct vuid_cache_entry *ent;
196
197 ent = &conn->vuid_cache.array[i];
198
199 if (ent->vuid == vuid) {
200 ent->vuid = UID_FIELD_INVALID;
201 /*
202 * We need to keep conn->session_info around
203 * if it's equal to ent->session_info as a SMBulogoff
204 * is often followed by a SMBtdis (with an invalid
205 * vuid). The debug code (or regular code in
206 * vfs_full_audit) wants to refer to the
207 * conn->session_info pointer to print debug
208 * statements. Theoretically this is a bug,
209 * as once the vuid is gone the session_info
210 * on the conn struct isn't valid any more,
211 * but there's enough code that assumes
212 * conn->session_info is never null that
213 * it's easier to hold onto the old pointer
214 * until we get a new sessionsetupX.
215 * As everything is hung off the
216 * conn pointer as a talloc context we're not
217 * leaking memory here. See bug #6315. JRA.
218 */
219 if (conn->session_info == ent->session_info) {
220 ent->session_info = NULL;
221 } else {
222 TALLOC_FREE(ent->session_info);
223 }
224 ent->read_only = False;
225 }
226 }
227 }
228
229 /****************************************************************************
230 Become the user of a connection number without changing the security context
231 stack, but modify the current_user entries.
232 ****************************************************************************/
233
234 static bool change_to_user_internal(connection_struct *conn,
235 const struct auth_serversupplied_info *session_info,
236 uint16_t vuid)
237 {
238 int snum;
239 gid_t gid;
240 uid_t uid;
241 char group_c;
242 int num_groups = 0;
243 gid_t *group_list = NULL;
244 bool ok;
245
246 snum = SNUM(conn);
247
248 ok = check_user_ok(conn, vuid, session_info, snum);
249 if (!ok) {
250 DEBUG(2,("SMB user %s (unix user %s) "
251 "not permitted access to share %s.\n",
252 session_info->sanitized_username,
253 session_info->unix_name,
254 lp_servicename(snum)));
255 return false;
256 }
257
258 uid = conn->session_info->utok.uid;
259 gid = conn->session_info->utok.gid;
260 num_groups = conn->session_info->utok.ngroups;
261 group_list = conn->session_info->utok.groups;
262
263 /*
264 * See if we should force group for this service. If so this overrides
265 * any group set in the force user code.
266 */
267 if((group_c = *lp_force_group(snum))) {
268
269 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
270
271 if (group_c == '+') {
272 int i;
273
274 /*
275 * Only force group if the user is a member of the
276 * service group. Check the group memberships for this
277 * user (we already have this) to see if we should force
278 * the group.
279 */
280 for (i = 0; i < num_groups; i++) {
281 if (group_list[i] == conn->force_group_gid) {
282 conn->session_info->utok.gid =
283 conn->force_group_gid;
284 gid = conn->force_group_gid;
285 gid_to_sid(&conn->session_info->security_token
286 ->sids[1], gid);
287 break;
288 }
289 }
290 } else {
291 conn->session_info->utok.gid = conn->force_group_gid;
292 gid = conn->force_group_gid;
293 gid_to_sid(&conn->session_info->security_token->sids[1],
294 gid);
295 }
296 }
297
298 /*Set current_user since we will immediately also call set_sec_ctx() */
299 current_user.ut.ngroups = num_groups;
300 current_user.ut.groups = group_list;
301
302 set_sec_ctx(uid,
303 gid,
304 current_user.ut.ngroups,
305 current_user.ut.groups,
306 conn->session_info->security_token);
307
308 current_user.conn = conn;
309 current_user.vuid = vuid;
310
311 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
312 (int)getuid(),
313 (int)geteuid(),
314 (int)getgid(),
315 (int)getegid()));
316
317 return true;
318 }
319
320 bool change_to_user(connection_struct *conn, uint16_t vuid)
321 {
322 const struct auth_serversupplied_info *session_info = NULL;
323 user_struct *vuser;
324 int snum = SNUM(conn);
325
326 if (!conn) {
327 DEBUG(2,("Connection not open\n"));
328 return(False);
329 }
330
331 vuser = get_valid_user_struct(conn->sconn, vuid);
332
333 /*
334 * We need a separate check in security=share mode due to vuid
335 * always being UID_FIELD_INVALID. If we don't do this then
336 * in share mode security we are *always* changing uid's between
337 * SMB's - this hurts performance - Badly.
