search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fairly large change to printing code.
[Samba.git] / source / smbd / uid.c
blobc0bacf8f9105cd753dbe274120d473a6c51cf35f
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22
23 /* what user is current? */
24 extern struct current_user current_user;
25
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
29
30 BOOL change_to_guest(void)
31 {
32 static struct passwd *pass=NULL;
33
34 if (!pass) {
35 /* Don't need to free() this as its stored in a static */
36 pass = getpwnam_alloc(lp_guestaccount());
37 if (!pass)
38 return(False);
39 }
40
41 #ifdef AIX
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
43 setting IDs */
44 initgroups(pass->pw_name, pass->pw_gid);
45 #endif
46
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
48
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
51
52 return True;
53 }
54
55 /*******************************************************************
56 Check if a username is OK.
57 ********************************************************************/
58
59 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
60 {
61 int i;
62 for (i=0;i<conn->uid_cache.entries;i++)
63 if (conn->uid_cache.list[i] == vuser->uid)
64 return(True);
65
66 if (!user_ok(vuser->user.unix_name,snum))
67 return(False);
68
69 i = conn->uid_cache.entries % UID_CACHE_SIZE;
70 conn->uid_cache.list[i] = vuser->uid;
71
72 if (conn->uid_cache.entries < UID_CACHE_SIZE)
73 conn->uid_cache.entries++;
74
75 return(True);
76 }
77
78 /****************************************************************************
79 Become the user of a connection number without changing the security context
80 stack, but modify the currnet_user entries.
81 ****************************************************************************/
82
83 BOOL change_to_user(connection_struct *conn, uint16 vuid)
84 {
85 user_struct *vuser = get_valid_user_struct(vuid);
86 int snum;
87 gid_t gid;
88 uid_t uid;
89 char group_c;
90 BOOL must_free_token = False;
91 NT_USER_TOKEN *token = NULL;
92
93 if (!conn) {
94 DEBUG(2,("change_to_user: Connection not open\n"));
95 return(False);
96 }
97
98 /*
99 * We need a separate check in security=share mode due to vuid
100 * always being UID_FIELD_INVALID. If we don't do this then
101 * in share mode security we are *always* changing uid's between
102 * SMB's - this hurts performance - Badly.
103 */
104
105 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
106 (current_user.uid == conn->uid)) {
107 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
108 return(True);
109 } else if ((current_user.conn == conn) &&
110 (vuser != 0) && (current_user.vuid == vuid) &&
111 (current_user.uid == vuser->uid)) {
112 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
113 return(True);
114 }
115
116 snum = SNUM(conn);
117
118 if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
119 return False;
120
121 if (conn->force_user ||
122 conn->admin_user ||
123 (lp_security() == SEC_SHARE)) {
124 uid = conn->uid;
125 gid = conn->gid;
126 current_user.groups = conn->groups;
127 current_user.ngroups = conn->ngroups;
128 token = conn->nt_user_token;
129 } else {
130 if (!vuser) {
131 DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid));
132 return(False);
133 }
134 uid = vuser->uid;
135 gid = vuser->gid;
136 current_user.ngroups = vuser->n_groups;
137 current_user.groups = vuser->groups;
138 token = vuser->nt_user_token;
139 }
140
141 /*
142 * See if we should force group for this service.
143 * If so this overrides any group set in the force
144 * user code.
145 */
146
147 if((group_c = *lp_force_group(snum))) {
148 BOOL is_guest = False;
149
150 if(group_c == '+') {
151
152 /*
153 * Only force group if the user is a member of
154 * the service group. Check the group memberships for
155 * this user (we already have this) to
156 * see if we should force the group.
157 */
158
159 int i;
160 for (i = 0; i < current_user.ngroups; i++) {
161 if (current_user.groups[i] == conn->gid) {
162 gid = conn->gid;
163 break;
164 }
165 }
166 } else {
167 gid = conn->gid;
168 }
169
170 /*
171 * We've changed the group list in the token - we must
172 * re-create it.
173 */
174
175 if (vuser && vuser->guest)
176 is_guest = True;
177
178 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest, NULL);
179 must_free_token = True;
180 }
181
182 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
183
184 /*
185 * Free the new token (as set_sec_ctx copies it).
186 */
187
188 if (must_free_token)
189 delete_nt_token(&token);
190
191 current_user.conn = conn;
192 current_user.vuid = vuid;
193
194 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
195 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
196
197 return(True);
198 }
199
200 /****************************************************************************
201 Go back to being root without changing the security context stack,
202 but modify the current_user entries.
