Context Navigation

source: branches/samba-3.3.x/source/smbd/uid.c@ 222

Visit:

Last change on this file since 222 was 222, checked in by Herwig Bauernfeind, 16 years ago
Update Samba 3.3 branch to 3.3.2
File size: 12.8 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	uid/user handling
4	Copyright (C) Andrew Tridgell 1992-1998
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include "includes.h"
21
22	/* what user is current? */
23	extern struct current_user current_user;
24
25	/****************************************************************************
26	Become the guest user without changing the security context stack.
27	****************************************************************************/
28
29	bool change_to_guest(void)
30	{
31	static struct passwd *pass=NULL;
32
33	if (!pass) {
34	/* Don't need to free() this as its stored in a static */
35	pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
36	if (!pass)
37	return(False);
38	}
39
40	#ifdef AIX
41	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42	setting IDs */
43	initgroups(pass->pw_name, pass->pw_gid);
44	#endif
45
46	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
47
48	current_user.conn = NULL;
49	current_user.vuid = UID_FIELD_INVALID;
50
51	TALLOC_FREE(pass);
52	pass = NULL;
53
54	return True;
55	}
56
57	/*******************************************************************
58	Check if a username is OK.
59
60	This sets up conn->server_info with a copy related to this vuser that
61	later code can then mess with.
62	********************************************************************/
63
64	static bool check_user_ok(connection_struct *conn,
65	uint16_t vuid,
66	const struct auth_serversupplied_info *server_info,
67	int snum)
68	{
69	bool valid_vuid = (vuid != UID_FIELD_INVALID);
70	unsigned int i;
71	bool readonly_share;
72	bool admin_user;
73
74	if (valid_vuid) {
75	struct vuid_cache_entry *ent;
76
77	for (i=0; i<VUID_CACHE_SIZE; i++) {
78	ent = &conn->vuid_cache.array[i];
79	if (ent->vuid == vuid) {
80	conn->server_info = ent->server_info;
81	conn->read_only = ent->read_only;
82	conn->admin_user = ent->admin_user;
83	return(True);
84	}
85	}
86	}
87
88	if (!user_ok_token(server_info->unix_name,
89	pdb_get_domain(server_info->sam_account),
90	server_info->ptok, snum))
91	return(False);
92
93	readonly_share = is_share_read_only_for_token(
94	server_info->unix_name,
95	pdb_get_domain(server_info->sam_account),
96	server_info->ptok,
97	conn);
98
99	if (!readonly_share &&
100	!share_access_check(server_info->ptok, lp_servicename(snum),
101	FILE_WRITE_DATA)) {
102	/* smb.conf allows r/w, but the security descriptor denies
103	* write. Fall back to looking at readonly. */
104	readonly_share = True;
105	DEBUG(5,("falling back to read-only access-evaluation due to "
106	"security descriptor\n"));
107	}
108
109	if (!share_access_check(server_info->ptok, lp_servicename(snum),
110	readonly_share ?
111	FILE_READ_DATA : FILE_WRITE_DATA)) {
112	return False;
113	}
114
115	admin_user = token_contains_name_in_list(
116	server_info->unix_name,
117	pdb_get_domain(server_info->sam_account),
118	NULL, server_info->ptok, lp_admin_users(snum));
119
120	if (valid_vuid) {
121	struct vuid_cache_entry *ent =
122	&conn->vuid_cache.array[conn->vuid_cache.next_entry];
123
124	conn->vuid_cache.next_entry =
125	(conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
126
127	TALLOC_FREE(ent->server_info);
128
129	/*
130	* If force_user was set, all server_info's are based on the same
131	* username-based faked one.
132	*/
133
134	ent->server_info = copy_serverinfo(
135	conn, conn->force_user ? conn->server_info : server_info);
136
137	if (ent->server_info == NULL) {
138	ent->vuid = UID_FIELD_INVALID;
139	return false;
140	}
141
142	ent->vuid = vuid;
143	ent->read_only = readonly_share;
144	ent->admin_user = admin_user;
145	conn->server_info = ent->server_info;
146	}
147
148	conn->read_only = readonly_share;
149	conn->admin_user = admin_user;
150
151	return(True);
152	}
153
154	/****************************************************************************
155	Clear a vuid out of the connection's vuid cache
156	****************************************************************************/
157
158	void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
159	{
160	int i;
161
162	for (i=0; i<VUID_CACHE_SIZE; i++) {
163	struct vuid_cache_entry *ent;
164
165	ent = &conn->vuid_cache.array[i];
166
167	if (ent->vuid == vuid) {
168	ent->vuid = UID_FIELD_INVALID;
169	TALLOC_FREE(ent->server_info);
170	ent->read_only = False;
171	ent->admin_user = False;
172	}
173	}
174	}
175
176	/****************************************************************************
177	Become the user of a connection number without changing the security context
178	stack, but modify the current_user entries.
179	****************************************************************************/
180
181	bool change_to_user(connection_struct *conn, uint16 vuid)
182	{
183	const struct auth_serversupplied_info *server_info = NULL;
184	user_struct *vuser = get_valid_user_struct(vuid);
185	int snum;
186	gid_t gid;
187	uid_t uid;
188	char group_c;
189	int num_groups = 0;
190	gid_t *group_list = NULL;
191
192	if (!conn) {
193	DEBUG(2,("change_to_user: Connection not open\n"));
194	return(False);
195	}
196
197	/*
198	* We need a separate check in security=share mode due to vuid
199	* always being UID_FIELD_INVALID. If we don't do this then
200	* in share mode security we are always changing uid's between
201	* SMB's - this hurts performance - Badly.
202	*/
203
204	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
205	(current_user.ut.uid == conn->server_info->utok.uid)) {
206	DEBUG(4,("change_to_user: Skipping user change - already "
207	"user\n"));
208	return(True);
209	} else if ((current_user.conn == conn) &&
210	(vuser != NULL) && (current_user.vuid == vuid) &&
211	(current_user.ut.uid == vuser->server_info->utok.uid)) {
212	DEBUG(4,("change_to_user: Skipping user change - already "
213	"user\n"));
214	return(True);
215	}
216
217	snum = SNUM(conn);
218
219	server_info = vuser ? vuser->server_info : conn->server_info;
220
221	if (!check_user_ok(conn, vuid, server_info, snum)) {
222	DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
223	"not permitted access to share %s.\n",
224	server_info->sanitized_username,
225	server_info->unix_name, vuid,
226	lp_servicename(snum)));
227	return false;
228	}
229
230	/*
231	* conn->server_info is now correctly set up with a copy we can mess
232	* with for force_group etc.
233	*/
234
235	if (conn->force_user) /* security = share sets this too */ {
236	uid = conn->server_info->utok.uid;
237	gid = conn->server_info->utok.gid;
238	group_list = conn->server_info->utok.groups;
239	num_groups = conn->server_info->utok.ngroups;
240	} else if (vuser) {
241	uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
242	gid = conn->server_info->utok.gid;
243	num_groups = conn->server_info->utok.ngroups;
244	group_list = conn->server_info->utok.groups;
245	} else {
246	DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
247	"share %s.\n",vuid, lp_servicename(snum) ));
248	return False;
249	}
250
251	/*
252	* See if we should force group for this service.
253	* If so this overrides any group set in the force
254	* user code.
255	*/
256
257	if((group_c = *lp_force_group(snum))) {
258
259	SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
260
261	if(group_c == '+') {
262
263	/*
264	* Only force group if the user is a member of
265	* the service group. Check the group memberships for
266	* this user (we already have this) to
267	* see if we should force the group.
268	*/
269
270	int i;
271	for (i = 0; i < num_groups; i++) {
272	if (group_list[i]
273	== conn->force_group_gid) {
274	conn->server_info->utok.gid =
275	conn->force_group_gid;
276	gid = conn->force_group_gid;
277	gid_to_sid(&conn->server_info->ptok
278	->user_sids[1], gid);
279	break;
280	}
281	}
282	} else {
283	conn->server_info->utok.gid = conn->force_group_gid;
284	gid = conn->force_group_gid;
285	gid_to_sid(&conn->server_info->ptok->user_sids[1],
286	gid);
287	}
288	}
289
290	/* Now set current_user since we will immediately also call
291	set_sec_ctx() */
292
293	current_user.ut.ngroups = num_groups;
294	current_user.ut.groups = group_list;
295
296	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
297	conn->server_info->ptok);
298
299	current_user.conn = conn;
300	current_user.vuid = vuid;
301
302	DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
303	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
304
305	return(True);
306	}
307
308	/****************************************************************************
309	Go back to being root without changing the security context stack,
310	but modify the current_user entries.
311	****************************************************************************/
312
313	bool change_to_root_user(void)
314	{
315	set_root_sec_ctx();
316
317	DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
318	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
319
320	current_user.conn = NULL;
321	current_user.vuid = UID_FIELD_INVALID;
322
323	return(True);
324	}
325
326	/****************************************************************************
327	Become the user of an authenticated connected named pipe.
328	When this is called we are currently running as the connection
329	user. Doesn't modify current_user.
330	****************************************************************************/
331
332	bool become_authenticated_pipe_user(pipes_struct *p)
333	{
334	if (!push_sec_ctx())
335	return False;
336
337	set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
338	p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
339	p->pipe_user.nt_user_token);
340
341	return True;
342	}
343
344	/****************************************************************************
345	Unbecome the user of an authenticated connected named pipe.
346	When this is called we are running as the authenticated pipe
347	user and need to go back to being the connection user. Doesn't modify
348	current_user.
349	****************************************************************************/
350
351	bool unbecome_authenticated_pipe_user(void)
352	{
353	return pop_sec_ctx();
354	}
355
356	/****************************************************************************
357	Utility functions used by become_xxx/unbecome_xxx.
358	****************************************************************************/
359
360	struct conn_ctx {
361	connection_struct *conn;
362	uint16 vuid;
363	};
364
365	/* A stack of current_user connection contexts. */
366
367	static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
368	static int conn_ctx_stack_ndx;
369
370	static void push_conn_ctx(void)
371	{
372	struct conn_ctx *ctx_p;
373
374	/* Check we don't overflow our stack */
375
376	if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
377	DEBUG(0, ("Connection context stack overflow!\n"));
378	smb_panic("Connection context stack overflow!\n");
379	}
380
381	/* Store previous user context */
382	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
383
384	ctx_p->conn = current_user.conn;
385	ctx_p->vuid = current_user.vuid;
386
387	DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
388	(unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
389
390	conn_ctx_stack_ndx++;
391	}
392
393	static void pop_conn_ctx(void)
394	{
395	struct conn_ctx *ctx_p;
396
397	/* Check for stack underflow. */
398
399	if (conn_ctx_stack_ndx == 0) {
400	DEBUG(0, ("Connection context stack underflow!\n"));
401	smb_panic("Connection context stack underflow!\n");
402	}
403
404	conn_ctx_stack_ndx--;
405	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
406
407	current_user.conn = ctx_p->conn;
408	current_user.vuid = ctx_p->vuid;
409
410	ctx_p->conn = NULL;
411	ctx_p->vuid = UID_FIELD_INVALID;
412	}
413
414	/****************************************************************************
415	Temporarily become a root user. Must match with unbecome_root(). Saves and
416	restores the connection context.
417	****************************************************************************/
418
419	void become_root(void)
420	{
421	/*
422	* no good way to handle push_sec_ctx() failing without changing
423	* the prototype of become_root()
424	*/
425	if (!push_sec_ctx()) {
426	smb_panic("become_root: push_sec_ctx failed");
427	}
428	push_conn_ctx();
429	set_root_sec_ctx();
430	}
431
432	/* Unbecome the root user */
433
434	void unbecome_root(void)
435	{
436	pop_sec_ctx();
437	pop_conn_ctx();
438	}
439
440	/****************************************************************************
441	Push the current security context then force a change via change_to_user().
442	Saves and restores the connection context.
443	****************************************************************************/
444
445	bool become_user(connection_struct *conn, uint16 vuid)
446	{
447	if (!push_sec_ctx())
448	return False;
449
450	push_conn_ctx();
451
452	if (!change_to_user(conn, vuid)) {
453	pop_sec_ctx();
454	pop_conn_ctx();
455	return False;
456	}
457
458	return True;
459	}
460
461	bool unbecome_user(void)
462	{
463	pop_sec_ctx();
464	pop_conn_ctx();
465	return True;
466	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: