sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-25 17:57:42 +03:00
Code

rpc_server3: Remove pipes_struct->session_info

Browse Source 
This is a big patch, but all it does is replace all "p->session_info"
with "session_info" after introducing a local variable from
dcesrv_call_session_info(p->dce_call).

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Volker Lendecke 2021-10-04 13:40:02 +02:00 committed by Jeremy Allison
parent 716727c020
commit 8379d8cd53
17 changed files with 471 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm
View File

@ -285,7 +285,6 @@ sub boilerplate_iface($)
$self->indent();
$self->pidl("uint16_t opnum = dce_call->pkt.u.request.opnum;");
$self->pidl("struct pipes_struct *p = NULL;");
$self->pidl("struct auth_session_info *pipe_session_info = NULL;");
$self->pidl("NTSTATUS status = NT_STATUS_OK;");
$self->pidl("bool impersonated = false;");
$self->pidl("");
@ -293,9 +292,6 @@ sub boilerplate_iface($)
$self->pidl("p = dcesrv_get_pipes_struct(dce_call->conn);");
$self->pidl("p->dce_call = dce_call;");
$self->pidl("p->mem_ctx = mem_ctx;");
$self->pidl("/* Update pipes struct session info */");
$self->pidl("pipe_session_info = p->session_info;");
$self->pidl("p->session_info = dce_call->auth_state->session_info;");
$self->pidl("p->auth.auth_type = dce_call->auth_state->auth_type;");
$self->pidl("p->auth.auth_level = dce_call->auth_state->auth_level;");
$self->pidl("p->auth.auth_context_id = dce_call->auth_state->auth_context_id;");
@ -306,7 +302,7 @@ sub boilerplate_iface($)
$self->pidl("/* Impersonate */");
$self->pidl("if (dispatch == S3COMPAT_RPC_DISPATCH_EXTERNAL) {");
$self->indent();
$self->pidl("impersonated = become_authenticated_pipe_user(p->session_info);");
$self->pidl("impersonated = become_authenticated_pipe_user(dce_call->auth_state->session_info);");
$self->pidl("if (!impersonated) {");
$self->indent();
$self->pidl("dce_call->fault_code = DCERPC_FAULT_ACCESS_DENIED;");
@ -339,8 +335,6 @@ sub boilerplate_iface($)
$self->pidl("p->dce_call = NULL;");
$self->pidl("p->mem_ctx = NULL;");
$self->pidl("/* Restore session info */");
$self->pidl("p->session_info = pipe_session_info;");
$self->pidl("p->auth.auth_type = 0;");
$self->pidl("p->auth.auth_level = 0;");
$self->pidl("p->auth.auth_context_id = 0;");

29
source3/rpc_server/dfs/srv_dfs_nt.c
View File

@ -54,6 +54,8 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
dcesrv_connection_get_local_address(dcesrv_conn);
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct junction_map *jn = NULL;
struct referral *old_referral_list = NULL;
bool self_ref = False;
@ -62,7 +64,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
if (p->session_info->unix_token->uid != sec_initial_uid()) {
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
return WERR_ACCESS_DENIED;
}
@ -84,7 +86,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
/* The following call can change the cwd. */
status = get_referred_path(ctx,
p->session_info,
session_info,
r->in.path,
remote_address,
local_address,
@ -116,7 +118,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
jn->referral_list[jn->referral_count-1].ttl = REFERRAL_TTL;
jn->referral_list[jn->referral_count-1].alternate_path = altpath;
if(!create_msdfs_link(jn, p->session_info)) {
if (!create_msdfs_link(jn, session_info)) {
return WERR_NERR_DFSCANTCREATEJUNCTIONPOINT;
}
@ -131,6 +133,8 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r)
dcesrv_connection_get_local_address(dcesrv_conn);
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct junction_map *jn = NULL;
bool self_ref = False;
int consumedcnt = 0;
@ -139,7 +143,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r)
char *altpath = NULL;
NTSTATUS status;
if (p->session_info->unix_token->uid != sec_initial_uid()) {
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
return WERR_ACCESS_DENIED;
}
@ -164,7 +168,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r)
}
status = get_referred_path(ctx,
p->session_info,
session_info,
r->in.dfs_entry_path,
remote_address,
local_address,
@ -176,7 +180,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r)
/* if no server-share pair given, remove the msdfs link completely */
if(!r->in.servername && !r->in.sharename) {
if(!remove_msdfs_link(jn, p->session_info)) {
if(!remove_msdfs_link(jn, session_info)) {
return WERR_NERR_DFSNOSUCHVOLUME;
}
} else {
@ -207,11 +211,11 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r)
/* Only one referral, remove it */
if(jn->referral_count == 1) {
if(!remove_msdfs_link(jn, p->session_info)) {
if(!remove_msdfs_link(jn, session_info)) {
return WERR_NERR_DFSNOSUCHVOLUME;
}
} else {
if(!create_msdfs_link(jn, p->session_info)) {
if(!create_msdfs_link(jn, session_info)) {
return WERR_NERR_DFSCANTCREATEJUNCTIONPOINT;
}
}
@ -304,12 +308,15 @@ static bool init_reply_dfs_info_100(TALLOC_CTX *mem_ctx, struct junction_map* j,
WERROR _dfs_Enum(struct pipes_struct *p, struct dfs_Enum *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct junction_map *jn = NULL;
size_t num_jn = 0;
size_t i;
TALLOC_CTX *ctx = talloc_tos();
jn = enum_msdfs_links(ctx, p->session_info, &num_jn);
jn = enum_msdfs_links(ctx, session_info, &num_jn);
if (!jn || num_jn == 0) {
num_jn = 0;
jn = NULL;
@ -383,6 +390,8 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r)
dcesrv_connection_get_local_address(dcesrv_conn);
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int consumedcnt = strlen(r->in.dfs_entry_path);
struct junction_map *jn = NULL;
bool self_ref = False;
@ -404,7 +413,7 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r)
/* The following call can change the cwd. */
status = get_referred_path(ctx,
p->session_info,
session_info,
r->in.dfs_entry_path,
remote_address,
local_address,

7
source3/rpc_server/eventlog/srv_eventlog_nt.c
View File

@ -288,6 +288,9 @@ static bool get_oldest_entry_hook( EVENTLOG_INFO * info )
static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct policy_handle *hnd )
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
EVENTLOG_INFO *elog;
/* first thing is to validate the eventlog name */
@ -321,7 +324,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct
elog->logname = talloc_strdup( elog, ELOG_APPL );
/* do the access check */
if ( !elog_check_access( elog, p->session_info) ) {
if ( !elog_check_access( elog, session_info) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}
@ -339,7 +342,7 @@ static NTSTATUS elog_open( struct pipes_struct * p, const char *logname, struct
/* now do the access check. Close the tdb if we fail here */
if ( !elog_check_access( elog, p->session_info) ) {
if ( !elog_check_access( elog, session_info) ) {
TALLOC_FREE( elog );
return NT_STATUS_ACCESS_DENIED;
}

38
source3/rpc_server/fss/srv_fss_agent.c
View File

@ -438,22 +438,26 @@ static NTSTATUS srv_fssa_start(struct messaging_context *msg_ctx)
*/
static bool fss_permitted(struct pipes_struct *p)
{
if (p->session_info->unix_token->uid == sec_initial_uid()) {
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
if (session_info->unix_token->uid == sec_initial_uid()) {
DEBUG(6, ("Granting FSRVP op, user started smbd\n"));
return true;
}
if (nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(6, ("Granting FSRVP op, administrators group member\n"));
return true;
}
if (nt_token_check_sid(&global_sid_Builtin_Backup_Operators,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(6, ("Granting FSRVP op, backup operators group member\n"));
return true;
}
if (security_token_has_privilege(p->session_info->security_token,
if (security_token_has_privilege(session_info->security_token,
SEC_PRIV_BACKUP)) {
DEBUG(6, ("Granting FSRVP op, backup privilege present\n"));
return true;
@ -728,6 +732,9 @@ static uint32_t map_share_comment(struct fss_sc_smap *sc_smap,
uint32_t _fss_AddToShadowCopySet(struct pipes_struct *p,
struct fss_AddToShadowCopySet *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
uint32_t ret;
struct fss_sc_set *sc_set;
struct fss_sc *sc;
@ -773,12 +780,12 @@ uint32_t _fss_AddToShadowCopySet(struct pipes_struct *p,
goto err_tmp_free;
}
status = fss_conn_create_tos(p->msg_ctx, p->session_info, snum, &conn);
status = fss_conn_create_tos(p->msg_ctx, session_info, snum, &conn);
if (!NT_STATUS_IS_OK(status)) {
ret = HRES_ERROR_V(HRES_E_ACCESSDENIED);
goto err_tmp_free;
}
if (!become_user_without_service_by_session(conn, p->session_info)) {
if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
ret = HRES_ERROR_V(HRES_E_ACCESSDENIED);
goto err_tmp_free;
@ -929,6 +936,9 @@ static NTSTATUS commit_sc_with_conn(TALLOC_CTX *mem_ctx,
uint32_t _fss_CommitShadowCopySet(struct pipes_struct *p,
struct fss_CommitShadowCopySet *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct fss_sc_set *sc_set;
struct fss_sc *sc;
uint32_t commit_count;
@ -961,7 +971,7 @@ uint32_t _fss_CommitShadowCopySet(struct pipes_struct *p,
char *base_path;
char *snap_path;
status = commit_sc_with_conn(frame, global_event_context(),
p->msg_ctx, p->session_info, sc,
p->msg_ctx, session_info, sc,
&base_path, &snap_path);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("snap create failed for shadow copy of "
@ -1330,6 +1340,9 @@ uint32_t _fss_AbortShadowCopySet(struct pipes_struct *p,
uint32_t _fss_IsPathSupported(struct pipes_struct *p,
struct fss_IsPathSupported *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int snum;
char *service;
char *base_vol;
@ -1358,12 +1371,12 @@ uint32_t _fss_IsPathSupported(struct pipes_struct *p,
return HRES_ERROR_V(HRES_E_INVALIDARG);
}
status = fss_conn_create_tos(p->msg_ctx, p->session_info, snum, &conn);
status = fss_conn_create_tos(p->msg_ctx, session_info, snum, &conn);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return HRES_ERROR_V(HRES_E_ACCESSDENIED);
}
if (!become_user_without_service_by_session(conn, p->session_info)) {
if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
TALLOC_FREE(frame);
return HRES_ERROR_V(HRES_E_ACCESSDENIED);
@ -1569,6 +1582,9 @@ err_cancel:
uint32_t _fss_DeleteShareMapping(struct pipes_struct *p,
struct fss_DeleteShareMapping *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct fss_sc_set *sc_set;
struct fss_sc *sc;
struct fss_sc_smap *sc_smap;
@ -1638,11 +1654,11 @@ uint32_t _fss_DeleteShareMapping(struct pipes_struct *p,
goto err_tmp_free;
}
status = fss_conn_create_tos(p->msg_ctx, p->session_info, snum, &conn);
status = fss_conn_create_tos(p->msg_ctx, session_info, snum, &conn);
if (!NT_STATUS_IS_OK(status)) {
goto err_tmp_free;
}
if (!become_user_without_service_by_session(conn, p->session_info)) {
if (!become_user_without_service_by_session(conn, session_info)) {
DEBUG(0, ("failed to become user\n"));
status = NT_STATUS_ACCESS_DENIED;
goto err_tmp_free;

108
source3/rpc_server/lsa/srv_lsa_nt.c
View File

@ -392,6 +392,9 @@ static NTSTATUS create_lsa_policy_handle(TALLOC_CTX *mem_ctx,
NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
struct lsa_OpenPolicy2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t des_access = r->in.access_mask;
@ -404,8 +407,8 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
}
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
/* map the generic bits to the lsa policy ones */
@ -418,7 +421,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenPolicy2" );
if (!NT_STATUS_IS_OK(status)) {
@ -1529,6 +1532,9 @@ static NTSTATUS lsa_lookup_trusted_domain_by_name(TALLOC_CTX *mem_ctx,
NTSTATUS _lsa_OpenSecret(struct pipes_struct *p,
struct lsa_OpenSecret *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *psd;
NTSTATUS status;
uint32_t acc_granted;
@ -1547,8 +1553,8 @@ NTSTATUS _lsa_OpenSecret(struct pipes_struct *p,
}
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
@ -1564,7 +1570,7 @@ NTSTATUS _lsa_OpenSecret(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
r->in.access_mask,
&acc_granted, "_lsa_OpenSecret");
@ -1595,6 +1601,9 @@ static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p,
struct trustdom_info *info,
struct policy_handle *handle)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t acc_granted;
@ -1604,8 +1613,8 @@ static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p,
* handle - so don't check against policy handle. */
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&access_mask);
/* map the generic bits to the lsa account ones */
@ -1619,7 +1628,7 @@ static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
access_mask, &acc_granted,
"_lsa_OpenTrustedDomain");
@ -1705,6 +1714,9 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
TALLOC_CTX *mem_ctx, DATA_BLOB *auth_blob,
struct trustDomainPasswords *auth_struct)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
