diff options
author | Samuel Cabrero <scabrero@suse.de> | 2019-01-24 20:03:44 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-18 16:07:36 +0000 |
commit | bf097719534be55abaab931ca03b8be23ef1fe0a (patch) | |
tree | cc45b40a44732bd9ab1bbc2bee713831045c204a /source4 | |
parent | 6fcf8038e49ed7f0996ad21fb9f516de30131df7 (diff) | |
download | samba-bf097719534be55abaab931ca03b8be23ef1fe0a.tar.gz |
s4:rpc_server: Add dcesrv_context_callbacks to dcesrv_context
Add a new struct dcesrv_context_callbacks in dcesrv_context to hold pointers
to functions whose implementation will differ between S3 and S4.
The log_successful_dcesrv_authz_event implementation will differ as it
requires an imessaging_context.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 40 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.h | 16 | ||||
-rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 41 | ||||
-rw-r--r-- | source4/rpc_server/service_rpc.c | 6 | ||||
-rw-r--r-- | source4/torture/rpc/spoolss_notify.c | 8 |
5 files changed, 72 insertions, 39 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index bfd0f669c33..3b432f7484c 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -2406,9 +2406,11 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, return status; } -_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, - const char **endpoint_servers, struct dcesrv_context **_dce_ctx) + const char **endpoint_servers, + struct dcesrv_context_callbacks *cb, + struct dcesrv_context **_dce_ctx) { NTSTATUS status; struct dcesrv_context *dce_ctx; @@ -2435,6 +2437,9 @@ _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, dce_ctx->assoc_groups_idr = idr_init(dce_ctx); NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr); dce_ctx->broken_connections = NULL; + if (cb != NULL) { + dce_ctx->callbacks = *cb; + } for (i=0;endpoint_servers[i];i++) { const struct dcesrv_endpoint_server *ep_server; @@ -3400,3 +3405,34 @@ _PUBLIC_ struct server_id dcesrv_server_id(struct dcesrv_connection *conn) struct stream_connection); return srv_conn->server_id; } + +void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call) +{ + struct dcesrv_auth *auth = call->auth_state; + enum dcerpc_transport_t transport = + dcerpc_binding_get_transport(call->conn->endpoint->ep_description); + struct imessaging_context *imsg_ctx = + dcesrv_imessaging_context(call->conn); + const char *auth_type = derpc_transport_string_by_transport(transport); + const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE; + + if (transport == NCACN_NP) { + transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB; + } + + /* + * Log the authorization to this RPC interface. This + * covered ncacn_np pass-through auth, and anonymous + * DCE/RPC (eg epmapper, netlogon etc) + */ + log_successful_authz_event(imsg_ctx, + call->conn->dce_ctx->lp_ctx, + call->conn->remote_address, + call->conn->local_address, + "DCE/RPC", + auth_type, + transport_protection, + auth->session_info); + + auth->auth_audited = true; +} diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 4fb5b3e76d1..614c93bf50e 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -363,6 +363,12 @@ struct dcesrv_assoc_group { uint16_t bind_time_features; }; +struct dcesrv_context_callbacks { + struct { + void (*successful_authz)(struct dcesrv_call_state *); + } log; +}; + /* server-wide context information for the dcerpc server */ struct dcesrv_context { /* @@ -402,6 +408,8 @@ struct dcesrv_context { struct idr_context *assoc_groups_idr; struct dcesrv_connection *broken_connections; + + struct dcesrv_context_callbacks callbacks; }; /* this structure is used by modules to determine the size of some critical types */ @@ -426,9 +434,11 @@ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx, const struct dcesrv_interface *iface, const struct security_descriptor *sd); NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server); -NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, - struct loadparm_context *lp_ctx, - const char **endpoint_servers, struct dcesrv_context **_dce_ctx); +NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char **endpoint_servers, + struct dcesrv_context_callbacks *cb, + struct dcesrv_context **_dce_ctx); NTSTATUS dcesrv_reply(struct dcesrv_call_state *call); struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call, diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index bc78a364d7e..73576dc45d0 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -233,37 +233,6 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call) return true; } -static void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call) -{ - struct dcesrv_auth *auth = call->auth_state; - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(call->conn->endpoint->ep_description); - struct imessaging_context *imsg_ctx = - dcesrv_imessaging_context(call->conn); - const char *auth_type = derpc_transport_string_by_transport(transport); - const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE; - - if (transport == NCACN_NP) { - transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB; - } - - /* - * Log the authorization to this RPC interface. This - * covered ncacn_np pass-through auth, and anonymous - * DCE/RPC (eg epmapper, netlogon etc) - */ - log_successful_authz_event(imsg_ctx, - call->conn->dce_ctx->lp_ctx, - call->conn->remote_address, - call->conn->local_address, - "DCE/RPC", - auth_type, - transport_protection, - auth->session_info); - - auth->auth_audited = true; -} - static void dcesrv_default_auth_state_finish_bind(struct dcesrv_call_state *call) { SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_BIND); @@ -321,7 +290,11 @@ void dcesrv_default_auth_state_prepare_request(struct dcesrv_call_state *call) return; } - log_successful_dcesrv_authz_event(call); + if (!call->conn->dce_ctx->callbacks.log.successful_authz) { + return; + } + + call->conn->dce_ctx->callbacks.log.successful_authz(call); } /* @@ -341,7 +314,9 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) auth->auth_context_id = 0; auth->auth_started = true; - log_successful_dcesrv_authz_event(call); + if (call->conn->dce_ctx->callbacks.log.successful_authz) { + call->conn->dce_ctx->callbacks.log.successful_authz(call); + } return true; } diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index 94d8b863bb0..efb3feabcdd 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -40,6 +40,10 @@ #include "../libcli/named_pipe_auth/npa_tstream.h" #include "smbd/process_model.h" +struct dcesrv_context_callbacks srv_callbacks = { + .log.successful_authz = log_successful_dcesrv_authz_event, +}; + /* * Need to run the majority of the RPC endpoints in a single process to allow * for shared handles, and the sharing of ldb contexts. @@ -112,6 +116,7 @@ static NTSTATUS dcesrv_init_endpoints(struct task_server *task, } return NT_STATUS_OK; } + /* * Initialise the RPC service. * And those end points that can be serviced by multiple processes. @@ -130,6 +135,7 @@ static NTSTATUS dcesrv_task_init(struct task_server *task) status = dcesrv_init_context(task->event_ctx, task->lp_ctx, lpcfg_dcerpc_endpoint_servers(task->lp_ctx), + &srv_callbacks, &dce_ctx); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c index fb01f71d53f..bed049bca86 100644 --- a/source4/torture/rpc/spoolss_notify.c +++ b/source4/torture/rpc/spoolss_notify.c @@ -26,6 +26,7 @@ #include "librpc/gen_ndr/ndr_spoolss.h" #include "torture/rpc/torture_rpc.h" #include "rpc_server/dcerpc_server.h" +#include "rpc_server/dcerpc_server_proto.h" #include "rpc_server/service_rpc.h" #include "smbd/process_model.h" #include "smb_server/smb_server.h" @@ -33,6 +34,10 @@ #include "ntvfs/ntvfs.h" #include "param/param.h" +struct dcesrv_context_callbacks srv_cb = { + .log.successful_authz = log_successful_dcesrv_authz_event, +}; + static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context, const struct dcesrv_interface *iface) { @@ -482,7 +487,8 @@ static bool test_start_dcerpc_server(struct torture_context *tctx, address, NULL); torture_assert_ntstatus_ok(tctx, status, "starting smb server"); - status = dcesrv_init_context(tctx, tctx->lp_ctx, endpoints, &dce_ctx); + status = dcesrv_init_context(tctx, tctx->lp_ctx, endpoints, + &srv_cb, &dce_ctx); torture_assert_ntstatus_ok(tctx, status, "unable to initialize DCE/RPC server"); |