s4:rpc_server: add support for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 26 14:23:50 CET 2015 on sn-devel-104

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 4d5e166961c6028629b2d6868fb09662efe97a43..5eac9ee3ef39713171ba16bfa5999e09ae860e3b 100644 (file)
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -1198,6 +1198,7 @@ _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
 
        dce_ctx = talloc(mem_ctx, struct dcesrv_context);
        NT_STATUS_HAVE_NO_MEMORY(dce_ctx);
+       dce_ctx->initial_euid = geteuid();
        dce_ctx->endpoint_list  = NULL;
        dce_ctx->lp_ctx = lp_ctx;
        dce_ctx->assoc_groups_idr = idr_init(dce_ctx);
@@ -1547,6 +1548,37 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn)
        dcesrv_conn->local_address = srv_conn->local_address;
        dcesrv_conn->remote_address = srv_conn->remote_address;
 
+       if (transport == NCALRPC) {
+               uid_t uid;
+               gid_t gid;
+
+               ret = getpeereid(socket_get_fd(srv_conn->socket), &uid, &gid);
+               if (ret == -1) {
+                       status = map_nt_error_from_unix_common(errno);
+                       DEBUG(0, ("dcesrv_sock_accept: "
+                                 "getpeereid() failed for NCALRPC: %s\n",
+                                 nt_errstr(status)));
+                       stream_terminate_connection(srv_conn, nt_errstr(status));
+                       return;
+               }
+               if (uid == dcesrv_conn->dce_ctx->initial_euid) {
+                       struct tsocket_address *r = NULL;
+
+                       ret = tsocket_address_unix_from_path(dcesrv_conn,
+                                                            "/root/ncalrpc_as_system",
+                                                            &r);
+                       if (ret == -1) {
+                               status = map_nt_error_from_unix_common(errno);
+                               DEBUG(0, ("dcesrv_sock_accept: "
+                                         "tsocket_address_unix_from_path() failed for NCALRPC: %s\n",
+                                         nt_errstr(status)));
+                               stream_terminate_connection(srv_conn, nt_errstr(status));
+                               return;
+                       }
+                       dcesrv_conn->remote_address = r;
+               }
+       }
+
        srv_conn->private_data = dcesrv_conn;
 
        irpc_add_name(srv_conn->msg_ctx, "rpc_server");

diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h
index c5d8632f2614d98fd95cc3a8145c39b19c3ba4e5..7b00418c93a5fb993d805408fa4425c76583a7dc 100644 (file)
--- a/source4/rpc_server/dcerpc_server.h
+++ b/source4/rpc_server/dcerpc_server.h
@@ -273,6 +273,13 @@ struct dcesrv_assoc_group {
 
 /* server-wide context information for the dcerpc server */
 struct dcesrv_context {
+       /*
+        * The euid at startup time.
+        *
+        * This is required for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM
+        */
+       uid_t initial_euid;
+
        /* the list of endpoints that have registered 
         * by the configured endpoint servers 
         */