203 ****************************************************************************/
204
205 BOOL change_to_root_user(void)
206 {
207 set_root_sec_ctx();
208
209 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
210 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
211
212 current_user.conn = NULL;
213 current_user.vuid = UID_FIELD_INVALID;
214
215 return(True);
216 }
217
218 /****************************************************************************
219 Become the user of an authenticated connected named pipe.
220 When this is called we are currently running as the connection
221 user. Doesn't modify current_user.
222 ****************************************************************************/
223
224 BOOL become_authenticated_pipe_user(pipes_struct *p)
225 {
226 if (!push_sec_ctx())
227 return False;
228
229 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
230 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
231
232 return True;
233 }
234
235 /****************************************************************************
236 Unbecome the user of an authenticated connected named pipe.
237 When this is called we are running as the authenticated pipe
238 user and need to go back to being the connection user. Doesn't modify
239 current_user.
240 ****************************************************************************/
241
242 BOOL unbecome_authenticated_pipe_user(void)
243 {
244 return pop_sec_ctx();
245 }
246
247 /****************************************************************************
248 Utility functions used by become_xxx/unbecome_xxx.
249 ****************************************************************************/
250
251 struct conn_ctx {
252 connection_struct *conn;
253 uint16 vuid;
254 };
255
256 /* A stack of current_user connection contexts. */
257
258 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
259 static int conn_ctx_stack_ndx;
260
261 static void push_conn_ctx(void)
262 {
263 struct conn_ctx *ctx_p;
264
265 /* Check we don't overflow our stack */
266
267 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
268 DEBUG(0, ("Connection context stack overflow!\n"));
269 smb_panic("Connection context stack overflow!\n");
270 }
271
272 /* Store previous user context */
273 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
274
275 ctx_p->conn = current_user.conn;
276 ctx_p->vuid = current_user.vuid;
277
278 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
279 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
280
281 conn_ctx_stack_ndx++;
282 }
283
284 static void pop_conn_ctx(void)
285 {
286 struct conn_ctx *ctx_p;
287
288 /* Check for stack underflow. */
289
290 if (conn_ctx_stack_ndx == 0) {
291 DEBUG(0, ("Connection context stack underflow!\n"));
292 smb_panic("Connection context stack underflow!\n");
293 }
294
295 conn_ctx_stack_ndx--;
296 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
297
298 current_user.conn = ctx_p->conn;
299 current_user.vuid = ctx_p->vuid;
300
301 ctx_p->conn = NULL;
302 ctx_p->vuid = UID_FIELD_INVALID;
303 }
304
305 void init_conn_ctx(void)
306 {
307 int i;
308
309 /* Initialise connection context stack */
310 for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
311 conn_ctx_stack[i].conn = NULL;
312 conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
313 }
314 }
315
316 /****************************************************************************
317 Temporarily become a root user. Must match with unbecome_root(). Saves and
318 restores the connection context.
319 ****************************************************************************/
320
321 void become_root(void)
322 {
323 push_sec_ctx();
324 push_conn_ctx();
325 set_root_sec_ctx();
326 }
327
328 /* Unbecome the root user */
329
330 void unbecome_root(void)
331 {
332 pop_sec_ctx();
333 pop_conn_ctx();
334 }
335
336 /****************************************************************************
337 Push the current security context then force a change via change_to_user().
338 Saves and restores the connection context.
339 ****************************************************************************/
340
341 BOOL become_user(connection_struct *conn, uint16 vuid)
342 {
343 if (!push_sec_ctx())
344 return False;
345
346 push_conn_ctx();
347
348 if (!change_to_user(conn, vuid)) {
349 pop_sec_ctx();
350 pop_conn_ctx();
351 return False;
352 }
353
354 return True;
355 }
356
357 BOOL unbecome_user(void)
358 {
359 pop_sec_ctx();
360 pop_conn_ctx();
361 return True;
362 }
363
364 /*****************************************************************
365 Convert the suplimentary SIDs returned in a netlogon into UNIX
366 group gid_t's. Add to the total group array.
