s3-build: Provide a run-time shim to work around duplicate symbols
[nivanova/samba-autobuild/.git] / source3 / smbd / uid.c
1 /* 
2    Unix SMB/CIFS implementation.
3    uid/user handling
4    Copyright (C) Andrew Tridgell 1992-1998
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "../librpc/gen_ndr/netlogon.h"
25 #include "libcli/security/security.h"
26 #include "passdb/lookup_sid.h"
27 #include "auth.h"
28
29 /* what user is current? */
30 extern struct current_user current_user;
31
32 /****************************************************************************
33  Become the guest user without changing the security context stack.
34 ****************************************************************************/
35
36 bool change_to_guest(void)
37 {
38         struct passwd *pass;
39
40         pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
41         if (!pass) {
42                 return false;
43         }
44
45 #ifdef AIX
46         /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before 
47            setting IDs */
48         initgroups(pass->pw_name, pass->pw_gid);
49 #endif
50
51         set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
52
53         current_user.conn = NULL;
54         current_user.vuid = UID_FIELD_INVALID;
55
56         TALLOC_FREE(pass);
57
58         return true;
59 }
60
61 /****************************************************************************
62  talloc free the conn->session_info if not used in the vuid cache.
63 ****************************************************************************/
64
65 static void free_conn_session_info_if_unused(connection_struct *conn)
66 {
67         unsigned int i;
68
69         for (i = 0; i < VUID_CACHE_SIZE; i++) {
70                 struct vuid_cache_entry *ent;
71                 ent = &conn->vuid_cache.array[i];
72                 if (ent->vuid != UID_FIELD_INVALID &&
73                                 conn->session_info == ent->session_info) {
74                         return;
75                 }
76         }
77         /* Not used, safe to free. */
78         TALLOC_FREE(conn->session_info);
79 }
80
81 /*******************************************************************
82  Check if a username is OK.
83
84  This sets up conn->session_info with a copy related to this vuser that
85  later code can then mess with.
86 ********************************************************************/
87
88 static bool check_user_ok(connection_struct *conn,
89                         uint16_t vuid,
90                         const struct auth_serversupplied_info *session_info,
91                         int snum)
92 {
93         bool valid_vuid = (vuid != UID_FIELD_INVALID);
94         unsigned int i;
95         bool readonly_share;
96         bool admin_user;
97
98         if (valid_vuid) {
99                 struct vuid_cache_entry *ent;
100
101                 for (i=0; i<VUID_CACHE_SIZE; i++) {
102                         ent = &conn->vuid_cache.array[i];
103                         if (ent->vuid == vuid) {
104                                 free_conn_session_info_if_unused(conn);
105                                 conn->session_info = ent->session_info;
106                                 conn->read_only = ent->read_only;
107                                 return(True);
108                         }
109                 }
110         }
111
112         if (!user_ok_token(session_info->unix_name,
113                            session_info->info3->base.domain.string,
114                            session_info->security_token, snum))
115                 return(False);
116
117         readonly_share = is_share_read_only_for_token(
118                 session_info->unix_name,
119                 session_info->info3->base.domain.string,
120                 session_info->security_token,
121                 conn);
122
123         if (!readonly_share &&
124             !share_access_check(session_info->security_token, lp_servicename(snum),
125                                 FILE_WRITE_DATA)) {
126                 /* smb.conf allows r/w, but the security descriptor denies
127                  * write. Fall back to looking at readonly. */
128                 readonly_share = True;
129                 DEBUG(5,("falling back to read-only access-evaluation due to "
130                          "security descriptor\n"));
131         }
132
133         if (!share_access_check(session_info->security_token, lp_servicename(snum),
134                                 readonly_share ?
135                                 FILE_READ_DATA : FILE_WRITE_DATA)) {
136                 return False;
137         }
138
139         admin_user = token_contains_name_in_list(
140                 session_info->unix_name,
141                 session_info->info3->base.domain.string,
142                 NULL, session_info->security_token, lp_admin_users(snum));
143
144         if (valid_vuid) {
145                 struct vuid_cache_entry *ent =
146                         &conn->vuid_cache.array[conn->vuid_cache.next_entry];
147
148                 conn->vuid_cache.next_entry =
149                         (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
150
151                 TALLOC_FREE(ent->session_info);
152
153                 /*
154                  * If force_user was set, all session_info's are based on the same
155                  * username-based faked one.
156                  */
157
158                 ent->session_info = copy_serverinfo(
159                         conn, conn->force_user ? conn->session_info : session_info);
160
161                 if (ent->session_info == NULL) {
162                         ent->vuid = UID_FIELD_INVALID;
163                         return false;
164                 }
165
166                 ent->vuid = vuid;
167                 ent->read_only = readonly_share;
168                 free_conn_session_info_if_unused(conn);
169                 conn->session_info = ent->session_info;
170         }
171
172         conn->read_only = readonly_share;
173         if (admin_user) {
174                 DEBUG(2,("check_user_ok: user %s is an admin user. "
175                         "Setting uid as %d\n",
176                         conn->session_info->unix_name,
177                         sec_initial_uid() ));
178                 conn->session_info->utok.uid = sec_initial_uid();
179         }
180
181         return(True);
182 }
183
184 /****************************************************************************
185  Become the user of a connection number without changing the security context
186  stack, but modify the current_user entries.
187 ****************************************************************************/
188
189 static bool change_to_user_internal(connection_struct *conn,
190                                     const struct auth_serversupplied_info *session_info,
191                                     uint16_t vuid)
192 {
193         int snum;
194         gid_t gid;
195         uid_t uid;
196         char group_c;
197         int num_groups = 0;
198         gid_t *group_list = NULL;
199         bool ok;
200
201         snum = SNUM(conn);
202
203         ok = check_user_ok(conn, vuid, session_info, snum);
204         if (!ok) {
205                 DEBUG(2,("SMB user %s (unix user %s) "
206                          "not permitted access to share %s.\n",
207                          session_info->sanitized_username,
208                          session_info->unix_name,
209                          lp_servicename(snum)));
210                 return false;
211         }
212
213         uid = conn->session_info->utok.uid;
214         gid = conn->session_info->utok.gid;
215         num_groups = conn->session_info->utok.ngroups;
216         group_list  = conn->session_info->utok.groups;
217
218         /*
219          * See if we should force group for this service. If so this overrides
220          * any group set in the force user code.
221          */
222         if((group_c = *lp_force_group(snum))) {
223
224                 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
225
226                 if (group_c == '+') {
227                         int i;
228
229                         /*
230                          * Only force group if the user is a member of the
231                          * service group. Check the group memberships for this
232                          * user (we already have this) to see if we should force
233                          * the group.
234                          */
235                         for (i = 0; i < num_groups; i++) {
236                                 if (group_list[i] == conn->force_group_gid) {
237                                         conn->session_info->utok.gid =
238                                                 conn->force_group_gid;
239                                         gid = conn->force_group_gid;
240                                         gid_to_sid(&conn->session_info->security_token
241                                                    ->sids[1], gid);
242                                         break;
243                                 }
244                         }
245                 } else {
246                         conn->session_info->utok.gid = conn->force_group_gid;
247                         gid = conn->force_group_gid;
248                         gid_to_sid(&conn->session_info->security_token->sids[1],
249                                    gid);
250                 }
251         }
252
253         /*Set current_user since we will immediately also call set_sec_ctx() */
254         current_user.ut.ngroups = num_groups;
255         current_user.ut.groups  = group_list;
256
257         set_sec_ctx(uid,
258                     gid,
259                     current_user.ut.ngroups,
260                     current_user.ut.groups,
261                     conn->session_info->security_token);
262
263         current_user.conn = conn;
264         current_user.vuid = vuid;
265
266         DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
267                  (int)getuid(),
268                  (int)geteuid(),
269                  (int)getgid(),
270                  (int)getegid()));
271
272         return true;
273 }
274
275 bool change_to_user(connection_struct *conn, uint16_t vuid)
276 {
277         const struct auth_serversupplied_info *session_info = NULL;
278         user_struct *vuser;
279         int snum = SNUM(conn);
280
281         if (!conn) {
282                 DEBUG(2,("Connection not open\n"));
283                 return(False);
284         }
285
286         vuser = get_valid_user_struct(conn->sconn, vuid);
287
288         /*
289          * We need a separate check in security=share mode due to vuid
290          * always being UID_FIELD_INVALID. If we don't do this then
291          * in share mode security we are *always* changing uid's between
292          * SMB's - this hurts performance - Badly.
293          */
294
295         if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
296            (current_user.ut.uid == conn->session_info->utok.uid)) {
297                 DEBUG(4,("Skipping user change - already "
298                          "user\n"));
299                 return(True);
300         } else if ((current_user.conn == conn) &&
301                    (vuser != NULL) && (current_user.vuid == vuid) &&
302                    (current_user.ut.uid == vuser->session_info->utok.uid)) {
303                 DEBUG(4,("Skipping user change - already "
304                          "user\n"));
305                 return(True);
306         }
307
308         session_info = vuser ? vuser->session_info : conn->session_info;
309
310         if (session_info == NULL) {
311                 /* Invalid vuid sent - even with security = share. */
312                 DEBUG(2,("Invalid vuid %d used on "
313                          "share %s.\n", vuid, lp_servicename(snum) ));
314                 return false;
315         }
316
317         /* security = share sets force_user. */
318         if (!conn->force_user && vuser == NULL) {
319                 DEBUG(2,("Invalid vuid used %d in accessing "
320                         "share %s.\n", vuid, lp_servicename(snum) ));
321                 return False;
322         }
323
324         return change_to_user_internal(conn, session_info, vuid);
325 }
326
327 bool change_to_user_by_session(connection_struct *conn,
328                                const struct auth_serversupplied_info *session_info)
329 {
330         SMB_ASSERT(conn != NULL);
331         SMB_ASSERT(session_info != NULL);
332
333         if ((current_user.conn == conn) &&
334             (current_user.ut.uid == session_info->utok.uid)) {
335                 DEBUG(7, ("Skipping user change - already user\n"));
336
337                 return true;
338         }
339
340         return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
341 }
342
343 /****************************************************************************
344  Go back to being root without changing the security context stack,
345  but modify the current_user entries.
346 ****************************************************************************/
347
348 bool smbd_change_to_root_user(void)
349 {
350         set_root_sec_ctx();
351
352         DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
353                 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
354
355         current_user.conn = NULL;
356         current_user.vuid = UID_FIELD_INVALID;
357
358         return(True);
359 }
360
361 /****************************************************************************
362  Become the user of an authenticated connected named pipe.
363  When this is called we are currently running as the connection
364  user. Doesn't modify current_user.
365 ****************************************************************************/
366
367 bool become_authenticated_pipe_user(struct auth_serversupplied_info *session_info)
368 {
369         if (!push_sec_ctx())
370                 return False;
371
372         set_sec_ctx(session_info->utok.uid, session_info->utok.gid,
373                     session_info->utok.ngroups, session_info->utok.groups,
374                     session_info->security_token);
375
376         return True;
377 }
378
379 /****************************************************************************
380  Unbecome the user of an authenticated connected named pipe.
381  When this is called we are running as the authenticated pipe
382  user and need to go back to being the connection user. Doesn't modify
383  current_user.
384 ****************************************************************************/
385
386 bool unbecome_authenticated_pipe_user(void)
387 {
388         return pop_sec_ctx();
389 }
390
391 /****************************************************************************
392  Utility functions used by become_xxx/unbecome_xxx.
393 ****************************************************************************/
394
395 static void push_conn_ctx(void)
396 {
397         struct conn_ctx *ctx_p;
398
399         /* Check we don't overflow our stack */
400
401         if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
402                 DEBUG(0, ("Connection context stack overflow!\n"));
403                 smb_panic("Connection context stack overflow!\n");
404         }
405
406         /* Store previous user context */
407         ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
408
409         ctx_p->conn = current_user.conn;
410         ctx_p->vuid = current_user.vuid;
411
412         DEBUG(4, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
413                 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
414
415         conn_ctx_stack_ndx++;
416 }
417
418 static void pop_conn_ctx(void)
419 {
420         struct conn_ctx *ctx_p;
421
422         /* Check for stack underflow. */
423
424         if (conn_ctx_stack_ndx == 0) {
425                 DEBUG(0, ("Connection context stack underflow!\n"));
426                 smb_panic("Connection context stack underflow!\n");
427         }
428
429         conn_ctx_stack_ndx--;
430         ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
431
432         current_user.conn = ctx_p->conn;
433         current_user.vuid = ctx_p->vuid;
434
435         ctx_p->conn = NULL;
436         ctx_p->vuid = UID_FIELD_INVALID;
437 }
438
439 /****************************************************************************
440  Temporarily become a root user.  Must match with unbecome_root(). Saves and
441  restores the connection context.
442 ****************************************************************************/
443
444 void smbd_become_root(void)
445 {
446          /*
447           * no good way to handle push_sec_ctx() failing without changing
448           * the prototype of become_root()
449           */
450         if (!push_sec_ctx()) {
451                 smb_panic("become_root: push_sec_ctx failed");
452         }
453         push_conn_ctx();
454         set_root_sec_ctx();
455 }
456
457 /* Unbecome the root user */
458
459 void smbd_unbecome_root(void)
460 {
461         pop_sec_ctx();
462         pop_conn_ctx();
463 }
464
465 /****************************************************************************
466  Push the current security context then force a change via change_to_user().
467  Saves and restores the connection context.
468 ****************************************************************************/
469
470 bool become_user(connection_struct *conn, uint16 vuid)
471 {
472         if (!push_sec_ctx())
473                 return False;
474
475         push_conn_ctx();
476
477         if (!change_to_user(conn, vuid)) {
478                 pop_sec_ctx();
479                 pop_conn_ctx();
480                 return False;
481         }
482
483         return True;
484 }
485
486 bool become_user_by_session(connection_struct *conn,
487                             const struct auth_serversupplied_info *session_info)
488 {
489         if (!push_sec_ctx())
490                 return false;
491
492         push_conn_ctx();
493
494         if (!change_to_user_by_session(conn, session_info)) {
495                 pop_sec_ctx();
496                 pop_conn_ctx();
497                 return false;
498         }
499
500         return true;
501 }
502
503 bool unbecome_user(void)
504 {
505         pop_sec_ctx();
506         pop_conn_ctx();
507         return True;
508 }
509
510 /****************************************************************************
511  Return the current user we are running effectively as on this connection.
512  I'd like to make this return conn->session_info->utok.uid, but become_root()
513  doesn't alter this value.
514 ****************************************************************************/
515
516 uid_t get_current_uid(connection_struct *conn)
517 {
518         return current_user.ut.uid;
519 }
520
521 /****************************************************************************
522  Return the current group we are running effectively as on this connection.
523  I'd like to make this return conn->session_info->utok.gid, but become_root()
524  doesn't alter this value.
525 ****************************************************************************/
526
527 gid_t get_current_gid(connection_struct *conn)
528 {
529         return current_user.ut.gid;
530 }
531
532 /****************************************************************************
533  Return the UNIX token we are running effectively as on this connection.
534  I'd like to make this return &conn->session_info->utok, but become_root()
535  doesn't alter this value.
536 ****************************************************************************/
537
538 const struct security_unix_token *get_current_utok(connection_struct *conn)
539 {
540         return &current_user.ut;
541 }
542
543 const struct security_token *get_current_nttok(connection_struct *conn)
544 {
545         return current_user.nt_user_token;
546 }
547
548 uint16_t get_current_vuid(connection_struct *conn)
549 {
550         return current_user.vuid;
551 }