sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s3-rpc_server: Ensure we are root when starting and usiing gensec

Browse Source 
This fixes bug 9465.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Andrew Bartlett 2013-05-02 16:29:21 +12:00 committed by Stefan Metzmacher
parent 9430310dc3
commit 10f6926aaa
1 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
source3/rpc_server/dcesrv_auth_generic.c
View File

@ -24,12 +24,12 @@
#include "auth.h"
#include "auth/gensec/gensec.h"
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
DATA_BLOB *token_in,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
struct gensec_security **ctx)
static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
DATA_BLOB *token_in,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
struct gensec_security **ctx)
{
struct gensec_security *gensec_security = NULL;
NTSTATUS status;
@ -62,6 +62,27 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
uint8_t auth_type, uint8_t auth_level,
DATA_BLOB *token_in,
DATA_BLOB *token_out,
const struct tsocket_address *remote_address,
struct gensec_security **ctx)
{
NTSTATUS status;
become_root();
/* this has to be done as root in order to create the messaging socket */
status = auth_generic_server_authtype_start_as_root(mem_ctx,
auth_type, auth_level,
token_in,
token_out,
remote_address,
ctx);
unbecome_root();
return status;
}
NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
DATA_BLOB *token_in,
@ -101,7 +122,12 @@ NTSTATUS auth_generic_server_get_user_info(struct gensec_security *gensec_securi
{
NTSTATUS status;
/* this has to be done as root in order to get to the
* messaging sockets for IDMAP and privilege.ldb in the AD
* DC */
become_root();
status = gensec_session_info(gensec_security, mem_ctx, session_info);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, (__location__ ": Failed to get authenticated user "
"info: %s\n", nt_errstr(status)));