search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
clean up lib64 linking paths the same way as lib
[Samba/gebeck_regimport.git] / source3 / smbd / uid.c
blobf8c55b1b8f8fbe4e6b19c2149a1a28ec9f5410ec
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22
23 /* what user is current? */
24 extern struct current_user current_user;
25
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
29
30 bool change_to_guest(void)
31 {
32 struct passwd *pass;
33
34 pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
35 if (!pass) {
36 return false;
37 }
38
39 #ifdef AIX
40 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
41 setting IDs */
42 initgroups(pass->pw_name, pass->pw_gid);
43 #endif
44
45 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
46
47 current_user.conn = NULL;
48 current_user.vuid = UID_FIELD_INVALID;
49
50 TALLOC_FREE(pass);
51
52 return true;
53 }
54
55 /*******************************************************************
56 Check if a username is OK.
57
58 This sets up conn->server_info with a copy related to this vuser that
59 later code can then mess with.
60 ********************************************************************/
61
62 static bool check_user_ok(connection_struct *conn,
63 uint16_t vuid,
64 const struct auth_serversupplied_info *server_info,
65 int snum)
66 {
67 bool valid_vuid = (vuid != UID_FIELD_INVALID);
68 unsigned int i;
69 bool readonly_share;
70 bool admin_user;
71
72 if (valid_vuid) {
73 struct vuid_cache_entry *ent;
74
75 for (i=0; i<VUID_CACHE_SIZE; i++) {
76 ent = &conn->vuid_cache.array[i];
77 if (ent->vuid == vuid) {
78 conn->server_info = ent->server_info;
79 conn->read_only = ent->read_only;
80 conn->admin_user = ent->admin_user;
81 return(True);
82 }
83 }
84 }
85
86 if (!user_ok_token(server_info->unix_name,
87 pdb_get_domain(server_info->sam_account),
88 server_info->ptok, snum))
89 return(False);
90
91 readonly_share = is_share_read_only_for_token(
92 server_info->unix_name,
93 pdb_get_domain(server_info->sam_account),
94 server_info->ptok,
95 conn);
96
97 if (!readonly_share &&
98 !share_access_check(server_info->ptok, lp_servicename(snum),
99 FILE_WRITE_DATA)) {
100 /* smb.conf allows r/w, but the security descriptor denies
101 * write. Fall back to looking at readonly. */
102 readonly_share = True;
103 DEBUG(5,("falling back to read-only access-evaluation due to "
104 "security descriptor\n"));
105 }
106
107 if (!share_access_check(server_info->ptok, lp_servicename(snum),
108 readonly_share ?
109 FILE_READ_DATA : FILE_WRITE_DATA)) {
110 return False;
111 }
112
113 admin_user = token_contains_name_in_list(
114 server_info->unix_name,
115 pdb_get_domain(server_info->sam_account),
116 NULL, server_info->ptok, lp_admin_users(snum));
117
118 if (valid_vuid) {
119 struct vuid_cache_entry *ent =
120 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
121
122 conn->vuid_cache.next_entry =
123 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
124
125 TALLOC_FREE(ent->server_info);
126
127 /*
128 * If force_user was set, all server_info's are based on the same
129 * username-based faked one.
130 */
131
132 ent->server_info = copy_serverinfo(
133 conn, conn->force_user ? conn->server_info : server_info);
134
135 if (ent->server_info == NULL) {
136 ent->vuid = UID_FIELD_INVALID;
137 return false;
138 }
139
140 ent->vuid = vuid;
141 ent->read_only = readonly_share;
142 ent->admin_user = admin_user;
143 conn->server_info = ent->server_info;
144 }
145
146 conn->read_only = readonly_share;
147 conn->admin_user = admin_user;
148
149 return(True);
150 }
151
152 /****************************************************************************
153 Clear a vuid out of the connection's vuid cache
154 ****************************************************************************/
155
156 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
157 {
158 int i;
159
160 for (i=0; i<VUID_CACHE_SIZE; i++) {
161 struct vuid_cache_entry *ent;
162
163 ent = &conn->vuid_cache.array[i];
164
165 if (ent->vuid == vuid) {
166 ent->vuid = UID_FIELD_INVALID;
167 TALLOC_FREE(ent->server_info);
168 ent->read_only = False;
169 ent->admin_user = False;
170 }
171 }
172 }
173
174 /****************************************************************************
175 Become the user of a connection number without changing the security context
176 stack, but modify the current_user entries.
177 ****************************************************************************/
178
179 bool change_to_user(connection_struct *conn, uint16 vuid)
180 {
181 const struct auth_serversupplied_info *server_info = NULL;
182 user_struct *vuser = get_valid_user_struct(vuid);
183 int snum;
184 gid_t gid;
185 uid_t uid;
186 char group_c;
187 int num_groups = 0;
188 gid_t *group_list = NULL;
189
190 if (!conn) {
191 DEBUG(2,("change_to_user: Connection not open\n"));
192 return(False);
193 }
194
195 /*
196 * We need a separate check in security=share mode due to vuid
197 * always being UID_FIELD_INVALID. If we don't do this then
198 * in share mode security we are *always* changing uid's between
199 * SMB's - this hurts performance - Badly.
200 */
201
202 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
203 (current_user.ut.uid == conn->server_info->utok.uid)) {
204 DEBUG(4,("change_to_user: Skipping user change - already "
205 "user\n"));
206 return(True);
207 } else if ((current_user.conn == conn) &&
208 (vuser != NULL) && (current_user.vuid == vuid) &&
209 (current_user.ut.uid == vuser->server_info->utok.uid)) {
210 DEBUG(4,("change_to_user: Skipping user change - already "
211 "user\n"));
212 return(True);
213 }
214
215 snum = SNUM(conn);
216
217 server_info = vuser ? vuser->server_info : conn->server_info;
218
219 if (!check_user_ok(conn, vuid, server_info, snum)) {
220 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
221 "not permitted access to share %s.\n",
222 server_info->sanitized_username,
223 server_info->unix_name, vuid,
224 lp_servicename(snum)));
225 return false;
226 }
227
228 /*
229 * conn->server_info is now correctly set up with a copy we can mess
230 * with for force_group etc.
231 */
232
233 if (conn->force_user) /* security = share sets this too */ {
234 uid = conn->server_info->utok.uid;
235 gid = conn->server_info->utok.gid;
236 group_list = conn->server_info->utok.groups;
237 num_groups = conn->server_info->utok.ngroups;
238 } else if (vuser) {
239 uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
240 gid = conn->server_info->utok.gid;
241 num_groups = conn->server_info->utok.ngroups;
242 group_list = conn->server_info->utok.groups;
243 } else {
244 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
245 "share %s.\n",vuid, lp_servicename(snum) ));
246 return False;
247 }
248
249 /*
250 * See if we should force group for this service.
251 * If so this overrides any group set in the force
252 * user code.
253 */
254
255 if((group_c = *lp_force_group(snum))) {
256
257 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
258
259 if(group_c == '+') {
260
261 /*
262 * Only force group if the user is a member of
263 * the service group. Check the group memberships for
264 * this user (we already have this) to
265 * see if we should force the group.
266 */
267
268 int i;
269 for (i = 0; i < num_groups; i++) {
270 if (group_list[i]
271 == conn->force_group_gid) {
272 conn->server_info->utok.gid =
273 conn->force_group_gid;
274 gid = conn->force_group_gid;
275 gid_to_sid(&conn->server_info->ptok
276 ->user_sids[1], gid);
277 break;
278 }
279 }
280 } else {
281 conn->server_info->utok.gid = conn->force_group_gid;
282 gid = conn->force_group_gid;
283 gid_to_sid(&conn->server_info->ptok->user_sids[1],
284 gid);
285 }
286 }
287
288 /* Now set current_user since we will immediately also call
289 set_sec_ctx() */
290
291 current_user.ut.ngroups = num_groups;
292 current_user.ut.groups = group_list;
293
294 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
295 conn->server_info->ptok);
296
297 current_user.conn = conn;
298 current_user.vuid = vuid;
299
300 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
301 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
302
303 return(True);
304 }
305
306 /****************************************************************************
307 Go back to being root without changing the security context stack,
308 but modify the current_user entries.
