search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move connection-specific vuid cache clear to uid.c
[Samba/gbeck.git] / source / smbd / uid.c
blob2bc5595661ca0c5c0e4499e396d3de135ff2e741
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 /* what user is current? */
23 extern struct current_user current_user;
24
25 /****************************************************************************
26 Become the guest user without changing the security context stack.
27 ****************************************************************************/
28
29 bool change_to_guest(void)
30 {
31 static struct passwd *pass=NULL;
32
33 if (!pass) {
34 /* Don't need to free() this as its stored in a static */
35 pass = getpwnam_alloc(NULL, lp_guestaccount());
36 if (!pass)
37 return(False);
38 }
39
40 #ifdef AIX
41 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42 setting IDs */
43 initgroups(pass->pw_name, pass->pw_gid);
44 #endif
45
46 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
47
48 current_user.conn = NULL;
49 current_user.vuid = UID_FIELD_INVALID;
50
51 TALLOC_FREE(pass);
52 pass = NULL;
53
54 return True;
55 }
56
57 /*******************************************************************
58 Check if a username is OK.
59
60 This sets up conn->server_info with a copy related to this vuser that
61 later code can then mess with.
62 ********************************************************************/
63
64 static bool check_user_ok(connection_struct *conn, uint16_t vuid,
65 struct auth_serversupplied_info *server_info,
66 int snum)
67 {
68 unsigned int i;
69 struct vuid_cache_entry *ent = NULL;
70 bool readonly_share;
71 bool admin_user;
72
73 for (i=0; i<VUID_CACHE_SIZE; i++) {
74 ent = &conn->vuid_cache.array[i];
75 if (ent->vuid == vuid) {
76 conn->server_info = ent->server_info;
77 conn->read_only = ent->read_only;
78 conn->admin_user = ent->admin_user;
79 return(True);
80 }
81 }
82
83 if (!user_ok_token(server_info->unix_name,
84 pdb_get_domain(server_info->sam_account),
85 server_info->ptok, snum))
86 return(False);
87
88 readonly_share = is_share_read_only_for_token(
89 server_info->unix_name,
90 pdb_get_domain(server_info->sam_account),
91 server_info->ptok, snum);
92
93 if (!readonly_share &&
94 !share_access_check(server_info->ptok, lp_servicename(snum),
95 FILE_WRITE_DATA)) {
96 /* smb.conf allows r/w, but the security descriptor denies
97 * write. Fall back to looking at readonly. */
98 readonly_share = True;
99 DEBUG(5,("falling back to read-only access-evaluation due to "
100 "security descriptor\n"));
101 }
102
103 if (!share_access_check(server_info->ptok, lp_servicename(snum),
104 readonly_share ?
105 FILE_READ_DATA : FILE_WRITE_DATA)) {
106 return False;
107 }
108
109 admin_user = token_contains_name_in_list(
110 server_info->unix_name,
111 pdb_get_domain(server_info->sam_account),
112 NULL, server_info->ptok, lp_admin_users(snum));
113
114 ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry];
115
116 conn->vuid_cache.next_entry =
117 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
118
119 TALLOC_FREE(ent->server_info);
120
121 /*
122 * If force_user was set, all server_info's are based on the same
123 * username-based faked one.
124 */
125
126 ent->server_info = copy_serverinfo(
127 conn, conn->force_user ? conn->server_info : server_info);
128
129 if (ent->server_info == NULL) {
130 ent->vuid = UID_FIELD_INVALID;
131 return false;
132 }
133
134 ent->vuid = vuid;
135 ent->read_only = readonly_share;
136 ent->admin_user = admin_user;
137
138 conn->read_only = ent->read_only;
139 conn->admin_user = ent->admin_user;
140 conn->server_info = ent->server_info;
141
142 return(True);
143 }
144
145 /****************************************************************************
146 Clear a vuid out of the connection's vuid cache
147 ****************************************************************************/
148
149 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
150 {
151 int i;
152
153 for (i=0; i<VUID_CACHE_SIZE; i++) {
154 struct vuid_cache_entry *ent;
155
156 ent = &conn->vuid_cache.array[i];
157
158 if (ent->vuid == vuid) {
159 ent->vuid = UID_FIELD_INVALID;
160 TALLOC_FREE(ent->server_info);
161 ent->read_only = False;
162 ent->admin_user = False;
163 }
164 }
165 }
166
167 /****************************************************************************
168 Become the user of a connection number without changing the security context
169 stack, but modify the current_user entries.
170 ****************************************************************************/
171
172 bool change_to_user(connection_struct *conn, uint16 vuid)
173 {
174 user_struct *vuser = get_valid_user_struct(vuid);
175 int snum;
176 gid_t gid;
177 uid_t uid;
178 char group_c;
179 int num_groups = 0;
180 gid_t *group_list = NULL;
181
182 if (!conn) {
183 DEBUG(2,("change_to_user: Connection not open\n"));
184 return(False);
185 }
186
187 /*
188 * We need a separate check in security=share mode due to vuid
189 * always being UID_FIELD_INVALID. If we don't do this then
190 * in share mode security we are *always* changing uid's between
191 * SMB's - this hurts performance - Badly.
192 */
193
194 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
195 (current_user.ut.uid == conn->server_info->uid)) {
196 DEBUG(4,("change_to_user: Skipping user change - already "
197 "user\n"));
198 return(True);
199 } else if ((current_user.conn == conn) &&
200 (vuser != NULL) && (current_user.vuid == vuid) &&
201 (current_user.ut.uid == vuser->server_info->uid)) {
202 DEBUG(4,("change_to_user: Skipping user change - already "
203 "user\n"));
204 return(True);
205 }
206
207 snum = SNUM(conn);
208
209 if ((vuser) && !check_user_ok(conn, vuid, vuser->server_info, snum)) {
210 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
211 "not permitted access to share %s.\n",
212 vuser->server_info->sanitized_username,
213 vuser->server_info->unix_name, vuid,
214 lp_servicename(snum)));
215 return False;
216 }
217
218 /*
219 * conn->server_info is now correctly set up with a copy we can mess
220 * with for force_group etc.
221 */
222
223 if (conn->force_user) /* security = share sets this too */ {
224 uid = conn->server_info->uid;
225 gid = conn->server_info->gid;
226 group_list = conn->server_info->groups;
227 num_groups = conn->server_info->n_groups;
228 } else if (vuser) {
229 uid = conn->admin_user ? 0 : vuser->server_info->uid;
230 gid = conn->server_info->gid;
231 num_groups = conn->server_info->n_groups;
232 group_list = conn->server_info->groups;
233 } else {
234 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
235 "share %s.\n",vuid, lp_servicename(snum) ));
236 return False;
237 }
238
239 /*
240 * See if we should force group for this service.
241 * If so this overrides any group set in the force
242 * user code.
243 */
244
245 if((group_c = *lp_force_group(snum))) {
246
247 if(group_c == '+') {
248
249 /*
250 * Only force group if the user is a member of
251 * the service group. Check the group memberships for
252 * this user (we already have this) to
253 * see if we should force the group.
254 */
255
256 int i;
257 for (i = 0; i < num_groups; i++) {
258 if (group_list[i] == conn->server_info->gid) {
259 gid = conn->server_info->gid;
260 gid_to_sid(&conn->server_info->ptok
261 ->user_sids[1], gid);
262 break;
263 }
264 }
265 } else {
266 gid = conn->server_info->gid;
267 gid_to_sid(&conn->server_info->ptok->user_sids[1],
268 gid);
269 }
270 }
271
272 /* Now set current_user since we will immediately also call
273 set_sec_ctx() */
274
275 current_user.ut.ngroups = num_groups;
276 current_user.ut.groups = group_list;
277
278 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
279 conn->server_info->ptok);
280
281 current_user.conn = conn;
282 current_user.vuid = vuid;
283
284 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
285 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
286
287 return(True);
288 }
289
290 /****************************************************************************
291 Go back to being root without changing the security context stack,
292 but modify the current_user entries.
293 ****************************************************************************/
294
295 bool change_to_root_user(void)
296 {
297 set_root_sec_ctx();
298
299 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
300 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
301
302 current_user.conn = NULL;
303 current_user.vuid = UID_FIELD_INVALID;
304
305 return(True);
306 }
307
308 /****************************************************************************
309 Become the user of an authenticated connected named pipe.
310 When this is called we are currently running as the connection
311 user. Doesn't modify current_user.
312 ****************************************************************************/
313
314 bool become_authenticated_pipe_user(pipes_struct *p)
315 {
316 if (!push_sec_ctx())
317 return False;
318
319 set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
320 p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
321 p->pipe_user.nt_user_token);
322
323 return True;
324 }
325
326 /****************************************************************************
327 Unbecome the user of an authenticated connected named pipe.
328 When this is called we are running as the authenticated pipe
329 user and need to go back to being the connection user. Doesn't modify
330 current_user.
331 ****************************************************************************/
332
333 bool unbecome_authenticated_pipe_user(void)
334 {
335 return pop_sec_ctx();
336 }
337
338 /****************************************************************************
339 Utility functions used by become_xxx/unbecome_xxx.
340 ****************************************************************************/
341
342 struct conn_ctx {
343 connection_struct *conn;
344 uint16 vuid;
345 };
346
347 /* A stack of current_user connection contexts. */
348
349 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
350 static int conn_ctx_stack_ndx;
351
352 static void push_conn_ctx(void)
353 {
354 struct conn_ctx *ctx_p;
355
356 /* Check we don't overflow our stack */
357
358 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
359 DEBUG(0, ("Connection context stack overflow!\n"));
360 smb_panic("Connection context stack overflow!\n");
361 }
362
363 /* Store previous user context */
364 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
365
366 ctx_p->conn = current_user.conn;
367 ctx_p->vuid = current_user.vuid;
368
369 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
370 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
371
372 conn_ctx_stack_ndx++;
373 }
374
375 static void pop_conn_ctx(void)
376 {
377 struct conn_ctx *ctx_p;
378
379 /* Check for stack underflow. */
380
381 if (conn_ctx_stack_ndx == 0) {
382 DEBUG(0, ("Connection context stack underflow!\n"));
383 smb_panic("Connection context stack underflow!\n");
384 }
385
386 conn_ctx_stack_ndx--;
387 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
388
389 current_user.conn = ctx_p->conn;
390 current_user.vuid = ctx_p->vuid;
391
392 ctx_p->conn = NULL;
393 ctx_p->vuid = UID_FIELD_INVALID;
394 }
395
396 /****************************************************************************
397 Temporarily become a root user. Must match with unbecome_root(). Saves and
398 restores the connection context.
399 ****************************************************************************/
400
401 void become_root(void)
402 {
403 /*
404 * no good way to handle push_sec_ctx() failing without changing
405 * the prototype of become_root()
406 */
407 if (!push_sec_ctx()) {
408 smb_panic("become_root: push_sec_ctx failed");
409 }
410 push_conn_ctx();
411 set_root_sec_ctx();
412 }
413
414 /* Unbecome the root user */
415
416 void unbecome_root(void)
417 {
418 pop_sec_ctx();
419 pop_conn_ctx();
420 }
421
422 /****************************************************************************
423 Push the current security context then force a change via change_to_user().
424 Saves and restores the connection context.
425 ****************************************************************************/
426
427 bool become_user(connection_struct *conn, uint16 vuid)
428 {
429 if (!push_sec_ctx())
430 return False;
431
432 push_conn_ctx();
433
434 if (!change_to_user(conn, vuid)) {
435 pop_sec_ctx();
436 pop_conn_ctx();
437 return False;
438 }
439
440 return True;
441 }
442
443 bool unbecome_user(void)
444 {
445 pop_sec_ctx();
446 pop_conn_ctx();
447 return True;
448 }
WIP