2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
26 static uid_t initial_uid;
27 static gid_t initial_gid;
29 /* what user is current? */
30 extern struct current_user current_user;
34 /****************************************************************************
35 initialise the uid routines
36 ****************************************************************************/
39 initial_uid = current_user.uid = geteuid();
40 initial_gid = current_user.gid = getegid();
42 if (initial_gid != 0 && initial_uid == 0) {
51 initial_uid = geteuid();
52 initial_gid = getegid();
54 current_user.conn = NULL;
55 current_user.vuid = UID_FIELD_INVALID;
57 dos_ChDir(OriginalDir);
61 /****************************************************************************
62 become the specified uid
63 ****************************************************************************/
64 static BOOL become_uid(uid_t uid)
66 if (initial_uid != 0) {
70 if (uid == (uid_t)-1 || ((sizeof(uid_t) == 2) && (uid == (uid_t)65535))) {
73 DEBUG(1,("WARNING: using uid %d is a security risk\n",(int)uid));
78 #ifdef HAVE_TRAPDOOR_UID
80 /* AIX3 has setuidx which is NOT a trapoor function (tridge) */
81 if (setuidx(ID_EFFECTIVE, uid) != 0) {
82 if (seteuid(uid) != 0) {
83 DEBUG(1,("Can't set uid %d (setuidx)\n", (int)uid));
91 if (setresuid(-1,uid,-1) != 0)
93 if ((seteuid(uid) != 0) &&
97 DEBUG(0,("Couldn't set uid %d currently set to (%d,%d)\n",
98 (int)uid,(int)getuid(), (int)geteuid()));
99 if (uid > (uid_t)32000) {
100 DEBUG(0,("Looks like your OS doesn't like high uid values - try using a different account\n"));
105 if (((uid == (uid_t)-1) || ((sizeof(uid_t) == 2) && (uid == 65535))) && (geteuid() != uid)) {
106 DEBUG(0,("Invalid uid -1. perhaps you have a account with uid 65535?\n"));
110 current_user.uid = uid;
116 /****************************************************************************
117 become the specified gid
118 ****************************************************************************/
119 static BOOL become_gid(gid_t gid)
121 if (initial_uid != 0)
124 if (gid == (gid_t)-1 || ((sizeof(gid_t) == 2) && (gid == (gid_t)65535))) {
125 DEBUG(1,("WARNING: using gid %d is a security risk\n",(int)gid));
128 #ifdef HAVE_SETRESUID
129 if (setresgid(-1,gid,-1) != 0)
131 if (setgid(gid) != 0)
134 DEBUG(0,("Couldn't set gid %d currently set to (%d,%d)\n",
135 (int)gid,(int)getgid(),(int)getegid()));
137 DEBUG(0,("Looks like your OS doesn't like high gid values - try using a different account\n"));
142 current_user.gid = gid;
148 /****************************************************************************
149 become the specified uid and gid
150 ****************************************************************************/
151 static BOOL become_id(uid_t uid,gid_t gid)
153 return(become_gid(gid) && become_uid(uid));
156 /****************************************************************************
157 become the guest user
158 ****************************************************************************/
159 BOOL become_guest(void)
162 static struct passwd *pass=NULL;
164 if (initial_uid != 0)
168 pass = Get_Pwnam(lp_guestaccount(-1),True);
169 if (!pass) return(False);
172 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before setting IDs */
173 initgroups(pass->pw_name, (gid_t)pass->pw_gid);
176 ret = become_id(pass->pw_uid,pass->pw_gid);
179 DEBUG(1,("Failed to become guest. Invalid guest account?\n"));
182 current_user.conn = NULL;
183 current_user.vuid = UID_FIELD_INVALID;
188 /*******************************************************************
189 check if a username is OK
190 ********************************************************************/
191 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
194 for (i=0;i<conn->uid_cache.entries;i++)
195 if (conn->uid_cache.list[i] == vuser->uid) return(True);
197 if (!user_ok(vuser->name,snum)) return(False);
199 i = conn->uid_cache.entries % UID_CACHE_SIZE;
200 conn->uid_cache.list[i] = vuser->uid;
202 if (conn->uid_cache.entries < UID_CACHE_SIZE)
203 conn->uid_cache.entries++;
209 /****************************************************************************
210 become the user of a connection number
211 ****************************************************************************/
212 BOOL become_user(connection_struct *conn, uint16 vuid)
214 user_struct *vuser = get_valid_user_struct(vuid);
220 * We need a separate check in security=share mode due to vuid
221 * always being UID_FIELD_INVALID. If we don't do this then
222 * in share mode security we are *always* changing uid's between
223 * SMB's - this hurts performance - Badly.
226 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
227 (current_user.uid == conn->uid)) {
228 DEBUG(4,("Skipping become_user - already user\n"));
230 } else if ((current_user.conn == conn) &&
231 (vuser != 0) && (current_user.vuid == vuid) &&
232 (current_user.uid == vuser->uid)) {
233 DEBUG(4,("Skipping become_user - already user\n"));
240 DEBUG(2,("Connection not open\n"));
246 if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
249 if (conn->force_user ||
250 lp_security() == SEC_SHARE ||
251 !(vuser) || (vuser->guest)) {
254 current_user.groups = conn->groups;
255 current_user.ngroups = conn->ngroups;
258 DEBUG(2,("Invalid vuid used %d\n",vuid));
262 if(!*lp_force_group(snum)) {
267 current_user.ngroups = vuser->n_groups;
268 current_user.groups = vuser->groups;
271 if (initial_uid == 0) {
272 if (!become_gid(gid)) return(False);
274 #ifdef HAVE_SETGROUPS
275 if (!(conn && conn->ipc)) {
276 /* groups stuff added by ih/wreu */
277 if (current_user.ngroups > 0)
278 if (setgroups(current_user.ngroups,
279 current_user.groups)<0) {
280 DEBUG(0,("setgroups call failed!\n"));
285 if (!conn->admin_user && !become_uid(uid))
289 current_user.conn = conn;
290 current_user.vuid = vuid;
292 DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
293 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
298 /****************************************************************************
299 unbecome the user of a connection number
300 ****************************************************************************/
301 BOOL unbecome_user(void )
303 if (!current_user.conn)
306 dos_ChDir(OriginalDir);
308 if (initial_uid == 0)
310 #ifdef HAVE_SETRESUID
311 setresuid(-1,getuid(),-1);
312 setresgid(-1,getgid(),-1);
314 if (seteuid(initial_uid) != 0)
321 if (initial_uid == 0)
322 DEBUG(2,("Running with no EID\n"));
323 initial_uid = getuid();
324 initial_gid = getgid();
326 if (geteuid() != initial_uid) {
327 DEBUG(0,("Warning: You appear to have a trapdoor uid system\n"));
328 initial_uid = geteuid();
330 if (getegid() != initial_gid) {
331 DEBUG(0,("Warning: You appear to have a trapdoor gid system\n"));
332 initial_gid = getegid();
336 current_user.uid = initial_uid;
337 current_user.gid = initial_gid;
339 if (dos_ChDir(OriginalDir) != 0)
340 DEBUG( 0, ( "chdir(%s) failed in unbecome_user\n", OriginalDir ) );
342 DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
343 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
345 current_user.conn = NULL;
346 current_user.vuid = UID_FIELD_INVALID;
351 static struct current_user current_user_saved;
352 static int become_root_depth;
353 static pstring become_root_dir;
355 /****************************************************************************
356 This is used when we need to do a privilaged operation (such as mucking
357 with share mode files) and temporarily need root access to do it. This
358 call should always be paired with an unbecome_root() call immediately
361 Set save_dir if you also need to save/restore the CWD
362 ****************************************************************************/
363 void become_root(BOOL save_dir)
365 if (become_root_depth) {
366 DEBUG(0,("ERROR: become root depth is non zero\n"));
369 dos_GetWd(become_root_dir);
371 current_user_saved = current_user;
372 become_root_depth = 1;
378 /****************************************************************************
379 When the privilaged operation is over call this
381 Set save_dir if you also need to save/restore the CWD
382 ****************************************************************************/
383 void unbecome_root(BOOL restore_dir)
385 if (become_root_depth != 1) {
386 DEBUG(0,("ERROR: unbecome root depth is %d\n",
390 /* we might have done a become_user() while running as root,
391 if we have then become root again in order to become
393 if (current_user.uid != 0) {
397 /* restore our gid first */
398 if (!become_gid(current_user_saved.gid)) {
399 DEBUG(0,("ERROR: Failed to restore gid\n"));
400 exit_server("Failed to restore gid");
403 #ifdef HAVE_SETGROUPS
404 if (current_user_saved.ngroups > 0) {
405 if (setgroups(current_user_saved.ngroups,
406 current_user_saved.groups)<0)
407 DEBUG(0,("ERROR: setgroups call failed!\n"));
411 /* now restore our uid */
412 if (!become_uid(current_user_saved.uid)) {
413 DEBUG(0,("ERROR: Failed to restore uid\n"));
414 exit_server("Failed to restore uid");
418 dos_ChDir(become_root_dir);
420 current_user = current_user_saved;
422 become_root_depth = 0;