search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: convert fsp->posix_flags to fsp->fsp_flags.posix_open
[Samba.git] / source3 / smbd / uid.c
blobe8f51003a1e4118a2354c5a6df4c2f7b9f5f98b3
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "source3/smbd/smbXsrv_session.h"
25 #include "../librpc/gen_ndr/netlogon.h"
26 #include "libcli/security/security.h"
27 #include "passdb/lookup_sid.h"
28 #include "auth.h"
29 #include "../auth/auth_util.h"
30 #include "source3/lib/substitute.h"
31
32 /* what user is current? */
33 extern struct current_user current_user;
34
35 /****************************************************************************
36 Become the guest user without changing the security context stack.
37 ****************************************************************************/
38
39 bool change_to_guest(void)
40 {
41 struct passwd *pass;
42
43 pass = Get_Pwnam_alloc(talloc_tos(), lp_guest_account());
44 if (!pass) {
45 return false;
46 }
47
48 #ifdef AIX
49 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
50 setting IDs */
51 initgroups(pass->pw_name, pass->pw_gid);
52 #endif
53
54 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
55
56 current_user.conn = NULL;
57 current_user.vuid = UID_FIELD_INVALID;
58
59 TALLOC_FREE(pass);
60
61 return true;
62 }
63
64 /****************************************************************************
65 talloc free the conn->session_info if not used in the vuid cache.
66 ****************************************************************************/
67
68 static void free_conn_state_if_unused(connection_struct *conn)
69 {
70 unsigned int i;
71
72 for (i = 0; i < VUID_CACHE_SIZE; i++) {
73 struct vuid_cache_entry *ent;
74 ent = &conn->vuid_cache->array[i];
75 if (ent->vuid != UID_FIELD_INVALID &&
76 conn->session_info == ent->session_info) {
77 break;
78 }
79 }
80 if (i == VUID_CACHE_SIZE) {
81 /* Not used, safe to free. */
82 TALLOC_FREE(conn->session_info);
83 }
84 }
85
86 /****************************************************************************
87 Setup the share access mask for a connection.
88 ****************************************************************************/
89
90 static uint32_t create_share_access_mask(int snum,
91 bool readonly_share,
92 const struct security_token *token)
93 {
94 uint32_t share_access = 0;
95
96 share_access_check(token,
97 lp_const_servicename(snum),
98 MAXIMUM_ALLOWED_ACCESS,
99 &share_access);
100
101 if (readonly_share) {
102 share_access &=
103 ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
104 SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
105 SEC_DIR_DELETE_CHILD );
106 }
107
108 if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
109 share_access |= SEC_FLAG_SYSTEM_SECURITY;
110 }
111 if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
112 share_access |= SEC_RIGHTS_PRIV_RESTORE;
113 }
114 if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
115 share_access |= SEC_RIGHTS_PRIV_BACKUP;
116 }
117 if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
118 share_access |= SEC_STD_WRITE_OWNER;
119 }
120
121 return share_access;
122 }
123
124 /*******************************************************************
125 Calculate access mask and if this user can access this share.
126 ********************************************************************/
127
128 NTSTATUS check_user_share_access(connection_struct *conn,
129 const struct auth_session_info *session_info,
130 uint32_t *p_share_access,
131 bool *p_readonly_share)
132 {
133 int snum = SNUM(conn);
134 uint32_t share_access = 0;
135 bool readonly_share = false;
136 bool ok;
137
138 if (!user_ok_token(session_info->unix_info->unix_name,
139 session_info->info->domain_name,
140 session_info->security_token, snum)) {
141 return NT_STATUS_ACCESS_DENIED;
142 }
143
144 ok = is_share_read_only_for_token(
145 session_info->unix_info->unix_name,
146 session_info->info->domain_name,
147 session_info->security_token,
148 conn,
149 &readonly_share);
150 if (!ok) {
151 return NT_STATUS_ACCESS_DENIED;
152 }
153
154 share_access = create_share_access_mask(snum,
155 readonly_share,
156 session_info->security_token);
157
158 if ((share_access & (FILE_READ_DATA|FILE_WRITE_DATA)) == 0) {
159 /* No access, read or write. */
160 DBG_NOTICE("user %s connection to %s denied due to share "
161 "security descriptor.\n",
162 session_info->unix_info->unix_name,
163 lp_const_servicename(snum));
164 return NT_STATUS_ACCESS_DENIED;
165 }
166
167 if (!readonly_share &&
168 !(share_access & FILE_WRITE_DATA)) {
169 /* smb.conf allows r/w, but the security descriptor denies
170 * write. Fall back to looking at readonly. */
171 readonly_share = true;
172 DBG_INFO("falling back to read-only access-evaluation due to "
173 "security descriptor\n");
174 }
175
176 *p_share_access = share_access;
177 *p_readonly_share = readonly_share;
178
179 return NT_STATUS_OK;
180 }
181
182 struct scan_file_list_state {
183 TALLOC_CTX *mem_ctx;
184 const struct loadparm_substitution *lp_sub;
185 int snum;
186 const char *param_type;
187 struct security_token *token;
188 struct name_compare_entry **list;
189 bool ok;
190 };
191
192 static bool scan_file_list_cb(const char *string,
193 regmatch_t matches[],
194 void *private_data)
195 {
196 struct scan_file_list_state *state = private_data;
197
198 if (matches[1].rm_so == -1) {
199 DBG_WARNING("Found match, but no name??\n");
200 goto fail;
201 }
202 if (matches[1].rm_eo <= matches[1].rm_so) {
203 DBG_WARNING("Invalid match\n");
204 goto fail;
205 }
206
207 {
208 regoff_t len = matches[1].rm_eo - matches[1].rm_so;
209 char name[len + 1];
210 bool ok, match;
211 char *files = NULL;
212
213 memcpy(name, string + matches[1].rm_so, len);
214 name[len] = '\0';
215
216 DBG_DEBUG("Found name \"%s : %s\"\n", state->param_type, name);
217
218 ok = token_contains_name(talloc_tos(),
219 NULL,
220 NULL,
221 NULL,
222 state->token,
223 name,
224 &match);
225 if (!ok) {
226 goto fail;
227 }
228 if (!match) {
229 return false; /* don't stop traverse */
230 }
231
232 files = lp_parm_substituted_string(state->mem_ctx,
233 state->lp_sub,
234 state->snum,
235 state->param_type,
236 name,
237 NULL);
238 if (files == NULL) {
239 goto fail;
240 }
241
242 ok = append_to_namearray(state->mem_ctx,
243 files,
244 state->list);
245 if (!ok) {
246 goto fail;
247 }
248
249 return false; /* don't stop traverse */
250 }
251
252 fail:
253 state->ok = false;
254 return true; /* stop traverse */
255 }
256
257 /*******************************************************************
258 Check if a username is OK.
259
260 This sets up conn->session_info with a copy related to this vuser that
261 later code can then mess with.
262 ********************************************************************/
263
264 static bool check_user_ok(connection_struct *conn,
265 uint64_t vuid,
266 const struct auth_session_info *session_info,
267 int snum)
268 {
269 const struct loadparm_substitution *lp_sub =
270 loadparm_s3_global_substitution();
271 bool readonly_share = false;
272 bool admin_user = false;
273 struct vuid_cache_entry *ent = NULL;
274 uint32_t share_access = 0;
275 NTSTATUS status;
276 bool ok;
277
278 if (vuid != UID_FIELD_INVALID) {
279 unsigned int i;
280
281 for (i=0; i<VUID_CACHE_SIZE; i++) {
282 ent = &conn->vuid_cache->array[i];
283 if (ent->vuid == vuid) {
284 free_conn_state_if_unused(conn);
285 conn->session_info = ent->session_info;
286 conn->read_only = ent->read_only;
287 conn->share_access = ent->share_access;
288 conn->vuid = ent->vuid;
289 conn->veto_list = ent->veto_list;
290 conn->hide_list = ent->hide_list;
291 return(True);
292 }
293 }
294 }
295
296 status = check_user_share_access(conn,
297 session_info,
298 &share_access,
299 &readonly_share);
300 if (!NT_STATUS_IS_OK(status)) {
301 return false;
302 }
303
304 ok = token_contains_name_in_list(
305 session_info->unix_info->unix_name,
306 session_info->info->domain_name,
307 NULL,
308 session_info->security_token,
309 lp_admin_users(snum),
310 &admin_user);
311 if (!ok) {
312 /* Log, but move on */
313 DBG_ERR("Couldn't apply 'admin users'\n");
314 }
315
316 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
317
318 conn->vuid_cache->next_entry =
319 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
320
321 TALLOC_FREE(ent->session_info);
322 TALLOC_FREE(ent->veto_list);
323 TALLOC_FREE(ent->hide_list);
324
325 /*
326 * If force_user was set, all session_info's are based on the same
327 * username-based faked one.
