2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
29 /* what user is current? */
30 extern struct current_user current_user;
32 /****************************************************************************
33 Become the guest user without changing the security context stack.
34 ****************************************************************************/
36 bool change_to_guest(void)
40 pass = Get_Pwnam_alloc(talloc_tos(), lp_guest_account());
46 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
48 initgroups(pass->pw_name, pass->pw_gid);
51 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
53 current_user.conn = NULL;
54 current_user.vuid = UID_FIELD_INVALID;
61 /****************************************************************************
62 talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
65 static void free_conn_session_info_if_unused(connection_struct *conn)
69 for (i = 0; i < VUID_CACHE_SIZE; i++) {
70 struct vuid_cache_entry *ent;
71 ent = &conn->vuid_cache->array[i];
72 if (ent->vuid != UID_FIELD_INVALID &&
73 conn->session_info == ent->session_info) {
77 /* Not used, safe to free. */
78 TALLOC_FREE(conn->session_info);
81 /****************************************************************************
82 Setup the share access mask for a connection.
83 ****************************************************************************/
85 static uint32_t create_share_access_mask(int snum,
87 const struct security_token *token)
89 uint32_t share_access = 0;
91 share_access_check(token,
92 lp_servicename(talloc_tos(), snum),
93 MAXIMUM_ALLOWED_ACCESS,
98 ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
99 SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
100 SEC_DIR_DELETE_CHILD );
103 if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
104 share_access |= SEC_FLAG_SYSTEM_SECURITY;
106 if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
107 share_access |= SEC_RIGHTS_PRIV_RESTORE;
109 if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
110 share_access |= SEC_RIGHTS_PRIV_BACKUP;
112 if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
113 share_access |= SEC_STD_WRITE_OWNER;
119 /*******************************************************************
120 Calculate access mask and if this user can access this share.
121 ********************************************************************/
123 NTSTATUS check_user_share_access(connection_struct *conn,
124 const struct auth_session_info *session_info,
125 uint32_t *p_share_access,
126 bool *p_readonly_share)
128 int snum = SNUM(conn);
129 uint32_t share_access = 0;
130 bool readonly_share = false;
132 if (!user_ok_token(session_info->unix_info->unix_name,
133 session_info->info->domain_name,
134 session_info->security_token, snum)) {
135 return NT_STATUS_ACCESS_DENIED;
138 readonly_share = is_share_read_only_for_token(
139 session_info->unix_info->unix_name,
140 session_info->info->domain_name,
141 session_info->security_token,
144 share_access = create_share_access_mask(snum,
146 session_info->security_token);
148 if ((share_access & (FILE_READ_DATA|FILE_WRITE_DATA)) == 0) {
149 /* No access, read or write. */
150 DEBUG(3,("user %s connection to %s denied due to share "
151 "security descriptor.\n",
152 session_info->unix_info->unix_name,
153 lp_servicename(talloc_tos(), snum)));
154 return NT_STATUS_ACCESS_DENIED;
157 if (!readonly_share &&
158 !(share_access & FILE_WRITE_DATA)) {
159 /* smb.conf allows r/w, but the security descriptor denies
160 * write. Fall back to looking at readonly. */
161 readonly_share = True;
162 DEBUG(5,("falling back to read-only access-evaluation due to "
163 "security descriptor\n"));
166 *p_share_access = share_access;
167 *p_readonly_share = readonly_share;
172 /*******************************************************************
173 Check if a username is OK.
175 This sets up conn->session_info with a copy related to this vuser that
176 later code can then mess with.
177 ********************************************************************/
179 static bool check_user_ok(connection_struct *conn,
181 const struct auth_session_info *session_info,
185 bool readonly_share = false;
186 bool admin_user = false;
187 struct vuid_cache_entry *ent = NULL;
188 uint32_t share_access = 0;
191 for (i=0; i<VUID_CACHE_SIZE; i++) {
192 ent = &conn->vuid_cache->array[i];
193 if (ent->vuid == vuid) {
194 if (vuid == UID_FIELD_INVALID) {
196 * Slow path, we don't care
197 * about the array traversal.
201 free_conn_session_info_if_unused(conn);
202 conn->session_info = ent->session_info;
203 conn->read_only = ent->read_only;
204 conn->share_access = ent->share_access;
205 conn->vuid = ent->vuid;
210 status = check_user_share_access(conn,
214 if (!NT_STATUS_IS_OK(status)) {
218 admin_user = token_contains_name_in_list(
219 session_info->unix_info->unix_name,
220 session_info->info->domain_name,
221 NULL, session_info->security_token, lp_admin_users(snum));
223 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
225 conn->vuid_cache->next_entry =
226 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
228 TALLOC_FREE(ent->session_info);
231 * If force_user was set, all session_info's are based on the same
232 * username-based faked one.
235 ent->session_info = copy_session_info(
236 conn, conn->force_user ? conn->session_info : session_info);
238 if (ent->session_info == NULL) {
239 ent->vuid = UID_FIELD_INVALID;
244 DEBUG(2,("check_user_ok: user %s is an admin user. "
245 "Setting uid as %d\n",
246 ent->session_info->unix_info->unix_name,
247 sec_initial_uid() ));
248 ent->session_info->unix_token->uid = sec_initial_uid();
252 * It's actually OK to call check_user_ok() with
253 * vuid == UID_FIELD_INVALID as called from change_to_user_by_session().
254 * All this will do is throw away one entry in the cache.
258 ent->read_only = readonly_share;
259 ent->share_access = share_access;
260 free_conn_session_info_if_unused(conn);
261 conn->session_info = ent->session_info;
262 conn->vuid = ent->vuid;
263 if (vuid == UID_FIELD_INVALID) {
265 * Not strictly needed, just make it really
266 * clear this entry is actually an unused one.
268 ent->read_only = false;
269 ent->share_access = 0;
270 ent->session_info = NULL;
273 conn->read_only = readonly_share;
274 conn->share_access = share_access;
279 /****************************************************************************
280 Become the user of a connection number without changing the security context
281 stack, but modify the current_user entries.
282 ****************************************************************************/
284 static bool change_to_user_internal(connection_struct *conn,
285 const struct auth_session_info *session_info,
293 gid_t *group_list = NULL;
296 if ((current_user.conn == conn) &&
297 (current_user.vuid == vuid) &&
298 (current_user.ut.uid == session_info->unix_token->uid))
300 DBG_INFO("Skipping user change - already user\n");
304 set_current_user_info(session_info->unix_info->sanitized_username,
305 session_info->unix_info->unix_name,
306 session_info->info->domain_name);
310 ok = check_user_ok(conn, vuid, session_info, snum);
312 DEBUG(2,("SMB user %s (unix user %s) "
313 "not permitted access to share %s.\n",
314 session_info->unix_info->sanitized_username,
315 session_info->unix_info->unix_name,
316 lp_servicename(talloc_tos(), snum)));
320 uid = conn->session_info->unix_token->uid;
321 gid = conn->session_info->unix_token->gid;
322 num_groups = conn->session_info->unix_token->ngroups;
323 group_list = conn->session_info->unix_token->groups;
326 * See if we should force group for this service. If so this overrides
327 * any group set in the force user code.
329 if((group_c = *lp_force_group(talloc_tos(), snum))) {
331 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
333 if (group_c == '+') {
337 * Only force group if the user is a member of the
338 * service group. Check the group memberships for this
339 * user (we already have this) to see if we should force
342 for (i = 0; i < num_groups; i++) {
343 if (group_list[i] == conn->force_group_gid) {
344 conn->session_info->unix_token->gid =
345 conn->force_group_gid;
346 gid = conn->force_group_gid;
347 gid_to_sid(&conn->session_info->security_token
353 conn->session_info->unix_token->gid = conn->force_group_gid;
354 gid = conn->force_group_gid;
355 gid_to_sid(&conn->session_info->security_token->sids[1],
360 /*Set current_user since we will immediately also call set_sec_ctx() */
361 current_user.ut.ngroups = num_groups;
362 current_user.ut.groups = group_list;
366 current_user.ut.ngroups,
367 current_user.ut.groups,
368 conn->session_info->security_token);
370 current_user.conn = conn;
371 current_user.vuid = vuid;
373 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
382 bool change_to_user(connection_struct *conn, uint64_t vuid)
384 struct user_struct *vuser;
385 int snum = SNUM(conn);
388 DEBUG(2,("Connection not open\n"));
392 vuser = get_valid_user_struct(conn->sconn, vuid);
394 /* Invalid vuid sent */
395 DEBUG(2,("Invalid vuid %llu used on share %s.\n",
396 (unsigned long long)vuid, lp_servicename(talloc_tos(),
401 return change_to_user_internal(conn, vuser->session_info, vuid);
404 static bool change_to_user_by_session(connection_struct *conn,
405 const struct auth_session_info *session_info)
407 SMB_ASSERT(conn != NULL);
408 SMB_ASSERT(session_info != NULL);
410 return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
413 /****************************************************************************
414 Go back to being root without changing the security context stack,
415 but modify the current_user entries.
416 ****************************************************************************/
418 bool smbd_change_to_root_user(void)
422 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
423 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
425 current_user.conn = NULL;
426 current_user.vuid = UID_FIELD_INVALID;
431 /****************************************************************************
432 Become the user of an authenticated connected named pipe.
433 When this is called we are currently running as the connection
434 user. Doesn't modify current_user.
435 ****************************************************************************/
437 bool smbd_become_authenticated_pipe_user(struct auth_session_info *session_info)
442 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
443 session_info->unix_token->ngroups, session_info->unix_token->groups,
444 session_info->security_token);
446 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
455 /****************************************************************************
456 Unbecome the user of an authenticated connected named pipe.
457 When this is called we are running as the authenticated pipe
458 user and need to go back to being the connection user. Doesn't modify
460 ****************************************************************************/
462 bool smbd_unbecome_authenticated_pipe_user(void)
464 return pop_sec_ctx();
467 /****************************************************************************
468 Utility functions used by become_xxx/unbecome_xxx.
469 ****************************************************************************/
471 static void push_conn_ctx(void)
473 struct conn_ctx *ctx_p;
474 extern userdom_struct current_user_info;
476 /* Check we don't overflow our stack */
478 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
479 DEBUG(0, ("Connection context stack overflow!\n"));
480 smb_panic("Connection context stack overflow!\n");
483 /* Store previous user context */
484 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
486 ctx_p->conn = current_user.conn;
487 ctx_p->vuid = current_user.vuid;
488 ctx_p->user_info = current_user_info;
490 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
491 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
493 conn_ctx_stack_ndx++;
496 static void pop_conn_ctx(void)
498 struct conn_ctx *ctx_p;
500 /* Check for stack underflow. */
502 if (conn_ctx_stack_ndx == 0) {
503 DEBUG(0, ("Connection context stack underflow!\n"));
504 smb_panic("Connection context stack underflow!\n");
507 conn_ctx_stack_ndx--;
508 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
510 set_current_user_info(ctx_p->user_info.smb_name,
511 ctx_p->user_info.unix_name,
512 ctx_p->user_info.domain);
513 current_user.conn = ctx_p->conn;
514 current_user.vuid = ctx_p->vuid;
517 ctx_p->vuid = UID_FIELD_INVALID;
520 /****************************************************************************
521 Temporarily become a root user. Must match with unbecome_root(). Saves and
522 restores the connection context.
523 ****************************************************************************/
525 void smbd_become_root(void)
528 * no good way to handle push_sec_ctx() failing without changing
529 * the prototype of become_root()
531 if (!push_sec_ctx()) {
532 smb_panic("become_root: push_sec_ctx failed");
538 /* Unbecome the root user */
540 void smbd_unbecome_root(void)
546 /****************************************************************************
547 Push the current security context then force a change via change_to_user().
548 Saves and restores the connection context.
549 ****************************************************************************/
551 bool become_user(connection_struct *conn, uint64_t vuid)
558 if (!change_to_user(conn, vuid)) {
567 bool become_user_by_session(connection_struct *conn,
568 const struct auth_session_info *session_info)
575 if (!change_to_user_by_session(conn, session_info)) {
584 bool unbecome_user(void)
591 /****************************************************************************
592 Return the current user we are running effectively as on this connection.
593 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
594 doesn't alter this value.
595 ****************************************************************************/
597 uid_t get_current_uid(connection_struct *conn)
599 return current_user.ut.uid;
602 /****************************************************************************
603 Return the current group we are running effectively as on this connection.
604 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
605 doesn't alter this value.
606 ****************************************************************************/
608 gid_t get_current_gid(connection_struct *conn)
610 return current_user.ut.gid;
613 /****************************************************************************
614 Return the UNIX token we are running effectively as on this connection.
615 I'd like to make this return &conn->session_info->unix_token-> but become_root()
616 doesn't alter this value.
617 ****************************************************************************/
619 const struct security_unix_token *get_current_utok(connection_struct *conn)
621 return ¤t_user.ut;
624 /****************************************************************************
625 Return the Windows token we are running effectively as on this connection.
626 If this is currently a NULL token as we're inside become_root() - a temporary
627 UNIX security override, then we search up the stack for the previous active
629 ****************************************************************************/
631 const struct security_token *get_current_nttok(connection_struct *conn)
633 if (current_user.nt_user_token) {
634 return current_user.nt_user_token;
636 return sec_ctx_active_token();
639 uint64_t get_current_vuid(connection_struct *conn)
641 return current_user.vuid;