2 Unix SMB/CIFS implementation.
4 server side dcerpc defines
6 Copyright (C) Andrew Tridgell 2003-2005
7 Copyright (C) Stefan (metze) Metzmacher 2004-2005
8 Copyright (C) Samuel Cabrero <scabrero@samba.org> 2019
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #ifndef _LIBRPC_RPC_DCESRV_CORE_H_
25 #define _LIBRPC_RPC_DCESRV_CORE_H_
27 #include "librpc/rpc/rpc_common.h"
28 #include "librpc/ndr/libndr.h"
30 /* modules can use the following to determine if the interface has changed
31 * please increment the version number after each interface change
32 * with a comment and maybe update struct dcesrv_critical_sizes.
34 /* version 1 - initial version - metze */
35 #define DCERPC_MODULE_VERSION 1
37 struct dcesrv_connection;
38 struct dcesrv_call_state;
40 struct dcesrv_connection_context;
41 struct dcesrv_iface_state;
42 struct cli_credentials;
44 struct dcesrv_interface {
46 struct ndr_syntax_id syntax_id;
48 /* this function is called when the client binds to this interface */
49 NTSTATUS (*bind)(struct dcesrv_connection_context *, const struct dcesrv_interface *);
51 /* this function is called when the client disconnects the endpoint */
52 void (*unbind)(struct dcesrv_connection_context *, const struct dcesrv_interface *);
54 /* the ndr_pull function for the chosen interface.
56 NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **);
58 /* the dispatch function for the chosen interface.
60 NTSTATUS (*dispatch)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
62 /* the reply function for the chosen interface.
64 NTSTATUS (*reply)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
66 /* the ndr_push function for the chosen interface.
68 NTSTATUS (*ndr_push)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_push *, const void *);
70 /* for any private use by the interface code */
71 const void *private_data;
76 #define DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED 0x00000001
78 enum dcesrv_call_list {
80 DCESRV_LIST_CALL_LIST,
81 DCESRV_LIST_FRAGMENTED_CALL_LIST,
82 DCESRV_LIST_PENDING_CALL_LIST
85 struct data_blob_list_item {
86 struct data_blob_list_item *prev,*next;
90 /* the state of an ongoing dcerpc call */
91 struct dcesrv_call_state {
92 struct dcesrv_call_state *next, *prev;
93 struct dcesrv_auth *auth_state;
94 struct dcesrv_connection *conn;
95 struct dcesrv_connection_context *context;
96 struct ncacn_packet pkt;
99 * Used during async bind/alter_context.
101 struct ncacn_packet ack_pkt;
104 which list this request is in, if any
106 enum dcesrv_call_list list;
108 /* the backend can mark the call
109 * with DCESRV_CALL_STATE_FLAG_ASYNC
110 * that will cause the frontend to not touch r->out
113 * this is only allowed to the backend when DCESRV_CALL_STATE_FLAG_MAY_ASYNC
114 * is alerady set by the frontend
116 * the backend then needs to call dcesrv_reply() when it's
117 * ready to send the reply
119 #define DCESRV_CALL_STATE_FLAG_ASYNC (1<<0)
120 #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1)
121 #define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3)
122 #define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4)
123 uint32_t state_flags;
125 /* the time the request arrived in the server */
128 /* the backend can use this event context for async replies */
129 struct tevent_context *event_ctx;
131 /* this is the pointer to the allocated function struct */
135 * that's the ndr pull context used in dcesrv_request()
136 * needed by dcesrv_reply() to carry over information
137 * for full pointer support.
139 struct ndr_pull *ndr_pull;
143 struct data_blob_list_item *replies;
145 /* this is used by the boilerplate code to generate DCERPC faults */
148 /* the reason why we terminate the connection after sending a response */
149 const char *terminate_reason;
151 /* temporary auth_info fields */
152 struct dcerpc_auth in_auth_info;
153 struct dcerpc_auth _out_auth_info;
154 struct dcerpc_auth *out_auth_info;
160 * The various handles that are used in the RPC servers should be
161 * created and fetch using the dcesrv_handle_* functions.
164 * dcesrv_handle_create(struct dcesrv_call_state \*, uint8 handle_type)
165 * to obtain a new handle of the specified type. Handle types are
166 * unique within each pipe.
168 * The handle can later be fetched again using:
170 * struct dcesrv_handle *dcesrv_handle_lookup(
171 * struct dcesrv_call_state *dce_call,
172 * struct policy_handle *p,
177 * TALLOC_FREE(struct dcesrv_handle *).
179 * User data should be stored in the 'data' member of the dcesrv_handle
183 #define DCESRV_HANDLE_ANY 255
185 /* a dcerpc handle in internal format */
186 struct dcesrv_handle {
187 struct dcesrv_handle *next, *prev;
188 struct dcesrv_assoc_group *assoc_group;
189 struct policy_handle wire_handle;
191 enum dcerpc_AuthLevel min_auth_level;
192 const struct dcesrv_interface *iface;
196 /* hold the authentication state information */
198 struct dcesrv_auth *prev, *next;
199 enum dcerpc_AuthType auth_type;
200 enum dcerpc_AuthLevel auth_level;
201 uint32_t auth_context_id;
202 struct gensec_security *gensec_security;
203 struct auth_session_info *session_info;
204 NTSTATUS (*session_key_fn)(struct dcesrv_auth *, DATA_BLOB *session_key);
211 struct dcesrv_connection_context {
212 struct dcesrv_connection_context *next, *prev;
215 /* the connection this is on */
216 struct dcesrv_connection *conn;
218 /* the ndr function table for the chosen interface */
219 const struct dcesrv_interface *iface;
222 * the minimum required auth level for this interface
224 enum dcerpc_AuthLevel min_auth_level;
227 /* the negotiated transfer syntax */
228 struct ndr_syntax_id transfer_syntax;
232 /* the state associated with a dcerpc server connection */
233 struct dcesrv_connection {
234 /* for the broken_connections DLIST */
235 struct dcesrv_connection *prev, *next;
237 /* the top level context for this server */
238 struct dcesrv_context *dce_ctx;
240 /* the endpoint that was opened */
241 const struct dcesrv_endpoint *endpoint;
243 /* a list of established context_ids */
244 struct dcesrv_connection_context *contexts;
246 /* the state of the current incoming call fragments */
247 struct dcesrv_call_state *incoming_fragmented_call_list;
249 /* the state of the async pending calls */
250 struct dcesrv_call_state *pending_call_list;
252 /* the state of the current outgoing calls */
253 struct dcesrv_call_state *call_list;
255 /* the maximum size the client wants to receive */
256 uint16_t max_recv_frag;
257 uint16_t max_xmit_frag;
259 DATA_BLOB partial_input;
261 /* the event_context that will be used for this connection */
262 struct tevent_context *event_ctx;
264 /* is this connection pending termination? If so, why? */
265 const char *terminate;
267 const char *packet_log_dir;
269 /* this is the default state_flags for dcesrv_call_state structs */
270 uint32_t state_flags;
274 void (*report_output_data)(struct dcesrv_connection *);
275 void (*terminate_connection)(struct dcesrv_connection *,
279 struct tstream_context *stream;
280 struct tevent_queue *send_queue;
282 const struct tsocket_address *local_address;
283 const struct tsocket_address *remote_address;
285 /* the current authentication state */
286 struct dcesrv_auth *default_auth_state;
287 size_t max_auth_states;
288 struct dcesrv_auth *auth_states;
289 bool got_explicit_auth_level_connect;
290 struct dcesrv_auth *default_auth_level_connect;
291 bool client_hdr_signing;
292 bool support_hdr_signing;
293 bool negotiated_hdr_signing;
296 * remember which pdu types are allowed
301 /* the association group the connection belongs to */
302 struct dcesrv_assoc_group *assoc_group;
304 /* The maximum total payload of reassembled request pdus */
305 size_t max_total_request_size;
308 * Our preferred transfer syntax.
310 const struct ndr_syntax_id *preferred_transfer;
313 * This is used to block the connection during
314 * pending authentication.
316 struct tevent_req *(*wait_send)(TALLOC_CTX *mem_ctx,
317 struct tevent_context *ev,
319 NTSTATUS (*wait_recv)(struct tevent_req *req);
324 struct dcesrv_endpoint_server {
325 /* this is the name of the endpoint server */
328 /* this function should register endpoints and some other setup stuff,
329 * it is called when the dcesrv_context gets initialized.
331 NTSTATUS (*init_server)(struct dcesrv_context *, const struct dcesrv_endpoint_server *);
333 /* this function can be used by other endpoint servers to
334 * ask for a dcesrv_interface implementation
335 * - iface must be reference to an already existing struct !
