2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
29 /* what user is current? */
30 extern struct current_user current_user;
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
36 bool change_to_guest(void)
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
48 initgroups(pass->pw_name, pass->pw_gid);
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
65 static void free_conn_session_info_if_unused(connection_struct *conn)
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache.array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
81 /*******************************************************************
82 Check if a username is OK.
84 This sets up conn->session_info with a copy related to this vuser that
85 later code can then mess with.
86 ********************************************************************/
88 static bool check_user_ok(connection_struct *conn,
90 const struct auth_serversupplied_info *session_info,
93 bool valid_vuid = (vuid != UID_FIELD_INVALID);
99 struct vuid_cache_entry *ent;
101 for (i=0; i<VUID_CACHE_SIZE; i++) {
102 ent = &conn->vuid_cache.array[i];
103 if (ent->vuid == vuid) {
104 free_conn_session_info_if_unused(conn);
105 conn->session_info = ent->session_info;
106 conn->read_only = ent->read_only;
112 if (!user_ok_token(session_info->unix_name,
113 session_info->info3->base.domain.string,
114 session_info->security_token, snum))
117 readonly_share = is_share_read_only_for_token(
118 session_info->unix_name,
119 session_info->info3->base.domain.string,
120 session_info->security_token,
123 if (!readonly_share &&
124 !share_access_check(session_info->security_token, lp_servicename(snum),
126 /* smb.conf allows r/w, but the security descriptor denies
127 * write. Fall back to looking at readonly. */
128 readonly_share = True;
129 DEBUG(5,("falling back to read-only access-evaluation due to "
130 "security descriptor\n"));
133 if (!share_access_check(session_info->security_token, lp_servicename(snum),
135 FILE_READ_DATA : FILE_WRITE_DATA)) {
139 admin_user = token_contains_name_in_list(
140 session_info->unix_name,
141 session_info->info3->base.domain.string,
142 NULL, session_info->security_token, lp_admin_users(snum));
145 struct vuid_cache_entry *ent =
146 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
148 conn->vuid_cache.next_entry =
149 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
151 TALLOC_FREE(ent->session_info);
154 * If force_user was set, all session_info's are based on the same
155 * username-based faked one.
158 ent->session_info = copy_serverinfo(
159 conn, conn->force_user ? conn->session_info : session_info);
161 if (ent->session_info == NULL) {
162 ent->vuid = UID_FIELD_INVALID;
167 ent->read_only = readonly_share;
168 free_conn_session_info_if_unused(conn);
169 conn->session_info = ent->session_info;
172 conn->read_only = readonly_share;
174 DEBUG(2,("check_user_ok: user %s is an admin user. "
175 "Setting uid as %d\n",
176 conn->session_info->unix_name,
177 sec_initial_uid() ));
178 conn->session_info->utok.uid = sec_initial_uid();
184 /****************************************************************************
185 Become the user of a connection number without changing the security context
186 stack, but modify the current_user entries.
187 ****************************************************************************/
189 static bool change_to_user_internal(connection_struct *conn,
190 const struct auth_serversupplied_info *session_info,
198 gid_t *group_list = NULL;
203 ok = check_user_ok(conn, vuid, session_info, snum);
205 DEBUG(2,("SMB user %s (unix user %s) "
206 "not permitted access to share %s.\n",
207 session_info->sanitized_username,
208 session_info->unix_name,
209 lp_servicename(snum)));
213 uid = conn->session_info->utok.uid;
214 gid = conn->session_info->utok.gid;
215 num_groups = conn->session_info->utok.ngroups;
216 group_list = conn->session_info->utok.groups;
219 * See if we should force group for this service. If so this overrides
220 * any group set in the force user code.
222 if((group_c = *lp_force_group(snum))) {
224 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
226 if (group_c == '+') {
230 * Only force group if the user is a member of the
231 * service group. Check the group memberships for this
232 * user (we already have this) to see if we should force
235 for (i = 0; i < num_groups; i++) {
236 if (group_list[i] == conn->force_group_gid) {
237 conn->session_info->utok.gid =
238 conn->force_group_gid;
239 gid = conn->force_group_gid;
240 gid_to_sid(&conn->session_info->security_token
246 conn->session_info->utok.gid = conn->force_group_gid;
247 gid = conn->force_group_gid;
248 gid_to_sid(&conn->session_info->security_token->sids[1],
253 /*Set current_user since we will immediately also call set_sec_ctx() */
254 current_user.ut.ngroups = num_groups;
255 current_user.ut.groups = group_list;
259 current_user.ut.ngroups,
260 current_user.ut.groups,
261 conn->session_info->security_token);
263 current_user.conn = conn;
264 current_user.vuid = vuid;
266 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
275 bool change_to_user(connection_struct *conn, uint16_t vuid)
277 const struct auth_serversupplied_info *session_info = NULL;
279 int snum = SNUM(conn);
282 DEBUG(2,("Connection not open\n"));
286 vuser = get_valid_user_struct(conn->sconn, vuid);
289 * We need a separate check in security=share mode due to vuid
290 * always being UID_FIELD_INVALID. If we don't do this then
291 * in share mode security we are *always* changing uid's between
292 * SMB's - this hurts performance - Badly.
