search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-libnet: avoid using lp_dns_hostname() in join code
[samba4-gss.git] / source3 / smbd / uid.c
blob74ab3d9dd08ae0b94688cce9d9aef2f037c6ac2c
1 /*
2 Unix SMB/CIFS implementation.
3 uid/user handling
4 Copyright (C) Andrew Tridgell 1992-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/passwd.h"
22 #include "smbd/smbd.h"
23 #include "smbd/globals.h"
24 #include "source3/smbd/smbXsrv_session.h"
25 #include "../librpc/gen_ndr/netlogon.h"
26 #include "libcli/security/security.h"
27 #include "passdb/lookup_sid.h"
28 #include "auth.h"
29 #include "../auth/auth_util.h"
30 #include "source3/lib/substitute.h"
31
32 /* what user is current? */
33 extern struct current_user current_user;
34
35 /****************************************************************************
36 Become the guest user without changing the security context stack.
37 ****************************************************************************/
38
39 bool change_to_guest(void)
40 {
41 struct passwd *pass;
42
43 pass = Get_Pwnam_alloc(talloc_tos(), lp_guest_account());
44 if (!pass) {
45 return false;
46 }
47
48 #ifdef AIX
49 /* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
50 setting IDs */
51 initgroups(pass->pw_name, pass->pw_gid);
52 #endif
53
54 set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
55
56 current_user.conn = NULL;
57 current_user.vuid = UID_FIELD_INVALID;
58
59 TALLOC_FREE(pass);
60
61 return true;
62 }
63
64 /****************************************************************************
65 talloc free the conn->session_info if not used in the vuid cache.
66 ****************************************************************************/
67
68 static void free_conn_state_if_unused(connection_struct *conn)
69 {
70 unsigned int i;
71
72 for (i = 0; i < VUID_CACHE_SIZE; i++) {
73 struct vuid_cache_entry *ent;
74 ent = &conn->vuid_cache->array[i];
75 if (ent->vuid != UID_FIELD_INVALID &&
76 conn->session_info == ent->session_info) {
77 break;
78 }
79 }
80 if (i == VUID_CACHE_SIZE) {
81 /* Not used, safe to free. */
82 TALLOC_FREE(conn->session_info);
83 }
84 }
85
86 /****************************************************************************
87 Setup the share access mask for a connection.
88 ****************************************************************************/
89
90 static uint32_t create_share_access_mask(int snum,
91 bool readonly_share,
92 const struct security_token *token)
93 {
94 uint32_t share_access = 0;
95
96 share_access_check(token,
97 lp_const_servicename(snum),
98 MAXIMUM_ALLOWED_ACCESS,
99 &share_access);
100
101 if (readonly_share) {
102 share_access &=
103 ~(SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
104 SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
105 SEC_DIR_DELETE_CHILD );
106 }
107
108 if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
109 share_access |= SEC_FLAG_SYSTEM_SECURITY;
110 }
111 if (security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
112 share_access |= SEC_RIGHTS_PRIV_RESTORE;
113 }
114 if (security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
115 share_access |= SEC_RIGHTS_PRIV_BACKUP;
116 }
117 if (security_token_has_privilege(token, SEC_PRIV_TAKE_OWNERSHIP)) {
118 share_access |= SEC_STD_WRITE_OWNER;
119 }
120
121 return share_access;
