Context Navigation

← Previous Revision
Next Revision →
Normal
Revision Log

uid.c

Visit:

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 16.8 KB

Rev	Line
[596]	1	/*
	2	Unix SMB/CIFS implementation.
	3	uid/user handling
	4	Copyright (C) Andrew Tridgell 1992-1998
	5
	6	This program is free software; you can redistribute it and/or modify
	7	it under the terms of the GNU General Public License as published by
	8	the Free Software Foundation; either version 3 of the License, or
	9	(at your option) any later version.
	10
	11	This program is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	GNU General Public License for more details.
	15
	16	You should have received a copy of the GNU General Public License
	17	along with this program. If not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	#include "includes.h"
[745]	21	#include "system/passwd.h"
	22	#include "smbd/smbd.h"
[596]	23	#include "smbd/globals.h"
[745]	24	#include "../librpc/gen_ndr/netlogon.h"
	25	#include "libcli/security/security.h"
	26	#include "passdb/lookup_sid.h"
	27	#include "auth.h"
[596]	28
	29	/* what user is current? */
	30	extern struct current_user current_user;
	31
	32	/****************************************************************************
	33	Become the guest user without changing the security context stack.
	34	****************************************************************************/
	35
	36	bool change_to_guest(void)
	37	{
	38	struct passwd *pass;
	39
[745]	40	pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
[596]	41	if (!pass) {
	42	return false;
	43	}
	44
	45	#ifdef AIX
	46	/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
	47	setting IDs */
	48	initgroups(pass->pw_name, pass->pw_gid);
	49	#endif
	50
	51	set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
	52
	53	current_user.conn = NULL;
	54	current_user.vuid = UID_FIELD_INVALID;
	55
	56	TALLOC_FREE(pass);
	57
	58	return true;
	59	}
	60
	61	/****************************************************************************
[745]	62	talloc free the conn->session_info if not used in the vuid cache.
[596]	63	****************************************************************************/
	64
[745]	65	static void free_conn_session_info_if_unused(connection_struct *conn)
[596]	66	{
	67	unsigned int i;
	68
	69	for (i = 0; i < VUID_CACHE_SIZE; i++) {
	70	struct vuid_cache_entry *ent;
	71	ent = &conn->vuid_cache.array[i];
	72	if (ent->vuid != UID_FIELD_INVALID &&
[745]	73	conn->session_info == ent->session_info) {
[596]	74	return;
	75	}
	76	}
	77	/* Not used, safe to free. */
[745]	78	TALLOC_FREE(conn->session_info);
[596]	79	}
	80
	81	/*******************************************************************
	82	Check if a username is OK.
	83
[745]	84	This sets up conn->session_info with a copy related to this vuser that
[596]	85	later code can then mess with.
	86	********************************************************************/
	87
	88	static bool check_user_ok(connection_struct *conn,
	89	uint16_t vuid,
[745]	90	const struct auth_serversupplied_info *session_info,
[596]	91	int snum)
	92	{
	93	bool valid_vuid = (vuid != UID_FIELD_INVALID);
	94	unsigned int i;
	95	bool readonly_share;
	96	bool admin_user;
	97
	98	if (valid_vuid) {
	99	struct vuid_cache_entry *ent;
	100
	101	for (i=0; i<VUID_CACHE_SIZE; i++) {
	102	ent = &conn->vuid_cache.array[i];
	103	if (ent->vuid == vuid) {
[745]	104	free_conn_session_info_if_unused(conn);
	105	conn->session_info = ent->session_info;
[596]	106	conn->read_only = ent->read_only;
	107	return(True);
	108	}
	109	}
	110	}
	111
[745]	112	if (!user_ok_token(session_info->unix_name,
	113	session_info->info3->base.domain.string,
	114	session_info->security_token, snum))
[596]	115	return(False);
	116
	117	readonly_share = is_share_read_only_for_token(
[745]	118	session_info->unix_name,
	119	session_info->info3->base.domain.string,
	120	session_info->security_token,
[596]	121	conn);
	122
	123	if (!readonly_share &&
[745]	124	!share_access_check(session_info->security_token,
	125	lp_servicename(snum), FILE_WRITE_DATA,
	126	NULL)) {
[596]	127	/* smb.conf allows r/w, but the security descriptor denies
	128	* write. Fall back to looking at readonly. */
	129	readonly_share = True;
	130	DEBUG(5,("falling back to read-only access-evaluation due to "
	131	"security descriptor\n"));
	132	}
	133
[745]	134	if (!share_access_check(session_info->security_token,
	135	lp_servicename(snum),
[596]	136	readonly_share ?
