Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.3.x/source/smbd/uid.c@ 206

Visit:

Last change on this file since 206 was 206, checked in by Herwig Bauernfeind, 16 years ago
Import Samba 3.3 branch at 3.0.0 level (psmedley's port)
File size: 12.2 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	uid/user handling
4	Copyright (C) Andrew Tridgell 1992-1998
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include "includes.h"
21
22	/* what user is current? */
23	extern struct current_user current_user;
24
25	/****************************************************************************
26	Become the guest user without changing the security context stack.
27	****************************************************************************/
28
29	bool change_to_guest(void)
30	{
31	static struct passwd *pass=NULL;
32
33	if (!pass) {
34	/* Don't need to free() this as its stored in a static */
35	pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
36	if (!pass)
37	return(False);
38	}
39
40	#ifdef AIX
41	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42	setting IDs */
43	initgroups(pass->pw_name, pass->pw_gid);
44	#endif
45
46	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
47
48	current_user.conn = NULL;
49	current_user.vuid = UID_FIELD_INVALID;
50
51	TALLOC_FREE(pass);
52	pass = NULL;
53
54	return True;
55	}
56
57	/*******************************************************************
58	Check if a username is OK.
59
60	This sets up conn->server_info with a copy related to this vuser that
61	later code can then mess with.
62	********************************************************************/
63
64	static bool check_user_ok(connection_struct *conn,
65	uint16_t vuid,
66	const struct auth_serversupplied_info *server_info,
67	int snum)
68	{
69	bool valid_vuid = (vuid != UID_FIELD_INVALID);
70	unsigned int i;
71	bool readonly_share;
72	bool admin_user;
73
74	if (valid_vuid) {
75	struct vuid_cache_entry *ent;
76
77	for (i=0; i<VUID_CACHE_SIZE; i++) {
78	ent = &conn->vuid_cache.array[i];
79	if (ent->vuid == vuid) {
80	conn->server_info = ent->server_info;
81	conn->read_only = ent->read_only;
82	conn->admin_user = ent->admin_user;
83	return(True);
84	}
85	}
86	}
87
88	if (!user_ok_token(server_info->unix_name,
89	pdb_get_domain(server_info->sam_account),
90	server_info->ptok, snum))
91	return(False);
92
93	readonly_share = is_share_read_only_for_token(
94	server_info->unix_name,
95	pdb_get_domain(server_info->sam_account),
96	server_info->ptok,
97	conn);
98
99	if (!readonly_share &&
100	!share_access_check(server_info->ptok, lp_servicename(snum),
101	FILE_WRITE_DATA)) {
102	/* smb.conf allows r/w, but the security descriptor denies
103	* write. Fall back to looking at readonly. */
104	readonly_share = True;
105	DEBUG(5,("falling back to read-only access-evaluation due to "
106	"security descriptor\n"));
107	}
108
109	if (!share_access_check(server_info->ptok, lp_servicename(snum),
110	readonly_share ?
111	FILE_READ_DATA : FILE_WRITE_DATA)) {
112	return False;
113	}
114
115	admin_user = token_contains_name_in_list(
116	server_info->unix_name,
117	pdb_get_domain(server_info->sam_account),
118	NULL, server_info->ptok, lp_admin_users(snum));
119
120	if (valid_vuid) {
121	struct vuid_cache_entry *ent =
122	&conn->vuid_cache.array[conn->vuid_cache.next_entry];
123
124	conn->vuid_cache.next_entry =
125	(conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
126
127	TALLOC_FREE(ent->server_info);
128
129	/*
130	* If force_user was set, all server_info's are based on the same
131	* username-based faked one.
132	*/
133
134	ent->server_info = copy_serverinfo(
135	conn, conn->force_user ? conn->server_info : server_info);
136
137	if (ent->server_info == NULL) {
138	ent->vuid = UID_FIELD_INVALID;
139	return false;
140	}
141
142	ent->vuid = vuid;
143	ent->read_only = readonly_share;
144	ent->admin_user = admin_user;
145	conn->server_info = ent->server_info;
146	}
147
148	conn->read_only = readonly_share;
149	conn->admin_user = admin_user;
150
151	return(True);
152	}
153
154	/****************************************************************************
155	Clear a vuid out of the connection's vuid cache
156	****************************************************************************/
157
158	void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
159	{
160	int i;
161
162	for (i=0; i<VUID_CACHE_SIZE; i++) {
163	struct vuid_cache_entry *ent;
164
165	ent = &conn->vuid_cache.array[i];
166
167	if (ent->vuid == vuid) {
168	ent->vuid = UID_FIELD_INVALID;
169	TALLOC_FREE(ent->server_info);
170	ent->read_only = False;
171	ent->admin_user = False;
172	}
173	}
174	}
175
176	/****************************************************************************
177	Become the user of a connection number without changing the security context
178	stack, but modify the current_user entries.
179	****************************************************************************/
180
181	bool change_to_user(connection_struct *conn, uint16 vuid)
182	{
183	const struct auth_serversupplied_info *server_info = NULL;
184	user_struct *vuser = get_valid_user_struct(vuid);
185	int snum;
186	gid_t gid;
187	uid_t uid;
188	char group_c;
189	int num_groups = 0;
190	gid_t *group_list = NULL;
191
192	if (!conn) {
193	DEBUG(2,("change_to_user: Connection not open\n"));
194	return(False);
195	}
196
197	/*
198	* We need a separate check in security=share mode due to vuid
199	* always being UID_FIELD_INVALID. If we don't do this then
200	* in share mode security we are always changing uid's between
201	* SMB's - this hurts performance - Badly.
202	*/
203
204	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
205	(current_user.ut.uid == conn->server_info->utok.uid)) {
206	DEBUG(4,("change_to_user: Skipping user change - already "
207	"user\n"));
208	return(True);
209	} else if ((current_user.conn == conn) &&
210	(vuser != NULL) && (current_user.vuid == vuid) &&
211	(current_user.ut.uid == vuser->server_info->utok.uid)) {
212	DEBUG(4,("change_to_user: Skipping user change - already "
213	"user\n"));
214	return(True);
215	}
216
217	snum = SNUM(conn);
218
219	server_info = vuser ? vuser->server_info : conn->server_info;
220
221	if (!check_user_ok(conn, vuid, server_info, snum)) {
222	DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
223	"not permitted access to share %s.\n",
224	server_info->sanitized_username,
225	server_info->unix_name, vuid,
226	lp_servicename(snum)));
227	return false;
228	}
229
230	/*
231	* conn->server_info is now correctly set up with a copy we can mess
232	* with for force_group etc.
233	*/
234
235	if (conn->force_user) /* security = share sets this too */ {
236	uid = conn->server_info->utok.uid;
237	gid = conn->server_info->utok.gid;
238	group_list = conn->server_info->utok.groups;
239	num_groups = conn->server_info->utok.ngroups;
240	} else if (vuser) {
241	uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
242	gid = conn->server_info->utok.gid;
243	num_groups = conn->server_info->utok.ngroups;
244	group_list = conn->server_info->utok.groups;
245	} else {
246	DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
247	"share %s.\n",vuid, lp_servicename(snum) ));
248	return False;
249	}
250
251	/*
252	* See if we should force group for this service.
253	* If so this overrides any group set in the force
254	* user code.
255	*/
256
257	if((group_c = *lp_force_group(snum))) {
258
259	if(group_c == '+') {
260
261	/*
262	* Only force group if the user is a member of
263	* the service group. Check the group memberships for
264	* this user (we already have this) to
265	* see if we should force the group.
266	*/
267
268	int i;
269	for (i = 0; i < num_groups; i++) {
270	if (group_list[i]
271	== conn->server_info->utok.gid) {
272	gid = conn->server_info->utok.gid;
273	gid_to_sid(&conn->server_info->ptok
274	->user_sids[1], gid);
275	break;
276	}
277	}
278	} else {
279	gid = conn->server_info->utok.gid;
280	gid_to_sid(&conn->server_info->ptok->user_sids[1],
281	gid);
282	}
283	}
284
285	/* Now set current_user since we will immediately also call
286	set_sec_ctx() */
287
288	current_user.ut.ngroups = num_groups;
289	current_user.ut.groups = group_list;
290
291	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
292	conn->server_info->ptok);
293
294	current_user.conn = conn;
295	current_user.vuid = vuid;
296
297	DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
298	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
299
300	return(True);
301	}
302
303	/****************************************************************************
304	Go back to being root without changing the security context stack,
305	but modify the current_user entries.
306	****************************************************************************/
307
308	bool change_to_root_user(void)
309	{
310	set_root_sec_ctx();
311
312	DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
313	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
314
315	current_user.conn = NULL;
316	current_user.vuid = UID_FIELD_INVALID;
317
318	return(True);
319	}
320
321	/****************************************************************************
322	Become the user of an authenticated connected named pipe.
323	When this is called we are currently running as the connection
324	user. Doesn't modify current_user.
325	****************************************************************************/
326
327	bool become_authenticated_pipe_user(pipes_struct *p)
328	{
329	if (!push_sec_ctx())
330	return False;
331
332	set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
333	p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
334	p->pipe_user.nt_user_token);
335
336	return True;
337	}
338
339	/****************************************************************************
340	Unbecome the user of an authenticated connected named pipe.
341	When this is called we are running as the authenticated pipe
342	user and need to go back to being the connection user. Doesn't modify
343	current_user.
344	****************************************************************************/
345
346	bool unbecome_authenticated_pipe_user(void)
347	{
348	return pop_sec_ctx();
349	}
350
351	/****************************************************************************
352	Utility functions used by become_xxx/unbecome_xxx.
353	****************************************************************************/
354
355	struct conn_ctx {
356	connection_struct *conn;
357	uint16 vuid;
358	};
359
360	/* A stack of current_user connection contexts. */
361
362	static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
363	static int conn_ctx_stack_ndx;
364
365	static void push_conn_ctx(void)
366	{
367	struct conn_ctx *ctx_p;
368
369	/* Check we don't overflow our stack */
370
371	if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
372	DEBUG(0, ("Connection context stack overflow!\n"));
373	smb_panic("Connection context stack overflow!\n");
374	}
375
376	/* Store previous user context */
377	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
378
379	ctx_p->conn = current_user.conn;
380	ctx_p->vuid = current_user.vuid;
381
382	DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
383	(unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
384
385	conn_ctx_stack_ndx++;
386	}
387
388	static void pop_conn_ctx(void)
389	{
390	struct conn_ctx *ctx_p;
391
392	/* Check for stack underflow. */
393
394	if (conn_ctx_stack_ndx == 0) {
395	DEBUG(0, ("Connection context stack underflow!\n"));
396	smb_panic("Connection context stack underflow!\n");
397	}
398
399	conn_ctx_stack_ndx--;
400	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
401
402	current_user.conn = ctx_p->conn;
403	current_user.vuid = ctx_p->vuid;
404
405	ctx_p->conn = NULL;
406	ctx_p->vuid = UID_FIELD_INVALID;
407	}
408
409	/****************************************************************************
410	Temporarily become a root user. Must match with unbecome_root(). Saves and
411	restores the connection context.
412	****************************************************************************/
413
414	void become_root(void)
415	{
416	/*
417	* no good way to handle push_sec_ctx() failing without changing
418	* the prototype of become_root()
419	*/
420	if (!push_sec_ctx()) {
421	smb_panic("become_root: push_sec_ctx failed");
422	}
423	push_conn_ctx();
424	set_root_sec_ctx();
425	}
426
427	/* Unbecome the root user */
428
429	void unbecome_root(void)
430	{
431	pop_sec_ctx();
432	pop_conn_ctx();
433	}
434
435	/****************************************************************************
436	Push the current security context then force a change via change_to_user().
437	Saves and restores the connection context.
438	****************************************************************************/
439
440	bool become_user(connection_struct *conn, uint16 vuid)
441	{
442	if (!push_sec_ctx())
443	return False;
444
445	push_conn_ctx();
446
447	if (!change_to_user(conn, vuid)) {
448	pop_sec_ctx();
449	pop_conn_ctx();
450	return False;
451	}
452
453	return True;
454	}
455
456	bool unbecome_user(void)
457	{
458	pop_sec_ctx();
459	pop_conn_ctx();
460	return True;
461	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: