2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
26 static int initial_uid;
27 static int initial_gid;
29 /* what user is current? */
30 extern struct current_user current_user;
34 /****************************************************************************
35 initialise the uid routines
36 ****************************************************************************/
39 initial_uid = current_user.uid = geteuid();
40 initial_gid = current_user.gid = getegid();
42 if (initial_gid != 0 && initial_uid == 0) {
51 initial_uid = geteuid();
52 initial_gid = getegid();
54 current_user.conn = NULL;
55 current_user.vuid = UID_FIELD_INVALID;
61 /****************************************************************************
62 become the specified uid
63 ****************************************************************************/
64 static BOOL become_uid(int uid)
66 if (initial_uid != 0) {
70 if (uid == -1 || uid == 65535) {
73 DEBUG(1,("WARNING: using uid %d is a security risk\n",
79 #ifdef HAVE_TRAPDOOR_UID
81 /* AIX3 has setuidx which is NOT a trapoor function (tridge) */
82 if (setuidx(ID_EFFECTIVE, (uid_t)uid) != 0) {
83 if (seteuid((uid_t)uid) != 0) {
84 DEBUG(1,("Can't set uid (setuidx)\n"));
92 if (setresuid(-1,uid,-1) != 0)
94 if ((seteuid(uid) != 0) &&
98 DEBUG(0,("Couldn't set uid %d currently set to (%d,%d)\n",
99 uid,getuid(), geteuid()));
101 DEBUG(0,("Looks like your OS doesn't like high uid values - try using a different account\n"));
106 if (((uid == -1) || (uid == 65535)) && geteuid() != uid) {
107 DEBUG(0,("Invalid uid -1. perhaps you have a account with uid 65535?\n"));
111 current_user.uid = uid;
117 /****************************************************************************
118 become the specified gid
119 ****************************************************************************/
120 static BOOL become_gid(int gid)
122 if (initial_uid != 0)
125 if (gid == -1 || gid == 65535) {
126 DEBUG(1,("WARNING: using gid %d is a security risk\n",gid));
129 #ifdef HAVE_SETRESUID
130 if (setresgid(-1,gid,-1) != 0)
132 if (setgid(gid) != 0)
135 DEBUG(0,("Couldn't set gid %d currently set to (%d,%d)\n",
136 gid,getgid(),getegid()));
138 DEBUG(0,("Looks like your OS doesn't like high gid values - try using a different account\n"));
143 current_user.gid = gid;
149 /****************************************************************************
150 become the specified uid and gid
151 ****************************************************************************/
152 static BOOL become_id(int uid,int gid)
154 return(become_gid(gid) && become_uid(uid));
157 /****************************************************************************
158 become the guest user
159 ****************************************************************************/
160 BOOL become_guest(void)
163 static struct passwd *pass=NULL;
165 if (initial_uid != 0)
169 pass = Get_Pwnam(lp_guestaccount(-1),True);
170 if (!pass) return(False);
173 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before setting IDs */
174 initgroups(pass->pw_name, (gid_t)pass->pw_gid);
177 ret = become_id(pass->pw_uid,pass->pw_gid);
180 DEBUG(1,("Failed to become guest. Invalid guest account?\n"));
183 current_user.conn = NULL;
184 current_user.vuid = UID_FIELD_INVALID;
189 /*******************************************************************
190 check if a username is OK
191 ********************************************************************/
192 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
195 for (i=0;i<conn->uid_cache.entries;i++)
196 if (conn->uid_cache.list[i] == vuser->uid) return(True);
198 if (!user_ok(vuser->name,snum)) return(False);
200 i = conn->uid_cache.entries % UID_CACHE_SIZE;
201 conn->uid_cache.list[i] = vuser->uid;
203 if (conn->uid_cache.entries < UID_CACHE_SIZE)
204 conn->uid_cache.entries++;
210 /****************************************************************************
211 become the user of a connection number
212 ****************************************************************************/
213 BOOL become_user(connection_struct *conn, uint16 vuid)
215 user_struct *vuser = get_valid_user_struct(vuid);
220 * We need a separate check in security=share mode due to vuid
221 * always being UID_FIELD_INVALID. If we don't do this then
222 * in share mode security we are *always* changing uid's between
223 * SMB's - this hurts performance - Badly.
226 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
227 (current_user.uid == conn->uid)) {
228 DEBUG(4,("Skipping become_user - already user\n"));
230 } else if ((current_user.conn == conn) &&
231 (vuser != 0) && (current_user.vuid == vuid) &&
232 (current_user.uid == vuser->uid)) {
233 DEBUG(4,("Skipping become_user - already user\n"));
239 if (!(conn && conn->open)) {
240 DEBUG(2,("Connection not open\n"));
246 if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
249 if (conn->force_user ||
250 lp_security() == SEC_SHARE ||
251 !(vuser) || (vuser->guest)) {
254 current_user.groups = conn->groups;
255 current_user.ngroups = conn->ngroups;
258 DEBUG(2,("Invalid vuid used %d\n",vuid));
262 if(!*lp_force_group(snum)) {
267 current_user.ngroups = vuser->n_groups;
268 current_user.groups = vuser->groups;
271 if (initial_uid == 0) {
272 if (!become_gid(gid)) return(False);
274 #ifdef HAVE_SETGROUPS
275 if (!(conn && conn->ipc)) {
276 /* groups stuff added by ih/wreu */
277 if (current_user.ngroups > 0)
278 if (setgroups(current_user.ngroups,
279 current_user.groups)<0) {
280 DEBUG(0,("setgroups call failed!\n"));
285 if (!conn->admin_user && !become_uid(uid))
289 current_user.conn = conn;
290 current_user.vuid = vuid;
292 DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
293 getuid(),geteuid(),getgid(),getegid()));
298 /****************************************************************************
299 unbecome the user of a connection number
300 ****************************************************************************/
301 BOOL unbecome_user(void )
303 if (!current_user.conn)
308 if (initial_uid == 0)
310 #ifdef HAVE_SETRESUID
311 setresuid(-1,getuid(),-1);
312 setresgid(-1,getgid(),-1);
314 if (seteuid(initial_uid) != 0)
321 if (initial_uid == 0)
322 DEBUG(2,("Running with no EID\n"));
323 initial_uid = getuid();
324 initial_gid = getgid();
326 if (geteuid() != initial_uid) {
327 DEBUG(0,("Warning: You appear to have a trapdoor uid system\n"));
328 initial_uid = geteuid();
330 if (getegid() != initial_gid) {
331 DEBUG(0,("Warning: You appear to have a trapdoor gid system\n"));
332 initial_gid = getegid();
336 current_user.uid = initial_uid;
337 current_user.gid = initial_gid;
339 if (ChDir(OriginalDir) != 0)
340 DEBUG( 0, ( "chdir(%s) failed in unbecome_user\n", OriginalDir ) );
342 DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
343 getuid(),geteuid(),getgid(),getegid()));
345 current_user.conn = NULL;
346 current_user.vuid = UID_FIELD_INVALID;
351 static struct current_user current_user_saved;
352 static int become_root_depth;
353 static pstring become_root_dir;
355 /****************************************************************************
356 This is used when we need to do a privilaged operation (such as mucking
357 with share mode files) and temporarily need root access to do it. This
358 call should always be paired with an unbecome_root() call immediately
361 Set save_dir if you also need to save/restore the CWD
362 ****************************************************************************/
363 void become_root(BOOL save_dir)
365 if (become_root_depth) {
366 DEBUG(0,("ERROR: become root depth is non zero\n"));
369 GetWd(become_root_dir);
371 current_user_saved = current_user;
372 become_root_depth = 1;
378 /****************************************************************************
379 When the privilaged operation is over call this
381 Set save_dir if you also need to save/restore the CWD
382 ****************************************************************************/
383 void unbecome_root(BOOL restore_dir)
385 if (become_root_depth != 1) {
386 DEBUG(0,("ERROR: unbecome root depth is %d\n",
390 /* we might have done a become_user() while running as root,
391 if we have then become root again in order to become
393 if (current_user.uid != 0) {
397 /* restore our gid first */
398 if (!become_gid(current_user_saved.gid)) {
399 DEBUG(0,("ERROR: Failed to restore gid\n"));
400 exit_server("Failed to restore gid");
403 #ifdef HAVE_SETGROUPS
404 if (current_user_saved.ngroups > 0) {
405 if (setgroups(current_user_saved.ngroups,
406 current_user_saved.groups)<0)
407 DEBUG(0,("ERROR: setgroups call failed!\n"));
411 /* now restore our uid */
412 if (!become_uid(current_user_saved.uid)) {
413 DEBUG(0,("ERROR: Failed to restore uid\n"));
414 exit_server("Failed to restore uid");
418 ChDir(become_root_dir);
420 current_user = current_user_saved;
422 become_root_depth = 0;