Use vfs_cifs as a basis for vfs_proxy
[Samba/vfs_proxy.git] / source3 / smbd / uid.c
blob5a4b8a52e791bb8a65a802bb765bba72b13c31fb
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
22 /* what user is current? */
23 extern struct current_user current_user;
25 /****************************************************************************
26 Become the guest user without changing the security context stack.
27 ****************************************************************************/
29 bool change_to_guest(void)
31 static struct passwd *pass=NULL;
33 if (!pass) {
34 /* Don't need to free() this as its stored in a static */
35 pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
36 if (!pass)
37 return(False);
40 #ifdef AIX
41 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42 setting IDs */
43 initgroups(pass->pw_name, pass->pw_gid);
44 #endif
46 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
48 current_user.conn = NULL;
49 current_user.vuid = UID_FIELD_INVALID;
51 TALLOC_FREE(pass);
52 pass = NULL;
54 return True;
57 /*******************************************************************
58 Check if a username is OK.
60 This sets up conn->server_info with a copy related to this vuser that
61 later code can then mess with.
62 ********************************************************************/
64 static bool check_user_ok(connection_struct *conn,
65 uint16_t vuid,
66 const struct auth_serversupplied_info *server_info,
67 int snum)
69 bool valid_vuid = (vuid != UID_FIELD_INVALID);
70 unsigned int i;
71 bool readonly_share;
72 bool admin_user;
74 if (valid_vuid) {
75 struct vuid_cache_entry *ent;
77 for (i=0; i<VUID_CACHE_SIZE; i++) {
78 ent = &conn->vuid_cache.array[i];
79 if (ent->vuid == vuid) {
80 conn->server_info = ent->server_info;
81 conn->read_only = ent->read_only;
82 conn->admin_user = ent->admin_user;
83 return(True);
88 if (!user_ok_token(server_info->unix_name,
89 pdb_get_domain(server_info->sam_account),
90 server_info->ptok, snum))
91 return(False);
93 readonly_share = is_share_read_only_for_token(
94 server_info->unix_name,
95 pdb_get_domain(server_info->sam_account),
96 server_info->ptok,
97 conn);
99 if (!readonly_share &&
100 !share_access_check(server_info->ptok, lp_servicename(snum),
101 FILE_WRITE_DATA)) {
102 /* smb.conf allows r/w, but the security descriptor denies
103 * write. Fall back to looking at readonly. */
104 readonly_share = True;
105 DEBUG(5,("falling back to read-only access-evaluation due to "
106 "security descriptor\n"));
109 if (!share_access_check(server_info->ptok, lp_servicename(snum),
110 readonly_share ?
111 FILE_READ_DATA : FILE_WRITE_DATA)) {
112 return False;
115 admin_user = token_contains_name_in_list(
116 server_info->unix_name,
117 pdb_get_domain(server_info->sam_account),
118 NULL, server_info->ptok, lp_admin_users(snum));
120 if (valid_vuid) {
121 struct vuid_cache_entry *ent =
122 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
124 conn->vuid_cache.next_entry =
125 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
127 TALLOC_FREE(ent->server_info);
130 * If force_user was set, all server_info's are based on the same
131 * username-based faked one.
134 ent->server_info = copy_serverinfo(
135 conn, conn->force_user ? conn->server_info : server_info);
137 if (ent->server_info == NULL) {
138 ent->vuid = UID_FIELD_INVALID;
139 return false;
142 ent->vuid = vuid;
143 ent->read_only = readonly_share;
144 ent->admin_user = admin_user;
145 conn->server_info = ent->server_info;
148 conn->read_only = readonly_share;
149 conn->admin_user = admin_user;
151 return(True);
154 /****************************************************************************
155 Clear a vuid out of the connection's vuid cache
156 ****************************************************************************/
158 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
160 int i;
162 for (i=0; i<VUID_CACHE_SIZE; i++) {
163 struct vuid_cache_entry *ent;
165 ent = &conn->vuid_cache.array[i];
167 if (ent->vuid == vuid) {
168 ent->vuid = UID_FIELD_INVALID;
169 TALLOC_FREE(ent->server_info);
170 ent->read_only = False;
171 ent->admin_user = False;
176 /****************************************************************************
177 Become the user of a connection number without changing the security context
178 stack, but modify the current_user entries.
179 ****************************************************************************/
181 bool change_to_user(connection_struct *conn, uint16 vuid)
183 const struct auth_serversupplied_info *server_info = NULL;
184 user_struct *vuser = get_valid_user_struct(vuid);
185 int snum;
186 gid_t gid;
187 uid_t uid;
188 char group_c;
189 int num_groups = 0;
190 gid_t *group_list = NULL;
192 if (!conn) {
193 DEBUG(2,("change_to_user: Connection not open\n"));
194 return(False);
198 * We need a separate check in security=share mode due to vuid
199 * always being UID_FIELD_INVALID. If we don't do this then
200 * in share mode security we are *always* changing uid's between
201 * SMB's - this hurts performance - Badly.
204 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
205 (current_user.ut.uid == conn->server_info->utok.uid)) {
206 DEBUG(4,("change_to_user: Skipping user change - already "
207 "user\n"));
208 return(True);
209 } else if ((current_user.conn == conn) &&
210 (vuser != NULL) && (current_user.vuid == vuid) &&
211 (current_user.ut.uid == vuser->server_info->utok.uid)) {
212 DEBUG(4,("change_to_user: Skipping user change - already "
213 "user\n"));
214 return(True);
217 snum = SNUM(conn);
219 server_info = vuser ? vuser->server_info : conn->server_info;
221 if (!check_user_ok(conn, vuid, server_info, snum)) {
222 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
223 "not permitted access to share %s.\n",
224 server_info->sanitized_username,
225 server_info->unix_name, vuid,
226 lp_servicename(snum)));
227 return false;
231 * conn->server_info is now correctly set up with a copy we can mess
232 * with for force_group etc.
