From 10f485b3a27e10906aa6ee40833fca8bf81b5511 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 22 Jan 2022 01:08:26 +0100
Subject: [PATCH] dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0651fa474cd68b18d8eb9bdc7c4ba5b847ba9ad9)
---
librpc/rpc/dcesrv_auth.c | 5 +++++
librpc/rpc/dcesrv_core.c | 18 ++++++++++++++++++
librpc/rpc/dcesrv_core.h | 2 ++
source3/rpc_server/rpc_config.c | 2 ++
source4/rpc_server/service_rpc.c | 10 ++++++++++
5 files changed, 37 insertions(+)
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index fec8df513a83..99d8e0162160 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -130,11 +130,13 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
auth->auth_level = call->in_auth_info.auth_level;
auth->auth_context_id = call->in_auth_info.auth_context_id;
+ cb->auth.become_root();
status = cb->auth.gensec_prepare(
auth,
call,
&auth->gensec_security,
cb->auth.private_data);
+ cb->auth.unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
nt_errstr(status)));
@@ -329,6 +331,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
{
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
const char *pdu = "<unknown>";
switch (call->pkt.ptype) {
@@ -359,9 +362,11 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
return status;
}
+ cb->auth.become_root();
status = gensec_session_info(auth->gensec_security,
auth,
&auth->session_info);
+ cb->auth.unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n",
nt_errstr(status)));
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index d16159b0b6cd..ea91fc689b4a 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -938,6 +938,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
struct dcerpc_binding *ep_2nd_description = NULL;
const char *endpoint = NULL;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct dcerpc_ack_ctx *ack_features = NULL;
struct tevent_req *subreq = NULL;
@@ -1143,9 +1144,11 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
return dcesrv_auth_reply(call);
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1160,10 +1163,13 @@ static void dcesrv_bind_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq,
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
@@ -1221,6 +1227,7 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
{
struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct tevent_req *subreq = NULL;
NTSTATUS status;
@@ -1265,9 +1272,11 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
return NT_STATUS_OK;
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1283,10 +1292,13 @@ static void dcesrv_auth3_done(struct tevent_req *subreq)
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
@@ -1555,6 +1567,7 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
struct ncacn_packet *pkt = &call->ack_pkt;
uint32_t extra_flags = 0;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct tevent_req *subreq = NULL;
size_t i;
@@ -1666,9 +1679,11 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
return dcesrv_auth_reply(call);
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1683,10 +1698,13 @@ static void dcesrv_alter_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq,
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index d8d5f9030959..0538442e0ce6 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -392,6 +392,8 @@ struct dcesrv_context_callbacks {
struct gensec_security **out,
void *private_data);
void *private_data;
+ void (*become_root)(void);
+ void (*unbecome_root)(void);
} auth;
struct {
NTSTATUS (*find)(
diff --git a/source3/rpc_server/rpc_config.c b/source3/rpc_server/rpc_config.c
index 2f1a01da1c0b..289c4f398409 100644
--- a/source3/rpc_server/rpc_config.c
+++ b/source3/rpc_server/rpc_config.c
@@ -31,6 +31,8 @@
static struct dcesrv_context_callbacks srv_callbacks = {
.log.successful_authz = dcesrv_log_successful_authz,
.auth.gensec_prepare = dcesrv_auth_gensec_prepare,
+ .auth.become_root = become_root,
+ .auth.unbecome_root = unbecome_root,
.assoc_group.find = dcesrv_assoc_group_find,
};
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index d8c6746d7815..ebb50f8a7ef3 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -40,9 +40,19 @@
#include "../libcli/named_pipe_auth/npa_tstream.h"
#include "samba/process_model.h"
+static void skip_become_root(void)
+{
+}
+
+static void skip_unbecome_root(void)
+{
+}
+
static struct dcesrv_context_callbacks srv_callbacks = {
.log.successful_authz = log_successful_dcesrv_authz_event,
.auth.gensec_prepare = dcesrv_gensec_prepare,
+ .auth.become_root = skip_become_root,
+ .auth.unbecome_root = skip_unbecome_root,
.assoc_group.find = dcesrv_assoc_group_find,
};
--
2.25.1