[745]	137	FILE_READ_DATA : FILE_WRITE_DATA,
	138	NULL)) {
[596]	139	return False;
	140	}
	141
	142	admin_user = token_contains_name_in_list(
[745]	143	session_info->unix_name,
	144	session_info->info3->base.domain.string,
	145	NULL, session_info->security_token, lp_admin_users(snum));
[596]	146
	147	if (valid_vuid) {
	148	struct vuid_cache_entry *ent =
	149	&conn->vuid_cache.array[conn->vuid_cache.next_entry];
	150
	151	conn->vuid_cache.next_entry =
	152	(conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
	153
[745]	154	TALLOC_FREE(ent->session_info);
[596]	155
	156	/*
[745]	157	* If force_user was set, all session_info's are based on the same
[596]	158	* username-based faked one.
	159	*/
	160
[745]	161	ent->session_info = copy_serverinfo(
	162	conn, conn->force_user ? conn->session_info : session_info);
[596]	163
[745]	164	if (ent->session_info == NULL) {
[596]	165	ent->vuid = UID_FIELD_INVALID;
	166	return false;
	167	}
	168
	169	ent->vuid = vuid;
	170	ent->read_only = readonly_share;
[745]	171	free_conn_session_info_if_unused(conn);
	172	conn->session_info = ent->session_info;
[596]	173	}
	174
	175	conn->read_only = readonly_share;
[745]	176	if (admin_user) {
	177	DEBUG(2,("check_user_ok: user %s is an admin user. "
	178	"Setting uid as %d\n",
	179	conn->session_info->unix_name,
	180	sec_initial_uid() ));
	181	conn->session_info->utok.uid = sec_initial_uid();
	182	}
[596]	183
	184	return(True);
	185	}
	186
	187	/****************************************************************************
	188	Clear a vuid out of the connection's vuid cache
	189	This is only called on SMBulogoff.
	190	****************************************************************************/
	191
	192	void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
	193	{
	194	int i;
	195
	196	for (i=0; i<VUID_CACHE_SIZE; i++) {
	197	struct vuid_cache_entry *ent;
	198
	199	ent = &conn->vuid_cache.array[i];
	200
	201	if (ent->vuid == vuid) {
	202	ent->vuid = UID_FIELD_INVALID;
	203	/*
[745]	204	* We need to keep conn->session_info around
	205	* if it's equal to ent->session_info as a SMBulogoff
[596]	206	* is often followed by a SMBtdis (with an invalid
	207	* vuid). The debug code (or regular code in
	208	* vfs_full_audit) wants to refer to the
[745]	209	* conn->session_info pointer to print debug
[596]	210	* statements. Theoretically this is a bug,
[745]	211	* as once the vuid is gone the session_info
[596]	212	* on the conn struct isn't valid any more,
	213	* but there's enough code that assumes
[745]	214	* conn->session_info is never null that
[596]	215	* it's easier to hold onto the old pointer
	216	* until we get a new sessionsetupX.
	217	* As everything is hung off the
	218	* conn pointer as a talloc context we're not
	219	* leaking memory here. See bug #6315. JRA.
	220	*/
[745]	221	if (conn->session_info == ent->session_info) {
	222	ent->session_info = NULL;
[596]	223	} else {
[745]	224	TALLOC_FREE(ent->session_info);
[596]	225	}
	226	ent->read_only = False;
	227	}
	228	}
	229	}
	230
	231	/****************************************************************************
	232	Become the user of a connection number without changing the security context
	233	stack, but modify the current_user entries.
