source: branches/samba-3.2.x/source/smbd/uid.c@ 205

Last change on this file since 205 was 133, checked in by Paul Smedley, 17 years ago

Update trunk to 3.2.0pre3
File size: 11.4 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18*/
19
20#include "includes.h"
21
22/* what user is current? */
23extern struct current_user current_user;
24
25/****************************************************************************
26 Iterator functions for getting all gid's from current_user.
27****************************************************************************/
28
29gid_t get_current_user_gid_first(int *piterator)
30{
31 *piterator = 0;
32 return current_user.ut.gid;
33}
34
35gid_t get_current_user_gid_next(int *piterator)
36{
37 gid_t ret;
38
39 if (!current_user.ut.groups || *piterator >= current_user.ut.ngroups) {
40 return (gid_t)-1;
41 }
42
43 ret = current_user.ut.groups[*piterator];
44 (*piterator) += 1;
45 return ret;
46}
47
48/****************************************************************************
49 Become the guest user without changing the security context stack.
50****************************************************************************/
51
52bool change_to_guest(void)
53{
54 static struct passwd *pass=NULL;
55
56 if (!pass) {
57 /* Don't need to free() this as its stored in a static */
58 pass = getpwnam_alloc(NULL, lp_guestaccount());
59 if (!pass)
60 return(False);
61 }
62
63#ifdef AIX
64 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
65 setting IDs */
66 initgroups(pass->pw_name, pass->pw_gid);
67#endif
68
69 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
70
71 current_user.conn = NULL;
72 current_user.vuid = UID_FIELD_INVALID;
73
74 TALLOC_FREE(pass);
75 pass = NULL;
76
77 return True;
78}
79
80/*******************************************************************
81 Check if a username is OK.
82********************************************************************/
83
84static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
85{
86 unsigned int i;
87 struct vuid_cache_entry *ent = NULL;
88 bool readonly_share;
89 NT_USER_TOKEN *token;
90
91 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
92 if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
93 ent = &conn->vuid_cache.array[i];
94 conn->read_only = ent->read_only;
95 conn->admin_user = ent->admin_user;
96 return(True);
97 }
98 }
99
100 if (!user_ok_token(vuser->user.unix_name, vuser->nt_user_token, snum))
101 return(False);
102
103 readonly_share = is_share_read_only_for_token(vuser->user.unix_name,
104 vuser->nt_user_token,
105 SNUM(conn));
106
107 token = conn->nt_user_token ?
108 conn->nt_user_token : vuser->nt_user_token;
109
110 if (!readonly_share &&
111 !share_access_check(token, lp_servicename(snum),
112 FILE_WRITE_DATA)) {
113 /* smb.conf allows r/w, but the security descriptor denies
114 * write. Fall back to looking at readonly. */
115 readonly_share = True;
116 DEBUG(5,("falling back to read-only access-evaluation due to "
117 "security descriptor\n"));
118 }
119
120 if (!share_access_check(token, lp_servicename(snum),
121 readonly_share ?
122 FILE_READ_DATA : FILE_WRITE_DATA)) {
123 return False;
124 }
125
126 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
127 if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
128 conn->vuid_cache.entries++;
129
130 ent = &conn->vuid_cache.array[i];
131 ent->vuid = vuser->vuid;
132 ent->read_only = readonly_share;
133
134 ent->admin_user = token_contains_name_in_list(
135 vuser->user.unix_name, NULL, vuser->nt_user_token,
136 lp_admin_users(SNUM(conn)));
137
138 conn->read_only = ent->read_only;
139 conn->admin_user = ent->admin_user;
140
141 return(True);
142}
143
144/****************************************************************************
145 Become the user of a connection number without changing the security context
146 stack, but modify the current_user entries.
147****************************************************************************/
148
149bool change_to_user(connection_struct *conn, uint16 vuid)
150{
151#ifndef __OS2__
152
153 user_struct *vuser = get_valid_user_struct(vuid);
154 int snum;
155 gid_t gid;
156 uid_t uid;
157 char group_c;
158 bool must_free_token = False;
159 NT_USER_TOKEN *token = NULL;
160 int num_groups = 0;
161 gid_t *group_list = NULL;
162
163 if (!conn) {
164 DEBUG(2,("change_to_user: Connection not open\n"));
165 return(False);
166 }
167
168 /*
169 * We need a separate check in security=share mode due to vuid
170 * always being UID_FIELD_INVALID. If we don't do this then
171 * in share mode security we are *always* changing uid's between
172 * SMB's - this hurts performance - Badly.
173 */
174
175 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
176 (current_user.ut.uid == conn->uid)) {
177 DEBUG(4,("change_to_user: Skipping user change - already "
178 "user\n"));
179 return(True);
180 } else if ((current_user.conn == conn) &&
181 (vuser != 0) && (current_user.vuid == vuid) &&
182 (current_user.ut.uid == vuser->uid)) {
183 DEBUG(4,("change_to_user: Skipping user change - already "
184 "user\n"));
185 return(True);
186 }
187
188 snum = SNUM(conn);
189
190 if ((vuser) && !check_user_ok(conn, vuser, snum)) {
191 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
192 "not permitted access to share %s.\n",
193 vuser->user.smb_name, vuser->user.unix_name, vuid,
194 lp_servicename(snum)));
195 return False;
196 }
197
198 if (conn->force_user) /* security = share sets this too */ {
199 uid = conn->uid;
200 gid = conn->gid;
201 group_list = conn->groups;
202 num_groups = conn->ngroups;
203 token = conn->nt_user_token;
204 } else if (vuser) {
205 uid = conn->admin_user ? 0 : vuser->uid;
206 gid = vuser->gid;
207 num_groups = vuser->n_groups;
208 group_list = vuser->groups;
209 token = vuser->nt_user_token;
210 } else {
211 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
212 "share %s.\n",vuid, lp_servicename(snum) ));
213 return False;
214 }
215
216 /*
217 * See if we should force group for this service.
218 * If so this overrides any group set in the force
219 * user code.
220 */
221
222 if((group_c = *lp_force_group(snum))) {
223
224 token = dup_nt_token(NULL, token);
225 if (token == NULL) {
226 DEBUG(0, ("dup_nt_token failed\n"));
227 return False;
228 }
229 must_free_token = True;
230
231 if(group_c == '+') {
232
233 /*
234 * Only force group if the user is a member of
235 * the service group. Check the group memberships for
236 * this user (we already have this) to
237 * see if we should force the group.
238 */
239
240 int i;
241 for (i = 0; i < num_groups; i++) {
242 if (group_list[i] == conn->gid) {
243 gid = conn->gid;
244 gid_to_sid(&token->user_sids[1], gid);
245 break;
246 }
247 }
248 } else {
249 gid = conn->gid;
250 gid_to_sid(&token->user_sids[1], gid);
251 }
252 }
253
254 /* Now set current_user since we will immediately also call
255 set_sec_ctx() */
256
257 current_user.ut.ngroups = num_groups;
258 current_user.ut.groups = group_list;
259
260 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
261 token);
262
263 /*
264 * Free the new token (as set_sec_ctx copies it).
265 */
266
267 if (must_free_token)
268 TALLOC_FREE(token);
269
270 current_user.conn = conn;
271 current_user.vuid = vuid;
272
273 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
274 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
275#endif
276 return(True);
277}
278
279/****************************************************************************
280 Go back to being root without changing the security context stack,
281 but modify the current_user entries.
282****************************************************************************/
283
284bool change_to_root_user(void)
285{
286 set_root_sec_ctx();
287
288 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
289 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
290
291 current_user.conn = NULL;
292 current_user.vuid = UID_FIELD_INVALID;
293
294 return(True);
295}
296
297/****************************************************************************
298 Become the user of an authenticated connected named pipe.
299 When this is called we are currently running as the connection
300 user. Doesn't modify current_user.
301****************************************************************************/
302
303bool become_authenticated_pipe_user(pipes_struct *p)
304{
305 if (!push_sec_ctx())
306 return False;
307
308 set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
309 p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
310 p->pipe_user.nt_user_token);
311
312 return True;
313}
314
315/****************************************************************************
316 Unbecome the user of an authenticated connected named pipe.
317 When this is called we are running as the authenticated pipe
318 user and need to go back to being the connection user. Doesn't modify
319 current_user.
320****************************************************************************/
321
322bool unbecome_authenticated_pipe_user(void)
323{
324 return pop_sec_ctx();
325}
326
327/****************************************************************************
328 Utility functions used by become_xxx/unbecome_xxx.
329****************************************************************************/
330
331struct conn_ctx {
332 connection_struct *conn;
333 uint16 vuid;
334};
335
336/* A stack of current_user connection contexts. */
337
338static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
339static int conn_ctx_stack_ndx;
340
341static void push_conn_ctx(void)
342{
343 struct conn_ctx *ctx_p;
344
345 /* Check we don't overflow our stack */
346
347 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
348 DEBUG(0, ("Connection context stack overflow!\n"));
349 smb_panic("Connection context stack overflow!\n");
350 }
351
352 /* Store previous user context */
353 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
354
355 ctx_p->conn = current_user.conn;
356 ctx_p->vuid = current_user.vuid;
357
358 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
359 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
360
361 conn_ctx_stack_ndx++;
362}
363
364static void pop_conn_ctx(void)
365{
366 struct conn_ctx *ctx_p;
367
368 /* Check for stack underflow. */
369
370 if (conn_ctx_stack_ndx == 0) {
371 DEBUG(0, ("Connection context stack underflow!\n"));
372 smb_panic("Connection context stack underflow!\n");
373 }
374
375 conn_ctx_stack_ndx--;
376 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
377
378 current_user.conn = ctx_p->conn;
379 current_user.vuid = ctx_p->vuid;
380
381 ctx_p->conn = NULL;
382 ctx_p->vuid = UID_FIELD_INVALID;
383}
384
385/****************************************************************************
386 Temporarily become a root user. Must match with unbecome_root(). Saves and
387 restores the connection context.
388****************************************************************************/
389
390void become_root(void)
391{
392 /*
393 * no good way to handle push_sec_ctx() failing without changing
394 * the prototype of become_root()
395 */
396 if (!push_sec_ctx()) {
397 smb_panic("become_root: push_sec_ctx failed");
398 }
399 push_conn_ctx();
400 set_root_sec_ctx();
401}
402
403/* Unbecome the root user */
404
405void unbecome_root(void)
406{
407 pop_sec_ctx();
408 pop_conn_ctx();
409}
410
411/****************************************************************************
412 Push the current security context then force a change via change_to_user().
413 Saves and restores the connection context.
414****************************************************************************/
415
416bool become_user(connection_struct *conn, uint16 vuid)
417{
418 if (!push_sec_ctx())
419 return False;
420
421 push_conn_ctx();
422
423 if (!change_to_user(conn, vuid)) {
424 pop_sec_ctx();
425 pop_conn_ctx();
426 return False;
427 }
428
429 return True;
430}
431
432bool unbecome_user(void)
433{
434 pop_sec_ctx();
435 pop_conn_ctx();
436 return True;
437}
Note: See TracBrowser for help on using the repository browser.