diff options
author | Jeremy Allison <jra@samba.org> | 2001-10-18 20:15:12 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-10-18 20:15:12 +0000 |
commit | c416ff851b4ecc7a44aee9d00d07dd481d8ae2a7 (patch) | |
tree | a663818999f244e52704caab9906b7857edce355 /source3/smbd | |
parent | 9a903a08a7c4f8407b4d6d0937f0bfda932d2ce3 (diff) | |
download | samba-c416ff851b4ecc7a44aee9d00d07dd481d8ae2a7.tar.gz samba-c416ff851b4ecc7a44aee9d00d07dd481d8ae2a7.tar.bz2 samba-c416ff851b4ecc7a44aee9d00d07dd481d8ae2a7.zip |
Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b4687458ee021bfe8880558506eddba)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/blocking.c | 10 | ||||
-rw-r--r-- | source3/smbd/notify_hash.c | 15 | ||||
-rw-r--r-- | source3/smbd/oplock.c | 4 | ||||
-rw-r--r-- | source3/smbd/password.c | 2 | ||||
-rw-r--r-- | source3/smbd/process.c | 12 | ||||
-rw-r--r-- | source3/smbd/sec_ctx.c | 4 | ||||
-rw-r--r-- | source3/smbd/server.c | 9 | ||||
-rw-r--r-- | source3/smbd/service.c | 58 | ||||
-rw-r--r-- | source3/smbd/uid.c | 142 |
9 files changed, 180 insertions, 76 deletions
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index a398a4c2a1..252ae6e0ea 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -582,7 +582,7 @@ void process_blocking_lock_queue(time_t t) continue; } - if(!become_user(conn,vuid)) { + if(!change_to_user(conn,vuid)) { DEBUG(0,("process_blocking_lock_queue: Unable to become user vuid=%d.\n", vuid )); /* @@ -594,7 +594,7 @@ void process_blocking_lock_queue(time_t t) continue; } - if(!become_service(conn,True)) { + if(!set_current_service(conn,True)) { DEBUG(0,("process_blocking_lock_queue: Unable to become service Error was %s.\n", strerror(errno) )); /* * Remove the entry and return an error to the client. @@ -602,7 +602,7 @@ void process_blocking_lock_queue(time_t t) blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev)); blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue)); - unbecome_user(); + change_to_root_user(); continue; } @@ -615,11 +615,11 @@ void process_blocking_lock_queue(time_t t) if(blocking_lock_record_process(blr)) { free_blocking_lock_record((blocking_lock_record *)ubi_slRemNext( &blocking_lock_queue, prev)); blr = (blocking_lock_record *)(prev ? ubi_slNext(prev) : ubi_slFirst(&blocking_lock_queue)); - unbecome_user(); + change_to_root_user(); continue; } - unbecome_user(); + change_to_root_user(); /* * Move to the next in the list. diff --git a/source3/smbd/notify_hash.c b/source3/smbd/notify_hash.c index 0c69dc7876..d398fac214 100644 --- a/source3/smbd/notify_hash.c +++ b/source3/smbd/notify_hash.c @@ -126,16 +126,19 @@ static void *hash_register_notify(connection_struct *conn, char *path, uint32 fl Check if a change notify should be issued. A time of zero means instantaneous check - don't modify the last check time. *****************************************************************************/ + static BOOL hash_check_notify(connection_struct *conn, uint16 vuid, char *path, uint32 flags, void *datap, time_t t) { struct change_data *data = (struct change_data *)datap; struct change_data data2; - if (t && t < data->last_check_time + lp_change_notify_timeout()) return False; + if (t && t < data->last_check_time + lp_change_notify_timeout()) + return False; - if (!become_user(conn,vuid)) return True; - if (!become_service(conn,True)) { - unbecome_user(); + if (!change_to_user(conn,vuid)) + return True; + if (!set_current_service(conn,True)) { + change_to_root_user(); return True; } @@ -144,14 +147,14 @@ static BOOL hash_check_notify(connection_struct *conn, uint16 vuid, char *path, data2.status_time != data->status_time || data2.total_time != data->total_time || data2.num_entries != data->num_entries) { - unbecome_user(); + change_to_root_user(); return True; } if (t) data->last_check_time = t; - unbecome_user(); + change_to_root_user(); return False; } diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index 4e8e36b3aa..927719ac1a 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -750,7 +750,7 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B saved_vuid = current_user.vuid; saved_fsp_conn = fsp->conn; vfs_GetWd(saved_fsp_conn,saved_dir); - unbecome_user(); + change_to_root_user(); /* Save the chain fnum. */ file_chain_save(); @@ -823,7 +823,7 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B * Go back to being the user who requested the oplock * break. */ - if((saved_user_conn != NULL) && (saved_vuid != UID_FIELD_INVALID) && !become_user(saved_user_conn, saved_vuid)) + if((saved_user_conn != NULL) && (saved_vuid != UID_FIELD_INVALID) && !change_to_user(saved_user_conn, saved_vuid)) { DEBUG( 0, ( "oplock_break: unable to re-become user!" ) ); DEBUGADD( 0, ( "Shutting down server\n" ) ); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index b074552567..b1739d9bb6 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -244,7 +244,7 @@ int register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, vuser->groups = NULL; /* Find all the groups this uid is in and store them. - Used by become_user() */ + Used by change_to_user() */ initialise_groups(vuser->user.unix_name, vuser->uid, vuser->gid); get_current_groups( &vuser->n_groups, &vuser->groups); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index cf691ce9f3..edcb6b345f 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -120,7 +120,7 @@ static void async_processing(fd_set *fds, char *buffer, int buffer_len) /* check for sighup processing */ if (reload_after_sighup) { - unbecome_user(); + change_to_root_user(); DEBUG(1,("Reloading services after SIGHUP\n")); reload_services(False); reload_after_sighup = False; @@ -702,7 +702,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize /* does this protocol need to be run as root? */ if (!(flags & AS_USER)) - unbecome_user(); + change_to_root_user(); /* does this protocol need a valid tree connection? */ if ((flags & AS_USER) && !conn) { @@ -711,7 +711,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize /* does this protocol need to be run as the connected user? */ - if ((flags & AS_USER) && !become_user(conn,session_tag)) { + if ((flags & AS_USER) && !change_to_user(conn,session_tag)) { if (flags & AS_GUEST) flags &= ~AS_USER; else @@ -734,13 +734,13 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize } /* load service specific parameters */ - if (conn && !become_service(conn,(flags & AS_USER)?True:False)) { + if (conn && !set_current_service(conn,(flags & AS_USER)?True:False)) { return(ERROR_DOS(ERRSRV,ERRaccess)); } /* does this protocol need to be run as guest? */ if ((flags & AS_GUEST) && - (!become_guest() || + (!change_to_guest() || !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1)))) { return(ERROR_DOS(ERRSRV,ERRaccess)); } @@ -1096,7 +1096,7 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t last_idle_closed_check = t; /* become root again if waiting */ - unbecome_user(); + change_to_root_user(); /* check if we need to reload services */ check_reload(t); diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index c053a611c2..cea39b82cb 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -59,10 +59,8 @@ static BOOL become_uid(uid_t uid) /* Set effective user id */ set_effective_uid(uid); - current_user.uid = uid; DO_PROFILE_INC(uid_changes); - return True; } @@ -88,8 +86,6 @@ static BOOL become_gid(gid_t gid) /* Set effective group id */ set_effective_gid(gid); - current_user.gid = gid; - return True; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 579649cf0c..2e0fb1868d 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -247,7 +247,7 @@ max can be %d\n", /* check for sighup processing */ if (reload_after_sighup) { - unbecome_user(); + change_to_root_user(); DEBUG(1,("Reloading services after SIGHUP\n")); reload_services(False); reload_after_sighup = False; @@ -393,7 +393,7 @@ BOOL reload_services(BOOL test) reset_stat_cache(); /* this forces service parameters to be flushed */ - become_service(NULL,True); + set_current_service(NULL,True); return(ret); } @@ -479,10 +479,11 @@ void exit_server(char *reason) extern char *last_inbuf; - if (!firsttime) exit(0); + if (!firsttime) + exit(0); firsttime = 0; - unbecome_user(); + change_to_root_user(); DEBUG(2,("Closing connections\n")); conn_close_all(); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 