search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Remove some ()
[Samba/gbeck.git] / source3 / smbd / uid.c
blobb2fe39cb9c1da85e0f4d3aab50f6b6b9716187eb
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28
29 /* what user is current? */
30 extern struct current_user current_user;
31
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
35
36 bool change_to_guest(void)
37 {
38 struct passwd *pass;
39
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
41 if (!pass) {
42 return false;
43 }
44
45 #ifdef AIX
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
47 setting IDs */
48 initgroups(pass->pw_name, pass->pw_gid);
49 #endif
50
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
52
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
55
56 TALLOC_FREE(pass);
57
58 return true;
59 }
60
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
64
65 static void free_conn_session_info_if_unused(connection_struct *conn)
66 {
67 unsigned int i;
68
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache->array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
74 return;
75 }
76 }
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
79 }
80
81 /****************************************************************************
82 Setup the share access mask for a connection.
83 ****************************************************************************/
84
85 static uint32_t create_share_access_mask(int snum,
86 bool readonly_share,
87 const struct security_token *token)
88 {
89 uint32_t share_access = 0;
90
91 share_access_check(token,
92 lp_servicename(talloc_tos(), snum),
93 MAXIMUM_ALLOWED_ACCESS,
94 &share_access);
95
96 if (readonly_share) {
97 share_access &=
98 ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
99 SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
100 SEC_DIR_DELETE_CHILD );
101 }
102
103 if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
104 share_access |= SEC_FLAG_SYSTEM_SECURITY;
105 }
106 if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
107 share_access |= SEC_RIGHTS_PRIV_RESTORE;
108 }
109 if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
110 share_access |= SEC_RIGHTS_PRIV_BACKUP;
111 }
112 if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
113 share_access |= SEC_STD_WRITE_OWNER;
114 }
115
116 return share_access;
117 }
118
119 /*******************************************************************
120 Calculate access mask and if this user can access this share.
121 ********************************************************************/
122
123 NTSTATUS check_user_share_access(connection_struct *conn,
124 const struct auth_session_info *session_info,
125 uint32_t *p_share_access,
126 bool *p_readonly_share)
127 {
128 int snum = SNUM(conn);
129 uint32_t share_access = 0;
130 bool readonly_share = false;
131
132 if (!user_ok_token(session_info->unix_info->unix_name,
133 session_info->info->domain_name,
134 session_info->security_token, snum)) {
135 return NT_STATUS_ACCESS_DENIED;
136 }
137
138 readonly_share = is_share_read_only_for_token(
139 session_info->unix_info->unix_name,
140 session_info->info->domain_name,
141 session_info->security_token,
142 conn);
143
144 share_access = create_share_access_mask(snum,
145 readonly_share,
146 session_info->security_token);
147
148 if ((share_access & (FILE_READ_DATA|FILE_WRITE_DATA)) == 0) {
149 /* No access, read or write. */
150 DEBUG(0,("user %s connection to %s denied due to share "
151 "security descriptor.\n",
152 session_info->unix_info->unix_name,
153 lp_servicename(talloc_tos(), snum)));
154 return NT_STATUS_ACCESS_DENIED;
155 }
156
157 if (!readonly_share &&
158 !(share_access & FILE_WRITE_DATA)) {
159 /* smb.conf allows r/w, but the security descriptor denies
160 * write. Fall back to looking at readonly. */
161 readonly_share = True;
162 DEBUG(5,("falling back to read-only access-evaluation due to "
163 "security descriptor\n"));
164 }
165
166 *p_share_access = share_access;
167 *p_readonly_share = readonly_share;
168
169 return NT_STATUS_OK;
170 }
171
172 /*******************************************************************
173 Check if a username is OK.
174
175 This sets up conn->session_info with a copy related to this vuser that
176 later code can then mess with.