338 */
339
340 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
341 (current_user.ut.uid == conn->session_info->utok.uid)) {
342 DEBUG(4,("Skipping user change - already "
343 "user\n"));
344 return(True);
345 } else if ((current_user.conn == conn) &&
346 (vuser != NULL) && (current_user.vuid == vuid) &&
347 (current_user.ut.uid == vuser->session_info->utok.uid)) {
348 DEBUG(4,("Skipping user change - already "
349 "user\n"));
350 return(True);
351 }
352
353 session_info = vuser ? vuser->session_info : conn->session_info;
354
355 if (session_info == NULL) {
356 /* Invalid vuid sent - even with security = share. */
357 DEBUG(2,("Invalid vuid %d used on "
358 "share %s.\n", vuid, lp_servicename(snum) ));
359 return false;
360 }
361
362 /* security = share sets force_user. */
363 if (!conn->force_user && vuser == NULL) {
364 DEBUG(2,("Invalid vuid used %d in accessing "
365 "share %s.\n", vuid, lp_servicename(snum) ));
366 return False;
367 }
368
369 return change_to_user_internal(conn, session_info, vuid);
370 }
371
372 bool change_to_user_by_session(connection_struct *conn,
373 const struct auth_serversupplied_info *session_info)
374 {
375 SMB_ASSERT(conn != NULL);
376 SMB_ASSERT(session_info != NULL);
377
378 if ((current_user.conn == conn) &&
379 (current_user.ut.uid == session_info->utok.uid)) {
380 DEBUG(7, ("Skipping user change - already user\n"));
381
382 return true;
383 }
384
385 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
386 }
387
388 /****************************************************************************
389 Go back to being root without changing the security context stack,
390 but modify the current_user entries.
391 ****************************************************************************/
392
393 bool change_to_root_user(void)
394 {
395 set_root_sec_ctx();
396
397 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
398 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
399
400 current_user.conn = NULL;
401 current_user.vuid = UID_FIELD_INVALID;
402
403 return(True);
404 }
405
406 /****************************************************************************
407 Become the user of an authenticated connected named pipe.
408 When this is called we are currently running as the connection
409 user. Doesn't modify current_user.
410 ****************************************************************************/
411
412 bool become_authenticated_pipe_user(struct pipes_struct *p)
413 {
414 if (!push_sec_ctx())
415 return False;
416
417 set_sec_ctx(p->session_info->utok.uid, p->session_info->utok.gid,
418 p->session_info->utok.ngroups, p->session_info->utok.groups,
419 p->session_info->security_token);
420
421 return True;
422 }
423
424 /****************************************************************************
425 Unbecome the user of an authenticated connected named pipe.
426 When this is called we are running as the authenticated pipe
427 user and need to go back to being the connection user. Doesn't modify
428 current_user.
