Context Navigation

source: branches/samba-3.0/source/smbd/uid.c@ 112

Visit:

Last change on this file since 112 was 106, checked in by Paul Smedley, 18 years ago
Revert fix for Ticket #22 - still seems fixed, but solves SIGSEGV in smbd.exe from connection from a Mac
File size: 11.7 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	uid/user handling
4	Copyright (C) Andrew Tridgell 1992-1998
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 2 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program; if not, write to the Free Software
18	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19	*/
20
21	#include "includes.h"
22
23	/* what user is current? */
24	extern struct current_user current_user;
25
26	/****************************************************************************
27	Iterator functions for getting all gid's from current_user.
28	****************************************************************************/
29
30	gid_t get_current_user_gid_first(int *piterator)
31	{
32	*piterator = 0;
33	return current_user.ut.gid;
34	}
35
36	gid_t get_current_user_gid_next(int *piterator)
37	{
38	gid_t ret;
39
40	if (!current_user.ut.groups \|\| *piterator >= current_user.ut.ngroups) {
41	return (gid_t)-1;
42	}
43
44	ret = current_user.ut.groups[*piterator];
45	(*piterator) += 1;
46	return ret;
47	}
48
49	/****************************************************************************
50	Become the guest user without changing the security context stack.
51	****************************************************************************/
52
53	BOOL change_to_guest(void)
54	{
55	static struct passwd *pass=NULL;
56
57	if (!pass) {
58	/* Don't need to free() this as its stored in a static */
59	pass = getpwnam_alloc(NULL, lp_guestaccount());
60	if (!pass)
61	return(False);
62	}
63
64	#ifdef AIX
65	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
66	setting IDs */
67	initgroups(pass->pw_name, pass->pw_gid);
68	#endif
69
70	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
71
72	current_user.conn = NULL;
73	current_user.vuid = UID_FIELD_INVALID;
74
75	TALLOC_FREE(pass);
76	pass = NULL;
77
78	return True;
79	}
80
81	/*******************************************************************
82	Check if a username is OK.
83	********************************************************************/
84
85	static BOOL check_user_ok(connection_struct conn, user_struct vuser,int snum)
86	{
87	unsigned int i;
88	struct vuid_cache_entry *ent = NULL;
89	BOOL readonly_share;
90	NT_USER_TOKEN *token;
91
92	for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
93	if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
94	ent = &conn->vuid_cache.array[i];
95	conn->read_only = ent->read_only;
96	conn->admin_user = ent->admin_user;
97	return(True);
98	}
99	}
100
101	if (!user_ok_token(vuser->user.unix_name, vuser->nt_user_token, snum))
102	return(False);
103
104	readonly_share = is_share_read_only_for_token(vuser->user.unix_name,
105	vuser->nt_user_token,
106	SNUM(conn));
107
108	token = conn->nt_user_token ?
109	conn->nt_user_token : vuser->nt_user_token;
110
111	if (!readonly_share &&
112	!share_access_check(token, lp_servicename(snum),
113	FILE_WRITE_DATA)) {
114	/* smb.conf allows r/w, but the security descriptor denies
115	* write. Fall back to looking at readonly. */
116	readonly_share = True;
117	DEBUG(5,("falling back to read-only access-evaluation due to "
118	"security descriptor\n"));
119	}
120
121	if (!share_access_check(token, lp_servicename(snum),
122	readonly_share ?
123	FILE_READ_DATA : FILE_WRITE_DATA)) {
124	return False;
125	}
126
127	i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
128	if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
129	conn->vuid_cache.entries++;
130
131	ent = &conn->vuid_cache.array[i];
132	ent->vuid = vuser->vuid;
133	ent->read_only = readonly_share;
134
135	ent->admin_user = token_contains_name_in_list(
136	vuser->user.unix_name, NULL, vuser->nt_user_token,
137	lp_admin_users(SNUM(conn)));
138
139	conn->read_only = ent->read_only;
140	conn->admin_user = ent->admin_user;
141
142	return(True);
143	}
144
145	/****************************************************************************
146	Become the user of a connection number without changing the security context
147	stack, but modify the current_user entries.
148	****************************************************************************/
149
150	BOOL change_to_user(connection_struct *conn, uint16 vuid)
151	{
152	user_struct *vuser = get_valid_user_struct(vuid);
153
154	int snum;
155	gid_t gid;
156	uid_t uid;
157	char group_c;
158	BOOL must_free_token = False;
159	NT_USER_TOKEN *token = NULL;
160	int num_groups = 0;
161	gid_t *group_list = NULL;
162
163	if (!conn) {
164	DEBUG(2,("change_to_user: Connection not open\n"));
165	return(False);
166	}
167
168	/*
169	* We need a separate check in security=share mode due to vuid
170	* always being UID_FIELD_INVALID. If we don't do this then
171	* in share mode security we are always changing uid's between
172	* SMB's - this hurts performance - Badly.
173	*/
174
175	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
176	(current_user.ut.uid == conn->uid)) {
177	DEBUG(4,("change_to_user: Skipping user change - already "
178	"user\n"));
179	return(True);
180	} else if ((current_user.conn == conn) &&
181	(vuser != 0) && (current_user.vuid == vuid) &&
182	(current_user.ut.uid == vuser->uid)) {
183	DEBUG(4,("change_to_user: Skipping user change - already "
184	"user\n"));
185	return(True);
186	}
187
188	snum = SNUM(conn);
189
190	if ((vuser) && !check_user_ok(conn, vuser, snum)) {
191	DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
192	"not permitted access to share %s.\n",
193	vuser->user.smb_name, vuser->user.unix_name, vuid,
194	lp_servicename(snum)));
195	return False;
196	}
197
198	if (conn->force_user) /* security = share sets this too */ {
199	uid = conn->uid;
200	gid = conn->gid;
201	group_list = conn->groups;
202	num_groups = conn->ngroups;
203	token = conn->nt_user_token;
204	} else if (vuser) {
205	uid = conn->admin_user ? 0 : vuser->uid;
206	gid = vuser->gid;
207	num_groups = vuser->n_groups;
208	group_list = vuser->groups;
209	token = vuser->nt_user_token;
210	} else {
211	DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
212	"share %s.\n",vuid, lp_servicename(snum) ));
213	return False;
214	}
215
216	/*
217	* See if we should force group for this service.
218	* If so this overrides any group set in the force
219	* user code.
220	*/
221
222	if((group_c = *lp_force_group(snum))) {
223
224	token = dup_nt_token(NULL, token);
225	if (token == NULL) {
226	DEBUG(0, ("dup_nt_token failed\n"));
227	return False;
228	}
229	must_free_token = True;
230
231	if(group_c == '+') {
232
233	/*
234	* Only force group if the user is a member of
235	* the service group. Check the group memberships for
236	* this user (we already have this) to
237	* see if we should force the group.
238	*/
239
240	int i;
241	for (i = 0; i < num_groups; i++) {
242	if (group_list[i] == conn->gid) {
243	gid = conn->gid;
244	gid_to_sid(&token->user_sids[1], gid);
245	break;
246	}
247	}
248	} else {
249	gid = conn->gid;
250	gid_to_sid(&token->user_sids[1], gid);
251	}
252	}
253
254	/* Now set current_user since we will immediately also call
255	set_sec_ctx() */
256
257	current_user.ut.ngroups = num_groups;
258	current_user.ut.groups = group_list;
259
260	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
261	token);
262
263	/*
264	* Free the new token (as set_sec_ctx copies it).
265	*/
266
267	if (must_free_token)
268	TALLOC_FREE(token);
269
270	current_user.conn = conn;
271	current_user.vuid = vuid;
272
273	DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
274	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
275
276	return(True);
277	}
278
279	/****************************************************************************
280	Go back to being root without changing the security context stack,
281	but modify the current_user entries.
282	****************************************************************************/
283
284	BOOL change_to_root_user(void)
285	{
286	set_root_sec_ctx();
287
288	DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
289	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
290
291	current_user.conn = NULL;
292	current_user.vuid = UID_FIELD_INVALID;
293
294	return(True);
295	}
296
297	/****************************************************************************
298	Become the user of an authenticated connected named pipe.
299	When this is called we are currently running as the connection
300	user. Doesn't modify current_user.
301	****************************************************************************/
302
303	BOOL become_authenticated_pipe_user(pipes_struct *p)
304	{
305	if (!push_sec_ctx())
306	return False;
307
308	set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
309	p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
310	p->pipe_user.nt_user_token);
311
312	return True;
313	}
314
315	/****************************************************************************
316	Unbecome the user of an authenticated connected named pipe.
317	When this is called we are running as the authenticated pipe
318	user and need to go back to being the connection user. Doesn't modify
319	current_user.
320	****************************************************************************/
321
322	BOOL unbecome_authenticated_pipe_user(void)
323	{
324	return pop_sec_ctx();
325	}
326
327	/****************************************************************************
328	Utility functions used by become_xxx/unbecome_xxx.
329	****************************************************************************/
330
331	struct conn_ctx {
332	connection_struct *conn;
333	uint16 vuid;
334	};
335
336	/* A stack of current_user connection contexts. */
337
338	static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
339	static int conn_ctx_stack_ndx;
340
341	static void push_conn_ctx(void)
342	{
343	struct conn_ctx *ctx_p;
344
345	/* Check we don't overflow our stack */
346
347	if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
348	DEBUG(0, ("Connection context stack overflow!\n"));
349	smb_panic("Connection context stack overflow!\n");
350	}
351
352	/* Store previous user context */
353	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
354
355	ctx_p->conn = current_user.conn;
356	ctx_p->vuid = current_user.vuid;
357
358	DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
359	(unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
360
361	conn_ctx_stack_ndx++;
362	}
363
364	static void pop_conn_ctx(void)
365	{
366	struct conn_ctx *ctx_p;
367
368	/* Check for stack underflow. */
369
370	if (conn_ctx_stack_ndx == 0) {
371	DEBUG(0, ("Connection context stack underflow!\n"));
372	smb_panic("Connection context stack underflow!\n");
373	}
374
375	conn_ctx_stack_ndx--;
376	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
377
378	current_user.conn = ctx_p->conn;
379	current_user.vuid = ctx_p->vuid;
380
381	ctx_p->conn = NULL;
382	ctx_p->vuid = UID_FIELD_INVALID;
383	}
384
385	/****************************************************************************
386	Temporarily become a root user. Must match with unbecome_root(). Saves and
387	restores the connection context.
388	****************************************************************************/
389
390	void become_root(void)
391	{
392	push_sec_ctx();
393	push_conn_ctx();
394	set_root_sec_ctx();
395	}
396
397	/* Unbecome the root user */
398
399	void unbecome_root(void)
400	{
401	pop_sec_ctx();
402	pop_conn_ctx();
403	}
404
405	/****************************************************************************
406	Push the current security context then force a change via change_to_user().
407	Saves and restores the connection context.
408	****************************************************************************/
409
410	BOOL become_user(connection_struct *conn, uint16 vuid)
411	{
412	if (!push_sec_ctx())
413	return False;
414
415	push_conn_ctx();
416
417	if (!change_to_user(conn, vuid)) {
418	pop_sec_ctx();
419	pop_conn_ctx();
420	return False;
421	}
422
423	return True;
424	}
425
426	BOOL unbecome_user(void)
427	{
428	pop_sec_ctx();
429	pop_conn_ctx();
430	return True;
431	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: