search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add WITH_SENDFILE profiling data (from Pierre Belanger)
[Samba.git] / source / smbd / uid.c
blobb94fc05875d39eb47f53a320ad5b7db5522ed735
1 /*
2 Unix SMB/Netbios implementation.
3 Version 1.9.
4 uid/user handling
5 Copyright (C) Andrew Tridgell 1992-1998
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23
24 /* what user is current? */
25 extern struct current_user current_user;
26
27 /****************************************************************************
28 Become the guest user without changing the security context stack.
29 ****************************************************************************/
30
31 BOOL change_to_guest(void)
32 {
33 static struct passwd *pass=NULL;
34 static uid_t guest_uid = (uid_t)-1;
35 static gid_t guest_gid = (gid_t)-1;
36 static fstring guest_name;
37
38 if (!pass) {
39 pass = Get_Pwnam(lp_guestaccount(-1),True);
40 if (!pass)
41 return(False);
42 guest_uid = pass->pw_uid;
43 guest_gid = pass->pw_gid;
44 fstrcpy(guest_name, pass->pw_name);
45 }
46
47 #ifdef AIX
48 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
49 setting IDs */
50 initgroups(guest_name, guest_gid);
51 #endif
52
53 set_sec_ctx(guest_uid, guest_gid, 0, NULL, NULL);
54
55 current_user.conn = NULL;
56 current_user.vuid = UID_FIELD_INVALID;
57
58 return True;
59 }
60
61 /*******************************************************************
62 Check if a username is OK.
63 ********************************************************************/
64
65 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
66 {
67 int i;
68 for (i=0;i<conn->uid_cache.entries;i++)
69 if (conn->uid_cache.list[i] == vuser->uid)
70 return(True);
71
72 if (!user_ok(vuser->user.unix_name,snum))
73 return(False);
74
75 i = conn->uid_cache.entries % UID_CACHE_SIZE;
76 conn->uid_cache.list[i] = vuser->uid;
77
78 if (conn->uid_cache.entries < UID_CACHE_SIZE)
79 conn->uid_cache.entries++;
80
81 return(True);
82 }
83
84 /****************************************************************************
85 Become the user of a connection number without changing the security context
86 stack, but modify the currnet_user entries.
87 ****************************************************************************/
88
89 BOOL change_to_user(connection_struct *conn, uint16 vuid)
90 {
91 user_struct *vuser = get_valid_user_struct(vuid);
92 int snum;
93 gid_t gid;
94 uid_t uid;
95 char group_c;
96 BOOL must_free_token = False;
97 NT_USER_TOKEN *token = NULL;
98
99 if (!conn) {
100 DEBUG(2,("change_to_user: Connection not open\n"));
101 return(False);
102 }
103
104 /*
105 * We need a separate check in security=share mode due to vuid
106 * always being UID_FIELD_INVALID. If we don't do this then
107 * in share mode security we are *always* changing uid's between
108 * SMB's - this hurts performance - Badly.
109 */
110
111 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
112 (current_user.uid == conn->uid)) {
113 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
114 return(True);
115 } else if ((current_user.conn == conn) &&
116 (vuser != 0) && (current_user.vuid == vuid) &&
117 (current_user.uid == vuser->uid))
118 {
119 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
120 return True;
121 }
122
123 snum = SNUM(conn);
124
125 if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
126 return False;
127
128 if (conn->force_user ||
129 conn->admin_user ||
130 (lp_security() == SEC_SHARE)) {
131 uid = conn->uid;
132 gid = conn->gid;
133 current_user.groups = conn->groups;
134 current_user.ngroups = conn->ngroups;
135 token = conn->nt_user_token;
136 } else {
137 if (!vuser) {
138 DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid));
139 return(False);
140 }
141 uid = vuser->uid;
142 gid = vuser->gid;
143 current_user.ngroups = vuser->n_groups;
144 current_user.groups = vuser->groups;
145 token = vuser->nt_user_token;
146 }
147
148 /*
149 * See if we should force group for this service.
150 * If so this overrides any group set in the force
151 * user code.
152 */
153
154 if((group_c = *lp_force_group(snum))) {
155 BOOL is_guest = False;
156
157 if(group_c == '+') {
158
159 /*
160 * Only force group if the user is a member of
161 * the service group. Check the group memberships for
162 * this user (we already have this) to
163 * see if we should force the group.
164 */
165
166 int i;
167 for (i = 0; i < current_user.ngroups; i++) {
168 if (current_user.groups[i] == conn->gid) {
169 gid = conn->gid;
170 break;
171 }
172 }
173 } else {
174 gid = conn->gid;
175 }
176
177 /*
178 * We've changed the group list in the token - we must
179 * re-create it.
180 */
181
182 if (vuser && vuser->guest)
183 is_guest = True;
184
185 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest, NULL);
186 must_free_token = True;
187 }
188
189 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
190
191 /*
192 * Free the new token (as set_sec_ctx copies it).
193 */
194
195 if (must_free_token)
196 delete_nt_token(&token);
197
198 current_user.conn = conn;
199 current_user.vuid = vuid;
200
201 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
202 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
203
204 return(True);
205 }
206
207 /****************************************************************************
208 Go back to being root without changing the security context stack,
209 but modify the current_user entries.
210 ****************************************************************************/
211
212 BOOL change_to_root_user(void)
213 {
214 set_root_sec_ctx();
215
216 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
217 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
218
219 current_user.conn = NULL;
220 current_user.vuid = UID_FIELD_INVALID;
221
222 return(True);
223 }
224
225 /****************************************************************************
226 Become the user of an authenticated connected named pipe.
227 When this is called we are currently running as the connection
228 user. Doesn't modify current_user.
229 ****************************************************************************/
230
231 BOOL become_authenticated_pipe_user(pipes_struct *p)
232 {
233 if (!push_sec_ctx())
234 return False;
235
236 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
237 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
238
239 return True;
240 }
241
242 /****************************************************************************
243 Unbecome the user of an authenticated connected named pipe.
244 When this is called we are running as the authenticated pipe
245 user and need to go back to being the connection user. Doesn't modify
246 current_user.
247 ****************************************************************************/
248
249 BOOL unbecome_authenticated_pipe_user(void)
250 {
251 return pop_sec_ctx();
252 }
253
254 /****************************************************************************
255 Utility functions used by become_xxx/unbecome_xxx.
256 ****************************************************************************/
257
258 struct conn_ctx {
259 connection_struct *conn;
260 uint16 vuid;
261 };
262
263 /* A stack of current_user connection contexts. */
264
265 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
266 static int conn_ctx_stack_ndx;
267
268 static void push_conn_ctx(void)
269 {
270 struct conn_ctx *ctx_p;
271
272 /* Check we don't overflow our stack */
273
274 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
275 DEBUG(0, ("Connection context stack overflow!\n"));
276 smb_panic("Connection context stack overflow!\n");
277 }
278
279 /* Store previous user context */
280 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
281
282 ctx_p->conn = current_user.conn;
283 ctx_p->vuid = current_user.vuid;
284
285 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
286 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
287
288 conn_ctx_stack_ndx++;
289 }
290
291 static void pop_conn_ctx(void)
292 {
293 struct conn_ctx *ctx_p;
294
295 /* Check for stack underflow. */
296
297 if (conn_ctx_stack_ndx == 0) {
298 DEBUG(0, ("Connection context stack underflow!\n"));
299 smb_panic("Connection context stack underflow!\n");
300 }
301
302 conn_ctx_stack_ndx--;
303 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
304
305 current_user.conn = ctx_p->conn;
306 current_user.vuid = ctx_p->vuid;
307
308 ctx_p->conn = NULL;
309 ctx_p->vuid = UID_FIELD_INVALID;
310 }
311
312 void init_conn_ctx(void)
313 {
314 int i;
315
316 /* Initialise connection context stack */
317 for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
318 conn_ctx_stack[i].conn = NULL;
319 conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
320 }
321 }
322
323 /****************************************************************************
324 Temporarily become a root user. Must match with unbecome_root(). Saves and
325 restores the connection context.
326 ****************************************************************************/
327
328 void become_root(void)
329 {
330 push_sec_ctx();
331 push_conn_ctx();
332 set_root_sec_ctx();
333 }
334
335 /* Unbecome the root user */
336
337 void unbecome_root(void)
338 {
339 pop_sec_ctx();
340 pop_conn_ctx();
341 }
342
343 /****************************************************************************
344 Push the current security context then force a change via change_to_user().
345 Saves and restores the connection context.
346 ****************************************************************************/
347
348 BOOL become_user(connection_struct *conn, uint16 vuid)
349 {
350 if (!push_sec_ctx())
351 return False;
352
353 push_conn_ctx();
354
355 if (!change_to_user(conn, vuid)) {
356 pop_sec_ctx();
357 pop_conn_ctx();
358 return False;
359 }
360
361 return True;
362 }
363
364 BOOL unbecome_user(void)
365 {
366 pop_sec_ctx();
367 pop_conn_ctx();
368 return True;
369 }
370
371 /*****************************************************************
372 Convert the suplimentary SIDs returned in a netlogon into UNIX
373 group gid_t's. Add to the total group array.
