search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Factor code out of check_user_ok() into a call to check_user_share_access().
[Samba/gebeck_regimport.git] / source3 / smbd / uid.c
blobefdd824342072696ae6f1a1d4a8551cf30bfd1d2
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28
29 /* what user is current? */
30 extern struct current_user current_user;
31
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
35
36 bool change_to_guest(void)
37 {
38 struct passwd *pass;
39
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
41 if (!pass) {
42 return false;
43 }
44
45 #ifdef AIX
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
47 setting IDs */
48 initgroups(pass->pw_name, pass->pw_gid);
49 #endif
50
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
52
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
55
56 TALLOC_FREE(pass);
57
58 return true;
59 }
60
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
64
65 static void free_conn_session_info_if_unused(connection_struct *conn)
66 {
67 unsigned int i;
68
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache->array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
74 return;
75 }
76 }
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
79 }
80
81 /*******************************************************************
82 Calculate access mask and if this user can access this share.
83 ********************************************************************/
84
85 NTSTATUS check_user_share_access(connection_struct *conn,
86 const struct auth_session_info *session_info,
87 uint32_t *p_share_access,
88 bool *p_readonly_share)
89 {
90 int snum = SNUM(conn);
91 uint32_t share_access = 0;
92 bool readonly_share = false;
93
94 if (!user_ok_token(session_info->unix_info->unix_name,
95 session_info->info->domain_name,
96 session_info->security_token, snum)) {
97 return NT_STATUS_ACCESS_DENIED;
98 }
99
100 readonly_share = is_share_read_only_for_token(
101 session_info->unix_info->unix_name,
102 session_info->info->domain_name,
103 session_info->security_token,
104 conn);
105
106 share_access = create_share_access_mask(snum,
107 readonly_share,
108 session_info->security_token);
109
110 if ((share_access & FILE_WRITE_DATA) == 0) {
111 if ((share_access & FILE_READ_DATA) == 0) {
112 /* No access, read or write. */
113 DEBUG(0,("user %s connection to %s "
114 "denied due to share security "
115 "descriptor.\n",
116 session_info->unix_info->unix_name,
117 lp_servicename(talloc_tos(), snum)));
118 return NT_STATUS_ACCESS_DENIED;
119 }
120 }
121
122 if (!readonly_share &&
123 !(share_access & FILE_WRITE_DATA)) {
124 /* smb.conf allows r/w, but the security descriptor denies
125 * write. Fall back to looking at readonly. */
126 readonly_share = True;
127 DEBUG(5,("falling back to read-only access-evaluation due to "
128 "security descriptor\n"));
129 }
130
131 *p_share_access = share_access;
132 *p_readonly_share = readonly_share;
133
134 return NT_STATUS_OK;
135 }
136
137 /*******************************************************************
138 Check if a username is OK.
139
140 This sets up conn->session_info with a copy related to this vuser that
141 later code can then mess with.
142 ********************************************************************/
143
144 static bool check_user_ok(connection_struct *conn,
145 uint64_t vuid,
146 const struct auth_session_info *session_info,
147 int snum)
148 {
149 unsigned int i;
150 bool readonly_share = false;
151 bool admin_user = false;
152 struct vuid_cache_entry *ent = NULL;
153 uint32_t share_access = 0;
154 NTSTATUS status;
155
156 for (i=0; i<VUID_CACHE_SIZE; i++) {
157 ent = &conn->vuid_cache->array[i];
158 if (ent->vuid == vuid) {
159 free_conn_session_info_if_unused(conn);
160 conn->session_info = ent->session_info;
161 conn->read_only = ent->read_only;
162 conn->share_access = ent->share_access;
163 return(True);
164 }
165 }
166
167 status = check_user_share_access(conn,
168 session_info,
169 &share_access,
170 &readonly_share);
171 if (!NT_STATUS_IS_OK(status)) {
172 return false;
173 }
174
175 admin_user = token_contains_name_in_list(
176 session_info->unix_info->unix_name,
177 session_info->info->domain_name,
178 NULL, session_info->security_token, lp_admin_users(snum));
179
180 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
181
182 conn->vuid_cache->next_entry =
183 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
184
185 TALLOC_FREE(ent->session_info);
186
187 /*
188 * If force_user was set, all session_info's are based on the same
189 * username-based faked one.
190 */
191
192 ent->session_info = copy_session_info(
193 conn, conn->force_user ? conn->session_info : session_info);
194
195 if (ent->session_info == NULL) {
196 ent->vuid = UID_FIELD_INVALID;
197 return false;
198 }
199
200 ent->vuid = vuid;
201 ent->read_only = readonly_share;
202 ent->share_access = share_access;
203 free_conn_session_info_if_unused(conn);
204 conn->session_info = ent->session_info;
205
206 conn->read_only = readonly_share;
207 conn->share_access = share_access;
208
209 if (admin_user) {
210 DEBUG(2,("check_user_ok: user %s is an admin user. "
211 "Setting uid as %d\n",
212 conn->session_info->unix_info->unix_name,
213 sec_initial_uid() ));
214 conn->session_info->unix_token->uid = sec_initial_uid();
215 }
216
217 return(True);
218 }
219
220 /****************************************************************************
221 Become the user of a connection number without changing the security context
222 stack, but modify the current_user entries.
223 ****************************************************************************/
224
225 static bool change_to_user_internal(connection_struct *conn,
226 const struct auth_session_info *session_info,
227 uint64_t vuid)
228 {
229 int snum;
230 gid_t gid;
231 uid_t uid;
232 char group_c;
233 int num_groups = 0;
234 gid_t *group_list = NULL;
235 bool ok;
236
237 snum = SNUM(conn);
238
239 ok = check_user_ok(conn, vuid, session_info, snum);
240 if (!ok) {
241 DEBUG(2,("SMB user %s (unix user %s) "
242 "not permitted access to share %s.\n",
243 session_info->unix_info->sanitized_username,
244 session_info->unix_info->unix_name,
245 lp_servicename(talloc_tos(), snum)));
246 return false;
247 }
248
249 uid = conn->session_info->unix_token->uid;
250 gid = conn->session_info->unix_token->gid;
251 num_groups = conn->session_info->unix_token->ngroups;
252 group_list = conn->session_info->unix_token->groups;
253
254 /*
255 * See if we should force group for this service. If so this overrides
256 * any group set in the force user code.
257 */
258 if((group_c = *lp_force_group(talloc_tos(), snum))) {
259
260 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
261
262 if (group_c == '+') {
263 int i;
264
265 /*
266 * Only force group if the user is a member of the
267 * service group. Check the group memberships for this
268 * user (we already have this) to see if we should force
269 * the group.
270 */
271 for (i = 0; i < num_groups; i++) {
272 if (group_list[i] == conn->force_group_gid) {
273 conn->session_info->unix_token->gid =
274 conn->force_group_gid;
275 gid = conn->force_group_gid;
276 gid_to_sid(&conn->session_info->security_token
277 ->sids[1], gid);
278 break;
279 }
280 }
281 } else {
282 conn->session_info->unix_token->gid = conn->force_group_gid;
283 gid = conn->force_group_gid;
284 gid_to_sid(&conn->session_info->security_token->sids[1],
285 gid);
286 }
287 }
288
289 /*Set current_user since we will immediately also call set_sec_ctx() */
290 current_user.ut.ngroups = num_groups;
291 current_user.ut.groups = group_list;
292
293 set_sec_ctx(uid,
294 gid,
295 current_user.ut.ngroups,
296 current_user.ut.groups,
297 conn->session_info->security_token);
298
299 current_user.conn = conn;
300 current_user.vuid = vuid;
301
302 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
303 (int)getuid(),
304 (int)geteuid(),
305 (int)getgid(),
306 (int)getegid()));
307
308 return true;
309 }
310
311 bool change_to_user(connection_struct *conn, uint64_t vuid)
312 {
313 struct user_struct *vuser;
314 int snum = SNUM(conn);
315
316 if (!conn) {
317 DEBUG(2,("Connection not open\n"));
318 return(False);
319 }
320
321 vuser = get_valid_user_struct(conn->sconn, vuid);
322
323 if ((current_user.conn == conn) &&
324 (vuser != NULL) && (current_user.vuid == vuid) &&
325 (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
326 DEBUG(4,("Skipping user change - already "
327 "user\n"));
328 return(True);
329 }
330
331 if (vuser == NULL) {
332 /* Invalid vuid sent */
333 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
334 (unsigned long long)vuid, lp_servicename(talloc_tos(),
335 snum)));
336 return false;
337 }
338
339 return change_to_user_internal(conn, vuser->session_info, vuid);
340 }
341
342 static bool change_to_user_by_session(connection_struct *conn,
343 const struct auth_session_info *session_info)
344 {
345 SMB_ASSERT(conn != NULL);
346 SMB_ASSERT(session_info != NULL);
347
348 if ((current_user.conn == conn) &&
349 (current_user.ut.uid == session_info->unix_token->uid)) {
350 DEBUG(7, ("Skipping user change - already user\n"));
351
352 return true;
353 }
354
355 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
356 }
357
358 /****************************************************************************
359 Go back to being root without changing the security context stack,
360 but modify the current_user entries.
361 ****************************************************************************/
362
363 bool smbd_change_to_root_user(void)
364 {
365 set_root_sec_ctx();
366
367 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
368 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
369
370 current_user.conn = NULL;
371 current_user.vuid = UID_FIELD_INVALID;
372
373 return(True);
374 }
375
376 /****************************************************************************
377 Become the user of an authenticated connected named pipe.
378 When this is called we are currently running as the connection
379 user. Doesn't modify current_user.
