From 4b8dd08a3859c0b7dd2085898266ef5bbdbc3420 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 2 Mar 2011 10:56:46 +0100
Subject: s3-rpc_server: Add server support for NCALRPC system user pipe.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Günther Deschner <gd@samba.org>
---
 source3/include/ntdomain.h      |  2 ++
 source3/rpc_server/rpc_server.c | 18 +++++++++++++++++-
 source3/rpc_server/srv_pipe.c   | 22 ++++++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 5819c9aa65..ac06b25c12 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -134,6 +134,8 @@ struct pipes_struct {
 
 	struct pipe_auth_data auth;
 
+	bool system_user;
+
 	/*
 	 * Set to true when an RPC bind has been done on this pipe.
 	 */
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index d332aeb212..bf9952e215 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -77,6 +77,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 				    const char *pipe_name,
 				    const struct ndr_syntax_id id,
 				    enum dcerpc_transport_t transport,
+				    bool system_user,
 				    const char *client_address,
 				    const char *server_address,
 				    struct auth_session_info_transport *session_info,
@@ -96,6 +97,7 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 	}
 	p->syntax = id;
 	p->transport = transport;
+	p->system_user = system_user;
 
 	p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p);
 	if (!p->mem_ctx) {
@@ -466,7 +468,7 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
 
 	ret = make_server_pipes_struct(npc,
 					npc->pipe_name, npc->pipe_id, NCACN_NP,
-					cli_addr, NULL, npc->session_info,
+					false, cli_addr, NULL, npc->session_info,
 					&npc->p, &error);
 	if (ret != 0) {
 		DEBUG(2, ("Failed to create pipes_struct! (%s)\n",
@@ -1018,9 +1020,11 @@ static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
 	struct tevent_req *subreq;
 	const char *cli_str;
 	const char *srv_str = NULL;
+	bool system_user = false;
 	char *pipe_name;
 	NTSTATUS status;
 	int sys_errno;
+	uid_t uid;
 	int rc;
 
 	DEBUG(10, ("dcerpc_ncacn_accept\n"));
@@ -1083,6 +1087,14 @@ static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
 
 			break;
 		case NCALRPC:
+			rc = sys_getpeereid(s, &uid);
+			if (rc < 0) {
+				DEBUG(2, ("Failed to get ncalrpc connecting uid!"));
+			} else {
+				if (uid == sec_initial_uid()) {
+					system_user = true;
+				}
+			}
 		case NCACN_NP:
 			ncacn_conn->ep.name = talloc_strdup(ncacn_conn, name);
 			if (ncacn_conn->ep.name == NULL) {
@@ -1157,6 +1169,7 @@ static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
 				      pipe_name,
 				      ncacn_conn->syntax_id,
 				      ncacn_conn->transport,
+				      system_user,
 				      cli_str,
 				      srv_str,
 				      ncacn_conn->session_info,
@@ -1211,6 +1224,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq)
 	status = dcerpc_read_ncacn_packet_recv(subreq, ncacn_conn, &pkt, &recv_buffer);
 	TALLOC_FREE(subreq);
 	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(3, ("Failed to receive ncacn packet!\n"));
 		goto fail;
 	}
 
@@ -1250,6 +1264,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq)
 		ncacn_conn->iov = talloc_zero(ncacn_conn, struct iovec);
 		if (ncacn_conn->iov == NULL) {
 			status = NT_STATUS_NO_MEMORY;
+			DEBUG(3, ("Out of memory!\n"));
 			goto fail;
 		}
 		ncacn_conn->count = 1;
@@ -1278,6 +1293,7 @@ static void dcerpc_ncacn_packet_process(struct tevent_req *subreq)
 						 struct iovec,
 						 ncacn_conn->count + 1);
 		if (ncacn_conn->iov == NULL) {
+			DEBUG(3, ("Out of memory!\n"));
 			status = NT_STATUS_NO_MEMORY;
 			goto fail;
 		}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index e062e63a30..8af3b319ec 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -987,6 +987,9 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
 		case DCERPC_AUTH_LEVEL_PRIVACY:
 			p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
 			break;
+		case DCERPC_AUTH_LEVEL_NONE:
+			p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
+			break;
 		default:
 			DEBUG(0, ("Unexpected auth level (%u).\n",
 				(unsigned int)auth_info.auth_level ));
@@ -1023,6 +1026,25 @@ static bool api_pipe_bind_req(struct pipes_struct *p,
 			}
 			break;
 
+		case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
+			if (p->transport == NCALRPC && p->system_user) {
+				status = make_session_info_system(p,
+								  &p->session_info);
+				if (!NT_STATUS_IS_OK(status)) {
+					goto err_exit;
+				}
+
+				auth_resp = data_blob_talloc(pkt,
+							     "NCALRPC_AUTH_OK",
+							     15);
+
+				p->auth.auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM;
+				p->pipe_bound = true;
+			} else {
+				goto err_exit;
+			}
+			break;
+
 		case DCERPC_AUTH_TYPE_NONE:
 			break;
 
-- 
cgit