/*
- Unix SMB/Netbios implementation.
- Version 1.9.
+ Unix SMB/CIFS implementation.
uid/user handling
Copyright (C) Andrew Tridgell 1992-1998
#include "includes.h"
-extern int DEBUGLEVEL;
-
-static int initial_uid;
-static int initial_gid;
-
/* what user is current? */
-struct current_user current_user;
-extern pstring sesssetup_user;
-
-pstring OriginalDir;
+extern struct current_user current_user;
/****************************************************************************
-initialise the uid routines
+ Become the guest user without changing the security context stack.
****************************************************************************/
-void init_uid(void)
-{
- initial_uid = current_user.uid = geteuid();
- initial_gid = current_user.gid = getegid();
-
- if (initial_gid != 0 && initial_uid == 0)
- {
-#ifdef HPUX
- setresgid(0,0,0);
-#else
- setgid(0);
- setegid(0);
-#endif
- }
-
- initial_uid = geteuid();
- initial_gid = getegid();
- current_user.cnum = -1;
- current_user.vuid = UID_FIELD_INVALID;
-
- ChDir(OriginalDir);
-}
-
-
-/****************************************************************************
- become the specified uid
-****************************************************************************/
-static BOOL become_uid(int uid)
+BOOL change_to_guest(void)
{
- if (initial_uid != 0)
- return(True);
-
- if (uid == -1 || uid == 65535) {
- DEBUG(1,("WARNING: using uid %d is a security risk\n",uid));
- }
+ static struct passwd *pass=NULL;
+ if (!pass) {
+ /* Don't need to free() this as its stored in a static */
+ pass = getpwnam_alloc(lp_guestaccount());
+ if (!pass)
+ return(False);
+ }
+
#ifdef AIX
- {
- /* AIX 3 stuff - inspired by a code fragment in wu-ftpd */
- priv_t priv;
-
- priv.pv_priv[0] = 0;
- priv.pv_priv[1] = 0;
- if (setpriv(PRIV_SET|PRIV_INHERITED|PRIV_EFFECTIVE|PRIV_BEQUEATH,
- &priv, sizeof(priv_t)) < 0 ||
- setuidx(ID_REAL|ID_EFFECTIVE, (uid_t)uid) < 0 ||
- seteuid((uid_t)uid) < 0)
- DEBUG(1,("Can't set uid (AIX3)\n"));
- }
-#endif
-
-#ifdef USE_SETRES
- if (setresuid(-1,uid,-1) != 0)
-#elif defined(USE_SETFS)
- if (setfsuid(uid) != 0)
-#else
- if ((seteuid(uid) != 0) &&
- (setuid(uid) != 0))
+ /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
+ setting IDs */
+ initgroups(pass->pw_name, pass->pw_gid);
#endif
- {
- DEBUG(0,("Couldn't set uid %d currently set to (%d,%d)\n",
- uid,getuid(), geteuid()));
- if (uid > 32000)
- DEBUG(0,("Looks like your OS doesn't like high uid values - try using a different account\n"));
- return(False);
- }
-
- if (((uid == -1) || (uid == 65535)) && geteuid() != uid) {
- DEBUG(0,("Invalid uid -1. perhaps you have a account with uid 65535?\n"));
- return(False);
- }
-
- current_user.uid = uid;
-
- return(True);
+
+ set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
+
+ current_user.conn = NULL;
+ current_user.vuid = UID_FIELD_INVALID;
+
+ passwd_free(&pass);
+
+ return True;
}
+/*******************************************************************
+ Check if a username is OK.
