2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
29 /* what user is current? */
30 extern struct current_user current_user
;
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
36 bool change_to_guest(void)
40 pass
= Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
48 initgroups(pass
->pw_name
, pass
->pw_gid
);
51 set_sec_ctx(pass
->pw_uid
, pass
->pw_gid
, 0, NULL
, NULL
);
53 current_user
.conn
= NULL
;
54 current_user
.vuid
= UID_FIELD_INVALID
;
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
65 static void free_conn_session_info_if_unused(connection_struct
*conn
)
69 for (i
= 0; i
< VUID_CACHE_SIZE
; i
++) {
70 struct vuid_cache_entry
*ent
;
71 ent
= &conn
->vuid_cache
->array
[i
];
72 if (ent
->vuid
!= UID_FIELD_INVALID
&&
73 conn
->session_info
== ent
->session_info
) {
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn
->session_info
);
81 /*******************************************************************
82 Check if a username is OK.
84 This sets up conn->session_info with a copy related to this vuser that
85 later code can then mess with.
86 ********************************************************************/
88 static bool check_user_ok(connection_struct
*conn
,
90 const struct auth_session_info
*session_info
,
96 struct vuid_cache_entry
*ent
= NULL
;
97 uint32_t share_access
= 0;
99 for (i
=0; i
<VUID_CACHE_SIZE
; i
++) {
100 ent
= &conn
->vuid_cache
->array
[i
];
101 if (ent
->vuid
== vuid
) {
102 free_conn_session_info_if_unused(conn
);
103 conn
->session_info
= ent
->session_info
;
104 conn
->read_only
= ent
->read_only
;
105 conn
->share_access
= ent
->share_access
;
110 if (!user_ok_token(session_info
->unix_info
->unix_name
,
111 session_info
->info
->domain_name
,
112 session_info
->security_token
, snum
))
115 readonly_share
= is_share_read_only_for_token(
116 session_info
->unix_info
->unix_name
,
117 session_info
->info
->domain_name
,
118 session_info
->security_token
,
121 share_access
= create_share_access_mask(snum
,
123 session_info
->security_token
);
125 if ((share_access
& FILE_WRITE_DATA
) == 0) {
126 if ((share_access
& FILE_READ_DATA
) == 0) {
127 /* No access, read or write. */
128 DEBUG(0,("user %s connection to %s "
129 "denied due to share security "
131 session_info
->unix_info
->unix_name
,
132 lp_servicename(talloc_tos(), snum
)));
137 if (!readonly_share
&&
138 !(share_access
& FILE_WRITE_DATA
)) {
139 /* smb.conf allows r/w, but the security descriptor denies
140 * write. Fall back to looking at readonly. */
141 readonly_share
= True
;
142 DEBUG(5,("falling back to read-only access-evaluation due to "
143 "security descriptor\n"));
146 admin_user
= token_contains_name_in_list(
147 session_info
->unix_info
->unix_name
,
148 session_info
->info
->domain_name
,
149 NULL
, session_info
->security_token
, lp_admin_users(snum
));
151 ent
= &conn
->vuid_cache
->array
[conn
->vuid_cache
->next_entry
];
153 conn
->vuid_cache
->next_entry
=
154 (conn
->vuid_cache
->next_entry
+ 1) % VUID_CACHE_SIZE
;
156 TALLOC_FREE(ent
->session_info
);
159 * If force_user was set, all session_info's are based on the same
160 * username-based faked one.
163 ent
->session_info
= copy_session_info(
164 conn
, conn
->force_user
? conn
->session_info
: session_info
);
166 if (ent
->session_info
== NULL
) {
167 ent
->vuid
= UID_FIELD_INVALID
;
172 ent
->read_only
= readonly_share
;
173 ent
->share_access
= share_access
;
174 free_conn_session_info_if_unused(conn
);
175 conn
->session_info
= ent
->session_info
;
177 conn
->read_only
= readonly_share
;
178 conn
->share_access
= share_access
;
181 DEBUG(2,("check_user_ok: user %s is an admin user. "
182 "Setting uid as %d\n",
183 conn
->session_info
->unix_info
->unix_name
,
184 sec_initial_uid() ));
185 conn
->session_info
->unix_token
->uid
= sec_initial_uid();
191 /****************************************************************************
192 Become the user of a connection number without changing the security context
193 stack, but modify the current_user entries.
