2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* what user is current? */
24 extern struct current_user current_user
;
26 /****************************************************************************
27 Iterator functions for getting all gid's from current_user.
28 ****************************************************************************/
30 gid_t
get_current_user_gid_first(int *piterator
)
33 return current_user
.ut
.gid
;
36 gid_t
get_current_user_gid_next(int *piterator
)
40 if (!current_user
.ut
.groups
|| *piterator
>= current_user
.ut
.ngroups
) {
44 ret
= current_user
.ut
.groups
[*piterator
];
49 /****************************************************************************
50 Become the guest user without changing the security context stack.
51 ****************************************************************************/
53 BOOL
change_to_guest(void)
55 static struct passwd
*pass
=NULL
;
58 /* Don't need to free() this as its stored in a static */
59 pass
= getpwnam_alloc(NULL
, lp_guestaccount());
65 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
67 initgroups(pass
->pw_name
, pass
->pw_gid
);
70 set_sec_ctx(pass
->pw_uid
, pass
->pw_gid
, 0, NULL
, NULL
);
72 current_user
.conn
= NULL
;
73 current_user
.vuid
= UID_FIELD_INVALID
;
81 /*******************************************************************
82 Check if a username is OK.
83 ********************************************************************/
85 static BOOL
check_user_ok(connection_struct
*conn
, user_struct
*vuser
,int snum
)
88 struct vuid_cache_entry
*ent
= NULL
;
92 for (i
=0;i
<conn
->vuid_cache
.entries
&& i
< VUID_CACHE_SIZE
;i
++) {
93 if (conn
->vuid_cache
.array
[i
].vuid
== vuser
->vuid
) {
94 ent
= &conn
->vuid_cache
.array
[i
];
95 conn
->read_only
= ent
->read_only
;
96 conn
->admin_user
= ent
->admin_user
;
101 if (!user_ok_token(vuser
->user
.unix_name
, vuser
->nt_user_token
, snum
))
104 readonly_share
= is_share_read_only_for_token(vuser
->user
.unix_name
,
105 vuser
->nt_user_token
,
108 token
= conn
->nt_user_token
?
109 conn
->nt_user_token
: vuser
->nt_user_token
;
111 if (!readonly_share
&&
112 !share_access_check(token
, lp_servicename(snum
),
114 /* smb.conf allows r/w, but the security descriptor denies
115 * write. Fall back to looking at readonly. */
116 readonly_share
= True
;
117 DEBUG(5,("falling back to read-only access-evaluation due to "
118 "security descriptor\n"));
121 if (!share_access_check(token
, lp_servicename(snum
),
123 FILE_READ_DATA
: FILE_WRITE_DATA
)) {
127 i
= conn
->vuid_cache
.entries
% VUID_CACHE_SIZE
;
128 if (conn
->vuid_cache
.entries
< VUID_CACHE_SIZE
)
129 conn
->vuid_cache
.entries
++;
131 ent
= &conn
->vuid_cache
.array
[i
];
132 ent
->vuid
= vuser
->vuid
;
133 ent
->read_only
= readonly_share
;
135 ent
->admin_user
= token_contains_name_in_list(
136 vuser
->user
.unix_name
, NULL
, vuser
->nt_user_token
,
137 lp_admin_users(SNUM(conn
)));
139 conn
->read_only
= ent
->read_only
;
140 conn
->admin_user
= ent
->admin_user
;
145 /****************************************************************************
146 Become the user of a connection number without changing the security context
147 stack, but modify the current_user entries.
148 ****************************************************************************/
150 BOOL
change_to_user(connection_struct
*conn
, uint16 vuid
)
152 user_struct
*vuser
= get_valid_user_struct(vuid
);
157 BOOL must_free_token
= False
;
158 NT_USER_TOKEN
*token
= NULL
;
161 DEBUG(2,("change_to_user: Connection not open\n"));
166 * We need a separate check in security=share mode due to vuid
167 * always being UID_FIELD_INVALID. If we don't do this then
168 * in share mode security we are *always* changing uid's between
169 * SMB's - this hurts performance - Badly.
172 if((lp_security() == SEC_SHARE
) && (current_user
.conn
== conn
) &&
173 (current_user
.ut
.uid
== conn
->uid
)) {
174 DEBUG(4,("change_to_user: Skipping user change - already "
177 } else if ((current_user
.conn
== conn
) &&
178 (vuser
!= 0) && (current_user
.vuid
== vuid
) &&
179 (current_user
.ut
.uid
== vuser
->uid
)) {
180 DEBUG(4,("change_to_user: Skipping user change - already "
187 if ((vuser
) && !check_user_ok(conn
, vuser
, snum
)) {
188 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
189 "not permitted access to share %s.\n",
190 vuser
->user
.smb_name
, vuser
->user
.unix_name
, vuid
,
191 lp_servicename(snum
)));
195 if (conn
->force_user
) /* security = share sets this too */ {
198 current_user
.ut
.groups
= conn
->groups
;
199 current_user
.ut
.ngroups
= conn
->ngroups
;
200 token
= conn
->nt_user_token
;
202 uid
= conn
->admin_user
? 0 : vuser
->uid
;
204 current_user
.ut
.ngroups
= vuser
->n_groups
;
205 current_user
.ut
.groups
= vuser
->groups
;
206 token
= vuser
->nt_user_token
;
208 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
209 "share %s.\n",vuid
, lp_servicename(snum
) ));
214 * See if we should force group for this service.
