2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* what user is current? */
24 extern struct current_user current_user;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 BOOL change_to_guest(void)
32 static struct passwd *pass=NULL;
35 /* Don't need to free() this as its stored in a static */
36 pass = getpwnam_alloc(lp_guestaccount());
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
44 initgroups(pass->pw_name, pass->pw_gid);
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
57 /****************************************************************************
58 Readonly share for this user ?
59 ****************************************************************************/
61 static BOOL is_share_read_only_for_user(connection_struct *conn, user_struct *vuser)
64 const char *service = lp_servicename(conn->service);
65 BOOL read_only_ret = lp_readonly(conn->service);
70 str_list_copy(&list, lp_readlist(conn->service));
72 if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
73 DEBUG(0, ("is_share_read_only_for_user: ERROR: read list substitution failed\n"));
75 if (!str_list_substitute(list, "%S", service)) {
76 DEBUG(0, ("is_share_read_only_for_user: ERROR: read list service substitution failed\n"));
78 if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
84 str_list_copy(&list, lp_writelist(conn->service));
86 if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
87 DEBUG(0, ("is_share_read_only_for_user: ERROR: write list substitution failed\n"));
89 if (!str_list_substitute(list, "%S", service)) {
90 DEBUG(0, ("is_share_read_only_for_user: ERROR: write list service substitution failed\n"));
92 if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
93 read_only_ret = False;
98 DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user %s\n",
99 service, read_only_ret ? "read-only" : "read-write", vuser->user.unix_name ));
101 return read_only_ret;
104 /*******************************************************************
105 Check if a username is OK.
106 ********************************************************************/
108 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
111 struct vuid_cache_entry *ent = NULL;
114 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
115 if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
116 ent = &conn->vuid_cache.array[i];
117 conn->read_only = ent->read_only;
118 conn->admin_user = ent->admin_user;
123 if (!user_ok(vuser->user.unix_name,snum, vuser->groups, vuser->n_groups))
126 readonly_share = is_share_read_only_for_user(conn, vuser);
128 if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
132 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
133 if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
134 conn->vuid_cache.entries++;
136 ent = &conn->vuid_cache.array[i];
137 ent->vuid = vuser->vuid;
138 ent->read_only = readonly_share;
140 if (user_in_list(vuser->user.unix_name ,lp_admin_users(conn->service), vuser->groups, vuser->n_groups)) {
141 ent->admin_user = True;
143 ent->admin_user = False;
146 conn->read_only = ent->read_only;
147 conn->admin_user = ent->admin_user;
152 /****************************************************************************
153 Become the user of a connection number without changing the security context
154 stack, but modify the currnet_user entries.
155 ****************************************************************************/
157 BOOL change_to_user(connection_struct *conn, uint16 vuid)
159 user_struct *vuser = get_valid_user_struct(vuid);
164 BOOL must_free_token = False;
165 NT_USER_TOKEN *token = NULL;
168 DEBUG(2,("change_to_user: Connection not open\n"));
173 * We need a separate check in security=share mode due to vuid
174 * always being UID_FIELD_INVALID. If we don't do this then
175 * in share mode security we are *always* changing uid's between
176 * SMB's - this hurts performance - Badly.
179 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
180 (current_user.uid == conn->uid)) {
181 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
183 } else if ((current_user.conn == conn) &&
184 (vuser != 0) && (current_user.vuid == vuid) &&
185 (current_user.uid == vuser->uid)) {
186 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
192 if ((vuser) && !check_user_ok(conn, vuser, snum)) {
193 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
194 vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum)));
198 if (conn->force_user) /* security = share sets this too */ {
201 current_user.groups = conn->groups;
202 current_user.ngroups = conn->ngroups;
203 token = conn->nt_user_token;
205 uid = conn->admin_user ? 0 : vuser->uid;
207 current_user.ngroups = vuser->n_groups;
208 current_user.groups = vuser->groups;
209 token = vuser->nt_user_token;
211 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) ));
216 * See if we should force group for this service.
217 * If so this overrides any group set in the force
221 if((group_c = *lp_force_group(snum))) {
222 BOOL is_guest = False;
227 * Only force group if the user is a member of
228 * the service group. Check the group memberships for
229 * this user (we already have this) to
230 * see if we should force the group.
234 for (i = 0; i < current_user.ngroups; i++) {
235 if (current_user.groups[i] == conn->gid) {
245 * We've changed the group list in the token - we must
249 if (vuser && vuser->guest)
252 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
254 DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
257 must_free_token = True;
260 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
263 * Free the new token (as set_sec_ctx copies it).
267 delete_nt_token(&token);
269 current_user.conn = conn;
270 current_user.vuid = vuid;
272 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
273 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
278 /****************************************************************************
279 Go back to being root without changing the security context stack,
280 but modify the current_user entries.
281 ****************************************************************************/
283 BOOL change_to_root_user(void)
287 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
288 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
290 current_user.conn = NULL;
291 current_user.vuid = UID_FIELD_INVALID;
296 /****************************************************************************
297 Become the user of an authenticated connected named pipe.
298 When this is called we are currently running as the connection
299 user. Doesn't modify current_user.
300 ****************************************************************************/
302 BOOL become_authenticated_pipe_user(pipes_struct *p)
307 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
308 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
313 /****************************************************************************
314 Unbecome the user of an authenticated connected named pipe.
315 When this is called we are running as the authenticated pipe
316 user and need to go back to being the connection user. Doesn't modify
318 ****************************************************************************/
320 BOOL unbecome_authenticated_pipe_user(void)
322 return pop_sec_ctx();
325 /****************************************************************************
326 Utility functions used by become_xxx/unbecome_xxx.
327 ****************************************************************************/
330 connection_struct *conn;
334 /* A stack of current_user connection contexts. */
336 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
337 static int conn_ctx_stack_ndx;
339 static void push_conn_ctx(void)
341 struct conn_ctx *ctx_p;
343 /* Check we don't overflow our stack */
345 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
346 DEBUG(0, ("Connection context stack overflow!\n"));
347 smb_panic("Connection context stack overflow!\n");
350 /* Store previous user context */
351 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
353 ctx_p->conn = current_user.conn;
354 ctx_p->vuid = current_user.vuid;
356 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
357 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
359 conn_ctx_stack_ndx++;
362 static void pop_conn_ctx(void)
364 struct conn_ctx *ctx_p;
366 /* Check for stack underflow. */
368 if (conn_ctx_stack_ndx == 0) {
369 DEBUG(0, ("Connection context stack underflow!\n"));
370 smb_panic("Connection context stack underflow!\n");
373 conn_ctx_stack_ndx--;
374 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
376 current_user.conn = ctx_p->conn;
377 current_user.vuid = ctx_p->vuid;
380 ctx_p->vuid = UID_FIELD_INVALID;
383 /****************************************************************************
384 Temporarily become a root user. Must match with unbecome_root(). Saves and
385 restores the connection context.
386 ****************************************************************************/
388 void become_root(void)
395 /* Unbecome the root user */
397 void unbecome_root(void)
403 /****************************************************************************
404 Push the current security context then force a change via change_to_user().
405 Saves and restores the connection context.
406 ****************************************************************************/
408 BOOL become_user(connection_struct *conn, uint16 vuid)
415 if (!change_to_user(conn, vuid)) {
424 BOOL unbecome_user(void)