source: trunk/samba-3.0.25pre1/source/smbd/uid.c@ 5

Last change on this file since 5 was 1, checked in by Paul Smedley, 18 years ago

Initial code import
File size: 11.1 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19*/
20
21#include "includes.h"
22
23/* what user is current? */
24extern struct current_user current_user;
25
26/****************************************************************************
27 Iterator functions for getting all gid's from current_user.
28****************************************************************************/
29
30gid_t get_current_user_gid_first(int *piterator)
31{
32 *piterator = 0;
33 return current_user.ut.gid;
34}
35
36gid_t get_current_user_gid_next(int *piterator)
37{
38 gid_t ret;
39
40 if (!current_user.ut.groups || *piterator >= current_user.ut.ngroups) {
41 return (gid_t)-1;
42 }
43
44 ret = current_user.ut.groups[*piterator];
45 (*piterator) += 1;
46 return ret;
47}
48
49/****************************************************************************
50 Become the guest user without changing the security context stack.
51****************************************************************************/
52
53BOOL change_to_guest(void)
54{
55 static struct passwd *pass=NULL;
56
57 if (!pass) {
58 /* Don't need to free() this as its stored in a static */
59 pass = getpwnam_alloc(NULL, lp_guestaccount());
60 if (!pass)
61 return(False);
62 }
63
64#ifdef AIX
65 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
66 setting IDs */
67 initgroups(pass->pw_name, pass->pw_gid);
68#endif
69
70 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
71
72 current_user.conn = NULL;
73 current_user.vuid = UID_FIELD_INVALID;
74
75 TALLOC_FREE(pass);
76 pass = NULL;
77
78 return True;
79}
80
81/*******************************************************************
82 Check if a username is OK.
83********************************************************************/
84
85static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
86{
87 unsigned int i;
88 struct vuid_cache_entry *ent = NULL;
89 BOOL readonly_share;
90 NT_USER_TOKEN *token;
91
92 for (i=0;i<conn->vuid_cache.entries && i< VUID_CACHE_SIZE;i++) {
93 if (conn->vuid_cache.array[i].vuid == vuser->vuid) {
94 ent = &conn->vuid_cache.array[i];
95 conn->read_only = ent->read_only;
96 conn->admin_user = ent->admin_user;
97 return(True);
98 }
99 }
100
101 if (!user_ok_token(vuser->user.unix_name, vuser->nt_user_token, snum))
102 return(False);
103
104 readonly_share = is_share_read_only_for_token(vuser->user.unix_name,
105 vuser->nt_user_token,
106 SNUM(conn));
107
108 token = conn->nt_user_token ?
109 conn->nt_user_token : vuser->nt_user_token;
110
111 if (!readonly_share &&
112 !share_access_check(token, lp_servicename(snum),
113 FILE_WRITE_DATA)) {
114 /* smb.conf allows r/w, but the security descriptor denies
115 * write. Fall back to looking at readonly. */
116 readonly_share = True;
117 DEBUG(5,("falling back to read-only access-evaluation due to "
118 "security descriptor\n"));
119 }
120
121 if (!share_access_check(token, lp_servicename(snum),
122 readonly_share ?
123 FILE_READ_DATA : FILE_WRITE_DATA)) {
124 return False;
125 }
126
127 i = conn->vuid_cache.entries % VUID_CACHE_SIZE;
128 if (conn->vuid_cache.entries < VUID_CACHE_SIZE)
129 conn->vuid_cache.entries++;
130
131 ent = &conn->vuid_cache.array[i];
132 ent->vuid = vuser->vuid;
133 ent->read_only = readonly_share;
134
135 ent->admin_user = token_contains_name_in_list(
136 vuser->user.unix_name, NULL, vuser->nt_user_token,
137 lp_admin_users(SNUM(conn)));
138
139 conn->read_only = ent->read_only;
140 conn->admin_user = ent->admin_user;
141
142 return(True);
143}
144
145/****************************************************************************
146 Become the user of a connection number without changing the security context
147 stack, but modify the current_user entries.
148****************************************************************************/
149
150BOOL change_to_user(connection_struct *conn, uint16 vuid)
151{
152 user_struct *vuser = get_valid_user_struct(vuid);
153 int snum;
154 gid_t gid;
155 uid_t uid;
156 char group_c;
157 BOOL must_free_token = False;
158 NT_USER_TOKEN *token = NULL;
159
160 if (!conn) {
161 DEBUG(2,("change_to_user: Connection not open\n"));
162 return(False);
163 }
164
165 /*
166 * We need a separate check in security=share mode due to vuid
167 * always being UID_FIELD_INVALID. If we don't do this then
168 * in share mode security we are *always* changing uid's between
169 * SMB's - this hurts performance - Badly.
170 */
171
172 if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
173 (current_user.ut.uid == conn->uid)) {
174 DEBUG(4,("change_to_user: Skipping user change - already "
175 "user\n"));
176 return(True);
177 } else if ((current_user.conn == conn) &&
178 (vuser != 0) && (current_user.vuid == vuid) &&
179 (current_user.ut.uid == vuser->uid)) {
180 DEBUG(4,("change_to_user: Skipping user change - already "
181 "user\n"));
182 return(True);
183 }
184
185 snum = SNUM(conn);
186
187 if ((vuser) && !check_user_ok(conn, vuser, snum)) {
188 DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
189 "not permitted access to share %s.\n",
190 vuser->user.smb_name, vuser->user.unix_name, vuid,
191 lp_servicename(snum)));
192 return False;
193 }
194
195 if (conn->force_user) /* security = share sets this too */ {
196 uid = conn->uid;
197 gid = conn->gid;
198 current_user.ut.groups = conn->groups;
199 current_user.ut.ngroups = conn->ngroups;
200 token = conn->nt_user_token;
201 } else if (vuser) {
202 uid = conn->admin_user ? 0 : vuser->uid;
203 gid = vuser->gid;
204 current_user.ut.ngroups = vuser->n_groups;
205 current_user.ut.groups = vuser->groups;
206 token = vuser->nt_user_token;
207 } else {
208 DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
209 "share %s.\n",vuid, lp_servicename(snum) ));
210 return False;
211 }
212
213 /*
214 * See if we should force group for this service.
215 * If so this overrides any group set in the force
216 * user code.
217 */
218
219 if((group_c = *lp_force_group(snum))) {
220
221 token = dup_nt_token(NULL, token);
222 if (token == NULL) {
223 DEBUG(0, ("dup_nt_token failed\n"));
224 return False;
225 }
226 must_free_token = True;
227
228 if(group_c == '+') {
229
230 /*
231 * Only force group if the user is a member of
232 * the service group. Check the group memberships for
233 * this user (we already have this) to
234 * see if we should force the group.
235 */
236
237 int i;
238 for (i = 0; i < current_user.ut.ngroups; i++) {
239 if (current_user.ut.groups[i] == conn->gid) {
240 gid = conn->gid;
241 gid_to_sid(&token->user_sids[1], gid);
242 break;
243 }
244 }
245 } else {
246 gid = conn->gid;
247 gid_to_sid(&token->user_sids[1], gid);
248 }
249 }
250
251 set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
252 token);
253
254 /*
255 * Free the new token (as set_sec_ctx copies it).
256 */
257
258 if (must_free_token)
259 TALLOC_FREE(token);
260
261 current_user.conn = conn;
262 current_user.vuid = vuid;
263
264 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n",
265 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
266
267 return(True);
268}
269
270/****************************************************************************
271 Go back to being root without changing the security context stack,
272 but modify the current_user entries.
273****************************************************************************/
274
275BOOL change_to_root_user(void)
276{
277 set_root_sec_ctx();
278
279 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
280 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
281
282 current_user.conn = NULL;
283 current_user.vuid = UID_FIELD_INVALID;
284
285 return(True);
286}
287
288/****************************************************************************
289 Become the user of an authenticated connected named pipe.
290 When this is called we are currently running as the connection
291 user. Doesn't modify current_user.
292****************************************************************************/
293
294BOOL become_authenticated_pipe_user(pipes_struct *p)
295{
296 if (!push_sec_ctx())
297 return False;
298
299 set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid,
300 p->pipe_user.ut.ngroups, p->pipe_user.ut.groups,
301 p->pipe_user.nt_user_token);
302
303 return True;
304}
305
306/****************************************************************************
307 Unbecome the user of an authenticated connected named pipe.
308 When this is called we are running as the authenticated pipe
309 user and need to go back to being the connection user. Doesn't modify
310 current_user.
311****************************************************************************/
312
313BOOL unbecome_authenticated_pipe_user(void)
314{
315 return pop_sec_ctx();
316}
317
318/****************************************************************************
319 Utility functions used by become_xxx/unbecome_xxx.
320****************************************************************************/
321
322struct conn_ctx {
323 connection_struct *conn;
324 uint16 vuid;
325};
326
327/* A stack of current_user connection contexts. */
328
329static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH];
330static int conn_ctx_stack_ndx;
331
332static void push_conn_ctx(void)
333{
334 struct conn_ctx *ctx_p;
335
336 /* Check we don't overflow our stack */
337
338 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
339 DEBUG(0, ("Connection context stack overflow!\n"));
340 smb_panic("Connection context stack overflow!\n");
341 }
342
343 /* Store previous user context */
344 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
345
346 ctx_p->conn = current_user.conn;
347 ctx_p->vuid = current_user.vuid;
348
349 DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
350 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
351
352 conn_ctx_stack_ndx++;
353}
354
355static void pop_conn_ctx(void)
356{
357 struct conn_ctx *ctx_p;
358
359 /* Check for stack underflow. */
360
361 if (conn_ctx_stack_ndx == 0) {
362 DEBUG(0, ("Connection context stack underflow!\n"));
363 smb_panic("Connection context stack underflow!\n");
364 }
365
366 conn_ctx_stack_ndx--;
367 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
368
369 current_user.conn = ctx_p->conn;
370 current_user.vuid = ctx_p->vuid;
371
372 ctx_p->conn = NULL;
373 ctx_p->vuid = UID_FIELD_INVALID;
374}
375
376/****************************************************************************
377 Temporarily become a root user. Must match with unbecome_root(). Saves and
378 restores the connection context.
379****************************************************************************/
380
381void become_root(void)
382{
383 push_sec_ctx();
384 push_conn_ctx();
385 set_root_sec_ctx();
386}
387
388/* Unbecome the root user */
389
390void unbecome_root(void)
391{
392 pop_sec_ctx();
393 pop_conn_ctx();
394}
395
396/****************************************************************************
397 Push the current security context then force a change via change_to_user().
398 Saves and restores the connection context.
399****************************************************************************/
400
401BOOL become_user(connection_struct *conn, uint16 vuid)
402{
403 if (!push_sec_ctx())
404 return False;
405
406 push_conn_ctx();
407
408 if (!change_to_user(conn, vuid)) {
409 pop_sec_ctx();
410 pop_conn_ctx();
411 return False;
412 }
413
414 return True;
415}
416
417BOOL unbecome_user(void)
418{
419 pop_sec_ctx();
420 pop_conn_ctx();
421 return True;
422}
Note: See TracBrowser for help on using the repository browser.