2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* what user is current? */
24 extern struct current_user current_user;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 BOOL change_to_guest(void)
32 static struct passwd *pass=NULL;
35 /* Don't need to free() this as its stored in a static */
36 pass = getpwnam_alloc(lp_guestaccount());
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
44 initgroups(pass->pw_name, pass->pw_gid);
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
57 /****************************************************************************
58 Readonly share for this user ?
59 ****************************************************************************/
61 static BOOL is_share_read_only_for_user(connection_struct *conn, user_struct *vuser)
64 const char *service = lp_servicename(conn->service);
65 BOOL read_only_ret = lp_readonly(conn->service);
70 str_list_copy(&list, lp_readlist(conn->service));
72 if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
73 DEBUG(0, ("is_share_read_only_for_user: ERROR: read list substitution failed\n"));
75 if (!str_list_substitute(list, "%S", service)) {
76 DEBUG(0, ("is_share_read_only_for_user: ERROR: read list service substitution failed\n"));
78 if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
84 str_list_copy(&list, lp_writelist(conn->service));
86 if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
87 DEBUG(0, ("is_share_read_only_for_user: ERROR: write list substitution failed\n"));
89 if (!str_list_substitute(list, "%S", service)) {
90 DEBUG(0, ("is_share_read_only_for_user: ERROR: write list service substitution failed\n"));
92 if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
93 read_only_ret = False;
98 DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user %s\n",
99 service, read_only_ret ? "read-only" : "read-write", vuser->user.unix_name ));
101 return read_only_ret;
104 /*******************************************************************
105 Check if a username is OK.
106 ********************************************************************/
108 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
111 struct vuid_cache_entry *ent = NULL;
114 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
115 if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
116 ent = &conn->vuid_cache.array[i];
117 conn->read_only = ent->read_only;
118 conn->admin_user = ent->admin_user;
123 if (!user_ok(vuser->user.unix_name,snum, vuser->groups, vuser->n_groups))
126 readonly_share = is_share_read_only_for_user(conn, vuser);
128 if (!share_access_check(conn, snum, vuser, readonly_share ? FILE_READ_DATA : FILE_WRITE_DATA)) {
132 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
133 if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
134 conn->vuid_cache.entries++;
136 ent = &conn->vuid_cache.array[i];
137 ent->vuid = vuser->vuid;
138 ent->read_only = readonly_share;
140 if (user_in_list(vuser->user.unix_name ,lp_admin_users(conn->service), vuser->groups, vuser->n_groups)) {
141 ent->admin_user = True;
143 ent->admin_user = False;
146 conn->read_only = ent->read_only;
147 conn->admin_user = ent->admin_user;
152 /****************************************************************************
153 Become the user of a connection number without changing the security context
154 stack, but modify the currnet_user entries.
155 ****************************************************************************/
157 BOOL change_to_user(connection_struct *conn, uint16 vuid)
159 user_struct *vuser = get_valid_user_struct(vuid);
164 BOOL must_free_token = False;
165 NT_USER_TOKEN *token = NULL;
168 DEBUG(2,("change_to_user: Connection not open\n"));
173 * We need a separate check in security=share mode due to vuid
174 * always being UID_FIELD_INVALID. If we don't do this then
175 * in share mode security we are *always* changing uid's between
176 * SMB's - this hurts performance - Badly.
179 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
180 (current_user.uid == conn->uid)) {
181 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
183 } else if ((current_user.conn == conn) &&
184 (vuser != 0) && (current_user.vuid == vuid) &&
185 (current_user.uid == vuser->uid)) {
186 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
192 if (conn->force_user) /* security = share sets this too */ {
195 current_user.groups = conn->groups;
196 current_user.ngroups = conn->ngroups;
197 token = conn->nt_user_token;
198 } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
199 uid = conn->admin_user ? 0 : vuser->uid;
201 current_user.ngroups = vuser->n_groups;
202 current_user.groups = vuser->groups;
203 token = vuser->nt_user_token;
205 DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
210 * See if we should force group for this service.
211 * If so this overrides any group set in the force
215 if((group_c = *lp_force_group(snum))) {
216 BOOL is_guest = False;
221 * Only force group if the user is a member of
222 * the service group. Check the group memberships for
223 * this user (we already have this) to
224 * see if we should force the group.
228 for (i = 0; i < current_user.ngroups; i++) {
229 if (current_user.groups[i] == conn->gid) {
239 * We've changed the group list in the token - we must
243 if (vuser && vuser->guest)
246 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
248 DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
251 must_free_token = True;
254 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
257 * Free the new token (as set_sec_ctx copies it).
261 delete_nt_token(&token);
263 current_user.conn = conn;
264 current_user.vuid = vuid;
266 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
267 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
272 /****************************************************************************
273 Go back to being root without changing the security context stack,
274 but modify the current_user entries.
275 ****************************************************************************/
277 BOOL change_to_root_user(void)
281 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
282 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
284 current_user.conn = NULL;
285 current_user.vuid = UID_FIELD_INVALID;
290 /****************************************************************************
291 Become the user of an authenticated connected named pipe.
292 When this is called we are currently running as the connection
293 user. Doesn't modify current_user.
294 ****************************************************************************/
296 BOOL become_authenticated_pipe_user(pipes_struct *p)
301 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
302 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
307 /****************************************************************************
308 Unbecome the user of an authenticated connected named pipe.
309 When this is called we are running as the authenticated pipe
310 user and need to go back to being the connection user. Doesn't modify
312 ****************************************************************************/
314 BOOL unbecome_authenticated_pipe_user(void)
316 return pop_sec_ctx();
319 /****************************************************************************
320 Utility functions used by become_xxx/unbecome_xxx.
321 ****************************************************************************/
324 connection_struct *conn;
328 /* A stack of current_user connection contexts. */
330 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
331 static int conn_ctx_stack_ndx;
333 static void push_conn_ctx(void)
335 struct conn_ctx *ctx_p;
337 /* Check we don't overflow our stack */
339 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
340 DEBUG(0, ("Connection context stack overflow!\n"));
341 smb_panic("Connection context stack overflow!\n");
344 /* Store previous user context */
345 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
347 ctx_p->conn = current_user.conn;
348 ctx_p->vuid = current_user.vuid;
350 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
351 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
353 conn_ctx_stack_ndx++;
356 static void pop_conn_ctx(void)
358 struct conn_ctx *ctx_p;
360 /* Check for stack underflow. */
362 if (conn_ctx_stack_ndx == 0) {
363 DEBUG(0, ("Connection context stack underflow!\n"));
364 smb_panic("Connection context stack underflow!\n");
367 conn_ctx_stack_ndx--;
368 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
370 current_user.conn = ctx_p->conn;
371 current_user.vuid = ctx_p->vuid;
374 ctx_p->vuid = UID_FIELD_INVALID;
377 /****************************************************************************
378 Temporarily become a root user. Must match with unbecome_root(). Saves and
379 restores the connection context.
380 ****************************************************************************/
382 void become_root(void)
389 /* Unbecome the root user */
391 void unbecome_root(void)
397 /****************************************************************************
398 Push the current security context then force a change via change_to_user().
399 Saves and restores the connection context.
400 ****************************************************************************/
402 BOOL become_user(connection_struct *conn, uint16 vuid)
409 if (!change_to_user(conn, vuid)) {
418 BOOL unbecome_user(void)