328 */
329
330 ent->session_info = copy_session_info(
331 conn, conn->force_user ? conn->session_info : session_info);
332
333 if (ent->session_info == NULL) {
334 ent->vuid = UID_FIELD_INVALID;
335 return false;
336 }
337
338 if (admin_user) {
339 DEBUG(2,("check_user_ok: user %s is an admin user. "
340 "Setting uid as %d\n",
341 ent->session_info->unix_info->unix_name,
342 sec_initial_uid() ));
343 ent->session_info->unix_token->uid = sec_initial_uid();
344 }
345
346 /*
347 * It's actually OK to call check_user_ok() with
348 * vuid == UID_FIELD_INVALID as called from become_user_by_session().
349 * All this will do is throw away one entry in the cache.
350 */
351
352 ent->vuid = vuid;
353 ent->read_only = readonly_share;
354 ent->share_access = share_access;
355
356 /* Add veto/hide lists */
357 if (!IS_IPC(conn) && !IS_PRINT(conn)) {
358 struct scan_file_list_state state = {
359 .mem_ctx = conn,
360 .lp_sub = lp_sub,
361 .snum = snum,
362 .token = session_info->security_token,
363 .ok = true,
364 };
365 int ret;
366
367 ok = set_namearray(conn,
368 lp_veto_files(talloc_tos(), lp_sub, snum),
369 &ent->veto_list);
370 if (!ok) {
371 return false;
372 }
373
374 /*
375 * A bit of boilerplate code duplication for userlevel
376 * hide and veto files in the share and global
377 * sections, but not enough to justify putting this
378 * into functions for now :-)
379 */
380
381 state.param_type = "veto files";
382 state.list = &ent->veto_list;
383
384 ret = lp_wi_scan_global_parametrics("vetofiles:\\(.*\\)",
385 2,
386 scan_file_list_cb,
387 &state);
388 if ((ret != 0) || !state.ok) {
389 return false;
390 }
391 ret = lp_wi_scan_share_parametrics(snum,
392 "vetofiles:\\(.*\\)",
393 2,
394 scan_file_list_cb,
395 &state);
396 if ((ret != 0) || !state.ok) {
397 return false;
398 }
399
400 ok = set_namearray(conn,
401 lp_hide_files(talloc_tos(), lp_sub, snum),
402 &ent->hide_list);
403 if (!ok) {
404 return false;
405 }
406
407 state.param_type = "hide files";
408 state.list = &ent->hide_list;
409
410 ret = lp_wi_scan_global_parametrics("hidefiles:\\(.*\\)",
411 2,
412 scan_file_list_cb,
413 &state);
414 if ((ret != 0) || !state.ok) {
415 return false;
416 }
417 ret = lp_wi_scan_share_parametrics(snum,
418 "hidefiles:\\(.*\\)",
419 2,
420 scan_file_list_cb,
421 &state);
422 if ((ret != 0) || !state.ok) {
423 return false;
424 }
425 }
426
427 free_conn_state_if_unused(conn);
428 conn->session_info = ent->session_info;
429 conn->veto_list = ent->veto_list;
430 conn->hide_list = ent->hide_list;
431 conn->vuid = ent->vuid;
432 if (vuid == UID_FIELD_INVALID) {
433 /*
434 * Not strictly needed, just make it really
435 * clear this entry is actually an unused one.
436 */
437 ent->read_only = false;
438 ent->share_access = 0;
439 ent->session_info = NULL;
440 }
441
442 conn->read_only = readonly_share;
443 conn->share_access = share_access;
444
445 return(True);
446 }
447
448 static void print_impersonation_info(connection_struct *conn)
449 {
450 struct smb_filename *cwdfname = NULL;
451
452 if (!CHECK_DEBUGLVL(DBGLVL_INFO)) {
453 return;
454 }
455
456 cwdfname = vfs_GetWd(talloc_tos(), conn);
457 if (cwdfname == NULL) {
458 return;
459 }
460
461 DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",
462 (int)getuid(),
463 (int)geteuid(),
464 (int)getgid(),
465 (int)getegid(),
466 cwdfname->base_name);
467 TALLOC_FREE(cwdfname);
468 }
469
470 /****************************************************************************
471 Become the user of a connection number without changing the security context
472 stack, but modify the current_user entries.