235 if (conn->force_user) /* security = share sets this too */ {
236 uid = conn->server_info->utok.uid;
237 gid = conn->server_info->utok.gid;
238 group_list = conn->server_info->utok.groups;
239 num_groups = conn->server_info->utok.ngroups;
240 } else if (vuser) {
241 uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
242 gid = conn->server_info->utok.gid;
243 num_groups = conn->server_info->utok.ngroups;
244 group_list = conn->server_info->utok.groups;
245 } else {
246 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
247 "share %s.\n",vuid, lp_servicename(snum) ));
248 return False;
252 * See if we should force group for this service.
253 * If so this overrides any group set in the force
254 * user code.
257 if((group_c = *lp_force_group(snum))) {
259 if(group_c == '+') {
262 * Only force group if the user is a member of
263 * the service group. Check the group memberships for
264 * this user (we already have this) to
265 * see if we should force the group.
268 int i;
269 for (i = 0; i < num_groups; i++) {
270 if (group_list[i]
271 == conn->server_info->utok.gid) {
272 gid = conn->server_info->utok.gid;
273 gid_to_sid(&conn->server_info->ptok
274 ->user_sids[1], gid);
275 break;
278 } else {
279 gid = conn->server_info->utok.gid;
280 gid_to_sid(&conn->server_info->ptok->user_sids[1],
281 gid);
285 /* Now set current_user since we will immediately also call
286 set_sec_ctx() */
288 current_user.ut.ngroups = num_groups;
289 current_user.ut.groups = group_list;
291 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
292 conn->server_info->ptok);
294 current_user.conn = conn;
295 current_user.vuid = vuid;
297 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
298 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
300 return(True);
303 /****************************************************************************
304 Go back to being root without changing the security context stack,
305 but modify the current_user entries.
306 ****************************************************************************/
308 bool change_to_root_user(void)
310 set_root_sec_ctx();
312 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
313 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
315 current_user.conn = NULL;
316 current_user.vuid = UID_FIELD_INVALID;
318 return(True);
321 /****************************************************************************
322 Become the user of an authenticated connected named pipe.
323 When this is called we are currently running as the connection
324 user. Doesn't modify current_user.
325 ****************************************************************************/
327 bool become_authenticated_pipe_user(pipes_struct *p)
329 if (!push_sec_ctx())
330 return False;
332 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
333 p->server_info->utok.ngroups, p->server_info->utok.groups,
334 p->server_info->ptok);
336 return True;
339 /****************************************************************************
340 Unbecome the user of an authenticated connected named pipe.
341 When this is called we are running as the authenticated pipe
342 user and need to go back to being the connection user. Doesn't modify
343 current_user.
344 ****************************************************************************/
346 bool unbecome_authenticated_pipe_user(void)
348 return pop_sec_ctx();
351 /****************************************************************************
352 Utility functions used by become_xxx/unbecome_xxx.
353 ****************************************************************************/
355 struct conn_ctx {
356 connection_struct *conn;
357 uint16 vuid;
360 /* A stack of current_user connection contexts. */
362 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
363 static int conn_ctx_stack_ndx;
365 static void push_conn_ctx(void)
367 struct conn_ctx *ctx_p;
369 /* Check we don't overflow our stack */
371 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
372 DEBUG(0, ("Connection context stack overflow!\n"));
373 smb_panic("Connection context stack overflow!\n");
376 /* Store previous user context */
377 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
379 ctx_p->conn = current_user.conn;
380 ctx_p->vuid = current_user.vuid;
382 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
383 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
385 conn_ctx_stack_ndx++;
388 static void pop_conn_ctx(void)
390 struct conn_ctx *ctx_p;
392 /* Check for stack underflow. */
394 if (conn_ctx_stack_ndx == 0) {
395 DEBUG(0, ("Connection context stack underflow!\n"));
396 smb_panic("Connection context stack underflow!\n");
399 conn_ctx_stack_ndx--;
400 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
402 current_user.conn = ctx_p->conn;
403 current_user.vuid = ctx_p->vuid;
405 ctx_p->conn = NULL;
406 ctx_p->vuid = UID_FIELD_INVALID;
409 /****************************************************************************
410 Temporarily become a root user. Must match with unbecome_root(). Saves and
411 restores the connection context.
412 ****************************************************************************/
414 void become_root(void)
417 * no good way to handle push_sec_ctx() failing without changing
418 * the prototype of become_root()
420 if (!push_sec_ctx()) {
421 smb_panic("become_root: push_sec_ctx failed");
423 push_conn_ctx();
424 set_root_sec_ctx();
427 /* Unbecome the root user */
429 void unbecome_root(void)
431 pop_sec_ctx();
432 pop_conn_ctx();
435 /****************************************************************************
436 Push the current security context then force a change via change_to_user().
437 Saves and restores the connection context.
438 ****************************************************************************/
440 bool become_user(connection_struct *conn, uint16 vuid)
442 if (!push_sec_ctx())
443 return False;
445 push_conn_ctx();
447 if (!change_to_user(conn, vuid)) {
448 pop_sec_ctx();
449 pop_conn_ctx();
450 return False;
453 return True;
456 bool unbecome_user(void)
458 pop_sec_ctx();
459 pop_conn_ctx();
460 return True;