122 }
123
124 /*******************************************************************
125 Calculate access mask and if this user can access this share.
126 ********************************************************************/
127
128 NTSTATUS check_user_share_access(connection_struct *conn,
129 const struct auth_session_info *session_info,
130 uint32_t *p_share_access,
131 bool *p_readonly_share)
132 {
133 int snum = SNUM(conn);
134 uint32_t share_access = 0;
135 bool readonly_share = false;
136 bool ok;
137
138 if (!user_ok_token(session_info->unix_info->unix_name,
139 session_info->info->domain_name,
140 session_info->security_token, snum)) {
141 return NT_STATUS_ACCESS_DENIED;
142 }
143
144 ok = is_share_read_only_for_token(
145 session_info->unix_info->unix_name,
146 session_info->info->domain_name,
147 session_info->security_token,
148 conn,
149 &readonly_share);
150 if (!ok) {
151 return NT_STATUS_ACCESS_DENIED;
152 }
153
154 share_access = create_share_access_mask(snum,
155 readonly_share,
156 session_info->security_token);
157
158 if ((share_access & (FILE_READ_DATA|FILE_WRITE_DATA)) == 0) {
159 /* No access, read or write. */
160 DBG_NOTICE("user %s connection to %s denied due to share "
161 "security descriptor.\n",
162 session_info->unix_info->unix_name,
163 lp_const_servicename(snum));
164 return NT_STATUS_ACCESS_DENIED;
165 }
166
167 if (!readonly_share &&
168 !(share_access & FILE_WRITE_DATA)) {
169 /* smb.conf allows r/w, but the security descriptor denies
170 * write. Fall back to looking at readonly. */
171 readonly_share = true;
172 DBG_INFO("falling back to read-only access-evaluation due to "
173 "security descriptor\n");
174 }
175
176 *p_share_access = share_access;
177 *p_readonly_share = readonly_share;
178
179 return NT_STATUS_OK;
180 }
181
182 struct scan_file_list_state {
183 TALLOC_CTX *mem_ctx;
184 const struct loadparm_substitution *lp_sub;
185 int snum;
186 const char *param_type;
187 struct security_token *token;
188 struct name_compare_entry **list;
189 bool ok;
190 };
191
192 static bool scan_file_list_cb(const char *string,
193 regmatch_t matches[],
194 void *private_data)
195 {
196 struct scan_file_list_state *state = private_data;
197
198 if (matches[1].rm_so == -1) {
199 DBG_WARNING("Found match, but no name??\n");
200 goto fail;
201 }
202 if (matches[1].rm_eo <= matches[1].rm_so) {
203 DBG_WARNING("Invalid match\n");
204 goto fail;
205 }
206
207 {
208 regoff_t len = matches[1].rm_eo - matches[1].rm_so;
209 char name[len + 1];
210 bool ok, match;
211 char *files = NULL;
212
213 memcpy(name, string + matches[1].rm_so, len);
214 name[len] = '\0';
215
216 DBG_DEBUG("Found name \"%s : %s\"\n", state->param_type, name);
217
218 ok = token_contains_name(talloc_tos(),
219 NULL,
220 NULL,
221 NULL,
222 state->token,
223 name,
224 &match);
225 if (!ok) {
226 goto fail;
227 }
228 if (!match) {
229 return false; /* don't stop traverse */
230 }
231
232 files = lp_parm_substituted_string(state->mem_ctx,
233 state->lp_sub,
234 state->snum,
235 state->param_type,
236 name,
237 NULL);
238 if (files == NULL) {
239 goto fail;
240 }
241
242 ok = append_to_namearray(state->mem_ctx,
243 files,
244 state->list);
245 if (!ok) {
246 goto fail;
247 }
248
249 return false; /* don't stop traverse */
250 }
251
252 fail:
253 state->ok = false;
254 return true; /* stop traverse */
255 }
256
257 /*******************************************************************
258 Check if a username is OK.
259
260 This sets up conn->session_info with a copy related to this vuser that
261 later code can then mess with.
262 ********************************************************************/
263
264 static bool check_user_ok(connection_struct *conn,
265 uint64_t vuid,
266 const struct auth_session_info *session_info,
267 int snum)
268 {
269 const struct loadparm_substitution *lp_sub =
270 loadparm_s3_global_substitution();
271 bool readonly_share = false;
272 bool admin_user = false;
273 struct vuid_cache_entry *ent = NULL;
274 uint32_t share_access = 0;
275 NTSTATUS status;
276 bool ok;
277
278 if (vuid != UID_FIELD_INVALID) {
279 unsigned int i;
280
281 for (i=0; i<VUID_CACHE_SIZE; i++) {
282 ent = &conn->vuid_cache->array[i];
283 if (ent->vuid == vuid) {
284 free_conn_state_if_unused(conn);
285 conn->session_info = ent->session_info;
286 conn->read_only = ent->read_only;
287 conn->share_access = ent->share_access;
288 conn->vuid = ent->vuid;
289 conn->veto_list = ent->veto_list;
290 conn->hide_list = ent->hide_list;
291 return(True);
292 }
293 }
294 }
295
296 status = check_user_share_access(conn,
297 session_info,
298 &share_access,
299 &readonly_share);
300 if (!NT_STATUS_IS_OK(status)) {
301 return false;
302 }
303
304 ok = token_contains_name_in_list(
305 session_info->unix_info->unix_name,
306 session_info->info->domain_name,
307 NULL,
308 session_info->security_token,
309 lp_admin_users(snum),
310 &admin_user);
311 if (!ok) {
312 /* Log, but move on */
313 DBG_ERR("Couldn't apply 'admin users'\n");
314 }
315
316 ent = &conn->vuid_cache->array[conn->vuid_cache->next_entry];
317
318 conn->vuid_cache->next_entry =
319 (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE;
320
321 TALLOC_FREE(ent->session_info);
322 TALLOC_FREE(ent->veto_list);
323 TALLOC_FREE(ent->hide_list);
324
325 /*
326 * If force_user was set, all session_info's are based on the same
327 * username-based faked one.
328 */
329
330 ent->session_info = copy_session_info(
331 conn, conn->force_user ? conn->session_info : session_info);
332
333 if (ent->session_info == NULL) {
334 ent->vuid = UID_FIELD_INVALID;
335 return false;
336 }
337
338 if (admin_user) {
339 DEBUG(2,("check_user_ok: user %s is an admin user. "
340 "Setting uid as %d\n",
341 ent->session_info->unix_info->unix_name,
342 sec_initial_uid() ));
343 ent->session_info->unix_token->uid = sec_initial_uid();
344 }
345
346 /*
347 * It's actually OK to call check_user_ok() with
348 * vuid == UID_FIELD_INVALID as called from become_user_by_session().
349 * All this will do is throw away one entry in the cache.
350 */
351
352 ent->vuid = vuid;
353 ent->read_only = readonly_share;
354 ent->share_access = share_access;
355
356 /* Add veto/hide lists */
357 if (!IS_IPC(conn) && !IS_PRINT(conn)) {
358 struct scan_file_list_state state = {
359 .mem_ctx = conn,
360 .lp_sub = lp_sub,
361 .snum = snum,
362 .token = session_info->security_token,
363 .ok = true,
364 };
365 int ret;
366
367 ok = set_namearray(conn,
368 lp_veto_files(talloc_tos(), lp_sub, snum),
369 &ent->veto_list);
370 if (!ok) {
371 return false;
372 }
373
374 /*
375 * A bit of boilerplate code duplication for userlevel
376 * hide and veto files in the share and global
377 * sections, but not enough to justify putting this
378 * into functions for now :-)
379 */
380
381 state.param_type = "veto files";
382 state.list = &ent->veto_list;
383
384 ret = lp_wi_scan_global_parametrics("vetofiles:\\(.*\\)",
385 2,
386 scan_file_list_cb,
387 &state);
388 if ((ret != 0) || !state.ok) {
389 return false;
390 }
391 ret = lp_wi_scan_share_parametrics(snum,
392 "vetofiles:\\(.*\\)",
393 2,
394 scan_file_list_cb,
395 &state);
396 if ((ret != 0) || !state.ok) {
397 return false;
398 }
399
400 ok = set_namearray(conn,
401 lp_hide_files(talloc_tos(), lp_sub, snum),
402 &ent->hide_list);
403 if (!ok) {
404 return false;
405 }
406
407 state.param_type = "hide files";
408 state.list = &ent->hide_list;
409
410 ret = lp_wi_scan_global_parametrics("hidefiles:\\(.*\\)",
411 2,
412 scan_file_list_cb,
413 &state);
414 if ((ret != 0) || !state.ok) {
415 return false;
416 }
417 ret = lp_wi_scan_share_parametrics(snum,
418 "hidefiles:\\(.*\\)",
419 2,
420 scan_file_list_cb,
421 &state);
422 if ((ret != 0) || !state.ok) {
423 return false;
424 }
425 }
426
427 free_conn_state_if_unused(conn);
428 conn->session_info = ent->session_info;
429 conn->veto_list = ent->veto_list;
430 conn->hide_list = ent->hide_list;
431 conn->vuid = ent->vuid;
432 if (vuid == UID_FIELD_INVALID) {
433 /*
434 * Not strictly needed, just make it really
435 * clear this entry is actually an unused one.
436 */
437 ent->read_only = false;
438 ent->share_access = 0;
439 ent->session_info = NULL;
440 }
441
442 conn->read_only = readonly_share;
443 conn->share_access = share_access;
444
445 return(True);
446 }
447
448 static void print_impersonation_info(connection_struct *conn)
449 {
450 struct smb_filename *cwdfname = NULL;
451
452 if (!CHECK_DEBUGLVL(DBGLVL_INFO)) {
453 return;
454 }
455
456 if (conn->tcon_done) {
457 cwdfname = vfs_GetWd(talloc_tos(), conn);
458 }
459
460 DBG_INFO("Impersonated user: uid=(%d,%d), gid=(%d,%d), cwd=[%s]\n",
461 (int)getuid(),
462 (int)geteuid(),
463 (int)getgid(),
464 (int)getegid(),
465 cwdfname ? cwdfname->base_name : "no cwd");
466 TALLOC_FREE(cwdfname);
467 }
468
469 /****************************************************************************
470 Become the user of a connection number without changing the security context
471 stack, but modify the current_user entries.
472 ****************************************************************************/
473
474 static bool change_to_user_impersonate(connection_struct *conn,
475 const struct auth_session_info *session_info,
476 uint64_t vuid)
477 {
478 const struct loadparm_substitution *lp_sub =
479 loadparm_s3_global_substitution();
480 int snum;
481 gid_t gid;
482 uid_t uid;
483 const char *force_group_name;
484 char group_c;
485 int num_groups = 0;
486 gid_t *group_list = NULL;
487 bool ok;
488
489 if ((current_user.conn == conn) &&
490 (current_user.vuid == vuid) &&
491 (current_user.ut.uid == session_info->unix_token->uid))
492 {
493 DBG_INFO("Skipping user change - already user\n");
494 return true;
495 }
496
497 set_current_user_info(session_info->unix_info->sanitized_username,
498 session_info->unix_info->unix_name,
499 session_info->info->domain_name);
500
501 snum = SNUM(conn);
502
503 ok = check_user_ok(conn, vuid, session_info, snum);
504 if (!ok) {
505 DBG_WARNING("SMB user %s (unix user %s) "
506 "not permitted access to share %s.\n",
507 session_info->unix_info->sanitized_username,
508 session_info->unix_info->unix_name,
509 lp_const_servicename(snum));
510 return false;
511 }
512
513 uid = conn->session_info->unix_token->uid;
514 gid = conn->session_info->unix_token->gid;
515 num_groups = conn->session_info->unix_token->ngroups;
516 group_list = conn->session_info->unix_token->groups;
517
518 /*
519 * See if we should force group for this service. If so this overrides
520 * any group set in the force user code.
521 */
522 force_group_name = lp_force_group(talloc_tos(), lp_sub, snum);
523 group_c = *force_group_name;
524
525 if ((group_c != '\0') && (conn->force_group_gid == (gid_t)-1)) {
526 /*
527 * This can happen if "force group" is added to a
528 * share definition whilst an existing connection
529 * to that share exists. In that case, don't change
530 * the existing credentials for force group, only
531 * do so for new connections.
532 *
533 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
534 */
535 DBG_INFO("Not forcing group %s on existing connection to "
536 "share %s for SMB user %s (unix user %s)\n",
537 force_group_name,
538 lp_const_servicename(snum),
539 session_info->unix_info->sanitized_username,
540 session_info->unix_info->unix_name);
541 }
542
543 if((group_c != '\0') && (conn->force_group_gid != (gid_t)-1)) {
544 /*
545 * Only force group for connections where
546 * conn->force_group_gid has already been set
547 * to the correct value (i.e. the connection
548 * happened after the 'force group' definition
549 * was added to the share definition. Connections
550 * that were made before force group was added
551 * should stay with their existing credentials.
552 *
553 * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
554 */
555
556 if (group_c == '+') {
557 int i;
558
559 /*
560 * Only force group if the user is a member of the
561 * service group. Check the group memberships for this
562 * user (we already have this) to see if we should force
563 * the group.
564 */
565 for (i = 0; i < num_groups; i++) {
566 if (group_list[i] == conn->force_group_gid) {
567 conn->session_info->unix_token->gid =
568 conn->force_group_gid;
569 gid = conn->force_group_gid;
570 gid_to_sid(&conn->session_info->security_token
571 ->sids[1], gid);
572 break;
573 }
574 }
575 } else {
576 conn->session_info->unix_token->gid = conn->force_group_gid;
577 gid = conn->force_group_gid;
578 gid_to_sid(&conn->session_info->security_token->sids[1],
579 gid);
580 }
581 }
582
583 set_sec_ctx(uid,
584 gid,
585 num_groups,
586 group_list,
587 conn->session_info->security_token);
588
589 current_user.conn = conn;
590 current_user.vuid = vuid;
591 return true;
592 }
593
594 /**
595 * Impersonate user and change directory to service
596 *
597 * change_to_user_and_service() is used to impersonate the user associated with
598 * the given vuid and to change the working directory of the process to the
599 * service base directory.
600 **/
601 bool change_to_user_and_service(connection_struct *conn, uint64_t vuid)
602 {
603 int snum = SNUM(conn);
604 struct auth_session_info *si = NULL;
605 NTSTATUS status;
606 bool ok;
607
608 if (conn == NULL) {
609 DBG_WARNING("Connection not open\n");
610 return false;
611 }
612
613 status = smbXsrv_session_info_lookup(conn->sconn->client,
614 vuid,
615 &si);
616 if (!NT_STATUS_IS_OK(status)) {
617 DBG_WARNING("Invalid vuid %llu used on share %s.\n",
618 (unsigned long long)vuid,
619 lp_const_servicename(snum));
620 return false;
621 }
622
623 ok = change_to_user_impersonate(conn, si, vuid);
624 if (!ok) {
625 return false;
626 }
627
628 if (conn->tcon_done) {
629 ok = chdir_current_service(conn);
630 if (!ok) {
631 return false;
632 }
633 }
634
635 print_impersonation_info(conn);
636 return true;
637 }
638
639 /**
640 * Impersonate user and change directory to service
641 *
642 * change_to_user_and_service_by_fsp() is used to impersonate the user
643 * associated with the given vuid and to change the working directory of the
644 * process to the service base directory.
645 **/
646 bool change_to_user_and_service_by_fsp(struct files_struct *fsp)
647 {
648 return change_to_user_and_service(fsp->conn, fsp->vuid);
649 }
650
651 /****************************************************************************
652 Go back to being root without changing the security context stack,
653 but modify the current_user entries.
654 ****************************************************************************/
655
656 bool smbd_change_to_root_user(void)
657 {
658 set_root_sec_ctx();
659
660 DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n",
661 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));
662
663 current_user.conn = NULL;
664 current_user.vuid = UID_FIELD_INVALID;
665
666 return(True);
667 }
668
669 /****************************************************************************
670 Become the user of an authenticated connected named pipe.
671 When this is called we are currently running as the connection
672 user. Doesn't modify current_user.
673 ****************************************************************************/
674
675 bool smbd_become_authenticated_pipe_user(struct auth_session_info *session_info)
676 {
677 if (!push_sec_ctx())
678 return False;
679
680 set_current_user_info(session_info->unix_info->sanitized_username,
681 session_info->unix_info->unix_name,
682 session_info->info->domain_name);
683
684 set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
685 session_info->unix_token->ngroups, session_info->unix_token->groups,
686 session_info->security_token);
687
688 DEBUG(5, ("Impersonated user: uid=(%d,%d), gid=(%d,%d)\n",
689 (int)getuid(),
690 (int)geteuid(),
691 (int)getgid(),
692 (int)getegid()));
693
694 return True;
695 }
696
697 /****************************************************************************
698 Unbecome the user of an authenticated connected named pipe.
699 When this is called we are running as the authenticated pipe
700 user and need to go back to being the connection user. Doesn't modify
701 current_user.
702 ****************************************************************************/
703
704 bool smbd_unbecome_authenticated_pipe_user(void)
705 {
706 return pop_sec_ctx();
707 }
708
709 /****************************************************************************
710 Utility functions used by become_xxx/unbecome_xxx.
711 ****************************************************************************/
712
713 static void push_conn_ctx(void)
714 {
715 struct conn_ctx *ctx_p;
716 extern userdom_struct current_user_info;
717
718 /* Check we don't overflow our stack */
719
720 if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
721 DEBUG(0, ("Connection context stack overflow!\n"));
722 smb_panic("Connection context stack overflow!\n");
723 }
724
725 /* Store previous user context */
726 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
727
728 ctx_p->conn = current_user.conn;
729 ctx_p->vuid = current_user.vuid;
730 ctx_p->user_info = current_user_info;
731
732 DEBUG(4, ("push_conn_ctx(%llu) : conn_ctx_stack_ndx = %d\n",
733 (unsigned long long)ctx_p->vuid, conn_ctx_stack_ndx));
734
735 conn_ctx_stack_ndx++;
736 }
737
738 static void pop_conn_ctx(void)
739 {
740 struct conn_ctx *ctx_p;
741
742 /* Check for stack underflow. */
743
744 if (conn_ctx_stack_ndx == 0) {
745 DEBUG(0, ("Connection context stack underflow!\n"));
746 smb_panic("Connection context stack underflow!\n");
747 }
748
749 conn_ctx_stack_ndx--;
750 ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx];
751
752 set_current_user_info(ctx_p->user_info.smb_name,
753 ctx_p->user_info.unix_name,
754 ctx_p->user_info.domain);
755
756 current_user.conn = ctx_p->conn;
757 current_user.vuid = ctx_p->vuid;
758
759 *ctx_p = (struct conn_ctx) {
760 .vuid = UID_FIELD_INVALID,
761 };
762 }
763
764 /****************************************************************************
765 Temporarily become a root user. Must match with unbecome_root(). Saves and
766 restores the connection context.
767 ****************************************************************************/
768
769 void smbd_become_root(void)
770 {
771 /*
772 * no good way to handle push_sec_ctx() failing without changing
773 * the prototype of become_root()
774 */
775 if (!push_sec_ctx()) {
776 smb_panic("become_root: push_sec_ctx failed");
777 }
778 push_conn_ctx();
779 set_root_sec_ctx();
780 }
781
782 /* Unbecome the root user */
783
784 void smbd_unbecome_root(void)
785 {
786 pop_sec_ctx();
787 pop_conn_ctx();
788 }
789
790 /****************************************************************************
791 Push the current security context then force a change via change_to_user().
792 Saves and restores the connection context.
793 ****************************************************************************/
794
795 bool become_user_without_service(connection_struct *conn, uint64_t vuid)
796 {
797 struct auth_session_info *session_info = NULL;
798 int snum = SNUM(conn);
799 NTSTATUS status;
800 bool ok;
801
802 if (conn == NULL) {
803 DBG_WARNING("Connection not open\n");
804 return false;
805 }
806
807 status = smbXsrv_session_info_lookup(conn->sconn->client,
808 vuid,
809 &session_info);
810 if (!NT_STATUS_IS_OK(status)) {
811 /* Invalid vuid sent */
812 DBG_WARNING("Invalid vuid %llu used on share %s.\n",
813 (unsigned long long)vuid,
814 lp_const_servicename(snum));
815 return false;
816 }
817
818 ok = push_sec_ctx();
819 if (!ok) {
820 return false;
821 }
822
823 push_conn_ctx();
824
825 ok = change_to_user_impersonate(conn, session_info, vuid);
826 if (!ok) {
827 pop_sec_ctx();
828 pop_conn_ctx();
829 return false;
830 }
831
832 return true;
833 }
834
835 bool become_user_without_service_by_fsp(struct files_struct *fsp)
836 {
837 return become_user_without_service(fsp->conn, fsp->vuid);
838 }
839
840 bool become_user_without_service_by_session(connection_struct *conn,
841 const struct auth_session_info *session_info)
842 {
843 bool ok;
844
845 SMB_ASSERT(conn != NULL);
846 SMB_ASSERT(session_info != NULL);
847
848 ok = push_sec_ctx();
849 if (!ok) {
850 return false;
851 }
852
853 push_conn_ctx();
854
855 ok = change_to_user_impersonate(conn, session_info, UID_FIELD_INVALID);
856 if (!ok) {
857 pop_sec_ctx();
858 pop_conn_ctx();
859 return false;
860 }
861
862 return true;
863 }
864
865 bool unbecome_user_without_service(void)
866 {
867 pop_sec_ctx();
868 pop_conn_ctx();
869 return True;
870 }
871
872 /****************************************************************************
873 Return the current user we are running effectively as on this connection.
874 I'd like to make this return conn->session_info->unix_token->uid, but become_root()
875 doesn't alter this value.
876 ****************************************************************************/
877
878 uid_t get_current_uid(connection_struct *conn)
879 {
880 return current_user.ut.uid;
881 }
882
883 /****************************************************************************
884 Return the current group we are running effectively as on this connection.
885 I'd like to make this return conn->session_info->unix_token->gid, but become_root()
886 doesn't alter this value.
887 ****************************************************************************/
888
889 gid_t get_current_gid(connection_struct *conn)
890 {
891 return current_user.ut.gid;
892 }
893
894 /****************************************************************************
895 Return the UNIX token we are running effectively as on this connection.
896 I'd like to make this return &conn->session_info->unix_token-> but become_root()
897 doesn't alter this value.
898 ****************************************************************************/
899
900 const struct security_unix_token *get_current_utok(connection_struct *conn)
901 {
902 return &current_user.ut;
903 }
904
905 /****************************************************************************
906 Return the Windows token we are running effectively as on this connection.
907 If this is currently a NULL token as we're inside become_root() - a temporary
908 UNIX security override, then we search up the stack for the previous active
909 token.
910 ****************************************************************************/
911
912 const struct security_token *get_current_nttok(connection_struct *conn)
913 {
914 if (current_user.nt_user_token) {
915 return current_user.nt_user_token;
916 }
917 return sec_ctx_active_token();
918 }
GSS-enabled samba4