	234	****************************************************************************/
	235
[745]	236	static bool change_to_user_internal(connection_struct *conn,
	237	const struct auth_serversupplied_info *session_info,
	238	uint16_t vuid)
[596]	239	{
	240	int snum;
	241	gid_t gid;
	242	uid_t uid;
	243	char group_c;
	244	int num_groups = 0;
	245	gid_t *group_list = NULL;
[745]	246	bool ok;
[596]	247
	248	snum = SNUM(conn);
	249
[745]	250	ok = check_user_ok(conn, vuid, session_info, snum);
	251	if (!ok) {
	252	DEBUG(2,("SMB user %s (unix user %s) "
[596]	253	"not permitted access to share %s.\n",
[745]	254	session_info->sanitized_username,
	255	session_info->unix_name,
[596]	256	lp_servicename(snum)));
	257	return false;
	258	}
	259
[745]	260	uid = conn->session_info->utok.uid;
	261	gid = conn->session_info->utok.gid;
	262	num_groups = conn->session_info->utok.ngroups;
	263	group_list = conn->session_info->utok.groups;
[596]	264
	265	/*
[745]	266	* See if we should force group for this service. If so this overrides
	267	* any group set in the force user code.
[596]	268	*/
	269	if((group_c = *lp_force_group(snum))) {
	270
	271	SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
	272
[745]	273	if (group_c == '+') {
	274	int i;
[596]	275
	276	/*
[745]	277	* Only force group if the user is a member of the
	278	* service group. Check the group memberships for this
	279	* user (we already have this) to see if we should force
	280	* the group.
[596]	281	*/
	282	for (i = 0; i < num_groups; i++) {
[745]	283	if (group_list[i] == conn->force_group_gid) {
	284	conn->session_info->utok.gid =
[596]	285	conn->force_group_gid;
	286	gid = conn->force_group_gid;
[745]	287	gid_to_sid(&conn->session_info->security_token
	288	->sids[1], gid);
[596]	289	break;
	290	}
	291	}
	292	} else {
[745]	293	conn->session_info->utok.gid = conn->force_group_gid;
[596]	294	gid = conn->force_group_gid;
[745]	295	gid_to_sid(&conn->session_info->security_token->sids[1],
[596]	296	gid);
	297	}
	298	}
	299
[745]	300	/Set current_user since we will immediately also call set_sec_ctx() /
[596]	301	current_user.ut.ngroups = num_groups;
[745]	302	current_user.ut.groups = group_list;
[596]	303
[745]	304	set_sec_ctx(uid,
	305	gid,
	306	current_user.ut.ngroups,
	307	current_user.ut.groups,
	308	conn->session_info->security_token);
[596]	309
	310	current_user.conn = conn;
	311	current_user.vuid = vuid;
	312
[745]	313	DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
	314	(int)getuid(),
	315	(int)geteuid(),
	316	(int)getgid(),
	317	(int)getegid()));
[596]	318
[745]	319	return true;
[596]	320	}
	321
[745]	322	bool change_to_user(connection_struct *conn, uint16_t vuid)
	323	{
	324	const struct auth_serversupplied_info *session_info = NULL;
	325	user_struct *vuser;
	326	int snum = SNUM(conn);
	327
	328	if (!conn) {
	329	DEBUG(2,("Connection not open\n"));
	330	return(False);
	331	}
	332
	333	vuser = get_valid_user_struct(conn->sconn, vuid);
	334
	335	/*
	336	* We need a separate check in security=share mode due to vuid
	337	* always being UID_FIELD_INVALID. If we don't do this then
	338	* in share mode security we are always changing uid's between
	339	* SMB's - this hurts performance - Badly.
	340	*/
	341
	342	if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
	343	(current_user.ut.uid == conn->session_info->utok.uid)) {
	344	DEBUG(4,("Skipping user change - already "
	345	"user\n"));
	346	return(True);
	347	} else if ((current_user.conn == conn) &&
	348	(vuser != NULL) && (current_user.vuid == vuid) &&
	349	(current_user.ut.uid == vuser->session_info->utok.uid)) {
	350	DEBUG(4,("Skipping user change - already "
	351	"user\n"));
	352	return(True);
	353	}
	354
	355	session_info = vuser ? vuser->session_info : conn->session_info;
	356
	357	if (session_info == NULL) {
	358	/* Invalid vuid sent - even with security = share. */
	359	DEBUG(2,("Invalid vuid %d used on "
	360	"share %s.\n", vuid, lp_servicename(snum) ));
	361	return false;
	362	}
	363
	364	/* security = share sets force_user. */
	365	if (!conn->force_user && vuser == NULL) {
	366	DEBUG(2,("Invalid vuid used %d in accessing "
	367	"share %s.\n", vuid, lp_servicename(snum) ));
	368	return False;
	369	}
	370
	371	return change_to_user_internal(conn, session_info, vuid);
	372	}
	373
	374	bool change_to_user_by_session(connection_struct *conn,
	375	const struct auth_serversupplied_info *session_info)
	376	{
	377	SMB_ASSERT(conn != NULL);
	378	SMB_ASSERT(session_info != NULL);
	379
	380	if ((current_user.conn == conn) &&
	381	(current_user.ut.uid == session_info->utok.uid)) {
	382	DEBUG(7, ("Skipping user change - already user\n"));
	383
	384	return true;
	385	}
	386
	387	return change_to_user_internal(conn, session_info, UID_FIELD_INVALID);
	388	}
	389
[596]	390	/****************************************************************************
	391	Go back to being root without changing the security context stack,
	392	but modify the current_user entries.
	393	****************************************************************************/
	394
	395	bool change_to_root_user(void)
	396	{
	397	set_root_sec_ctx();
	398
	399	DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
	400	(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
	401
	402	current_user.conn = NULL;
	403	current_user.vuid = UID_FIELD_INVALID;
	404
	405	return(True);
	406	}
	407
	408	/****************************************************************************
	409	Become the user of an authenticated connected named pipe.
	410	When this is called we are currently running as the connection
	411	user. Doesn't modify current_user.
	412	****************************************************************************/
	413
[745]	414	bool become_authenticated_pipe_user(struct auth_serversupplied_info *session_info)
[596]	415	{
	416	if (!push_sec_ctx())
	417	return False;
	418
[745]	419	set_sec_ctx(session_info->utok.uid, session_info->utok.gid,
	420	session_info->utok.ngroups, session_info->utok.groups,
	421	session_info->security_token);
[596]	422
	423	return True;
	424	}
	425
	426	/****************************************************************************
	427	Unbecome the user of an authenticated connected named pipe.
	428	When this is called we are running as the authenticated pipe
	429	user and need to go back to being the connection user. Doesn't modify
	430	current_user.
	431	****************************************************************************/
	432
	433	bool unbecome_authenticated_pipe_user(void)
	434	{
	435	return pop_sec_ctx();
	436	}
	437
	438	/****************************************************************************