380 ****************************************************************************/
381
382 bool become_authenticated_pipe_user(struct auth_session_info *session_info)
383 {
384 if (!push_sec_ctx())
385 return False;
386
387 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
388 session_info->unix_token->ngroups, session_info->unix_token->groups,
389 session_info->security_token);
390
391 return True;
392 }
393
394 /****************************************************************************
395 Unbecome the user of an authenticated connected named pipe.
396 When this is called we are running as the authenticated pipe
397 user and need to go back to being the connection user. Doesn't modify
398 current_user.
399 ****************************************************************************/
400
401 bool unbecome_authenticated_pipe_user(void)
402 {
403 return pop_sec_ctx();
404 }
405
406 /****************************************************************************
407 Utility functions used by become_xxx/unbecome_xxx.
408 ****************************************************************************/
409
410 static void push_conn_ctx(void)
411 {
412 struct conn_ctx *ctx_p;
413
414 /* Check we don't overflow our stack */
415
416 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
417 DEBUG(0, ("Connection context stack overflow!\n"));
418 smb_panic("Connection context stack overflow!\n");
419 }
420
421 /* Store previous user context */
422 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
423
424 ctx_p->conn = current_user.conn;
425 ctx_p->vuid = current_user.vuid;
426
427 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
428 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
429
430 conn_ctx_stack_ndx++;
431 }
432
433 static void pop_conn_ctx(void)
434 {
435 struct conn_ctx *ctx_p;
436
437 /* Check for stack underflow. */
438
439 if (conn_ctx_stack_ndx == 0) {
440 DEBUG(0, ("Connection context stack underflow!\n"));
441 smb_panic("Connection context stack underflow!\n");
442 }
443
444 conn_ctx_stack_ndx--;
445 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
446
447 current_user.conn = ctx_p->conn;
448 current_user.vuid = ctx_p->vuid;
449
450 ctx_p->conn = NULL;
451 ctx_p->vuid = UID_FIELD_INVALID;
452 }
453
454 /****************************************************************************
455 Temporarily become a root user. Must match with unbecome_root(). Saves and
456 restores the connection context.
457 ****************************************************************************/
458
459 void smbd_become_root(void)
460 {
461 /*
462 * no good way to handle push_sec_ctx() failing without changing
463 * the prototype of become_root()
464 */
465 if (!push_sec_ctx()) {
466 smb_panic("become_root: push_sec_ctx failed");
467 }
468 push_conn_ctx();
469 set_root_sec_ctx();
470 }
471
472 /* Unbecome the root user */
473
474 void smbd_unbecome_root(void)
475 {
476 pop_sec_ctx();
477 pop_conn_ctx();
478 }
479
480 /****************************************************************************
481 Push the current security context then force a change via change_to_user().
482 Saves and restores the connection context.
483 ****************************************************************************/
484
485 bool become_user(connection_struct *conn, uint64_t vuid)
486 {
487 if (!push_sec_ctx())
488 return False;
489
490 push_conn_ctx();
491
492 if (!change_to_user(conn, vuid)) {
493 pop_sec_ctx();
494 pop_conn_ctx();
495 return False;
496 }
497
498 return True;
499 }
500
501 bool become_user_by_session(connection_struct *conn,
502 const struct auth_session_info *session_info)
503 {
504 if (!push_sec_ctx())
505 return false;
506
507 push_conn_ctx();
508
509 if (!change_to_user_by_session(conn, session_info)) {
510 pop_sec_ctx();
511 pop_conn_ctx();
512 return false;
513 }
514
515 return true;
516 }
517
518 bool unbecome_user(void)
519 {
520 pop_sec_ctx();
521 pop_conn_ctx();
522 return True;
523 }
524
525 /****************************************************************************
526 Return the current user we are running effectively as on this connection.
527 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
528 doesn't alter this value.
529 ****************************************************************************/
530
531 uid_t get_current_uid(connection_struct *conn)
532 {
533 return current_user.ut.uid;
534 }
535
536 /****************************************************************************
537 Return the current group we are running effectively as on this connection.
538 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
539 doesn't alter this value.
540 ****************************************************************************/
541
542 gid_t get_current_gid(connection_struct *conn)
543 {
544 return current_user.ut.gid;
545 }
546
547 /****************************************************************************
548 Return the UNIX token we are running effectively as on this connection.
549 I'd like to make this return &conn->session_info->unix_token-> but become_root()
550 doesn't alter this value.
551 ****************************************************************************/
552
553 const struct security_unix_token *get_current_utok(connection_struct *conn)
554 {
555 return &current_user.ut;
556 }
557
558 /****************************************************************************
559 Return the Windows token we are running effectively as on this connection.
560 If this is currently a NULL token as we're inside become_root() - a temporary
561 UNIX security override, then we search up the stack for the previous active
562 token.
563 ****************************************************************************/
564
565 const struct security_token *get_current_nttok(connection_struct *conn)
566 {
567 if (current_user.nt_user_token) {
568 return current_user.nt_user_token;
569 }
570 return sec_ctx_active_token();
571 }
572
573 uint64_t get_current_vuid(connection_struct *conn)
574 {
575 return current_user.vuid;
576 }
reg import