Context Navigation

source: branches/samba-3.3.x/source/smbd/uid.c@ 224

Visit:

Last change on this file since 224 was 224, checked in by Herwig Bauernfeind, 16 years ago
Update Samba 3.3 branch to 3.3.4
File size: 13.2 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	uid/user handling
4	Copyright (C) Andrew Tridgell 1992-1998
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include "includes.h"
21
22	/* what user is current? */
23	extern struct current_user current_user;
24
25	/****************************************************************************
26	Become the guest user without changing the security context stack.
27	****************************************************************************/
28
29	bool change_to_guest(void)
30	{
31	static struct passwd *pass=NULL;
32
33	if (!pass) {
34	/* Don't need to free() this as its stored in a static */
35	pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount());
36	if (!pass)
37	return(False);
38	}
39
40	#ifdef AIX
41	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
42	setting IDs */
43	initgroups(pass->pw_name, pass->pw_gid);
44	#endif
45
46	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
47
48	current_user.conn = NULL;
49	current_user.vuid = UID_FIELD_INVALID;
50
51	TALLOC_FREE(pass);
52	pass = NULL;
53
54	return True;
55	}
56
57	/*******************************************************************
58	Check if a username is OK.
59
60	This sets up conn->server_info with a copy related to this vuser that
61	later code can then mess with.
62	********************************************************************/
63
64	static bool check_user_ok(connection_struct *conn,
65	uint16_t vuid,
66	const struct auth_serversupplied_info *server_info,
67	int snum)
68	{
69	bool valid_vuid = (vuid != UID_FIELD_INVALID);
70	unsigned int i;
71	bool readonly_share;
72	bool admin_user;
73
74	if (valid_vuid) {
75	struct vuid_cache_entry *ent;
76
77	for (i=0; i<VUID_CACHE_SIZE; i++) {
78	ent = &conn->vuid_cache.array[i];
79	if (ent->vuid == vuid) {
80	conn->server_info = ent->server_info;
81	conn->read_only = ent->read_only;
82	conn->admin_user = ent->admin_user;
83	return(True);
84	}
85	}
86	}
87
88	if (!user_ok_token(server_info->unix_name,
89	pdb_get_domain(server_info->sam_account),
90	server_info->ptok, snum))
91	return(False);
92
93	readonly_share = is_share_read_only_for_token(
94	server_info->unix_name,
95	pdb_get_domain(server_info->sam_account),
96	server_info->ptok,
97	conn);
98
99	if (!readonly_share &&
100	!share_access_check(server_info->ptok, lp_servicename(snum),
101	FILE_WRITE_DATA)) {
102	/* smb.conf allows r/w, but the security descriptor denies
103	* write. Fall back to looking at readonly. */
104	readonly_share = True;
105	DEBUG(5,("falling back to read-only access-evaluation due to "
106	"security descriptor\n"));
107	}
108
109	if (!share_access_check(server_info->ptok, lp_servicename(snum),
110	readonly_share ?
111	FILE_READ_DATA : FILE_WRITE_DATA)) {
112	return False;
113	}
114
115	admin_user = token_contains_name_in_list(
116	server_info->unix_name,
117	pdb_get_domain(server_info->sam_account),
118	NULL, server_info->ptok, lp_admin_users(snum));
119
120	if (valid_vuid) {
121	struct vuid_cache_entry *ent =
122	&conn->vuid_cache.array[conn->vuid_cache.next_entry];
123
124	conn->vuid_cache.next_entry =
125	(conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
126
127	TALLOC_FREE(ent->server_info);
128
129	/*
130	* If force_user was set, all server_info's are based on the same
131	* username-based faked one.
132	*/
133
134	ent->server_info = copy_serverinfo(
135	conn, conn->force_user ? conn->server_info : server_info);
136
137	if (ent->server_info == NULL) {
138	ent->vuid = UID_FIELD_INVALID;
139	return false;
140	}
141
142	ent->vuid = vuid;
143	ent->read_only = readonly_share;
144	ent->admin_user = admin_user;
145	conn->server_info = ent->server_info;
146	}
147
148	conn->read_only = readonly_share;
149	conn->admin_user = admin_user;
150
151	return(True);
152	}
153
154	/****************************************************************************
155	Clear a vuid out of the connection's vuid cache
156	****************************************************************************/
157
158	void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
159	{
160	int i;
161
162	for (i=0; i<VUID_CACHE_SIZE; i++) {
163	struct vuid_cache_entry *ent;
164
165	ent = &conn->vuid_cache.array[i];
166
167	if (ent->vuid == vuid) {
168	ent->vuid = UID_FIELD_INVALID;
169	/* Ensure we're not freeing an active pointer. */
170	if (conn->server_info == ent->server_info) {
171	conn->server_info = NULL;
172	}
173	TALLOC_FREE(ent->server_info);
174	ent->read_only = False;
175	ent->admin_user = False;
176	}
177	}
178	}
179
180	/****************************************************************************
181	Become the user of a connection number without changing the security context
182	stack, but modify the current_user entries.
