2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 /* what user is current? */
25 extern struct current_user current_user
;
27 /****************************************************************************
28 Become the guest user without changing the security context stack.
29 ****************************************************************************/
31 BOOL
change_to_guest(void)
33 static struct passwd
*pass
=NULL
;
34 static uid_t guest_uid
= (uid_t
)-1;
35 static gid_t guest_gid
= (gid_t
)-1;
36 static fstring guest_name
;
39 pass
= Get_Pwnam(lp_guestaccount(-1),True
);
42 guest_uid
= pass
->pw_uid
;
43 guest_gid
= pass
->pw_gid
;
44 fstrcpy(guest_name
, pass
->pw_name
);
48 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
50 initgroups(guest_name
, guest_gid
);
53 set_sec_ctx(guest_uid
, guest_gid
, 0, NULL
, NULL
);
55 current_user
.conn
= NULL
;
56 current_user
.vuid
= UID_FIELD_INVALID
;
61 /*******************************************************************
62 Check if a username is OK.
63 ********************************************************************/
65 static BOOL
check_user_ok(connection_struct
*conn
, user_struct
*vuser
,int snum
)
68 for (i
=0;i
<conn
->uid_cache
.entries
;i
++)
69 if (conn
->uid_cache
.list
[i
] == vuser
->uid
)
72 if (!user_ok(vuser
->user
.unix_name
,snum
))
75 i
= conn
->uid_cache
.entries
% UID_CACHE_SIZE
;
76 conn
->uid_cache
.list
[i
] = vuser
->uid
;
78 if (conn
->uid_cache
.entries
< UID_CACHE_SIZE
)
79 conn
->uid_cache
.entries
++;
84 /****************************************************************************
85 Become the user of a connection number without changing the security context
86 stack, but modify the currnet_user entries.
87 ****************************************************************************/
89 BOOL
change_to_user(connection_struct
*conn
, uint16 vuid
)
91 user_struct
*vuser
= get_valid_user_struct(vuid
);
96 BOOL must_free_token
= False
;
97 NT_USER_TOKEN
*token
= NULL
;
100 DEBUG(2,("change_to_user: Connection not open\n"));
105 * We need a separate check in security=share mode due to vuid
106 * always being UID_FIELD_INVALID. If we don't do this then
107 * in share mode security we are *always* changing uid's between
108 * SMB's - this hurts performance - Badly.
111 if((lp_security() == SEC_SHARE
) && (current_user
.conn
== conn
) &&
112 (current_user
.uid
== conn
->uid
)) {
113 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
115 } else if ((current_user
.conn
== conn
) &&
116 (vuser
!= 0) && (current_user
.vuid
== vuid
) &&
117 (current_user
.uid
== vuser
->uid
))
119 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
125 if((vuser
!= NULL
) && !check_user_ok(conn
, vuser
, snum
))
128 if (conn
->force_user
||
130 (lp_security() == SEC_SHARE
)) {
133 current_user
.groups
= conn
->groups
;
134 current_user
.ngroups
= conn
->ngroups
;
135 token
= conn
->nt_user_token
;
138 DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid
));
143 current_user
.ngroups
= vuser
->n_groups
;
144 current_user
.groups
= vuser
->groups
;
145 token
= vuser
->nt_user_token
;
149 * See if we should force group for this service.
150 * If so this overrides any group set in the force
154 if((group_c
= *lp_force_group(snum
))) {
155 BOOL is_guest
= False
;
160 * Only force group if the user is a member of
161 * the service group. Check the group memberships for
162 * this user (we already have this) to
163 * see if we should force the group.
167 for (i
= 0; i
< current_user
.ngroups
; i
++) {
168 if (current_user
.groups
[i
] == conn
->gid
) {
178 * We've changed the group list in the token - we must
182 if (vuser
&& vuser
->guest
)
185 token
= create_nt_token(uid
, gid
, current_user
.ngroups
, current_user
.groups
, is_guest
, NULL
);
186 must_free_token
= True
;
189 set_sec_ctx(uid
, gid
, current_user
.ngroups
, current_user
.groups
, token
);
192 * Free the new token (as set_sec_ctx copies it).
196 delete_nt_token(&token
);
198 current_user
.conn
= conn
;
199 current_user
.vuid
= vuid
;
201 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
202 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
207 /****************************************************************************
208 Go back to being root without changing the security context stack,
209 but modify the current_user entries.
210 ****************************************************************************/
212 BOOL
change_to_root_user(void)
216 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
217 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
219 current_user
.conn
= NULL
;
220 current_user
.vuid
= UID_FIELD_INVALID
;
225 /****************************************************************************
226 Become the user of an authenticated connected named pipe.
227 When this is called we are currently running as the connection
228 user. Doesn't modify current_user.
229 ****************************************************************************/
231 BOOL
become_authenticated_pipe_user(pipes_struct
*p
)
236 set_sec_ctx(p
->pipe_user
.uid
, p
->pipe_user
.gid
,
237 p
->pipe_user
.ngroups
, p
->pipe_user
.groups
, p
->pipe_user
.nt_user_token
);
242 /****************************************************************************
243 Unbecome the user of an authenticated connected named pipe.
244 When this is called we are running as the authenticated pipe
245 user and need to go back to being the connection user. Doesn't modify
247 ****************************************************************************/
249 BOOL
unbecome_authenticated_pipe_user(void)
251 return pop_sec_ctx();
254 /****************************************************************************
255 Utility functions used by become_xxx/unbecome_xxx.
256 ****************************************************************************/
259 connection_struct
*conn
;
263 /* A stack of current_user connection contexts. */
265 static struct conn_ctx conn_ctx_stack
[MAX_SEC_CTX_DEPTH
];
266 static int conn_ctx_stack_ndx
;
268 static void push_conn_ctx(void)
270 struct conn_ctx
*ctx_p
;
272 /* Check we don't overflow our stack */
274 if (conn_ctx_stack_ndx
== MAX_SEC_CTX_DEPTH
) {
275 DEBUG(0, ("Connection context stack overflow!\n"));
276 smb_panic("Connection context stack overflow!\n");
279 /* Store previous user context */
280 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
282 ctx_p
->conn
= current_user
.conn
;
283 ctx_p
->vuid
= current_user
.vuid
;
285 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
286 (unsigned int)ctx_p
->vuid
, conn_ctx_stack_ndx
));
288 conn_ctx_stack_ndx
++;
291 static void pop_conn_ctx(void)
293 struct conn_ctx
*ctx_p
;
295 /* Check for stack underflow. */
297 if (conn_ctx_stack_ndx
== 0) {
298 DEBUG(0, ("Connection context stack underflow!\n"));
299 smb_panic("Connection context stack underflow!\n");
302 conn_ctx_stack_ndx
--;
303 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
305 current_user
.conn
= ctx_p
->conn
;
306 current_user
.vuid
= ctx_p
->vuid
;
309 ctx_p
->vuid
= UID_FIELD_INVALID
;
312 void init_conn_ctx(void)
316 /* Initialise connection context stack */
317 for (i
= 0; i
< MAX_SEC_CTX_DEPTH
; i
++) {
318 conn_ctx_stack
[i
].conn
= NULL
;
319 conn_ctx_stack
[i
].vuid
= UID_FIELD_INVALID
;
323 /****************************************************************************
324 Temporarily become a root user. Must match with unbecome_root(). Saves and
325 restores the connection context.
326 ****************************************************************************/
328 void become_root(void)
335 /* Unbecome the root user */
337 void unbecome_root(void)
343 /****************************************************************************
344 Push the current security context then force a change via change_to_user().
345 Saves and restores the connection context.
346 ****************************************************************************/
348 BOOL
become_user(connection_struct
*conn
, uint16 vuid
)
355 if (!change_to_user(conn
, vuid
)) {
364 BOOL
unbecome_user(void)
371 /*****************************************************************
372 Convert the suplimentary SIDs returned in a netlogon into UNIX
373 group gid_t's. Add to the total group array.
374 *****************************************************************/
376 void add_supplementary_nt_login_groups(int *n_groups
, gid_t
**pp_groups
, NT_USER_TOKEN
**pptok
)
379 int current_n_groups
= *n_groups
;
380 gid_t
*final_groups
= NULL
;
382 NT_USER_TOKEN
*ptok
= *pptok
;
383 NT_USER_TOKEN
*new_tok
= NULL
;
385 if (!ptok
|| (ptok
->num_sids
== 0))
388 new_tok
= dup_nt_token(ptok
);
390 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
393 /* Leave the allocated space but empty the number of SIDs. */
394 new_tok
->num_sids
= 0;
396 total_groups
= current_n_groups
+ ptok
->num_sids
;
398 final_groups
= (gid_t
*)malloc(total_groups
* sizeof(gid_t
));
400 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
401 delete_nt_token(&new_tok
);
405 memcpy(final_groups
, *pp_groups
, current_n_groups
* sizeof(gid_t
));
406 for (i
= 0; i
< ptok
->num_sids
; i
++) {
407 enum SID_NAME_USE sid_type
;
410 if (sid_to_gid(&ptok
->user_sids
[i
], &new_grp
, &sid_type
)) {
412 * Don't add the gid_t if it is already in the current group
413 * list. Some UNIXen don't like the same group more than once.
417 for (j
= 0; j
< current_n_groups
; j
++)
418 if (final_groups
[j
] == new_grp
)
421 if ( j
== current_n_groups
) {
422 /* Group not already present. */
423 final_groups
[current_n_groups
++] = new_grp
;
426 /* SID didn't map. Copy to the new token to be saved. */
427 sid_copy(&new_tok
->user_sids
[new_tok
->num_sids
++], &ptok
->user_sids
[i
]);
431 SAFE_FREE(*pp_groups
);
432 *pp_groups
= final_groups
;
433 *n_groups
= current_n_groups
;
435 /* Replace the old token with the truncated one. */
436 delete_nt_token(&ptok
);
440 /*****************************************************************
441 *THE CANONICAL* convert name to SID function.
442 Tries winbind first - then uses local lookup.
443 *****************************************************************/
445 BOOL
lookup_name(const char *name
, DOM_SID
*psid
, enum SID_NAME_USE
*name_type
)
447 extern pstring global_myname
;
448 extern fstring global_myworkgroup
;
450 char *sep
= lp_winbind_separator();
452 *name_type
= SID_NAME_UNKNOWN
;
454 if (!winbind_lookup_name(NULL
, name
, psid
, name_type
) || (*name_type
!= SID_NAME_USER
) ) {
457 DEBUG(10, ("lookup_name: winbind lookup for %s failed - trying local\n", name
));
459 /* If we are looking up a domain user, make sure it is
460 for the local machine only */
462 if (strchr(name
, sep
[0]) || strchr(name
, '\\')) {
463 fstring domain
, username
;
465 split_domain_name(name
, domain
, username
);
467 switch (lp_server_role()) {
468 case ROLE_DOMAIN_PDC
:
469 case ROLE_DOMAIN_BDC
:
470 if (strequal(domain
, global_myworkgroup
)) {
471 fstrcpy(domain
, global_myname
);
472 ret
= local_lookup_name(domain
, username
, psid
, name_type
);
474 /* No break is deliberate here. JRA. */
476 if (strcasecmp(global_myname
, domain
) != 0) {
477 DEBUG(5, ("lookup_name: domain %s is not local\n", domain
));
478 ret
= local_lookup_name(global_myname
, username
, psid
, name_type
);
482 ret
= local_lookup_name(global_myname
, name
, psid
, name_type
);
487 ("lookup_name: (local) %s -> SID %s (type %u)\n",
488 name
, sid_to_string(sid
,psid
),
489 (unsigned int)*name_type
));
491 DEBUG(10,("lookup name: (local) %s failed.\n", name
));
497 DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
498 name
, sid_to_string(sid
, psid
),
499 (unsigned int)*name_type
));
503 /*****************************************************************
504 *THE CANONICAL* convert SID to name function.
505 Tries winbind first - then uses local lookup.
506 *****************************************************************/
508 BOOL
lookup_sid(DOM_SID
*sid
, fstring dom_name
, fstring name
, enum SID_NAME_USE
*name_type
)
513 *name_type
= SID_NAME_UNKNOWN
;
515 /* Check if this is our own sid. This should perhaps be done by
516 winbind? For the moment handle it here. */
518 if (sid
->num_auths
== 5) {
522 sid_copy(&tmp_sid
, sid
);
523 sid_split_rid(&tmp_sid
, &rid
);
525 if (sid_equal(&global_sam_sid
, &tmp_sid
)) {
527 return map_domain_sid_to_name(&tmp_sid
, dom_name
) &&
528 local_lookup_rid(rid
, name
, name_type
);
532 if (!winbind_lookup_sid(sid
, dom_name
, name
, name_type
)) {
537 DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str
, sid
) ));
539 sid_copy(&tmp_sid
, sid
);
540 sid_split_rid(&tmp_sid
, &rid
);
541 return map_domain_sid_to_name(&tmp_sid
, dom_name
) &&
542 lookup_known_rid(&tmp_sid
, rid
, name
, name_type
);
547 /*****************************************************************
548 *THE CANONICAL* convert uid_t to SID function.
549 Tries winbind first - then uses local lookup.
551 *****************************************************************/
553 DOM_SID
*uid_to_sid(DOM_SID
*psid
, uid_t uid
)
558 if (lp_winbind_uid(&low
, &high
) && uid
>= low
&& uid
<= high
) {
559 if (winbind_uid_to_sid(psid
, uid
)) {
561 DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
562 (unsigned int)uid
, sid_to_string(sid
, psid
)));
568 local_uid_to_sid(psid
, uid
);
570 DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid
, sid_to_string(sid
, psid
)));
575 /*****************************************************************
576 *THE CANONICAL* convert gid_t to SID function.
577 Tries winbind first - then uses local lookup.
579 *****************************************************************/
581 DOM_SID
*gid_to_sid(DOM_SID
*psid
, gid_t gid
)
586 if (lp_winbind_gid(&low
, &high
) && gid
>= low
&& gid
<= high
) {
587 if (winbind_gid_to_sid(psid
, gid
)) {
589 DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
590 (unsigned int)gid
, sid_to_string(sid
, psid
)));
596 local_gid_to_sid(psid
, gid
);
598 DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid
, sid_to_string(sid
, psid
)));
603 /*****************************************************************
604 *THE CANONICAL* convert SID to uid function.
605 Tries winbind first - then uses local lookup.
606 Returns True if this name is a user sid and the conversion
607 was done correctly, False if not. sidtype is set by this function.
608 *****************************************************************/
610 BOOL
sid_to_uid(DOM_SID
*psid
, uid_t
*puid
, enum SID_NAME_USE
*sidtype
)
612 fstring dom_name
, name
, sid_str
;
613 enum SID_NAME_USE name_type
;
616 /* if we know its local then don't try winbindd */
617 if (sid_compare_domain(&global_sam_sid
, psid
) == 0)
618 return local_sid_to_uid(puid
, psid
, sidtype
);
620 *sidtype
= SID_NAME_UNKNOWN
;
623 * First we must look up the name and decide if this is a user sid.
626 if ( (!winbind_lookup_sid(psid
, dom_name
, name
, &name_type
)) || (name_type
!= SID_NAME_USER
) ) {
627 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
628 sid_to_string(sid_str
, psid
) ));
630 return local_sid_to_uid(puid
, psid
, sidtype
);
634 * Ensure this is a user sid.
637 if (name_type
!= SID_NAME_USER
) {
638 DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
639 (unsigned int)name_type
));
643 *sidtype
= SID_NAME_USER
;
646 * Get the uid for this SID.
649 if (!winbind_sid_to_uid(puid
, psid
)) {
650 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
651 sid_to_string(sid_str
, psid
) ));
652 return local_sid_to_uid(puid
, psid
, sidtype
);;
655 DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
656 sid_to_string(sid_str
, psid
),
657 (unsigned int)*puid
));
662 /*****************************************************************
663 *THE CANONICAL* convert SID to gid function.
664 Tries winbind first - then uses local lookup.
665 Returns True if this name is a user sid and the conversion
666 was done correctly, False if not.
667 *****************************************************************/
669 BOOL
sid_to_gid(DOM_SID
*psid
, gid_t
*pgid
, enum SID_NAME_USE
*sidtype
)
671 fstring dom_name
, name
, sid_str
;
672 enum SID_NAME_USE name_type
;
674 *sidtype
= SID_NAME_UNKNOWN
;
677 * First we must look up the name and decide if this is a group sid.
680 if (!winbind_lookup_sid(psid
, dom_name
, name
, &name_type
)) {
681 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
682 sid_to_string(sid_str
, psid
) ));
684 return local_sid_to_gid(pgid
, psid
, sidtype
);
688 * Ensure this is a group sid.
691 if ((name_type
!= SID_NAME_DOM_GRP
) && (name_type
!= SID_NAME_ALIAS
) && (name_type
!= SID_NAME_WKN_GRP
)) {
692 DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
693 (unsigned int)name_type
));
695 return local_sid_to_gid(pgid
, psid
, sidtype
);
698 *sidtype
= name_type
;
701 * Get the gid for this SID.
704 if (!winbind_sid_to_gid(pgid
, psid
)) {
705 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
706 sid_to_string(sid_str
, psid
) ));
710 DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
711 sid_to_string(sid_str
, psid
),
712 (unsigned int)*pgid
));