309 ****************************************************************************/
310
311 bool change_to_root_user(void)
312 {
313 set_root_sec_ctx();
314
315 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
316 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
317
318 current_user.conn = NULL;
319 current_user.vuid = UID_FIELD_INVALID;
320
321 return(True);
322 }
323
324 /****************************************************************************
325 Become the user of an authenticated connected named pipe.
326 When this is called we are currently running as the connection
327 user. Doesn't modify current_user.
328 ****************************************************************************/
329
330 bool become_authenticated_pipe_user(pipes_struct *p)
331 {
332 if (!push_sec_ctx())
333 return False;
334
335 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
336 p->server_info->utok.ngroups, p->server_info->utok.groups,
337 p->server_info->ptok);
338
339 return True;
340 }
341
342 /****************************************************************************
343 Unbecome the user of an authenticated connected named pipe.
344 When this is called we are running as the authenticated pipe
345 user and need to go back to being the connection user. Doesn't modify
346 current_user.
347 ****************************************************************************/
348
349 bool unbecome_authenticated_pipe_user(void)
350 {
351 return pop_sec_ctx();
352 }
353
354 /****************************************************************************
355 Utility functions used by become_xxx/unbecome_xxx.
356 ****************************************************************************/
357
358 static void push_conn_ctx(void)
359 {
360 struct conn_ctx *ctx_p;
361
362 /* Check we don't overflow our stack */
363
364 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
365 DEBUG(0, ("Connection context stack overflow!\n"));
366 smb_panic("Connection context stack overflow!\n");
367 }
368
369 /* Store previous user context */
370 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
371
372 ctx_p->conn = current_user.conn;
373 ctx_p->vuid = current_user.vuid;
374
375 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
376 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
377
378 conn_ctx_stack_ndx++;
379 }
380
381 static void pop_conn_ctx(void)
382 {
383 struct conn_ctx *ctx_p;
384
385 /* Check for stack underflow. */
386
387 if (conn_ctx_stack_ndx == 0) {
388 DEBUG(0, ("Connection context stack underflow!\n"));
389 smb_panic("Connection context stack underflow!\n");
390 }
391
392 conn_ctx_stack_ndx--;
393 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
394
395 current_user.conn = ctx_p->conn;
396 current_user.vuid = ctx_p->vuid;
397
398 ctx_p->conn = NULL;
399 ctx_p->vuid = UID_FIELD_INVALID;
400 }
401
402 /****************************************************************************
403 Temporarily become a root user. Must match with unbecome_root(). Saves and
404 restores the connection context.
405 ****************************************************************************/
406
407 void become_root(void)
408 {
409 /*
410 * no good way to handle push_sec_ctx() failing without changing
411 * the prototype of become_root()
412 */
413 if (!push_sec_ctx()) {
414 smb_panic("become_root: push_sec_ctx failed");
415 }
416 push_conn_ctx();
417 set_root_sec_ctx();
418 }
419
420 /* Unbecome the root user */
421
422 void unbecome_root(void)
423 {
424 pop_sec_ctx();
425 pop_conn_ctx();
426 }
427
428 /****************************************************************************
429 Push the current security context then force a change via change_to_user().
430 Saves and restores the connection context.
431 ****************************************************************************/
432
433 bool become_user(connection_struct *conn, uint16 vuid)
434 {
435 if (!push_sec_ctx())
436 return False;
437
438 push_conn_ctx();
439
440 if (!change_to_user(conn, vuid)) {
441 pop_sec_ctx();
442 pop_conn_ctx();
443 return False;
444 }
445
446 return True;
447 }
448
449 bool unbecome_user(void)
450 {
451 pop_sec_ctx();
452 pop_conn_ctx();
453 return True;
454 }
reg import