+#define OLD_NTDOMAIN 1
+
/*
Unix SMB/Netbios implementation.
Version 1.9.
extern int DEBUGLEVEL;
-static uid_t initial_uid;
-static gid_t initial_gid;
-
/* what user is current? */
extern struct current_user current_user;
-pstring OriginalDir;
-
-/****************************************************************************
-initialise the uid routines
-****************************************************************************/
-void init_uid(void)
-{
- initial_uid = current_user.uid = geteuid();
- initial_gid = current_user.gid = getegid();
-
- if (initial_gid != 0 && initial_uid == 0) {
-#ifdef HAVE_SETRESUID
- setresgid(0,0,0);
-#else
- setgid(0);
- setegid(0);
-#endif
- }
-
- initial_uid = geteuid();
- initial_gid = getegid();
-
- current_user.conn = NULL;
- current_user.vuid = UID_FIELD_INVALID;
-
- ChDir(OriginalDir);
-}
-
-
/****************************************************************************
- become the specified uid
+ Become the guest user.
****************************************************************************/
-static BOOL become_uid(uid_t uid)
-{
- if (initial_uid != 0) {
- return(True);
- }
-
- if (uid == (uid_t)-1 || ((sizeof(uid_t) == 2) && (uid == (uid_t)65535))) {
- static int done;
- if (!done) {
- DEBUG(1,("WARNING: using uid %d is a security risk\n",(int)uid));
- done=1;
- }
- }
-#ifdef HAVE_TRAPDOOR_UID
-#ifdef HAVE_SETUIDX
- /* AIX3 has setuidx which is NOT a trapoor function (tridge) */
- if (setuidx(ID_EFFECTIVE, uid) != 0) {
- if (seteuid(uid) != 0) {
- DEBUG(1,("Can't set uid %d (setuidx)\n", (int)uid));
- return False;
- }
- }
-#endif
-#endif
-
-#ifdef HAVE_SETRESUID
- if (setresuid(-1,uid,-1) != 0)
-#else
- if ((seteuid(uid) != 0) &&
- (setuid(uid) != 0))
-#endif
- {
- DEBUG(0,("Couldn't set uid %d currently set to (%d,%d)\n",
- (int)uid,(int)getuid(), (int)geteuid()));
- if (uid > (uid_t)32000) {
- DEBUG(0,("Looks like your OS doesn't like high uid values - try using a different account\n"));
- }
- return(False);
- }
-
- if (((uid == (uid_t)-1) || ((sizeof(uid_t) == 2) && (uid == 65535))) && (geteuid() != uid)) {
- DEBUG(0,("Invalid uid -1. perhaps you have a account with uid 65535?\n"));
- return(False);
- }
-
- current_user.uid = uid;
-
- return(True);
-}
-
-
-/****************************************************************************
- become the specified gid
-****************************************************************************/
-static BOOL become_gid(gid_t gid)
-{
- if (initial_uid != 0)
- return(True);
-
- if (gid == (gid_t)-1 || ((sizeof(gid_t) == 2) && (gid == (gid_t)65535))) {
- DEBUG(1,("WARNING: using gid %d is a security risk\n",(int)gid));
- }
-
-#ifdef HAVE_SETRESUID
- if (setresgid(-1,gid,-1) != 0)
-#else
- if (setgid(gid) != 0)
-#endif
- {
- DEBUG(0,("Couldn't set gid %d currently set to (%d,%d)\n",
- (int)gid,(int)getgid(),(int)getegid()));
- if (gid > 32000) {
- DEBUG(0,("Looks like your OS doesn't like high gid values - try using a different account\n"));
- }
- return(False);
- }
-
- current_user.gid = gid;
-
- return(True);
-}
-
-
-/****************************************************************************
- become the specified uid and gid
-****************************************************************************/
-static BOOL become_id(uid_t uid,gid_t gid)
-{
- return(become_gid(gid) && become_uid(uid));
-}
-
-/****************************************************************************
-become the guest user
-****************************************************************************/
BOOL become_guest(void)
{
- BOOL ret;
- static struct passwd *pass=NULL;
-
- if (initial_uid != 0)
- return(True);
-
- if (!pass)
- pass = Get_Pwnam(lp_guestaccount(-1),True);
- if (!pass) return(False);
-
+ static struct passwd *pass=NULL;
+
+ if (!pass)
+ pass = Get_Pwnam(lp_guestaccount(-1),True);
+ if (!pass)
+ return(False);
+
#ifdef AIX
- /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before setting IDs */
- initgroups(pass->pw_name, (gid_t)pass->pw_gid);
+ /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
+ setting IDs */
+ initgroups(pass->pw_name, (gid_t)pass->pw_gid);
#endif
-
- ret = become_id(pass->pw_uid,pass->pw_gid);
-
- if (!ret) {
- DEBUG(1,("Failed to become guest. Invalid guest account?\n"));
- }
-
- current_user.conn = NULL;
- current_user.vuid = UID_FIELD_INVALID;
-
- return(ret);
+
+ set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
+
+ current_user.conn = NULL;
+ current_user.vuid = UID_FIELD_INVALID;
+
+ return True;
}
/*******************************************************************
-check if a username is OK
+ Check if a username is OK.
