2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 /* what user is current? */
23 extern struct current_user current_user;
25 /****************************************************************************
26 Iterator functions for getting all gid's from current_user.
27 ****************************************************************************/
29 gid_t get_current_user_gid_first(int *piterator)
32 return current_user.ut.gid;
35 gid_t get_current_user_gid_next(int *piterator)
39 if (!current_user.ut.groups || *piterator >= current_user.ut.ngroups) {
43 ret = current_user.ut.groups[*piterator];
48 /****************************************************************************
49 Become the guest user without changing the security context stack.
50 ****************************************************************************/
52 bool change_to_guest(void)
54 static struct passwd *pass=NULL;
57 /* Don't need to free() this as its stored in a static */
58 pass = getpwnam_alloc(NULL, lp_guestaccount());
64 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
66 initgroups(pass->pw_name, pass->pw_gid);
69 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
71 current_user.conn = NULL;
72 current_user.vuid = UID_FIELD_INVALID;
80 /*******************************************************************
81 Check if a username is OK.
82 ********************************************************************/
84 static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
87 struct vuid_cache_entry *ent = NULL;
91 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
92 if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
93 ent = &conn->vuid_cache.array[i];
94 conn->read_only = ent->read_only;
95 conn->admin_user = ent->admin_user;
100 if (!user_ok_token(vuser->server_info->unix_name,
101 vuser->server_info->ptok,
105 readonly_share = is_share_read_only_for_token(
106 vuser->server_info->unix_name, vuser->server_info->ptok,
109 token = conn->nt_user_token ?
110 conn->nt_user_token : vuser->server_info->ptok;
112 if (!readonly_share &&
113 !share_access_check(token, lp_servicename(snum),
115 /* smb.conf allows r/w, but the security descriptor denies
116 * write. Fall back to looking at readonly. */
117 readonly_share = True;
118 DEBUG(5,("falling back to read-only access-evaluation due to "
119 "security descriptor\n"));
122 if (!share_access_check(token, lp_servicename(snum),
124 FILE_READ_DATA : FILE_WRITE_DATA)) {
128 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
129 if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
130 conn->vuid_cache.entries++;
132 ent = &conn->vuid_cache.array[i];
133 ent->vuid = vuser->vuid;
134 ent->read_only = readonly_share;
136 ent->admin_user = token_contains_name_in_list(
137 vuser->server_info->unix_name, NULL, vuser->server_info->ptok,
138 lp_admin_users(SNUM(conn)));
140 conn->read_only = ent->read_only;
141 conn->admin_user = ent->admin_user;
146 /****************************************************************************
147 Become the user of a connection number without changing the security context
148 stack, but modify the current_user entries.
149 ****************************************************************************/
151 bool change_to_user(connection_struct *conn, uint16 vuid)
153 user_struct *vuser = get_valid_user_struct(vuid);
158 bool must_free_token = False;
159 NT_USER_TOKEN *token = NULL;
161 gid_t *group_list = NULL;
164 DEBUG(2,("change_to_user: Connection not open\n"));
169 * We need a separate check in security=share mode due to vuid
170 * always being UID_FIELD_INVALID. If we don't do this then
171 * in share mode security we are *always* changing uid's between
172 * SMB's - this hurts performance - Badly.
175 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
176 (current_user.ut.uid == conn->uid)) {
177 DEBUG(4,("change_to_user: Skipping user change - already "
180 } else if ((current_user.conn == conn) &&
181 (vuser != 0) && (current_user.vuid == vuid) &&
182 (current_user.ut.uid == vuser->server_info->uid)) {
183 DEBUG(4,("change_to_user: Skipping user change - already "
190 if ((vuser) && !check_user_ok(conn, vuser, snum)) {
191 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
192 "not permitted access to share %s.\n",
193 vuser->server_info->sanitized_username,
194 vuser->server_info->unix_name, vuid,
195 lp_servicename(snum)));
199 if (conn->force_user) /* security = share sets this too */ {
202 group_list = conn->groups;
203 num_groups = conn->ngroups;
204 token = conn->nt_user_token;
206 uid = conn->admin_user ? 0 : vuser->server_info->uid;
207 gid = vuser->server_info->gid;
208 num_groups = vuser->server_info->n_groups;
209 group_list = vuser->server_info->groups;
210 token = vuser->server_info->ptok;
212 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
213 "share %s.\n",vuid, lp_servicename(snum) ));
218 * See if we should force group for this service.
219 * If so this overrides any group set in the force
223 if((group_c = *lp_force_group(snum))) {
225 token = dup_nt_token(NULL, token);
227 DEBUG(0, ("dup_nt_token failed\n"));
230 must_free_token = True;
235 * Only force group if the user is a member of
236 * the service group. Check the group memberships for
237 * this user (we already have this) to
238 * see if we should force the group.
242 for (i = 0; i < num_groups; i++) {
243 if (group_list[i] == conn->gid) {
245 gid_to_sid(&token->user_sids[1], gid);
251 gid_to_sid(&token->user_sids[1], gid);
255 /* Now set current_user since we will immediately also call
258 current_user.ut.ngroups = num_groups;
259 current_user.ut.groups = group_list;
261 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
265 * Free the new token (as set_sec_ctx copies it).
271 current_user.conn = conn;
272 current_user.vuid = vuid;
274 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
275 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
280 /****************************************************************************
281 Go back to being root without changing the security context stack,
282 but modify the current_user entries.
283 ****************************************************************************/
285 bool change_to_root_user(void)
289 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
290 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
292 current_user.conn = NULL;
293 current_user.vuid = UID_FIELD_INVALID;
298 /****************************************************************************
299 Become the user of an authenticated connected named pipe.
300 When this is called we are currently running as the connection
301 user. Doesn't modify current_user.
302 ****************************************************************************/
304 bool become_authenticated_pipe_user(pipes_struct *p)
309 set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
310 p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
311 p->pipe_user.nt_user_token);
316 /****************************************************************************
317 Unbecome the user of an authenticated connected named pipe.
318 When this is called we are running as the authenticated pipe
319 user and need to go back to being the connection user. Doesn't modify
321 ****************************************************************************/
323 bool unbecome_authenticated_pipe_user(void)
325 return pop_sec_ctx();
328 /****************************************************************************
329 Utility functions used by become_xxx/unbecome_xxx.
330 ****************************************************************************/
333 connection_struct *conn;
337 /* A stack of current_user connection contexts. */
339 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
340 static int conn_ctx_stack_ndx;
342 static void push_conn_ctx(void)
344 struct conn_ctx *ctx_p;
346 /* Check we don't overflow our stack */
348 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
349 DEBUG(0, ("Connection context stack overflow!\n"));
350 smb_panic("Connection context stack overflow!\n");
353 /* Store previous user context */
354 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
356 ctx_p->conn = current_user.conn;
357 ctx_p->vuid = current_user.vuid;
359 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
360 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
362 conn_ctx_stack_ndx++;
365 static void pop_conn_ctx(void)
367 struct conn_ctx *ctx_p;
369 /* Check for stack underflow. */
371 if (conn_ctx_stack_ndx == 0) {
372 DEBUG(0, ("Connection context stack underflow!\n"));
373 smb_panic("Connection context stack underflow!\n");
376 conn_ctx_stack_ndx--;
377 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
379 current_user.conn = ctx_p->conn;
380 current_user.vuid = ctx_p->vuid;
383 ctx_p->vuid = UID_FIELD_INVALID;
386 /****************************************************************************
387 Temporarily become a root user. Must match with unbecome_root(). Saves and
388 restores the connection context.
389 ****************************************************************************/
391 void become_root(void)
394 * no good way to handle push_sec_ctx() failing without changing
395 * the prototype of become_root()
397 if (!push_sec_ctx()) {
398 smb_panic("become_root: push_sec_ctx failed");
404 /* Unbecome the root user */
406 void unbecome_root(void)
412 /****************************************************************************
413 Push the current security context then force a change via change_to_user().
414 Saves and restores the connection context.
415 ****************************************************************************/
417 bool become_user(connection_struct *conn, uint16 vuid)
424 if (!change_to_user(conn, vuid)) {
433 bool unbecome_user(void)