Context Navigation

← Previous Change
Next Change →

uid.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

: 1 edited

vendor/current/source3/smbd/uid.c (modified) (24 diffs)

Legend:

: Unmodified
: Added
: Removed

vendor/current/source3/smbd/uid.c

-              r740
+              r988
         struct passwd *pass;
         pass = Get_Pwnam_alloc(talloc_tos(), lp_guestaccount());
+        pass = Get_Pwnam_alloc(talloc_tos(), lp_guest_account());
         if (!pass) {
                 return false;
 …
         for (i = 0; i < VUID_CACHE_SIZE; i++) {
                 struct vuid_cache_entry *ent;
                 ent = &conn->vuid_cache.array[i];
+                ent = &conn->vuid_cache->array[i];
                 if (ent->vuid != UID_FIELD_INVALID &&
                                 conn->session_info == ent->session_info) {
 …
+}
+/****************************************************************************
+  Setup the share access mask for a connection.
+****************************************************************************/
+static uint32_t create_share_access_mask(int snum,
+                                bool readonly_share,
+                                const struct security_token *token)
+{
+        uint32_t share_access = 0;
+        share_access_check(token,
+                        lp_servicename(talloc_tos(), snum),
+                        MAXIMUM_ALLOWED_ACCESS,
+                        &share_access);
+        if (readonly_share) {
+                share_access &=
+                        ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+                          SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+                          SEC_DIR_DELETE_CHILD );
+        }
+        if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
+                share_access |= SEC_FLAG_SYSTEM_SECURITY;
+        }
+        if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
+                share_access |= SEC_RIGHTS_PRIV_RESTORE;
+        }
+        if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+                share_access |= SEC_RIGHTS_PRIV_BACKUP;
+        }
+        if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
+                share_access |= SEC_STD_WRITE_OWNER;
+        }
+        return share_access;
+}
 /*******************************************************************
+ Check if a username is OK.
+ This sets up conn->session_info with a copy related to this vuser that
+ later code can then mess with.
+ Calculate access mask and if this user can access this share.
 ********************************************************************/
+static bool check_user_ok(connection_struct *conn,
+                        uint16_t vuid,
+                        const struct auth_serversupplied_info *session_info,
+                        int snum)
+{
+        bool valid_vuid = (vuid != UID_FIELD_INVALID);
+        unsigned int i;
+        bool readonly_share;
+        bool admin_user;
+        if (valid_vuid) {
+                struct vuid_cache_entry *ent;
+                for (i=0; i<VUID_CACHE_SIZE; i++) {
+                        ent = &conn->vuid_cache.array[i];
+                        if (ent->vuid == vuid) {
+                                free_conn_session_info_if_unused(conn);
+                                conn->session_info = ent->session_info;
+                                conn->read_only = ent->read_only;
+                                return(True);
+                        }
+                }
+        }
+        if (!user_ok_token(session_info->unix_name,
+                           session_info->info3->base.domain.string,
+                           session_info->security_token, snum))
+                return(False);
+NTSTATUS check_user_share_access(connection_struct *conn,
+                                const struct auth_session_info *session_info,
+                                uint32_t *p_share_access,
+                                bool *p_readonly_share)
+{
+        int snum = SNUM(conn);
+        uint32_t share_access = 0;
+        bool readonly_share = false;
+        if (!user_ok_token(session_info->unix_info->unix_name,
+                           session_info->info->domain_name,
+                           session_info->security_token, snum)) {
+                return NT_STATUS_ACCESS_DENIED;
+        }
         readonly_share = is_share_read_only_for_token(
                 session_info->unix_name,
                 session_info->info3->base.domain.string,
+                session_info->unix_info->unix_name,
+                session_info->info->domain_name,
                 session_info->security_token,
                 conn);
+        share_access = create_share_access_mask(snum,
+                                        readonly_share,
+                                        session_info->security_token);
+        if ((share_access & (FILE_READ_DATA|FILE_WRITE_DATA)) == 0) {
+                /* No access, read or write. */
+                DEBUG(3,("user %s connection to %s denied due to share "
+                         "security descriptor.\n",
+                         session_info->unix_info->unix_name,
+                         lp_servicename(talloc_tos(), snum)));
+                return NT_STATUS_ACCESS_DENIED;
+        }
         if (!readonly_share &&
+            !share_access_check(session_info->security_token,
+                                lp_servicename(snum), FILE_WRITE_DATA,
+                                NULL)) {
+            !(share_access & FILE_WRITE_DATA)) {
                 /* smb.conf allows r/w, but the security descriptor denies
                  * write. Fall back to looking at readonly. */
 …
+        }
+        if (!share_access_check(session_info->security_token,
+                                lp_servicename(snum),