374 *****************************************************************/
375
376 void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
377 {
378 int total_groups;
379 int current_n_groups = *n_groups;
380 gid_t *final_groups = NULL;
381 size_t i;
382 NT_USER_TOKEN *ptok = *pptok;
383 NT_USER_TOKEN *new_tok = NULL;
384
385 if (!ptok || (ptok->num_sids == 0))
386 return;
387
388 new_tok = dup_nt_token(ptok);
389 if (!new_tok) {
390 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
391 return;
392 }
393 /* Leave the allocated space but empty the number of SIDs. */
394 new_tok->num_sids = 0;
395
396 total_groups = current_n_groups + ptok->num_sids;
397
398 final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
399 if (!final_groups) {
400 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
401 delete_nt_token(&new_tok);
402 return;
403 }
404
405 memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
406 for (i = 0; i < ptok->num_sids; i++) {
407 enum SID_NAME_USE sid_type;
408 gid_t new_grp;
409
410 if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
411 /*
412 * Don't add the gid_t if it is already in the current group
413 * list. Some UNIXen don't like the same group more than once.
414 */
415 int j;
416
417 for (j = 0; j < current_n_groups; j++)
418 if (final_groups[j] == new_grp)
419 break;
420
421 if ( j == current_n_groups) {
422 /* Group not already present. */
423 final_groups[current_n_groups++] = new_grp;
424 }
425 } else {
426 /* SID didn't map. Copy to the new token to be saved. */
427 sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
428 }
429 }
430
431 SAFE_FREE(*pp_groups);
432 *pp_groups = final_groups;
433 *n_groups = current_n_groups;
434
435 /* Replace the old token with the truncated one. */
436 delete_nt_token(&ptok);
437 *pptok = new_tok;
438 }
439
440 /*****************************************************************
441 *THE CANONICAL* convert name to SID function.
442 Tries winbind first - then uses local lookup.
443 *****************************************************************/
444
445 BOOL lookup_name(const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
446 {
447 extern pstring global_myname;
448 extern fstring global_myworkgroup;
449 fstring sid;
450 char *sep = lp_winbind_separator();
451
452 *name_type = SID_NAME_UNKNOWN;
453
454 if (!winbind_lookup_name(NULL, name, psid, name_type) || (*name_type != SID_NAME_USER) ) {
455 BOOL ret = False;
456
457 DEBUG(10, ("lookup_name: winbind lookup for %s failed - trying local\n", name));
458
459 /* If we are looking up a domain user, make sure it is
460 for the local machine only */
461
462 if (strchr(name, sep[0]) || strchr(name, '\\')) {
463 fstring domain, username;
464
465 split_domain_name(name, domain, username);
466
467 switch (lp_server_role()) {
468 case ROLE_DOMAIN_PDC:
469 case ROLE_DOMAIN_BDC:
470 if (strequal(domain, global_myworkgroup)) {
471 fstrcpy(domain, global_myname);
472 ret = local_lookup_name(domain, username, psid, name_type);
473 }
474 /* No break is deliberate here. JRA. */
475 default:
476 if (strcasecmp(global_myname, domain) != 0) {
477 DEBUG(5, ("lookup_name: domain %s is not local\n", domain));
478 ret = local_lookup_name(global_myname, username, psid, name_type);
479 }
480 }
481 } else {
482 ret = local_lookup_name(global_myname, name, psid, name_type);
483 }
484
485 if (ret) {
486 DEBUG(10,
487 ("lookup_name: (local) %s -> SID %s (type %u)\n",
488 name, sid_to_string(sid,psid),
489 (unsigned int)*name_type ));
490 } else {
491 DEBUG(10,("lookup name: (local) %s failed.\n", name));
492 }
493
494 return ret;
495 }
496
497 DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
498 name, sid_to_string(sid, psid),
499 (unsigned int)*name_type));
500 return True;
501 }
502
503 /*****************************************************************
504 *THE CANONICAL* convert SID to name function.