+********************************************************************/
-/****************************************************************************
- become the specified gid
-****************************************************************************/
-static BOOL become_gid(int gid)
+static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
{
- if (initial_uid != 0)
- return(True);
-
- if (gid == -1 || gid == 65535) {
- DEBUG(1,("WARNING: using gid %d is a security risk\n",gid));
- }
-
-#ifdef USE_SETRES
- if (setresgid(-1,gid,-1) != 0)
-#elif defined(USE_SETFS)
- if (setfsgid(gid) != 0)
-#else
- if (setgid(gid) != 0)
-#endif
- {
- DEBUG(0,("Couldn't set gid %d currently set to (%d,%d)\n",
- gid,getgid(),getegid()));
- if (gid > 32000)
- DEBUG(0,("Looks like your OS doesn't like high gid values - try using a different account\n"));
- return(False);
- }
+ unsigned i;
+ for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++)
+ if (conn->vuid_cache.list[i] == vuser->vuid)
+ return(True);
+
+ if ((conn->force_user || conn->force_group)
+ && (conn->vuid != vuser->vuid)) {
+ return False;
+ }
+
+ if (!user_ok(vuser->user.unix_name,snum, vuser->groups, vuser->n_groups))
+ return(False);
- current_user.gid = gid;
+ if (!share_access_check(conn, snum, vuser, conn->read_only ? FILE_READ_DATA : FILE_WRITE_DATA)) {
+ return False;
+ }
- return(True);
-}
+ i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
+ conn->vuid_cache.list[i] = vuser->vuid;
+ conn->vuid_cache.entries++;
-/****************************************************************************
- become the specified uid and gid
-****************************************************************************/
-static BOOL become_id(int uid,int gid)
-{
- return(become_gid(gid) && become_uid(uid));
+ return(True);
}
/****************************************************************************
-become the guest user
+ Become the user of a connection number without changing the security context
+ stack, but modify the currnet_user entries.
****************************************************************************/
-BOOL become_guest(void)
+
+BOOL change_to_user(connection_struct *conn, uint16 vuid)
{
- BOOL ret;
- static struct passwd *pass=NULL;
+ user_struct *vuser = get_valid_user_struct(vuid);
+ int snum;
+ gid_t gid;
+ uid_t uid;
+ char group_c;
+ BOOL must_free_token = False;
+ NT_USER_TOKEN *token = NULL;
+
+ if (!conn) {
+ DEBUG(2,("change_to_user: Connection not open\n"));
+ return(False);
+ }
+
+ /*
+ * We need a separate check in security=share mode due to vuid
+ * always being UID_FIELD_INVALID. If we don't do this then
+ * in share mode security we are *always* changing uid's between
+ * SMB's - this hurts performance - Badly.
+ */
+
+ if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
+ (current_user.uid == conn->uid)) {
+ DEBUG(4,("change_to_user: Skipping user change - already user\n"));
+ return(True);
+ } else if ((current_user.conn == conn) &&
+ (vuser != 0) && (current_user.vuid == vuid) &&
+ (current_user.uid == vuser->uid)) {
+ DEBUG(4,("change_to_user: Skipping user change - already user\n"));
+ return(True);
+ }
- if (initial_uid != 0)
- return(True);
+ snum = SNUM(conn);
+
+ if (conn->force_user) /* security = share sets this too */ {
+ uid = conn->uid;
+ gid = conn->gid;
+ current_user.groups = conn->groups;
+ current_user.ngroups = conn->ngroups;
+ token = conn->nt_user_token;
+ } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
+ uid = vuser->uid;
+ gid = vuser->gid;
+ current_user.ngroups = vuser->n_groups;
+ current_user.groups = vuser->groups;
+ token = vuser->nt_user_token;
+ } else {
+ DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
+ return False;
+ }
- if (!pass)
- pass = Get_Pwnam(lp_guestaccount(-1),True);
- if (!pass) return(False);
+ /*
+ * See if we should force group for this service.
+ * If so this overrides any group set in the force
+ * user code.
+ */
+
+ if((group_c = *lp_force_group(snum))) {
+ BOOL is_guest = False;
+
+ if(group_c == '+') {
+
+ /*
+ * Only force group if the user is a member of
+ * the service group. Check the group memberships for
+ * this user (we already have this) to
+ * see if we should force the group.
