search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
must add one to the extra_data size to transfer the 0 string terminator.
[Samba/gebeck_regimport.git] / source3 / smbd / uid.c
blob2bda26aa510807babafd0a87d1920fc1a1ca1d48
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21 #include "includes.h"
22
23 /* what user is current? */
24 extern struct current_user current_user;
25
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
29
30 BOOL change_to_guest(void)
31 {
32 static struct passwd *pass=NULL;
33
34 if (!pass) {
35 /* Don't need to free() this as its stored in a static */
36 pass = getpwnam_alloc(lp_guestaccount());
37 if (!pass)
38 return(False);
39 }
40
41 #ifdef AIX
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
43 setting IDs */
44 initgroups(pass->pw_name, pass->pw_gid);
45 #endif
46
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
48
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
51
52 return True;
53 }
54
55 /*******************************************************************
56 Check if a username is OK.
57 ********************************************************************/
58
59 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
60 {
61 int i;
62 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++)
63 if (conn->vuid_cache.list[i] == vuser->vuid)
64 return(True);
65
66 if ((conn->force_user || conn->force_group)
67 && (conn->vuid != vuser->vuid)) {
68 return False;
69 }
70
71 if (!user_ok(vuser->user.unix_name,snum))
72 return(False);
73
74 if (!share_access_check(conn, snum, vuser, conn->read_only ? FILE_READ_DATA : FILE_WRITE_DATA)) {
75 return False;
76 }
77
78 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
79 conn->vuid_cache.list[i] = vuser->vuid;
80
81 conn->vuid_cache.entries++;
82
83 return(True);
84 }
85
86 /****************************************************************************
87 Become the user of a connection number without changing the security context
88 stack, but modify the currnet_user entries.
89 ****************************************************************************/
90
91 BOOL change_to_user(connection_struct *conn, uint16 vuid)
92 {
93 user_struct *vuser = get_valid_user_struct(vuid);
94 int snum;
95 gid_t gid;
96 uid_t uid;
97 char group_c;
98 BOOL must_free_token = False;
99 NT_USER_TOKEN *token = NULL;
100
101 if (!conn) {
102 DEBUG(2,("change_to_user: Connection not open\n"));
103 return(False);
104 }
105
106 /*
107 * We need a separate check in security=share mode due to vuid
108 * always being UID_FIELD_INVALID. If we don't do this then
109 * in share mode security we are *always* changing uid's between
110 * SMB's - this hurts performance - Badly.
111 */
112
113 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
114 (current_user.uid == conn->uid)) {
115 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
116 return(True);
117 } else if ((current_user.conn == conn) &&
118 (vuser != 0) && (current_user.vuid == vuid) &&
119 (current_user.uid == vuser->uid)) {
120 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
121 return(True);
122 }
123
124 snum = SNUM(conn);
125
126 if (conn->force_user) /* security = share sets this too */ {
127 uid = conn->uid;
128 gid = conn->gid;
129 current_user.groups = conn->groups;
130 current_user.ngroups = conn->ngroups;
131 token = conn->nt_user_token;
132 } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
133 uid = vuser->uid;
134 gid = vuser->gid;
135 current_user.ngroups = vuser->n_groups;
136 current_user.groups = vuser->groups;
137 token = vuser->nt_user_token;
138 } else {
139 DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
140 return False;
141 }
142
143 /*
144 * See if we should force group for this service.
145 * If so this overrides any group set in the force
146 * user code.
147 */
148
149 if((group_c = *lp_force_group(snum))) {
150 BOOL is_guest = False;
151
152 if(group_c == '+') {
153
154 /*
155 * Only force group if the user is a member of
156 * the service group. Check the group memberships for
157 * this user (we already have this) to
158 * see if we should force the group.
159 */
160
161 int i;
162 for (i = 0; i < current_user.ngroups; i++) {
163 if (current_user.groups[i] == conn->gid) {
164 gid = conn->gid;
165 break;
166 }
167 }
168 } else {
169 gid = conn->gid;
170 }
171
172 /*
173 * We've changed the group list in the token - we must
174 * re-create it.
175 */
176
177 if (vuser && vuser->guest)
178 is_guest = True;
179
180 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
181 if (!token) {
182 DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
183 return False;
184 }
185 must_free_token = True;
186 }
187
188 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
189
190 /*
191 * Free the new token (as set_sec_ctx copies it).
192 */
193
194 if (must_free_token)
195 delete_nt_token(&token);
196
197 current_user.conn = conn;
198 current_user.vuid = vuid;
199
200 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
201 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
202
203 return(True);
204 }
205
206 /****************************************************************************
207 Go back to being root without changing the security context stack,
208 but modify the current_user entries.
209 ****************************************************************************/
210
211 BOOL change_to_root_user(void)
212 {
213 set_root_sec_ctx();
214
215 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
216 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
217
218 current_user.conn = NULL;
219 current_user.vuid = UID_FIELD_INVALID;
220
221 return(True);
222 }
223
224 /****************************************************************************
225 Become the user of an authenticated connected named pipe.
226 When this is called we are currently running as the connection
227 user. Doesn't modify current_user.
228 ****************************************************************************/
229
230 BOOL become_authenticated_pipe_user(pipes_struct *p)
231 {
232 if (!push_sec_ctx())
233 return False;
234
235 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
236 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
237
238 return True;
239 }
240
241 /****************************************************************************
242 Unbecome the user of an authenticated connected named pipe.
243 When this is called we are running as the authenticated pipe
244 user and need to go back to being the connection user. Doesn't modify
245 current_user.
246 ****************************************************************************/
247
248 BOOL unbecome_authenticated_pipe_user(void)
249 {
250 return pop_sec_ctx();
251 }
252
253 /****************************************************************************
254 Utility functions used by become_xxx/unbecome_xxx.
255 ****************************************************************************/
256
257 struct conn_ctx {
258 connection_struct *conn;
259 uint16 vuid;
260 };
261
262 /* A stack of current_user connection contexts. */
263
264 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
265 static int conn_ctx_stack_ndx;
266
267 static void push_conn_ctx(void)
268 {
269 struct conn_ctx *ctx_p;
270
271 /* Check we don't overflow our stack */
272
273 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
274 DEBUG(0, ("Connection context stack overflow!\n"));
275 smb_panic("Connection context stack overflow!\n");
276 }
277
278 /* Store previous user context */
279 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
280
281 ctx_p->conn = current_user.conn;
282 ctx_p->vuid = current_user.vuid;
283
284 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
285 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
286
287 conn_ctx_stack_ndx++;
288 }
289
290 static void pop_conn_ctx(void)
291 {
292 struct conn_ctx *ctx_p;
293
294 /* Check for stack underflow. */
295
296 if (conn_ctx_stack_ndx == 0) {
297 DEBUG(0, ("Connection context stack underflow!\n"));
298 smb_panic("Connection context stack underflow!\n");
299 }
300
301 conn_ctx_stack_ndx--;
302 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
303
304 current_user.conn = ctx_p->conn;
305 current_user.vuid = ctx_p->vuid;
306
307 ctx_p->conn = NULL;
308 ctx_p->vuid = UID_FIELD_INVALID;
309 }
310
311 void init_conn_ctx(void)
312 {
313 int i;
314
315 /* Initialise connection context stack */
316 for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
317 conn_ctx_stack[i].conn = NULL;
318 conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
319 }
320 }
321
322 /****************************************************************************
323 Temporarily become a root user. Must match with unbecome_root(). Saves and
324 restores the connection context.
325 ****************************************************************************/
326
327 void become_root(void)
328 {
329 push_sec_ctx();
330 push_conn_ctx();
331 set_root_sec_ctx();
332 }
333
334 /* Unbecome the root user */
335
336 void unbecome_root(void)
337 {
338 pop_sec_ctx();
339 pop_conn_ctx();
340 }
341
342 /****************************************************************************
343 Push the current security context then force a change via change_to_user().
344 Saves and restores the connection context.
345 ****************************************************************************/
346
347 BOOL become_user(connection_struct *conn, uint16 vuid)
348 {
349 if (!push_sec_ctx())
350 return False;
351
352 push_conn_ctx();
353
354 if (!change_to_user(conn, vuid)) {
355 pop_sec_ctx();
356 pop_conn_ctx();
357 return False;
358 }
359
360 return True;
361 }
362
363 BOOL unbecome_user(void)
364 {
365 pop_sec_ctx();
366 pop_conn_ctx();
367 return True;
368 }
369
370 /*****************************************************************
371 Convert the suplimentary SIDs returned in a netlogon into UNIX
372 group gid_t's. Add to the total group array.
