2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "smbd/globals.h"
23 /* what user is current? */
24 extern struct current_user current_user
;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 bool change_to_guest(void)
34 pass
= getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
40 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42 initgroups(pass
->pw_name
, pass
->pw_gid
);
45 set_sec_ctx(pass
->pw_uid
, pass
->pw_gid
, 0, NULL
, NULL
);
47 current_user
.conn
= NULL
;
48 current_user
.vuid
= UID_FIELD_INVALID
;
55 /*******************************************************************
56 Check if a username is OK.
58 This sets up conn->server_info with a copy related to this vuser that
59 later code can then mess with.
60 ********************************************************************/
62 static bool check_user_ok(connection_struct
*conn
,
64 const struct auth_serversupplied_info
*server_info
,
67 bool valid_vuid
= (vuid
!= UID_FIELD_INVALID
);
73 struct vuid_cache_entry
*ent
;
75 for (i
=0; i
<VUID_CACHE_SIZE
; i
++) {
76 ent
= &conn
->vuid_cache
.array
[i
];
77 if (ent
->vuid
== vuid
) {
78 conn
->server_info
= ent
->server_info
;
79 conn
->read_only
= ent
->read_only
;
80 conn
->admin_user
= ent
->admin_user
;
86 if (!user_ok_token(server_info
->unix_name
,
87 pdb_get_domain(server_info
->sam_account
),
88 server_info
->ptok
, snum
))
91 readonly_share
= is_share_read_only_for_token(
92 server_info
->unix_name
,
93 pdb_get_domain(server_info
->sam_account
),
97 if (!readonly_share
&&
98 !share_access_check(server_info
->ptok
, lp_servicename(snum
),
100 /* smb.conf allows r/w, but the security descriptor denies
101 * write. Fall back to looking at readonly. */
102 readonly_share
= True
;
103 DEBUG(5,("falling back to read-only access-evaluation due to "
104 "security descriptor\n"));
107 if (!share_access_check(server_info
->ptok
, lp_servicename(snum
),
109 FILE_READ_DATA
: FILE_WRITE_DATA
)) {
113 admin_user
= token_contains_name_in_list(
114 server_info
->unix_name
,
115 pdb_get_domain(server_info
->sam_account
),
116 NULL
, server_info
->ptok
, lp_admin_users(snum
));
119 struct vuid_cache_entry
*ent
=
120 &conn
->vuid_cache
.array
[conn
->vuid_cache
.next_entry
];
122 conn
->vuid_cache
.next_entry
=
123 (conn
->vuid_cache
.next_entry
+ 1) % VUID_CACHE_SIZE
;
125 TALLOC_FREE(ent
->server_info
);
128 * If force_user was set, all server_info's are based on the same
129 * username-based faked one.
132 ent
->server_info
= copy_serverinfo(
133 conn
, conn
->force_user
? conn
->server_info
: server_info
);
135 if (ent
->server_info
== NULL
) {
136 ent
->vuid
= UID_FIELD_INVALID
;
141 ent
->read_only
= readonly_share
;
142 ent
->admin_user
= admin_user
;
143 conn
->server_info
= ent
->server_info
;
146 conn
->read_only
= readonly_share
;
147 conn
->admin_user
= admin_user
;
152 /****************************************************************************
153 Clear a vuid out of the connection's vuid cache
154 ****************************************************************************/
156 void conn_clear_vuid_cache(connection_struct
*conn
, uint16_t vuid
)
160 for (i
=0; i
<VUID_CACHE_SIZE
; i
++) {
161 struct vuid_cache_entry
*ent
;
163 ent
= &conn
->vuid_cache
.array
[i
];
165 if (ent
->vuid
== vuid
) {
166 ent
->vuid
= UID_FIELD_INVALID
;
167 /* Ensure we're not freeing an active pointer. */
168 if (conn
->server_info
== ent
->server_info
) {
169 conn
->server_info
= NULL
;
171 TALLOC_FREE(ent
->server_info
);
172 ent
->read_only
= False
;
173 ent
->admin_user
= False
;
178 /****************************************************************************
179 Become the user of a connection number without changing the security context
180 stack, but modify the current_user entries.
181 ****************************************************************************/
183 bool change_to_user(connection_struct
*conn
, uint16 vuid
)
185 const struct auth_serversupplied_info
*server_info
= NULL
;
186 user_struct
*vuser
= get_valid_user_struct(vuid
);
192 gid_t
*group_list
= NULL
;
195 DEBUG(2,("change_to_user: Connection not open\n"));
200 * We need a separate check in security=share mode due to vuid
201 * always being UID_FIELD_INVALID. If we don't do this then
202 * in share mode security we are *always* changing uid's between
203 * SMB's - this hurts performance - Badly.
206 if((lp_security() == SEC_SHARE
) && (current_user
.conn
== conn
) &&
207 (current_user
.ut
.uid
== conn
->server_info
->utok
.uid
)) {
208 DEBUG(4,("change_to_user: Skipping user change - already "
211 } else if ((current_user
.conn
== conn
) &&
212 (vuser
!= NULL
) && (current_user
.vuid
== vuid
) &&
213 (current_user
.ut
.uid
== vuser
->server_info
->utok
.uid
)) {
214 DEBUG(4,("change_to_user: Skipping user change - already "
221 server_info
= vuser
? vuser
->server_info
: conn
->server_info
;
224 /* Invalid vuid sent - even with security = share. */
225 DEBUG(2,("change_to_user: Invalid vuid %d used on "
226 "share %s.\n",vuid
, lp_servicename(snum
) ));
230 if (!check_user_ok(conn
, vuid
, server_info
, snum
)) {
231 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
232 "not permitted access to share %s.\n",
233 server_info
->sanitized_username
,
234 server_info
->unix_name
, vuid
,
235 lp_servicename(snum
)));
240 * conn->server_info is now correctly set up with a copy we can mess
241 * with for force_group etc.
244 if (conn
->force_user
) /* security = share sets this too */ {
245 uid
= conn
->server_info
->utok
.uid
;
246 gid
= conn
->server_info
->utok
.gid
;
247 group_list
= conn
->server_info
->utok
.groups
;
248 num_groups
= conn
->server_info
->utok
.ngroups
;
250 uid
= conn
->admin_user
? 0 : vuser
->server_info
->utok
.uid
;
251 gid
= conn
->server_info
->utok
.gid
;
252 num_groups
= conn
->server_info
->utok
.ngroups
;
253 group_list
= conn
->server_info
->utok
.groups
;
255 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
256 "share %s.\n",vuid
, lp_servicename(snum
) ));
261 * See if we should force group for this service.
262 * If so this overrides any group set in the force
266 if((group_c
= *lp_force_group(snum
))) {
268 SMB_ASSERT(conn
->force_group_gid
!= (gid_t
)-1);
273 * Only force group if the user is a member of
274 * the service group. Check the group memberships for
275 * this user (we already have this) to
276 * see if we should force the group.
280 for (i
= 0; i
< num_groups
; i
++) {
282 == conn
->force_group_gid
) {
283 conn
->server_info
->utok
.gid
=
284 conn
->force_group_gid
;
285 gid
= conn
->force_group_gid
;
286 gid_to_sid(&conn
->server_info
->ptok
287 ->user_sids
[1], gid
);
292 conn
->server_info
->utok
.gid
= conn
->force_group_gid
;
293 gid
= conn
->force_group_gid
;
294 gid_to_sid(&conn
->server_info
->ptok
->user_sids
[1],
299 /* Now set current_user since we will immediately also call
302 current_user
.ut
.ngroups
= num_groups
;
303 current_user
.ut
.groups
= group_list
;
305 set_sec_ctx(uid
, gid
, current_user
.ut
.ngroups
, current_user
.ut
.groups
,
306 conn
->server_info
->ptok
);
308 current_user
.conn
= conn
;
309 current_user
.vuid
= vuid
;
311 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
312 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
317 /****************************************************************************
318 Go back to being root without changing the security context stack,
319 but modify the current_user entries.
320 ****************************************************************************/
322 bool change_to_root_user(void)
326 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
327 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
329 current_user
.conn
= NULL
;
330 current_user
.vuid
= UID_FIELD_INVALID
;
335 /****************************************************************************
336 Become the user of an authenticated connected named pipe.
337 When this is called we are currently running as the connection
338 user. Doesn't modify current_user.
339 ****************************************************************************/
341 bool become_authenticated_pipe_user(pipes_struct
*p
)
346 set_sec_ctx(p
->server_info
->utok
.uid
, p
->server_info
->utok
.gid
,
347 p
->server_info
->utok
.ngroups
, p
->server_info
->utok
.groups
,
348 p
->server_info
->ptok
);
353 /****************************************************************************
354 Unbecome the user of an authenticated connected named pipe.
355 When this is called we are running as the authenticated pipe
356 user and need to go back to being the connection user. Doesn't modify
358 ****************************************************************************/
360 bool unbecome_authenticated_pipe_user(void)
362 return pop_sec_ctx();
365 /****************************************************************************
366 Utility functions used by become_xxx/unbecome_xxx.
367 ****************************************************************************/
369 static void push_conn_ctx(void)
371 struct conn_ctx
*ctx_p
;
373 /* Check we don't overflow our stack */
375 if (conn_ctx_stack_ndx
== MAX_SEC_CTX_DEPTH
) {
376 DEBUG(0, ("Connection context stack overflow!\n"));
377 smb_panic("Connection context stack overflow!\n");
380 /* Store previous user context */
381 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
383 ctx_p
->conn
= current_user
.conn
;
384 ctx_p
->vuid
= current_user
.vuid
;
386 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
387 (unsigned int)ctx_p
->vuid
, conn_ctx_stack_ndx
));
389 conn_ctx_stack_ndx
++;
392 static void pop_conn_ctx(void)
394 struct conn_ctx
*ctx_p
;
396 /* Check for stack underflow. */
398 if (conn_ctx_stack_ndx
== 0) {
399 DEBUG(0, ("Connection context stack underflow!\n"));
400 smb_panic("Connection context stack underflow!\n");
403 conn_ctx_stack_ndx
--;
404 ctx_p
= &conn_ctx_stack
[conn_ctx_stack_ndx
];
406 current_user
.conn
= ctx_p
->conn
;
407 current_user
.vuid
= ctx_p
->vuid
;
410 ctx_p
->vuid
= UID_FIELD_INVALID
;
413 /****************************************************************************
414 Temporarily become a root user. Must match with unbecome_root(). Saves and
415 restores the connection context.
416 ****************************************************************************/
418 void become_root(void)
421 * no good way to handle push_sec_ctx() failing without changing
422 * the prototype of become_root()
424 if (!push_sec_ctx()) {
425 smb_panic("become_root: push_sec_ctx failed");
431 /* Unbecome the root user */
433 void unbecome_root(void)
439 /****************************************************************************
440 Push the current security context then force a change via change_to_user().
441 Saves and restores the connection context.
442 ****************************************************************************/
444 bool become_user(connection_struct
*conn
, uint16 vuid
)
451 if (!change_to_user(conn
, vuid
)) {
460 bool unbecome_user(void)