2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
29 /* what user is current? */
30 extern struct current_user current_user
;
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
36 bool change_to_guest(void)
40 pass
= Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
48 initgroups(pass
->pw_name
, pass
->pw_gid
);
51 set_sec_ctx(pass
->pw_uid
, pass
->pw_gid
, 0, NULL
, NULL
);
53 current_user
.conn
= NULL
;
54 current_user
.vuid
= UID_FIELD_INVALID
;
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
65 static void free_conn_session_info_if_unused(connection_struct
*conn
)
69 for (i
= 0; i
< VUID_CACHE_SIZE
; i
++) {
70 struct vuid_cache_entry
*ent
;
71 ent
= &conn
->vuid_cache
.array
[i
];
72 if (ent
->vuid
!= UID_FIELD_INVALID
&&
73 conn
->session_info
== ent
->session_info
) {
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn
->session_info
);
81 /*******************************************************************
82 Check if a username is OK.
84 This sets up conn->session_info with a copy related to this vuser that
85 later code can then mess with.
86 ********************************************************************/
88 static bool check_user_ok(connection_struct
*conn
,
90 const struct auth_session_info
*session_info
,
96 struct vuid_cache_entry
*ent
= NULL
;
98 for (i
=0; i
<VUID_CACHE_SIZE
; i
++) {
99 ent
= &conn
->vuid_cache
.array
[i
];
100 if (ent
->vuid
== vuid
) {
101 free_conn_session_info_if_unused(conn
);
102 conn
->session_info
= ent
->session_info
;
103 conn
->read_only
= ent
->read_only
;
108 if (!user_ok_token(session_info
->unix_info
->unix_name
,
109 session_info
->info
->domain_name
,
110 session_info
->security_token
, snum
))
113 readonly_share
= is_share_read_only_for_token(
114 session_info
->unix_info
->unix_name
,
115 session_info
->info
->domain_name
,
116 session_info
->security_token
,
119 if (!readonly_share
&&
120 !share_access_check(session_info
->security_token
,
121 lp_servicename(talloc_tos(), snum
),
124 /* smb.conf allows r/w, but the security descriptor denies
125 * write. Fall back to looking at readonly. */
126 readonly_share
= True
;
127 DEBUG(5,("falling back to read-only access-evaluation due to "
128 "security descriptor\n"));
131 if (!share_access_check(session_info
->security_token
,
132 lp_servicename(talloc_tos(), snum
),
134 FILE_READ_DATA
: FILE_WRITE_DATA
,
139 admin_user
= token_contains_name_in_list(
140 session_info
->unix_info
->unix_name
,
141 session_info
->info
->domain_name
,
142 NULL
, session_info
->security_token
, lp_admin_users(snum
));
144 ent
= &conn
->vuid_cache
.array
[conn
->vuid_cache
.next_entry
];
146 conn
->vuid_cache
.next_entry
=
147 (conn
->vuid_cache
.next_entry
+ 1) % VUID_CACHE_SIZE
;
149 TALLOC_FREE(ent
->session_info
);
152 * If force_user was set, all session_info's are based on the same
153 * username-based faked one.
156 ent
->session_info
= copy_session_info(
157 conn
, conn
->force_user
? conn
->session_info
: session_info
);
159 if (ent
->session_info
== NULL
) {
160 ent
->vuid
= UID_FIELD_INVALID
;
165 ent
->read_only
= readonly_share
;
166 free_conn_session_info_if_unused(conn
);
167 conn
->session_info
= ent
->session_info
;
169 conn
->read_only
= readonly_share
;
171 DEBUG(2,("check_user_ok: user %s is an admin user. "
172 "Setting uid as %d\n",
173 conn
->session_info
->unix_info
->unix_name
,
174 sec_initial_uid() ));
175 conn
->session_info
->unix_token
->uid
= sec_initial_uid();
181 /****************************************************************************
182 Become the user of a connection number without changing the security context
183 stack, but modify the current_user entries.
184 ****************************************************************************/
186 static bool change_to_user_internal(connection_struct
*conn
,
187 const struct auth_session_info
*session_info
,
195 gid_t
*group_list
= NULL
;
200 ok
= check_user_ok(conn
, vuid
, session_info
, snum
);
202 DEBUG(2,("SMB user %s (unix user %s) "
203 "not permitted access to share %s.\n",
204 session_info
->unix_info
->sanitized_username
,
205 session_info
->unix_info
->unix_name
,
206 lp_servicename(talloc_tos(), snum
)));
210 uid
= conn
->session_info
->unix_token
->uid
;
211 gid
= conn
->session_info
->unix_token
->gid
;
212 num_groups
= conn
->session_info
->unix_token
->ngroups
;
213 group_list
= conn
->session_info
->unix_token
->groups
;
216 * See if we should force group for this service. If so this overrides
217 * any group set in the force user code.
219 if((group_c
= *lp_force_group(talloc_tos(), snum
))) {
221 SMB_ASSERT(conn
->force_group_gid
!= (gid_t
)-1);
223 if (group_c
== '+') {
227 * Only force group if the user is a member of the
228 * service group. Check the group memberships for this
229 * user (we already have this) to see if we should force
232 for (i
= 0; i
< num_groups
; i
++) {
233 if (group_list
[i
] == conn
->force_group_gid
) {
234 conn
->session_info
->unix_token
->gid
=
235 conn
->force_group_gid
;
236 gid
= conn
->force_group_gid
;
237 gid_to_sid(&conn
->session_info
->security_token
243 conn
->session_info
->unix_token
->gid
= conn
->force_group_gid
;
244 gid
= conn
->force_group_gid
;
245 gid_to_sid(&conn
->session_info
->security_token
->sids
[1],
250 /*Set current_user since we will immediately also call set_sec_ctx() */
251 current_user
.ut
.ngroups
= num_groups
;
252 current_user
.ut
.groups
= group_list
;
256 current_user
.ut
.ngroups
,
257 current_user
.ut
.groups
,
258 conn
->session_info
->security_token
);
260 current_user
.conn
= conn
;
261 current_user
.vuid
= vuid
;
263 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
272 bool change_to_user(connection_struct
*conn
, uint64_t vuid
)
274 const struct auth_session_info
*session_info
= NULL
;
275 struct user_struct
*vuser
;
276 int snum
= SNUM(conn
);
279 DEBUG(2,("Connection not open\n"));
283 vuser
= get_valid_user_struct(conn
->sconn
, vuid
);
285 if ((current_user
.conn
== conn
) &&
286 (vuser
!= NULL
) && (current_user
.vuid
== vuid
) &&
287 (current_user
.ut
.uid
== vuser
->session_info
->unix_token
->uid
)) {
288 DEBUG(4,("Skipping user change - already "
294 /* Invalid vuid sent */
295 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
296 (unsigned long long)vuid
, lp_servicename(talloc_tos(),
301 session_info
= vuser
->session_info
;
302 return change_to_user_internal(conn
, session_info
, vuid
);
305 static bool change_to_user_by_session(connection_struct
*conn
,
306 const struct auth_session_info
*session_info
)
308 SMB_ASSERT(conn
!= NULL
);
309 SMB_ASSERT(session_info
!= NULL
);
311 if ((current_user
.conn
== conn
) &&
312 (current_user
.ut
.uid
== session_info
->unix_token
->uid
)) {
313 DEBUG(7, ("Skipping user change - already user\n"));
318 return change_to_user_internal(conn
, session_info
, UID_FIELD_INVALID
);
321 /****************************************************************************
322 Go back to being root without changing the security context stack,
323 but modify the current_user entries.
324 ****************************************************************************/
326 bool smbd_change_to_root_user(void)
330 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
331 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
333 current_user
.conn
= NULL
;
334 current_user
.vuid
= UID_FIELD_INVALID
;
339 /****************************************************************************
340 Become the user of an authenticated connected named pipe.
341 When this is called we are currently running as the connection
342 user. Doesn't modify current_user.
343 ****************************************************************************/
345 bool become_authenticated_pipe_user(struct auth_session_info
*session_info
)
350 set_sec_ctx(session_info
->unix_token
->uid
, session_info
->unix_token
->gid
,
351 session_info
->unix_token
->ngroups
, session_info
->unix_token
->groups
,
352 session_info
->security_token
);
357 /****************************************************************************
358 Unbecome the user of an authenticated connected named pipe.
359 When this is called we are running as the authenticated pipe
360 user and need to go back to being the connection user. Doesn't modify
362 ****************************************************************************/
364 bool unbecome_authenticated_pipe_user(void)
366 return pop_sec_ctx();
369 /****************************************************************************
370 Utility functions used by become_xxx/unbecome_xxx.
371 ****************************************************************************/
373 static void push_conn_ctx(void)
375 struct conn_ctx
*ctx_p
;
377 /* Check we don't overflow our stack */
379 if (conn_ctx_stack_ndx
== MAX_SEC_CTX_DEPTH
) {
380 DEBUG(0, ("Connection context stack overflow!\n"));
381 smb_panic("Connection context stack overflow!\n");
384 /* Store previous user context */
385 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
387 ctx_p
->conn
= current_user
.conn
;
388 ctx_p
->vuid
= current_user
.vuid
;
390 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
391 (unsigned long long)ctx_p
->vuid
, conn_ctx_stack_ndx
));
393 conn_ctx_stack_ndx
++;
396 static void pop_conn_ctx(void)
398 struct conn_ctx
*ctx_p
;
400 /* Check for stack underflow. */
402 if (conn_ctx_stack_ndx
== 0) {
403 DEBUG(0, ("Connection context stack underflow!\n"));
404 smb_panic("Connection context stack underflow!\n");
407 conn_ctx_stack_ndx
--;
408 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
410 current_user
.conn
= ctx_p
->conn
;
411 current_user
.vuid
= ctx_p
->vuid
;
414 ctx_p
->vuid
= UID_FIELD_INVALID
;
417 /****************************************************************************
418 Temporarily become a root user. Must match with unbecome_root(). Saves and
419 restores the connection context.
420 ****************************************************************************/
422 void smbd_become_root(void)
425 * no good way to handle push_sec_ctx() failing without changing
426 * the prototype of become_root()
428 if (!push_sec_ctx()) {
429 smb_panic("become_root: push_sec_ctx failed");
435 /* Unbecome the root user */
437 void smbd_unbecome_root(void)
443 /****************************************************************************
444 Push the current security context then force a change via change_to_user().
445 Saves and restores the connection context.
446 ****************************************************************************/
448 bool become_user(connection_struct
*conn
, uint64_t vuid
)
455 if (!change_to_user(conn
, vuid
)) {
464 bool become_user_by_session(connection_struct
*conn
,
465 const struct auth_session_info
*session_info
)
472 if (!change_to_user_by_session(conn
, session_info
)) {
481 bool unbecome_user(void)
488 /****************************************************************************
489 Return the current user we are running effectively as on this connection.
490 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
491 doesn't alter this value.
492 ****************************************************************************/
494 uid_t
get_current_uid(connection_struct
*conn
)
496 return current_user
.ut
.uid
;
499 /****************************************************************************
500 Return the current group we are running effectively as on this connection.
501 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
502 doesn't alter this value.
503 ****************************************************************************/
505 gid_t
get_current_gid(connection_struct
*conn
)
507 return current_user
.ut
.gid
;
510 /****************************************************************************
511 Return the UNIX token we are running effectively as on this connection.
512 I'd like to make this return &conn->session_info->unix_token-> but become_root()
513 doesn't alter this value.
514 ****************************************************************************/
516 const struct security_unix_token
*get_current_utok(connection_struct
*conn
)
518 return ¤t_user
.ut
;
521 /****************************************************************************
522 Return the Windows token we are running effectively as on this connection.
523 If this is currently a NULL token as we're inside become_root() - a temporary
524 UNIX security override, then we search up the stack for the previous active
526 ****************************************************************************/
528 const struct security_token
*get_current_nttok(connection_struct
*conn
)
530 if (current_user
.nt_user_token
) {
531 return current_user
.nt_user_token
;
533 return sec_ctx_active_token();
536 uint64_t get_current_vuid(connection_struct
*conn
)
538 return current_user
.vuid
;