2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /* what user is current? */
24 extern struct current_user current_user;
26 /****************************************************************************
27 Become the guest user without changing the security context stack.
28 ****************************************************************************/
30 BOOL change_to_guest(void)
32 static struct passwd *pass=NULL;
35 /* Don't need to free() this as its stored in a static */
36 pass = getpwnam_alloc(lp_guestaccount());
42 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
44 initgroups(pass->pw_name, pass->pw_gid);
47 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
49 current_user.conn = NULL;
50 current_user.vuid = UID_FIELD_INVALID;
55 /*******************************************************************
56 Check if a username is OK.
57 ********************************************************************/
59 static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
62 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++)
63 if (conn->vuid_cache.list[i] == vuser->vuid)
66 if ((conn->force_user || conn->force_group)
67 && (conn->vuid != vuser->vuid)) {
71 if (!user_ok(vuser->user.unix_name,snum))
74 if (!share_access_check(conn, snum, vuser, conn->read_only ? FILE_READ_DATA : FILE_WRITE_DATA)) {
78 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
79 conn->vuid_cache.list[i] = vuser->vuid;
81 conn->vuid_cache.entries++;
86 /****************************************************************************
87 Become the user of a connection number without changing the security context
88 stack, but modify the currnet_user entries.
89 ****************************************************************************/
91 BOOL change_to_user(connection_struct *conn, uint16 vuid)
93 user_struct *vuser = get_valid_user_struct(vuid);
98 BOOL must_free_token = False;
99 NT_USER_TOKEN *token = NULL;
102 DEBUG(2,("change_to_user: Connection not open\n"));
107 * We need a separate check in security=share mode due to vuid
108 * always being UID_FIELD_INVALID. If we don't do this then
109 * in share mode security we are *always* changing uid's between
110 * SMB's - this hurts performance - Badly.
113 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
114 (current_user.uid == conn->uid)) {
115 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
117 } else if ((current_user.conn == conn) &&
118 (vuser != 0) && (current_user.vuid == vuid) &&
119 (current_user.uid == vuser->uid)) {
120 DEBUG(4,("change_to_user: Skipping user change - already user\n"));
126 if (conn->force_user) /* security = share sets this too */ {
129 current_user.groups = conn->groups;
130 current_user.ngroups = conn->ngroups;
131 token = conn->nt_user_token;
132 } else if ((vuser) && check_user_ok(conn, vuser, snum)) {
135 current_user.ngroups = vuser->n_groups;
136 current_user.groups = vuser->groups;
137 token = vuser->nt_user_token;
139 DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
144 * See if we should force group for this service.
145 * If so this overrides any group set in the force
149 if((group_c = *lp_force_group(snum))) {
150 BOOL is_guest = False;
155 * Only force group if the user is a member of
156 * the service group. Check the group memberships for
157 * this user (we already have this) to
158 * see if we should force the group.
162 for (i = 0; i < current_user.ngroups; i++) {
163 if (current_user.groups[i] == conn->gid) {
173 * We've changed the group list in the token - we must
177 if (vuser && vuser->guest)
180 token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
182 DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
185 must_free_token = True;
188 set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
191 * Free the new token (as set_sec_ctx copies it).
195 delete_nt_token(&token);
197 current_user.conn = conn;
198 current_user.vuid = vuid;
200 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
201 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
206 /****************************************************************************
207 Go back to being root without changing the security context stack,
208 but modify the current_user entries.
209 ****************************************************************************/
211 BOOL change_to_root_user(void)
215 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
216 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
218 current_user.conn = NULL;
219 current_user.vuid = UID_FIELD_INVALID;
224 /****************************************************************************
225 Become the user of an authenticated connected named pipe.
226 When this is called we are currently running as the connection
227 user. Doesn't modify current_user.
228 ****************************************************************************/
230 BOOL become_authenticated_pipe_user(pipes_struct *p)
235 set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
236 p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
241 /****************************************************************************
242 Unbecome the user of an authenticated connected named pipe.
243 When this is called we are running as the authenticated pipe
244 user and need to go back to being the connection user. Doesn't modify
246 ****************************************************************************/
248 BOOL unbecome_authenticated_pipe_user(void)
250 return pop_sec_ctx();
253 /****************************************************************************
254 Utility functions used by become_xxx/unbecome_xxx.
255 ****************************************************************************/
258 connection_struct *conn;
262 /* A stack of current_user connection contexts. */
264 static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
265 static int conn_ctx_stack_ndx;
267 static void push_conn_ctx(void)
269 struct conn_ctx *ctx_p;
271 /* Check we don't overflow our stack */
273 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
274 DEBUG(0, ("Connection context stack overflow!\n"));
275 smb_panic("Connection context stack overflow!\n");
278 /* Store previous user context */
279 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
281 ctx_p->conn = current_user.conn;
282 ctx_p->vuid = current_user.vuid;
284 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
285 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
287 conn_ctx_stack_ndx++;
290 static void pop_conn_ctx(void)
292 struct conn_ctx *ctx_p;
294 /* Check for stack underflow. */
296 if (conn_ctx_stack_ndx == 0) {
297 DEBUG(0, ("Connection context stack underflow!\n"));
298 smb_panic("Connection context stack underflow!\n");
301 conn_ctx_stack_ndx--;
302 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
304 current_user.conn = ctx_p->conn;
305 current_user.vuid = ctx_p->vuid;
308 ctx_p->vuid = UID_FIELD_INVALID;
311 void init_conn_ctx(void)
315 /* Initialise connection context stack */
316 for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
317 conn_ctx_stack[i].conn = NULL;
318 conn_ctx_stack[i].vuid = UID_FIELD_INVALID;
322 /****************************************************************************
323 Temporarily become a root user. Must match with unbecome_root(). Saves and
324 restores the connection context.
325 ****************************************************************************/
327 void become_root(void)
334 /* Unbecome the root user */
336 void unbecome_root(void)
342 /****************************************************************************
343 Push the current security context then force a change via change_to_user().
344 Saves and restores the connection context.
345 ****************************************************************************/
347 BOOL become_user(connection_struct *conn, uint16 vuid)
354 if (!change_to_user(conn, vuid)) {
363 BOOL unbecome_user(void)
370 /*****************************************************************
371 Convert the suplimentary SIDs returned in a netlogon into UNIX
372 group gid_t's. Add to the total group array.
373 *****************************************************************/
375 void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
378 int current_n_groups = *n_groups;
379 gid_t *final_groups = NULL;
381 NT_USER_TOKEN *ptok = *pptok;
382 NT_USER_TOKEN *new_tok = NULL;
384 if (!ptok || (ptok->num_sids == 0))
387 new_tok = dup_nt_token(ptok);
389 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
392 /* Leave the allocated space but empty the number of SIDs. */
393 new_tok->num_sids = 0;
395 total_groups = current_n_groups + ptok->num_sids;
397 final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
399 DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
400 delete_nt_token(&new_tok);
404 memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
405 for (i = 0; i < ptok->num_sids; i++) {
406 enum SID_NAME_USE sid_type;
409 if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
411 * Don't add the gid_t if it is already in the current group
412 * list. Some UNIXen don't like the same group more than once.
416 for (j = 0; j < current_n_groups; j++)
417 if (final_groups[j] == new_grp)
420 if ( j == current_n_groups) {
421 /* Group not already present. */
422 final_groups[current_n_groups++] = new_grp;
425 /* SID didn't map. Copy to the new token to be saved. */
426 sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
430 SAFE_FREE(*pp_groups);
431 *pp_groups = final_groups;
432 *n_groups = current_n_groups;
434 /* Replace the old token with the truncated one. */
435 delete_nt_token(&ptok);
439 /*****************************************************************
440 *THE CANONICAL* convert name to SID function.
441 Tries local lookup first - for local domains - then uses winbind.
442 *****************************************************************/
444 BOOL lookup_name(const char *domain, const char *name, DOM_SID *psid, enum SID_NAME_USE *name_type)
446 extern pstring global_myname;
447 extern fstring global_myworkgroup;
449 BOOL local_lookup = False;
451 *name_type = SID_NAME_UNKNOWN;
453 /* If we are looking up a domain user, make sure it is
454 for the local machine only */
456 if (strequal(global_myname, domain)) {
458 } else if (lp_server_role() == ROLE_DOMAIN_PDC ||
459 lp_server_role() == ROLE_DOMAIN_BDC) {
460 if (strequal(domain, global_myworkgroup)) {
466 if (local_lookup_name(name, psid, name_type)) {
468 ("lookup_name: (local) [%s]\\[%s] -> SID %s (type %s: %u)\n",
469 domain, name, sid_to_string(sid,psid),
470 sid_type_lookup(*name_type), (unsigned int)*name_type));
475 if (winbind_lookup_name(domain, name, psid, name_type)) {
477 DEBUG(10,("lookup_name (winbindd): [%s]\\[%s] -> SID %s (type %u)\n",
478 domain, name, sid_to_string(sid, psid),
479 (unsigned int)*name_type));
484 DEBUG(10, ("lookup_name: %s lookup for [%s]\\[%s] failed\n",
485 local_lookup ? "local" : "winbind", domain, name));
490 /*****************************************************************
491 *THE CANONICAL* convert SID to name function.
492 Tries local lookup first - for local sids, then tries winbind.
493 *****************************************************************/
495 BOOL lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAME_USE *name_type)
500 *name_type = SID_NAME_UNKNOWN;
502 /* Check if this is our own sid. This should perhaps be done by
503 winbind? For the moment handle it here. */
505 if (sid->num_auths == 5) {
509 sid_copy(&tmp_sid, sid);
510 sid_split_rid(&tmp_sid, &rid);
512 if (sid_equal(get_global_sam_sid(), &tmp_sid)) {
514 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
515 local_lookup_sid(sid, name, name_type);
519 if (!winbind_lookup_sid(sid, dom_name, name, name_type)) {
524 DEBUG(10,("lookup_sid: winbind lookup for SID %s failed - trying local.\n", sid_to_string(sid_str, sid) ));
526 sid_copy(&tmp_sid, sid);
527 sid_split_rid(&tmp_sid, &rid);
528 return map_domain_sid_to_name(&tmp_sid, dom_name) &&
529 lookup_known_rid(&tmp_sid, rid, name, name_type);
534 /*****************************************************************
535 *THE CANONICAL* convert uid_t to SID function.
536 Tries winbind first - then uses local lookup.
538 *****************************************************************/
540 DOM_SID *uid_to_sid(DOM_SID *psid, uid_t uid)
545 if (lp_winbind_uid(&low, &high) && uid >= low && uid <= high) {
546 if (winbind_uid_to_sid(psid, uid)) {
548 DEBUG(10,("uid_to_sid: winbindd %u -> %s\n",
549 (unsigned int)uid, sid_to_string(sid, psid)));
555 /* Make sure we report failure, (when psid == NULL) */
557 psid = local_uid_to_sid(psid, uid);
560 DEBUG(10,("uid_to_sid: local %u -> %s\n", (unsigned int)uid, sid_to_string(sid, psid)));
565 /*****************************************************************
566 *THE CANONICAL* convert gid_t to SID function.
567 Tries winbind first - then uses local lookup.
569 *****************************************************************/
571 DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid)
576 if (lp_winbind_gid(&low, &high) && gid >= low && gid <= high) {
577 if (winbind_gid_to_sid(psid, gid)) {
579 DEBUG(10,("gid_to_sid: winbindd %u -> %s\n",
580 (unsigned int)gid, sid_to_string(sid, psid)));
586 /* Make sure we report failure, (when psid == NULL) */
587 psid = local_gid_to_sid(psid, gid);
589 DEBUG(10,("gid_to_sid: local %u -> %s\n", (unsigned int)gid, sid_to_string(sid, psid)));
594 /*****************************************************************
595 *THE CANONICAL* convert SID to uid function.
596 Tries winbind first - then uses local lookup.
597 Returns True if this name is a user sid and the conversion
598 was done correctly, False if not. sidtype is set by this function.
599 *****************************************************************/
601 BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype)
605 /* if we know its local then don't try winbindd */
606 if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
609 result = local_sid_to_uid(puid, psid, sidtype);
614 /* (tridge) I commented out the slab of code below in order to support foreign SIDs
615 Do we really need to validate the type of SID we have in this case?
618 fstring dom_name, name;
619 enum SID_NAME_USE name_type;
621 *sidtype = SID_NAME_UNKNOWN;
623 * First we must look up the name and decide if this is a user sid.
626 if ( (!winbind_lookup_sid(psid, dom_name, name, &name_type)) || (name_type != SID_NAME_USER) ) {
628 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed - trying local.\n",
629 sid_to_string(sid_str, psid) ));
632 result = local_sid_to_uid(puid, psid, sidtype);
638 * Ensure this is a user sid.
641 if (name_type != SID_NAME_USER) {
642 DEBUG(10,("sid_to_uid: winbind lookup succeeded but SID is not a uid (%u)\n",
643 (unsigned int)name_type ));
647 *sidtype = SID_NAME_USER;
650 * Get the uid for this SID.
653 if (!winbind_sid_to_uid(puid, psid)) {
655 DEBUG(10,("sid_to_uid: winbind lookup for sid %s failed.\n",
656 sid_to_string(sid_str, psid) ));
658 result = local_sid_to_uid(puid, psid, sidtype);
663 DEBUG(10,("sid_to_uid: winbindd %s -> %u\n",
664 sid_to_string(sid_str, psid),
665 (unsigned int)*puid ));
670 /*****************************************************************
671 *THE CANONICAL* convert SID to gid function.
672 Tries winbind first - then uses local lookup.
673 Returns True if this name is a user sid and the conversion
674 was done correctly, False if not.
675 *****************************************************************/
677 BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype)
679 fstring dom_name, name, sid_str;
680 enum SID_NAME_USE name_type;
682 *sidtype = SID_NAME_UNKNOWN;
685 * First we must look up the name and decide if this is a group sid.
688 /* if we know its local then don't try winbindd */
689 if (sid_compare_domain(get_global_sam_sid(), psid) == 0) {
692 result = local_sid_to_gid(pgid, psid, sidtype);
697 if (!winbind_lookup_sid(psid, dom_name, name, &name_type)) {
698 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
699 sid_to_string(sid_str, psid) ));
700 /* this was probably a foreign sid - assume its a group rid
702 name_type = SID_NAME_DOM_GRP;
706 * Ensure this is a group sid.
709 if ((name_type != SID_NAME_DOM_GRP) && (name_type != SID_NAME_ALIAS) && (name_type != SID_NAME_WKN_GRP)) {
710 DEBUG(10,("sid_to_gid: winbind lookup succeeded but SID is not a known group (%u)\n",
711 (unsigned int)name_type ));
716 *sidtype = name_type;
719 * Get the gid for this SID.
722 if (!winbind_sid_to_gid(pgid, psid)) {
723 DEBUG(10,("sid_to_gid: winbind lookup for sid %s failed.\n",
724 sid_to_string(sid_str, psid) ));
728 DEBUG(10,("sid_to_gid: winbindd %s -> %u\n",
729 sid_to_string(sid_str, psid),
730 (unsigned int)*pgid ));
git.samba.org / tprouty / samba.git / blob