search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Initialize stack variables. Prelude to factoring out calls to check_user_share_access().
[Samba/gebeck_regimport.git] / source3 / smbd / uid.c
blob98020561acfd110d7938f570e1788bfe5d1dca97
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28
29 /* what user is current? */
30 extern struct current_user current_user;
31
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
35
36 bool change_to_guest(void)
37 {
38 struct passwd *pass;
39
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
41 if (!pass) {
42 return false;
43 }
44
45 #ifdef AIX
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
47 setting IDs */
48 initgroups(pass->pw_name, pass->pw_gid);
49 #endif
50
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
52
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
55
56 TALLOC_FREE(pass);
57
58 return true;
59 }
60
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
64
65 static void free_conn_session_info_if_unused(connection_struct *conn)
66 {
67 unsigned int i;
68
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache->array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
74 return;
75 }
76 }
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
79 }
80
81 /*******************************************************************
82 Calculate access mask and if this user can access this share.
83 ********************************************************************/
84
85 NTSTATUS check_user_share_access(connection_struct *conn,
86 const struct auth_session_info *session_info,
87 uint32_t *p_share_access,
88 bool *p_readonly_share)
89 {
90 int snum = SNUM(conn);
91 uint32_t share_access = 0;
92 bool readonly_share = false;
93
94 if (!user_ok_token(session_info->unix_info->unix_name,
95 session_info->info->domain_name,
96 session_info->security_token, snum)) {
97 return NT_STATUS_ACCESS_DENIED;
98 }
99
100 readonly_share = is_share_read_only_for_token(
101 session_info->unix_info->unix_name,
102 session_info->info->domain_name,
103 session_info->security_token,
104 conn);
105
106 share_access = create_share_access_mask(snum,
107 readonly_share,
108 session_info->security_token);
109
110 if ((share_access & FILE_WRITE_DATA) == 0) {
111 if ((share_access & FILE_READ_DATA) == 0) {
112 /* No access, read or write. */
113 DEBUG(0,("user %s connection to %s "
114 "denied due to share security "
115 "descriptor.\n",
116 session_info->unix_info->unix_name,
117 lp_servicename(talloc_tos(), snum)));
118 return NT_STATUS_ACCESS_DENIED;
119 }
120 }
121
122 if (!readonly_share &&
123 !(share_access & FILE_WRITE_DATA)) {
124 /* smb.conf allows r/w, but the security descriptor denies
125 * write. Fall back to looking at readonly. */
126 readonly_share = True;
127 DEBUG(5,("falling back to read-only access-evaluation due to "
128 "security descriptor\n"));
129 }
130
131 *p_share_access = share_access;
132 *p_readonly_share = readonly_share;
133
134 return NT_STATUS_OK;
135 }
136
137 /*******************************************************************
138 Check if a username is OK.
139
140 This sets up conn->session_info with a copy related to this vuser that
141 later code can then mess with.
