2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
26 static uid_t initial_uid;
27 static gid_t initial_gid;
29 /* what user is current? */
30 extern struct current_user current_user;
34 /****************************************************************************
35 initialise the uid routines
36 ****************************************************************************/
39 initial_uid = current_user.uid = geteuid();
40 initial_gid = current_user.gid = getegid();
42 if (initial_gid != 0 && initial_uid == 0) {
51 initial_uid = geteuid();
52 initial_gid = getegid();
54 current_user.conn = NULL;
55 current_user.vuid = UID_FIELD_INVALID;
57 dos_ChDir(OriginalDir);
61 /****************************************************************************
62 become the specified uid
63 ****************************************************************************/
64 static BOOL become_uid(uid_t uid)
66 if (initial_uid != 0) {
70 if (uid == (uid_t)-1 || ((sizeof(uid_t) == 2) && (uid == (uid_t)65535))) {
73 DEBUG(1,("WARNING: using uid %d is a security risk\n",(int)uid));
78 #ifdef HAVE_TRAPDOOR_UID
80 /* AIX3 has setuidx which is NOT a trapoor function (tridge) */
81 if (setuidx(ID_EFFECTIVE, uid) != 0) {
82 if (seteuid(uid) != 0) {
83 DEBUG(1,("Can't set uid %d (setuidx)\n", (int)uid));
91 if (setresuid(-1,uid,-1) != 0)
93 if ((seteuid(uid) != 0) &&
97 DEBUG(0,("Couldn't set uid %d currently set to (%d,%d)\n",
98 (int)uid,(int)getuid(), (int)geteuid()));
99 if (uid > (uid_t)32000) {
100 DEBUG(0,("Looks like your OS doesn't like high uid values - try using a different account\n"));
105 if (((uid == (uid_t)-1) || ((sizeof(uid_t) == 2) && (uid == 65535))) && (geteuid() != uid)) {
106 DEBUG(0,("Invalid uid -1. perhaps you have a account with uid 65535?\n"));
110 current_user.uid = uid;
113 profile_p->uid_changes++;
120 /****************************************************************************
121 become the specified gid
122 ****************************************************************************/
123 static BOOL become_gid(gid_t gid)
125 if (initial_uid != 0)
128 if (gid == (gid_t)-1 || ((sizeof(gid_t) == 2) && (gid == (gid_t)65535))) {
129 DEBUG(1,("WARNING: using gid %d is a security risk\n",(int)gid));
132 #ifdef HAVE_SETRESUID
133 if (setresgid(-1,gid,-1) != 0)
135 if (setgid(gid) != 0)
138 DEBUG(0,("Couldn't set gid %d currently set to (%d,%d)\n",
139 (int)gid,(int)getgid(),(int)getegid()));
141 DEBUG(0,("Looks like your OS doesn't like high gid values - try using a different account\n"));
146 current_user.gid = gid;
152 /****************************************************************************
153 become the specified uid and gid
154 ****************************************************************************/
155 static BOOL become_id(uid_t uid,gid_t gid)
157 return(become_gid(gid) && become_uid(uid));
160 /****************************************************************************
161 become the guest user
162 ****************************************************************************/
163 BOOL become_guest(void)
166 static struct passwd *pass=NULL;
168 if (initial_uid != 0)
172 pass = Get_Pwnam(lp_guestaccount(-1),True);
173 if (!pass) return(False);
176 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before setting IDs */
177 initgroups(pass->pw_name, (gid_t)pass->pw_gid);
180 ret = become_id(pass->pw_uid,pass->pw_gid);
183 DEBUG(1,("Failed to become guest. Invalid guest account?\n"));
186 current_user.conn = NULL;
187 current_user.vuid = UID_FIELD_INVALID;
192 /*******************************************************************
193 check if a username is OK
194 ********************************************************************/
195 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
198 for (i=0;i<conn->uid_cache.entries;i++)
199 if (conn->uid_cache.list[i] == vuser->uid) return(True);
201 if (!user_ok(vuser->name,snum)) return(False);
203 i = conn->uid_cache.entries % UID_CACHE_SIZE;
204 conn->uid_cache.list[i] = vuser->uid;
206 if (conn->uid_cache.entries < UID_CACHE_SIZE)
207 conn->uid_cache.entries++;
213 /****************************************************************************
214 become the user of a connection number
215 ****************************************************************************/
216 BOOL become_user(connection_struct *conn, uint16 vuid)
218 user_struct *vuser = get_valid_user_struct(vuid);
224 * We need a separate check in security=share mode due to vuid
225 * always being UID_FIELD_INVALID. If we don't do this then
226 * in share mode security we are *always* changing uid's between
227 * SMB's - this hurts performance - Badly.
230 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
231 (current_user.uid == conn->uid)) {
232 DEBUG(4,("Skipping become_user - already user\n"));
234 } else if ((current_user.conn == conn) &&
235 (vuser != 0) && (current_user.vuid == vuid) &&
236 (current_user.uid == vuser->uid)) {
237 DEBUG(4,("Skipping become_user - already user\n"));
244 DEBUG(2,("Connection not open\n"));
250 if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
253 if (conn->force_user ||
254 lp_security() == SEC_SHARE ||
255 !(vuser) || (vuser->guest)) {
258 current_user.groups = conn->groups;
259 current_user.ngroups = conn->ngroups;
262 DEBUG(2,("Invalid vuid used %d\n",vuid));
266 if(!*lp_force_group(snum)) {
271 current_user.ngroups = vuser->n_groups;
272 current_user.groups = vuser->groups;
275 if (initial_uid == 0) {
276 if (!become_gid(gid)) return(False);
278 #ifdef HAVE_SETGROUPS
279 if (!(conn && conn->ipc)) {
280 /* groups stuff added by ih/wreu */
281 if (current_user.ngroups > 0)
282 if (setgroups(current_user.ngroups,
283 current_user.groups)<0) {
284 DEBUG(0,("setgroups call failed!\n"));
289 if (!conn->admin_user && !become_uid(uid))
293 current_user.conn = conn;
294 current_user.vuid = vuid;
296 DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
297 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
302 /****************************************************************************
303 unbecome the user of a connection number
304 ****************************************************************************/
305 BOOL unbecome_user(void )
307 if (!current_user.conn)
310 dos_ChDir(OriginalDir);
312 if (initial_uid == 0)
314 #ifdef HAVE_SETRESUID
315 setresuid(-1,getuid(),-1);
316 setresgid(-1,getgid(),-1);
318 if (seteuid(initial_uid) != 0)
325 if (initial_uid == 0)
326 DEBUG(2,("Running with no EID\n"));
327 initial_uid = getuid();
328 initial_gid = getgid();
330 if (geteuid() != initial_uid) {
331 DEBUG(0,("Warning: You appear to have a trapdoor uid system\n"));
332 initial_uid = geteuid();
334 if (getegid() != initial_gid) {
335 DEBUG(0,("Warning: You appear to have a trapdoor gid system\n"));
336 initial_gid = getegid();
340 current_user.uid = initial_uid;
341 current_user.gid = initial_gid;
343 if (dos_ChDir(OriginalDir) != 0)
344 DEBUG( 0, ( "chdir(%s) failed in unbecome_user\n", OriginalDir ) );
346 DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
347 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
349 current_user.conn = NULL;
350 current_user.vuid = UID_FIELD_INVALID;
355 static struct current_user current_user_saved;
356 static int become_root_depth;
357 static pstring become_root_dir;
359 /****************************************************************************
360 This is used when we need to do a privilaged operation (such as mucking
361 with share mode files) and temporarily need root access to do it. This
362 call should always be paired with an unbecome_root() call immediately
365 Set save_dir if you also need to save/restore the CWD
366 ****************************************************************************/
367 void become_root(BOOL save_dir)
369 if (become_root_depth) {
370 DEBUG(0,("ERROR: become root depth is non zero\n"));
373 dos_GetWd(become_root_dir);
375 current_user_saved = current_user;
376 become_root_depth = 1;
382 /****************************************************************************
383 When the privilaged operation is over call this
385 Set save_dir if you also need to save/restore the CWD
386 ****************************************************************************/
387 void unbecome_root(BOOL restore_dir)
389 if (become_root_depth != 1) {
390 DEBUG(0,("ERROR: unbecome root depth is %d\n",
394 /* we might have done a become_user() while running as root,
395 if we have then become root again in order to become
397 if (current_user.uid != 0) {
401 /* restore our gid first */
402 if (!become_gid(current_user_saved.gid)) {
403 DEBUG(0,("ERROR: Failed to restore gid\n"));
404 exit_server("Failed to restore gid");
407 #ifdef HAVE_SETGROUPS
408 if (current_user_saved.ngroups > 0) {
409 if (setgroups(current_user_saved.ngroups,
410 current_user_saved.groups)<0)
411 DEBUG(0,("ERROR: setgroups call failed!\n"));
415 /* now restore our uid */
416 if (!become_uid(current_user_saved.uid)) {
417 DEBUG(0,("ERROR: Failed to restore uid\n"));
418 exit_server("Failed to restore uid");
422 dos_ChDir(become_root_dir);
424 current_user = current_user_saved;
426 become_root_depth = 0;