spoolss: fix spoolss_EnumPrinterKey IDL.
[Samba.git] / source3 / smbd / uid.c
blob2ec50cd4d8319307e69a33d3c386117c37c2ee43
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "smbd/globals.h"
23 /* what user is current? */
24 extern struct current_user current_user;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 bool change_to_guest(void)
32 struct passwd *pass;
34 pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
35 if (!pass) {
36 return false;
39 #ifdef AIX
40 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
41 setting IDs */
42 initgroups(pass->pw_name, pass->pw_gid);
43 #endif
45 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
47 current_user.conn = NULL;
48 current_user.vuid = UID_FIELD_INVALID;
50 TALLOC_FREE(pass);
52 return true;
55 /****************************************************************************
56 talloc free the conn->server_info if not used in the vuid cache.
57 ****************************************************************************/
59 static void free_conn_server_info_if_unused(connection_struct *conn)
61 unsigned int i;
63 for (i = 0; i < VUID_CACHE_SIZE; i++) {
64 struct vuid_cache_entry *ent;
65 ent = &conn->vuid_cache.array[i];
66 if (ent->vuid != UID_FIELD_INVALID &&
67 conn->server_info == ent->server_info) {
68 return;
71 /* Not used, safe to free. */
72 TALLOC_FREE(conn->server_info);
75 /*******************************************************************
76 Check if a username is OK.
78 This sets up conn->server_info with a copy related to this vuser that
79 later code can then mess with.
80 ********************************************************************/
82 static bool check_user_ok(connection_struct *conn,
83 uint16_t vuid,
84 const struct auth_serversupplied_info *server_info,
85 int snum)
87 bool valid_vuid = (vuid != UID_FIELD_INVALID);
88 unsigned int i;
89 bool readonly_share;
90 bool admin_user;
92 if (valid_vuid) {
93 struct vuid_cache_entry *ent;
95 for (i=0; i<VUID_CACHE_SIZE; i++) {
96 ent = &conn->vuid_cache.array[i];
97 if (ent->vuid == vuid) {
98 free_conn_server_info_if_unused(conn);
99 conn->server_info = ent->server_info;
100 conn->read_only = ent->read_only;
101 conn->admin_user = ent->admin_user;
102 return(True);
107 if (!user_ok_token(server_info->unix_name,
108 pdb_get_domain(server_info->sam_account),
109 server_info->ptok, snum))
110 return(False);
112 readonly_share = is_share_read_only_for_token(
113 server_info->unix_name,
114 pdb_get_domain(server_info->sam_account),
115 server_info->ptok,
116 conn);
118 if (!readonly_share &&
119 !share_access_check(server_info->ptok, lp_servicename(snum),
120 FILE_WRITE_DATA)) {
121 /* smb.conf allows r/w, but the security descriptor denies
122 * write. Fall back to looking at readonly. */
123 readonly_share = True;
124 DEBUG(5,("falling back to read-only access-evaluation due to "
125 "security descriptor\n"));
128 if (!share_access_check(server_info->ptok, lp_servicename(snum),
129 readonly_share ?
130 FILE_READ_DATA : FILE_WRITE_DATA)) {
131 return False;
134 admin_user = token_contains_name_in_list(
135 server_info->unix_name,
136 pdb_get_domain(server_info->sam_account),
137 NULL, server_info->ptok, lp_admin_users(snum));
139 if (valid_vuid) {
140 struct vuid_cache_entry *ent =
141 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
143 conn->vuid_cache.next_entry =
144 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
146 TALLOC_FREE(ent->server_info);
149 * If force_user was set, all server_info's are based on the same
150 * username-based faked one.
153 ent->server_info = copy_serverinfo(
154 conn, conn->force_user ? conn->server_info : server_info);
156 if (ent->server_info == NULL) {
157 ent->vuid = UID_FIELD_INVALID;
158 return false;
161 ent->vuid = vuid;
162 ent->read_only = readonly_share;
163 ent->admin_user = admin_user;
164 free_conn_server_info_if_unused(conn);
165 conn->server_info = ent->server_info;
168 conn->read_only = readonly_share;
169 conn->admin_user = admin_user;
171 return(True);
174 /****************************************************************************