429 ****************************************************************************/
430
431 bool unbecome_authenticated_pipe_user(void)
432 {
433 return pop_sec_ctx();
434 }
435
436 /****************************************************************************
437 Utility functions used by become_xxx/unbecome_xxx.
438 ****************************************************************************/
439
440 static void push_conn_ctx(void)
441 {
442 struct conn_ctx *ctx_p;
443
444 /* Check we don't overflow our stack */
445
446 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
447 DEBUG(0, ("Connection context stack overflow!\n"));
448 smb_panic("Connection context stack overflow!\n");
449 }
450
451 /* Store previous user context */
452 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
453
454 ctx_p->conn = current_user.conn;
455 ctx_p->vuid = current_user.vuid;
456
457 DEBUG(4, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
458 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
459
460 conn_ctx_stack_ndx++;
461 }
462
463 static void pop_conn_ctx(void)
464 {
465 struct conn_ctx *ctx_p;
466
467 /* Check for stack underflow. */
468
469 if (conn_ctx_stack_ndx == 0) {
470 DEBUG(0, ("Connection context stack underflow!\n"));
471 smb_panic("Connection context stack underflow!\n");
472 }
473
474 conn_ctx_stack_ndx--;
475 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
476
477 current_user.conn = ctx_p->conn;
478 current_user.vuid = ctx_p->vuid;
479
480 ctx_p->conn = NULL;
481 ctx_p->vuid = UID_FIELD_INVALID;
482 }
483
484 /****************************************************************************
485 Temporarily become a root user. Must match with unbecome_root(). Saves and
486 restores the connection context.
487 ****************************************************************************/
488
489 void become_root(void)
490 {
491 /*
492 * no good way to handle push_sec_ctx() failing without changing
493 * the prototype of become_root()
494 */
495 if (!push_sec_ctx()) {
496 smb_panic("become_root: push_sec_ctx failed");
497 }
498 push_conn_ctx();
499 set_root_sec_ctx();
500 }
501
502 /* Unbecome the root user */
503
504 void unbecome_root(void)
505 {
506 pop_sec_ctx();
507 pop_conn_ctx();
508 }
509
510 /****************************************************************************
511 Push the current security context then force a change via change_to_user().
512 Saves and restores the connection context.
513 ****************************************************************************/
514
515 bool become_user(connection_struct *conn, uint16 vuid)
516 {
517 if (!push_sec_ctx())
518 return False;
519
520 push_conn_ctx();
521
522 if (!change_to_user(conn, vuid)) {
523 pop_sec_ctx();
524 pop_conn_ctx();
525 return False;
526 }
527
528 return True;
529 }
530
531 bool become_user_by_session(connection_struct *conn,
532 const struct auth_serversupplied_info *session_info)
533 {
534 if (!push_sec_ctx())
535 return false;
536
537 push_conn_ctx();
538
539 if (!change_to_user_by_session(conn, session_info)) {
540 pop_sec_ctx();
541 pop_conn_ctx();
542 return false;
543 }
544
545 return true;
546 }
547
548 bool unbecome_user(void)
549 {
550 pop_sec_ctx();
551 pop_conn_ctx();
552 return True;
553 }
554
555 /****************************************************************************
556 Return the current user we are running effectively as on this connection.
557 I'd like to make this return conn->session_info->utok.uid, but become_root()
558 doesn't alter this value.
559 ****************************************************************************/
560
561 uid_t get_current_uid(connection_struct *conn)
562 {
563 return current_user.ut.uid;
564 }
565
566 /****************************************************************************
567 Return the current group we are running effectively as on this connection.
568 I'd like to make this return conn->session_info->utok.gid, but become_root()
569 doesn't alter this value.
570 ****************************************************************************/
571
572 gid_t get_current_gid(connection_struct *conn)
573 {
574 return current_user.ut.gid;
575 }
576
577 /****************************************************************************
578 Return the UNIX token we are running effectively as on this connection.
579 I'd like to make this return &conn->session_info->utok, but become_root()
580 doesn't alter this value.
581 ****************************************************************************/
582
583 const struct security_unix_token *get_current_utok(connection_struct *conn)
584 {
585 return &current_user.ut;
586 }
587
588 const struct security_token *get_current_nttok(connection_struct *conn)
589 {
590 return current_user.nt_user_token;
591 }
592
593 uint16_t get_current_vuid(connection_struct *conn)
594 {
595 return current_user.vuid;
596 }
Samba GIT mirror