]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:rpc_server: Setup dcesrv_context callbacks
authorSamuel Cabrero <scabrero@suse.de>
Fri, 25 Jan 2019 08:50:15 +0000 (09:50 +0100)
committerSamuel Cabrero <scabrero@sn-devel-184>
Fri, 20 Mar 2020 15:36:33 +0000 (15:36 +0000)
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source3/rpc_server/rpc_config.c
source3/rpc_server/rpc_server.c
source3/rpc_server/rpc_server.h

index 1a436981e2f24bf0dc847a8c62e8c1c41cc48a7f..310b6a50eeba0c2e0b1247a5a3c51822643c9e01 100644 (file)
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
+static struct dcesrv_context_callbacks srv_callbacks = {
+       .log.successful_authz = dcesrv_log_successful_authz,
+       .auth.gensec_prepare = dcesrv_auth_gensec_prepare,
+       .assoc_group.find = dcesrv_assoc_group_find,
+};
+
 static struct dcesrv_context *global_dcesrv_ctx = NULL;
 
 struct dcesrv_context *global_dcesrv_context(void)
@@ -50,7 +56,7 @@ struct dcesrv_context *global_dcesrv_context(void)
                 */
                status = dcesrv_init_context(global_event_context(),
                                             lp_ctx,
-                                            NULL,
+                                            &srv_callbacks,
                                             &global_dcesrv_ctx);
                if (!NT_STATUS_IS_OK(status)) {
                        smb_panic("Failed to init DCE/RPC context");
index 5550121cf0937fca46f753ffac6046ddac347ebc..eeda8e3f38048c6894ae03e691c14a1d1f9c472c 100644 (file)
@@ -20,6 +20,7 @@
 */
 
 #include "includes.h"
+#include "librpc/rpc/dcesrv_core.h"
 #include "rpc_server/rpc_pipes.h"
 #include "rpc_server/rpc_server.h"
 #include "rpc_server/rpc_config.h"
@@ -1185,4 +1186,84 @@ fail:
        return;
 }
 
+NTSTATUS dcesrv_auth_gensec_prepare(TALLOC_CTX *mem_ctx,
+                                   struct dcesrv_call_state *call,
+                                   struct gensec_security **out)
+{
+       struct gensec_security *gensec = NULL;
+       NTSTATUS status;
+
+       if (out == NULL) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       status = auth_generic_prepare(mem_ctx,
+                                     call->conn->remote_address,
+                                     call->conn->local_address,
+                                     "DCE/RPC",
+                                     &gensec);
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_ERR("Failed to prepare gensec: %s\n", nt_errstr(status));
+               return status;
+       }
+
+       *out = gensec;
+
+       return NT_STATUS_OK;
+}
+
+void dcesrv_log_successful_authz(struct dcesrv_call_state *call)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       struct auth4_context *auth4_context = NULL;
+       struct dcesrv_auth *auth = call->auth_state;
+       enum dcerpc_transport_t transport = dcerpc_binding_get_transport(
+                       call->conn->endpoint->ep_description);
+       const char *auth_type = derpc_transport_string_by_transport(transport);
+       const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+       NTSTATUS status;
+
+       if (frame == NULL) {
+               DBG_ERR("No memory");
+               return;
+       }
+
+       if (transport == NCACN_NP) {
+               transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
+       }
+
+       become_root();
+       status = make_auth4_context(frame, &auth4_context);
+       unbecome_root();
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_ERR("Unable to make auth context for authz log.\n");
+               TALLOC_FREE(frame);
+               return;
+       }
+
+       /*
+        * Log the authorization to this RPC interface.  This
+        * covered ncacn_np pass-through auth, and anonymous
+        * DCE/RPC (eg epmapper, netlogon etc)
+        */
+       log_successful_authz_event(auth4_context->msg_ctx,
+                                  auth4_context->lp_ctx,
+                                  call->conn->remote_address,
+                                  call->conn->local_address,
+                                  "DCE/RPC",
+                                  auth_type,
+                                  transport_protection,
+                                  auth->session_info);
+
+       auth->auth_audited = true;
+
+       TALLOC_FREE(frame);
+}
+
+NTSTATUS dcesrv_assoc_group_find(struct dcesrv_call_state *call)
+{
+       /* TODO */
+       return NT_STATUS_NOT_IMPLEMENTED;
+}
+
 /* vim: set ts=8 sw=8 noet cindent syntax=c.doxygen: */
index 01ca3d072189a670ee83edf6f8a0eab8034d5b41..3891d5d6c40864fd446027f062b5f6c74c9cb853 100644 (file)
@@ -24,6 +24,8 @@
 
 struct pipes_struct;
 struct auth_session_info;
+struct dcesrv_call_state;
+struct cli_credentials;
 
 typedef void (*dcerpc_ncacn_termination_fn)(struct pipes_struct *, void *);
 
@@ -105,4 +107,10 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
                         void *termination_data);
 void dcerpc_ncacn_packet_process(struct tevent_req *subreq);
 
+NTSTATUS dcesrv_auth_gensec_prepare(TALLOC_CTX *mem_ctx,
+                                   struct dcesrv_call_state *call,
+                                   struct gensec_security **out);
+void dcesrv_log_successful_authz(struct dcesrv_call_state *call);
+NTSTATUS dcesrv_assoc_group_find(struct dcesrv_call_state *call);
+
 #endif /* _PRC_SERVER_H_ */