search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correctly setup the conn->share_access based on the current user token.
[Samba/gebeck_regimport.git] / source3 / smbd / uid.c
blob397380c52517623e9ad6b7e69ceeb2f1072a20d6
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28
29 /* what user is current? */
30 extern struct current_user current_user;
31
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
35
36 bool change_to_guest(void)
37 {
38 struct passwd *pass;
39
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
41 if (!pass) {
42 return false;
43 }
44
45 #ifdef AIX
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
47 setting IDs */
48 initgroups(pass->pw_name, pass->pw_gid);
49 #endif
50
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
52
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
55
56 TALLOC_FREE(pass);
57
58 return true;
59 }
60
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
64
65 static void free_conn_session_info_if_unused(connection_struct *conn)
66 {
67 unsigned int i;
68
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache->array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
74 return;
75 }
76 }
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
79 }
80
81 /*******************************************************************
82 Check if a username is OK.
83
84 This sets up conn->session_info with a copy related to this vuser that
85 later code can then mess with.
86 ********************************************************************/
87
88 static bool check_user_ok(connection_struct *conn,
89 uint64_t vuid,
90 const struct auth_session_info *session_info,
91 int snum)
92 {
93 unsigned int i;
94 bool readonly_share;
95 bool admin_user;
96 struct vuid_cache_entry *ent = NULL;
97 uint32_t share_access = 0;
98
99 for (i=0; i<VUID_CACHE_SIZE; i++) {
100 ent = &conn->vuid_cache->array[i];
101 if (ent->vuid == vuid) {
102 free_conn_session_info_if_unused(conn);
103 conn->session_info = ent->session_info;
104 conn->read_only = ent->read_only;
105 conn->share_access = ent->share_access;
106 return(True);
107 }
108 }
109
110 if (!user_ok_token(session_info->unix_info->unix_name,
111 session_info->info->domain_name,
112 session_info->security_token, snum))
113 return(False);
114
115 readonly_share = is_share_read_only_for_token(
116 session_info->unix_info->unix_name,
117 session_info->info->domain_name,
118 session_info->security_token,
119 conn);
120
121 share_access = create_share_access_mask(snum,
122 readonly_share,
123 session_info->security_token);
124
125 if ((share_access & FILE_WRITE_DATA) == 0) {
126 if ((share_access & FILE_READ_DATA) == 0) {
127 /* No access, read or write. */
128 DEBUG(0,("user %s connection to %s "
129 "denied due to share security "
130 "descriptor.\n",
131 session_info->unix_info->unix_name,
132 lp_servicename(talloc_tos(), snum)));
133 return false;
134 }
135 }
136
137 if (!readonly_share &&
138 !(share_access & FILE_WRITE_DATA)) {
139 /* smb.conf allows r/w, but the security descriptor denies
140 * write. Fall back to looking at readonly. */
141 readonly_share = True;
142 DEBUG(5,("falling back to read-only access-evaluation due to "
143 "security descriptor\n"));
144 }
145
146 admin_user = token_contains_name_in_list(
147 session_info->unix_info->unix_name,
148 session_info->info->domain_name,
149 NULL, session_info->security_token, lp_admin_users(snum));
150
151 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
152
153 conn->vuid_cache->next_entry =
154 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
155
156 TALLOC_FREE(ent->session_info);
157
158 /*
159 * If force_user was set, all session_info's are based on the same
160 * username-based faked one.
161 */
162
163 ent->session_info = copy_session_info(
164 conn, conn->force_user ? conn->session_info : session_info);
165
166 if (ent->session_info == NULL) {
167 ent->vuid = UID_FIELD_INVALID;
168 return false;
169 }
170
171 ent->vuid = vuid;
172 ent->read_only = readonly_share;
173 ent->share_access = share_access;
174 free_conn_session_info_if_unused(conn);
175 conn->session_info = ent->session_info;
176
177 conn->read_only = readonly_share;
178 conn->share_access = share_access;
179
180 if (admin_user) {
181 DEBUG(2,("check_user_ok: user %s is an admin user. "
182 "Setting uid as %d\n",
183 conn->session_info->unix_info->unix_name,
184 sec_initial_uid() ));
185 conn->session_info->unix_token->uid = sec_initial_uid();
186 }
187
188 return(True);
189 }
190
191 /****************************************************************************
192 Become the user of a connection number without changing the security context
193 stack, but modify the current_user entries.
194 ****************************************************************************/
195
196 static bool change_to_user_internal(connection_struct *conn,
197 const struct auth_session_info *session_info,
198 uint64_t vuid)
199 {
200 int snum;
201 gid_t gid;
202 uid_t uid;
203 char group_c;
204 int num_groups = 0;
205 gid_t *group_list = NULL;
206 bool ok;
207
208 snum = SNUM(conn);
209
210 ok = check_user_ok(conn, vuid, session_info, snum);
211 if (!ok) {
212 DEBUG(2,("SMB user %s (unix user %s) "
213 "not permitted access to share %s.\n",
214 session_info->unix_info->sanitized_username,
215 session_info->unix_info->unix_name,
216 lp_servicename(talloc_tos(), snum)));
217 return false;
218 }
219
220 uid = conn->session_info->unix_token->uid;
221 gid = conn->session_info->unix_token->gid;
222 num_groups = conn->session_info->unix_token->ngroups;
223 group_list = conn->session_info->unix_token->groups;
224
225 /*
226 * See if we should force group for this service. If so this overrides
227 * any group set in the force user code.
228 */
229 if((group_c = *lp_force_group(talloc_tos(), snum))) {
230
231 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
232
233 if (group_c == '+') {
234 int i;
235
236 /*
237 * Only force group if the user is a member of the
238 * service group. Check the group memberships for this
239 * user (we already have this) to see if we should force
240 * the group.
241 */
242 for (i = 0; i < num_groups; i++) {
243 if (group_list[i] == conn->force_group_gid) {
244 conn->session_info->unix_token->gid =
245 conn->force_group_gid;
246 gid = conn->force_group_gid;
247 gid_to_sid(&conn->session_info->security_token
248 ->sids[1], gid);
249 break;
250 }
251 }
252 } else {
253 conn->session_info->unix_token->gid = conn->force_group_gid;
254 gid = conn->force_group_gid;
255 gid_to_sid(&conn->session_info->security_token->sids[1],
256 gid);
257 }
258 }
259
260 /*Set current_user since we will immediately also call set_sec_ctx() */
261 current_user.ut.ngroups = num_groups;
262 current_user.ut.groups = group_list;
263
264 set_sec_ctx(uid,
265 gid,
266 current_user.ut.ngroups,
267 current_user.ut.groups,
268 conn->session_info->security_token);
269
270 current_user.conn = conn;
271 current_user.vuid = vuid;
272
273 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
274 (int)getuid(),
275 (int)geteuid(),
276 (int)getgid(),
277 (int)getegid()));
278
279 return true;
280 }
281
282 bool change_to_user(connection_struct *conn, uint64_t vuid)
283 {
284 struct user_struct *vuser;
285 int snum = SNUM(conn);
286
287 if (!conn) {
288 DEBUG(2,("Connection not open\n"));
289 return(False);
290 }
291
292 vuser = get_valid_user_struct(conn->sconn, vuid);
293
294 if ((current_user.conn == conn) &&
295 (vuser != NULL) && (current_user.vuid == vuid) &&
296 (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
297 DEBUG(4,("Skipping user change - already "
298 "user\n"));
299 return(True);
300 }
301
302 if (vuser == NULL) {
303 /* Invalid vuid sent */
304 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
305 (unsigned long long)vuid, lp_servicename(talloc_tos(),
306 snum)));
307 return false;
308 }
309
310 return change_to_user_internal(conn, vuser->session_info, vuid);
311 }
312
313 static bool change_to_user_by_session(connection_struct *conn,
314 const struct auth_session_info *session_info)
315 {
316 SMB_ASSERT(conn != NULL);
317 SMB_ASSERT(session_info != NULL);
318
319 if ((current_user.conn == conn) &&
320 (current_user.ut.uid == session_info->unix_token->uid)) {
321 DEBUG(7, ("Skipping user change - already user\n"));
322
323 return true;
324 }
325
326 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
327 }
328
329 /****************************************************************************
330 Go back to being root without changing the security context stack,
331 but modify the current_user entries.
332 ****************************************************************************/
333
334 bool smbd_change_to_root_user(void)
335 {
336 set_root_sec_ctx();
337
338 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
339 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
340
341 current_user.conn = NULL;
342 current_user.vuid = UID_FIELD_INVALID;
343
344 return(True);
345 }
346
347 /****************************************************************************
348 Become the user of an authenticated connected named pipe.
349 When this is called we are currently running as the connection
350 user. Doesn't modify current_user.
351 ****************************************************************************/
352
353 bool become_authenticated_pipe_user(struct auth_session_info *session_info)
354 {
355 if (!push_sec_ctx())
356 return False;
357
358 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
359 session_info->unix_token->ngroups, session_info->unix_token->groups,
360 session_info->security_token);
361
362 return True;
363 }
364
365 /****************************************************************************
366 Unbecome the user of an authenticated connected named pipe.
367 When this is called we are running as the authenticated pipe
368 user and need to go back to being the connection user. Doesn't modify
369 current_user.
370 ****************************************************************************/
371
372 bool unbecome_authenticated_pipe_user(void)
373 {
374 return pop_sec_ctx();
375 }
376
377 /****************************************************************************
378 Utility functions used by become_xxx/unbecome_xxx.
379 ****************************************************************************/
380
381 static void push_conn_ctx(void)
382 {
383 struct conn_ctx *ctx_p;
384
385 /* Check we don't overflow our stack */
386
387 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
388 DEBUG(0, ("Connection context stack overflow!\n"));
389 smb_panic("Connection context stack overflow!\n");
390 }
391
392 /* Store previous user context */
393 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
394
395 ctx_p->conn = current_user.conn;
396 ctx_p->vuid = current_user.vuid;
397
398 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
399 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
400
401 conn_ctx_stack_ndx++;
402 }
403
404 static void pop_conn_ctx(void)
405 {
406 struct conn_ctx *ctx_p;
407
408 /* Check for stack underflow. */
409
410 if (conn_ctx_stack_ndx == 0) {
411 DEBUG(0, ("Connection context stack underflow!\n"));
412 smb_panic("Connection context stack underflow!\n");
413 }
414
415 conn_ctx_stack_ndx--;
416 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
417
418 current_user.conn = ctx_p->conn;
419 current_user.vuid = ctx_p->vuid;
420
421 ctx_p->conn = NULL;
422 ctx_p->vuid = UID_FIELD_INVALID;
423 }
424
425 /****************************************************************************
426 Temporarily become a root user. Must match with unbecome_root(). Saves and
427 restores the connection context.
428 ****************************************************************************/
429
430 void smbd_become_root(void)
431 {
432 /*
433 * no good way to handle push_sec_ctx() failing without changing
434 * the prototype of become_root()
435 */
436 if (!push_sec_ctx()) {
437 smb_panic("become_root: push_sec_ctx failed");
438 }
439 push_conn_ctx();
440 set_root_sec_ctx();
441 }
442
443 /* Unbecome the root user */
444
445 void smbd_unbecome_root(void)
446 {
447 pop_sec_ctx();
448 pop_conn_ctx();
449 }
450
451 /****************************************************************************
452 Push the current security context then force a change via change_to_user().
453 Saves and restores the connection context.
454 ****************************************************************************/
455
456 bool become_user(connection_struct *conn, uint64_t vuid)
457 {
458 if (!push_sec_ctx())
459 return False;
460
461 push_conn_ctx();
462
463 if (!change_to_user(conn, vuid)) {
464 pop_sec_ctx();
465 pop_conn_ctx();
466 return False;
467 }
468
469 return True;
470 }
471
472 bool become_user_by_session(connection_struct *conn,
473 const struct auth_session_info *session_info)
474 {
475 if (!push_sec_ctx())
476 return false;
477
478 push_conn_ctx();
479
480 if (!change_to_user_by_session(conn, session_info)) {
481 pop_sec_ctx();
482 pop_conn_ctx();
483 return false;
484 }
485
486 return true;
487 }
488
489 bool unbecome_user(void)
490 {
491 pop_sec_ctx();
492 pop_conn_ctx();
493 return True;
494 }
495
496 /****************************************************************************
497 Return the current user we are running effectively as on this connection.
498 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
499 doesn't alter this value.
500 ****************************************************************************/
501
502 uid_t get_current_uid(connection_struct *conn)
503 {
504 return current_user.ut.uid;
505 }
506
507 /****************************************************************************
508 Return the current group we are running effectively as on this connection.
509 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
510 doesn't alter this value.
511 ****************************************************************************/
512
513 gid_t get_current_gid(connection_struct *conn)
514 {
515 return current_user.ut.gid;
516 }
517
518 /****************************************************************************
519 Return the UNIX token we are running effectively as on this connection.
520 I'd like to make this return &conn->session_info->unix_token-> but become_root()
521 doesn't alter this value.
522 ****************************************************************************/
523
524 const struct security_unix_token *get_current_utok(connection_struct *conn)
525 {
526 return &current_user.ut;
527 }
528
529 /****************************************************************************
530 Return the Windows token we are running effectively as on this connection.
531 If this is currently a NULL token as we're inside become_root() - a temporary
532 UNIX security override, then we search up the stack for the previous active
533 token.
534 ****************************************************************************/
535
536 const struct security_token *get_current_nttok(connection_struct *conn)
537 {
538 if (current_user.nt_user_token) {
539 return current_user.nt_user_token;
540 }
541 return sec_ctx_active_token();
542 }
543
544 uint64_t get_current_vuid(connection_struct *conn)
545 {
546 return current_user.vuid;
547 }
reg import