	439	Utility functions used by become_xxx/unbecome_xxx.
	440	****************************************************************************/
	441
	442	static void push_conn_ctx(void)
	443	{
	444	struct conn_ctx *ctx_p;
	445
	446	/* Check we don't overflow our stack */
	447
	448	if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
	449	DEBUG(0, ("Connection context stack overflow!\n"));
	450	smb_panic("Connection context stack overflow!\n");
	451	}
	452
	453	/* Store previous user context */
	454	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
	455
	456	ctx_p->conn = current_user.conn;
	457	ctx_p->vuid = current_user.vuid;
	458
[745]	459	DEBUG(4, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
[596]	460	(unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
	461
	462	conn_ctx_stack_ndx++;
	463	}
	464
	465	static void pop_conn_ctx(void)
	466	{
	467	struct conn_ctx *ctx_p;
	468
	469	/* Check for stack underflow. */
	470
	471	if (conn_ctx_stack_ndx == 0) {
	472	DEBUG(0, ("Connection context stack underflow!\n"));
	473	smb_panic("Connection context stack underflow!\n");
	474	}
	475
	476	conn_ctx_stack_ndx--;
	477	ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
	478
	479	current_user.conn = ctx_p->conn;
	480	current_user.vuid = ctx_p->vuid;
	481
	482	ctx_p->conn = NULL;
	483	ctx_p->vuid = UID_FIELD_INVALID;
	484	}
	485
	486	/****************************************************************************
	487	Temporarily become a root user. Must match with unbecome_root(). Saves and
	488	restores the connection context.
	489	****************************************************************************/
	490
	491	void become_root(void)
	492	{
	493	/*
	494	* no good way to handle push_sec_ctx() failing without changing
	495	* the prototype of become_root()
	496	*/
	497	if (!push_sec_ctx()) {
	498	smb_panic("become_root: push_sec_ctx failed");
	499	}
	500	push_conn_ctx();
	501	set_root_sec_ctx();
	502	}
	503
	504	/* Unbecome the root user */
	505
	506	void unbecome_root(void)
	507	{
	508	pop_sec_ctx();
	509	pop_conn_ctx();
	510	}
	511
	512	/****************************************************************************
	513	Push the current security context then force a change via change_to_user().
	514	Saves and restores the connection context.
	515	****************************************************************************/
	516
	517	bool become_user(connection_struct *conn, uint16 vuid)
	518	{
	519	if (!push_sec_ctx())
	520	return False;
	521
	522	push_conn_ctx();
	523
	524	if (!change_to_user(conn, vuid)) {
	525	pop_sec_ctx();
	526	pop_conn_ctx();
	527	return False;
	528	}
	529
	530	return True;
	531	}
	532
[745]	533	bool become_user_by_session(connection_struct *conn,
	534	const struct auth_serversupplied_info *session_info)
	535	{
	536	if (!push_sec_ctx())
	537	return false;
	538
	539	push_conn_ctx();
	540
	541	if (!change_to_user_by_session(conn, session_info)) {
	542	pop_sec_ctx();
	543	pop_conn_ctx();
	544	return false;
	545	}
	546
	547	return true;
	548	}
	549
[596]	550	bool unbecome_user(void)
	551	{
	552	pop_sec_ctx();
	553	pop_conn_ctx();
	554	return True;
	555	}
[745]	556
	557	/****************************************************************************
	558	Return the current user we are running effectively as on this connection.
	559	I'd like to make this return conn->session_info->utok.uid, but become_root()
	560	doesn't alter this value.
	561	****************************************************************************/
	562
	563	uid_t get_current_uid(connection_struct *conn)
	564	{
	565	return current_user.ut.uid;
	566	}
	567
	568	/****************************************************************************
	569	Return the current group we are running effectively as on this connection.
	570	I'd like to make this return conn->session_info->utok.gid, but become_root()
	571	doesn't alter this value.
	572	****************************************************************************/
	573
	574	gid_t get_current_gid(connection_struct *conn)
	575	{
	576	return current_user.ut.gid;
	577	}
	578
	579	/****************************************************************************
	580	Return the UNIX token we are running effectively as on this connection.
	581	I'd like to make this return &conn->session_info->utok, but become_root()
	582	doesn't alter this value.
	583	****************************************************************************/
	584
	585	const struct security_unix_token get_current_utok(connection_struct conn)
	586	{
	587	return &current_user.ut;
	588	}
	589
	590	const struct security_token get_current_nttok(connection_struct conn)
	591	{
	592	return current_user.nt_user_token;
	593	}
	594
	595	uint16_t get_current_vuid(connection_struct *conn)
	596	{
	597	return current_user.vuid;
	598	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/source3/smbd/uid.c

Download in other formats: