s4:rpc_server: Add dcesrv_context_callbacks to dcesrv_context

Add a new struct dcesrv_context_callbacks in dcesrv_context to hold pointers
to functions whose implementation will differ between S3 and S4.

The log_successful_dcesrv_authz_event implementation will differ as it
requires an imessaging_context.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

source4/rpc_server/dcerpc_server.c

@@ -2406,9 +2406,11 @@ static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
 	return status;
 }
 
-_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, 
+_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
 				      struct loadparm_context *lp_ctx,
-				      const char **endpoint_servers, struct dcesrv_context **_dce_ctx)
+				      const char **endpoint_servers,
+				      struct dcesrv_context_callbacks *cb,
+				      struct dcesrv_context **_dce_ctx)
 {
 	NTSTATUS status;
 	struct dcesrv_context *dce_ctx;
@@ -2435,6 +2437,9 @@ _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
 	dce_ctx->assoc_groups_idr = idr_init(dce_ctx);
 	NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr);
 	dce_ctx->broken_connections = NULL;
+	if (cb != NULL) {
+		dce_ctx->callbacks = *cb;
+	}
 
 	for (i=0;endpoint_servers[i];i++) {
 		const struct dcesrv_endpoint_server *ep_server;
@@ -3400,3 +3405,34 @@ _PUBLIC_ struct server_id dcesrv_server_id(struct dcesrv_connection *conn)
 				struct stream_connection);
 	return srv_conn->server_id;
 }
+
+void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call)
+{
+	struct dcesrv_auth *auth = call->auth_state;
+	enum dcerpc_transport_t transport =
+		dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
+	struct imessaging_context *imsg_ctx =
+		dcesrv_imessaging_context(call->conn);
+	const char *auth_type = derpc_transport_string_by_transport(transport);
+	const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+
+	if (transport == NCACN_NP) {
+		transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
+	}
+
+	/*
+	 * Log the authorization to this RPC interface.  This
+	 * covered ncacn_np pass-through auth, and anonymous
+	 * DCE/RPC (eg epmapper, netlogon etc)
+	 */
+	log_successful_authz_event(imsg_ctx,
+				   call->conn->dce_ctx->lp_ctx,
+				   call->conn->remote_address,
+				   call->conn->local_address,
+				   "DCE/RPC",
+				   auth_type,
+				   transport_protection,
+				   auth->session_info);
+
+	auth->auth_audited = true;
+}

source4/rpc_server/dcerpc_server.h

@@ -363,6 +363,12 @@ struct dcesrv_assoc_group {
 	uint16_t bind_time_features;
 };
 
+struct dcesrv_context_callbacks {
+	struct {
+		void (*successful_authz)(struct dcesrv_call_state *);
+	} log;
+};
+
 /* server-wide context information for the dcerpc server */
 struct dcesrv_context {
 	/*
@@ -402,6 +408,8 @@ struct dcesrv_context {
 	struct idr_context *assoc_groups_idr;
 
 	struct dcesrv_connection *broken_connections;
+
+	struct dcesrv_context_callbacks callbacks;
 };
 
 /* this structure is used by modules to determine the size of some critical types */
@@ -426,9 +434,11 @@ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
 				   const struct dcesrv_interface *iface,
 				   const struct security_descriptor *sd);
 NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server);
-NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, 
-				      struct loadparm_context *lp_ctx,
-				      const char **endpoint_servers, struct dcesrv_context **_dce_ctx);
+NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
+			     struct loadparm_context *lp_ctx,
+			     const char **endpoint_servers,
+			     struct dcesrv_context_callbacks *cb,
+			     struct dcesrv_context **_dce_ctx);
 
 NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
 struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,

source4/rpc_server/dcesrv_auth.c

@@ -233,37 +233,6 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
 	return true;
 }
 
-static void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call)
-{
-	struct dcesrv_auth *auth = call->auth_state;
-	enum dcerpc_transport_t transport =
-		dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
-	struct imessaging_context *imsg_ctx =
-		dcesrv_imessaging_context(call->conn);
-	const char *auth_type = derpc_transport_string_by_transport(transport);
-	const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
-
-	if (transport == NCACN_NP) {
-		transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
-	}
-
-	/*
-	 * Log the authorization to this RPC interface.  This
-	 * covered ncacn_np pass-through auth, and anonymous
-	 * DCE/RPC (eg epmapper, netlogon etc)
-	 */
-	log_successful_authz_event(imsg_ctx,
-				   call->conn->dce_ctx->lp_ctx,
-				   call->conn->remote_address,
-				   call->conn->local_address,
-				   "DCE/RPC",
-				   auth_type,
-				   transport_protection,
-				   auth->session_info);
-
-	auth->auth_audited = true;
-}
-
 static void dcesrv_default_auth_state_finish_bind(struct dcesrv_call_state *call)
 {
 	SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_BIND);
@@ -321,7 +290,11 @@ void dcesrv_default_auth_state_prepare_request(struct dcesrv_call_state *call)
 		return;
 	}
 
-	log_successful_dcesrv_authz_event(call);
+	if (!call->conn->dce_ctx->callbacks.log.successful_authz) {
+		return;
+	}
+
+	call->conn->dce_ctx->callbacks.log.successful_authz(call);
 }
 
 /*
@@ -341,7 +314,9 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 		auth->auth_context_id = 0;
 		auth->auth_started = true;
 
-		log_successful_dcesrv_authz_event(call);
+		if (call->conn->dce_ctx->callbacks.log.successful_authz) {
+			call->conn->dce_ctx->callbacks.log.successful_authz(call);
+		}
 
 		return true;
 	}

source4/rpc_server/service_rpc.c

@@ -40,6 +40,10 @@
 #include "../libcli/named_pipe_auth/npa_tstream.h"
 #include "smbd/process_model.h"
 
+struct dcesrv_context_callbacks srv_callbacks = {
+	.log.successful_authz = log_successful_dcesrv_authz_event,
+};
+
 /*
  * Need to run the majority of the RPC endpoints in a single process to allow
  * for shared handles, and the sharing of ldb contexts.
@@ -112,6 +116,7 @@ static NTSTATUS dcesrv_init_endpoints(struct task_server *task,
 	}
 	return NT_STATUS_OK;
 }
+
 /*
  * Initialise the RPC service.
  * And those end points that can be serviced by multiple processes.
@@ -130,6 +135,7 @@ static NTSTATUS dcesrv_task_init(struct task_server *task)
 	status = dcesrv_init_context(task->event_ctx,
 				     task->lp_ctx,
 				     lpcfg_dcerpc_endpoint_servers(task->lp_ctx),
+				     &srv_callbacks,
 				     &dce_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;

source4/torture/rpc/spoolss_notify.c

@@ -26,6 +26,7 @@
 #include "librpc/gen_ndr/ndr_spoolss.h"
 #include "torture/rpc/torture_rpc.h"
 #include "rpc_server/dcerpc_server.h"
+#include "rpc_server/dcerpc_server_proto.h"
 #include "rpc_server/service_rpc.h"
 #include "smbd/process_model.h"
 #include "smb_server/smb_server.h"
@@ -33,6 +34,10 @@
 #include "ntvfs/ntvfs.h"
 #include "param/param.h"
 
+struct dcesrv_context_callbacks srv_cb = {
+	.log.successful_authz = log_successful_dcesrv_authz_event,
+};
+
 static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context,
 				 const struct dcesrv_interface *iface)
 {
@@ -482,7 +487,8 @@ static bool test_start_dcerpc_server(struct torture_context *tctx,
 				   address, NULL);
 	torture_assert_ntstatus_ok(tctx, status, "starting smb server");
 
-	status = dcesrv_init_context(tctx, tctx->lp_ctx, endpoints, &dce_ctx);
+	status = dcesrv_init_context(tctx, tctx->lp_ctx, endpoints,
+				     &srv_cb, &dce_ctx);
 	torture_assert_ntstatus_ok(tctx, status,
 				   "unable to initialize DCE/RPC server");