mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
1bab76223c
This will serve as a check to make sure that in particular a SAMR client is really root. This is for example used in get_user_info_18() handing out a machine password. The unix domain sockets for NCACN_NP can only be contacted by root, the "np\" subdirectory for those sockets is root/root 0700. Connecting to such a socket is done in two situations: First, local real root processes connecting and smbd on behalf of SMB clients connecting to \\pipe\name, smbd does become_root() there. Via the named_pipe_auth_req_info4 smbd hands over the SMB session information that the RPC server blindly trusts. The session information (i.e. the NT token) is heavily influenced by external sources like the KDC. It is highly unlikely that we get a system token via SMB, but who knows, this is information not fully controlled by smbd. This is where this additional field in named_pipe_auth_req_info5 makes a difference: This field is set to NCACN_NP by smbd's code, not directly controlled by the clients. Other clients directly connecting to a socket in "np\" is root anyway (only smbd can do become_root()) and can set this field to NCALRPC. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
60 lines
1.5 KiB
Plaintext
60 lines
1.5 KiB
Plaintext
#include "idl_types.h"
|
|
/*
|
|
miscellaneous IDL structures
|
|
*/
|
|
|
|
import "netlogon.idl", "security.idl", "auth.idl";
|
|
|
|
[
|
|
pointer_default(unique)
|
|
]
|
|
interface named_pipe_auth
|
|
{
|
|
const char *NAMED_PIPE_AUTH_MAGIC = "NPAM";
|
|
|
|
typedef [public] struct {
|
|
uint8 transport;
|
|
[charset(UTF8),string] uint8 *remote_client_name;
|
|
[charset(DOS),string] uint8 *remote_client_addr;
|
|
uint16 remote_client_port;
|
|
[charset(UTF8),string] uint8 *local_server_name;
|
|
[charset(DOS),string] uint8 *local_server_addr;
|
|
uint16 local_server_port;
|
|
auth_session_info_transport *session_info;
|
|
boolean8 need_idle_server;
|
|
} named_pipe_auth_req_info5;
|
|
|
|
typedef [switch_type(uint32)] union {
|
|
[case(5)] named_pipe_auth_req_info5 info5;
|
|
} named_pipe_auth_req_info;
|
|
|
|
typedef [public,gensize] struct {
|
|
[flag(NDR_BIG_ENDIAN),
|
|
value(ndr_size_named_pipe_auth_req(r,ndr->flags)-4)]
|
|
uint32 length;
|
|
[charset(DOS),value(NAMED_PIPE_AUTH_MAGIC)] uint8 magic[4];
|
|
uint32 level;
|
|
[switch_is(level)] named_pipe_auth_req_info info;
|
|
} named_pipe_auth_req;
|
|
|
|
typedef struct {
|
|
uint16 file_type;
|
|
uint16 device_state;
|
|
hyper allocation_size;
|
|
} named_pipe_auth_rep_info5;
|
|
|
|
typedef [switch_type(uint32)] union {
|
|
[case(5)] named_pipe_auth_rep_info5 info5;
|
|
} named_pipe_auth_rep_info;
|
|
|
|
typedef [public,gensize] struct {
|
|
[flag(NDR_BIG_ENDIAN),
|
|
value(ndr_size_named_pipe_auth_rep(r,ndr->flags)-4)]
|
|
uint32 length;
|
|
[charset(DOS),value(NAMED_PIPE_AUTH_MAGIC)] uint8 magic[4];
|
|
uint32 level;
|
|
[switch_is(level)] named_pipe_auth_rep_info info;
|
|
NTSTATUS status;
|
|
} named_pipe_auth_rep;
|
|
}
|