search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Document default of the printing config variable.
[Samba/nascimento.git] / source3 / smbd / uid.c
blob4f059bdb59894f9efd00ce94e3b9dc2a4f7c786d
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22
23 /* what user is current? */
24 extern struct current_user current_user;
25
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
29
30 bool change_to_guest(void)
31 {
32 struct passwd *pass;
33
34 pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
35 if (!pass) {
36 return false;
37 }
38
39 #ifdef AIX
40 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
41 setting IDs */
42 initgroups(pass->pw_name, pass->pw_gid);
43 #endif
44
45 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
46
47 current_user.conn = NULL;
48 current_user.vuid = UID_FIELD_INVALID;
49
50 TALLOC_FREE(pass);
51
52 return true;
53 }
54
55 /*******************************************************************
56 Check if a username is OK.
57
58 This sets up conn->server_info with a copy related to this vuser that
59 later code can then mess with.
60 ********************************************************************/
61
62 static bool check_user_ok(connection_struct *conn,
63 uint16_t vuid,
64 const struct auth_serversupplied_info *server_info,
65 int snum)
66 {
67 bool valid_vuid = (vuid != UID_FIELD_INVALID);
68 unsigned int i;
69 bool readonly_share;
70 bool admin_user;
71
72 if (valid_vuid) {
73 struct vuid_cache_entry *ent;
74
75 for (i=0; i<VUID_CACHE_SIZE; i++) {
76 ent = &conn->vuid_cache.array[i];
77 if (ent->vuid == vuid) {
78 conn->server_info = ent->server_info;
79 conn->read_only = ent->read_only;
80 conn->admin_user = ent->admin_user;
81 return(True);
82 }
83 }
84 }
85
86 if (!user_ok_token(server_info->unix_name,
87 pdb_get_domain(server_info->sam_account),
88 server_info->ptok, snum))
89 return(False);
90
91 readonly_share = is_share_read_only_for_token(
92 server_info->unix_name,
93 pdb_get_domain(server_info->sam_account),
94 server_info->ptok,
95 conn);
96
97 if (!readonly_share &&
98 !share_access_check(server_info->ptok, lp_servicename(snum),
99 FILE_WRITE_DATA)) {
100 /* smb.conf allows r/w, but the security descriptor denies
101 * write. Fall back to looking at readonly. */
102 readonly_share = True;
103 DEBUG(5,("falling back to read-only access-evaluation due to "
104 "security descriptor\n"));
105 }
106
107 if (!share_access_check(server_info->ptok, lp_servicename(snum),
108 readonly_share ?
109 FILE_READ_DATA : FILE_WRITE_DATA)) {
110 return False;
111 }
112
113 admin_user = token_contains_name_in_list(
114 server_info->unix_name,
115 pdb_get_domain(server_info->sam_account),
116 NULL, server_info->ptok, lp_admin_users(snum));
117
118 if (valid_vuid) {
119 struct vuid_cache_entry *ent =
120 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
121
122 conn->vuid_cache.next_entry =
123 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
124
125 TALLOC_FREE(ent->server_info);
126
127 /*
128 * If force_user was set, all server_info's are based on the same
129 * username-based faked one.
130 */
131
132 ent->server_info = copy_serverinfo(
133 conn, conn->force_user ? conn->server_info : server_info);
134
135 if (ent->server_info == NULL) {
136 ent->vuid = UID_FIELD_INVALID;
137 return false;
138 }
139
140 ent->vuid = vuid;
141 ent->read_only = readonly_share;
142 ent->admin_user = admin_user;
143 conn->server_info = ent->server_info;
144 }
145
146 conn->read_only = readonly_share;
147 conn->admin_user = admin_user;
148
149 return(True);
150 }
151
152 /****************************************************************************
153 Clear a vuid out of the connection's vuid cache
154 ****************************************************************************/
155
156 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
157 {
158 int i;
159
160 for (i=0; i<VUID_CACHE_SIZE; i++) {
161 struct vuid_cache_entry *ent;
162
163 ent = &conn->vuid_cache.array[i];
164
165 if (ent->vuid == vuid) {
166 ent->vuid = UID_FIELD_INVALID;
167 TALLOC_FREE(ent->server_info);
168 ent->read_only = False;
169 ent->admin_user = False;
170 }
171 }
172 }
173
174 /****************************************************************************
175 Become the user of a connection number without changing the security context
176 stack, but modify the current_user entries.
177 ****************************************************************************/
178
179 bool change_to_user(connection_struct *conn, uint16 vuid)
180 {
181 const struct auth_serversupplied_info *server_info = NULL;
182 user_struct *vuser = get_valid_user_struct(vuid);
183 int snum;
184 gid_t gid;
185 uid_t uid;
186 char group_c;
187 int num_groups = 0;
188 gid_t *group_list = NULL;
189
190 if (!conn) {
191 DEBUG(2,("change_to_user: Connection not open\n"));
192 return(False);
193 }
194
195 /*
196 * We need a separate check in security=share mode due to vuid
197 * always being UID_FIELD_INVALID. If we don't do this then
198 * in share mode security we are *always* changing uid's between
199 * SMB's - this hurts performance - Badly.
200 */
201
202 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
203 (current_user.ut.uid == conn->server_info->utok.uid)) {
204 DEBUG(4,("change_to_user: Skipping user change - already "
205 "user\n"));
206 return(True);
207 } else if ((current_user.conn == conn) &&
208 (vuser != NULL) && (current_user.vuid == vuid) &&
209 (current_user.ut.uid == vuser->server_info->utok.uid)) {
210 DEBUG(4,("change_to_user: Skipping user change - already "
211 "user\n"));
212 return(True);
213 }
214
215 snum = SNUM(conn);
216
217 server_info = vuser ? vuser->server_info : conn->server_info;
218
219 if (!check_user_ok(conn, vuid, server_info, snum)) {
220 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
221 "not permitted access to share %s.\n",
222 server_info->sanitized_username,
223 server_info->unix_name, vuid,
224 lp_servicename(snum)));
225 return false;
226 }
227
228 /*
229 * conn->server_info is now correctly set up with a copy we can mess
230 * with for force_group etc.
231 */
232
233 if (conn->force_user) /* security = share sets this too */ {
234 uid = conn->server_info->utok.uid;
235 gid = conn->server_info->utok.gid;
236 group_list = conn->server_info->utok.groups;
237 num_groups = conn->server_info->utok.ngroups;
238 } else if (vuser) {
239 uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
240 gid = conn->server_info->utok.gid;
241 num_groups = conn->server_info->utok.ngroups;
242 group_list = conn->server_info->utok.groups;
243 } else {
244 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
245 "share %s.\n",vuid, lp_servicename(snum) ));
246 return False;
247 }
248
249 /*
250 * See if we should force group for this service.
251 * If so this overrides any group set in the force
252 * user code.
253 */
254
255 if((group_c = *lp_force_group(snum))) {
256
257 if(group_c == '+') {
258
259 /*
260 * Only force group if the user is a member of
261 * the service group. Check the group memberships for
262 * this user (we already have this) to
263 * see if we should force the group.
264 */
265
266 int i;
267 for (i = 0; i < num_groups; i++) {
268 if (group_list[i]
269 == conn->server_info->utok.gid) {
270 gid = conn->server_info->utok.gid;
271 gid_to_sid(&conn->server_info->ptok
272 ->user_sids[1], gid);
273 break;
274 }
275 }
276 } else {
277 gid = conn->server_info->utok.gid;
278 gid_to_sid(&conn->server_info->ptok->user_sids[1],
279 gid);
280 }
281 }
282
283 /* Now set current_user since we will immediately also call
284 set_sec_ctx() */
285
286 current_user.ut.ngroups = num_groups;
287 current_user.ut.groups = group_list;
288
289 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
290 conn->server_info->ptok);
291
292 current_user.conn = conn;
293 current_user.vuid = vuid;
294
295 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
296 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
297
298 return(True);
299 }
300
301 /****************************************************************************
302 Go back to being root without changing the security context stack,
303 but modify the current_user entries.
304 ****************************************************************************/
305
306 bool change_to_root_user(void)
307 {
308 set_root_sec_ctx();
309
310 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
311 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
312
313 current_user.conn = NULL;
314 current_user.vuid = UID_FIELD_INVALID;
315
316 return(True);
317 }
318
319 /****************************************************************************
320 Become the user of an authenticated connected named pipe.
321 When this is called we are currently running as the connection
322 user. Doesn't modify current_user.
323 ****************************************************************************/
324
325 bool become_authenticated_pipe_user(pipes_struct *p)
326 {
327 if (!push_sec_ctx())
328 return False;
329
330 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
331 p->server_info->utok.ngroups, p->server_info->utok.groups,
332 p->server_info->ptok);
333
334 return True;
335 }
336
337 /****************************************************************************
338 Unbecome the user of an authenticated connected named pipe.
339 When this is called we are running as the authenticated pipe
340 user and need to go back to being the connection user. Doesn't modify
341 current_user.
342 ****************************************************************************/
343
344 bool unbecome_authenticated_pipe_user(void)
345 {
346 return pop_sec_ctx();
347 }
348
349 /****************************************************************************
350 Utility functions used by become_xxx/unbecome_xxx.
351 ****************************************************************************/
352
353 static void push_conn_ctx(void)
354 {
355 struct conn_ctx *ctx_p;
356
357 /* Check we don't overflow our stack */
358
359 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
360 DEBUG(0, ("Connection context stack overflow!\n"));
361 smb_panic("Connection context stack overflow!\n");
362 }
363
364 /* Store previous user context */
365 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
366
367 ctx_p->conn = current_user.conn;
368 ctx_p->vuid = current_user.vuid;
369
370 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
371 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
372
373 conn_ctx_stack_ndx++;
374 }
375
376 static void pop_conn_ctx(void)
377 {
378 struct conn_ctx *ctx_p;
379
380 /* Check for stack underflow. */
381
382 if (conn_ctx_stack_ndx == 0) {
383 DEBUG(0, ("Connection context stack underflow!\n"));
384 smb_panic("Connection context stack underflow!\n");
385 }
386
387 conn_ctx_stack_ndx--;
388 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
389
390 current_user.conn = ctx_p->conn;
391 current_user.vuid = ctx_p->vuid;
392
393 ctx_p->conn = NULL;
394 ctx_p->vuid = UID_FIELD_INVALID;
395 }
396
397 /****************************************************************************
398 Temporarily become a root user. Must match with unbecome_root(). Saves and
399 restores the connection context.
400 ****************************************************************************/
401
402 void become_root(void)
403 {
404 /*
405 * no good way to handle push_sec_ctx() failing without changing
406 * the prototype of become_root()
407 */
408 if (!push_sec_ctx()) {
409 smb_panic("become_root: push_sec_ctx failed");
410 }
411 push_conn_ctx();
412 set_root_sec_ctx();
413 }
414
415 /* Unbecome the root user */
416
417 void unbecome_root(void)
418 {
419 pop_sec_ctx();
420 pop_conn_ctx();
421 }
422
423 /****************************************************************************
424 Push the current security context then force a change via change_to_user().
425 Saves and restores the connection context.
426 ****************************************************************************/
427
428 bool become_user(connection_struct *conn, uint16 vuid)
429 {
430 if (!push_sec_ctx())
431 return False;
432
433 push_conn_ctx();
434
435 if (!change_to_user(conn, vuid)) {
436 pop_sec_ctx();
437 pop_conn_ctx();
438 return False;
439 }
440
441 return True;
442 }
443
444 bool unbecome_user(void)
445 {
446 pop_sec_ctx();
447 pop_conn_ctx();
448 return True;
449 }