+                                readonly_share ?
+                                FILE_READ_DATA : FILE_WRITE_DATA,
+                                NULL)) {
+                return False;
+        *p_share_access = share_access;
+        *p_readonly_share = readonly_share;
+        return NT_STATUS_OK;
+}
+/*******************************************************************
+ Check if a username is OK.
+ This sets up conn->session_info with a copy related to this vuser that
+ later code can then mess with.
+********************************************************************/
+static bool check_user_ok(connection_struct *conn,
+                        uint64_t vuid,
+                        const struct auth_session_info *session_info,
+                        int snum)
+{
+        unsigned int i;
+        bool readonly_share = false;
+        bool admin_user = false;
+        struct vuid_cache_entry *ent = NULL;
+        uint32_t share_access = 0;
+        NTSTATUS status;
+        for (i=0; i<VUID_CACHE_SIZE; i++) {
+                ent = &conn->vuid_cache->array[i];
+                if (ent->vuid == vuid) {
+                        if (vuid == UID_FIELD_INVALID) {
+                                /*
+                                 * Slow path, we don't care
+                                 * about the array traversal.
+                                */
+                                continue;
+                        }
+                        free_conn_session_info_if_unused(conn);
+                        conn->session_info = ent->session_info;
+                        conn->read_only = ent->read_only;
+                        conn->share_access = ent->share_access;
+                        return(True);
+                }
+        }
+        status = check_user_share_access(conn,
+                                        session_info,
+                                        &share_access,
+                                        &readonly_share);
+        if (!NT_STATUS_IS_OK(status)) {
+                return false;
+        }
         admin_user = token_contains_name_in_list(
                 session_info->unix_name,
                 session_info->info3->base.domain.string,
+                session_info->unix_info->unix_name,
+                session_info->info->domain_name,
                 NULL, session_info->security_token, lp_admin_users(snum));
+        if (valid_vuid) {
+                struct vuid_cache_entry *ent =
+                        &conn->vuid_cache.array[conn->vuid_cache.next_entry];
+                conn->vuid_cache.next_entry =
+                        (conn->vuid_cache.next_entry + 1) % VUID_CACHE_SIZE;
+                TALLOC_FREE(ent->session_info);
+        ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
+        conn->vuid_cache->next_entry =
+                (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
+        TALLOC_FREE(ent->session_info);
+        /*
+         * If force_user was set, all session_info's are based on the same
+         * username-based faked one.
+         */
+        ent->session_info = copy_session_info(
+                conn, conn->force_user ? conn->session_info : session_info);
+        if (ent->session_info == NULL) {
+                ent->vuid = UID_FIELD_INVALID;
+                return false;
+        }
+        /*
+         * It's actually OK to call check_user_ok() with
+         * vuid == UID_FIELD_INVALID as called from change_to_user_by_session().
+         * All this will do is throw away one entry in the cache.
+         */
+        ent->vuid = vuid;
+        ent->read_only = readonly_share;
+        ent->share_access = share_access;
+        free_conn_session_info_if_unused(conn);
+        conn->session_info = ent->session_info;
+        if (vuid == UID_FIELD_INVALID) {
                 /*
                  * If force_user was set, all session_info's are based on the same
                  * username-based faked one.
+                 * Not strictly needed, just make it really
+                 * clear this entry is actually an unused one.
                  */
+                ent->session_info = copy_serverinfo(
+                        conn, conn->force_user ? conn->session_info : session_info);
+                if (ent->session_info == NULL) {
+                        ent->vuid = UID_FIELD_INVALID;
+                        return false;
+                }
+                ent->vuid = vuid;
+                ent->read_only = readonly_share;
+                free_conn_session_info_if_unused(conn);
+                conn->session_info = ent->session_info;
+                ent->read_only = false;
+                ent->share_access = 0;
+                ent->session_info = NULL;
+        }
         conn->read_only = readonly_share;
+        conn->share_access = share_access;
         if (admin_user) {
                 DEBUG(2,("check_user_ok: user %s is an admin user. "
                         "Setting uid as %d\n",
                         conn->session_info->unix_name,
+                        conn->session_info->unix_info->unix_name,
                         sec_initial_uid() ));
                 conn->session_info->utok.uid = sec_initial_uid();
+                conn->session_info->unix_token->uid = sec_initial_uid();
+        }
         return(True);
+}
-/****************************************************************************
- Clear a vuid out of the connection's vuid cache
- This is only called on SMBulogoff.
-****************************************************************************/
-void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
+{
-        int i;
-        for (i=0; i<VUID_CACHE_SIZE; i++) {
-                struct vuid_cache_entry *ent;
-                ent = &conn->vuid_cache.array[i];
-                if (ent->vuid == vuid) {
-                        ent->vuid = UID_FIELD_INVALID;
-                        /*
-                         * We need to keep conn->session_info around
-                         * if it's equal to ent->session_info as a SMBulogoff
-                         * is often followed by a SMBtdis (with an invalid
-                         * vuid). The debug code (or regular code in
-                         * vfs_full_audit) wants to refer to the
-                         * conn->session_info pointer to print debug
-                         * statements. Theoretically this is a bug,
-                         * as once the vuid is gone the session_info
-                         * on the conn struct isn't valid any more,
-                         * but there's enough code that assumes
-                         * conn->session_info is never null that
-                         * it's easier to hold onto the old pointer
-                         * until we get a new sessionsetupX.
-                         * As everything is hung off the
-                         * conn pointer as a talloc context we're not
-                         * leaking memory here. See bug #6315. JRA.
-                         */
-                        if (conn->session_info == ent->session_info) {
-                                ent->session_info = NULL;
-                        } else {
-                                TALLOC_FREE(ent->session_info);
+                        }
-                        ent->read_only = False;
+                }
+        }
+}
 …
 static bool change_to_user_internal(connection_struct *conn,
                                     const struct auth_serversupplied_info *session_info,
                                     uint16_t vuid)
+                                    const struct auth_session_info *session_info,
+                                    uint64_t vuid)
+{
         int snum;
 …
                 DEBUG(2,("SMB user %s (unix user %s) "
                          "not permitted access to share %s.\n",
                          session_info->sanitized_username,
                          session_info->unix_name,
                          lp_servicename(snum)));
+                         session_info->unix_info->sanitized_username,
+                         session_info->unix_info->unix_name,
+                         lp_servicename(talloc_tos(), snum)));
                 return false;
+        }
         uid = conn->session_info->utok.uid;
         gid = conn->session_info->utok.gid;
         num_groups = conn->session_info->utok.ngroups;
         group_list  = conn->session_info->utok.groups;
+        uid = conn->session_info->unix_token->uid;
+        gid = conn->session_info->unix_token->gid;
+        num_groups = conn->session_info->unix_token->ngroups;
+        group_list  = conn->session_info->unix_token->groups;
         /*
 …
          * any group set in the force user code.
          */
         if((group_c = *lp_force_group(snum))) {
+        if((group_c = *lp_force_group(talloc_tos(), snum))) {
                 SMB_ASSERT(conn->force_group_gid != (gid_t)-1);
 …
                         for (i = 0; i < num_groups; i++) {
                                 if (group_list[i] == conn->force_group_gid) {
                                         conn->session_info->utok.gid =
+                                        conn->session_info->unix_token->gid =
                                                 conn->force_group_gid;
                                         gid = conn->force_group_gid;
 …
+                        }
                 } else {
                         conn->session_info->utok.gid = conn->force_group_gid;
+                        conn->session_info->unix_token->gid = conn->force_group_gid;
                         gid = conn->force_group_gid;
                         gid_to_sid(&conn->session_info->security_token->sids[1],
 …
+}
+bool change_to_user(connection_struct *conn, uint16_t vuid)
+{
+        const struct auth_serversupplied_info *session_info = NULL;
+        user_struct *vuser;
+bool change_to_user(connection_struct *conn, uint64_t vuid)
+{
+        struct user_struct *vuser;
         int snum = SNUM(conn);
 …
         vuser = get_valid_user_struct(conn->sconn, vuid);
+        /*
+         * We need a separate check in security=share mode due to vuid
+         * always being UID_FIELD_INVALID. If we don't do this then
+         * in share mode security we are *always* changing uid's between
+         * SMB's - this hurts performance - Badly.
+         */
+        if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
+           (current_user.ut.uid == conn->session_info->utok.uid)) {
+        if ((current_user.conn == conn) &&
+                   (vuser != NULL) && (current_user.vuid == vuid) &&
+                   (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
                 DEBUG(4,("Skipping user change - already "
                          "user\n"));
                 return(True);
+        } else if ((current_user.conn == conn) &&
+                   (vuser != NULL) && (current_user.vuid == vuid) &&
+                   (current_user.ut.uid == vuser->session_info->utok.uid)) {
+                DEBUG(4,("Skipping user change - already "
+                         "user\n"));
+                return(True);
+        }
+        session_info = vuser ? vuser->session_info : conn->session_info;
+        if (session_info == NULL) {
+                /* Invalid vuid sent - even with security = share. */
+                DEBUG(2,("Invalid vuid %d used on "
+                         "share %s.\n", vuid, lp_servicename(snum) ));
+        }
+        if (vuser == NULL) {
+                /* Invalid vuid sent */
+                DEBUG(2,("Invalid vuid %llu used on share %s.\n",
+                         (unsigned long long)vuid, lp_servicename(talloc_tos(),
+                                                                  snum)));
                 return false;
+        }
+        /* security = share sets force_user. */
+        if (!conn->force_user && vuser == NULL) {
+                DEBUG(2,("Invalid vuid used %d in accessing "
+                        "share %s.\n", vuid, lp_servicename(snum) ));
+                return False;
+        }
+        return change_to_user_internal(conn, session_info, vuid);
+}
+bool change_to_user_by_session(connection_struct *conn,
+                               const struct auth_serversupplied_info *session_info)
+        return change_to_user_internal(conn, vuser->session_info, vuid);
+}
+static bool change_to_user_by_session(connection_struct *conn,
+                                      const struct auth_session_info *session_info)
+{
         SMB_ASSERT(conn != NULL);
 …
         if ((current_user.conn == conn) &&
             (current_user.ut.uid == session_info->utok.uid)) {
+            (current_user.ut.uid == session_info->unix_token->uid)) {
                 DEBUG(7, ("Skipping user change - already user\n"));
 …
 ****************************************************************************/
 bool change_to_root_user(void)
+bool smbd_change_to_root_user(void)
+{
         set_root_sec_ctx();
 …
 ****************************************************************************/
 bool become_authenticated_pipe_user(struct auth_serversupplied_info *session_info)
+bool smbd_become_authenticated_pipe_user(struct auth_session_info *session_info)
+{
         if (!push_sec_ctx())
                 return False;
         set_sec_ctx(session_info->utok.uid, session_info->utok.gid,
                     session_info->utok.ngroups, session_info->utok.groups,
+        set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
+                    session_info->unix_token->ngroups, session_info->unix_token->groups,
                     session_info->security_token);
+        DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
+                 (int)getuid(),
+                 (int)geteuid(),
+                 (int)getgid(),
+                 (int)getegid()));
         return True;
 …
 ****************************************************************************/
 bool unbecome_authenticated_pipe_user(void)
+bool smbd_unbecome_authenticated_pipe_user(void)
+{
         return pop_sec_ctx();
 …
         ctx_p->vuid = current_user.vuid;
         DEBUG(4, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n",
                 (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx ));
+        DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
+                (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
         conn_ctx_stack_ndx++;
 …
 ****************************************************************************/
 void become_root(void)
+void smbd_become_root(void)
+{
          /*
 …
 /* Unbecome the root user */
 void unbecome_root(void)
+void smbd_unbecome_root(void)
+{
         pop_sec_ctx();
 …
 ****************************************************************************/
 bool become_user(connection_struct *conn, uint16 vuid)
+bool become_user(connection_struct *conn, uint64_t vuid)
+{
         if (!push_sec_ctx())
 …
 bool become_user_by_session(connection_struct *conn,
                             const struct auth_serversupplied_info *session_info)
+                            const struct auth_session_info *session_info)
+{
         if (!push_sec_ctx())
 …
 /****************************************************************************
  Return the current user we are running effectively as on this connection.
  I'd like to make this return conn->session_info->utok.uid, but become_root()
+ I'd like to make this return conn->session_info->unix_token->uid, but become_root()
  doesn't alter this value.
 ****************************************************************************/
 …
 /****************************************************************************
  Return the current group we are running effectively as on this connection.
  I'd like to make this return conn->session_info->utok.gid, but become_root()
+ I'd like to make this return conn->session_info->unix_token->gid, but become_root()
  doesn't alter this value.
 ****************************************************************************/
 …
 /****************************************************************************
  Return the UNIX token we are running effectively as on this connection.
  I'd like to make this return &conn->session_info->utok, but become_root()
+ I'd like to make this return &conn->session_info->unix_token-> but become_root()
  doesn't alter this value.
 ****************************************************************************/
 …
+}
+/****************************************************************************
+ Return the Windows token we are running effectively as on this connection.
+ If this is currently a NULL token as we're inside become_root() - a temporary
+ UNIX security override, then we search up the stack for the previous active
+ token.
+****************************************************************************/
 const struct security_token *get_current_nttok(connection_struct *conn)
+{
+        return current_user.nt_user_token;
+}
+uint16_t get_current_vuid(connection_struct *conn)
+        if (current_user.nt_user_token) {
+                return current_user.nt_user_token;
+        }
+        return sec_ctx_active_token();
+}
+uint64_t get_current_vuid(connection_struct *conn)
+{
         return current_user.vuid;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 988 for vendor/current/source3/smbd/uid.c

Legend:

vendor/current/source3/smbd/uid.c

Download in other formats: