search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move create_share_access_mask() from smbd/service.c to smbd/uid.c
[Samba.git] / source3 / smbd / uid.c
bloba3d4f08cd7583ed5512cff7340c6e4555d7c5f80
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28
29 /* what user is current? */
30 extern struct current_user current_user;
31
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
35
36 bool change_to_guest(void)
37 {
38 struct passwd *pass;
39
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
41 if (!pass) {
42 return false;
43 }
44
45 #ifdef AIX
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
47 setting IDs */
48 initgroups(pass->pw_name, pass->pw_gid);
49 #endif
50
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
52
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
55
56 TALLOC_FREE(pass);
57
58 return true;
59 }
60
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
64
65 static void free_conn_session_info_if_unused(connection_struct *conn)
66 {
67 unsigned int i;
68
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache.array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
74 return;
75 }
76 }
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
79 }
80
81 /****************************************************************************
82 Setup the share access mask for a connection.
83 ****************************************************************************/
84
85 static uint32_t create_share_access_mask(int snum,
86 bool readonly_share,
87 const struct security_token *token)
88 {
89 uint32_t share_access = 0;
90
91 share_access_check(token,
92 lp_servicename(talloc_tos(), snum),
93 MAXIMUM_ALLOWED_ACCESS,
94 &share_access);
95
96 if (readonly_share) {
97 share_access &=
98 ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
99 SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
100 SEC_DIR_DELETE_CHILD );
101 }
102
103 if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
104 share_access |= SEC_FLAG_SYSTEM_SECURITY;
105 }
106 if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
107 share_access |= (SEC_RIGHTS_PRIV_RESTORE);
108 }
109 if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
110 share_access |= (SEC_RIGHTS_PRIV_BACKUP);
111 }
112 if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
113 share_access |= (SEC_STD_WRITE_OWNER);
114 }
115
116 return share_access;
117 }
118
119 /*******************************************************************
120 Calculate access mask and if this user can access this share.
121 ********************************************************************/
122
123 NTSTATUS check_user_share_access(connection_struct *conn,
124 const struct auth_session_info *session_info,
125 uint32_t *p_share_access,
126 bool *p_readonly_share)
127 {
128 int snum = SNUM(conn);
129 uint32_t share_access = 0;
130 bool readonly_share = false;
131
132 if (!user_ok_token(session_info->unix_info->unix_name,
133 session_info->info->domain_name,
134 session_info->security_token, snum))
135 return NT_STATUS_ACCESS_DENIED;
136
137 readonly_share = is_share_read_only_for_token(
138 session_info->unix_info->unix_name,
139 session_info->info->domain_name,
140 session_info->security_token,
141 conn);
142
143 share_access = create_share_access_mask(snum,
144 readonly_share,
145 session_info->security_token);
146
147 if ((share_access & FILE_WRITE_DATA) == 0) {
148 if ((share_access & FILE_READ_DATA) == 0) {
149 /* No access, read or write. */
150 DEBUG(0,("user %s connection to %s "
151 "denied due to share security "
152 "descriptor.\n",
153 session_info->unix_info->unix_name,
154 lp_servicename(talloc_tos(), snum)));
155 return NT_STATUS_ACCESS_DENIED;
156 }
157 }
158
159 if (!readonly_share &&
160 !(share_access & FILE_WRITE_DATA)) {
161 /* smb.conf allows r/w, but the security descriptor denies
162 * write. Fall back to looking at readonly. */
163 readonly_share = True;
164 DEBUG(5,("falling back to read-only access-evaluation due to "
165 "security descriptor\n"));
166 }
167
168 *p_share_access = share_access;
169 *p_readonly_share = readonly_share;
170
171 return NT_STATUS_OK;
172 }
173
174 /*******************************************************************
175 Check if a username is OK.
176
177 This sets up conn->session_info with a copy related to this vuser that
178 later code can then mess with.
179 ********************************************************************/
180
181 static bool check_user_ok(connection_struct *conn,
182 uint64_t vuid,
183 const struct auth_session_info *session_info,
184 int snum)
185 {
186 unsigned int i;
187 bool readonly_share = false;
188 bool admin_user = false;
189 struct vuid_cache_entry *ent = NULL;
190 uint32_t share_access = 0;
191 unsigned int share_array_index;
192 NTSTATUS status;
193
194 for (i=0; i<VUID_CACHE_SIZE; i++) {
195 ent = &conn->vuid_cache.array[i];
196 if (ent->vuid == vuid) {
197 free_conn_session_info_if_unused(conn);
198 conn->session_info = ent->session_info;
199 conn->read_only = ent->read_only;
200 conn->share_access = get_connection_share_access_list_entry(
201 conn,
202 i);
203 return(True);
204 }
205 }
206
207 status = check_user_share_access(conn,
208 session_info,
209 &share_access,
210 &readonly_share);
211 if (!NT_STATUS_IS_OK(status)) {
212 return false;
213 }
214
215
216 admin_user = token_contains_name_in_list(
217 session_info->unix_info->unix_name,
218 session_info->info->domain_name,
219 NULL, session_info->security_token, lp_admin_users(snum));
220
221 share_array_index = conn->vuid_cache.next_entry;
222 ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry];
223
224 conn->vuid_cache.next_entry =
225 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
226
227 TALLOC_FREE(ent->session_info);
228
229 /*
230 * If force_user was set, all session_info's are based on the same
231 * username-based faked one.
232 */
233
234 ent->session_info = copy_session_info(
235 conn, conn->force_user ? conn->session_info : session_info);
236
237 if (ent->session_info == NULL) {
238 ent->vuid = UID_FIELD_INVALID;
239 return false;
240 }
241
242 ent->vuid = vuid;
243 ent->read_only = readonly_share;
244 set_connection_share_access_list_entry(conn,
245 share_array_index,
246 share_access);
247 free_conn_session_info_if_unused(conn);
248 conn->session_info = ent->session_info;
249
250 conn->read_only = readonly_share;
251 conn->share_access = share_access;
252
253 if (admin_user) {
254 DEBUG(2,("check_user_ok: user %s is an admin user. "
255 "Setting uid as %d\n",
256 conn->session_info->unix_info->unix_name,
257 sec_initial_uid() ));
258 conn->session_info->unix_token->uid = sec_initial_uid();
259 }
260
261 return(True);
262 }
263
264 /****************************************************************************
265 Become the user of a connection number without changing the security context
266 stack, but modify the current_user entries.
267 ****************************************************************************/
268
269 static bool change_to_user_internal(connection_struct *conn,
270 const struct auth_session_info *session_info,
271 uint64_t vuid)
272 {
273 int snum;
274 gid_t gid;
275 uid_t uid;
276 char group_c;
277 int num_groups = 0;
278 gid_t *group_list = NULL;
279 bool ok;
280
281 snum = SNUM(conn);
282
283 ok = check_user_ok(conn, vuid, session_info, snum);
284 if (!ok) {
285 DEBUG(2,("SMB user %s (unix user %s) "
286 "not permitted access to share %s.\n",
287 session_info->unix_info->sanitized_username,
288 session_info->unix_info->unix_name,
289 lp_servicename(talloc_tos(), snum)));
290 return false;
291 }
292
293 uid = conn->session_info->unix_token->uid;
294 gid = conn->session_info->unix_token->gid;
295 num_groups = conn->session_info->unix_token->ngroups;
296 group_list = conn->session_info->unix_token->groups;
297
298 /*
299 * See if we should force group for this service. If so this overrides
300 * any group set in the force user code.
301 */
302 if((group_c = *lp_force_group(talloc_tos(), snum))) {
303
304 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
305
306 if (group_c == '+') {
307 int i;
308
309 /*
310 * Only force group if the user is a member of the
311 * service group. Check the group memberships for this
312 * user (we already have this) to see if we should force
313 * the group.
314 */
315 for (i = 0; i < num_groups; i++) {
316 if (group_list[i] == conn->force_group_gid) {
317 conn->session_info->unix_token->gid =
318 conn->force_group_gid;
319 gid = conn->force_group_gid;
320 gid_to_sid(&conn->session_info->security_token
321 ->sids[1], gid);
322 break;
323 }
324 }
325 } else {
326 conn->session_info->unix_token->gid = conn->force_group_gid;
327 gid = conn->force_group_gid;
328 gid_to_sid(&conn->session_info->security_token->sids[1],
329 gid);
330 }
331 }
332
333 /*Set current_user since we will immediately also call set_sec_ctx() */
334 current_user.ut.ngroups = num_groups;
335 current_user.ut.groups = group_list;
336
337 set_sec_ctx(uid,
338 gid,
339 current_user.ut.ngroups,
340 current_user.ut.groups,
341 conn->session_info->security_token);
342
343 current_user.conn = conn;
344 current_user.vuid = vuid;
345
346 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
347 (int)getuid(),
348 (int)geteuid(),
349 (int)getgid(),
350 (int)getegid()));
351
352 return true;
353 }
354
355 bool change_to_user(connection_struct *conn, uint64_t vuid)
356 {
357 struct user_struct *vuser;
358 int snum = SNUM(conn);
359
360 if (!conn) {
361 DEBUG(2,("Connection not open\n"));
362 return(False);
363 }
364
365 vuser = get_valid_user_struct(conn->sconn, vuid);
366
367 if ((current_user.conn == conn) &&
368 (vuser != NULL) && (current_user.vuid == vuid) &&
369 (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
370 DEBUG(4,("Skipping user change - already "
371 "user\n"));
372 return(True);
373 }
374
375 if (vuser == NULL) {
376 /* Invalid vuid sent */
377 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
378 (unsigned long long)vuid, lp_servicename(talloc_tos(),
379 snum)));
380 return false;
381 }
382
383 return change_to_user_internal(conn, vuser->session_info, vuid);
384 }
385
386 static bool change_to_user_by_session(connection_struct *conn,
387 const struct auth_session_info *session_info)
388 {
389 SMB_ASSERT(conn != NULL);
390 SMB_ASSERT(session_info != NULL);
391
392 if ((current_user.conn == conn) &&
393 (current_user.ut.uid == session_info->unix_token->uid)) {
394 DEBUG(7, ("Skipping user change - already user\n"));
395
396 return true;
397 }
398
399 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
400 }
401
402 /****************************************************************************
403 Go back to being root without changing the security context stack,
404 but modify the current_user entries.
405 ****************************************************************************/
406
407 bool smbd_change_to_root_user(void)
408 {
409 set_root_sec_ctx();
410
411 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
412 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
413
414 current_user.conn = NULL;
415 current_user.vuid = UID_FIELD_INVALID;
416
417 return(True);
418 }
419
420 /****************************************************************************
421 Become the user of an authenticated connected named pipe.
422 When this is called we are currently running as the connection
423 user. Doesn't modify current_user.
424 ****************************************************************************/
425
426 bool become_authenticated_pipe_user(struct auth_session_info *session_info)
427 {
428 if (!push_sec_ctx())
429 return False;
430
431 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
432 session_info->unix_token->ngroups, session_info->unix_token->groups,
433 session_info->security_token);
434
435 return True;
436 }
437
438 /****************************************************************************
439 Unbecome the user of an authenticated connected named pipe.
440 When this is called we are running as the authenticated pipe
441 user and need to go back to being the connection user. Doesn't modify
442 current_user.
443 ****************************************************************************/
444
445 bool unbecome_authenticated_pipe_user(void)
446 {
447 return pop_sec_ctx();
448 }
449
450 /****************************************************************************
451 Utility functions used by become_xxx/unbecome_xxx.
452 ****************************************************************************/
453
454 static void push_conn_ctx(void)
455 {
456 struct conn_ctx *ctx_p;
457
458 /* Check we don't overflow our stack */
459
460 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
461 DEBUG(0, ("Connection context stack overflow!\n"));
462 smb_panic("Connection context stack overflow!\n");
463 }
464
465 /* Store previous user context */
466 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
467
468 ctx_p->conn = current_user.conn;
469 ctx_p->vuid = current_user.vuid;
470
471 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
472 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
473
474 conn_ctx_stack_ndx++;
475 }
476
477 static void pop_conn_ctx(void)
478 {
479 struct conn_ctx *ctx_p;
480
481 /* Check for stack underflow. */
482
483 if (conn_ctx_stack_ndx == 0) {
484 DEBUG(0, ("Connection context stack underflow!\n"));
485 smb_panic("Connection context stack underflow!\n");
486 }
487
488 conn_ctx_stack_ndx--;
489 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
490
491 current_user.conn = ctx_p->conn;
492 current_user.vuid = ctx_p->vuid;
493
494 ctx_p->conn = NULL;
495 ctx_p->vuid = UID_FIELD_INVALID;
496 }
497
498 /****************************************************************************
499 Temporarily become a root user. Must match with unbecome_root(). Saves and
500 restores the connection context.
501 ****************************************************************************/
502
503 void smbd_become_root(void)
504 {
505 /*
506 * no good way to handle push_sec_ctx() failing without changing
507 * the prototype of become_root()
508 */
509 if (!push_sec_ctx()) {
510 smb_panic("become_root: push_sec_ctx failed");
511 }
512 push_conn_ctx();
513 set_root_sec_ctx();
514 }
515
516 /* Unbecome the root user */
517
518 void smbd_unbecome_root(void)
519 {
520 pop_sec_ctx();
521 pop_conn_ctx();
522 }
523
524 /****************************************************************************
525 Push the current security context then force a change via change_to_user().
526 Saves and restores the connection context.
527 ****************************************************************************/
528
529 bool become_user(connection_struct *conn, uint64_t vuid)
530 {
531 if (!push_sec_ctx())
532 return False;
533
534 push_conn_ctx();
535
536 if (!change_to_user(conn, vuid)) {
537 pop_sec_ctx();
538 pop_conn_ctx();
539 return False;
540 }
541
542 return True;
543 }
544
545 bool become_user_by_session(connection_struct *conn,
546 const struct auth_session_info *session_info)
547 {
548 if (!push_sec_ctx())
549 return false;
550
551 push_conn_ctx();
552
553 if (!change_to_user_by_session(conn, session_info)) {
554 pop_sec_ctx();
555 pop_conn_ctx();
556 return false;
557 }
558
559 return true;
560 }
561
562 bool unbecome_user(void)
563 {
564 pop_sec_ctx();
565 pop_conn_ctx();
566 return True;
567 }
568
569 /****************************************************************************
570 Return the current user we are running effectively as on this connection.
571 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
572 doesn't alter this value.
573 ****************************************************************************/
574
575 uid_t get_current_uid(connection_struct *conn)
576 {
577 return current_user.ut.uid;
578 }
579
580 /****************************************************************************
581 Return the current group we are running effectively as on this connection.
582 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
583 doesn't alter this value.
584 ****************************************************************************/
585
586 gid_t get_current_gid(connection_struct *conn)
587 {
588 return current_user.ut.gid;
589 }
590
591 /****************************************************************************
592 Return the UNIX token we are running effectively as on this connection.
593 I'd like to make this return &conn->session_info->unix_token-> but become_root()
594 doesn't alter this value.
595 ****************************************************************************/
596
597 const struct security_unix_token *get_current_utok(connection_struct *conn)
598 {
599 return &current_user.ut;
600 }
601
602 /****************************************************************************
603 Return the Windows token we are running effectively as on this connection.
604 If this is currently a NULL token as we're inside become_root() - a temporary
605 UNIX security override, then we search up the stack for the previous active
606 token.
607 ****************************************************************************/
608
609 const struct security_token *get_current_nttok(connection_struct *conn)
610 {
611 if (current_user.nt_user_token) {
612 return current_user.nt_user_token;
613 }
614 return sec_ctx_active_token();
615 }
616
617 uint64_t get_current_vuid(connection_struct *conn)
618 {
619 return current_user.vuid;
620 }
Samba GIT mirror