177 ********************************************************************/
178
179 static bool check_user_ok(connection_struct *conn,
180 uint64_t vuid,
181 const struct auth_session_info *session_info,
182 int snum)
183 {
184 unsigned int i;
185 bool readonly_share = false;
186 bool admin_user = false;
187 struct vuid_cache_entry *ent = NULL;
188 uint32_t share_access = 0;
189 NTSTATUS status;
190
191 for (i=0; i<VUID_CACHE_SIZE; i++) {
192 ent = &conn->vuid_cache->array[i];
193 if (ent->vuid == vuid) {
194 free_conn_session_info_if_unused(conn);
195 conn->session_info = ent->session_info;
196 conn->read_only = ent->read_only;
197 conn->share_access = ent->share_access;
198 return(True);
199 }
200 }
201
202 status = check_user_share_access(conn,
203 session_info,
204 &share_access,
205 &readonly_share);
206 if (!NT_STATUS_IS_OK(status)) {
207 return false;
208 }
209
210 admin_user = token_contains_name_in_list(
211 session_info->unix_info->unix_name,
212 session_info->info->domain_name,
213 NULL, session_info->security_token, lp_admin_users(snum));
214
215 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
216
217 conn->vuid_cache->next_entry =
218 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
219
220 TALLOC_FREE(ent->session_info);
221
222 /*
223 * If force_user was set, all session_info's are based on the same
224 * username-based faked one.
225 */
226
227 ent->session_info = copy_session_info(
228 conn, conn->force_user ? conn->session_info : session_info);
229
230 if (ent->session_info == NULL) {
231 ent->vuid = UID_FIELD_INVALID;
232 return false;
233 }
234
235 ent->vuid = vuid;
236 ent->read_only = readonly_share;
237 ent->share_access = share_access;
238 free_conn_session_info_if_unused(conn);
239 conn->session_info = ent->session_info;
240
241 conn->read_only = readonly_share;
242 conn->share_access = share_access;
243
244 if (admin_user) {
245 DEBUG(2,("check_user_ok: user %s is an admin user. "
246 "Setting uid as %d\n",
247 conn->session_info->unix_info->unix_name,
248 sec_initial_uid() ));
249 conn->session_info->unix_token->uid = sec_initial_uid();
250 }
251
252 return(True);
253 }
254
255 /****************************************************************************
256 Become the user of a connection number without changing the security context
257 stack, but modify the current_user entries.
258 ****************************************************************************/
259
260 static bool change_to_user_internal(connection_struct *conn,
261 const struct auth_session_info *session_info,
262 uint64_t vuid)
263 {
264 int snum;
265 gid_t gid;
266 uid_t uid;
267 char group_c;
268 int num_groups = 0;
269 gid_t *group_list = NULL;
270 bool ok;
271
272 snum = SNUM(conn);
273
274 ok = check_user_ok(conn, vuid, session_info, snum);
275 if (!ok) {
276 DEBUG(2,("SMB user %s (unix user %s) "
277 "not permitted access to share %s.\n",
278 session_info->unix_info->sanitized_username,
279 session_info->unix_info->unix_name,
280 lp_servicename(talloc_tos(), snum)));
281 return false;
282 }
283
284 uid = conn->session_info->unix_token->uid;
285 gid = conn->session_info->unix_token->gid;
286 num_groups = conn->session_info->unix_token->ngroups;
287 group_list = conn->session_info->unix_token->groups;
288
289 /*
290 * See if we should force group for this service. If so this overrides
291 * any group set in the force user code.
292 */
293 if((group_c = *lp_force_group(talloc_tos(), snum))) {
294
295 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
296
297 if (group_c == '+') {
298 int i;
299
300 /*
301 * Only force group if the user is a member of the
302 * service group. Check the group memberships for this
303 * user (we already have this) to see if we should force
304 * the group.
