2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* what user is current? */
24 extern struct current_user current_user;
26 /****************************************************************************
27 Iterator functions for getting all gid's from current_user.
28 ****************************************************************************/
30 gid_t get_current_user_gid_first(int *piterator)
33 return current_user.gid;
36 gid_t get_current_user_gid_next(int *piterator)
40 if (!current_user.groups || *piterator >= current_user.ngroups) {
44 ret = current_user.groups[*piterator];
49 /****************************************************************************
50 Become the guest user without changing the security context stack.
51 ****************************************************************************/
53 BOOL change_to_guest(void)
55 static struct passwd *pass=NULL;
58 /* Don't need to free() this as its stored in a static */
59 pass = getpwnam_alloc(lp_guestaccount());
65 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
67 initgroups(pass->pw_name, pass->pw_gid);
70 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
72 current_user.conn = NULL;
73 current_user.vuid = UID_FIELD_INVALID;
80 /****************************************************************************
81 Readonly share for this user ?
82 ****************************************************************************/
84 static BOOL is_share_read_only_for_user(int snum, user_struct *vuser)
87 const char *service = lp_servicename(snum);
88 BOOL read_only_ret = lp_readonly(snum);
93 str_list_copy(&list, lp_readlist(snum));
95 if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
96 DEBUG(0, ("is_share_read_only_for_user: ERROR: read "
97 "list substitution failed\n"));
99 if (!str_list_substitute(list, "%S", service)) {
100 DEBUG(0, ("is_share_read_only_for_user: ERROR: read "
101 "list service substitution failed\n"));
103 if (user_in_list(vuser->user.unix_name, (const char **)list,
104 vuser->groups, vuser->n_groups)) {
105 read_only_ret = True;
107 str_list_free(&list);
110 str_list_copy(&list, lp_writelist(snum));
112 if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
113 DEBUG(0, ("is_share_read_only_for_user: ERROR: write "
114 "list substitution failed\n"));
116 if (!str_list_substitute(list, "%S", service)) {
117 DEBUG(0, ("is_share_read_only_for_user: ERROR: write "
118 "list service substitution failed\n"));
120 if (user_in_list(vuser->user.unix_name, (const char **)list,
121 vuser->groups, vuser->n_groups)) {
122 read_only_ret = False;
124 str_list_free(&list);
127 DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user "
129 read_only_ret ? "read-only" : "read-write",
130 vuser->user.unix_name ));
132 return read_only_ret;
135 /*******************************************************************
136 Check if a username is OK.
137 ********************************************************************/
139 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
142 struct vuid_cache_entry *ent = NULL;
145 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
146 if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
147 ent = &conn->vuid_cache.array[i];
148 conn->read_only = ent->read_only;
149 conn->admin_user = ent->admin_user;
154 if (!user_ok(vuser->user.unix_name,snum, vuser->groups, vuser->n_groups))
157 readonly_share = is_share_read_only_for_user(conn->service, vuser);
159 if (!readonly_share &&
160 !share_access_check(conn, snum, vuser, FILE_WRITE_DATA)) {
161 /* smb.conf allows r/w, but the security descriptor denies
162 * write. Fall back to looking at readonly. */
163 readonly_share = True;
164 DEBUG(5,("falling back to read-only access-evaluation due to security descriptor\n"));
167 if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
171 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
172 if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
173 conn->vuid_cache.entries++;
175 ent = &conn->vuid_cache.array[i];
176 ent->vuid = vuser->vuid;
177 ent->read_only = readonly_share;
179 if (user_in_list(vuser->user.unix_name ,lp_admin_users(conn->service), vuser->groups, vuser->n_groups)) {
180 ent->admin_user = True;
182 ent->admin_user = False;
185 conn->read_only = ent->read_only;
186 conn->admin_user = ent->admin_user;
191 /****************************************************************************
192 Become the user of a connection number without changing the security context
193 stack, but modify the current_user entries.
194 ****************************************************************************/
196 BOOL change_to_user(connection_struct *conn, uint16 vuid)
198 user_struct *vuser = get_valid_user_struct(vuid);
203 BOOL must_free_token = False;
204 NT_USER_TOKEN *token = NULL;
207 DEBUG(2,("change_to_user: Connection not open\n"));
212 * We need a separate check in security=share mode due to vuid
213 * always being UID_FIELD_INVALID. If we don't do this then
214 * in share mode security we are *always* changing uid's between
215 * SMB's - this hurts performance - Badly.