175 Clear a vuid out of the connection's vuid cache
176 This is only called on SMBulogoff.
177 ****************************************************************************/
179 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
181 int i;
183 for (i=0; i<VUID_CACHE_SIZE; i++) {
184 struct vuid_cache_entry *ent;
186 ent = &conn->vuid_cache.array[i];
188 if (ent->vuid == vuid) {
189 ent->vuid = UID_FIELD_INVALID;
191 * We need to keep conn->server_info around
192 * if it's equal to ent->server_info as a SMBulogoff
193 * is often followed by a SMBtdis (with an invalid
194 * vuid). The debug code (or regular code in
195 * vfs_full_audit) wants to refer to the
196 * conn->server_info pointer to print debug
197 * statements. Theoretically this is a bug,
198 * as once the vuid is gone the server_info
199 * on the conn struct isn't valid any more,
200 * but there's enough code that assumes
201 * conn->server_info is never null that
202 * it's easier to hold onto the old pointer
203 * until we get a new sessionsetupX.
204 * As everything is hung off the
205 * conn pointer as a talloc context we're not
206 * leaking memory here. See bug #6315. JRA.
208 if (conn->server_info == ent->server_info) {
209 ent->server_info = NULL;
210 } else {
211 TALLOC_FREE(ent->server_info);
213 ent->read_only = False;
214 ent->admin_user = False;
219 /****************************************************************************
220 Become the user of a connection number without changing the security context
221 stack, but modify the current_user entries.
222 ****************************************************************************/
224 bool change_to_user(connection_struct *conn, uint16 vuid)
226 const struct auth_serversupplied_info *server_info = NULL;
227 struct smbd_server_connection *sconn = smbd_server_conn;
228 user_struct *vuser = get_valid_user_struct(sconn, vuid);
229 int snum;
230 gid_t gid;
231 uid_t uid;
232 char group_c;
233 int num_groups = 0;
234 gid_t *group_list = NULL;
236 if (!conn) {
237 DEBUG(2,("change_to_user: Connection not open\n"));
238 return(False);
242 * We need a separate check in security=share mode due to vuid
243 * always being UID_FIELD_INVALID. If we don't do this then
244 * in share mode security we are *always* changing uid's between
245 * SMB's - this hurts performance - Badly.
248 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
249 (current_user.ut.uid == conn->server_info->utok.uid)) {
250 DEBUG(4,("change_to_user: Skipping user change - already "
251 "user\n"));
252 return(True);
253 } else if ((current_user.conn == conn) &&
254 (vuser != NULL) && (current_user.vuid == vuid) &&
255 (current_user.ut.uid == vuser->server_info->utok.uid)) {
256 DEBUG(4,("change_to_user: Skipping user change - already "
257 "user\n"));
258 return(True);
261 snum = SNUM(conn);
263 server_info = vuser ? vuser->server_info : conn->server_info;
265 if (!server_info) {
266 /* Invalid vuid sent - even with security = share. */
267 DEBUG(2,("change_to_user: Invalid vuid %d used on "
268 "share %s.\n",vuid, lp_servicename(snum) ));
269 return false;
272 if (!check_user_ok(conn, vuid, server_info, snum)) {
273 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
274 "not permitted access to share %s.\n",
275 server_info->sanitized_username,
276 server_info->unix_name, vuid,
277 lp_servicename(snum)));
278 return false;
282 * conn->server_info is now correctly set up with a copy we can mess
283 * with for force_group etc.
286 if (conn->force_user) /* security = share sets this too */ {
287 uid = conn->server_info->utok.uid;
288 gid = conn->server_info->utok.gid;
289 group_list = conn->server_info->utok.groups;
290 num_groups = conn->server_info->utok.ngroups;
291 } else if (vuser) {
292 uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
293 gid = conn->server_info->utok.gid;
294 num_groups = conn->server_info->utok.ngroups;
295 group_list = conn->server_info->utok.groups;
296 } else {
297 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
298 "share %s.\n",vuid, lp_servicename(snum) ));
299 return False;
303 * See if we should force group for this service.
304 * If so this overrides any group set in the force
305 * user code.
308 if((group_c = *lp_force_group(snum))) {
310 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
312 if(group_c == '+') {
315 * Only force group if the user is a member of
316 * the service group. Check the group memberships for
317 * this user (we already have this) to
318 * see if we should force the group.
321 int i;
322 for (i = 0; i < num_groups; i++) {
323 if (group_list[i]
324 == conn->force_group_gid) {
325 conn->server_info->utok.gid =
326 conn->force_group_gid;
327 gid = conn->force_group_gid;
328 gid_to_sid(&conn->server_info->ptok
329 ->user_sids[1], gid);
330 break;
333 } else {
334 conn->server_info->utok.gid = conn->force_group_gid;
335 gid = conn->force_group_gid;
336 gid_to_sid(&conn->server_info->ptok->user_sids[1],
337 gid);
341 /* Now set current_user since we will immediately also call
342 set_sec_ctx() */
344 current_user.ut.ngroups = num_groups;
345 current_user.ut.groups = group_list;
347 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
348 conn->server_info->ptok);
350 current_user.conn = conn;
351 current_user.vuid = vuid;
353 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
354 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
356 return(True);
359 /****************************************************************************
360 Go back to being root without changing the security context stack,
361 but modify the current_user entries.
362 ****************************************************************************/
364 bool change_to_root_user(void)
366 set_root_sec_ctx();
368 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
369 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
371 current_user.conn = NULL;
372 current_user.vuid = UID_FIELD_INVALID;
374 return(True);
377 /****************************************************************************
378 Become the user of an authenticated connected named pipe.
379 When this is called we are currently running as the connection
380 user. Doesn't modify current_user.
381 ****************************************************************************/
383 bool become_authenticated_pipe_user(pipes_struct *p)
385 if (!push_sec_ctx())
386 return False;
388 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
389 p->server_info->utok.ngroups, p->server_info->utok.groups,
390 p->server_info->ptok);
392 return True;
395 /****************************************************************************
396 Unbecome the user of an authenticated connected named pipe.
397 When this is called we are running as the authenticated pipe
398 user and need to go back to being the connection user. Doesn't modify
399 current_user.
400 ****************************************************************************/
402 bool unbecome_authenticated_pipe_user(void)
404 return pop_sec_ctx();
407 /****************************************************************************
408 Utility functions used by become_xxx/unbecome_xxx.
409 ****************************************************************************/
411 static void push_conn_ctx(void)
413 struct conn_ctx *ctx_p;
415 /* Check we don't overflow our stack */
417 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
418 DEBUG(0, ("Connection context stack overflow!\n"));
419 smb_panic("Connection context stack overflow!\n");
422 /* Store previous user context */
423 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
425 ctx_p->conn = current_user.conn;
426 ctx_p->vuid = current_user.vuid;
428 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
429 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
431 conn_ctx_stack_ndx++;
434 static void pop_conn_ctx(void)
436 struct conn_ctx *ctx_p;
438 /* Check for stack underflow. */
440 if (conn_ctx_stack_ndx == 0) {
441 DEBUG(0, ("Connection context stack underflow!\n"));
442 smb_panic("Connection context stack underflow!\n");
445 conn_ctx_stack_ndx--;
446 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
448 current_user.conn = ctx_p->conn;
449 current_user.vuid = ctx_p->vuid;
451 ctx_p->conn = NULL;
452 ctx_p->vuid = UID_FIELD_INVALID;
455 /****************************************************************************
456 Temporarily become a root user. Must match with unbecome_root(). Saves and
457 restores the connection context.
458 ****************************************************************************/
460 void become_root(void)
463 * no good way to handle push_sec_ctx() failing without changing
464 * the prototype of become_root()
466 if (!push_sec_ctx()) {
467 smb_panic("become_root: push_sec_ctx failed");
469 push_conn_ctx();
470 set_root_sec_ctx();
473 /* Unbecome the root user */
475 void unbecome_root(void)
477 pop_sec_ctx();
478 pop_conn_ctx();
481 /****************************************************************************
482 Push the current security context then force a change via change_to_user().
483 Saves and restores the connection context.
484 ****************************************************************************/
486 bool become_user(connection_struct *conn, uint16 vuid)
488 if (!push_sec_ctx())
489 return False;
491 push_conn_ctx();
493 if (!change_to_user(conn, vuid)) {
494 pop_sec_ctx();
495 pop_conn_ctx();
496 return False;
499 return True;
502 bool unbecome_user(void)
504 pop_sec_ctx();
505 pop_conn_ctx();
506 return True;