142 ********************************************************************/
143
144 static bool check_user_ok(connection_struct *conn,
145 uint64_t vuid,
146 const struct auth_session_info *session_info,
147 int snum)
148 {
149 unsigned int i;
150 bool readonly_share = false;
151 bool admin_user = false;
152 struct vuid_cache_entry *ent = NULL;
153 uint32_t share_access = 0;
154
155 for (i=0; i<VUID_CACHE_SIZE; i++) {
156 ent = &conn->vuid_cache->array[i];
157 if (ent->vuid == vuid) {
158 free_conn_session_info_if_unused(conn);
159 conn->session_info = ent->session_info;
160 conn->read_only = ent->read_only;
161 conn->share_access = ent->share_access;
162 return(True);
163 }
164 }
165
166 if (!user_ok_token(session_info->unix_info->unix_name,
167 session_info->info->domain_name,
168 session_info->security_token, snum))
169 return(False);
170
171 readonly_share = is_share_read_only_for_token(
172 session_info->unix_info->unix_name,
173 session_info->info->domain_name,
174 session_info->security_token,
175 conn);
176
177 share_access = create_share_access_mask(snum,
178 readonly_share,
179 session_info->security_token);
180
181 if ((share_access & FILE_WRITE_DATA) == 0) {
182 if ((share_access & FILE_READ_DATA) == 0) {
183 /* No access, read or write. */
184 DEBUG(0,("user %s connection to %s "
185 "denied due to share security "
186 "descriptor.\n",
187 session_info->unix_info->unix_name,
188 lp_servicename(talloc_tos(), snum)));
189 return false;
190 }
191 }
192
193 if (!readonly_share &&
194 !(share_access & FILE_WRITE_DATA)) {
195 /* smb.conf allows r/w, but the security descriptor denies
196 * write. Fall back to looking at readonly. */
197 readonly_share = True;
198 DEBUG(5,("falling back to read-only access-evaluation due to "
199 "security descriptor\n"));
200 }
201
202 admin_user = token_contains_name_in_list(
203 session_info->unix_info->unix_name,
204 session_info->info->domain_name,
205 NULL, session_info->security_token, lp_admin_users(snum));
206
207 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
208
209 conn->vuid_cache->next_entry =
210 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
211
212 TALLOC_FREE(ent->session_info);
213
214 /*
215 * If force_user was set, all session_info's are based on the same
216 * username-based faked one.
217 */
218
219 ent->session_info = copy_session_info(
220 conn, conn->force_user ? conn->session_info : session_info);
221
222 if (ent->session_info == NULL) {
223 ent->vuid = UID_FIELD_INVALID;
224 return false;
225 }
226
227 ent->vuid = vuid;
228 ent->read_only = readonly_share;
229 ent->share_access = share_access;
230 free_conn_session_info_if_unused(conn);
231 conn->session_info = ent->session_info;
232
233 conn->read_only = readonly_share;
234 conn->share_access = share_access;
235
236 if (admin_user) {
237 DEBUG(2,("check_user_ok: user %s is an admin user. "
238 "Setting uid as %d\n",
239 conn->session_info->unix_info->unix_name,
240 sec_initial_uid() ));
241 conn->session_info->unix_token->uid = sec_initial_uid();
242 }
243
244 return(True);
245 }
246
247 /****************************************************************************
248 Become the user of a connection number without changing the security context
249 stack, but modify the current_user entries.
250 ****************************************************************************/
251
252 static bool change_to_user_internal(connection_struct *conn,
253 const struct auth_session_info *session_info,
254 uint64_t vuid)
255 {
256 int snum;
257 gid_t gid;
258 uid_t uid;
259 char group_c;
260 int num_groups = 0;
261 gid_t *group_list = NULL;
262 bool ok;
263
264 snum = SNUM(conn);
265
266 ok = check_user_ok(conn, vuid, session_info, snum);
267 if (!ok) {
268 DEBUG(2,("SMB user %s (unix user %s) "
269 "not permitted access to share %s.\n",
270 session_info->unix_info->sanitized_username,
271 session_info->unix_info->unix_name,
272 lp_servicename(talloc_tos(), snum)));
273 return false;
274 }
275
276 uid = conn->session_info->unix_token->uid;
277 gid = conn->session_info->unix_token->gid;
278 num_groups = conn->session_info->unix_token->ngroups;
279 group_list = conn->session_info->unix_token->groups;
280
281 /*
282 * See if we should force group for this service. If so this overrides
283 * any group set in the force user code.
284 */
285 if((group_c = *lp_force_group(talloc_tos(), snum))) {
286
287 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
288
289 if (group_c == '+') {
290 int i;
291
292 /*
293 * Only force group if the user is a member of the
294 * service group. Check the group memberships for this
295 * user (we already have this) to see if we should force
296 * the group.
297 */
298 for (i = 0; i < num_groups; i++) {
299 if (group_list[i] == conn->force_group_gid) {
300 conn->session_info->unix_token->gid =
301 conn->force_group_gid;
302 gid = conn->force_group_gid;
303 gid_to_sid(&conn->session_info->security_token
304 ->sids[1], gid);
305 break;
306 }
307 }
308 } else {
309 conn->session_info->unix_token->gid = conn->force_group_gid;
310 gid = conn->force_group_gid;
311 gid_to_sid(&conn->session_info->security_token->sids[1],
312 gid);
313 }
314 }
315
316 /*Set current_user since we will immediately also call set_sec_ctx() */
317 current_user.ut.ngroups = num_groups;
318 current_user.ut.groups = group_list;
319
320 set_sec_ctx(uid,
321 gid,
322 current_user.ut.ngroups,
323 current_user.ut.groups,
324 conn->session_info->security_token);
325
326 current_user.conn = conn;
327 current_user.vuid = vuid;
328
329 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
330 (int)getuid(),
331 (int)geteuid(),
332 (int)getgid(),
333 (int)getegid()));
334
335 return true;
336 }
337
338 bool change_to_user(connection_struct *conn, uint64_t vuid)
339 {
340 struct user_struct *vuser;
341 int snum = SNUM(conn);
342
343 if (!conn) {
344 DEBUG(2,("Connection not open\n"));
345 return(False);
346 }
347
348 vuser = get_valid_user_struct(conn->sconn, vuid);
349
350 if ((current_user.conn == conn) &&
351 (vuser != NULL) && (current_user.vuid == vuid) &&
352 (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
353 DEBUG(4,("Skipping user change - already "
354 "user\n"));
355 return(True);
356 }
357
358 if (vuser == NULL) {
359 /* Invalid vuid sent */
360 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
361 (unsigned long long)vuid, lp_servicename(talloc_tos(),
362 snum)));
363 return false;
364 }
365
366 return change_to_user_internal(conn, vuser->session_info, vuid);
367 }
368
369 static bool change_to_user_by_session(connection_struct *conn,
370 const struct auth_session_info *session_info)
371 {
372 SMB_ASSERT(conn != NULL);
373 SMB_ASSERT(session_info != NULL);
374
375 if ((current_user.conn == conn) &&
376 (current_user.ut.uid == session_info->unix_token->uid)) {
377 DEBUG(7, ("Skipping user change - already user\n"));
378
379 return true;
380 }
381
382 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
383 }
384
385 /****************************************************************************
386 Go back to being root without changing the security context stack,
387 but modify the current_user entries.
388 ****************************************************************************/
389
390 bool smbd_change_to_root_user(void)
391 {
392 set_root_sec_ctx();
393
394 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
395 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
396
397 current_user.conn = NULL;
398 current_user.vuid = UID_FIELD_INVALID;
399
400 return(True);
401 }
402
403 /****************************************************************************
404 Become the user of an authenticated connected named pipe.
405 When this is called we are currently running as the connection
406 user. Doesn't modify current_user.
407 ****************************************************************************/
408
409 bool become_authenticated_pipe_user(struct auth_session_info *session_info)
410 {
411 if (!push_sec_ctx())
412 return False;
413
414 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
415 session_info->unix_token->ngroups, session_info->unix_token->groups,
416 session_info->security_token);
417
418 return True;
419 }
420
421 /****************************************************************************
422 Unbecome the user of an authenticated connected named pipe.
423 When this is called we are running as the authenticated pipe
424 user and need to go back to being the connection user. Doesn't modify
425 current_user.
426 ****************************************************************************/
427
428 bool unbecome_authenticated_pipe_user(void)
429 {
430 return pop_sec_ctx();
431 }
432
433 /****************************************************************************
434 Utility functions used by become_xxx/unbecome_xxx.
435 ****************************************************************************/
436
437 static void push_conn_ctx(void)
438 {
439 struct conn_ctx *ctx_p;
440
441 /* Check we don't overflow our stack */
442
443 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
444 DEBUG(0, ("Connection context stack overflow!\n"));
445 smb_panic("Connection context stack overflow!\n");
446 }
447
448 /* Store previous user context */
449 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
450
451 ctx_p->conn = current_user.conn;
452 ctx_p->vuid = current_user.vuid;
453
454 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
455 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
456
457 conn_ctx_stack_ndx++;
458 }
459
460 static void pop_conn_ctx(void)
461 {
462 struct conn_ctx *ctx_p;
463
464 /* Check for stack underflow. */
465
466 if (conn_ctx_stack_ndx == 0) {
467 DEBUG(0, ("Connection context stack underflow!\n"));
468 smb_panic("Connection context stack underflow!\n");
469 }
470
471 conn_ctx_stack_ndx--;
472 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
473
474 current_user.conn = ctx_p->conn;
475 current_user.vuid = ctx_p->vuid;
476
477 ctx_p->conn = NULL;
478 ctx_p->vuid = UID_FIELD_INVALID;
479 }
480
481 /****************************************************************************
482 Temporarily become a root user. Must match with unbecome_root(). Saves and
483 restores the connection context.
484 ****************************************************************************/
485
486 void smbd_become_root(void)
487 {
488 /*
489 * no good way to handle push_sec_ctx() failing without changing
490 * the prototype of become_root()
491 */
492 if (!push_sec_ctx()) {
493 smb_panic("become_root: push_sec_ctx failed");
494 }
495 push_conn_ctx();
496 set_root_sec_ctx();
497 }
498
499 /* Unbecome the root user */
500
501 void smbd_unbecome_root(void)
502 {
503 pop_sec_ctx();
504 pop_conn_ctx();
505 }
506
507 /****************************************************************************
508 Push the current security context then force a change via change_to_user().
509 Saves and restores the connection context.
510 ****************************************************************************/
511
512 bool become_user(connection_struct *conn, uint64_t vuid)
513 {
514 if (!push_sec_ctx())
515 return False;
516
517 push_conn_ctx();
518
519 if (!change_to_user(conn, vuid)) {
520 pop_sec_ctx();
521 pop_conn_ctx();
522 return False;
523 }
524
525 return True;
526 }
527
528 bool become_user_by_session(connection_struct *conn,
529 const struct auth_session_info *session_info)
530 {
531 if (!push_sec_ctx())
532 return false;
533
534 push_conn_ctx();
535
536 if (!change_to_user_by_session(conn, session_info)) {
537 pop_sec_ctx();
538 pop_conn_ctx();
539 return false;
540 }
541
542 return true;
543 }
544
545 bool unbecome_user(void)
546 {
547 pop_sec_ctx();
548 pop_conn_ctx();
549 return True;
550 }
551
552 /****************************************************************************
553 Return the current user we are running effectively as on this connection.
554 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
555 doesn't alter this value.
556 ****************************************************************************/
557
558 uid_t get_current_uid(connection_struct *conn)
559 {
560 return current_user.ut.uid;
561 }
562
563 /****************************************************************************
564 Return the current group we are running effectively as on this connection.
565 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
566 doesn't alter this value.
567 ****************************************************************************/
568
569 gid_t get_current_gid(connection_struct *conn)
570 {
571 return current_user.ut.gid;
572 }
573
574 /****************************************************************************
575 Return the UNIX token we are running effectively as on this connection.
576 I'd like to make this return &conn->session_info->unix_token-> but become_root()
577 doesn't alter this value.
578 ****************************************************************************/
579
580 const struct security_unix_token *get_current_utok(connection_struct *conn)
581 {
582 return &current_user.ut;
583 }
584
585 /****************************************************************************
586 Return the Windows token we are running effectively as on this connection.
587 If this is currently a NULL token as we're inside become_root() - a temporary
588 UNIX security override, then we search up the stack for the previous active
589 token.
590 ****************************************************************************/
591
592 const struct security_token *get_current_nttok(connection_struct *conn)
593 {
594 if (current_user.nt_user_token) {
595 return current_user.nt_user_token;
596 }
597 return sec_ctx_active_token();
598 }
599
600 uint64_t get_current_vuid(connection_struct *conn)
601 {
602 return current_user.vuid;
603 }
reg import