215 * If so this overrides any group set in the force
219 if((group_c
= *lp_force_group(snum
))) {
221 token
= dup_nt_token(NULL
, token
);
223 DEBUG(0, ("dup_nt_token failed\n"));
226 must_free_token
= True
;
231 * Only force group if the user is a member of
232 * the service group. Check the group memberships for
233 * this user (we already have this) to
234 * see if we should force the group.
238 for (i
= 0; i
< current_user
.ut
.ngroups
; i
++) {
239 if (current_user
.ut
.groups
[i
] == conn
->gid
) {
241 gid_to_sid(&token
->user_sids
[1], gid
);
247 gid_to_sid(&token
->user_sids
[1], gid
);
251 set_sec_ctx(uid
, gid
, current_user
.ut
.ngroups
, current_user
.ut
.groups
,
255 * Free the new token (as set_sec_ctx copies it).
261 current_user
.conn
= conn
;
262 current_user
.vuid
= vuid
;
264 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
265 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
270 /****************************************************************************
271 Go back to being root without changing the security context stack,
272 but modify the current_user entries.
273 ****************************************************************************/
275 BOOL
change_to_root_user(void)
279 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
280 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
282 current_user
.conn
= NULL
;
283 current_user
.vuid
= UID_FIELD_INVALID
;
288 /****************************************************************************
289 Become the user of an authenticated connected named pipe.
290 When this is called we are currently running as the connection
291 user. Doesn't modify current_user.
292 ****************************************************************************/
294 BOOL
become_authenticated_pipe_user(pipes_struct
*p
)
299 set_sec_ctx(p
->pipe_user
.ut
.uid
, p
->pipe_user
.ut
.gid
,
300 p
->pipe_user
.ut
.ngroups
, p
->pipe_user
.ut
.groups
,
301 p
->pipe_user
.nt_user_token
);
306 /****************************************************************************
307 Unbecome the user of an authenticated connected named pipe.
308 When this is called we are running as the authenticated pipe
309 user and need to go back to being the connection user. Doesn't modify
311 ****************************************************************************/
313 BOOL
unbecome_authenticated_pipe_user(void)
315 return pop_sec_ctx();
318 /****************************************************************************
319 Utility functions used by become_xxx/unbecome_xxx.
320 ****************************************************************************/
323 connection_struct
*conn
;
327 /* A stack of current_user connection contexts. */
329 static struct conn_ctx conn_ctx_stack
[MAX_SEC_CTX_DEPTH
];
330 static int conn_ctx_stack_ndx
;
332 static void push_conn_ctx(void)
334 struct conn_ctx
*ctx_p
;
336 /* Check we don't overflow our stack */
338 if (conn_ctx_stack_ndx
== MAX_SEC_CTX_DEPTH
) {
339 DEBUG(0, ("Connection context stack overflow!\n"));
340 smb_panic("Connection context stack overflow!\n");
343 /* Store previous user context */
344 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
346 ctx_p
->conn
= current_user
.conn
;
347 ctx_p
->vuid
= current_user
.vuid
;
349 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
350 (unsigned int)ctx_p
->vuid
, conn_ctx_stack_ndx
));
352 conn_ctx_stack_ndx
++;
355 static void pop_conn_ctx(void)
357 struct conn_ctx
*ctx_p
;
359 /* Check for stack underflow. */
361 if (conn_ctx_stack_ndx
== 0) {
362 DEBUG(0, ("Connection context stack underflow!\n"));
363 smb_panic("Connection context stack underflow!\n");
366 conn_ctx_stack_ndx
--;
367 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
369 current_user
.conn
= ctx_p
->conn
;
370 current_user
.vuid
= ctx_p
->vuid
;
373 ctx_p
->vuid
= UID_FIELD_INVALID
;
376 /****************************************************************************
377 Temporarily become a root user. Must match with unbecome_root(). Saves and
378 restores the connection context.
379 ****************************************************************************/
381 void become_root(void)
388 /* Unbecome the root user */
390 void unbecome_root(void)
396 /****************************************************************************
397 Push the current security context then force a change via change_to_user().
398 Saves and restores the connection context.
399 ****************************************************************************/
401 BOOL
become_user(connection_struct
*conn
, uint16 vuid
)
408 if (!change_to_user(conn
, vuid
)) {
417 BOOL
unbecome_user(void)