337 bool (*interface_by_uuid)(struct dcesrv_interface *iface, const struct GUID *, uint32_t);
339 /* this function can be used by other endpoint servers to
340 * ask for a dcesrv_interface implementation
341 * - iface must be reference to an already existeng struct !
343 bool (*interface_by_name)(struct dcesrv_interface *iface, const char *);
347 /* one association groups */
348 struct dcesrv_assoc_group {
352 /* The transport this is valid on */
353 enum dcerpc_transport_t transport;
355 /* list of handles in this association group */
356 struct dcesrv_handle *handles;
359 * list of iface states per assoc/conn
361 struct dcesrv_iface_state *iface_states;
364 struct dcesrv_context *dce_ctx;
366 /* the negotiated bind time features */
367 uint16_t bind_time_features;
370 struct dcesrv_context_callbacks {
372 void (*successful_authz)(struct dcesrv_call_state *);
375 NTSTATUS (*gensec_prepare)(TALLOC_CTX *mem_ctx,
376 struct dcesrv_call_state *call,
377 struct gensec_security **out);
380 NTSTATUS (*find)(struct dcesrv_call_state *);
384 /* server-wide context information for the dcerpc server */
385 struct dcesrv_context {
387 * The euid at startup time.
389 * This is required for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM
393 /* the list of endpoints that have registered
394 * by the configured endpoint servers
396 struct dcesrv_endpoint {
397 struct dcesrv_endpoint *next, *prev;
398 /* the type and location of the endpoint */
399 struct dcerpc_binding *ep_description;
400 /* the secondary endpoint description for the BIND_ACK */
401 struct dcerpc_binding *ep_2nd_description;
402 /* the security descriptor for smb named pipes */
403 struct security_descriptor *sd;
404 /* the list of interfaces available on this endpoint */
405 struct dcesrv_if_list {
406 struct dcesrv_if_list *next, *prev;
407 struct dcesrv_interface *iface;
411 * Should this service be run in a single process (so far only
412 * NETLOGON is not run in a single process)
414 bool use_single_process;
417 /* loadparm context to use for this connection */
418 struct loadparm_context *lp_ctx;
420 struct idr_context *assoc_groups_idr;
422 struct dcesrv_connection *broken_connections;
424 struct dcesrv_context_callbacks callbacks;
427 /* this structure is used by modules to determine the size of some critical types */
428 struct dcesrv_critical_sizes {
429 int interface_version;
430 int sizeof_dcesrv_context;
431 int sizeof_dcesrv_endpoint;
432 int sizeof_dcesrv_endpoint_server;
433 int sizeof_dcesrv_interface;
434 int sizeof_dcesrv_if_list;
435 int sizeof_dcesrv_connection;
436 int sizeof_dcesrv_call_state;
437 int sizeof_dcesrv_auth;
438 int sizeof_dcesrv_handle;
441 NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
443 const char *ncacn_np_secondary_endpoint,
444 const struct dcesrv_interface *iface,
445 const struct security_descriptor *sd);
446 NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server);
447 const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name);
449 NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
450 struct loadparm_context *lp_ctx,
451 const char **endpoint_servers,
452 struct dcesrv_context_callbacks *cb,
453 struct dcesrv_context **_dce_ctx);
455 NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
456 struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
457 uint8_t handle_type);
459 struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
460 const struct policy_handle *p,
461 uint8_t handle_type);
463 const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn);
464 const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn);
467 * Fetch the authentication session key if available.
469 * This is the key generated by a gensec authentication.
471 NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
472 DATA_BLOB *session_key);
475 * Fetch the transport session key if available.
476 * Typically this is the SMB session key
477 * or a fixed key for local transports.
479 * The key is always truncated to 16 bytes.