305 */
306 for (i = 0; i < num_groups; i++) {
307 if (group_list[i] == conn->force_group_gid) {
308 conn->session_info->unix_token->gid =
309 conn->force_group_gid;
310 gid = conn->force_group_gid;
311 gid_to_sid(&conn->session_info->security_token
312 ->sids[1], gid);
313 break;
314 }
315 }
316 } else {
317 conn->session_info->unix_token->gid = conn->force_group_gid;
318 gid = conn->force_group_gid;
319 gid_to_sid(&conn->session_info->security_token->sids[1],
320 gid);
321 }
322 }
323
324 /*Set current_user since we will immediately also call set_sec_ctx() */
325 current_user.ut.ngroups = num_groups;
326 current_user.ut.groups = group_list;
327
328 set_sec_ctx(uid,
329 gid,
330 current_user.ut.ngroups,
331 current_user.ut.groups,
332 conn->session_info->security_token);
333
334 current_user.conn = conn;
335 current_user.vuid = vuid;
336
337 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
338 (int)getuid(),
339 (int)geteuid(),
340 (int)getgid(),
341 (int)getegid()));
342
343 return true;
344 }
345
346 bool change_to_user(connection_struct *conn, uint64_t vuid)
347 {
348 struct user_struct *vuser;
349 int snum = SNUM(conn);
350
351 if (!conn) {
352 DEBUG(2,("Connection not open\n"));
353 return(False);
354 }
355
356 vuser = get_valid_user_struct(conn->sconn, vuid);
357
358 if ((current_user.conn == conn) &&
359 (vuser != NULL) && (current_user.vuid == vuid) &&
360 (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
361 DEBUG(4,("Skipping user change - already "
362 "user\n"));
363 return(True);
364 }
365
366 if (vuser == NULL) {
367 /* Invalid vuid sent */
368 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
369 (unsigned long long)vuid, lp_servicename(talloc_tos(),
370 snum)));
371 return false;
372 }
373
374 return change_to_user_internal(conn, vuser->session_info, vuid);
375 }
376
377 static bool change_to_user_by_session(connection_struct *conn,
378 const struct auth_session_info *session_info)
379 {
380 SMB_ASSERT(conn != NULL);
381 SMB_ASSERT(session_info != NULL);
382
383 if ((current_user.conn == conn) &&
384 (current_user.ut.uid == session_info->unix_token->uid)) {
385 DEBUG(7, ("Skipping user change - already user\n"));
386
387 return true;
388 }
389
390 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
391 }
392
393 /****************************************************************************
394 Go back to being root without changing the security context stack,
395 but modify the current_user entries.
396 ****************************************************************************/
397
398 bool smbd_change_to_root_user(void)
399 {
400 set_root_sec_ctx();
401
402 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
403 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
404
405 current_user.conn = NULL;
406 current_user.vuid = UID_FIELD_INVALID;
407
408 return(True);
409 }
410
411 /****************************************************************************
412 Become the user of an authenticated connected named pipe.
413 When this is called we are currently running as the connection
414 user. Doesn't modify current_user.
415 ****************************************************************************/
416
417 bool become_authenticated_pipe_user(struct auth_session_info *session_info)
418 {
419 if (!push_sec_ctx())
420 return False;
421
422 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
423 session_info->unix_token->ngroups, session_info->unix_token->groups,
424 session_info->security_token);
425
426 return True;
427 }
428
429 /****************************************************************************
430 Unbecome the user of an authenticated connected named pipe.
431 When this is called we are running as the authenticated pipe
432 user and need to go back to being the connection user. Doesn't modify
433 current_user.
434 ****************************************************************************/
435
436 bool unbecome_authenticated_pipe_user(void)
437 {
438 return pop_sec_ctx();
439 }
440
441 /****************************************************************************
442 Utility functions used by become_xxx/unbecome_xxx.
443 ****************************************************************************/
444
445 static void push_conn_ctx(void)
446 {
447 struct conn_ctx *ctx_p;
448
449 /* Check we don't overflow our stack */
450
451 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
452 DEBUG(0, ("Connection context stack overflow!\n"));
453 smb_panic("Connection context stack overflow!\n");
454 }
455
456 /* Store previous user context */
457 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
458
459 ctx_p->conn = current_user.conn;
460 ctx_p->vuid = current_user.vuid;
461
462 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
463 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
464
465 conn_ctx_stack_ndx++;
466 }
467
468 static void pop_conn_ctx(void)
469 {
470 struct conn_ctx *ctx_p;
471
472 /* Check for stack underflow. */
473
474 if (conn_ctx_stack_ndx == 0) {
475 DEBUG(0, ("Connection context stack underflow!\n"));
476 smb_panic("Connection context stack underflow!\n");
477 }
478
479 conn_ctx_stack_ndx--;
480 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
481
482 current_user.conn = ctx_p->conn;
483 current_user.vuid = ctx_p->vuid;
484
485 ctx_p->conn = NULL;
486 ctx_p->vuid = UID_FIELD_INVALID;
487 }
488
489 /****************************************************************************
490 Temporarily become a root user. Must match with unbecome_root(). Saves and
491 restores the connection context.
492 ****************************************************************************/
493
494 void smbd_become_root(void)
495 {
496 /*
497 * no good way to handle push_sec_ctx() failing without changing
498 * the prototype of become_root()
499 */
500 if (!push_sec_ctx()) {
501 smb_panic("become_root: push_sec_ctx failed");
502 }
503 push_conn_ctx();
504 set_root_sec_ctx();
505 }
506
507 /* Unbecome the root user */
508
509 void smbd_unbecome_root(void)
510 {
511 pop_sec_ctx();
512 pop_conn_ctx();
513 }
514
515 /****************************************************************************
516 Push the current security context then force a change via change_to_user().
517 Saves and restores the connection context.
518 ****************************************************************************/
519
520 bool become_user(connection_struct *conn, uint64_t vuid)
521 {
522 if (!push_sec_ctx())
523 return False;
524
525 push_conn_ctx();
526
527 if (!change_to_user(conn, vuid)) {
528 pop_sec_ctx();
529 pop_conn_ctx();
530 return False;
531 }
532
533 return True;
534 }
535
536 bool become_user_by_session(connection_struct *conn,
537 const struct auth_session_info *session_info)
538 {
539 if (!push_sec_ctx())
540 return false;
541
542 push_conn_ctx();
543
544 if (!change_to_user_by_session(conn, session_info)) {
545 pop_sec_ctx();
546 pop_conn_ctx();
547 return false;
548 }
549
550 return true;
551 }
552
553 bool unbecome_user(void)
554 {
555 pop_sec_ctx();
556 pop_conn_ctx();
557 return True;
558 }
559
560 /****************************************************************************
561 Return the current user we are running effectively as on this connection.
562 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
563 doesn't alter this value.
564 ****************************************************************************/
565
566 uid_t get_current_uid(connection_struct *conn)
567 {
568 return current_user.ut.uid;
569 }
570
571 /****************************************************************************
572 Return the current group we are running effectively as on this connection.
573 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
574 doesn't alter this value.
575 ****************************************************************************/
576
577 gid_t get_current_gid(connection_struct *conn)
578 {
579 return current_user.ut.gid;
580 }
581
582 /****************************************************************************
583 Return the UNIX token we are running effectively as on this connection.
584 I'd like to make this return &conn->session_info->unix_token-> but become_root()
585 doesn't alter this value.
586 ****************************************************************************/
587
588 const struct security_unix_token *get_current_utok(connection_struct *conn)
589 {
590 return &current_user.ut;
591 }
592
593 /****************************************************************************
594 Return the Windows token we are running effectively as on this connection.
595 If this is currently a NULL token as we're inside become_root() - a temporary
596 UNIX security override, then we search up the stack for the previous active
597 token.
598 ****************************************************************************/
599
600 const struct security_token *get_current_nttok(connection_struct *conn)
601 {
602 if (current_user.nt_user_token) {
603 return current_user.nt_user_token;
604 }
605 return sec_ctx_active_token();
606 }
607
608 uint64_t get_current_vuid(connection_struct *conn)
609 {
610 return current_user.vuid;
611 }
WIP