return status;
}
-_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
- const char **endpoint_servers, struct dcesrv_context **_dce_ctx)
+ const char **endpoint_servers,
+ struct dcesrv_context_callbacks *cb,
+ struct dcesrv_context **_dce_ctx)
{
NTSTATUS status;
struct dcesrv_context *dce_ctx;
dce_ctx->assoc_groups_idr = idr_init(dce_ctx);
NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr);
dce_ctx->broken_connections = NULL;
+ if (cb != NULL) {
+ dce_ctx->callbacks = *cb;
+ }
for (i=0;endpoint_servers[i];i++) {
const struct dcesrv_endpoint_server *ep_server;
struct stream_connection);
return srv_conn->server_id;
}
+
+void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call)
+{
+ struct dcesrv_auth *auth = call->auth_state;
+ enum dcerpc_transport_t transport =
+ dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
+ struct imessaging_context *imsg_ctx =
+ dcesrv_imessaging_context(call->conn);
+ const char *auth_type = derpc_transport_string_by_transport(transport);
+ const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+
+ if (transport == NCACN_NP) {
+ transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
+ }
+
+ /*
+ * Log the authorization to this RPC interface. This
+ * covered ncacn_np pass-through auth, and anonymous
+ * DCE/RPC (eg epmapper, netlogon etc)
+ */
+ log_successful_authz_event(imsg_ctx,
+ call->conn->dce_ctx->lp_ctx,
+ call->conn->remote_address,
+ call->conn->local_address,
+ "DCE/RPC",
+ auth_type,
+ transport_protection,
+ auth->session_info);
+
+ auth->auth_audited = true;
+}
uint16_t bind_time_features;
};
+struct dcesrv_context_callbacks {
+ struct {
+ void (*successful_authz)(struct dcesrv_call_state *);
+ } log;
+};
+
/* server-wide context information for the dcerpc server */
struct dcesrv_context {
/*
struct idr_context *assoc_groups_idr;
struct dcesrv_connection *broken_connections;
+
+ struct dcesrv_context_callbacks callbacks;
};
/* this structure is used by modules to determine the size of some critical types */
const struct dcesrv_interface *iface,
const struct security_descriptor *sd);
NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server);
-NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
- struct loadparm_context *lp_ctx,
- const char **endpoint_servers, struct dcesrv_context **_dce_ctx);
+NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
+ struct loadparm_context *lp_ctx,
+ const char **endpoint_servers,
+ struct dcesrv_context_callbacks *cb,
+ struct dcesrv_context **_dce_ctx);
NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
return true;
}
-static void log_successful_dcesrv_authz_event(struct dcesrv_call_state *call)
-{
- struct dcesrv_auth *auth = call->auth_state;
- enum dcerpc_transport_t transport =
- dcerpc_binding_get_transport(call->conn->endpoint->ep_description);
- struct imessaging_context *imsg_ctx =
- dcesrv_imessaging_context(call->conn);
- const char *auth_type = derpc_transport_string_by_transport(transport);
- const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
-
- if (transport == NCACN_NP) {
- transport_protection = AUTHZ_TRANSPORT_PROTECTION_SMB;
- }
-
- /*
- * Log the authorization to this RPC interface. This
- * covered ncacn_np pass-through auth, and anonymous
- * DCE/RPC (eg epmapper, netlogon etc)
- */
- log_successful_authz_event(imsg_ctx,
- call->conn->dce_ctx->lp_ctx,
- call->conn->remote_address,
- call->conn->local_address,
- "DCE/RPC",
- auth_type,
- transport_protection,
- auth->session_info);
-
- auth->auth_audited = true;
-}
-
static void dcesrv_default_auth_state_finish_bind(struct dcesrv_call_state *call)
{
SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_BIND);
return;
}
- log_successful_dcesrv_authz_event(call);
+ if (!call->conn->dce_ctx->callbacks.log.successful_authz) {
+ return;
+ }
+
+ call->conn->dce_ctx->callbacks.log.successful_authz(call);
}
/*
auth->auth_context_id = 0;
auth->auth_started = true;
- log_successful_dcesrv_authz_event(call);
+ if (call->conn->dce_ctx->callbacks.log.successful_authz) {
+ call->conn->dce_ctx->callbacks.log.successful_authz(call);
+ }
return true;
}
#include "../libcli/named_pipe_auth/npa_tstream.h"
#include "smbd/process_model.h"
+struct dcesrv_context_callbacks srv_callbacks = {
+ .log.successful_authz = log_successful_dcesrv_authz_event,
+};
+
/*
* Need to run the majority of the RPC endpoints in a single process to allow
* for shared handles, and the sharing of ldb contexts.
}
return NT_STATUS_OK;
}
+
/*
* Initialise the RPC service.
* And those end points that can be serviced by multiple processes.
status = dcesrv_init_context(task->event_ctx,
task->lp_ctx,
lpcfg_dcerpc_endpoint_servers(task->lp_ctx),
+ &srv_callbacks,
&dce_ctx);
if (!NT_STATUS_IS_OK(status)) {
return status;
#include "librpc/gen_ndr/ndr_spoolss.h"
#include "torture/rpc/torture_rpc.h"
#include "rpc_server/dcerpc_server.h"
+#include "rpc_server/dcerpc_server_proto.h"
#include "rpc_server/service_rpc.h"
#include "smbd/process_model.h"
#include "smb_server/smb_server.h"
#include "ntvfs/ntvfs.h"
#include "param/param.h"
+struct dcesrv_context_callbacks srv_cb = {
+ .log.successful_authz = log_successful_dcesrv_authz_event,
+};
+
static NTSTATUS spoolss__op_bind(struct dcesrv_connection_context *context,
const struct dcesrv_interface *iface)
{
address, NULL);
torture_assert_ntstatus_ok(tctx, status, "starting smb server");
- status = dcesrv_init_context(tctx, tctx->lp_ctx, endpoints, &dce_ctx);
+ status = dcesrv_init_context(tctx, tctx->lp_ctx, endpoints,
+ &srv_cb, &dce_ctx);
torture_assert_ntstatus_ok(tctx, status,
"unable to initialize DCE/RPC server");