481 NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
482 DATA_BLOB *session_key);
484 /* a useful macro for generating a RPC fault in the backend code */
485 #define DCESRV_FAULT(code) do { \
486 dce_call->fault_code = code; \
487 return r->out.result; \
490 /* a useful macro for generating a RPC fault in the backend code */
491 #define DCESRV_FAULT_VOID(code) do { \
492 dce_call->fault_code = code; \
496 /* a useful macro for checking the validity of a dcerpc policy handle
497 and giving the right fault code if invalid */
498 #define DCESRV_CHECK_HANDLE(h) do {if (!(h)) DCESRV_FAULT(DCERPC_FAULT_CONTEXT_MISMATCH); } while (0)
500 /* this checks for a valid policy handle, and gives a fault if an
501 invalid handle or retval if the handle is of the
503 #define DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, retval) do { \
504 (h) = dcesrv_handle_lookup(dce_call, (inhandle), DCESRV_HANDLE_ANY); \
505 DCESRV_CHECK_HANDLE(h); \
506 if ((t) != DCESRV_HANDLE_ANY && (h)->wire_handle.handle_type != (t)) { \
511 /* this checks for a valid policy handle and gives a dcerpc fault
512 if its the wrong type of handle */
513 #define DCESRV_PULL_HANDLE_FAULT(h, inhandle, t) do { \
514 (h) = dcesrv_handle_lookup(dce_call, (inhandle), t); \
515 DCESRV_CHECK_HANDLE(h); \
518 #define DCESRV_PULL_HANDLE(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, NT_STATUS_INVALID_HANDLE)
519 #define DCESRV_PULL_HANDLE_WERR(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, WERR_INVALID_HANDLE)
522 * retrieve credentials from a dce_call
524 _PUBLIC_ struct cli_credentials *dcesrv_call_credentials(struct dcesrv_call_state *dce_call);
527 * returns true if this is an authenticated call
529 _PUBLIC_ bool dcesrv_call_authenticated(struct dcesrv_call_state *dce_call);
532 * retrieve account_name for a dce_call
534 _PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call);
537 * retrieve session_info from a dce_call
539 _PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call);
542 * retrieve auth type/level from a dce_call
544 _PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call,
545 enum dcerpc_AuthType *auth_type,
546 enum dcerpc_AuthLevel *auth_level);
548 _PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_connection_context *context,
549 const struct dcesrv_interface *iface);
550 _PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_connection_context *context,
551 const struct dcesrv_interface *iface);
552 _PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_connection_context *context,
553 const struct dcesrv_interface *iface);
554 _PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_connection_context *context,
555 const struct dcesrv_interface *iface);
557 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_assoc(
558 struct dcesrv_call_state *call,
561 const char *location);
562 #define dcesrv_iface_state_store_assoc(call, magic, ptr) \
563 _dcesrv_iface_state_store_assoc((call), (magic), (ptr), \
565 _PUBLIC_ void *_dcesrv_iface_state_find_assoc(
566 struct dcesrv_call_state *call,
568 #define dcesrv_iface_state_find_assoc(call, magic, _type) \
570 _dcesrv_iface_state_find_assoc((call), (magic)), \
573 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_conn(
574 struct dcesrv_call_state *call,
577 const char *location);
578 #define dcesrv_iface_state_store_conn(call, magic, ptr) \
579 _dcesrv_iface_state_store_conn((call), (magic), (ptr), \
581 _PUBLIC_ void *_dcesrv_iface_state_find_conn(
582 struct dcesrv_call_state *call,
584 #define dcesrv_iface_state_find_conn(call, magic, _type) \
586 _dcesrv_iface_state_find_conn((call), (magic)), \
589 _PUBLIC_ void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx);
591 _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
593 const struct dcesrv_endpoint *ep,
594 struct auth_session_info *session_info,
595 struct tevent_context *event_ctx,
596 uint32_t state_flags,
597 struct dcesrv_connection **_p);
598 _PUBLIC_ NTSTATUS dcesrv_find_endpoint(struct dcesrv_context *dce_ctx,
599 const struct dcerpc_binding *ep_description,
600 struct dcesrv_endpoint **_out);
602 _PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn,
604 _PUBLIC_ void dcesrv_sock_report_output_data(struct dcesrv_connection *dce_conn);
606 _PUBLIC_ NTSTATUS dcesrv_connection_loop_start(struct dcesrv_connection *conn);
609 void _dcesrv_save_ndr_fuzz_seed(DATA_BLOB call_blob,
610 struct dcesrv_call_state *call,
614 #define dcesrv_save_ndr_fuzz_seed(stub, call, flags) \
615 _dcesrv_save_ndr_fuzz_seed(stub, call, flags)
617 #define dcesrv_save_ndr_fuzz_seed(stub, call, flags) \
622 #endif /* _LIBRPC_RPC_DCESRV_CORE_H_ */