373 *****************************************************************/
374
375 void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
376 {
377 int total_groups;
378 int current_n_groups = *n_groups;
379 gid_t *final_groups = NULL;
380 size_t i;
381 NT_USER_TOKEN *ptok = *pptok;
382 NT_USER_TOKEN *new_tok = NULL;
383
384 if (!ptok || (ptok->num_sids == 0))
385 return;
386
387 new_tok = dup_nt_token(ptok);
388 if (!new_tok) {
389 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
390 return;
391 }
392 /* Leave the allocated space but empty the number of SIDs. */
393 new_tok->num_sids = 0;
394
395 total_groups = current_n_groups + ptok->num_sids;
396
397 final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
398 if (!final_groups) {
399 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
400 delete_nt_token(&new_tok);
401 return;
402 }
403
404 memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
405 for (i = 0; i < ptok->num_sids; i++) {
406 enum SID_NAME_USE sid_type;
407 gid_t new_grp;
408
409 if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
410 /*
411 * Don't add the gid_t if it is already in the current group
412 * list. Some UNIXen don't like the same group more than once.
413 */
414 int j;
415
416 for (j = 0; j < current_n_groups; j++)
417 if (final_groups[j] == new_grp)
418 break;
419
420 if ( j == current_n_groups) {
421 /* Group not already present. */
422 final_groups[current_n_groups++] = new_grp;
423 }
424 } else {
425 /* SID didn't map. Copy to the new token to be saved. */
426 sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
427 }
428 }
429
430 SAFE_FREE(*pp_groups);
431 *pp_groups = final_groups;
432 *n_groups = current_n_groups;
433
434 /* Replace the old token with the truncated one. */
435 delete_nt_token(&ptok);
436 *pptok = new_tok;
437 }
438
439 /*****************************************************************
440 *THE CANONICAL* convert name to SID function.
441 Tries local lookup first - for local domains - then uses winbind.
442 *****************************************************************/
443
444 BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
445 {
446 extern pstring global_myname;
447 extern fstring global_myworkgroup;
448 fstring sid;
449 BOOL local_lookup = False;
450
451 *name_type = SID_NAME_UNKNOWN;
452
453 /* If we are looking up a domain user, make sure it is
454 for the local machine only */
455
456 if (strequal(global_myname, domain)) {
457 local_lookup = True;
458 } else if (lp_server_role() == ROLE_DOMAIN_PDC ||
459 lp_server_role() == ROLE_DOMAIN_PDC) {
460 if (strequal(domain, global_myworkgroup)) {
461 local_lookup = True;
462 }
463 }
464
465 if (local_lookup) {
466 if (local_lookup_name(name, psid, name_type)) {
467 DEBUG(10,
468 ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n",
469 domain, name, sid_to_string(sid,psid),
470 sid_type_lookup(*name_type), (unsigned int)*name_type));
471 return True;
472 }
473 } else {
474 /* Remote */
475 if (winbind_lookup_name(domain, name, psid, name_type)) {
476
477 DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
478 domain, name, sid_to_string(sid, psid),
479 (unsigned int)*name_type));
480 return True;
481 }
482 }
483
484 DEBUG(10, ("lookup_name: %s lookup for [%s]\\[%s] failed\n",
485 local_lookup ? "local" : "winbind", domain, name));
486
487 return False;
488 }
489
490 /*****************************************************************
491 *THE CANONICAL* convert SID to name function.
492 Tries local lookup first - for local sids, then tries winbind.
493 *****************************************************************/
494
495 BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
496 {
497 if (!name_type)
498 return False;
499
500 *name_type = SID_NAME_UNKNOWN;
501
502 /* Check if this is our own sid. This should perhaps be done by
503 winbind? For the moment handle it here. */
504
505 if (sid->num_auths == 5) {
506 DOM_SID tmp_sid;
507 uint32 rid;
508
509 sid_copy(&tmp_sid, sid);
510 sid_split_rid(&tmp_sid, &rid);
511
512 if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
513
514 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
515 local_lookup_sid(sid, name, name_type);
516 }
517 }
518
519 if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
520 fstring sid_str;
521 DOM_SID tmp_sid;
522 uint32 rid;
523
524 DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
525
526 sid_copy(&tmp_sid, sid);
527 sid_split_rid(&tmp_sid, &rid);
528 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
529 lookup_known_rid(&tmp_sid, rid, name, name_type);
530 }
531 return True;
532 }
533
534 /*****************************************************************
535 *THE CANONICAL* convert uid_t to SID function.
536 Tries winbind first - then uses local lookup.
537 Returns SID pointer.
538 *****************************************************************/
539
540 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
541 {
542 uid_t low, high;
543 fstring sid;
544
545 if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
546 if (winbind_uid_to_sid(psid, uid)) {
547
548 DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
549 (unsigned int)uid, sid_to_string(sid, psid)));
550
551 return psid;
552 }
553 }
554
555 /* Make sure we report failure, (when psid == NULL) */
556 become_root();
557 psid = local_uid_to_sid(psid, uid);
558 unbecome_root();
559
560 DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
561
562 return psid;
563 }
564
565 /*****************************************************************
566 *THE CANONICAL* convert gid_t to SID function.
567 Tries winbind first - then uses local lookup.
568 Returns SID pointer.
569 *****************************************************************/
570
571 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
572 {
573 gid_t low, high;
574 fstring sid;
575
576 if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
577 if (winbind_gid_to_sid(psid, gid)) {
578
579 DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
580 (unsigned int)gid, sid_to_string(sid, psid)));
581
582 return psid;
583 }
584 }
585
586 /* Make sure we report failure, (when psid == NULL) */
587 psid = local_gid_to_sid(psid, gid);
588
589 DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
590
591 return psid;
592 }
593
594 /*****************************************************************
595 *THE CANONICAL* convert SID to uid function.
596 Tries winbind first - then uses local lookup.
597 Returns True if this name is a user sid and the conversion
598 was done correctly, False if not. sidtype is set by this function.
599 *****************************************************************/
600
601 BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
602 {
603 fstring sid_str;
604
605 /* if we know its local then don't try winbindd */
606 if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
607 BOOL result;
608 become_root();
609 result = local_sid_to_uid(puid, psid, sidtype);
610 unbecome_root();
611 return result;
612 }
613
614 /* (tridge) I commented out the slab of code below in order to support foreign SIDs
615 Do we really need to validate the type of SID we have in this case?
616 */
617 #if 0
618 fstring dom_name, name;
619 enum SID_NAME_USE name_type;
620
621 *sidtype = SID_NAME_UNKNOWN;
622 /*
623 * First we must look up the name and decide if this is a user sid.
624 */
625
626 if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
627 BOOL result;
628 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
629 sid_to_string(sid_str, psid) ));
630
631 become_root();
632 result = local_sid_to_uid(puid, psid, sidtype);
633 unbecome_root();
634 return result;
635 }
636
637 /*
638 * Ensure this is a user sid.
639 */
640
641 if (name_type != SID_NAME_USER) {
642 DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
643 (unsigned int)name_type ));
644 return False;
645 }
646 #endif
647 *sidtype = SID_NAME_USER;
648
649 /*
650 * Get the uid for this SID.
651 */
652
653 if (!winbind_sid_to_uid(puid, psid)) {
654 BOOL result;
655 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
656 sid_to_string(sid_str, psid) ));
657 become_root();
658 result = local_sid_to_uid(puid, psid, sidtype);
659 unbecome_root();
660 return result;
661 }
662
663 DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
664 sid_to_string(sid_str, psid),
665 (unsigned int)*puid ));
666
667 return True;
668 }
669
670 /*****************************************************************
671 *THE CANONICAL* convert SID to gid function.
672 Tries winbind first - then uses local lookup.
673 Returns True if this name is a user sid and the conversion
674 was done correctly, False if not.
675 *****************************************************************/
676
677 BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
678 {
679 fstring dom_name, name, sid_str;
680 enum SID_NAME_USE name_type;
681
682 *sidtype = SID_NAME_UNKNOWN;
683
684 /*
685 * First we must look up the name and decide if this is a group sid.
686 */
687
688 /* if we know its local then don't try winbindd */
689 if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
690 BOOL result;
691 become_root();
692 result = local_sid_to_gid(pgid, psid, sidtype);
693 unbecome_root();
694 return result;
695 }
696
697 if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
698 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
699 sid_to_string(sid_str, psid) ));
700 /* this was probably a foreign sid - assume its a group rid
701 and continue */
702 name_type = SID_NAME_DOM_GRP;
703 }
704
705 /*
706 * Ensure this is a group sid.
707 */
708
709 if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
710 DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
711 (unsigned int)name_type ));
712
713 return False;
714 }
715
716 *sidtype = name_type;
717
718 /*
719 * Get the gid for this SID.
720 */
721
722 if (!winbind_sid_to_gid(pgid, psid)) {
723 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
724 sid_to_string(sid_str, psid) ));
725 return False;
726 }
727
728 DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
729 sid_to_string(sid_str, psid),
730 (unsigned int)*pgid ));
731
732 return True;
733 }
734
reg import