enum ndr_err_code ndr_err;
DATA_BLOB lsession_key;
gnutls_cipher_hd_t cipher_hnd = NULL;
@ -1713,14 +1725,14 @@ static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p,
int rc;
bool encrypted;
encrypted =
dcerpc_is_transport_encrypted(p->session_info);
encrypted = dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
return NT_STATUS_ACCESS_DENIED;
}
status = session_extract_session_key(p->session_info, &lsession_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &lsession_key, KEY_USE_16BYTES);
if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_INVALID_PARAMETER;
}
@ -1832,6 +1844,9 @@ static NTSTATUS get_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
struct lsa_CreateTrustedDomainEx2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct lsa_info *policy;
NTSTATUS status;
uint32_t acc_granted;
@ -1858,14 +1873,15 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
if (p->session_info->unix_token->uid != sec_initial_uid() &&
!nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS)) {
if (session_info->unix_token->uid != sec_initial_uid() &&
!nt_token_check_domain_rid(
session_info->security_token, DOMAIN_RID_ADMINS)) {
return NT_STATUS_ACCESS_DENIED;
}
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
@ -1878,7 +1894,7 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
r->in.access_mask, &acc_granted,
"_lsa_CreateTrustedDomainEx2");
@ -2316,6 +2332,9 @@ NTSTATUS _lsa_QueryTrustedDomainInfoByName(struct pipes_struct *p,
NTSTATUS _lsa_CreateSecret(struct pipes_struct *p,
struct lsa_CreateSecret *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_info *handle;
uint32_t acc_granted;
@ -2339,8 +2358,8 @@ NTSTATUS _lsa_CreateSecret(struct pipes_struct *p,
}
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
@ -2353,7 +2372,7 @@ NTSTATUS _lsa_CreateSecret(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
r->in.access_mask,
&acc_granted, "_lsa_CreateSecret");
@ -2401,6 +2420,9 @@ NTSTATUS _lsa_CreateSecret(struct pipes_struct *p,
NTSTATUS _lsa_SetSecret(struct pipes_struct *p,
struct lsa_SetSecret *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_info *info = NULL;
DATA_BLOB blob_new, blob_old;
@ -2423,7 +2445,8 @@ NTSTATUS _lsa_SetSecret(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
return status;
}
@ -2478,6 +2501,9 @@ NTSTATUS _lsa_SetSecret(struct pipes_struct *p,
NTSTATUS _lsa_QuerySecret(struct pipes_struct *p,
struct lsa_QuerySecret *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct lsa_info *info = NULL;
DATA_BLOB blob_new, blob_old;
DATA_BLOB blob_new_crypt, blob_old_crypt;
@ -2506,7 +2532,8 @@ NTSTATUS _lsa_QuerySecret(struct pipes_struct *p,
return status;
}
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
return status;
}
@ -2814,6 +2841,9 @@ NTSTATUS _lsa_EnumAccounts(struct pipes_struct *p,
NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
struct lsa_GetUserName *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const char *username, *domname;
struct lsa_String *account_name = NULL;
struct lsa_String *authority_name = NULL;
@ -2833,7 +2863,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
/*
* I'm 99% sure this is not the right place to do this,
* global_sid_Anonymous should probably be put into the token
@ -2844,8 +2874,8 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
} else {
username = p->session_info->unix_info->sanitized_username;
domname = p->session_info->info->domain_name;
username = session_info->unix_info->sanitized_username;
domname = session_info->info->domain_name;
}
account_name = talloc(p->mem_ctx, struct lsa_String);
@ -2877,6 +2907,9 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
struct lsa_CreateAccount *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_info *handle;
uint32_t acc_granted;
@ -2904,8 +2937,8 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
}
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
@ -2918,7 +2951,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, r->in.access_mask,
&acc_granted, "_lsa_CreateAccount");
if (!NT_STATUS_IS_OK(status)) {
@ -2949,6 +2982,9 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
struct lsa_OpenAccount *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
size_t sd_size;
uint32_t des_access = r->in.access_mask;
@ -2973,8 +3009,8 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
* handle - so don't check against policy handle. */
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
/* map the generic bits to the lsa account ones */
@ -2988,7 +3024,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
return status;
}
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, des_access,
&acc_granted, "_lsa_OpenAccount" );
if (!NT_STATUS_IS_OK(status)) {
@ -3346,6 +3382,9 @@ NTSTATUS _lsa_QuerySecurity(struct pipes_struct *p,
NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
struct lsa_AddAccountRights *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int i = 0;
uint32_t acc_granted = 0;
struct security_descriptor *psd = NULL;
@ -3378,7 +3417,7 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
* on the account sid. We don't check here so just use the latter. JRA.
*/
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|LSA_ACCOUNT_VIEW,
&acc_granted, "_lsa_AddAccountRights" );
@ -3417,6 +3456,9 @@ NTSTATUS _lsa_AddAccountRights(struct pipes_struct *p,
NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
struct lsa_RemoveAccountRights *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int i = 0;
struct security_descriptor *psd = NULL;
size_t sd_size;
@ -3449,7 +3491,7 @@ NTSTATUS _lsa_RemoveAccountRights(struct pipes_struct *p,
* and DELETE on the account sid.
*/
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0,
LSA_ACCOUNT_ADJUST_PRIVILEGES|LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
LSA_ACCOUNT_VIEW|SEC_STD_DELETE,

10
source3/rpc_server/mdssvc/srv_mdssvc_nt.c
View File

@ -44,6 +44,9 @@ static NTSTATUS create_mdssvc_policy_handle(TALLOC_CTX *mem_ctx,
const char *path,
struct policy_handle *handle)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct mds_ctx *mds_ctx;
ZERO_STRUCTP(handle);
@ -51,7 +54,7 @@ static NTSTATUS create_mdssvc_policy_handle(TALLOC_CTX *mem_ctx,
mds_ctx = mds_init_ctx(mem_ctx,
messaging_tevent_context(p->msg_ctx),
p->msg_ctx,
p->session_info,
session_info,
snum,
sharename,
path);
@ -149,6 +152,9 @@ void _mdssvc_unknown1(struct pipes_struct *p, struct mdssvc_unknown1 *r)
void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
bool ok;
char *rbuf;
struct mds_ctx *mds_ctx;
@ -173,7 +179,7 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
DEBUG(10, ("%s: path: %s\n", __func__, mds_ctx->spath));
ok = security_token_is_sid(p->session_info->security_token,
ok = security_token_is_sid(session_info->security_token,
&mds_ctx->sid);
if (!ok) {
struct dom_sid_buf buf;

28
source3/rpc_server/netlogon/srv_netlog_nt.c
View File

@ -185,6 +185,8 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
struct netr_LogonControl2Ex *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
uint32_t flags = 0x0;
WERROR pdc_connection_status = WERR_OK;
uint32_t logon_attempts = 0x0;
@ -230,8 +232,11 @@ WERROR _netr_LogonControl2Ex(struct pipes_struct *p,
break;
default:
if ((geteuid() != sec_initial_uid()) &&
!nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(&global_sid_Builtin_Administrators, p->session_info->security_token))
!nt_token_check_domain_rid(
session_info->security_token, DOMAIN_RID_ADMINS) &&
!nt_token_check_sid(
&global_sid_Builtin_Administrators,
session_info->security_token))
{
return WERR_ACCESS_DENIED;
}
@ -413,6 +418,8 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(struct pipes_struct *p,
dcesrv_connection_get_local_address(dcesrv_conn);
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
NTSTATUS result = NT_STATUS_OK;
DATA_BLOB blob;
@ -431,7 +438,7 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(struct pipes_struct *p,
&ndr_table_lsarpc,
remote_address,
local_address,
p->session_info,
session_info,
p->msg_ctx,
&h);
if (!NT_STATUS_IS_OK(status)) {
@ -1422,6 +1429,9 @@ static NTSTATUS netr_set_machine_account_password(
NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
struct netr_ServerPasswordSet *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status = NT_STATUS_OK;
size_t i;
struct netlogon_creds_CredentialState *creds = NULL;
@ -1465,7 +1475,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
cr.creds.nt_hash = r->in.new_password;
status = netr_set_machine_account_password(p->mem_ctx,
p->session_info,
session_info,
p->msg_ctx,
creds->sid,
&cr);
@ -1479,6 +1489,9 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
struct netr_ServerPasswordSet2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct netlogon_creds_CredentialState *creds = NULL;
DATA_BLOB plaintext = data_blob_null;
@ -1627,7 +1640,7 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
}
status = netr_set_machine_account_password(p->mem_ctx,
p->session_info,
session_info,
p->msg_ctx,
creds->sid,
&cr);
@ -2692,11 +2705,14 @@ static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx,
WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
struct netr_DsRGetForestTrustInformation *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
struct lsa_ForestTrustInformation *info, **info_ptr;
enum security_user_level security_level;
security_level = security_session_user_level(p->session_info, NULL);
security_level = security_session_user_level(session_info, NULL);
if (security_level < SECURITY_USER) {
return WERR_ACCESS_DENIED;
}

6
source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c
View File

@ -21,6 +21,7 @@
#include "includes.h"
#include "ntdomain.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/gen_ndr/ndr_ntsvcs.h"
#include "librpc/gen_ndr/ndr_ntsvcs_scompat.h"
#include "services/svc_winreg_glue.h"
@ -126,6 +127,9 @@ _PNP_GetDeviceRegProp
WERROR _PNP_GetDeviceRegProp(struct pipes_struct *p,
struct PNP_GetDeviceRegProp *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
char *ptr;
const char *result;
DATA_BLOB blob;
@ -148,7 +152,7 @@ WERROR _PNP_GetDeviceRegProp(struct pipes_struct *p,
result = svcctl_lookup_dispname(mem_ctx,
p->msg_ctx,
p->session_info,
session_info,
ptr);
if (result == NULL) {
return WERR_GEN_FAILURE;

7
source3/rpc_server/rpc_handles.c
View File

@ -207,6 +207,8 @@ bool pipe_access_check(struct pipes_struct *p)
struct dcesrv_call_state *dce_call = p->dce_call;
struct dcesrv_auth *auth_state = dce_call->auth_state;
enum dcerpc_AuthType auth_type = DCERPC_AUTH_TYPE_NONE;
struct auth_session_info *session_info = NULL;
enum security_user_level user_level;
if (!auth_state->auth_finished) {
return false;
@ -219,7 +221,10 @@ bool pipe_access_check(struct pipes_struct *p)
return True;
}
if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
session_info = dcesrv_call_session_info(dce_call);
user_level = security_session_user_level(session_info, NULL);
if (user_level < SECURITY_USER) {
return False;
}
}

1
source3/rpc_server/rpc_pipes.h
View File

@ -39,7 +39,6 @@ struct pipes_struct {
enum dcerpc_transport_t transport;
struct auth_session_info *session_info;
struct messaging_context *msg_ctx;
struct pipe_auth_data auth;

118
source3/rpc_server/samr/srv_samr_nt.c
View File

@ -536,6 +536,9 @@ NTSTATUS _samr_Close(struct pipes_struct *p, struct samr_Close *r)
NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
struct samr_OpenDomain *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
uint32_t acc_granted;
uint32_t des_access = r->in.access_mask;
@ -556,8 +559,8 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
}
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
@ -567,7 +570,8 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* Users with SeAddUser get the ability to manipulate groups
* and aliases.
*/
if (security_token_has_privilege(p->session_info->security_token, SEC_PRIV_ADD_USERS)) {
if (security_token_has_privilege(
session_info->security_token, SEC_PRIV_ADD_USERS)) {
extra_access |= (SAMR_DOMAIN_ACCESS_CREATE_GROUP |
SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
@ -580,7 +584,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
* SAMR_DOMAIN_ACCESS_CREATE_USER access.
*/
status = access_check_object( psd, p->session_info->security_token,
status = access_check_object( psd, session_info->security_token,
SEC_PRIV_MACHINE_ACCOUNT, SEC_PRIV_ADD_USERS,
extra_access, des_access,
&acc_granted, "_samr_OpenDomain" );
@ -1892,6 +1896,8 @@ NTSTATUS _samr_ChangePasswordUser2(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
char *user_name = NULL;
char *rhost;
@ -1925,7 +1931,7 @@ NTSTATUS _samr_ChangePasswordUser2(struct pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
encrypted = dcerpc_is_transport_encrypted(p->session_info);
encrypted = dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
return NT_STATUS_ACCESS_DENIED;
@ -1964,6 +1970,8 @@ NTSTATUS _samr_OemChangePasswordUser2(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
NTSTATUS status;
char *user_name = NULL;
const char *wks = NULL;
@ -2006,7 +2014,7 @@ NTSTATUS _samr_OemChangePasswordUser2(struct pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
encrypted = dcerpc_is_transport_encrypted(p->session_info);
encrypted = dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
return NT_STATUS_ACCESS_DENIED;
@ -2272,6 +2280,9 @@ NTSTATUS _samr_LookupRids(struct pipes_struct *p,
NTSTATUS _samr_OpenUser(struct pipes_struct *p,
struct samr_OpenUser *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct samu *sampass=NULL;
struct dom_sid sid;
struct samr_info *dinfo;
@ -2309,8 +2320,8 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
return NT_STATUS_NO_SUCH_USER;
/* check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
@ -2358,8 +2369,10 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
* DOMAIN_RID_ADMINS.
*/
if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
if (lp_enable_privileges() && nt_token_check_domain_rid(p->session_info->security_token,
DOMAIN_RID_ADMINS)) {
if (lp_enable_privileges() &&
nt_token_check_domain_rid(
session_info->security_token,
DOMAIN_RID_ADMINS)) {
des_access &= ~GENERIC_RIGHTS_USER_WRITE;
extra_access = GENERIC_RIGHTS_USER_WRITE;
DEBUG(4,("_samr_OpenUser: Allowing "
@ -2371,7 +2384,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
TALLOC_FREE(sampass);
nt_status = access_check_object(psd, p->session_info->security_token,
nt_status = access_check_object(psd, session_info->security_token,
needed_priv_1, needed_priv_2,
GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_OpenUser");
@ -2808,6 +2821,9 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
struct samr_UserInfo18 *r,
struct dom_sid *user_sid)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct samu *smbpass=NULL;
bool ret;
const uint8_t *nt_pass = NULL;
@ -2819,7 +2835,7 @@ static NTSTATUS get_user_info_18(struct pipes_struct *p,
return NT_STATUS_INVALID_INFO_CLASS;
}
if (!security_token_is_system(p->session_info->security_token)) {
if (!security_token_is_system(session_info->security_token)) {
return NT_STATUS_ACCESS_DENIED;
}
@ -3852,6 +3868,9 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
struct samr_CreateUser2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const char *account = NULL;
struct dom_sid sid;
uint32_t acb_info = r->in.acct_flags;
@ -3906,25 +3925,25 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
} else if (acb_info & ACB_WSTRUST) {
needed_priv = SEC_PRIV_MACHINE_ACCOUNT;
can_add_account = security_token_has_privilege(
p->session_info->security_token, needed_priv);
session_info->security_token, needed_priv);
} else if (acb_info & ACB_NORMAL &&
(account[strlen(account)-1] != '$')) {
/* usrmgr.exe (and net rpc trustdom add) creates a normal user
account for domain trusts and changes the ACB flags later */
needed_priv = SEC_PRIV_ADD_USERS;
can_add_account = security_token_has_privilege(
p->session_info->security_token, needed_priv);
session_info->security_token, needed_priv);
} else if (lp_enable_privileges()) {
/* implicit assumption of a BDC or domain trust account here
* (we already check the flags earlier) */
/* only Domain Admins can add a BDC or domain trust */
can_add_account = nt_token_check_domain_rid(
p->session_info->security_token,
session_info->security_token,
DOMAIN_RID_ADMINS );
}
DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
uidtoname(p->session_info->unix_token->uid),
uidtoname(session_info->unix_token->uid),
can_add_account ? "True":"False" ));
if (!can_add_account) {
@ -3951,8 +3970,8 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
@ -3966,7 +3985,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
* just assume we have all the rights we need ?
*/
nt_status = access_check_object(psd, p->session_info->security_token,
nt_status = access_check_object(psd, session_info->security_token,
needed_priv, SEC_PRIV_INVALID,
GENERIC_RIGHTS_USER_WRITE, des_access,
&acc_granted, "_samr_CreateUser2");
@ -4021,6 +4040,9 @@ NTSTATUS _samr_CreateUser(struct pipes_struct *p,
NTSTATUS _samr_Connect(struct pipes_struct *p,
struct samr_Connect *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
uint32_t acc_granted;
uint32_t des_access = r->in.access_mask;
NTSTATUS status;
@ -4036,8 +4058,8 @@ NTSTATUS _samr_Connect(struct pipes_struct *p,
was observed from a win98 client trying to enumerate users (when configured
user level access control on shares) --jerry */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
se_map_generic( &des_access, &sam_generic_mapping );
@ -4068,6 +4090,8 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p,
struct samr_Connect2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *psd = NULL;
uint32_t acc_granted;
uint32_t des_access = r->in.access_mask;
@ -4099,14 +4123,14 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
nt_status = access_check_object(psd, p->session_info->security_token,
nt_status = access_check_object(psd, session_info->security_token,
SEC_PRIV_INVALID, SEC_PRIV_INVALID,
0, des_access, &acc_granted, fn);
@ -4298,6 +4322,9 @@ NTSTATUS _samr_EnumDomains(struct pipes_struct *p,
NTSTATUS _samr_OpenAlias(struct pipes_struct *p,
struct samr_OpenAlias *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct dom_sid sid;
uint32_t alias_rid = r->in.rid;
struct samr_info *dinfo;
@ -4324,14 +4351,14 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p,
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
se_map_generic(&des_access,&ali_generic_mapping);
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID,
GENERIC_RIGHTS_ALIAS_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenAlias");
@ -5228,6 +5255,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct samr_info *uinfo;
NTSTATUS status;
struct samu *pwd = NULL;
@ -5405,7 +5434,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
break;
case 18:
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
break;
}
@ -5422,7 +5452,8 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
break;
case 21:
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
break;
}
@ -5434,14 +5465,15 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
case 23:
encrypted =
dcerpc_is_transport_encrypted(p->session_info);
dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
status = NT_STATUS_ACCESS_DENIED;
break;
}
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
break;
}
@ -5470,14 +5502,15 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
case 24:
encrypted =
dcerpc_is_transport_encrypted(p->session_info);
dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
status = NT_STATUS_ACCESS_DENIED;
break;
}
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
break;
}
@ -5505,14 +5538,15 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
case 25:
encrypted =
dcerpc_is_transport_encrypted(p->session_info);
dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
status = NT_STATUS_ACCESS_DENIED;
break;
}
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
break;
}
@ -5539,14 +5573,15 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
case 26:
encrypted =
dcerpc_is_transport_encrypted(p->session_info);
dcerpc_is_transport_encrypted(session_info);
if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED &&
!encrypted) {
status = NT_STATUS_ACCESS_DENIED;
break;
}
status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES);
status = session_extract_session_key(
session_info, &session_key, KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
break;
}
@ -6650,6 +6685,9 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
struct samr_OpenGroup *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct dom_sid info_sid;
struct dom_sid_buf buf;
GROUP_MAP *map;
@ -6672,14 +6710,14 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
}
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
p->session_info->unix_token,
map_max_allowed_access(session_info->security_token,
session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
se_map_generic(&des_access,&grp_generic_mapping);
status = access_check_object(psd, p->session_info->security_token,
status = access_check_object(psd, session_info->security_token,
SEC_PRIV_ADD_USERS, SEC_PRIV_INVALID, GENERIC_RIGHTS_GROUP_ALL_ACCESS,
des_access, &acc_granted, "_samr_OpenGroup");