+ */
+
+ int i;
+ for (i = 0; i < current_user.ngroups; i++) {
+ if (current_user.groups[i] == conn->gid) {
+ gid = conn->gid;
+ break;
+ }
+ }
+ } else {
+ gid = conn->gid;
+ }
+
+ /*
+ * We've changed the group list in the token - we must
+ * re-create it.
+ */
+
+ if (vuser && vuser->guest)
+ is_guest = True;
+
+ token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
+ if (!token) {
+ DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
+ return False;
+ }
+ must_free_token = True;
+ }
+
+ set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
- ret = become_id(pass->pw_uid,pass->pw_gid);
+ /*
+ * Free the new token (as set_sec_ctx copies it).
+ */
- if (!ret)
- DEBUG(1,("Failed to become guest. Invalid guest account?\n"));
+ if (must_free_token)
+ delete_nt_token(&token);
- current_user.cnum = -2;
- current_user.vuid = UID_FIELD_INVALID;
+ current_user.conn = conn;
+ current_user.vuid = vuid;
- return(ret);
+ DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
+ (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
+
+ return(True);
}
-/*******************************************************************
-check if a username is OK
-********************************************************************/
-static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
-{
- int i;
- for (i=0;i<conn->uid_cache.entries;i++)
- if (conn->uid_cache.list[i] == vuser->uid) return(True);
+/****************************************************************************
+ Go back to being root without changing the security context stack,
+ but modify the current_user entries.
+****************************************************************************/
- if (!user_ok(vuser->name,snum)) return(False);
+BOOL change_to_root_user(void)
+{
+ set_root_sec_ctx();
- i = conn->uid_cache.entries % UID_CACHE_SIZE;
- conn->uid_cache.list[i] = vuser->uid;
+ DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
+ (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
- if (conn->uid_cache.entries < UID_CACHE_SIZE)
- conn->uid_cache.entries++;
+ current_user.conn = NULL;
+ current_user.vuid = UID_FIELD_INVALID;
- return(True);
+ return(True);
}
-
/****************************************************************************
- become the user of a connection number
+ Become the user of an authenticated connected named pipe.
+ When this is called we are currently running as the connection
+ user. Doesn't modify current_user.
****************************************************************************/
-BOOL become_user(connection_struct *conn, int cnum, uint16 vuid)
+
+BOOL become_authenticated_pipe_user(pipes_struct *p)
{
- user_struct *vuser = get_valid_user_struct(vuid);
- int snum,gid;
- int uid;
-
- if ((current_user.cnum == cnum) && (vuser != 0) && (current_user.vuid == vuid) &&
- (current_user.uid == vuser->uid)) {
- DEBUG(4,("Skipping become_user - already user\n"));
- return(True);
- }
-
- unbecome_user();
-
- if (!(VALID_CNUM(cnum) && conn->open)) {
- DEBUG(2,("Connection %d not open\n",cnum));
- return(False);
- }
-
- snum = conn->service;
-
- if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
- return False;
-
- if (conn->force_user ||
- lp_security() == SEC_SHARE ||
- !(vuser) || (vuser->guest)
- )
- {
- uid = conn->uid;
- gid = conn->gid;
- current_user.groups = conn->groups;
- current_user.igroups = conn->igroups;
- current_user.ngroups = conn->ngroups;
- current_user.attrs = conn->attrs;
- }
- else
- {
- if (!vuser) {
- DEBUG(2,("Invalid vuid used %d\n",vuid));
- return(False);
- }
- uid = vuser->uid;
- if(!*lp_force_group(snum))
- gid = vuser->gid;
- else
- gid = conn->gid;
- current_user.ngroups = vuser->n_groups;
- current_user.groups = vuser->groups;
- current_user.igroups = vuser->igroups;
- current_user.attrs = vuser->attrs;
- }
-
- if (initial_uid == 0)
- {
- if (!become_gid(gid)) return(False);
-
-#ifndef NO_SETGROUPS
- if (!(VALID_CNUM(cnum) && conn->ipc)) {
- /* groups stuff added by ih/wreu */
- if (current_user.ngroups > 0)
- if (setgroups(current_user.ngroups,current_user.groups)<0)
- DEBUG(0,("setgroups call failed!\n"));
- }
-#endif
+ if (!push_sec_ctx())
+ return False;
- if (!conn->admin_user && !become_uid(uid))
- return(False);
- }
+ set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
+ p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
- current_user.cnum = cnum;
- current_user.vuid = vuid;
+ return True;
+}
- /* Ensure sesssetup_user is set correctly if we are using
- user security. */
- if(vuser != NULL)
- pstrcpy( sesssetup_user, vuser->requested_name);
+/****************************************************************************
+ Unbecome the user of an authenticated connected named pipe.
+ When this is called we are running as the authenticated pipe
+ user and need to go back to being the connection user. Doesn't modify
+ current_user.
+****************************************************************************/
- DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
- getuid(),geteuid(),getgid(),getegid()));
-
- return(True);
+BOOL unbecome_authenticated_pipe_user(void)
+{
+ return pop_sec_ctx();
}
/****************************************************************************
- unbecome the user of a connection number
+ Utility functions used by become_xxx/unbecome_xxx.
****************************************************************************/
-BOOL unbecome_user(void )
+
+struct conn_ctx {
+ connection_struct *conn;
+ uint16 vuid;
+};
+
+/* A stack of current_user connection contexts. */
+
+static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
+static int conn_ctx_stack_ndx;
+
+static void push_conn_ctx(void)
{
- if (current_user.cnum == -1)
- return(False);
-
- ChDir(OriginalDir);
-
- if (initial_uid == 0)
- {
-#ifdef USE_SETRES
- setresuid(-1,getuid(),-1);
- setresgid(-1,getgid(),-1);
-#elif defined(USE_SETFS)
- setfsuid(initial_uid);
- setfsgid(initial_gid);
-#else
- if (seteuid(initial_uid) != 0)
- setuid(initial_uid);
- setgid(initial_gid);
-#endif
- }
-#ifdef NO_EID
- if (initial_uid == 0)
- DEBUG(2,("Running with no EID\n"));
- initial_uid = getuid();
- initial_gid = getgid();
-#else
- if (geteuid() != initial_uid)
- {
- DEBUG(0,("Warning: You appear to have a trapdoor uid system\n"));
- initial_uid = geteuid();
- }
- if (getegid() != initial_gid)
- {
- DEBUG(0,("Warning: You appear to have a trapdoor gid system\n"));
- initial_gid = getegid();
- }
-#endif
+ struct conn_ctx *ctx_p;
+
+ /* Check we don't overflow our stack */
+
+ if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
+ DEBUG(0, ("Connection context stack overflow!\n"));
+ smb_panic("Connection context stack overflow!\n");
+ }
+
+ /* Store previous user context */
+ ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
+
+ ctx_p->conn = current_user.conn;
+ ctx_p->vuid = current_user.vuid;
+
+ DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
+ (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
+
+ conn_ctx_stack_ndx++;
+}
- current_user.uid = initial_uid;
- current_user.gid = initial_gid;
-
- if (ChDir(OriginalDir) != 0)
- DEBUG(0,("%s chdir(%s) failed in unbecome_user\n",
- timestring(),OriginalDir));
+static void pop_conn_ctx(void)
+{
+ struct conn_ctx *ctx_p;
+
+ /* Check for stack underflow. */
- DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
- getuid(),geteuid(),getgid(),getegid()));
+ if (conn_ctx_stack_ndx == 0) {
+ DEBUG(0, ("Connection context stack underflow!\n"));
+ smb_panic("Connection context stack underflow!\n");
+ }
+
+ conn_ctx_stack_ndx--;
+ ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
- current_user.cnum = -1;
- current_user.vuid = UID_FIELD_INVALID;
+ current_user.conn = ctx_p->conn;
+ current_user.vuid = ctx_p->vuid;
- return(True);
+ ctx_p->conn = NULL;
+ ctx_p->vuid = UID_FIELD_INVALID;
}
+void init_conn_ctx(void)
+{
+ int i;
+
+ /* Initialise connection context stack */
+ for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
+ conn_ctx_stack[i].conn = NULL;
+ conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
+ }
+}
/****************************************************************************
-This is a utility function of smbrun(). It must be called only from
-the child as it may leave the caller in a privilaged state.
+ Temporarily become a root user. Must match with unbecome_root(). Saves and
+ restores the connection context.
****************************************************************************/
-static BOOL setup_stdout_file(char *outfile,BOOL shared)
-{
- int fd;
- struct stat st;
- mode_t mode = S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH;
- int flags = O_RDWR|O_CREAT|O_TRUNC|O_EXCL;
-
- close(1);
-
- if (shared) {
- /* become root - unprivilaged users can't delete these files */
-#ifdef USE_SETRES
- setresgid(0,0,0);
- setresuid(0,0,0);
-#else
- setuid(0);
- seteuid(0);
-#endif
- }
-
- if(stat(outfile, &st) == 0) {
- /* Check we're not deleting a device file. */
- if(st.st_mode & S_IFREG)
- unlink(outfile);
- else
- flags = O_RDWR;
- }
- /* now create the file */
- fd = open(outfile,flags,mode);
-
- if (fd == -1) return False;
-
- if (fd != 1) {
- if (dup2(fd,1) != 0) {
- DEBUG(2,("Failed to create stdout file descriptor\n"));
- close(fd);
- return False;
- }
- close(fd);
- }
- return True;
+
+void become_root(void)
+{
+ push_sec_ctx();
+ push_conn_ctx();
+ set_root_sec_ctx();
}
+/* Unbecome the root user */
-/****************************************************************************
-run a command being careful about uid/gid handling and putting the output in
-outfile (or discard it if outfile is NULL).
-
-if shared is True then ensure the file will be writeable by all users
-but created such that its owned by root. This overcomes a security hole.
+void unbecome_root(void)
+{
+ pop_sec_ctx();
+ pop_conn_ctx();
+}
-if shared is not set then open the file with O_EXCL set
+/****************************************************************************
+ Push the current security context then force a change via change_to_user().
+ Saves and restores the connection context.
****************************************************************************/
-int smbrun(char *cmd,char *outfile,BOOL shared)
-{
- int fd,pid;
- int uid = current_user.uid;
- int gid = current_user.gid;
-
-#if USE_SYSTEM
- int ret;
- pstring syscmd;
- char *path = lp_smbrun();
-
- /* in the old method we use system() to execute smbrun which then
- executes the command (using system() again!). This involves lots
- of shell launches and is very slow. It also suffers from a
- potential security hole */
- if (!file_exist(path,NULL))
- {
- DEBUG(0,("SMBRUN ERROR: Can't find %s. Installation problem?\n",path));
- return(1);
- }
- sprintf(syscmd,"%s %d %d \"(%s 2>&1) > %s\"",
- path,uid,gid,cmd,
- outfile?outfile:"/dev/null");
-
- DEBUG(5,("smbrun - running %s ",syscmd));
- ret = system(syscmd);
- DEBUG(5,("gave %d\n",ret));
- return(ret);
-#else
- /* in this newer method we will exec /bin/sh with the correct
- arguments, after first setting stdout to point at the file */
-
- if ((pid=fork())) {
- int status=0;
- /* the parent just waits for the child to exit */
- if (sys_waitpid(pid,&status,0) != pid) {
- DEBUG(2,("waitpid(%d) : %s\n",pid,strerror(errno)));
- return -1;
- }
- return status;
- }
-
-
- /* we are in the child. we exec /bin/sh to do the work for us. we
- don't directly exec the command we want because it may be a
- pipeline or anything else the config file specifies */
-
- /* point our stdout at the file we want output to go into */
- if (outfile && !setup_stdout_file(outfile,shared)) {
- exit(80);
- }
-
- /* now completely lose our privilages. This is a fairly paranoid
- way of doing it, but it does work on all systems that I know of */
-#ifdef USE_SETRES
- setresgid(0,0,0);
- setresuid(0,0,0);
- setresgid(gid,gid,gid);
- setresuid(uid,uid,uid);
-#else
- setuid(0);
- seteuid(0);
- setgid(gid);
- setegid(gid);
- setuid(uid);
- seteuid(uid);
-#endif
+BOOL become_user(connection_struct *conn, uint16 vuid)
+{
+ if (!push_sec_ctx())
+ return False;
- if (getuid() != uid || geteuid() != uid ||
- getgid() != gid || getegid() != gid) {
- /* we failed to lose our privilages - do not execute the command */
- exit(81); /* we can't print stuff at this stage, instead use exit codes
- for debugging */
- }
+ push_conn_ctx();
- /* close all other file descriptors, leaving only 0, 1 and 2. 0 and
- 2 point to /dev/null from the startup code */
- for (fd=3;fd<256;fd++) close(fd);
+ if (!change_to_user(conn, vuid)) {
+ pop_sec_ctx();
+ pop_conn_ctx();
+ return False;
+ }
- execl("/bin/sh","sh","-c",cmd,NULL);
+ return True;
+}
- /* not reached */
- exit(82);
-#endif
- return 1;
+BOOL unbecome_user(void)
+{
+ pop_sec_ctx();
+ pop_conn_ctx();
+ return True;
}
-static struct current_user current_user_saved;
-static int become_root_depth;
-static pstring become_root_dir;
+/*****************************************************************
+ Convert the suplimentary SIDs returned in a netlogon into UNIX
+ group gid_t's. Add to the total group array.
+*****************************************************************/
+
+void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
+{
+ int total_groups;
+ int current_n_groups = *n_groups;
+ gid_t *final_groups = NULL;
+ size_t i;
+ NT_USER_TOKEN *ptok = *pptok;
+ NT_USER_TOKEN *new_tok = NULL;
+
+ if (!ptok || (ptok->num_sids == 0))
+ return;
+
+ new_tok = dup_nt_token(ptok);
+ if (!new_tok) {
+ DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
+ return;
+ }
+ /* Leave the allocated space but empty the number of SIDs. */
+ new_tok->num_sids = 0;
+
+ total_groups = current_n_groups + ptok->num_sids;
+
+ final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
+ if (!final_groups) {
+ DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
+ delete_nt_token(&new_tok);
+ return;
+ }
+
+ memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
+ for (i = 0; i < ptok->num_sids; i++) {
+ gid_t new_grp;
+
+ if (NT_STATUS_IS_OK(sid_to_gid(&ptok->user_sids[i], &new_grp))) {
+ /*
+ * Don't add the gid_t if it is already in the current group
+ * list. Some UNIXen don't like the same group more than once.
+ */
+ int j;
+
+ for (j = 0; j < current_n_groups; j++)
+ if (final_groups[j] == new_grp)
+ break;
+
+ if ( j == current_n_groups) {
+ /* Group not already present. */
+ final_groups[current_n_groups++] = new_grp;
+ }
+ } else {
+ /* SID didn't map. Copy to the new token to be saved. */
+ sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
+ }
+ }
+
+ SAFE_FREE(*pp_groups);
+ *pp_groups = final_groups;
+ *n_groups = current_n_groups;
+
+ /* Replace the old token with the truncated one. */
+ delete_nt_token(&ptok);
+ *pptok = new_tok;
+}
-/****************************************************************************
-This is used when we need to do a privilaged operation (such as mucking
-with share mode files) and temporarily need root access to do it. This
-call should always be paired with an unbecome_root() call immediately
-after the operation
+/*****************************************************************
+ *THE CANONICAL* convert name to SID function.
+ Tries local lookup first - for local domains - then uses winbind.
+*****************************************************************/
-Set save_dir if you also need to save/restore the CWD
-****************************************************************************/
-void become_root(BOOL save_dir)
+BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
{
- if (become_root_depth) {
- DEBUG(0,("ERROR: become root depth is non zero\n"));
+ fstring sid;
+ BOOL local_lookup = False;
+
+ *name_type = SID_NAME_UNKNOWN;
+
+ /* If we are looking up a domain user, make sure it is
+ for the local machine only */
+
+ if (strequal(global_myname(), domain)) {
+ local_lookup = True;
+ } else if (lp_server_role() == ROLE_DOMAIN_PDC ||
+ lp_server_role() == ROLE_DOMAIN_BDC) {
+ if (strequal(domain, lp_workgroup())) {
+ local_lookup = True;
+ }
}
- if (save_dir)
- GetWd(become_root_dir);
-
- current_user_saved = current_user;
- become_root_depth = 1;
+
+ if (local_lookup) {
+ if (local_lookup_name(name, psid, name_type)) {
+ DEBUG(10,
+ ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n",
+ domain, name, sid_to_string(sid,psid),
+ sid_type_lookup(*name_type), (unsigned int)*name_type));
+ return True;
+ }
+ } else {
+ /* Remote */
+ if (winbind_lookup_name(domain, name, psid, name_type)) {
+
+ DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
+ domain, name, sid_to_string(sid, psid),
+ (unsigned int)*name_type));
+ return True;
+ }
+ }
+
+ DEBUG(10, ("lookup_name: %s lookup for [%s]\\[%s] failed\n",
+ local_lookup ? "local" : "winbind", domain, name));
- become_uid(0);
- become_gid(0);
+ return False;
}
-/****************************************************************************
-When the privilaged operation is over call this
+/*****************************************************************
+ *THE CANONICAL* convert SID to name function.
+ Tries local lookup first - for local sids, then tries winbind.
+*****************************************************************/
-Set save_dir if you also need to save/restore the CWD
-****************************************************************************/
-void unbecome_root(BOOL restore_dir)
+BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
{
- if (become_root_depth != 1) {
- DEBUG(0,("ERROR: unbecome root depth is %d\n",
- become_root_depth));
- }
+ if (!name_type)
+ return False;
- /* we might have done a become_user() while running as root,
- if we have then become root again in order to become
- non root! */
- if (current_user.uid != 0) {
- become_uid(0);
- }
+ *name_type = SID_NAME_UNKNOWN;
- /* restore our gid first */
- if (!become_gid(current_user_saved.gid)) {
- DEBUG(0,("ERROR: Failed to restore gid\n"));
- exit_server("Failed to restore gid");
- }
+ /* Check if this is our own sid. This should perhaps be done by
+ winbind? For the moment handle it here. */
-#ifndef NO_SETGROUPS
- if (current_user_saved.ngroups > 0) {
- if (setgroups(current_user_saved.ngroups,
- current_user_saved.groups)<0)
- DEBUG(0,("ERROR: setgroups call failed!\n"));
- }
-#endif
+ if (sid->num_auths == 5) {
+ DOM_SID tmp_sid;
+ uint32 rid;
- /* now restore our uid */
- if (!become_uid(current_user_saved.uid)) {
- DEBUG(0,("ERROR: Failed to restore uid\n"));
- exit_server("Failed to restore uid");
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+
+ if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
+
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ local_lookup_sid(sid, name, name_type);
+ }
}
- if (restore_dir)
- ChDir(become_root_dir);
+ if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
+ fstring sid_str;
+ DOM_SID tmp_sid;
+ uint32 rid;
- current_user = current_user_saved;
+ DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
- become_root_depth = 0;
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ lookup_known_rid(&tmp_sid, rid, name, name_type);
+ }
+ return True;
}