473 ****************************************************************************/
474
475 static bool change_to_user_impersonate(connection_struct *conn,
476 const struct auth_session_info *session_info,
477 uint64_t vuid)
478 {
479 const struct loadparm_substitution *lp_sub =
480 loadparm_s3_global_substitution();
481 int snum;
482 gid_t gid;
483 uid_t uid;
484 const char *force_group_name;
485 char group_c;
486 int num_groups = 0;
487 gid_t *group_list = NULL;
488 bool ok;
489
490 if ((current_user.conn == conn) &&
491 (current_user.vuid == vuid) &&
492 (current_user.ut.uid == session_info->unix_token->uid))
493 {
494 DBG_INFO("Skipping user change - already user\n");
495 return true;
496 }
497
498 set_current_user_info(session_info->unix_info->sanitized_username,
499 session_info->unix_info->unix_name,
500 session_info->info->domain_name);
501
502 snum = SNUM(conn);
503
504 ok = check_user_ok(conn, vuid, session_info, snum);
505 if (!ok) {
506 DBG_WARNING("SMB user %s (unix user %s) "
507 "not permitted access to share %s.\n",
508 session_info->unix_info->sanitized_username,
509 session_info->unix_info->unix_name,
510 lp_const_servicename(snum));
511 return false;
512 }
513
514 uid = conn->session_info->unix_token->uid;
515 gid = conn->session_info->unix_token->gid;
516 num_groups = conn->session_info->unix_token->ngroups;
517 group_list = conn->session_info->unix_token->groups;
518
519 /*
520 * See if we should force group for this service. If so this overrides
521 * any group set in the force user code.
522 */
523 force_group_name = lp_force_group(talloc_tos(), lp_sub, snum);
524 group_c = *force_group_name;
525
526 if ((group_c != '\0') && (conn->force_group_gid == (gid_t)-1)) {
527 /*
528 * This can happen if "force group" is added to a
529 * share definition whilst an existing connection
530 * to that share exists. In that case, don't change
531 * the existing credentials for force group, only
532 * do so for new connections.
533 *
534 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
535 */
536 DBG_INFO("Not forcing group %s on existing connection to "
537 "share %s for SMB user %s (unix user %s)\n",
538 force_group_name,
539 lp_const_servicename(snum),
540 session_info->unix_info->sanitized_username,
541 session_info->unix_info->unix_name);
542 }
543
544 if((group_c != '\0') && (conn->force_group_gid != (gid_t)-1)) {
545 /*
546 * Only force group for connections where
547 * conn->force_group_gid has already been set
548 * to the correct value (i.e. the connection
549 * happened after the 'force group' definition
550 * was added to the share definition. Connections
551 * that were made before force group was added
552 * should stay with their existing credentials.
553 *
554 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
555 */
556
557 if (group_c == '+') {
558 int i;
559
560 /*
561 * Only force group if the user is a member of the
562 * service group. Check the group memberships for this
563 * user (we already have this) to see if we should force
564 * the group.
565 */
566 for (i = 0; i < num_groups; i++) {
567 if (group_list[i] == conn->force_group_gid) {
568 conn->session_info->unix_token->gid =
569 conn->force_group_gid;
570 gid = conn->force_group_gid;
571 gid_to_sid(&conn->session_info->security_token
572 ->sids[1], gid);
573 break;
574 }
575 }
576 } else {
577 conn->session_info->unix_token->gid = conn->force_group_gid;
578 gid = conn->force_group_gid;
579 gid_to_sid(&conn->session_info->security_token->sids[1],
580 gid);
581 }
582 }
583
584 set_sec_ctx(uid,
585 gid,
586 num_groups,
587 group_list,
588 conn->session_info->security_token);
589
590 current_user.conn = conn;
591 current_user.vuid = vuid;
592 return true;
593 }
594
595 /**
596 * Impersonate user and change directory to service
597 *
598 * change_to_user_and_service() is used to impersonate the user associated with
599 * the given vuid and to change the working directory of the process to the
600 * service base directory.
601 **/
602 bool change_to_user_and_service(connection_struct *conn, uint64_t vuid)
603 {
604 int snum = SNUM(conn);
605 struct auth_session_info *si = NULL;
606 NTSTATUS status;
607 bool ok;
608
609 if (conn == NULL) {
610 DBG_WARNING("Connection not open\n");
611 return false;
612 }
613
614 status = smbXsrv_session_info_lookup(conn->sconn->client,
615 vuid,
616 &si);
617 if (!NT_STATUS_IS_OK(status)) {
618 DBG_WARNING("Invalid vuid %llu used on share %s.\n",
619 (unsigned long long)vuid,
620 lp_const_servicename(snum));
621 return false;
622 }
623
624 ok = change_to_user_impersonate(conn, si, vuid);
625 if (!ok) {
626 return false;
627 }
628
629 if (conn->tcon_done) {
630 ok = chdir_current_service(conn);
631 if (!ok) {
632 return false;
633 }
634 }
635
636 print_impersonation_info(conn);
637 return true;
638 }
639
640 /**
641 * Impersonate user and change directory to service
642 *
643 * change_to_user_and_service_by_fsp() is used to impersonate the user
644 * associated with the given vuid and to change the working directory of the
645 * process to the service base directory.
646 **/
647 bool change_to_user_and_service_by_fsp(struct files_struct *fsp)
648 {
649 return change_to_user_and_service(fsp->conn, fsp->vuid);
650 }
651
652 /****************************************************************************
653 Go back to being root without changing the security context stack,
654 but modify the current_user entries.
655 ****************************************************************************/
656
657 bool smbd_change_to_root_user(void)
658 {
659 set_root_sec_ctx();
660
661 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
662 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
663
664 current_user.conn = NULL;
665 current_user.vuid = UID_FIELD_INVALID;
666
667 return(True);
668 }
669
670 /****************************************************************************
671 Become the user of an authenticated connected named pipe.
672 When this is called we are currently running as the connection
673 user. Doesn't modify current_user.
674 ****************************************************************************/
675
676 bool smbd_become_authenticated_pipe_user(struct auth_session_info *session_info)
677 {
678 if (!push_sec_ctx())
679 return False;
680
681 set_current_user_info(session_info->unix_info->sanitized_username,
682 session_info->unix_info->unix_name,
683 session_info->info->domain_name);
684
685 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
686 session_info->unix_token->ngroups, session_info->unix_token->groups,
687 session_info->security_token);
688
689 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
690 (int)getuid(),
691 (int)geteuid(),
692 (int)getgid(),
693 (int)getegid()));
694
695 return True;
696 }
697
698 /****************************************************************************
699 Unbecome the user of an authenticated connected named pipe.
700 When this is called we are running as the authenticated pipe
701 user and need to go back to being the connection user. Doesn't modify
702 current_user.
703 ****************************************************************************/
704
705 bool smbd_unbecome_authenticated_pipe_user(void)
706 {
707 return pop_sec_ctx();
708 }
709
710 /****************************************************************************
711 Utility functions used by become_xxx/unbecome_xxx.
712 ****************************************************************************/
713
714 static void push_conn_ctx(void)
715 {
716 struct conn_ctx *ctx_p;
717 extern userdom_struct current_user_info;
718
719 /* Check we don't overflow our stack */
720
721 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
722 DEBUG(0, ("Connection context stack overflow!\n"));
723 smb_panic("Connection context stack overflow!\n");
724 }
725
726 /* Store previous user context */
727 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
728
729 ctx_p->conn = current_user.conn;
730 ctx_p->vuid = current_user.vuid;
731 ctx_p->user_info = current_user_info;
732
733 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
734 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
735
736 conn_ctx_stack_ndx++;
737 }
738
739 static void pop_conn_ctx(void)
740 {
741 struct conn_ctx *ctx_p;
742
743 /* Check for stack underflow. */
744
745 if (conn_ctx_stack_ndx == 0) {
746 DEBUG(0, ("Connection context stack underflow!\n"));
747 smb_panic("Connection context stack underflow!\n");
748 }
749
750 conn_ctx_stack_ndx--;
751 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
752
753 set_current_user_info(ctx_p->user_info.smb_name,
754 ctx_p->user_info.unix_name,
755 ctx_p->user_info.domain);
756
757 current_user.conn = ctx_p->conn;
758 current_user.vuid = ctx_p->vuid;
759
760 *ctx_p = (struct conn_ctx) {
761 .vuid = UID_FIELD_INVALID,
762 };
763 }
764
765 /****************************************************************************
766 Temporarily become a root user. Must match with unbecome_root(). Saves and
767 restores the connection context.
768 ****************************************************************************/
769
770 void smbd_become_root(void)
771 {
772 /*
773 * no good way to handle push_sec_ctx() failing without changing
774 * the prototype of become_root()
775 */
776 if (!push_sec_ctx()) {
777 smb_panic("become_root: push_sec_ctx failed");
778 }
779 push_conn_ctx();
780 set_root_sec_ctx();
781 }
782
783 /* Unbecome the root user */
784
785 void smbd_unbecome_root(void)
786 {
787 pop_sec_ctx();
788 pop_conn_ctx();
789 }
790
791 /****************************************************************************
792 Push the current security context then force a change via change_to_user().
793 Saves and restores the connection context.
794 ****************************************************************************/
795
796 bool become_user_without_service(connection_struct *conn, uint64_t vuid)
797 {
798 struct auth_session_info *session_info = NULL;
799 int snum = SNUM(conn);
800 NTSTATUS status;
801 bool ok;
802
803 if (conn == NULL) {
804 DBG_WARNING("Connection not open\n");
805 return false;
806 }
807
808 status = smbXsrv_session_info_lookup(conn->sconn->client,
809 vuid,
810 &session_info);
811 if (!NT_STATUS_IS_OK(status)) {
812 /* Invalid vuid sent */
813 DBG_WARNING("Invalid vuid %llu used on share %s.\n",
814 (unsigned long long)vuid,
815 lp_const_servicename(snum));
816 return false;
817 }
818
819 ok = push_sec_ctx();
820 if (!ok) {
821 return false;
822 }
823
824 push_conn_ctx();
825
826 ok = change_to_user_impersonate(conn, session_info, vuid);
827 if (!ok) {
828 pop_sec_ctx();
829 pop_conn_ctx();
830 return false;
831 }
832
833 return true;
834 }
835
836 bool become_user_without_service_by_fsp(struct files_struct *fsp)
837 {
838 return become_user_without_service(fsp->conn, fsp->vuid);
839 }
840
841 bool become_user_without_service_by_session(connection_struct *conn,
842 const struct auth_session_info *session_info)
843 {
844 bool ok;
845
846 SMB_ASSERT(conn != NULL);
847 SMB_ASSERT(session_info != NULL);
848
849 ok = push_sec_ctx();
850 if (!ok) {
851 return false;
852 }
853
854 push_conn_ctx();
855
856 ok = change_to_user_impersonate(conn, session_info, UID_FIELD_INVALID);
857 if (!ok) {
858 pop_sec_ctx();
859 pop_conn_ctx();
860 return false;
861 }
862
863 return true;
864 }
865
866 bool unbecome_user_without_service(void)
867 {
868 pop_sec_ctx();
869 pop_conn_ctx();
870 return True;
871 }
872
873 /****************************************************************************
874 Return the current user we are running effectively as on this connection.
875 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
876 doesn't alter this value.
877 ****************************************************************************/
878
879 uid_t get_current_uid(connection_struct *conn)
880 {
881 return current_user.ut.uid;
882 }
883
884 /****************************************************************************
885 Return the current group we are running effectively as on this connection.
886 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
887 doesn't alter this value.
888 ****************************************************************************/
889
890 gid_t get_current_gid(connection_struct *conn)
891 {
892 return current_user.ut.gid;
893 }
894
895 /****************************************************************************
896 Return the UNIX token we are running effectively as on this connection.
897 I'd like to make this return &conn->session_info->unix_token-> but become_root()
898 doesn't alter this value.
899 ****************************************************************************/
900
901 const struct security_unix_token *get_current_utok(connection_struct *conn)
902 {
903 return &current_user.ut;
904 }
905
906 /****************************************************************************
907 Return the Windows token we are running effectively as on this connection.
908 If this is currently a NULL token as we're inside become_root() - a temporary
909 UNIX security override, then we search up the stack for the previous active
910 token.
911 ****************************************************************************/
912
913 const struct security_token *get_current_nttok(connection_struct *conn)
914 {
915 if (current_user.nt_user_token) {
916 return current_user.nt_user_token;
917 }
918 return sec_ctx_active_token();
919 }
Samba GIT mirror