2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "smbd/globals.h"
22 #include "../librpc/gen_ndr/netlogon.h"
24 /* what user is current? */
25 extern struct current_user current_user;
27 /****************************************************************************
28 Become the guest user without changing the security context stack.
29 ****************************************************************************/
31 bool change_to_guest(void)
35 pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
41 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
43 initgroups(pass->pw_name, pass->pw_gid);
46 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
48 current_user.conn = NULL;
49 current_user.vuid = UID_FIELD_INVALID;
56 /****************************************************************************
57 talloc free the conn->server_info if not used in the vuid cache.
58 ****************************************************************************/
60 static void free_conn_server_info_if_unused(connection_struct *conn)
64 for (i = 0; i < VUID_CACHE_SIZE; i++) {
65 struct vuid_cache_entry *ent;
66 ent = &conn->vuid_cache.array[i];
67 if (ent->vuid != UID_FIELD_INVALID &&
68 conn->server_info == ent->server_info) {
72 /* Not used, safe to free. */
73 TALLOC_FREE(conn->server_info);
76 /*******************************************************************
77 Check if a username is OK.
79 This sets up conn->server_info with a copy related to this vuser that
80 later code can then mess with.
81 ********************************************************************/
83 static bool check_user_ok(connection_struct *conn,
85 const struct auth_serversupplied_info *server_info,
88 bool valid_vuid = (vuid != UID_FIELD_INVALID);
94 struct vuid_cache_entry *ent;
96 for (i=0; i<VUID_CACHE_SIZE; i++) {
97 ent = &conn->vuid_cache.array[i];
98 if (ent->vuid == vuid) {
99 free_conn_server_info_if_unused(conn);
100 conn->server_info = ent->server_info;
101 conn->read_only = ent->read_only;
107 if (!user_ok_token(server_info->unix_name,
108 server_info->info3->base.domain.string,
109 server_info->ptok, snum))
112 readonly_share = is_share_read_only_for_token(
113 server_info->unix_name,
114 server_info->info3->base.domain.string,
118 if (!readonly_share &&
119 !share_access_check(server_info->ptok, lp_servicename(snum),
121 /* smb.conf allows r/w, but the security descriptor denies
122 * write. Fall back to looking at readonly. */
123 readonly_share = True;
124 DEBUG(5,("falling back to read-only access-evaluation due to "
125 "security descriptor\n"));
128 if (!share_access_check(server_info->ptok, lp_servicename(snum),
130 FILE_READ_DATA : FILE_WRITE_DATA)) {
134 admin_user = token_contains_name_in_list(
135 server_info->unix_name,
136 server_info->info3->base.domain.string,
137 NULL, server_info->ptok, lp_admin_users(snum));
140 struct vuid_cache_entry *ent =
141 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
143 conn->vuid_cache.next_entry =
144 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
146 TALLOC_FREE(ent->server_info);
149 * If force_user was set, all server_info's are based on the same
150 * username-based faked one.
153 ent->server_info = copy_serverinfo(
154 conn, conn->force_user ? conn->server_info : server_info);
156 if (ent->server_info == NULL) {
157 ent->vuid = UID_FIELD_INVALID;
162 ent->read_only = readonly_share;
163 free_conn_server_info_if_unused(conn);
164 conn->server_info = ent->server_info;
167 conn->read_only = readonly_share;
169 DEBUG(2,("check_user_ok: user %s is an admin user. "
170 "Setting uid as %d\n",
171 conn->server_info->unix_name,
172 sec_initial_uid() ));
173 conn->server_info->utok.uid = sec_initial_uid();
179 /****************************************************************************
180 Clear a vuid out of the connection's vuid cache
181 This is only called on SMBulogoff.
182 ****************************************************************************/
184 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
188 for (i=0; i<VUID_CACHE_SIZE; i++) {
189 struct vuid_cache_entry *ent;
191 ent = &conn->vuid_cache.array[i];
193 if (ent->vuid == vuid) {
194 ent->vuid = UID_FIELD_INVALID;
196 * We need to keep conn->server_info around
197 * if it's equal to ent->server_info as a SMBulogoff
198 * is often followed by a SMBtdis (with an invalid
199 * vuid). The debug code (or regular code in
200 * vfs_full_audit) wants to refer to the
201 * conn->server_info pointer to print debug
202 * statements. Theoretically this is a bug,
203 * as once the vuid is gone the server_info
204 * on the conn struct isn't valid any more,
205 * but there's enough code that assumes
206 * conn->server_info is never null that
207 * it's easier to hold onto the old pointer
208 * until we get a new sessionsetupX.
209 * As everything is hung off the
210 * conn pointer as a talloc context we're not
211 * leaking memory here. See bug #6315. JRA.
213 if (conn->server_info == ent->server_info) {
214 ent->server_info = NULL;
216 TALLOC_FREE(ent->server_info);
218 ent->read_only = False;
223 /****************************************************************************
224 Become the user of a connection number without changing the security context
225 stack, but modify the current_user entries.
226 ****************************************************************************/
228 bool change_to_user(connection_struct *conn, uint16 vuid)
230 const struct auth_serversupplied_info *server_info = NULL;
231 user_struct *vuser = get_valid_user_struct(conn->sconn, vuid);
237 gid_t *group_list = NULL;
240 DEBUG(2,("change_to_user: Connection not open\n"));
245 * We need a separate check in security=share mode due to vuid
246 * always being UID_FIELD_INVALID. If we don't do this then
247 * in share mode security we are *always* changing uid's between
248 * SMB's - this hurts performance - Badly.
251 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
252 (current_user.ut.uid == conn->server_info->utok.uid)) {
253 DEBUG(4,("change_to_user: Skipping user change - already "
256 } else if ((current_user.conn == conn) &&
257 (vuser != NULL) && (current_user.vuid == vuid) &&
258 (current_user.ut.uid == vuser->server_info->utok.uid)) {
259 DEBUG(4,("change_to_user: Skipping user change - already "
266 server_info = vuser ? vuser->server_info : conn->server_info;
269 /* Invalid vuid sent - even with security = share. */
270 DEBUG(2,("change_to_user: Invalid vuid %d used on "
271 "share %s.\n",vuid, lp_servicename(snum) ));
275 if (!check_user_ok(conn, vuid, server_info, snum)) {
276 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
277 "not permitted access to share %s.\n",
278 server_info->sanitized_username,
279 server_info->unix_name, vuid,
280 lp_servicename(snum)));
284 /* security = share sets force_user. */
285 if (!conn->force_user && !vuser) {
286 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
287 "share %s.\n",vuid, lp_servicename(snum) ));
292 * conn->server_info is now correctly set up with a copy we can mess
293 * with for force_group etc.
296 uid = conn->server_info->utok.uid;
297 gid = conn->server_info->utok.gid;
298 num_groups = conn->server_info->utok.ngroups;
299 group_list = conn->server_info->utok.groups;
302 * See if we should force group for this service.
303 * If so this overrides any group set in the force
307 if((group_c = *lp_force_group(snum))) {
309 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
314 * Only force group if the user is a member of
315 * the service group. Check the group memberships for
316 * this user (we already have this) to
317 * see if we should force the group.
321 for (i = 0; i < num_groups; i++) {
323 == conn->force_group_gid) {
324 conn->server_info->utok.gid =
325 conn->force_group_gid;
326 gid = conn->force_group_gid;
327 gid_to_sid(&conn->server_info->ptok
333 conn->server_info->utok.gid = conn->force_group_gid;
334 gid = conn->force_group_gid;
335 gid_to_sid(&conn->server_info->ptok->sids[1],
340 /* Now set current_user since we will immediately also call
343 current_user.ut.ngroups = num_groups;
344 current_user.ut.groups = group_list;
346 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
347 conn->server_info->ptok);
349 current_user.conn = conn;
350 current_user.vuid = vuid;
352 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
353 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
358 /****************************************************************************
359 Go back to being root without changing the security context stack,
360 but modify the current_user entries.
361 ****************************************************************************/
363 bool change_to_root_user(void)
367 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
368 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
370 current_user.conn = NULL;
371 current_user.vuid = UID_FIELD_INVALID;
376 /****************************************************************************
377 Become the user of an authenticated connected named pipe.
378 When this is called we are currently running as the connection
379 user. Doesn't modify current_user.
380 ****************************************************************************/
382 bool become_authenticated_pipe_user(struct pipes_struct *p)
387 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
388 p->server_info->utok.ngroups, p->server_info->utok.groups,
389 p->server_info->ptok);
394 /****************************************************************************
395 Unbecome the user of an authenticated connected named pipe.
396 When this is called we are running as the authenticated pipe
397 user and need to go back to being the connection user. Doesn't modify
399 ****************************************************************************/
401 bool unbecome_authenticated_pipe_user(void)
403 return pop_sec_ctx();
406 /****************************************************************************
407 Utility functions used by become_xxx/unbecome_xxx.
408 ****************************************************************************/
410 static void push_conn_ctx(void)
412 struct conn_ctx *ctx_p;
414 /* Check we don't overflow our stack */
416 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
417 DEBUG(0, ("Connection context stack overflow!\n"));
418 smb_panic("Connection context stack overflow!\n");
421 /* Store previous user context */
422 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
424 ctx_p->conn = current_user.conn;
425 ctx_p->vuid = current_user.vuid;
427 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
428 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
430 conn_ctx_stack_ndx++;
433 static void pop_conn_ctx(void)
435 struct conn_ctx *ctx_p;
437 /* Check for stack underflow. */
439 if (conn_ctx_stack_ndx == 0) {
440 DEBUG(0, ("Connection context stack underflow!\n"));
441 smb_panic("Connection context stack underflow!\n");
444 conn_ctx_stack_ndx--;
445 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
447 current_user.conn = ctx_p->conn;
448 current_user.vuid = ctx_p->vuid;
451 ctx_p->vuid = UID_FIELD_INVALID;
454 /****************************************************************************
455 Temporarily become a root user. Must match with unbecome_root(). Saves and
456 restores the connection context.
457 ****************************************************************************/
459 void become_root(void)
462 * no good way to handle push_sec_ctx() failing without changing
463 * the prototype of become_root()
465 if (!push_sec_ctx()) {
466 smb_panic("become_root: push_sec_ctx failed");
472 /* Unbecome the root user */
474 void unbecome_root(void)
480 /****************************************************************************
481 Push the current security context then force a change via change_to_user().
482 Saves and restores the connection context.
483 ****************************************************************************/
485 bool become_user(connection_struct *conn, uint16 vuid)
492 if (!change_to_user(conn, vuid)) {
501 bool unbecome_user(void)
508 /****************************************************************************
509 Return the current user we are running effectively as on this connection.
510 I'd like to make this return conn->server_info->utok.uid, but become_root()
511 doesn't alter this value.
512 ****************************************************************************/
514 uid_t get_current_uid(connection_struct *conn)
516 return current_user.ut.uid;
519 /****************************************************************************
520 Return the current group we are running effectively as on this connection.
521 I'd like to make this return conn->server_info->utok.gid, but become_root()
522 doesn't alter this value.
523 ****************************************************************************/
525 gid_t get_current_gid(connection_struct *conn)
527 return current_user.ut.gid;
530 /****************************************************************************
531 Return the UNIX token we are running effectively as on this connection.
532 I'd like to make this return &conn->server_info->utok, but become_root()
533 doesn't alter this value.
534 ****************************************************************************/
536 const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn)
538 return ¤t_user.ut;
541 const NT_USER_TOKEN *get_current_nttok(connection_struct *conn)
543 return current_user.nt_user_token;
546 uint16_t get_current_vuid(connection_struct *conn)
548 return current_user.vuid;
git.samba.org / samba.git / blob