505 Tries winbind first - then uses local lookup.
506 *****************************************************************/
507
508 BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
509 {
510 if (!name_type)
511 return False;
512
513 *name_type = SID_NAME_UNKNOWN;
514
515 /* Check if this is our own sid. This should perhaps be done by
516 winbind? For the moment handle it here. */
517
518 if (sid->num_auths == 5) {
519 DOM_SID tmp_sid;
520 uint32 rid;
521
522 sid_copy(&tmp_sid, sid);
523 sid_split_rid(&tmp_sid, &rid);
524
525 if (sid_equal(&global_sam_sid, &tmp_sid)) {
526
527 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
528 local_lookup_rid(rid, name, name_type);
529 }
530 }
531
532 if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
533 fstring sid_str;
534 DOM_SID tmp_sid;
535 uint32 rid;
536
537 DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
538
539 sid_copy(&tmp_sid, sid);
540 sid_split_rid(&tmp_sid, &rid);
541 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
542 lookup_known_rid(&tmp_sid, rid, name, name_type);
543 }
544 return True;
545 }
546
547 /*****************************************************************
548 *THE CANONICAL* convert uid_t to SID function.
549 Tries winbind first - then uses local lookup.
550 Returns SID pointer.
551 *****************************************************************/
552
553 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
554 {
555 uid_t low, high;
556 fstring sid;
557
558 if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
559 if (winbind_uid_to_sid(psid, uid)) {
560
561 DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
562 (unsigned int)uid, sid_to_string(sid, psid)));
563
564 return psid;
565 }
566 }
567
568 local_uid_to_sid(psid, uid);
569
570 DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
571
572 return psid;
573 }
574
575 /*****************************************************************
576 *THE CANONICAL* convert gid_t to SID function.
577 Tries winbind first - then uses local lookup.
578 Returns SID pointer.
579 *****************************************************************/
580
581 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
582 {
583 gid_t low, high;
584 fstring sid;
585
586 if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
587 if (winbind_gid_to_sid(psid, gid)) {
588
589 DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
590 (unsigned int)gid, sid_to_string(sid, psid)));
591
592 return psid;
593 }
594 }
595
596 local_gid_to_sid(psid, gid);
597
598 DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
599
600 return psid;
601 }
602
603 /*****************************************************************
604 *THE CANONICAL* convert SID to uid function.
605 Tries winbind first - then uses local lookup.
606 Returns True if this name is a user sid and the conversion
607 was done correctly, False if not. sidtype is set by this function.
608 *****************************************************************/
609
610 BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
611 {
612 fstring dom_name, name, sid_str;
613 enum SID_NAME_USE name_type;
614
615
616 /* if we know its local then don't try winbindd */
617 if (sid_compare_domain(&global_sam_sid, psid) == 0)
618 return local_sid_to_uid(puid, psid, sidtype);
619
620 *sidtype = SID_NAME_UNKNOWN;
621
622 /*
623 * First we must look up the name and decide if this is a user sid.
624 */
625
626 if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
627 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
628 sid_to_string(sid_str, psid) ));
629
630 return local_sid_to_uid(puid, psid, sidtype);
631 }
632
633 /*
634 * Ensure this is a user sid.
635 */
636
637 if (name_type != SID_NAME_USER) {
638 DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
639 (unsigned int)name_type ));
640 return False;
641 }
642
643 *sidtype = SID_NAME_USER;
644
645 /*
646 * Get the uid for this SID.
647 */
648
649 if (!winbind_sid_to_uid(puid, psid)) {
650 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
651 sid_to_string(sid_str, psid) ));
652 return local_sid_to_uid(puid, psid, sidtype);;
653 }
654
655 DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
656 sid_to_string(sid_str, psid),
657 (unsigned int)*puid ));
658
659 return True;
660 }
661
662 /*****************************************************************
663 *THE CANONICAL* convert SID to gid function.
664 Tries winbind first - then uses local lookup.
665 Returns True if this name is a user sid and the conversion
666 was done correctly, False if not.
667 *****************************************************************/
668
669 BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
670 {
671 fstring dom_name, name, sid_str;
672 enum SID_NAME_USE name_type;
673
674 *sidtype = SID_NAME_UNKNOWN;
675
676 /*
677 * First we must look up the name and decide if this is a group sid.
678 */
679
680 if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
681 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
682 sid_to_string(sid_str, psid) ));
683
684 return local_sid_to_gid(pgid, psid, sidtype);
685 }
686
687 /*
688 * Ensure this is a group sid.
689 */
690
691 if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
692 DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
693 (unsigned int)name_type ));
694
695 return local_sid_to_gid(pgid, psid, sidtype);
696 }
697
698 *sidtype = name_type;
699
700 /*
701 * Get the gid for this SID.
702 */
703
704 if (!winbind_sid_to_gid(pgid, psid)) {
705 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
706 sid_to_string(sid_str, psid) ));
707 return False;
708 }
709
710 DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
711 sid_to_string(sid_str, psid),
712 (unsigned int)*pgid ));
713
714 return True;
715 }
Samba GIT mirror