6f2c28d19c..9e3f3c9f11 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -34,9 +34,10 @@ extern fstring remote_machine; /**************************************************************************** -load parameters specific to a connection/service + Load parameters specific to a connection/service. ****************************************************************************/ -BOOL become_service(connection_struct *conn,BOOL do_chdir) + +BOOL set_current_service(connection_struct *conn,BOOL do_chdir) { extern char magic_char; static connection_struct *last_conn; @@ -315,10 +316,10 @@ static void set_admin_user(connection_struct *conn) #endif } - /**************************************************************************** - make a connection to a service + Make a connection to a service. ****************************************************************************/ + connection_struct *make_connection(char *service,char *password, int pwlen, char *dev,uint16 vuid, NTSTATUS *status) { @@ -327,10 +328,17 @@ connection_struct *make_connection(char *service,char *password, BOOL guest = False; BOOL force = False; connection_struct *conn; + uid_t euid; fstring user; ZERO_STRUCT(user); + /* This must ONLY BE CALLED AS ROOT. As it exits this function as root. */ + if ((euid = geteuid()) != 0) { + DEBUG(0,("make_connection: PANIC ERROR. Called as nonroot (%u)\n", (unsigned int)euid )); + smb_panic("make_connection: PANIC ERROR. Called as nonroot\n"); + } + strlower(service); snum = find_service(service); @@ -519,7 +527,7 @@ connection_struct *make_connection(char *service,char *password, conn->groups = NULL; /* Find all the groups this uid is in and - store them. Used by become_user() */ + store them. Used by change_to_user() */ initialise_groups(conn->user, conn->uid, conn->gid); get_current_groups(&conn->ngroups,&conn->groups); @@ -557,16 +565,7 @@ connection_struct *make_connection(char *service,char *password, return NULL; } - if (!become_user(conn, conn->vuid)) { - /* No point continuing if they fail the basic checks */ - DEBUG(0,("Can't become connected user!\n")); - conn_free(conn); - *status = NT_STATUS_LOGON_FAILURE; - return NULL; - } - /* ROOT Activities: */ - become_root(); /* check number of connections */ if (!claim_connection(conn, lp_servicename(SNUM(conn)), @@ -575,8 +574,6 @@ connection_struct *make_connection(char *service,char *password, DEBUG(1,("too many connections - rejected\n")); *status = NT_STATUS_INSUFFICIENT_RESOURCES; conn_free(conn); - unbecome_root(); - unbecome_user(); return NULL; } @@ -596,14 +593,19 @@ connection_struct *make_connection(char *service,char *password, lp_max_connections(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; - unbecome_root(); - unbecome_user(); return NULL; } } - unbecome_root(); /* USER Activites: */ + if (!change_to_user(conn, conn->vuid)) { + /* No point continuing if they fail the basic checks */ + DEBUG(0,("Can't become connected user!\n")); + conn_free(conn); + *status = NT_STATUS_LOGON_FAILURE; + return NULL; + } + /* Remember that a different vuid can connect later without these checks... */ /* Preexecs are done here as they might make the dir we are to ChDir to below */ @@ -616,7 +618,7 @@ connection_struct *make_connection(char *service,char *password, ret = smbrun(cmd,NULL); if (ret != 0 && lp_preexec_close(SNUM(conn))) { DEBUG(1,("preexec gave %d - failing connection\n", ret)); - unbecome_user(); + change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); conn_free(conn); *status = NT_STATUS_UNSUCCESSFUL; @@ -628,7 +630,7 @@ connection_struct *make_connection(char *service,char *password, DEBUG(0,("%s (%s) Can't change directory to %s (%s)\n", remote_machine, conn->client_address, conn->connectpath,strerror(errno))); - unbecome_user(); + change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn)), lp_max_connections(SNUM(conn))); @@ -677,14 +679,14 @@ connection_struct *make_connection(char *service,char *password, if (conn->vfs_ops.connect(conn, service, user) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); *status = NT_STATUS_UNSUCCESSFUL; - unbecome_user(); + change_to_root_user(); conn_free(conn); return NULL; } } - /* we've finished with the sensitive stuff */ - unbecome_user(); + /* we've finished with the user stuff - go back to root */ + change_to_root_user(); return(conn); } @@ -697,7 +699,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) { DirCacheFlush(SNUM(conn)); - unbecome_user(); + change_to_root_user(); DEBUG(IS_IPC(conn)?3:1, ("%s (%s) closed connection to service %s\n", remote_machine,conn->client_address, @@ -720,15 +722,15 @@ void close_cnum(connection_struct *conn, uint16 vuid) /* execute any "postexec = " line */ if (*lp_postexec(SNUM(conn)) && - become_user(conn, vuid)) { + change_to_user(conn, vuid)) { pstring cmd; pstrcpy(cmd,lp_postexec(SNUM(conn))); standard_sub_conn(conn,cmd); smbrun(cmd,NULL); - unbecome_user(); + change_to_root_user(); } - unbecome_user(); + change_to_root_user(); /* execute any "root postexec = " line */ if (*lp_rootpostexec(SNUM(conn))) { pstring cmd; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 39bdaaa596..b1012c3c91 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -25,10 +25,10 @@ extern struct current_user current_user; /**************************************************************************** - Become the guest user. + Become the guest user without changing the security context stack. ****************************************************************************/ -BOOL become_guest(void) +BOOL change_to_guest(void) { static struct passwd *pass=NULL; static uid_t guest_uid = (uid_t)-1; @@ -82,10 +82,11 @@ static BOOL check_user_ok(connection_struct *conn, user_struct *vuser,int snum) } /**************************************************************************** - Become the user of a connection number. + Become the user of a connection number without changing the security context + stack, but modify the currnet_user entries. ****************************************************************************/ -BOOL become_user(connection_struct *conn, uint16 vuid) +BOOL change_to_user(connection_struct *conn, uint16 vuid) { user_struct *vuser = get_valid_user_struct(vuid); int snum; @@ -96,7 +97,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid) NT_USER_TOKEN *token = NULL; if (!conn) { - DEBUG(2,("Connection not open\n")); + DEBUG(2,("change_to_user: Connection not open\n")); return(False); } @@ -109,12 +110,12 @@ BOOL become_user(connection_struct *conn, uint16 vuid) if((lp_security() == SEC_SHARE) && (current_user.conn == conn) && (current_user.uid == conn->uid)) { - DEBUG(4,("Skipping become_user - already user\n")); + DEBUG(4,("change_to_user: Skipping user change - already user\n")); return(True); } else if ((current_user.conn == conn) && (vuser != 0) && (current_user.vuid == vuid) && (current_user.uid == vuser->uid)) { - DEBUG(4,("Skipping become_user - already user\n")); + DEBUG(4,("change_to_user: Skipping user change - already user\n")); return(True); } @@ -133,7 +134,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid) token = conn->nt_user_token; } else { if (!vuser) { - DEBUG(2,("Invalid vuid used %d\n",vuid)); + DEBUG(2,("change_to_user: Invalid vuid used %d\n",vuid)); return(False); } uid = vuser->uid; @@ -196,21 +197,22 @@ BOOL become_user(connection_struct *conn, uint16 vuid) current_user.conn = conn; current_user.vuid = vuid; - DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n", + DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n", (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid())); return(True); } /**************************************************************************** - Unbecome the user of a connection number. + Go back to being root without changing the security context stack, + but modify the current_user entries. ****************************************************************************/ -BOOL unbecome_user(void ) +BOOL change_to_root_user(void) { set_root_sec_ctx(); - DEBUG(5,("unbecome_user now uid=(%d,%d) gid=(%d,%d)\n", + DEBUG(5,("change_to_root_user: now uid=(%d,%d) gid=(%d,%d)\n", (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid())); current_user.conn = NULL; @@ -222,16 +224,13 @@ BOOL unbecome_user(void ) /**************************************************************************** Become the user of an authenticated connected named pipe. When this is called we are currently running as the connection - user. + user. Doesn't modify current_user. ****************************************************************************/ BOOL become_authenticated_pipe_user(pipes_struct *p) { - BOOL res = push_sec_ctx(); - - if (!res) { + if (!push_sec_ctx()) return False; - } set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid, p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token); @@ -242,19 +241,93 @@ BOOL become_authenticated_pipe_user(pipes_struct *p) /**************************************************************************** Unbecome the user of an authenticated connected named pipe. When this is called we are running as the authenticated pipe - user and need to go back to being the connection user. + user and need to go back to being the connection user. Doesn't modify + current_user. ****************************************************************************/ -BOOL unbecome_authenticated_pipe_user(pipes_struct *p) +BOOL unbecome_authenticated_pipe_user(void) { return pop_sec_ctx(); } -/* Temporarily become a root user. Must match with unbecome_root(). */ +/**************************************************************************** + Utility functions used by become_xxx/unbecome_xxx. +****************************************************************************/ + +struct conn_ctx { + connection_struct *conn; + uint16 vuid; +}; + +/* A stack of current_user connection contexts. */ + +static struct conn_ctx conn_ctx_stack[MAX_SEC_CTX_DEPTH]; +static int conn_ctx_stack_ndx; + +static void push_conn_ctx(void) +{ + struct conn_ctx *ctx_p; + + /* Check we don't overflow our stack */ + + if (conn_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) { + DEBUG(0, ("Connection context stack overflow!\n")); + smb_panic("Connection context stack overflow!\n"); + } + + /* Store previous user context */ + ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx]; + + ctx_p->conn = current_user.conn; + ctx_p->vuid = current_user.vuid; + + DEBUG(3, ("push_conn_ctx(%u) : conn_ctx_stack_ndx = %d\n", + (unsigned int)ctx_p->vuid, conn_ctx_stack_ndx )); + + conn_ctx_stack_ndx++; +} + +static void pop_conn_ctx(void) +{ + struct conn_ctx *ctx_p; + + /* Check for stack underflow. */ + + if (conn_ctx_stack_ndx == 0) { + DEBUG(0, ("Connection context stack underflow!\n")); + smb_panic("Connection context stack underflow!\n"); + } + + conn_ctx_stack_ndx--; + ctx_p = &conn_ctx_stack[conn_ctx_stack_ndx]; + + current_user.conn = ctx_p->conn; + current_user.vuid = ctx_p->vuid; + + ctx_p->conn = NULL; + ctx_p->vuid = UID_FIELD_INVALID; +} + +void init_conn_ctx(void) +{ + int i; + + /* Initialise connection context stack */ + for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) { + conn_ctx_stack[i].conn = NULL; + conn_ctx_stack[i].vuid = UID_FIELD_INVALID; + } +} + +/**************************************************************************** + Temporarily become a root user. Must match with unbecome_root(). Saves and + restores the connection context. +****************************************************************************/ void become_root(void) { push_sec_ctx(); + push_conn_ctx(); set_root_sec_ctx(); } @@ -263,6 +336,35 @@ void become_root(void) void unbecome_root(void) { pop_sec_ctx(); + pop_conn_ctx(); +} + +/**************************************************************************** + Push the current security context then force a change via change_to_user(). + Saves and restores the connection context. +****************************************************************************/ + +BOOL become_user(connection_struct *conn, uint16 vuid) +{ + if (!push_sec_ctx()) + return False; + + push_conn_ctx(); + + if (!change_to_user(conn, vuid)) { + pop_sec_ctx(); + pop_conn_ctx(); + return False; + } + + return True; +} + +BOOL unbecome_user() +{ + pop_sec_ctx(); + pop_conn_ctx(); + return True; } /***************************************************************** |