Add accessor functions for current uid, gid, unix token, NT token and vuid.
[ira/wip.git] / source3 / smbd / uid.c
1 /* 
2    Unix SMB/CIFS implementation.
3    uid/user handling
4    Copyright (C) Andrew Tridgell 1992-1998
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "smbd/globals.h"
22
23 /* what user is current? */
24 extern struct current_user current_user;
25
26 /****************************************************************************
27  Become the guest user without changing the security context stack.
28 ****************************************************************************/
29
30 bool change_to_guest(void)
31 {
32         struct passwd *pass;
33
34         pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
35         if (!pass) {
36                 return false;
37         }
38
39 #ifdef AIX
40         /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before 
41            setting IDs */
42         initgroups(pass->pw_name, pass->pw_gid);
43 #endif
44
45         set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
46
47         current_user.conn = NULL;
48         current_user.vuid = UID_FIELD_INVALID;
49
50         TALLOC_FREE(pass);
51
52         return true;
53 }
54
55 /****************************************************************************
56  talloc free the conn->server_info if not used in the vuid cache.
57 ****************************************************************************/
58
59 static void free_conn_server_info_if_unused(connection_struct *conn)
60 {
61         unsigned int i;
62
63         for (i = 0; i < VUID_CACHE_SIZE; i++) {
64                 struct vuid_cache_entry *ent;
65                 ent = &conn->vuid_cache.array[i];
66                 if (ent->vuid != UID_FIELD_INVALID &&
67                                 conn->server_info == ent->server_info) {
68                         return;
69                 }
70         }
71         /* Not used, safe to free. */
72         TALLOC_FREE(conn->server_info);
73 }
74
75 /*******************************************************************
76  Check if a username is OK.
77
78  This sets up conn->server_info with a copy related to this vuser that
79  later code can then mess with.
80 ********************************************************************/
81
82 static bool check_user_ok(connection_struct *conn,
83                         uint16_t vuid,
84                         const struct auth_serversupplied_info *server_info,
85                         int snum)
86 {
87         bool valid_vuid = (vuid != UID_FIELD_INVALID);
88         unsigned int i;
89         bool readonly_share;
90         bool admin_user;
91
92         if (valid_vuid) {
93                 struct vuid_cache_entry *ent;
94
95                 for (i=0; i<VUID_CACHE_SIZE; i++) {
96                         ent = &conn->vuid_cache.array[i];
97                         if (ent->vuid == vuid) {
98                                 free_conn_server_info_if_unused(conn);
99                                 conn->server_info = ent->server_info;
100                                 conn->read_only = ent->read_only;
101                                 conn->admin_user = ent->admin_user;
102                                 return(True);
103                         }
104                 }
105         }
106
107         if (!user_ok_token(server_info->unix_name,
108                            pdb_get_domain(server_info->sam_account),
109                            server_info->ptok, snum))
110                 return(False);
111
112         readonly_share = is_share_read_only_for_token(
113                 server_info->unix_name,
114                 pdb_get_domain(server_info->sam_account),
115                 server_info->ptok,
116                 conn);
117
118         if (!readonly_share &&
119             !share_access_check(server_info->ptok, lp_servicename(snum),
120                                 FILE_WRITE_DATA)) {
121                 /* smb.conf allows r/w, but the security descriptor denies
122                  * write. Fall back to looking at readonly. */
123                 readonly_share = True;
124                 DEBUG(5,("falling back to read-only access-evaluation due to "
125                          "security descriptor\n"));
126         }
127
128         if (!share_access_check(server_info->ptok, lp_servicename(snum),
129                                 readonly_share ?
130                                 FILE_READ_DATA : FILE_WRITE_DATA)) {
131                 return False;
132         }
133
134         admin_user = token_contains_name_in_list(
135                 server_info->unix_name,
136                 pdb_get_domain(server_info->sam_account),
137                 NULL, server_info->ptok, lp_admin_users(snum));
138
139         if (valid_vuid) {
140                 struct vuid_cache_entry *ent =
141                         &conn->vuid_cache.array[conn->vuid_cache.next_entry];
142
143                 conn->vuid_cache.next_entry =
144                         (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
145
146                 TALLOC_FREE(ent->server_info);
147
148                 /*
149                  * If force_user was set, all server_info's are based on the same
150                  * username-based faked one.