183	****************************************************************************/
184
185	bool change_to_user(connection_struct *conn, uint16 vuid)
186	{
187	const struct auth_serversupplied_info *server_info = NULL;
188	user_struct *vuser = get_valid_user_struct(vuid);
189	int snum;
190	gid_t gid;
191	uid_t uid;
192	char group_c;
193	int num_groups = 0;
194	gid_t *group_list = NULL;
195
196	if (!conn) {
197	DEBUG(2,("change_to_user: Connection not open\n"));
198	return(False);
199	}
200
201	/*
202	* We need a separate check in security=share mode due to vuid
203	* always being UID_FIELD_INVALID. If we don't do this then
204	* in share mode security we are always changing uid's between
205	* SMB's - this hurts performance - Badly.
206	*/
207
208	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
209	(current_user.ut.uid == conn->server_info->utok.uid)) {
210	DEBUG(4,("change_to_user: Skipping user change - already "
211	"user\n"));
212	return(True);
213	} else if ((current_user.conn == conn) &&
214	(vuser != NULL) && (current_user.vuid == vuid) &&
215	(current_user.ut.uid == vuser->server_info->utok.uid)) {
216	DEBUG(4,("change_to_user: Skipping user change - already "
217	"user\n"));
218	return(True);
219	}
220
221	snum = SNUM(conn);
222
223	server_info = vuser ? vuser->server_info : conn->server_info;
224
225	if (!server_info) {
226	/* Invalid vuid sent - even with security = share. */
227	DEBUG(2,("change_to_user: Invalid vuid %d used on "
228	"share %s.\n",vuid, lp_servicename(snum) ));
229	return false;
230	}
231
232	if (!check_user_ok(conn, vuid, server_info, snum)) {
233	DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
234	"not permitted access to share %s.\n",
235	server_info->sanitized_username,
236	server_info->unix_name, vuid,
237	lp_servicename(snum)));
238	return false;
239	}
240
241	/*
242	* conn->server_info is now correctly set up with a copy we can mess
243	* with for force_group etc.
244	*/
245
246	if (conn->force_user) /* security = share sets this too */ {
247	uid = conn->server_info->utok.uid;
248	gid = conn->server_info->utok.gid;
249	group_list = conn->server_info->utok.groups;
250	num_groups = conn->server_info->utok.ngroups;
251	} else if (vuser) {
252	uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
253	gid = conn->server_info->utok.gid;
254	num_groups = conn->server_info->utok.ngroups;
255	group_list = conn->server_info->utok.groups;
256	} else {
257	DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
258	"share %s.\n",vuid, lp_servicename(snum) ));
259	return False;
260	}
261
262	/*
263	* See if we should force group for this service.
264	* If so this overrides any group set in the force
265	* user code.
266	*/
267
268	if((group_c = *lp_force_group(snum))) {
269
270	SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
271
272	if(group_c == '+') {
273
274	/*
275	* Only force group if the user is a member of
276	* the service group. Check the group memberships for
277	* this user (we already have this) to
278	* see if we should force the group.
279	*/
280
281	int i;
282	for (i = 0; i < num_groups; i++) {
283	if (group_list[i]
284	== conn->force_group_gid) {
285	conn->server_info->utok.gid =
286	conn->force_group_gid;
287	gid = conn->force_group_gid;
288	gid_to_sid(&conn->server_info->ptok
289	->user_sids[1], gid);
290	break;
291	}
292	}
293	} else {
294	conn->server_info->utok.gid = conn->force_group_gid;
295	gid = conn->force_group_gid;
296	gid_to_sid(&conn->server_info->ptok->user_sids[1],
297	gid);
298	}
299	}
300
301	/* Now set current_user since we will immediately also call
302	set_sec_ctx() */
303
304	current_user.ut.ngroups = num_groups;
305	current_user.ut.groups = group_list;
306
307	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
308	conn->server_info->ptok);
309
310	current_user.conn = conn;
311	current_user.vuid = vuid;
312
313	DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
314	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
315
316	return(True);
317	}
318
319	/****************************************************************************
320	Go back to being root without changing the security context stack,
321	but modify the current_user entries.
322	****************************************************************************/
323
324	bool change_to_root_user(void)
325	{
326	set_root_sec_ctx();
327
328	DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
329	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
330
331	current_user.conn = NULL;
332	current_user.vuid = UID_FIELD_INVALID;
333
334	return(True);
335	}
336
337	/****************************************************************************
338	Become the user of an authenticated connected named pipe.
339	When this is called we are currently running as the connection
340	user. Doesn't modify current_user.
341	****************************************************************************/
342
343	bool become_authenticated_pipe_user(pipes_struct *p)
344	{
345	if (!push_sec_ctx())
346	return False;
347
348	set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
349	p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
350	p->pipe_user.nt_user_token);
351
352	return True;
353	}
354
355	/****************************************************************************
356	Unbecome the user of an authenticated connected named pipe.
357	When this is called we are running as the authenticated pipe
358	user and need to go back to being the connection user. Doesn't modify
359	current_user.
360	****************************************************************************/
361
362	bool unbecome_authenticated_pipe_user(void)
363	{
364	return pop_sec_ctx();
365	}
366
367	/****************************************************************************
368	Utility functions used by become_xxx/unbecome_xxx.
369	****************************************************************************/
370
371	struct conn_ctx {
372	connection_struct *conn;
373	uint16 vuid;
374	};
375
376	/* A stack of current_user connection contexts. */
377
378	static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
379	static int conn_ctx_stack_ndx;
380
381	static void push_conn_ctx(void)
382	{
383	struct conn_ctx *ctx_p;
384
385	/* Check we don't overflow our stack */
386
387	if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
388	DEBUG(0, ("Connection context stack overflow!\n"));
389	smb_panic("Connection context stack overflow!\n");
390	}
391
392	/* Store previous user context */
393	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
394
395	ctx_p->conn = current_user.conn;
396	ctx_p->vuid = current_user.vuid;
397
398	DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
399	(unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
400
401	conn_ctx_stack_ndx++;
402	}
403
404	static void pop_conn_ctx(void)
405	{
406	struct conn_ctx *ctx_p;
407
408	/* Check for stack underflow. */
409
410	if (conn_ctx_stack_ndx == 0) {
411	DEBUG(0, ("Connection context stack underflow!\n"));
412	smb_panic("Connection context stack underflow!\n");
413	}
414
415	conn_ctx_stack_ndx--;
416	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
417
418	current_user.conn = ctx_p->conn;
419	current_user.vuid = ctx_p->vuid;
420
421	ctx_p->conn = NULL;
422	ctx_p->vuid = UID_FIELD_INVALID;
423	}
424
425	/****************************************************************************
426	Temporarily become a root user. Must match with unbecome_root(). Saves and
427	restores the connection context.
428	****************************************************************************/
429
430	void become_root(void)
431	{
432	/*
433	* no good way to handle push_sec_ctx() failing without changing
434	* the prototype of become_root()
435	*/
436	if (!push_sec_ctx()) {
437	smb_panic("become_root: push_sec_ctx failed");
438	}
439	push_conn_ctx();
440	set_root_sec_ctx();
441	}
442
443	/* Unbecome the root user */
444
445	void unbecome_root(void)
446	{
447	pop_sec_ctx();
448	pop_conn_ctx();
449	}
450
451	/****************************************************************************
452	Push the current security context then force a change via change_to_user().
453	Saves and restores the connection context.
454	****************************************************************************/
455
456	bool become_user(connection_struct *conn, uint16 vuid)
457	{
458	if (!push_sec_ctx())
459	return False;
460
461	push_conn_ctx();
462
463	if (!change_to_user(conn, vuid)) {
464	pop_sec_ctx();
465	pop_conn_ctx();
466	return False;
467	}
468
469	return True;
470	}
471
472	bool unbecome_user(void)
473	{
474	pop_sec_ctx();
475	pop_conn_ctx();
476	return True;
477	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: