2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 /* what user is current? */
25 extern struct current_user current_user;
27 /****************************************************************************
28 Become the guest user without changing the security context stack.
29 ****************************************************************************/
31 BOOL change_to_guest(void)
33 static struct passwd *pass=NULL;
34 static uid_t guest_uid = (uid_t)-1;
35 static gid_t guest_gid = (gid_t)-1;
36 static fstring guest_name;
39 pass = Get_Pwnam(lp_guestaccount(-1),True);
42 guest_uid = pass->pw_uid;
43 guest_gid = pass->pw_gid;
44 fstrcpy(guest_name, pass->pw_name);
48 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
50 initgroups(guest_name, guest_gid);
53 set_sec_ctx(guest_uid, guest_gid, 0, NULL, NULL);
55 current_user.conn = NULL;
56 current_user.vuid = UID_FIELD_INVALID;
61 /*******************************************************************
62 Check if a username is OK.
63 ********************************************************************/
65 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
68 for (i=0;i<conn->uid_cache.entries;i++)
69 if (conn->uid_cache.list[i] == vuser->uid)
72 if (!user_ok(vuser->user.unix_name,snum))
75 i = conn->uid_cache.entries % UID_CACHE_SIZE;
76 conn->uid_cache.list[i] = vuser->uid;
78 if (conn->uid_cache.entries < UID_CACHE_SIZE)
79 conn->uid_cache.entries++;
84 /****************************************************************************
85 Become the user of a connection number without changing the security context
86 stack, but modify the currnet_user entries.
87 ****************************************************************************/
89 BOOL change_to_user(connection_struct *conn, uint16 vuid)
91 user_struct *vuser = get_valid_user_struct(vuid);
96 BOOL must_free_token = False;
97 NT_USER_TOKEN *token = NULL;
100 DEBUG(2,("change_to_user: Connection not open\n"));
105 * We need a separate check in security=share mode due to vuid
106 * always being UID_FIELD_INVALID. If we don't do this then
107 * in share mode security we are *always* changing uid's between
108 * SMB's - this hurts performance - Badly.
111 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
112 (current_user.uid == conn->uid)) {
113 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
115 } else if ((current_user.conn == conn) &&
116 (vuser != 0) && (current_user.vuid == vuid) &&
117 (current_user.uid == vuser->uid)) {
118 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
124 if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
127 if (conn->force_user ||
129 (lp_security() == SEC_SHARE)) {
132 current_user.groups = conn->groups;
133 current_user.ngroups = conn->ngroups;
134 token = conn->nt_user_token;
137 DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid));
142 current_user.ngroups = vuser->n_groups;
143 current_user.groups = vuser->groups;
144 token = vuser->nt_user_token;
148 * See if we should force group for this service.
149 * If so this overrides any group set in the force
153 if((group_c = *lp_force_group(snum))) {
154 BOOL is_guest = False;
159 * Only force group if the user is a member of
160 * the service group. Check the group memberships for
161 * this user (we already have this) to
162 * see if we should force the group.
166 for (i = 0; i < current_user.ngroups; i++) {
167 if (current_user.groups[i] == conn->gid) {
177 * We've changed the group list in the token - we must
181 if (vuser && vuser->guest)
184 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
185 must_free_token = True;
188 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
191 * Free the new token (as set_sec_ctx copies it).
195 delete_nt_token(&token);
197 current_user.conn = conn;
198 current_user.vuid = vuid;
200 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
201 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
206 /****************************************************************************
207 Go back to being root without changing the security context stack,
208 but modify the current_user entries.
209 ****************************************************************************/
211 BOOL change_to_root_user(void)
215 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
216 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
218 current_user.conn = NULL;
219 current_user.vuid = UID_FIELD_INVALID;
224 /****************************************************************************
225 Become the user of an authenticated connected named pipe.
226 When this is called we are currently running as the connection
227 user. Doesn't modify current_user.
228 ****************************************************************************/
230 BOOL become_authenticated_pipe_user(pipes_struct *p)
235 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
236 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
241 /****************************************************************************
242 Unbecome the user of an authenticated connected named pipe.
243 When this is called we are running as the authenticated pipe
244 user and need to go back to being the connection user. Doesn't modify
246 ****************************************************************************/
248 BOOL unbecome_authenticated_pipe_user(void)
250 return pop_sec_ctx();
253 /****************************************************************************
254 Utility functions used by become_xxx/unbecome_xxx.
255 ****************************************************************************/
258 connection_struct *conn;
262 /* A stack of current_user connection contexts. */
264 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
265 static int conn_ctx_stack_ndx;
267 static void push_conn_ctx(void)
269 struct conn_ctx *ctx_p;
271 /* Check we don't overflow our stack */
273 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
274 DEBUG(0, ("Connection context stack overflow!\n"));
275 smb_panic("Connection context stack overflow!\n");
278 /* Store previous user context */
279 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
281 ctx_p->conn = current_user.conn;
282 ctx_p->vuid = current_user.vuid;
284 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
285 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
287 conn_ctx_stack_ndx++;
290 static void pop_conn_ctx(void)
292 struct conn_ctx *ctx_p;
294 /* Check for stack underflow. */
296 if (conn_ctx_stack_ndx == 0) {
297 DEBUG(0, ("Connection context stack underflow!\n"));
298 smb_panic("Connection context stack underflow!\n");
301 conn_ctx_stack_ndx--;
302 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
304 current_user.conn = ctx_p->conn;
305 current_user.vuid = ctx_p->vuid;
308 ctx_p->vuid = UID_FIELD_INVALID;
311 void init_conn_ctx(void)
315 /* Initialise connection context stack */
316 for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
317 conn_ctx_stack[i].conn = NULL;
318 conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
322 /****************************************************************************
323 Temporarily become a root user. Must match with unbecome_root(). Saves and
324 restores the connection context.
325 ****************************************************************************/
327 void become_root(void)
334 /* Unbecome the root user */
336 void unbecome_root(void)
342 /****************************************************************************
343 Push the current security context then force a change via change_to_user().
344 Saves and restores the connection context.
345 ****************************************************************************/
347 BOOL become_user(connection_struct *conn, uint16 vuid)
354 if (!change_to_user(conn, vuid)) {
370 /*****************************************************************
371 *THE CANONICAL* convert name to SID function.
372 Tries winbind first - then uses local lookup.
373 *****************************************************************/
375 BOOL lookup_name(const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
377 extern pstring global_myname;
378 extern fstring global_myworkgroup;
380 char *sep = lp_winbind_separator();
382 *name_type = SID_NAME_UNKNOWN;
384 if (!winbind_lookup_name(name, psid, name_type) || (*name_type != SID_NAME_USER) ) {
387 DEBUG(10, ("lookup_name: winbind lookup for %s failed - trying local\n", name));
389 /* If we are looking up a domain user, make sure it is
390 for the local machine only */
392 if (strchr_m(name, sep[0]) || strchr_m(name, '\\')) {
393 fstring domain, username;
395 split_domain_name(name, domain, username);
397 switch (lp_server_role()) {
398 case ROLE_DOMAIN_PDC:
399 case ROLE_DOMAIN_BDC:
400 if (strequal(domain, global_myworkgroup)) {
401 fstrcpy(domain, global_myname);
402 ret = local_lookup_name(domain, username, psid, name_type);
404 /* No break is deliberate here. JRA. */
406 if (strcasecmp(global_myname, domain) != 0) {
407 DEBUG(5, ("lookup_name: domain %s is not local\n", domain));
408 ret = local_lookup_name(global_myname, username, psid, name_type);
412 ret = local_lookup_name(global_myname, name, psid, name_type);
417 ("lookup_name: (local) %s -> SID %s (type %u)\n",
418 name, sid_to_string(sid,psid),
419 (unsigned int)*name_type ));
421 DEBUG(10,("lookup name: (local) %s failed.\n", name));
427 DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
428 name, sid_to_string(sid, psid),
429 (unsigned int)*name_type));
433 /*****************************************************************
434 *THE CANONICAL* convert SID to name function.
435 Tries winbind first - then uses local lookup.
436 *****************************************************************/
438 BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
443 *name_type = SID_NAME_UNKNOWN;
445 /* Check if this is our own sid. This should perhaps be done by
446 winbind? For the moment handle it here. */
448 if (sid->num_auths == 5) {
452 sid_copy(&tmp_sid, sid);
453 sid_split_rid(&tmp_sid, &rid);
455 if (sid_equal(&global_sam_sid, &tmp_sid)) {
457 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
458 local_lookup_rid(rid, name, name_type);
462 if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
467 DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
469 sid_copy(&tmp_sid, sid);
470 sid_split_rid(&tmp_sid, &rid);
471 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
472 lookup_known_rid(&tmp_sid, rid, name, name_type);
477 /*****************************************************************
478 *THE CANONICAL* convert uid_t to SID function.
479 Tries winbind first - then uses local lookup.
481 *****************************************************************/
483 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
487 if (!winbind_uid_to_sid(psid, uid)) {
488 DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid ));
490 return local_uid_to_sid(psid, uid);
493 DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
494 (unsigned int)uid, sid_to_string(sid, psid) ));
499 /*****************************************************************
500 *THE CANONICAL* convert gid_t to SID function.
501 Tries winbind first - then uses local lookup.
503 *****************************************************************/
505 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
509 if (!winbind_gid_to_sid(psid, gid)) {
510 DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid ));
512 return local_gid_to_sid(psid, gid);
515 DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
516 (unsigned int)gid, sid_to_string(sid,psid) ));
521 /*****************************************************************
522 *THE CANONICAL* convert SID to uid function.
523 Tries winbind first - then uses local lookup.
524 Returns True if this name is a user sid and the conversion
525 was done correctly, False if not. sidtype is set by this function.
526 *****************************************************************/
528 BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
530 fstring dom_name, name, sid_str;
531 enum SID_NAME_USE name_type;
533 *sidtype = SID_NAME_UNKNOWN;
536 * First we must look up the name and decide if this is a user sid.
539 if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
540 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
541 sid_to_string(sid_str, psid) ));
543 return local_sid_to_uid(puid, psid, sidtype);
547 * Ensure this is a user sid.
550 if (name_type != SID_NAME_USER) {
551 DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
552 (unsigned int)name_type ));
556 *sidtype = SID_NAME_USER;
559 * Get the uid for this SID.
562 if (!winbind_sid_to_uid(puid, psid)) {
563 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
564 sid_to_string(sid_str, psid) ));
568 DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
569 sid_to_string(sid_str, psid),
570 (unsigned int)*puid ));
575 /*****************************************************************
576 *THE CANONICAL* convert SID to gid function.
577 Tries winbind first - then uses local lookup.
578 Returns True if this name is a user sid and the conversion
579 was done correctly, False if not.
580 *****************************************************************/
582 BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
584 fstring dom_name, name, sid_str;
585 enum SID_NAME_USE name_type;
587 *sidtype = SID_NAME_UNKNOWN;
590 * First we must look up the name and decide if this is a group sid.
593 if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
594 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
595 sid_to_string(sid_str, psid) ));
597 return local_sid_to_gid(pgid, psid, sidtype);
601 * Ensure this is a group sid.
604 if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
605 DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
606 (unsigned int)name_type ));
608 return local_sid_to_gid(pgid, psid, sidtype);
611 *sidtype = name_type;
614 * Get the gid for this SID.
617 if (!winbind_sid_to_gid(pgid, psid)) {
618 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
619 sid_to_string(sid_str, psid) ));
623 DEBUG(10,("gid_to_uid: winbindd %s -> %u\n",
624 sid_to_string(sid_str, psid),
625 (unsigned int)*pgid ));