151                  */
152
153                 ent->server_info = copy_serverinfo(
154                         conn, conn->force_user ? conn->server_info : server_info);
155
156                 if (ent->server_info == NULL) {
157                         ent->vuid = UID_FIELD_INVALID;
158                         return false;
159                 }
160
161                 ent->vuid = vuid;
162                 ent->read_only = readonly_share;
163                 ent->admin_user = admin_user;
164                 free_conn_server_info_if_unused(conn);
165                 conn->server_info = ent->server_info;
166         }
167
168         conn->read_only = readonly_share;
169         conn->admin_user = admin_user;
170
171         return(True);
172 }
173
174 /****************************************************************************
175  Clear a vuid out of the connection's vuid cache
176  This is only called on SMBulogoff.
177 ****************************************************************************/
178
179 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
180 {
181         int i;
182
183         for (i=0; i<VUID_CACHE_SIZE; i++) {
184                 struct vuid_cache_entry *ent;
185
186                 ent = &conn->vuid_cache.array[i];
187
188                 if (ent->vuid == vuid) {
189                         ent->vuid = UID_FIELD_INVALID;
190                         /*
191                          * We need to keep conn->server_info around
192                          * if it's equal to ent->server_info as a SMBulogoff
193                          * is often followed by a SMBtdis (with an invalid
194                          * vuid). The debug code (or regular code in
195                          * vfs_full_audit) wants to refer to the
196                          * conn->server_info pointer to print debug
197                          * statements. Theoretically this is a bug,
198                          * as once the vuid is gone the server_info
199                          * on the conn struct isn't valid any more,
200                          * but there's enough code that assumes
201                          * conn->server_info is never null that
202                          * it's easier to hold onto the old pointer
203                          * until we get a new sessionsetupX.
204                          * As everything is hung off the
205                          * conn pointer as a talloc context we're not
206                          * leaking memory here. See bug #6315. JRA.
207                          */
208                         if (conn->server_info == ent->server_info) {
209                                 ent->server_info = NULL;
210                         } else {
211                                 TALLOC_FREE(ent->server_info);
212                         }
213                         ent->read_only = False;
214                         ent->admin_user = False;
215                 }
216         }
217 }
218
219 /****************************************************************************
220  Become the user of a connection number without changing the security context
221  stack, but modify the current_user entries.
222 ****************************************************************************/
223
224 bool change_to_user(connection_struct *conn, uint16 vuid)
225 {
226         const struct auth_serversupplied_info *server_info = NULL;
227         struct smbd_server_connection *sconn = smbd_server_conn;
228         user_struct *vuser = get_valid_user_struct(sconn, vuid);
229         int snum;
230         gid_t gid;
231         uid_t uid;
232         char group_c;
233         int num_groups = 0;
234         gid_t *group_list = NULL;
235
236         if (!conn) {
237                 DEBUG(2,("change_to_user: Connection not open\n"));
238                 return(False);
239         }
240
241         /*
242          * We need a separate check in security=share mode due to vuid
243          * always being UID_FIELD_INVALID. If we don't do this then
244          * in share mode security we are *always* changing uid's between
245          * SMB's - this hurts performance - Badly.
246          */
247
248         if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
249            (current_user.ut.uid == conn->server_info->utok.uid)) {
250                 DEBUG(4,("change_to_user: Skipping user change - already "
251                          "user\n"));
252                 return(True);
253         } else if ((current_user.conn == conn) && 
254                    (vuser != NULL) && (current_user.vuid == vuid) &&
255                    (current_user.ut.uid == vuser->server_info->utok.uid)) {
256                 DEBUG(4,("change_to_user: Skipping user change - already "
257                          "user\n"));
258                 return(True);
259         }
260
261         snum = SNUM(conn);
262
263         server_info = vuser ? vuser->server_info : conn->server_info;
264
265         if (!server_info) {
266                 /* Invalid vuid sent - even with security = share. */
267                 DEBUG(2,("change_to_user: Invalid vuid %d used on "
268                          "share %s.\n",vuid, lp_servicename(snum) ));
269                 return false;
270         }
271
272         if (!check_user_ok(conn, vuid, server_info, snum)) {
273                 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
274                          "not permitted access to share %s.\n",
275                          server_info->sanitized_username,
276                          server_info->unix_name, vuid,
277                          lp_servicename(snum)));
278                 return false;
279         }
280
281         /*
282          * conn->server_info is now correctly set up with a copy we can mess
283          * with for force_group etc.
284          */
285
286         if (conn->force_user) /* security = share sets this too */ {
287                 uid = conn->server_info->utok.uid;
288                 gid = conn->server_info->utok.gid;
289                 group_list = conn->server_info->utok.groups;
290                 num_groups = conn->server_info->utok.ngroups;
291         } else if (vuser) {
292                 uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
293                 gid = conn->server_info->utok.gid;
294                 num_groups = conn->server_info->utok.ngroups;
295                 group_list  = conn->server_info->utok.groups;
296         } else {
297                 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
298                          "share %s.\n",vuid, lp_servicename(snum) ));
299                 return False;
300         }
301
302         /*
303          * See if we should force group for this service.
304          * If so this overrides any group set in the force
305          * user code.
306          */
307
308         if((group_c = *lp_force_group(snum))) {
309
310                 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
311
312                 if(group_c == '+') {
313
314                         /*
315                          * Only force group if the user is a member of
316                          * the service group. Check the group memberships for
317                          * this user (we already have this) to
318                          * see if we should force the group.
319                          */
320
321                         int i;
322                         for (i = 0; i < num_groups; i++) {
323                                 if (group_list[i]
324                                     == conn->force_group_gid) {
325                                         conn->server_info->utok.gid =
326                                                 conn->force_group_gid;
327                                         gid = conn->force_group_gid;
328                                         gid_to_sid(&conn->server_info->ptok
329                                                    ->user_sids[1], gid);
330                                         break;
331                                 }
332                         }
333                 } else {
334                         conn->server_info->utok.gid = conn->force_group_gid;
335                         gid = conn->force_group_gid;
336                         gid_to_sid(&conn->server_info->ptok->user_sids[1],
337                                    gid);
338                 }
339         }
340
341         /* Now set current_user since we will immediately also call
342            set_sec_ctx() */
343
344         current_user.ut.ngroups = num_groups;
345         current_user.ut.groups  = group_list;
346
347         set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
348                     conn->server_info->ptok);
349
350         current_user.conn = conn;
351         current_user.vuid = vuid;
352
353         DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
354                  (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
355
356         return(True);
357 }
358
359 /****************************************************************************
360  Go back to being root without changing the security context stack,
361  but modify the current_user entries.
362 ****************************************************************************/
363
364 bool change_to_root_user(void)
365 {
366         set_root_sec_ctx();
367
368         DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
369                 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
370
371         current_user.conn = NULL;
372         current_user.vuid = UID_FIELD_INVALID;
373
374         return(True);
375 }
376
377 /****************************************************************************
378  Become the user of an authenticated connected named pipe.
379  When this is called we are currently running as the connection
380  user. Doesn't modify current_user.
381 ****************************************************************************/
382
383 bool become_authenticated_pipe_user(pipes_struct *p)
384 {
385         if (!push_sec_ctx())
386                 return False;
387
388         set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
389                     p->server_info->utok.ngroups, p->server_info->utok.groups,
390                     p->server_info->ptok);
391
392         return True;
393 }
394
395 /****************************************************************************
396  Unbecome the user of an authenticated connected named pipe.
397  When this is called we are running as the authenticated pipe
398  user and need to go back to being the connection user. Doesn't modify
399  current_user.
400 ****************************************************************************/
401
402 bool unbecome_authenticated_pipe_user(void)
403 {
404         return pop_sec_ctx();
405 }
406
407 /****************************************************************************
408  Utility functions used by become_xxx/unbecome_xxx.
409 ****************************************************************************/
410
411 static void push_conn_ctx(void)
412 {
413         struct conn_ctx *ctx_p;
414
415         /* Check we don't overflow our stack */
416
417         if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
418                 DEBUG(0, ("Connection context stack overflow!\n"));
419                 smb_panic("Connection context stack overflow!\n");
420         }
421
422         /* Store previous user context */
423         ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
424
425         ctx_p->conn = current_user.conn;
426         ctx_p->vuid = current_user.vuid;
427
428         DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
429                 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
430
431         conn_ctx_stack_ndx++;
432 }
433
434 static void pop_conn_ctx(void)
435 {
436         struct conn_ctx *ctx_p;
437
438         /* Check for stack underflow. */
439
440         if (conn_ctx_stack_ndx == 0) {
441                 DEBUG(0, ("Connection context stack underflow!\n"));
442                 smb_panic("Connection context stack underflow!\n");
443         }
444
445         conn_ctx_stack_ndx--;
446         ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
447
448         current_user.conn = ctx_p->conn;
449         current_user.vuid = ctx_p->vuid;
450
451         ctx_p->conn = NULL;
452         ctx_p->vuid = UID_FIELD_INVALID;
453 }
454
455 /****************************************************************************
456  Temporarily become a root user.  Must match with unbecome_root(). Saves and
457  restores the connection context.
458 ****************************************************************************/
459
460 void become_root(void)
461 {
462          /*
463           * no good way to handle push_sec_ctx() failing without changing
464           * the prototype of become_root()
465           */
466         if (!push_sec_ctx()) {
467                 smb_panic("become_root: push_sec_ctx failed");
468         }
469         push_conn_ctx();
470         set_root_sec_ctx();
471 }
472
473 /* Unbecome the root user */
474
475 void unbecome_root(void)
476 {
477         pop_sec_ctx();
478         pop_conn_ctx();
479 }
480
481 /****************************************************************************
482  Push the current security context then force a change via change_to_user().
483  Saves and restores the connection context.
484 ****************************************************************************/
485
486 bool become_user(connection_struct *conn, uint16 vuid)
487 {
488         if (!push_sec_ctx())
489                 return False;
490
491         push_conn_ctx();
492
493         if (!change_to_user(conn, vuid)) {
494                 pop_sec_ctx();
495                 pop_conn_ctx();
496                 return False;
497         }
498
499         return True;
500 }
501
502 bool unbecome_user(void)
503 {
504         pop_sec_ctx();
505         pop_conn_ctx();
506         return True;
507 }
508
509 /****************************************************************************
510  Return the current user we are running effectively as on this connection.
511  I'd like to make this return conn->server_info->utok.uid, but become_root()
512  doesn't alter this value.
513 ****************************************************************************/
514
515 uid_t get_current_uid(connection_struct *conn)
516 {
517         return current_user.ut.uid;
518 }
519
520 /****************************************************************************
521  Return the current group we are running effectively as on this connection.
522  I'd like to make this return conn->server_info->utok.gid, but become_root()
523  doesn't alter this value.
524 ****************************************************************************/
525
526 gid_t get_current_gid(connection_struct *conn)
527 {
528         return current_user.ut.gid;
529 }
530
531 /****************************************************************************
532  Return the UNIX token we are running effectively as on this connection.
533  I'd like to make this return &conn->server_info->utok, but become_root()
534  doesn't alter this value.
535 ****************************************************************************/
536
537 const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn)
538 {
539         return &current_user.ut;
540 }
541
542 const NT_USER_TOKEN *get_current_nttok(connection_struct *conn)
543 {
544         return current_user.nt_user_token;
545 }
546
547 uint16_t get_current_vuid(connection_struct *conn)
548 {
549         return current_user.vuid;
550 }