********************************************************************/
+
static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
{
- int i;
- for (i=0;i<conn->uid_cache.entries;i++)
- if (conn->uid_cache.list[i] == vuser->uid) return(True);
+ int i;
+ for (i=0;i<conn->uid_cache.entries;i++)
+ if (conn->uid_cache.list[i] == vuser->uid)
+ return(True);
- if (!user_ok(vuser->name,snum)) return(False);
+ if (!user_ok(vuser->user.unix_name,snum))
+ return(False);
- i = conn->uid_cache.entries % UID_CACHE_SIZE;
- conn->uid_cache.list[i] = vuser->uid;
+ i = conn->uid_cache.entries % UID_CACHE_SIZE;
+ conn->uid_cache.list[i] = vuser->uid;
- if (conn->uid_cache.entries < UID_CACHE_SIZE)
- conn->uid_cache.entries++;
+ if (conn->uid_cache.entries < UID_CACHE_SIZE)
+ conn->uid_cache.entries++;
- return(True);
+ return(True);
}
-
/****************************************************************************
- become the user of a connection number
+ Become the user of a connection number.
****************************************************************************/
+
BOOL become_user(connection_struct *conn, uint16 vuid)
{
user_struct *vuser = get_valid_user_struct(vuid);
int snum;
- gid_t gid;
+ gid_t gid;
uid_t uid;
+ char group_c;
+ BOOL must_free_token = False;
+ NT_USER_TOKEN *token = NULL;
+
+ if (!conn) {
+ DEBUG(2,("Connection not open\n"));
+ return(False);
+ }
/*
* We need a separate check in security=share mode due to vuid
return(True);
}
- unbecome_user();
-
- if (!conn) {
- DEBUG(2,("Connection not open\n"));
- return(False);
- }
-
snum = SNUM(conn);
if((vuser != NULL) && !check_user_ok(conn, vuser, snum))
return False;
if (conn->force_user ||
+ conn->admin_user ||
lp_security() == SEC_SHARE ||
!(vuser) || (vuser->guest)) {
uid = conn->uid;
gid = conn->gid;
current_user.groups = conn->groups;
current_user.ngroups = conn->ngroups;
+ token = conn->nt_user_token;
} else {
if (!vuser) {
DEBUG(2,("Invalid vuid used %d\n",vuid));
return(False);
}
uid = vuser->uid;
- if(!*lp_force_group(snum)) {
- gid = vuser->gid;
- } else {
- gid = conn->gid;
- }
+ gid = vuser->gid;
current_user.ngroups = vuser->n_groups;
current_user.groups = vuser->groups;
+ token = vuser->nt_user_token;
}
-
- if (initial_uid == 0) {
- if (!become_gid(gid)) return(False);
-
-#ifdef HAVE_SETGROUPS
- if (!(conn && conn->ipc)) {
- /* groups stuff added by ih/wreu */
- if (current_user.ngroups > 0)
- if (setgroups(current_user.ngroups,
- current_user.groups)<0) {
- DEBUG(0,("setgroups call failed!\n"));
+
+ /*
+ * See if we should force group for this service.
+ * If so this overrides any group set in the force
+ * user code.
+ */
+
+ if((group_c = *lp_force_group(snum))) {
+ BOOL is_guest = False;
+
+ if(group_c == '+') {
+
+ /*
+ * Only force group if the user is a member of
+ * the service group. Check the group memberships for
+ * this user (we already have this) to
+ * see if we should force the group.
+ */
+
+ int i;
+ for (i = 0; i < current_user.ngroups; i++) {
+ if (current_user.groups[i] == conn->gid) {
+ gid = conn->gid;
+ break;
}
+ }
+ } else {
+ gid = conn->gid;
}
-#endif
- if (!conn->admin_user && !become_uid(uid))
- return(False);
+ /*
+ * We've changed the group list in the token - we must
+ * re-create it.
+ */
+
+ if (vuser && vuser->guest)
+ is_guest = True;
+
+ token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
+ must_free_token = True;
}
+ set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
+
+ /*
+ * Free the new token (as set_sec_ctx copies it).
+ */
+
+ if (must_free_token)
+ delete_nt_token(&token);
+
current_user.conn = conn;
current_user.vuid = vuid;
}
/****************************************************************************
- unbecome the user of a connection number
+ Unbecome the user of a connection number.
****************************************************************************/
+
BOOL unbecome_user(void )
{
- if (!current_user.conn)
- return(False);
-
- ChDir(OriginalDir);
-
- if (initial_uid == 0)
- {
-#ifdef HAVE_SETRESUID
- setresuid(-1,getuid(),-1);
- setresgid(-1,getgid(),-1);
-#else
- if (seteuid(initial_uid) != 0)
- setuid(initial_uid);
- setgid(initial_gid);
-#endif
- }
-
-#ifdef NO_EID
- if (initial_uid == 0)
- DEBUG(2,("Running with no EID\n"));
- initial_uid = getuid();
- initial_gid = getgid();
-#else
- if (geteuid() != initial_uid) {
- DEBUG(0,("Warning: You appear to have a trapdoor uid system\n"));
- initial_uid = geteuid();
- }
- if (getegid() != initial_gid) {
- DEBUG(0,("Warning: You appear to have a trapdoor gid system\n"));
- initial_gid = getegid();
- }
-#endif
-
- current_user.uid = initial_uid;
- current_user.gid = initial_gid;
-
- if (ChDir(OriginalDir) != 0)
- DEBUG( 0, ( "chdir(%s) failed in unbecome_user\n", OriginalDir ) );
+ set_root_sec_ctx();
- DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
- (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
+ DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n",
+ (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
- current_user.conn = NULL;
- current_user.vuid = UID_FIELD_INVALID;
+ current_user.conn = NULL;
+ current_user.vuid = UID_FIELD_INVALID;
- return(True);
+ return(True);
}
-static struct current_user current_user_saved;
-static int become_root_depth;
-static pstring become_root_dir;
-
/****************************************************************************
-This is used when we need to do a privilaged operation (such as mucking
-with share mode files) and temporarily need root access to do it. This
-call should always be paired with an unbecome_root() call immediately
-after the operation
-
-Set save_dir if you also need to save/restore the CWD
+ Become the user of an authenticated connected named pipe.
+ When this is called we are currently running as the connection
+ user.
****************************************************************************/
-void become_root(BOOL save_dir)
+
+BOOL become_authenticated_pipe_user(pipes_struct *p)
{
- if (become_root_depth) {
- DEBUG(0,("ERROR: become root depth is non zero\n"));
+ BOOL res = push_sec_ctx();
+
+ if (!res) {
+ return False;
}
- if (save_dir)
- GetWd(become_root_dir);
- current_user_saved = current_user;
- become_root_depth = 1;
+ set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
+ p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
- become_uid(0);
- become_gid(0);
+ return True;
}
/****************************************************************************
-When the privilaged operation is over call this
-
-Set save_dir if you also need to save/restore the CWD
+ Unbecome the user of an authenticated connected named pipe.
+ When this is called we are running as the authenticated pipe
+ user and need to go back to being the connection user.
****************************************************************************/
-void unbecome_root(BOOL restore_dir)
+
+BOOL unbecome_authenticated_pipe_user(pipes_struct *p)
{
- if (become_root_depth != 1) {
- DEBUG(0,("ERROR: unbecome root depth is %d\n",
- become_root_depth));
+ return pop_sec_ctx();
+}
+
+/* Temporarily become a root user. Must match with unbecome_root(). */
+
+void become_root(void)
+{
+ push_sec_ctx();
+ set_root_sec_ctx();
+}
+
+/* Unbecome the root user */
+
+void unbecome_root(void)
+{
+ pop_sec_ctx();
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert name to SID function.
+ Tries winbind first - then uses local lookup.
+*****************************************************************/
+
+BOOL lookup_name(char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
+{
+ extern pstring global_myname;
+ extern fstring global_myworkgroup;
+ fstring sid;
+ char *sep = lp_winbind_separator();
+
+ if (!winbind_lookup_name(name, psid, name_type)) {
+ BOOL ret;
+
+ DEBUG(10, ("lookup_name: winbind lookup for %s failed - trying local\n", name));
+
+ /* If we are looking up a domain user, make sure it is
+ for the local machine only */
+
+ if (strchr(name, sep[0]) || strchr(name, '\\')) {
+ fstring domain, username;
+
+ split_domain_name(name, domain, username);
+
+ switch (lp_server_role()) {
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ if (strequal(domain, global_myworkgroup))
+ fstrcpy(domain, global_myname);
+ /* No break is deliberate here. JRA. */
+ default:
+ if (strcasecmp(global_myname, domain) != 0) {
+ DEBUG(5, ("domain %s is not local\n", domain));
+ return False;
+ }
+ }
+
+ ret = local_lookup_name(domain, username, psid,
+ name_type);
+ } else {
+
+ ret = local_lookup_name(global_myname, name, psid,
+ name_type);
+ }
+
+ if (ret) {
+ DEBUG(10,
+ ("lookup_name: (local) %s -> SID %s (type %u)\n",
+ name, sid_to_string(sid,psid),
+ (unsigned int)*name_type ));
+ } else {
+ DEBUG(10,("lookup name: (local) %s failed.\n", name));
+ }
+
+ return ret;
}
- /* we might have done a become_user() while running as root,
- if we have then become root again in order to become
- non root! */
- if (current_user.uid != 0) {
- become_uid(0);
+ DEBUG(10,("lookup_name (winbindd): %s -> SID %s (type %u)\n",
+ name, sid_to_string(sid, psid),
+ (unsigned int)*name_type));
+ return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to name function.
+ Tries winbind first - then uses local lookup.
+*****************************************************************/
+
+BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
+{
+ if (!name_type)
+ return False;
+
+ /* Check if this is our own sid. This should perhaps be done by
+ winbind? For the moment handle it here. */
+
+ if (sid->num_auths == 5) {
+ DOM_SID tmp_sid;
+ uint32 rid;
+
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+
+ if (sid_equal(&global_sam_sid, &tmp_sid)) {
+
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ local_lookup_rid(rid, name, name_type);
+ }
}
- /* restore our gid first */
- if (!become_gid(current_user_saved.gid)) {
- DEBUG(0,("ERROR: Failed to restore gid\n"));
- exit_server("Failed to restore gid");
+ if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
+ fstring sid_str;
+ DOM_SID tmp_sid;
+ uint32 rid;
+
+ DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
+
+ sid_copy(&tmp_sid, sid);
+ sid_split_rid(&tmp_sid, &rid);
+ return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+ lookup_known_rid(&tmp_sid, rid, name, name_type);
}
+ return True;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert uid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/
-#ifdef HAVE_SETGROUPS
- if (current_user_saved.ngroups > 0) {
- if (setgroups(current_user_saved.ngroups,
- current_user_saved.groups)<0)
- DEBUG(0,("ERROR: setgroups call failed!\n"));
+DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
+{
+ fstring sid;
+
+ if (!winbind_uid_to_sid(psid, uid)) {
+ DEBUG(10,("uid_to_sid: winbind lookup for uid %u failed - trying local.\n", (unsigned int)uid ));
+
+ return local_uid_to_sid(psid, uid);
}
-#endif
- /* now restore our uid */
- if (!become_uid(current_user_saved.uid)) {
- DEBUG(0,("ERROR: Failed to restore uid\n"));
- exit_server("Failed to restore uid");
+ DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
+ (unsigned int)uid, sid_to_string(sid, psid) ));
+
+ return psid;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert gid_t to SID function.
+ Tries winbind first - then uses local lookup.
+ Returns SID pointer.
+*****************************************************************/
+
+DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
+{
+ fstring sid;
+
+ if (!winbind_gid_to_sid(psid, gid)) {
+ DEBUG(10,("gid_to_sid: winbind lookup for gid %u failed - trying local.\n", (unsigned int)gid ));
+
+ return local_gid_to_sid(psid, gid);
}
- if (restore_dir)
- ChDir(become_root_dir);
+ DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
+ (unsigned int)gid, sid_to_string(sid,psid) ));
+
+ return psid;
+}
+
+/*****************************************************************
+ *THE CANONICAL* convert SID to uid function.
+ Tries winbind first - then uses local lookup.
+ Returns True if this name is a user sid and the conversion
+ was done correctly, False if not.
+*****************************************************************/
+
+BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
+{
+ fstring dom_name, name, sid_str;
+ enum SID_NAME_USE name_type;
+
+ *sidtype = SID_NAME_UNKNOWN;
+
+ /*
+ * First we must look up the name and decide if this is a user sid.
+ */
+
+ if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
+ DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
+ sid_to_string(sid_str, psid) ));
+
+ return local_sid_to_uid(puid, psid, sidtype);
+ }
+
+ /*
+ * Ensure this is a user sid.
+ */
+
+ if (name_type != SID_NAME_USER) {
+ DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
+ (unsigned int)name_type ));
+ return False;
+ }
+
+ *sidtype = SID_NAME_USER;
+
+ /*
+ * Get the uid for this SID.
+ */
+
+ if (!winbind_sid_to_uid(puid, psid)) {
+ DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
+ sid_to_string(sid_str, psid) ));
+ return False;
+ }
- current_user = current_user_saved;
+ DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
+ sid_to_string(sid_str, psid),
+ (unsigned int)*puid ));
- become_root_depth = 0;
+ return True;
}
+/*****************************************************************
+ *THE CANONICAL* convert SID to gid function.
+ Tries winbind first - then uses local lookup.
+ Returns True if this name is a user sid and the conversion
+ was done correctly, False if not.
+*****************************************************************/
+
+BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
+{
+ fstring dom_name, name, sid_str;
+ enum SID_NAME_USE name_type;
+
+ *sidtype = SID_NAME_UNKNOWN;
+
+ /*
+ * First we must look up the name and decide if this is a group sid.
+ */
+
+ if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
+ DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed - trying local.\n",
+ sid_to_string(sid_str, psid) ));
+
+ return local_sid_to_gid(pgid, psid, sidtype);
+ }
+
+ /*
+ * Ensure this is a group sid.
+ */
+
+ if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
+ DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
+ (unsigned int)name_type ));
+
+ return local_sid_to_gid(pgid, psid, sidtype);
+ }
+
+ *sidtype = name_type;
+
+ /*
+ * Get the gid for this SID.
+ */
+
+ if (!winbind_sid_to_gid(pgid, psid)) {
+ DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
+ sid_to_string(sid_str, psid) ));
+ return False;
+ }
+
+ DEBUG(10,("gid_to_uid: winbindd %s -> %u\n",
+ sid_to_string(sid_str, psid),
+ (unsigned int)*pgid ));
+
+ return True;
+}
+#undef OLD_NTDOMAIN