194 ****************************************************************************/
196 static bool change_to_user_internal(connection_struct
*conn
,
197 const struct auth_session_info
*session_info
,
205 gid_t
*group_list
= NULL
;
210 ok
= check_user_ok(conn
, vuid
, session_info
, snum
);
212 DEBUG(2,("SMB user %s (unix user %s) "
213 "not permitted access to share %s.\n",
214 session_info
->unix_info
->sanitized_username
,
215 session_info
->unix_info
->unix_name
,
216 lp_servicename(talloc_tos(), snum
)));
220 uid
= conn
->session_info
->unix_token
->uid
;
221 gid
= conn
->session_info
->unix_token
->gid
;
222 num_groups
= conn
->session_info
->unix_token
->ngroups
;
223 group_list
= conn
->session_info
->unix_token
->groups
;
226 * See if we should force group for this service. If so this overrides
227 * any group set in the force user code.
229 if((group_c
= *lp_force_group(talloc_tos(), snum
))) {
231 SMB_ASSERT(conn
->force_group_gid
!= (gid_t
)-1);
233 if (group_c
== '+') {
237 * Only force group if the user is a member of the
238 * service group. Check the group memberships for this
239 * user (we already have this) to see if we should force
242 for (i
= 0; i
< num_groups
; i
++) {
243 if (group_list
[i
] == conn
->force_group_gid
) {
244 conn
->session_info
->unix_token
->gid
=
245 conn
->force_group_gid
;
246 gid
= conn
->force_group_gid
;
247 gid_to_sid(&conn
->session_info
->security_token
253 conn
->session_info
->unix_token
->gid
= conn
->force_group_gid
;
254 gid
= conn
->force_group_gid
;
255 gid_to_sid(&conn
->session_info
->security_token
->sids
[1],
260 /*Set current_user since we will immediately also call set_sec_ctx() */
261 current_user
.ut
.ngroups
= num_groups
;
262 current_user
.ut
.groups
= group_list
;
266 current_user
.ut
.ngroups
,
267 current_user
.ut
.groups
,
268 conn
->session_info
->security_token
);
270 current_user
.conn
= conn
;
271 current_user
.vuid
= vuid
;
273 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
282 bool change_to_user(connection_struct
*conn
, uint64_t vuid
)
284 struct user_struct
*vuser
;
285 int snum
= SNUM(conn
);
288 DEBUG(2,("Connection not open\n"));
292 vuser
= get_valid_user_struct(conn
->sconn
, vuid
);
294 if ((current_user
.conn
== conn
) &&
295 (vuser
!= NULL
) && (current_user
.vuid
== vuid
) &&
296 (current_user
.ut
.uid
== vuser
->session_info
->unix_token
->uid
)) {
297 DEBUG(4,("Skipping user change - already "
303 /* Invalid vuid sent */
304 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
305 (unsigned long long)vuid
, lp_servicename(talloc_tos(),
310 return change_to_user_internal(conn
, vuser
->session_info
, vuid
);
313 static bool change_to_user_by_session(connection_struct
*conn
,
314 const struct auth_session_info
*session_info
)
316 SMB_ASSERT(conn
!= NULL
);
317 SMB_ASSERT(session_info
!= NULL
);
319 if ((current_user
.conn
== conn
) &&
320 (current_user
.ut
.uid
== session_info
->unix_token
->uid
)) {
321 DEBUG(7, ("Skipping user change - already user\n"));
326 return change_to_user_internal(conn
, session_info
, UID_FIELD_INVALID
);
329 /****************************************************************************
330 Go back to being root without changing the security context stack,
331 but modify the current_user entries.
332 ****************************************************************************/
334 bool smbd_change_to_root_user(void)
338 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
339 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
341 current_user
.conn
= NULL
;
342 current_user
.vuid
= UID_FIELD_INVALID
;
347 /****************************************************************************
348 Become the user of an authenticated connected named pipe.
349 When this is called we are currently running as the connection
350 user. Doesn't modify current_user.
351 ****************************************************************************/
353 bool become_authenticated_pipe_user(struct auth_session_info
*session_info
)
358 set_sec_ctx(session_info
->unix_token
->uid
, session_info
->unix_token
->gid
,
359 session_info
->unix_token
->ngroups
, session_info
->unix_token
->groups
,
360 session_info
->security_token
);
365 /****************************************************************************
366 Unbecome the user of an authenticated connected named pipe.
367 When this is called we are running as the authenticated pipe
368 user and need to go back to being the connection user. Doesn't modify
370 ****************************************************************************/
372 bool unbecome_authenticated_pipe_user(void)
374 return pop_sec_ctx();
377 /****************************************************************************
378 Utility functions used by become_xxx/unbecome_xxx.
379 ****************************************************************************/
381 static void push_conn_ctx(void)
383 struct conn_ctx
*ctx_p
;
385 /* Check we don't overflow our stack */
387 if (conn_ctx_stack_ndx
== MAX_SEC_CTX_DEPTH
) {
388 DEBUG(0, ("Connection context stack overflow!\n"));
389 smb_panic("Connection context stack overflow!\n");
392 /* Store previous user context */
393 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
395 ctx_p
->conn
= current_user
.conn
;
396 ctx_p
->vuid
= current_user
.vuid
;
398 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
399 (unsigned long long)ctx_p
->vuid
, conn_ctx_stack_ndx
));
401 conn_ctx_stack_ndx
++;
404 static void pop_conn_ctx(void)
406 struct conn_ctx
*ctx_p
;
408 /* Check for stack underflow. */
410 if (conn_ctx_stack_ndx
== 0) {
411 DEBUG(0, ("Connection context stack underflow!\n"));
412 smb_panic("Connection context stack underflow!\n");
415 conn_ctx_stack_ndx
--;
416 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
418 current_user
.conn
= ctx_p
->conn
;
419 current_user
.vuid
= ctx_p
->vuid
;
422 ctx_p
->vuid
= UID_FIELD_INVALID
;
425 /****************************************************************************
426 Temporarily become a root user. Must match with unbecome_root(). Saves and
427 restores the connection context.
428 ****************************************************************************/
430 void smbd_become_root(void)
433 * no good way to handle push_sec_ctx() failing without changing
434 * the prototype of become_root()
436 if (!push_sec_ctx()) {
437 smb_panic("become_root: push_sec_ctx failed");
443 /* Unbecome the root user */
445 void smbd_unbecome_root(void)
451 /****************************************************************************
452 Push the current security context then force a change via change_to_user().
453 Saves and restores the connection context.
454 ****************************************************************************/
456 bool become_user(connection_struct
*conn
, uint64_t vuid
)
463 if (!change_to_user(conn
, vuid
)) {
472 bool become_user_by_session(connection_struct
*conn
,
473 const struct auth_session_info
*session_info
)
480 if (!change_to_user_by_session(conn
, session_info
)) {
489 bool unbecome_user(void)
496 /****************************************************************************
497 Return the current user we are running effectively as on this connection.
498 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
499 doesn't alter this value.
500 ****************************************************************************/
502 uid_t
get_current_uid(connection_struct
*conn
)
504 return current_user
.ut
.uid
;
507 /****************************************************************************
508 Return the current group we are running effectively as on this connection.
509 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
510 doesn't alter this value.
511 ****************************************************************************/
513 gid_t
get_current_gid(connection_struct
*conn
)
515 return current_user
.ut
.gid
;
518 /****************************************************************************
519 Return the UNIX token we are running effectively as on this connection.
520 I'd like to make this return &conn->session_info->unix_token-> but become_root()
521 doesn't alter this value.
522 ****************************************************************************/
524 const struct security_unix_token
*get_current_utok(connection_struct
*conn
)
526 return ¤t_user
.ut
;
529 /****************************************************************************
530 Return the Windows token we are running effectively as on this connection.
531 If this is currently a NULL token as we're inside become_root() - a temporary
532 UNIX security override, then we search up the stack for the previous active
534 ****************************************************************************/
536 const struct security_token
*get_current_nttok(connection_struct
*conn
)
538 if (current_user
.nt_user_token
) {
539 return current_user
.nt_user_token
;
541 return sec_ctx_active_token();
544 uint64_t get_current_vuid(connection_struct
*conn
)
546 return current_user
.vuid
;