367 *****************************************************************/
368
369 void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
370 {
371 int total_groups;
372 int current_n_groups = *n_groups;
373 gid_t *final_groups = NULL;
374 size_t i;
375 NT_USER_TOKEN *ptok = *pptok;
376 NT_USER_TOKEN *new_tok = NULL;
377
378 if (!ptok || (ptok->num_sids == 0))
379 return;
380
381 new_tok = dup_nt_token(ptok);
382 if (!new_tok) {
383 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
384 return;
385 }
386 /* Leave the allocated space but empty the number of SIDs. */
387 new_tok->num_sids = 0;
388
389 total_groups = current_n_groups + ptok->num_sids;
390
391 final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
392 if (!final_groups) {
393 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
394 delete_nt_token(&new_tok);
395 return;
396 }
397
398 memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
399 for (i = 0; i < ptok->num_sids; i++) {
400 enum SID_NAME_USE sid_type;
401 gid_t new_grp;
402
403 if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
404 /*
405 * Don't add the gid_t if it is already in the current group
406 * list. Some UNIXen don't like the same group more than once.
407 */
408 int j;
409
410 for (j = 0; j < current_n_groups; j++)
411 if (final_groups[j] == new_grp)
412 break;
413
414 if ( j == current_n_groups) {
415 /* Group not already present. */
416 final_groups[current_n_groups++] = new_grp;
417 }
418 } else {
419 /* SID didn't map. Copy to the new token to be saved. */
420 sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
421 }
422 }
423
424 SAFE_FREE(*pp_groups);
425 *pp_groups = final_groups;
426 *n_groups = current_n_groups;
427
428 /* Replace the old token with the truncated one. */
429 delete_nt_token(&ptok);
430 *pptok = new_tok;
431 }
432
433 /*****************************************************************
434 *THE CANONICAL* convert name to SID function.
435 Tries local lookup first - for local domains - then uses winbind.
436 *****************************************************************/
437
438 BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
439 {
440 extern pstring global_myname;
441 extern fstring global_myworkgroup;
442 fstring sid;
443 BOOL local_lookup = False;
444
445 *name_type = SID_NAME_UNKNOWN;
446
447 /* If we are looking up a domain user, make sure it is
448 for the local machine only */
449
450 if (strequal(global_myname, domain)) {
451 local_lookup = True;
452 } else if (lp_server_role() == ROLE_DOMAIN_PDC ||
453 lp_server_role() == ROLE_DOMAIN_PDC) {
454 if (strequal(domain, global_myworkgroup)) {
455 local_lookup = True;
456 }
457 }
458
459 if (local_lookup) {
460 if (local_lookup_name(name, psid, name_type)) {
461 DEBUG(10,
462 ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n",
463 domain, name, sid_to_string(sid,psid),
464 sid_type_lookup(*name_type), (unsigned int)*name_type));
465 return True;
466 }
467 } else {
468 /* Remote */
469 if (winbind_lookup_name(domain, name, psid, name_type)) {
470
471 DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
472 domain, name, sid_to_string(sid, psid),
473 (unsigned int)*name_type));
474 return True;
475 }
476 }
477
478 DEBUG(10, ("lookup_name: %s lookup for [%s]\\[%s] failed\n",
479 local_lookup ? "local" : "winbind", domain, name));
480
481 return False;
482 }
483
484 /*****************************************************************
485 *THE CANONICAL* convert SID to name function.
486 Tries local lookup first - for local sids, then tries winbind.
487 *****************************************************************/
488
489 BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
490 {
491 if (!name_type)
492 return False;
493
494 *name_type = SID_NAME_UNKNOWN;
495
496 /* Check if this is our own sid. This should perhaps be done by
497 winbind? For the moment handle it here. */
498
499 if (sid->num_auths == 5) {
500 DOM_SID tmp_sid;
501 uint32 rid;
502
503 sid_copy(&tmp_sid, sid);
504 sid_split_rid(&tmp_sid, &rid);
505
506 if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
507
508 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
509 local_lookup_sid(sid, name, name_type);
510 }
511 }
512
513 if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
514 fstring sid_str;
515 DOM_SID tmp_sid;
516 uint32 rid;
517
518 DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
519
520 sid_copy(&tmp_sid, sid);
521 sid_split_rid(&tmp_sid, &rid);
522 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
523 lookup_known_rid(&tmp_sid, rid, name, name_type);
524 }
525 return True;
526 }
527
528 /*****************************************************************
529 *THE CANONICAL* convert uid_t to SID function.
530 Tries winbind first - then uses local lookup.
531 Returns SID pointer.
532 *****************************************************************/
533
534 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
535 {
536 uid_t low, high;
537 fstring sid;
538
539 if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
540 if (winbind_uid_to_sid(psid, uid)) {
541
542 DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
543 (unsigned int)uid, sid_to_string(sid, psid)));
544
545 return psid;
546 }
547 }
548
549 /* Make sure we report failure, (when psid == NULL) */
550 become_root();
551 psid = local_uid_to_sid(psid, uid);
552 unbecome_root();
553
554 DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
555
556 return psid;
557 }
558
559 /*****************************************************************
560 *THE CANONICAL* convert gid_t to SID function.
561 Tries winbind first - then uses local lookup.
562 Returns SID pointer.
563 *****************************************************************/
564
565 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
566 {
567 gid_t low, high;
568 fstring sid;
569
570 if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
571 if (winbind_gid_to_sid(psid, gid)) {
572
573 DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
574 (unsigned int)gid, sid_to_string(sid, psid)));
575
576 return psid;
577 }
578 }
579
580 /* Make sure we report failure, (when psid == NULL) */
581 psid = local_gid_to_sid(psid, gid);
582
583 DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
584
585 return psid;
586 }
587
588 /*****************************************************************
589 *THE CANONICAL* convert SID to uid function.
590 Tries winbind first - then uses local lookup.
591 Returns True if this name is a user sid and the conversion
592 was done correctly, False if not. sidtype is set by this function.
593 *****************************************************************/
594
595 BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
596 {
597 fstring sid_str;
598
599 /* if we know its local then don't try winbindd */
600 if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
601 BOOL result;
602 become_root();
603 result = local_sid_to_uid(puid, psid, sidtype);
604 unbecome_root();
605 return result;
606 }
607
608 /* (tridge) I commented out the slab of code below in order to support foreign SIDs
609 Do we really need to validate the type of SID we have in this case?
610 */
611 #if 0
612 fstring dom_name, name;
613 enum SID_NAME_USE name_type;
614
615 *sidtype = SID_NAME_UNKNOWN;
616 /*
617 * First we must look up the name and decide if this is a user sid.
618 */
619
620 if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
621 BOOL result;
622 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
623 sid_to_string(sid_str, psid) ));
624
625 become_root();
626 result = local_sid_to_uid(puid, psid, sidtype);
627 unbecome_root();
628 return result;
629 }
630
631 /*
632 * Ensure this is a user sid.
633 */
634
635 if (name_type != SID_NAME_USER) {
636 DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
637 (unsigned int)name_type ));
638 return False;
639 }
640 #endif
641 *sidtype = SID_NAME_USER;
642
643 /*
644 * Get the uid for this SID.
645 */
646
647 if (!winbind_sid_to_uid(puid, psid)) {
648 BOOL result;
649 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
650 sid_to_string(sid_str, psid) ));
651 become_root();
652 result = local_sid_to_uid(puid, psid, sidtype);
653 unbecome_root();
654 return result;
655 }
656
657 DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
658 sid_to_string(sid_str, psid),
659 (unsigned int)*puid ));
660
661 return True;
662 }
663
664 /*****************************************************************
665 *THE CANONICAL* convert SID to gid function.
666 Tries winbind first - then uses local lookup.
667 Returns True if this name is a user sid and the conversion
668 was done correctly, False if not.
669 *****************************************************************/
670
671 BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
672 {
673 fstring dom_name, name, sid_str;
674 enum SID_NAME_USE name_type;
675
676 *sidtype = SID_NAME_UNKNOWN;
677
678 /*
679 * First we must look up the name and decide if this is a group sid.
680 */
681
682 /* if we know its local then don't try winbindd */
683 if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
684 BOOL result;
685 become_root();
686 result = local_sid_to_gid(pgid, psid, sidtype);
687 unbecome_root();
688 return result;
689 }
690
691 if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
692 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
693 sid_to_string(sid_str, psid) ));
694 /* this was probably a foreign sid - assume its a group rid
695 and continue */
696 name_type = SID_NAME_DOM_GRP;
697 }
698
699 /*
700 * Ensure this is a group sid.
701 */
702
703 if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
704 DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
705 (unsigned int)name_type ));
706
707 return False;
708 }
709
710 *sidtype = name_type;
711
712 /*
713 * Get the gid for this SID.
714 */
715
716 if (!winbind_sid_to_gid(pgid, psid)) {
717 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
718 sid_to_string(sid_str, psid) ));
719 return False;
720 }
721
722 DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
723 sid_to_string(sid_str, psid),
724 (unsigned int)*pgid ));
725
726 return True;
727 }
728
Samba GIT mirror