295 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
296 (current_user.ut.uid == conn->session_info->utok.uid)) {
297 DEBUG(4,("Skipping user change - already "
300 } else if ((current_user.conn == conn) &&
301 (vuser != NULL) && (current_user.vuid == vuid) &&
302 (current_user.ut.uid == vuser->session_info->utok.uid)) {
303 DEBUG(4,("Skipping user change - already "
308 session_info = vuser ? vuser->session_info : conn->session_info;
310 if (session_info == NULL) {
311 /* Invalid vuid sent - even with security = share. */
312 DEBUG(2,("Invalid vuid %d used on "
313 "share %s.\n", vuid, lp_servicename(snum) ));
317 /* security = share sets force_user. */
318 if (!conn->force_user && vuser == NULL) {
319 DEBUG(2,("Invalid vuid used %d in accessing "
320 "share %s.\n", vuid, lp_servicename(snum) ));
324 return change_to_user_internal(conn, session_info, vuid);
327 bool change_to_user_by_session(connection_struct *conn,
328 const struct auth_serversupplied_info *session_info)
330 SMB_ASSERT(conn != NULL);
331 SMB_ASSERT(session_info != NULL);
333 if ((current_user.conn == conn) &&
334 (current_user.ut.uid == session_info->utok.uid)) {
335 DEBUG(7, ("Skipping user change - already user\n"));
340 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
343 /****************************************************************************
344 Go back to being root without changing the security context stack,
345 but modify the current_user entries.
346 ****************************************************************************/
348 bool smbd_change_to_root_user(void)
352 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
353 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
355 current_user.conn = NULL;
356 current_user.vuid = UID_FIELD_INVALID;
361 /****************************************************************************
362 Become the user of an authenticated connected named pipe.
363 When this is called we are currently running as the connection
364 user. Doesn't modify current_user.
365 ****************************************************************************/
367 bool become_authenticated_pipe_user(struct auth_serversupplied_info *session_info)
372 set_sec_ctx(session_info->utok.uid, session_info->utok.gid,
373 session_info->utok.ngroups, session_info->utok.groups,
374 session_info->security_token);
379 /****************************************************************************
380 Unbecome the user of an authenticated connected named pipe.
381 When this is called we are running as the authenticated pipe
382 user and need to go back to being the connection user. Doesn't modify
384 ****************************************************************************/
386 bool unbecome_authenticated_pipe_user(void)
388 return pop_sec_ctx();
391 /****************************************************************************
392 Utility functions used by become_xxx/unbecome_xxx.
393 ****************************************************************************/
395 static void push_conn_ctx(void)
397 struct conn_ctx *ctx_p;
399 /* Check we don't overflow our stack */
401 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
402 DEBUG(0, ("Connection context stack overflow!\n"));
403 smb_panic("Connection context stack overflow!\n");
406 /* Store previous user context */
407 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
409 ctx_p->conn = current_user.conn;
410 ctx_p->vuid = current_user.vuid;
412 DEBUG(4, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
413 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
415 conn_ctx_stack_ndx++;
418 static void pop_conn_ctx(void)
420 struct conn_ctx *ctx_p;
422 /* Check for stack underflow. */
424 if (conn_ctx_stack_ndx == 0) {
425 DEBUG(0, ("Connection context stack underflow!\n"));
426 smb_panic("Connection context stack underflow!\n");
429 conn_ctx_stack_ndx--;
430 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
432 current_user.conn = ctx_p->conn;
433 current_user.vuid = ctx_p->vuid;
436 ctx_p->vuid = UID_FIELD_INVALID;
439 /****************************************************************************
440 Temporarily become a root user. Must match with unbecome_root(). Saves and
441 restores the connection context.
442 ****************************************************************************/
444 void smbd_become_root(void)
447 * no good way to handle push_sec_ctx() failing without changing
448 * the prototype of become_root()
450 if (!push_sec_ctx()) {
451 smb_panic("become_root: push_sec_ctx failed");
457 /* Unbecome the root user */
459 void smbd_unbecome_root(void)
465 /****************************************************************************
466 Push the current security context then force a change via change_to_user().
467 Saves and restores the connection context.
468 ****************************************************************************/
470 bool become_user(connection_struct *conn, uint16 vuid)
477 if (!change_to_user(conn, vuid)) {
486 bool become_user_by_session(connection_struct *conn,
487 const struct auth_serversupplied_info *session_info)
494 if (!change_to_user_by_session(conn, session_info)) {
503 bool unbecome_user(void)
510 /****************************************************************************
511 Return the current user we are running effectively as on this connection.
512 I'd like to make this return conn->session_info->utok.uid, but become_root()
513 doesn't alter this value.
514 ****************************************************************************/
516 uid_t get_current_uid(connection_struct *conn)
518 return current_user.ut.uid;
521 /****************************************************************************
522 Return the current group we are running effectively as on this connection.
523 I'd like to make this return conn->session_info->utok.gid, but become_root()
524 doesn't alter this value.
525 ****************************************************************************/
527 gid_t get_current_gid(connection_struct *conn)
529 return current_user.ut.gid;
532 /****************************************************************************
533 Return the UNIX token we are running effectively as on this connection.
534 I'd like to make this return &conn->session_info->utok, but become_root()
535 doesn't alter this value.
536 ****************************************************************************/
538 const struct security_unix_token *get_current_utok(connection_struct *conn)
540 return ¤t_user.ut;
543 const struct security_token *get_current_nttok(connection_struct *conn)
545 return current_user.nt_user_token;
548 uint16_t get_current_vuid(connection_struct *conn)
550 return current_user.vuid;