9
source3/rpc_server/spoolss/srv_iremotewinspool.c
View File

@ -82,7 +82,6 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state *
{
uint16_t opnum = dce_call->pkt.u.request.opnum;
struct pipes_struct *p = NULL;
struct auth_session_info *pipe_session_info = NULL;
NTSTATUS status = NT_STATUS_OK;
bool impersonated = false;
@ -94,9 +93,6 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state *
p = dcesrv_get_pipes_struct(dce_call->conn);
p->dce_call = dce_call;
p->mem_ctx = mem_ctx;
/* Update pipes struct session info */
pipe_session_info = p->session_info;
p->session_info = dce_call->auth_state->session_info;
p->auth.auth_type = dce_call->auth_state->auth_type;
p->auth.auth_level = dce_call->auth_state->auth_level;
p->auth.auth_context_id = dce_call->auth_state->auth_context_id;
@ -105,7 +101,8 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state *
/* Impersonate */
if (!rpcint_call) {
impersonated = become_authenticated_pipe_user(p->session_info);
impersonated = become_authenticated_pipe_user(
dce_call->auth_state->session_info);
if (!impersonated) {
dce_call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
status = NT_STATUS_NET_WRITE_FAULT;
@ -1233,8 +1230,6 @@ fail:
p->dce_call = NULL;
p->mem_ctx = NULL;
/* Restore session info */
p->session_info = pipe_session_info;
p->auth.auth_type = 0;
p->auth.auth_level = 0;
p->auth.auth_context_id = 0;

104
source3/rpc_server/spoolss/srv_spoolss_nt.c
View File

@ -413,6 +413,9 @@ static WERROR delete_printer_hook(TALLOC_CTX *ctx, struct security_token *token,
static WERROR delete_printer_handle(struct pipes_struct *p, struct policy_handle *hnd)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct printer_handle *Printer = find_printer_index_by_hnd(p, hnd);
WERROR result;
@ -447,7 +450,7 @@ static WERROR delete_printer_handle(struct pipes_struct *p, struct policy_handle
return WERR_INVALID_HANDLE;
}
result = delete_printer_hook(p->mem_ctx, p->session_info->security_token,
result = delete_printer_hook(p->mem_ctx, session_info->security_token,
Printer->sharename, p->msg_ctx);
if (!W_ERROR_IS_OK(result)) {
return result;
@ -1680,6 +1683,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int snum;
char *raddr;
char *rhost;
@ -1805,10 +1810,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
if ((session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(
session_info->security_token,
SEC_PRIV_PRINT_OPERATOR) &&
!nt_token_check_sid(&global_sid_Builtin_Print_Operators,
p->session_info->security_token)) {
session_info->security_token)) {
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
DEBUG(3,("access DENIED as user is not root, "
@ -1885,10 +1892,10 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
if (!user_ok_token(p->session_info->unix_info->unix_name,
p->session_info->info->domain_name,
p->session_info->security_token, snum) ||
!W_ERROR_IS_OK(print_access_check(p->session_info,
if (!user_ok_token(session_info->unix_info->unix_name,
session_info->info->domain_name,
session_info->security_token, snum) ||
!W_ERROR_IS_OK(print_access_check(session_info,
p->msg_ctx,
snum,
r->in.access_mask))) {
@ -2036,6 +2043,9 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
struct spoolss_DeletePrinterDriver *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct spoolss_DriverInfo8 *info = NULL;
int version;
WERROR status;
@ -2047,8 +2057,8 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token,
if ((session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(session_info->security_token,
SEC_PRIV_PRINT_OPERATOR)) {
return WERR_ACCESS_DENIED;
}
@ -2118,6 +2128,9 @@ static WERROR spoolss_dpd_version(TALLOC_CTX *mem_ctx,
struct dcerpc_binding_handle *b,
struct spoolss_DriverInfo8 *info)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
WERROR status;
bool delete_files;
@ -2166,7 +2179,7 @@ static WERROR spoolss_dpd_version(TALLOC_CTX *mem_ctx,
* because the driver doesn not exist any more
*/
if (delete_files) {
delete_driver_files(p->session_info, info);
delete_driver_files(session_info, info);
}
done:
@ -2180,6 +2193,9 @@ done:
WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
struct spoolss_DeletePrinterDriverEx *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct spoolss_DriverInfo8 *info = NULL;
WERROR status;
struct dcerpc_binding_handle *b;
@ -2190,8 +2206,8 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token,
if ((session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(session_info->security_token,
SEC_PRIV_PRINT_OPERATOR)) {
return WERR_ACCESS_DENIED;
}
@ -5939,6 +5955,8 @@ WERROR _spoolss_StartDocPrinter(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct spoolss_DocumentInfo1 *info_1;
int snum;
struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle);
@ -6006,7 +6024,7 @@ WERROR _spoolss_StartDocPrinter(struct pipes_struct *p,
}
}
werr = print_job_start(p->session_info,
werr = print_job_start(session_info,
p->msg_ctx,
rhost,
snum,
@ -6109,7 +6127,9 @@ WERROR _spoolss_WritePrinter(struct pipes_struct *p,
static WERROR control_printer(struct policy_handle *handle, uint32_t command,
struct pipes_struct *p)
{
const struct auth_session_info *session_info = p->session_info;
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int snum;
WERROR errcode = WERR_INVALID_FUNCTION;
struct printer_handle *Printer = find_printer_index_by_hnd(p, handle);
@ -6151,6 +6171,9 @@ static WERROR control_printer(struct policy_handle *handle, uint32_t command,
WERROR _spoolss_AbortPrinter(struct pipes_struct *p,
struct spoolss_AbortPrinter *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle);
int snum;
WERROR errcode = WERR_OK;
@ -6168,7 +6191,7 @@ WERROR _spoolss_AbortPrinter(struct pipes_struct *p,
return WERR_SPL_NO_STARTDOC;
}
errcode = print_job_delete(p->session_info,
errcode = print_job_delete(session_info,
p->msg_ctx,
snum,
Printer->jobid);
@ -6966,6 +6989,8 @@ static WERROR update_printer(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
uint32_t printer_mask = SPOOLSS_PRINTER_INFO_ALL;
struct spoolss_SetPrinterInfo2 *printer = info_ctr->info.info2;
struct spoolss_PrinterInfo2 *old_printer;
@ -7045,7 +7070,7 @@ static WERROR update_printer(struct pipes_struct *p,
}
/* add_printer_hook() will call reload_services() */
if (!add_printer_hook(tmp_ctx, p->session_info->security_token,
if (!add_printer_hook(tmp_ctx, session_info->security_token,
printer, raddr,
p->msg_ctx)) {
result = WERR_ACCESS_DENIED;
@ -7795,7 +7820,9 @@ static WERROR spoolss_setjob_1(TALLOC_CTX *mem_ctx,
WERROR _spoolss_SetJob(struct pipes_struct *p,
struct spoolss_SetJob *r)
{
const struct auth_session_info *session_info = p->session_info;
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
int snum;
WERROR errcode = WERR_INVALID_FUNCTION;
@ -8455,6 +8482,8 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
struct dcesrv_connection *dcesrv_conn = dce_call->conn;
const struct tsocket_address *remote_address =
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct spoolss_SetPrinterInfo2 *info2 = info_ctr->info.info2;
uint32_t info2_mask = SPOOLSS_PRINTER_INFO_ALL;
const struct loadparm_substitution *lp_sub =
@ -8513,7 +8542,7 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
return WERR_NOT_ENOUGH_MEMORY;
}
if ( !add_printer_hook(p->mem_ctx, p->session_info->security_token,
if ( !add_printer_hook(p->mem_ctx, session_info->security_token,
info2, raddr,
p->msg_ctx) ) {
return WERR_ACCESS_DENIED;
@ -8530,7 +8559,7 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
}
/* you must be a printer admin to add a new printer */
if (!W_ERROR_IS_OK(print_access_check(p->session_info,
if (!W_ERROR_IS_OK(print_access_check(session_info,
p->msg_ctx,
snum,
PRINTER_ACCESS_ADMINISTER))) {
@ -8636,6 +8665,9 @@ WERROR _spoolss_AddPrinter(struct pipes_struct *p,
WERROR _spoolss_AddPrinterDriverEx(struct pipes_struct *p,
struct spoolss_AddPrinterDriverEx *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
WERROR err = WERR_OK;
const char *driver_name = NULL;
const char *driver_directory = NULL;
@ -8666,7 +8698,7 @@ WERROR _spoolss_AddPrinterDriverEx(struct pipes_struct *p,
DEBUG(5,("Cleaning driver's information\n"));
err = clean_up_driver_struct(p->mem_ctx,
p->session_info,
session_info,
r->in.info_ctr,
r->in.flags,
&driver_directory);
@ -8677,7 +8709,7 @@ WERROR _spoolss_AddPrinterDriverEx(struct pipes_struct *p,
}
DEBUG(5,("Moving driver to final destination\n"));
err = move_driver_to_download_area(p->session_info,
err = move_driver_to_download_area(session_info,
r->in.info_ctr,
driver_directory);
if (!W_ERROR_IS_OK(err)) {
@ -9097,6 +9129,9 @@ WERROR _spoolss_DeletePrinterData(struct pipes_struct *p,
WERROR _spoolss_AddForm(struct pipes_struct *p,
struct spoolss_AddForm *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct spoolss_AddFormInfo1 *form;
int snum = -1;
WERROR status = WERR_OK;
@ -9115,8 +9150,8 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token,
if ((session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(session_info->security_token,
SEC_PRIV_PRINT_OPERATOR)) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@ -9183,6 +9218,9 @@ done:
WERROR _spoolss_DeleteForm(struct pipes_struct *p,
struct spoolss_DeleteForm *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const char *form_name = r->in.form_name;
struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle);
int snum = -1;
@ -9198,8 +9236,8 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
return WERR_INVALID_HANDLE;
}
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token,
if ((session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(session_info->security_token,
SEC_PRIV_PRINT_OPERATOR)) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@ -9248,6 +9286,9 @@ done:
WERROR _spoolss_SetForm(struct pipes_struct *p,
struct spoolss_SetForm *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct spoolss_AddFormInfo1 *form;
const char *form_name = r->in.form_name;
int snum = -1;
@ -9268,8 +9309,8 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token,
if ((session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(session_info->security_token,
SEC_PRIV_PRINT_OPERATOR)) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
return WERR_ACCESS_DENIED;
@ -10762,6 +10803,9 @@ static WERROR process_xcvlocal_command(TALLOC_CTX *mem_ctx,
WERROR _spoolss_XcvData(struct pipes_struct *p,
struct spoolss_XcvData *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle);
DATA_BLOB out_data = data_blob_null;
WERROR werror;
@ -10798,14 +10842,14 @@ WERROR _spoolss_XcvData(struct pipes_struct *p,
switch ( Printer->printer_type ) {
case SPLHND_PORTMON_TCP:
werror = process_xcvtcp_command(p->mem_ctx,
p->session_info->security_token,
session_info->security_token,
r->in.function_name,
&r->in.in_data, &out_data,
r->out.needed);
break;
case SPLHND_PORTMON_LOCAL:
werror = process_xcvlocal_command(p->mem_ctx,
p->session_info->security_token,
session_info->security_token,
r->in.function_name,
&r->in.in_data, &out_data,
r->out.needed);

107
source3/rpc_server/srvsvc/srv_srvsvc_nt.c
View File

@ -27,6 +27,7 @@
#include "system/passwd.h"
#include "lib/util/server_id.h"
#include "ntdomain.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/gen_ndr/ndr_srvsvc.h"
#include "librpc/gen_ndr/ndr_srvsvc_scompat.h"
#include "../libcli/security/security.h"
@ -244,6 +245,9 @@ static void init_srv_share_info_1(struct pipes_struct *p,
struct srvsvc_NetShareInfo1 *r,
int snum)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *net_name = lp_servicename(talloc_tos(), lp_sub, snum);
@ -253,7 +257,7 @@ static void init_srv_share_info_1(struct pipes_struct *p,
remark = talloc_sub_full(
p->mem_ctx, lp_servicename(talloc_tos(), lp_sub, snum),
get_current_username(), lp_path(talloc_tos(), lp_sub, snum),
p->session_info->unix_token->uid, get_current_username(),
session_info->unix_token->uid, get_current_username(),
"", remark);
}
@ -270,6 +274,9 @@ static void init_srv_share_info_2(struct pipes_struct *p,
struct srvsvc_NetShareInfo2 *r,
int snum)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *remark = NULL;
@ -283,7 +290,7 @@ static void init_srv_share_info_2(struct pipes_struct *p,
remark = talloc_sub_full(
p->mem_ctx, lp_servicename(talloc_tos(), lp_sub, snum),
get_current_username(), lp_path(talloc_tos(), lp_sub, snum),
p->session_info->unix_token->uid, get_current_username(),
session_info->unix_token->uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(p->mem_ctx,
@ -341,6 +348,9 @@ static void map_generic_share_sd_bits(struct security_descriptor *psd)
static void init_srv_share_info_501(struct pipes_struct *p,
struct srvsvc_NetShareInfo501 *r, int snum)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
const char *net_name = lp_servicename(talloc_tos(), lp_sub, snum);
@ -350,7 +360,7 @@ static void init_srv_share_info_501(struct pipes_struct *p,
remark = talloc_sub_full(
p->mem_ctx, lp_servicename(talloc_tos(), lp_sub, snum),
get_current_username(), lp_path(talloc_tos(), lp_sub, snum),
p->session_info->unix_token->uid, get_current_username(),
session_info->unix_token->uid, get_current_username(),
"", remark);
}
@ -372,6 +382,9 @@ static void init_srv_share_info_501(struct pipes_struct *p,
static void init_srv_share_info_502(struct pipes_struct *p,
struct srvsvc_NetShareInfo502 *r, int snum)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
const char *net_name = lp_servicename(talloc_tos(), lp_sub, snum);
@ -386,7 +399,7 @@ static void init_srv_share_info_502(struct pipes_struct *p,
remark = talloc_sub_full(
p->mem_ctx, lp_servicename(talloc_tos(), lp_sub, snum),
get_current_username(), lp_path(talloc_tos(), lp_sub, snum),
p->session_info->unix_token->uid, get_current_username(),
session_info->unix_token->uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_path(talloc_tos(), lp_sub, snum));
@ -421,6 +434,9 @@ static void init_srv_share_info_1004(struct pipes_struct *p,
struct srvsvc_NetShareInfo1004 *r,
int snum)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *remark = lp_comment(p->mem_ctx, lp_sub, snum);
@ -429,7 +445,7 @@ static void init_srv_share_info_1004(struct pipes_struct *p,
remark = talloc_sub_full(
p->mem_ctx, lp_servicename(talloc_tos(), lp_sub, snum),
get_current_username(), lp_path(talloc_tos(), lp_sub, snum),
p->session_info->unix_token->uid, get_current_username(),
session_info->unix_token->uid, get_current_username(),
"", remark);
}
@ -520,6 +536,9 @@ static bool is_hidden_share(int snum)
static bool is_enumeration_allowed(struct pipes_struct *p,
int snum)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
@ -527,13 +546,13 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
return true;
}
if (!user_ok_token(p->session_info->unix_info->unix_name,
p->session_info->info->domain_name,
p->session_info->security_token, snum)) {
if (!user_ok_token(session_info->unix_info->unix_name,
session_info->info->domain_name,
session_info->security_token, snum)) {
return false;
}
return share_access_check(p->session_info->security_token,
return share_access_check(session_info->security_token,
lp_servicename(talloc_tos(), lp_sub, snum),
FILE_READ_DATA, NULL);
}
@ -1304,6 +1323,9 @@ static WERROR init_srv_conn_info_1(const char *name,
WERROR _srvsvc_NetFileEnum(struct pipes_struct *p,
struct srvsvc_NetFileEnum *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
TALLOC_CTX *ctx = NULL;
struct srvsvc_NetFileCtr3 *ctr3;
uint32_t resume_hnd = 0;
@ -1317,7 +1339,7 @@ WERROR _srvsvc_NetFileEnum(struct pipes_struct *p,
}
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(1, ("Enumerating files only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@ -1468,12 +1490,15 @@ WERROR _srvsvc_NetSrvSetInfo(struct pipes_struct *p,
WERROR _srvsvc_NetConnEnum(struct pipes_struct *p,
struct srvsvc_NetConnEnum *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
WERROR werr;
DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(1, ("Enumerating connections only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@ -1507,12 +1532,15 @@ WERROR _srvsvc_NetConnEnum(struct pipes_struct *p,
WERROR _srvsvc_NetSessEnum(struct pipes_struct *p,
struct srvsvc_NetSessEnum *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
WERROR werr;
DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(1, ("Enumerating sessions only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
@ -1547,6 +1575,9 @@ WERROR _srvsvc_NetSessEnum(struct pipes_struct *p,
WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
struct srvsvc_NetSessDel *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct sessionid *session_list;
int num_sessions, snum;
const char *username;
@ -1560,8 +1591,8 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
/* fail out now if you are not root or not a domain admin */
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
( ! nt_token_check_domain_rid(p->session_info->security_token,
if ((session_info->unix_token->uid != sec_initial_uid()) &&
( ! nt_token_check_domain_rid(session_info->security_token,
DOMAIN_RID_ADMINS))) {
goto done;
@ -1582,7 +1613,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
NTSTATUS ntstat;
if (p->session_info->unix_token->uid != sec_initial_uid()) {
if (session_info->unix_token->uid != sec_initial_uid()) {
not_root = True;
become_root();
}
@ -1757,6 +1788,9 @@ WERROR _srvsvc_NetShareGetInfo(struct pipes_struct *p,
WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
struct srvsvc_NetShareSetInfo *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *command = NULL;
@ -1811,15 +1845,16 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
if (lp_printable(snum))
return WERR_ACCESS_DENIED;
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
is_disk_op = security_token_has_privilege(
session_info->security_token, SEC_PRIV_DISK_OPERATOR);
/* fail out now if you are not root and not a disk op */
if ( p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) {
if (session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) {
DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the "
"SeDiskOperatorPrivilege privilege needed to modify "
"share %s\n",
(unsigned int)p->session_info->unix_token->uid,
(unsigned int)session_info->unix_token->uid,
share_name ));
return WERR_ACCESS_DENIED;
}
@ -2014,6 +2049,9 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
struct srvsvc_NetShareAdd *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
char *command = NULL;
char *share_name_in = NULL;
char *share_name = NULL;
@ -2037,10 +2075,12 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
*r->out.parm_error = 0;
}
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
is_disk_op = security_token_has_privilege(
session_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op )
if (session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
}
if (!lp_add_share_command(talloc_tos(), lp_sub) || !*lp_add_share_command(talloc_tos(), lp_sub)) {
DBG_WARNING("_srvsvc_NetShareAdd: No \"add share command\" parameter set in smb.conf.\n");
@ -2217,6 +2257,9 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
WERROR _srvsvc_NetShareDel(struct pipes_struct *p,
struct srvsvc_NetShareDel *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
char *command = NULL;
char *share_name = NULL;
int ret;
@ -2252,10 +2295,12 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p,
if (lp_printable(snum))
return WERR_ACCESS_DENIED;
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
is_disk_op = security_token_has_privilege(
session_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op )
if (session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
}
if (!lp_delete_share_command(talloc_tos(), lp_sub) || !*lp_delete_share_command(talloc_tos(), lp_sub)) {
DBG_WARNING("_srvsvc_NetShareDel: No \"delete share command\" parameter set in smb.conf.\n");
@ -2374,6 +2419,9 @@ WERROR _srvsvc_NetRemoteTOD(struct pipes_struct *p,
WERROR _srvsvc_NetGetFileSecurity(struct pipes_struct *p,
struct srvsvc_NetGetFileSecurity *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
TALLOC_CTX *frame = talloc_stackframe();
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
@ -2410,7 +2458,7 @@ WERROR _srvsvc_NetGetFileSecurity(struct pipes_struct *p,
nt_status = create_conn_struct_tos_cwd(global_messaging_context(),
snum,
lp_path(frame, lp_sub, snum),
p->session_info,
session_info,
&c);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_conn_struct failed: %s\n",
@ -2506,6 +2554,9 @@ error_exit:
WERROR _srvsvc_NetSetFileSecurity(struct pipes_struct *p,
struct srvsvc_NetSetFileSecurity *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
TALLOC_CTX *frame = talloc_stackframe();
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
@ -2544,7 +2595,7 @@ WERROR _srvsvc_NetSetFileSecurity(struct pipes_struct *p,
nt_status = create_conn_struct_tos_cwd(global_messaging_context(),
snum,
lp_path(frame, lp_sub, snum),
p->session_info,
session_info,
&c);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_conn_struct failed: %s\n",
@ -2782,14 +2833,18 @@ static int enum_file_close_fn(struct file_id id,
WERROR _srvsvc_NetFileClose(struct pipes_struct *p,
struct srvsvc_NetFileClose *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct enum_file_close_state state;
bool is_disk_op;
DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__));
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
is_disk_op = security_token_has_privilege(
session_info->security_token, SEC_PRIV_DISK_OPERATOR);
if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) {
if (session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
}

35
source3/rpc_server/svcctl/srv_svcctl_nt.c
View File

@ -288,6 +288,9 @@ done:
WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
struct svcctl_OpenSCManagerW *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *sec_desc;
uint32_t access_granted = 0;
NTSTATUS status;
@ -298,7 +301,7 @@ WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
return WERR_NOT_ENOUGH_MEMORY;
se_map_generic( &r->in.access_mask, &scm_generic_map );
status = svcctl_access_check( sec_desc, p->session_info->security_token,
status = svcctl_access_check( sec_desc, session_info->security_token,
r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@ -313,6 +316,9 @@ WERROR _svcctl_OpenSCManagerW(struct pipes_struct *p,
WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
struct svcctl_OpenServiceW *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct security_descriptor *sec_desc;
uint32_t access_granted = 0;
NTSTATUS status;
@ -350,7 +356,7 @@ WERROR _svcctl_OpenServiceW(struct pipes_struct *p,
}
se_map_generic( &r->in.access_mask, &svc_generic_map );
status = svcctl_access_check( sec_desc, p->session_info->security_token,
status = svcctl_access_check( sec_desc, session_info->security_token,
r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
@ -380,6 +386,9 @@ WERROR _svcctl_CloseServiceHandle(struct pipes_struct *p,
WERROR _svcctl_GetServiceDisplayNameW(struct pipes_struct *p,
struct svcctl_GetServiceDisplayNameW *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const char *service;
const char *display_name;
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
@ -393,7 +402,7 @@ WERROR _svcctl_GetServiceDisplayNameW(struct pipes_struct *p,
display_name = svcctl_lookup_dispname(p->mem_ctx,
p->msg_ctx,
p->session_info,
session_info,
service);
if (!display_name) {
display_name = "";
@ -473,6 +482,9 @@ static int enumerate_status(TALLOC_CTX *ctx,
WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p,
struct svcctl_EnumServicesStatusW *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct ENUM_SERVICE_STATUSW *services = NULL;
int num_services;
int i = 0;
@ -492,7 +504,7 @@ WERROR _svcctl_EnumServicesStatusW(struct pipes_struct *p,
num_services = enumerate_status(p->mem_ctx,
p->msg_ctx,
p->session_info,
session_info,
&services);
if (num_services == -1 ) {
return WERR_NOT_ENOUGH_MEMORY;
@ -754,6 +766,9 @@ static WERROR fill_svc_config(TALLOC_CTX *mem_ctx,
WERROR _svcctl_QueryServiceConfigW(struct pipes_struct *p,
struct svcctl_QueryServiceConfigW *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
uint32_t buffer_size;
WERROR wresult;
@ -773,7 +788,7 @@ WERROR _svcctl_QueryServiceConfigW(struct pipes_struct *p,
wresult = fill_svc_config(p->mem_ctx,
p->msg_ctx,
p->session_info,
session_info,
info->name,
r->out.query);
if ( !W_ERROR_IS_OK(wresult) )
@ -797,6 +812,9 @@ WERROR _svcctl_QueryServiceConfigW(struct pipes_struct *p,
WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
struct svcctl_QueryServiceConfig2W *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
uint32_t buffer_size;
DATA_BLOB blob = data_blob_null;
@ -822,7 +840,7 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
description = svcctl_lookup_description(p->mem_ctx,
p->msg_ctx,
p->session_info,
session_info,
info->name);
desc_buf.description = description;
@ -979,6 +997,9 @@ WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
WERROR _svcctl_SetServiceObjectSecurity(struct pipes_struct *p,
struct svcctl_SetServiceObjectSecurity *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
struct security_descriptor *sec_desc = NULL;
uint32_t required_access;
@ -1025,7 +1046,7 @@ WERROR _svcctl_SetServiceObjectSecurity(struct pipes_struct *p,
/* store the new SD */
if (!svcctl_set_secdesc(p->msg_ctx, p->session_info, info->name, sec_desc))
if (!svcctl_set_secdesc(p->msg_ctx, session_info, info->name, sec_desc))
return WERR_ACCESS_DENIED;
return WERR_OK;

18
source3/rpc_server/winreg/srv_winreg_nt.c
View File

@ -22,6 +22,7 @@
#include "includes.h"
#include "ntdomain.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/gen_ndr/ndr_winreg.h"
#include "librpc/gen_ndr/ndr_winreg_scompat.h"
#include "registry.h"
@ -75,12 +76,15 @@ static WERROR open_registry_key(struct pipes_struct *p,
const char *subkeyname,
uint32_t access_desired)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
WERROR result = WERR_OK;
struct registry_key *key;
if (parent == NULL) {
result = reg_openhive(p->mem_ctx, subkeyname, access_desired,
p->session_info->security_token, &key);
session_info->security_token, &key);
}
else {
result = reg_openkey(p->mem_ctx, parent, subkeyname,
@ -546,6 +550,9 @@ WERROR _winreg_InitiateSystemShutdown(struct pipes_struct *p,
WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
struct winreg_InitiateSystemShutdownEx *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *shutdown_script = NULL;
@ -607,7 +614,8 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
return WERR_NOT_ENOUGH_MEMORY;
}
can_shutdown = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
can_shutdown = security_token_has_privilege(
session_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
Take the error return from the script and provide it as the Windows return code. */
@ -637,6 +645,9 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p,
struct winreg_AbortSystemShutdown *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
const char *abort_shutdown_script = NULL;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
@ -647,7 +658,8 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p,
if (!*abort_shutdown_script)
return WERR_ACCESS_DENIED;
can_shutdown = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
can_shutdown = security_token_has_privilege(
session_info->security_token, SEC_PRIV_REMOTE_SHUTDOWN);
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/

35
source3/rpc_server/wkssvc/srv_wkssvc_nt.c
View File

@ -24,6 +24,7 @@
#include "includes.h"
#include "ntdomain.h"
#include "librpc/rpc/dcesrv_core.h"
#include "librpc/gen_ndr/libnet_join.h"
#include "libnet/libnet_join.h"
#include "../libcli/auth/libcli_auth.h"
@ -361,6 +362,9 @@ static struct wkssvc_NetWkstaInfo102 *create_wks_info_102(TALLOC_CTX *mem_ctx)
WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
struct wkssvc_NetWkstaGetInfo *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct dom_sid_buf buf;
switch (r->in.level) {
@ -375,7 +379,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
case 101:
/* Level 101 can be allowed from any logged in user */
if (!nt_token_check_sid(&global_sid_Authenticated_Users,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaGetInfo level "
"101\n"));
DEBUGADD(3,(" - does not have sid for Authenticated "
@ -384,7 +388,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
&global_sid_Authenticated_Users,
&buf)));
security_token_debug(DBGC_CLASS, 3,
p->session_info->security_token);
session_info->security_token);
return WERR_ACCESS_DENIED;
}
r->out.info->info101 = create_wks_info_101(p->mem_ctx);
@ -395,7 +399,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
case 102:
/* Level 102 Should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
session_info->security_token)) {
DEBUG(1,("User not allowed for NetWkstaGetInfo level "
"102\n"));
DEBUGADD(3,(" - does not have sid for Administrators "
@ -404,7 +408,7 @@ WERROR _wkssvc_NetWkstaGetInfo(struct pipes_struct *p,
&global_sid_Builtin_Administrators,
&buf)));
security_token_debug(DBGC_CLASS, 3,
p->session_info->security_token);
session_info->security_token);
return WERR_ACCESS_DENIED;
}
r->out.info->info102 = create_wks_info_102(p->mem_ctx);
@ -587,9 +591,13 @@ static struct wkssvc_NetWkstaEnumUsersCtr1 *create_enum_users1(
WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p,
struct wkssvc_NetWkstaEnumUsers *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
/* This with any level should only be allowed from a domain administrator */
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->session_info->security_token)) {
session_info->security_token)) {
struct dom_sid_buf buf;
DEBUG(1,("User not allowed for NetWkstaEnumUsers\n"));
DEBUGADD(3,(" - does not have sid for Administrators group "
@ -597,7 +605,8 @@ WERROR _wkssvc_NetWkstaEnumUsers(struct pipes_struct *p,
dom_sid_str_buf(
&global_sid_Builtin_Administrators,
&buf)));
security_token_debug(DBGC_CLASS, 3, p->session_info->security_token);
security_token_debug(
DBGC_CLASS, 3, session_info->security_token);
return WERR_ACCESS_DENIED;
}
@ -847,12 +856,15 @@ WERROR _wkssvc_NetrGetJoinableOus(struct pipes_struct *p,
WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
struct wkssvc_NetrJoinDomain2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct libnet_JoinCtx *j = NULL;
char *cleartext_pwd = NULL;
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
struct security_token *token = p->session_info->security_token;
struct security_token *token = session_info->security_token;
NTSTATUS status;
DATA_BLOB session_key;
bool ok;
@ -878,7 +890,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
return WERR_NOT_SUPPORTED;
}
status = session_extract_session_key(p->session_info,
status = session_extract_session_key(session_info,
&session_key,
KEY_USE_16BYTES);
if(!NT_STATUS_IS_OK(status)) {
@ -939,12 +951,15 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
struct wkssvc_NetrUnjoinDomain2 *r)
{
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
struct libnet_UnjoinCtx *u = NULL;
char *cleartext_pwd = NULL;
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
struct security_token *token = p->session_info->security_token;
struct security_token *token = session_info->security_token;
NTSTATUS status;
DATA_BLOB session_key;
bool ok;
@ -961,7 +976,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
status = session_extract_session_key(p->session_info,
status = session_extract_session_key(session_info,
&session_key,
KEY_USE_16BYTES);
if (!NT_STATUS_IS_OK(status)) {