2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "smbd/globals.h"
23 /* what user is current? */
24 extern struct current_user current_user;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 bool change_to_guest(void)
34 pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
40 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42 initgroups(pass->pw_name, pass->pw_gid);
45 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
47 current_user.conn = NULL;
48 current_user.vuid = UID_FIELD_INVALID;
55 /*******************************************************************
56 Check if a username is OK.
58 This sets up conn->server_info with a copy related to this vuser that
59 later code can then mess with.
60 ********************************************************************/
62 static bool check_user_ok(connection_struct *conn,
64 const struct auth_serversupplied_info *server_info,
67 bool valid_vuid = (vuid != UID_FIELD_INVALID);
73 struct vuid_cache_entry *ent;
75 for (i=0; i<VUID_CACHE_SIZE; i++) {
76 ent = &conn->vuid_cache.array[i];
77 if (ent->vuid == vuid) {
78 conn->server_info = ent->server_info;
79 conn->read_only = ent->read_only;
80 conn->admin_user = ent->admin_user;
86 if (!user_ok_token(server_info->unix_name,
87 pdb_get_domain(server_info->sam_account),
88 server_info->ptok, snum))
91 readonly_share = is_share_read_only_for_token(
92 server_info->unix_name,
93 pdb_get_domain(server_info->sam_account),
97 if (!readonly_share &&
98 !share_access_check(server_info->ptok, lp_servicename(snum),
100 /* smb.conf allows r/w, but the security descriptor denies
101 * write. Fall back to looking at readonly. */
102 readonly_share = True;
103 DEBUG(5,("falling back to read-only access-evaluation due to "
104 "security descriptor\n"));
107 if (!share_access_check(server_info->ptok, lp_servicename(snum),
109 FILE_READ_DATA : FILE_WRITE_DATA)) {
113 admin_user = token_contains_name_in_list(
114 server_info->unix_name,
115 pdb_get_domain(server_info->sam_account),
116 NULL, server_info->ptok, lp_admin_users(snum));
119 struct vuid_cache_entry *ent =
120 &conn->vuid_cache.array[conn->vuid_cache.next_entry];
122 conn->vuid_cache.next_entry =
123 (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
125 TALLOC_FREE(ent->server_info);
128 * If force_user was set, all server_info's are based on the same
129 * username-based faked one.
132 ent->server_info = copy_serverinfo(
133 conn, conn->force_user ? conn->server_info : server_info);
135 if (ent->server_info == NULL) {
136 ent->vuid = UID_FIELD_INVALID;
141 ent->read_only = readonly_share;
142 ent->admin_user = admin_user;
143 conn->server_info = ent->server_info;
146 conn->read_only = readonly_share;
147 conn->admin_user = admin_user;
152 /****************************************************************************
153 Clear a vuid out of the connection's vuid cache
154 ****************************************************************************/
156 void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
160 for (i=0; i<VUID_CACHE_SIZE; i++) {
161 struct vuid_cache_entry *ent;
163 ent = &conn->vuid_cache.array[i];
165 if (ent->vuid == vuid) {
166 ent->vuid = UID_FIELD_INVALID;
167 TALLOC_FREE(ent->server_info);
168 ent->read_only = False;
169 ent->admin_user = False;
174 /****************************************************************************
175 Become the user of a connection number without changing the security context
176 stack, but modify the current_user entries.
177 ****************************************************************************/
179 bool change_to_user(connection_struct *conn, uint16 vuid)
181 const struct auth_serversupplied_info *server_info = NULL;
182 user_struct *vuser = get_valid_user_struct(vuid);
188 gid_t *group_list = NULL;
191 DEBUG(2,("change_to_user: Connection not open\n"));
196 * We need a separate check in security=share mode due to vuid
197 * always being UID_FIELD_INVALID. If we don't do this then
198 * in share mode security we are *always* changing uid's between
199 * SMB's - this hurts performance - Badly.
202 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
203 (current_user.ut.uid == conn->server_info->utok.uid)) {
204 DEBUG(4,("change_to_user: Skipping user change - already "
207 } else if ((current_user.conn == conn) &&
208 (vuser != NULL) && (current_user.vuid == vuid) &&
209 (current_user.ut.uid == vuser->server_info->utok.uid)) {
210 DEBUG(4,("change_to_user: Skipping user change - already "
217 server_info = vuser ? vuser->server_info : conn->server_info;
219 if (!check_user_ok(conn, vuid, server_info, snum)) {
220 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
221 "not permitted access to share %s.\n",
222 server_info->sanitized_username,
223 server_info->unix_name, vuid,
224 lp_servicename(snum)));
229 * conn->server_info is now correctly set up with a copy we can mess
230 * with for force_group etc.
233 if (conn->force_user) /* security = share sets this too */ {
234 uid = conn->server_info->utok.uid;
235 gid = conn->server_info->utok.gid;
236 group_list = conn->server_info->utok.groups;
237 num_groups = conn->server_info->utok.ngroups;
239 uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
240 gid = conn->server_info->utok.gid;
241 num_groups = conn->server_info->utok.ngroups;
242 group_list = conn->server_info->utok.groups;
244 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
245 "share %s.\n",vuid, lp_servicename(snum) ));
250 * See if we should force group for this service.
251 * If so this overrides any group set in the force
255 if((group_c = *lp_force_group(snum))) {
260 * Only force group if the user is a member of
261 * the service group. Check the group memberships for
262 * this user (we already have this) to
263 * see if we should force the group.
267 for (i = 0; i < num_groups; i++) {
269 == conn->server_info->utok.gid) {
270 gid = conn->server_info->utok.gid;
271 gid_to_sid(&conn->server_info->ptok
272 ->user_sids[1], gid);
277 gid = conn->server_info->utok.gid;
278 gid_to_sid(&conn->server_info->ptok->user_sids[1],
283 /* Now set current_user since we will immediately also call
286 current_user.ut.ngroups = num_groups;
287 current_user.ut.groups = group_list;
289 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
290 conn->server_info->ptok);
292 current_user.conn = conn;
293 current_user.vuid = vuid;
295 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
296 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
301 /****************************************************************************
302 Go back to being root without changing the security context stack,
303 but modify the current_user entries.
304 ****************************************************************************/
306 bool change_to_root_user(void)
310 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
311 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
313 current_user.conn = NULL;
314 current_user.vuid = UID_FIELD_INVALID;
319 /****************************************************************************
320 Become the user of an authenticated connected named pipe.
321 When this is called we are currently running as the connection
322 user. Doesn't modify current_user.
323 ****************************************************************************/
325 bool become_authenticated_pipe_user(pipes_struct *p)
330 set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid,
331 p->server_info->utok.ngroups, p->server_info->utok.groups,
332 p->server_info->ptok);
337 /****************************************************************************
338 Unbecome the user of an authenticated connected named pipe.
339 When this is called we are running as the authenticated pipe
340 user and need to go back to being the connection user. Doesn't modify
342 ****************************************************************************/
344 bool unbecome_authenticated_pipe_user(void)
346 return pop_sec_ctx();
349 /****************************************************************************
350 Utility functions used by become_xxx/unbecome_xxx.
351 ****************************************************************************/
353 static void push_conn_ctx(void)
355 struct conn_ctx *ctx_p;
357 /* Check we don't overflow our stack */
359 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
360 DEBUG(0, ("Connection context stack overflow!\n"));
361 smb_panic("Connection context stack overflow!\n");
364 /* Store previous user context */
365 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
367 ctx_p->conn = current_user.conn;
368 ctx_p->vuid = current_user.vuid;
370 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
371 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
373 conn_ctx_stack_ndx++;
376 static void pop_conn_ctx(void)
378 struct conn_ctx *ctx_p;
380 /* Check for stack underflow. */
382 if (conn_ctx_stack_ndx == 0) {
383 DEBUG(0, ("Connection context stack underflow!\n"));
384 smb_panic("Connection context stack underflow!\n");
387 conn_ctx_stack_ndx--;
388 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
390 current_user.conn = ctx_p->conn;
391 current_user.vuid = ctx_p->vuid;
394 ctx_p->vuid = UID_FIELD_INVALID;
397 /****************************************************************************
398 Temporarily become a root user. Must match with unbecome_root(). Saves and
399 restores the connection context.
400 ****************************************************************************/
402 void become_root(void)
405 * no good way to handle push_sec_ctx() failing without changing
406 * the prototype of become_root()
408 if (!push_sec_ctx()) {
409 smb_panic("become_root: push_sec_ctx failed");
415 /* Unbecome the root user */
417 void unbecome_root(void)
423 /****************************************************************************
424 Push the current security context then force a change via change_to_user().
425 Saves and restores the connection context.
426 ****************************************************************************/
428 bool become_user(connection_struct *conn, uint16 vuid)
435 if (!change_to_user(conn, vuid)) {
444 bool unbecome_user(void)