218 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
219 (current_user.uid == conn->uid)) {
220 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
222 } else if ((current_user.conn == conn) &&
223 (vuser != 0) && (current_user.vuid == vuid) &&
224 (current_user.uid == vuser->uid)) {
225 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
231 if ((vuser) && !check_user_ok(conn, vuser, snum)) {
232 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) not permitted access to share %s.\n",
233 vuser->user.smb_name, vuser->user.unix_name, vuid, lp_servicename(snum)));
237 if (conn->force_user) /* security = share sets this too */ {
240 current_user.groups = conn->groups;
241 current_user.ngroups = conn->ngroups;
242 token = conn->nt_user_token;
244 uid = conn->admin_user ? 0 : vuser->uid;
246 current_user.ngroups = vuser->n_groups;
247 current_user.groups = vuser->groups;
248 token = vuser->nt_user_token;
250 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing share %s.\n",vuid, lp_servicename(snum) ));
255 * See if we should force group for this service.
256 * If so this overrides any group set in the force
260 if((group_c = *lp_force_group(snum))) {
261 BOOL is_guest = False;
266 * Only force group if the user is a member of
267 * the service group. Check the group memberships for
268 * this user (we already have this) to
269 * see if we should force the group.
273 for (i = 0; i < current_user.ngroups; i++) {
274 if (current_user.groups[i] == conn->gid) {
284 * We've changed the group list in the token - we must
288 if (vuser && vuser->guest)
291 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
293 DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
296 must_free_token = True;
299 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
302 * Free the new token (as set_sec_ctx copies it).
306 delete_nt_token(&token);
308 current_user.conn = conn;
309 current_user.vuid = vuid;
311 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
312 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
317 /****************************************************************************
318 Go back to being root without changing the security context stack,
319 but modify the current_user entries.
320 ****************************************************************************/
322 BOOL change_to_root_user(void)
326 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
327 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
329 current_user.conn = NULL;
330 current_user.vuid = UID_FIELD_INVALID;
335 /****************************************************************************
336 Become the user of an authenticated connected named pipe.
337 When this is called we are currently running as the connection
338 user. Doesn't modify current_user.
339 ****************************************************************************/
341 BOOL become_authenticated_pipe_user(pipes_struct *p)
346 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
347 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
352 /****************************************************************************
353 Unbecome the user of an authenticated connected named pipe.
354 When this is called we are running as the authenticated pipe
355 user and need to go back to being the connection user. Doesn't modify
357 ****************************************************************************/
359 BOOL unbecome_authenticated_pipe_user(void)
361 return pop_sec_ctx();
364 /****************************************************************************
365 Utility functions used by become_xxx/unbecome_xxx.
366 ****************************************************************************/
369 connection_struct *conn;
373 /* A stack of current_user connection contexts. */
375 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
376 static int conn_ctx_stack_ndx;
378 static void push_conn_ctx(void)
380 struct conn_ctx *ctx_p;
382 /* Check we don't overflow our stack */
384 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
385 DEBUG(0, ("Connection context stack overflow!\n"));
386 smb_panic("Connection context stack overflow!\n");
389 /* Store previous user context */
390 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
392 ctx_p->conn = current_user.conn;
393 ctx_p->vuid = current_user.vuid;
395 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
396 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
398 conn_ctx_stack_ndx++;
401 static void pop_conn_ctx(void)
403 struct conn_ctx *ctx_p;
405 /* Check for stack underflow. */
407 if (conn_ctx_stack_ndx == 0) {
408 DEBUG(0, ("Connection context stack underflow!\n"));
409 smb_panic("Connection context stack underflow!\n");
412 conn_ctx_stack_ndx--;
413 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
415 current_user.conn = ctx_p->conn;
416 current_user.vuid = ctx_p->vuid;
419 ctx_p->vuid = UID_FIELD_INVALID;
422 /****************************************************************************
423 Temporarily become a root user. Must match with unbecome_root(). Saves and
424 restores the connection context.
425 ****************************************************************************/
427 void become_root(void)
434 /* Unbecome the root user */
436 void unbecome_root(void)
442 /****************************************************************************
443 Push the current security context then force a change via change_to_user().
444 Saves and restores the connection context.
445 ****************************************************************************/
447 BOOL become_user(connection_struct *conn, uint16 vuid)
454 if (!change_to_user(conn, vuid)) {
463 BOOL unbecome_user(void)