diff options
author | Andreas Schneider <asn@samba.org> | 2011-03-02 10:56:46 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2011-03-08 11:41:30 +0100 |
commit | 4b8dd08a3859c0b7dd2085898266ef5bbdbc3420 (patch) | |
tree | 076fe204fcd3e8e6c2c46e6d53a1810cfc5b464e | |
parent | 5ce12e0beb65765b7e4bcef7f8d9b1963bd53e52 (diff) | |
download | samba-4b8dd08a3859c0b7dd2085898266ef5bbdbc3420.tar.gz samba-4b8dd08a3859c0b7dd2085898266ef5bbdbc3420.tar.bz2 samba-4b8dd08a3859c0b7dd2085898266ef5bbdbc3420.zip |
s3-rpc_server: Add server support for NCALRPC system user pipe.
Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r-- | source3/include/ntdomain.h | 2 | ||||
-rw-r--r-- | source3/rpc_server/rpc_server.c | 18 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 22 |
3 files changed, 41 insertions, 1 deletions
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 5819c9aa65..ac06b25c12 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -134,6 +134,8 @@ struct pipes_struct { struct pipe_auth_data auth; + bool system_user; + /* * Set to true when an RPC bind has been done on this pipe. */ diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index d332aeb212..bf9952e215 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -77,6 +77,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, const char *pipe_name, const struct ndr_syntax_id id, enum dcerpc_transport_t transport, + bool system_user, const char *client_address, const char *server_address, struct auth_session_info_transport *session_info, @@ -96,6 +97,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, } p->syntax = id; p->transport = transport; + p->system_user = system_user; p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); if (!p->mem_ctx) { @@ -466,7 +468,7 @@ static void named_pipe_accept_done(struct tevent_req *subreq) ret = make_server_pipes_struct(npc, npc->pipe_name, npc->pipe_id, NCACN_NP, - cli_addr, NULL, npc->session_info, + false, cli_addr, NULL, npc->session_info, &npc->p, &error); if (ret != 0) { DEBUG(2, ("Failed to create pipes_struct! (%s)\n", @@ -1018,9 +1020,11 @@ static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, struct tevent_req *subreq; const char *cli_str; const char *srv_str = NULL; + bool system_user = false; char *pipe_name; NTSTATUS status; int sys_errno; + uid_t uid; int rc; DEBUG(10, ("dcerpc_ncacn_accept\n")); @@ -1083,6 +1087,14 @@ static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, break; case NCALRPC: + rc = sys_getpeereid(s, &uid); + if (rc < 0) { + DEBUG(2, ("Failed to get ncalrpc connecting uid!")); + } else { + if (uid == sec_initial_uid()) { + system_user = true; + } + } case NCACN_NP: ncacn_conn->ep.name = talloc_strdup(ncacn_conn, name); if (ncacn_conn->ep.name == NULL) { @@ -1157,6 +1169,7 @@ static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, pipe_name, ncacn_conn->syntax_id, ncacn_conn->transport, + system_user, cli_str, srv_str, ncacn_conn->session_info, @@ -1211,6 +1224,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq) status = dcerpc_read_ncacn_packet_recv(subreq, ncacn_conn, &pkt, &recv_buffer); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("Failed to receive ncacn packet!\n")); goto fail; } @@ -1250,6 +1264,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq) ncacn_conn->iov = talloc_zero(ncacn_conn, struct iovec); if (ncacn_conn->iov == NULL) { status = NT_STATUS_NO_MEMORY; + DEBUG(3, ("Out of memory!\n")); goto fail; } ncacn_conn->count = 1; @@ -1278,6 +1293,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq) struct iovec, ncacn_conn->count + 1); if (ncacn_conn->iov == NULL) { + DEBUG(3, ("Out of memory!\n")); status = NT_STATUS_NO_MEMORY; goto fail; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index e062e63a30..8af3b319ec 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -987,6 +987,9 @@ static bool api_pipe_bind_req(struct pipes_struct *p, case DCERPC_AUTH_LEVEL_PRIVACY: p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY; break; + case DCERPC_AUTH_LEVEL_NONE: + p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; + break; default: DEBUG(0, ("Unexpected auth level (%u).\n", (unsigned int)auth_info.auth_level )); @@ -1023,6 +1026,25 @@ static bool api_pipe_bind_req(struct pipes_struct *p, } break; + case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: + if (p->transport == NCALRPC && p->system_user) { + status = make_session_info_system(p, + &p->session_info); + if (!NT_STATUS_IS_OK(status)) { + goto err_exit; + } + + auth_resp = data_blob_talloc(pkt, + "NCALRPC_AUTH_OK", + 15); + + p->auth.auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM; + p->pipe_bound = true; + } else { + goto err_exit; + } + break; + case DCERPC_AUTH_TYPE_NONE: break; |