search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
socket_wrapper: fix compiler warnings
[Samba/gbeck.git] / source3 / smbd / uid.c
blob9a6b06dd0fb3841e8143932c3329aa986b446666
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22 #include "../librpc/gen_ndr/netlogon.h"
23 #include "libcli/security/security.h"
24
25 /* what user is current? */
26 extern struct current_user current_user;
27
28 /****************************************************************************
29 Become the guest user without changing the security context stack.
30 ****************************************************************************/
31
32 bool change_to_guest(void)
33 {
34 struct passwd *pass;
35
36 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
37 if (!pass) {
38 return false;
39 }
40
41 #ifdef AIX
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
43 setting IDs */
44 initgroups(pass->pw_name, pass->pw_gid);
45 #endif
46
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
48
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
51
52 TALLOC_FREE(pass);
53
54 return true;
55 }
56
57 /****************************************************************************
58 talloc free the conn->session_info if not used in the vuid cache.
59 ****************************************************************************/
60
61 static void free_conn_session_info_if_unused(connection_struct *conn)
62 {
63 unsigned int i;
64
65 for (i = 0; i < VUID_CACHE_SIZE; i++) {
66 struct vuid_cache_entry *ent;
67 ent = &conn->vuid_cache.array[i];
68 if (ent->vuid != UID_FIELD_INVALID &&
69 conn->session_info == ent->session_info) {
70 return;
71 }
72 }
73 /* Not used, safe to free. */
74 TALLOC_FREE(conn->session_info);
75 }
76
77 /*******************************************************************
78 Check if a username is OK.
79
80 This sets up conn->session_info with a copy related to this vuser that
81 later code can then mess with.
82 ********************************************************************/
83
84 static bool check_user_ok(connection_struct *conn,
85 uint16_t vuid,
86 const struct auth_serversupplied_info *session_info,
87 int snum)
88 {
89 bool valid_vuid = (vuid != UID_FIELD_INVALID);
90 unsigned int i;
91 bool readonly_share;
92 bool admin_user;
93
94 if (valid_vuid) {
95 struct vuid_cache_entry *ent;
96
97 for (i=0; i<VUID_CACHE_SIZE; i++) {
98 ent = &conn->vuid_cache.array[i];
99 if (ent->vuid == vuid) {
100 free_conn_session_info_if_unused(conn);
101 conn->session_info = ent->session_info;
102 conn->read_only = ent->read_only;
103 return(True);
104 }
105 }
106 }
107
108 if (!user_ok_token(session_info->unix_name,
109 session_info->info3->base.domain.string,
110 session_info->security_token, snum))
111 return(False);
112
113 readonly_share = is_share_read_only_for_token(
114 session_info->unix_name,
115 session_info->info3->base.domain.string,
116 session_info->security_token,
117 conn);
118
119 if (!readonly_share &&
120 !share_access_check(session_info->security_token, lp_servicename(snum),
121 FILE_WRITE_DATA)) {
122 /* smb.conf allows r/w, but the security descriptor denies
123 * write. Fall back to looking at readonly. */
124 readonly_share = True;
125 DEBUG(5,("falling back to read-only access-evaluation due to "
126 "security descriptor\n"));
127 }
128
129 if (!share_access_check(session_info->security_token, lp_servicename(snum),
130 readonly_share ?
131 FILE_READ_DATA : FILE_WRITE_DATA)) {
132 return False;
133 }
134
135 admin_user = token_contains_name_in_list(
136 session_info->unix_name,
137 session_info->info3->base.domain.string,
138 NULL, session_info->security_token, lp_admin_users(snum));
139
140 if (valid_vuid) {
141 struct vuid_cache_entry *ent =
142 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
143
144 conn->vuid_cache.next_entry =
145 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
146
147 TALLOC_FREE(ent->session_info);
148
149 /*
150 * If force_user was set, all session_info's are based on the same
151 * username-based faked one.
152 */
153
154 ent->session_info = copy_serverinfo(
155 conn, conn->force_user ? conn->session_info : session_info);
156
157 if (ent->session_info == NULL) {
158 ent->vuid = UID_FIELD_INVALID;
159 return false;
160 }
161
162 ent->vuid = vuid;
163 ent->read_only = readonly_share;
164 free_conn_session_info_if_unused(conn);
165 conn->session_info = ent->session_info;
166 }
167
168 conn->read_only = readonly_share;
169 if (admin_user) {
170 DEBUG(2,("check_user_ok: user %s is an admin user. "
171 "Setting uid as %d\n",
172 conn->session_info->unix_name,
173 sec_initial_uid() ));
174 conn->session_info->utok.uid = sec_initial_uid();
175 }
176
177 return(True);
178 }
179
180 /****************************************************************************
181 Clear a vuid out of the connection's vuid cache
182 This is only called on SMBulogoff.
183 ****************************************************************************/
184
185 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
186 {
187 int i;
188
189 for (i=0; i<VUID_CACHE_SIZE; i++) {
190 struct vuid_cache_entry *ent;
191
192 ent = &conn->vuid_cache.array[i];
193
194 if (ent->vuid == vuid) {
195 ent->vuid = UID_FIELD_INVALID;
196 /*
197 * We need to keep conn->session_info around
198 * if it's equal to ent->session_info as a SMBulogoff
199 * is often followed by a SMBtdis (with an invalid
200 * vuid). The debug code (or regular code in
201 * vfs_full_audit) wants to refer to the
202 * conn->session_info pointer to print debug
203 * statements. Theoretically this is a bug,
204 * as once the vuid is gone the session_info
205 * on the conn struct isn't valid any more,
206 * but there's enough code that assumes
207 * conn->session_info is never null that
208 * it's easier to hold onto the old pointer
209 * until we get a new sessionsetupX.
210 * As everything is hung off the
211 * conn pointer as a talloc context we're not
212 * leaking memory here. See bug #6315. JRA.
213 */
214 if (conn->session_info == ent->session_info) {
215 ent->session_info = NULL;
216 } else {
217 TALLOC_FREE(ent->session_info);
218 }
219 ent->read_only = False;
220 }
221 }
222 }
223
224 /****************************************************************************
225 Become the user of a connection number without changing the security context
226 stack, but modify the current_user entries.
227 ****************************************************************************/
228
229 bool change_to_user(connection_struct *conn, uint16 vuid)
230 {
231 const struct auth_serversupplied_info *session_info = NULL;
232 user_struct *vuser;
233 int snum;
234 gid_t gid;
235 uid_t uid;
236 char group_c;
237 int num_groups = 0;
238 gid_t *group_list = NULL;
239
240 if (!conn) {
241 DEBUG(2,("change_to_user: Connection not open\n"));
242 return(False);
243 }
244
245 vuser = get_valid_user_struct(conn->sconn, vuid);
246
247 /*
248 * We need a separate check in security=share mode due to vuid
249 * always being UID_FIELD_INVALID. If we don't do this then
250 * in share mode security we are *always* changing uid's between
251 * SMB's - this hurts performance - Badly.
252 */
253
254 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
255 (current_user.ut.uid == conn->session_info->utok.uid)) {
256 DEBUG(4,("change_to_user: Skipping user change - already "
257 "user\n"));
258 return(True);
259 } else if ((current_user.conn == conn) &&
260 (vuser != NULL) && (current_user.vuid == vuid) &&
261 (current_user.ut.uid == vuser->session_info->utok.uid)) {
262 DEBUG(4,("change_to_user: Skipping user change - already "
263 "user\n"));
264 return(True);
265 }
266
267 snum = SNUM(conn);
268
269 session_info = vuser ? vuser->session_info : conn->session_info;
270
271 if (!session_info) {
272 /* Invalid vuid sent - even with security = share. */
273 DEBUG(2,("change_to_user: Invalid vuid %d used on "
274 "share %s.\n",vuid, lp_servicename(snum) ));
275 return false;
276 }
277
278 if (!check_user_ok(conn, vuid, session_info, snum)) {
279 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
280 "not permitted access to share %s.\n",
281 session_info->sanitized_username,
282 session_info->unix_name, vuid,
283 lp_servicename(snum)));
284 return false;
285 }
286
287 /* security = share sets force_user. */
288 if (!conn->force_user && !vuser) {
289 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
290 "share %s.\n",vuid, lp_servicename(snum) ));
291 return False;
292 }
293
294 /*
295 * conn->session_info is now correctly set up with a copy we can mess
296 * with for force_group etc.
297 */
298
299 uid = conn->session_info->utok.uid;
300 gid = conn->session_info->utok.gid;
301 num_groups = conn->session_info->utok.ngroups;
302 group_list = conn->session_info->utok.groups;
303
304 /*
305 * See if we should force group for this service.
306 * If so this overrides any group set in the force
307 * user code.
308 */
309
310 if((group_c = *lp_force_group(snum))) {
311
312 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
313
314 if(group_c == '+') {
315
316 /*
317 * Only force group if the user is a member of
318 * the service group. Check the group memberships for
319 * this user (we already have this) to
320 * see if we should force the group.
321 */
322
323 int i;
324 for (i = 0; i < num_groups; i++) {
325 if (group_list[i]
326 == conn->force_group_gid) {
327 conn->session_info->utok.gid =
328 conn->force_group_gid;
329 gid = conn->force_group_gid;
330 gid_to_sid(&conn->session_info->security_token
331 ->sids[1], gid);
332 break;
333 }
334 }
335 } else {
336 conn->session_info->utok.gid = conn->force_group_gid;
337 gid = conn->force_group_gid;
338 gid_to_sid(&conn->session_info->security_token->sids[1],
339 gid);
340 }
341 }
342
343 /* Now set current_user since we will immediately also call
344 set_sec_ctx() */
345
346 current_user.ut.ngroups = num_groups;
347 current_user.ut.groups = group_list;
348
349 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
350 conn->session_info->security_token);
351
352 current_user.conn = conn;
353 current_user.vuid = vuid;
354
355 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
356 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
357
358 return(True);
359 }
360
361 /****************************************************************************
362 Go back to being root without changing the security context stack,
363 but modify the current_user entries.
364 ****************************************************************************/
365
366 bool change_to_root_user(void)
367 {
368 set_root_sec_ctx();
369
370 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
371 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
372
373 current_user.conn = NULL;
374 current_user.vuid = UID_FIELD_INVALID;
375
376 return(True);
377 }
378
379 /****************************************************************************
380 Become the user of an authenticated connected named pipe.
381 When this is called we are currently running as the connection
382 user. Doesn't modify current_user.
383 ****************************************************************************/
384
385 bool become_authenticated_pipe_user(struct pipes_struct *p)
386 {
387 if (!push_sec_ctx())
388 return False;
389
390 set_sec_ctx(p->session_info->utok.uid, p->session_info->utok.gid,
391 p->session_info->utok.ngroups, p->session_info->utok.groups,
392 p->session_info->security_token);
393
394 return True;
395 }
396
397 /****************************************************************************
398 Unbecome the user of an authenticated connected named pipe.
399 When this is called we are running as the authenticated pipe
400 user and need to go back to being the connection user. Doesn't modify
401 current_user.
402 ****************************************************************************/
403
404 bool unbecome_authenticated_pipe_user(void)
405 {
406 return pop_sec_ctx();
407 }
408
409 /****************************************************************************
410 Utility functions used by become_xxx/unbecome_xxx.
411 ****************************************************************************/
412
413 static void push_conn_ctx(void)
414 {
415 struct conn_ctx *ctx_p;
416
417 /* Check we don't overflow our stack */
418
419 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
420 DEBUG(0, ("Connection context stack overflow!\n"));
421 smb_panic("Connection context stack overflow!\n");
422 }
423
424 /* Store previous user context */
425 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
426
427 ctx_p->conn = current_user.conn;
428 ctx_p->vuid = current_user.vuid;
429
430 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
431 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
432
433 conn_ctx_stack_ndx++;
434 }
435
436 static void pop_conn_ctx(void)
437 {
438 struct conn_ctx *ctx_p;
439
440 /* Check for stack underflow. */
441
442 if (conn_ctx_stack_ndx == 0) {
443 DEBUG(0, ("Connection context stack underflow!\n"));
444 smb_panic("Connection context stack underflow!\n");
445 }
446
447 conn_ctx_stack_ndx--;
448 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
449
450 current_user.conn = ctx_p->conn;
451 current_user.vuid = ctx_p->vuid;
452
453 ctx_p->conn = NULL;
454 ctx_p->vuid = UID_FIELD_INVALID;
455 }
456
457 /****************************************************************************
458 Temporarily become a root user. Must match with unbecome_root(). Saves and
459 restores the connection context.
460 ****************************************************************************/
461
462 void become_root(void)
463 {
464 /*
465 * no good way to handle push_sec_ctx() failing without changing
466 * the prototype of become_root()
467 */
468 if (!push_sec_ctx()) {
469 smb_panic("become_root: push_sec_ctx failed");
470 }
471 push_conn_ctx();
472 set_root_sec_ctx();
473 }
474
475 /* Unbecome the root user */
476
477 void unbecome_root(void)
478 {
479 pop_sec_ctx();
480 pop_conn_ctx();
481 }
482
483 /****************************************************************************
484 Push the current security context then force a change via change_to_user().
485 Saves and restores the connection context.
486 ****************************************************************************/
487
488 bool become_user(connection_struct *conn, uint16 vuid)
489 {
490 if (!push_sec_ctx())
491 return False;
492
493 push_conn_ctx();
494
495 if (!change_to_user(conn, vuid)) {
496 pop_sec_ctx();
497 pop_conn_ctx();
498 return False;
499 }
500
501 return True;
502 }
503
504 bool unbecome_user(void)
505 {
506 pop_sec_ctx();
507 pop_conn_ctx();
508 return True;
509 }
510
511 /****************************************************************************
512 Return the current user we are running effectively as on this connection.
513 I'd like to make this return conn->session_info->utok.uid, but become_root()
514 doesn't alter this value.
515 ****************************************************************************/
516
517 uid_t get_current_uid(connection_struct *conn)
518 {
519 return current_user.ut.uid;
520 }
521
522 /****************************************************************************
523 Return the current group we are running effectively as on this connection.
524 I'd like to make this return conn->session_info->utok.gid, but become_root()
525 doesn't alter this value.
526 ****************************************************************************/
527
528 gid_t get_current_gid(connection_struct *conn)
529 {
530 return current_user.ut.gid;
531 }
532
533 /****************************************************************************
534 Return the UNIX token we are running effectively as on this connection.
535 I'd like to make this return &conn->session_info->utok, but become_root()
536 doesn't alter this value.
537 ****************************************************************************/
538
539 const struct security_unix_token *get_current_utok(connection_struct *conn)
540 {
541 return &current_user.ut;
542 }
543
544 const struct security_token *get_current_nttok(connection_struct *conn)
545 {
546 return current_user.nt_user_token;
547 }
548
549 uint16_t get_current_vuid(connection_struct *conn)
550 {
551 return current_user.vuid;
552 }
WIP