2 Unix SMB/CIFS implementation.
3 Main DCOM functionality
4 Copyright (C) 2004 Jelmer Vernooij <jelmer@samba.org>
5 Copyright (C) 2006 Andrzej Hajda <andrzej.hajda@wp.pl>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #include "system/filesys.h"
24 #include "librpc/gen_ndr/epmapper.h"
25 #include "librpc/gen_ndr/ndr_remact_c.h"
26 #include "librpc/gen_ndr/com_dcom.h"
27 #include "librpc/gen_ndr/dcom.h"
28 #include "librpc/rpc/dcerpc.h"
29 #include "lib/com/dcom/dcom.h"
30 #include "librpc/ndr/ndr_table.h"
31 #include "../lib/util/dlinklist.h"
32 #include "auth/credentials/credentials.h"
33 #include "libcli/composite/composite.h"
37 #define DCOM_NEGOTIATED_PROTOCOLS { EPM_PROTOCOL_TCP, EPM_PROTOCOL_SMB, EPM_PROTOCOL_NCALRPC }
39 static NTSTATUS dcerpc_binding_from_STRINGBINDING(TALLOC_CTX *mem_ctx, struct dcerpc_binding **b_out, struct STRINGBINDING *bd)
43 enum dcerpc_transport_t transport;
44 struct dcerpc_binding *b;
46 transport = dcerpc_transport_by_endpoint_protocol(bd->wTowerId);
47 if (transport == NCA_UNKNOWN) {
48 DEBUG(1, ("Can't find transport match endpoint protocol %d\n", bd->wTowerId));
49 return NT_STATUS_NOT_SUPPORTED;
52 tstr = derpc_transport_string_by_transport(transport);
53 bstr = talloc_asprintf(mem_ctx, "%s:%s", tstr, bd->NetworkAddr);
55 return NT_STATUS_NO_MEMORY;
58 status = dcerpc_parse_binding(mem_ctx, bstr, &b);
60 if (!NT_STATUS_IS_OK(status)) {
68 struct cli_credentials *dcom_get_server_credentials(struct com_context *ctx, const char *server)
70 struct dcom_server_credentials *c;
71 struct cli_credentials *d;
74 for (c = ctx->dcom->credentials; c; c = c->next) {
75 if (c->server == NULL) {
79 if (server && !strcmp(c->server, server)) return c->credentials;
85 * Register credentials for a specific server.
87 * @param ctx COM context
88 * @param server Name of server, can be NULL
89 * @param credentials Credentials object
91 void dcom_add_server_credentials(struct com_context *ctx, const char *server,
92 struct cli_credentials *credentials)
94 struct dcom_server_credentials *c;
96 /* FIXME: Don't use talloc_find_parent_bytype */
97 for (c = ctx->dcom->credentials; c; c = c->next) {
98 if ((server == NULL && c->server == NULL) ||
99 (server != NULL && c->server != NULL &&
100 !strcmp(c->server, server))) {
101 if (c->credentials && c->credentials != credentials) {
102 talloc_unlink(c, c->credentials);
103 c->credentials = credentials;
104 if (talloc_find_parent_bytype(c->credentials, struct dcom_server_credentials))
105 (void)talloc_reference(c, c->credentials);
107 talloc_steal(c, c->credentials);
114 c = talloc(ctx->event_ctx, struct dcom_server_credentials);
115 c->server = talloc_strdup(c, server);
116 c->credentials = credentials;
117 if (talloc_find_parent_bytype(c->credentials, struct dcom_server_credentials))
118 (void)talloc_reference(c, c->credentials);
120 talloc_steal(c, c->credentials);
122 DLIST_ADD(ctx->dcom->credentials, c);
125 void dcom_update_credentials_for_aliases(struct com_context *ctx,
127 struct DUALSTRINGARRAY *pds)
129 struct cli_credentials *cc;
130 struct dcerpc_binding *b;
134 cc = dcom_get_server_credentials(ctx, server);
135 for (i = 0; pds->stringbindings[i]; ++i) {
136 if (pds->stringbindings[i]->wTowerId != EPM_PROTOCOL_TCP)
138 status = dcerpc_binding_from_STRINGBINDING(ctx, &b, pds->stringbindings[i]);
139 if (!NT_STATUS_IS_OK(status))
141 dcom_add_server_credentials(ctx, b->host, cc);
146 struct dcom_client_context *dcom_client_init(struct com_context *ctx, struct cli_credentials *credentials)
148 ctx->dcom = talloc_zero(ctx, struct dcom_client_context);
150 credentials = cli_credentials_init(ctx);
151 cli_credentials_set_conf(credentials, ctx->lp_ctx);
152 cli_credentials_parse_string(credentials, "%", CRED_SPECIFIED);
154 dcom_add_server_credentials(ctx, NULL, credentials);
158 static NTSTATUS dcom_connect_host(struct com_context *ctx,
159 struct dcerpc_pipe **p, const char *server)
161 struct dcerpc_binding *bd;
162 const char * available_transports[] = { "ncacn_ip_tcp", "ncacn_np" };
167 if (server == NULL) {
168 return dcerpc_pipe_connect(ctx->event_ctx, p, "ncalrpc",
169 &ndr_table_IRemoteActivation,
170 dcom_get_server_credentials(ctx, NULL), ctx->event_ctx, ctx->lp_ctx);
172 loc_ctx = talloc_new(ctx);
174 /* Allow server name to contain a binding string */
175 if (strchr(server, ':') &&
176 NT_STATUS_IS_OK(dcerpc_parse_binding(loc_ctx, server, &bd))) {
178 bd->flags |= DCERPC_DEBUG_PRINT_BOTH;
179 status = dcerpc_pipe_connect_b(ctx->event_ctx, p, bd,
180 &ndr_table_IRemoteActivation,
181 dcom_get_server_credentials(ctx, bd->host), ctx->event_ctx, ctx->lp_ctx);
185 for (i = 0; i < ARRAY_SIZE(available_transports); i++)
187 char *binding = talloc_asprintf(loc_ctx, "%s:%s", available_transports[i], server);
189 status = NT_STATUS_NO_MEMORY;
192 status = dcerpc_pipe_connect(ctx->event_ctx, p, binding,
193 &ndr_table_IRemoteActivation,
194 dcom_get_server_credentials(ctx, server),
195 ctx->event_ctx, ctx->lp_ctx);
197 if (NT_STATUS_IS_OK(status)) {
199 (*p)->conn->flags |= DCERPC_DEBUG_PRINT_BOTH;
202 DEBUG(1,(__location__": dcom_connect_host : %s\n", get_friendly_nt_error_msg(status)));
207 talloc_free(loc_ctx);
211 struct dcom_object_exporter *object_exporter_by_oxid(struct com_context *ctx,
214 struct dcom_object_exporter *ox;
215 for (ox = ctx->dcom->object_exporters; ox; ox = ox->next) {
216 if (ox->oxid == oxid) {
224 struct dcom_object_exporter *object_exporter_update_oxid(struct com_context *ctx, uint64_t oxid, struct DUALSTRINGARRAY *bindings)
226 struct dcom_object_exporter *ox;
227 ox = object_exporter_by_oxid(ctx, oxid);
229 ox = talloc_zero(ctx, struct dcom_object_exporter);
230 DLIST_ADD(ctx->dcom->object_exporters, ox);
233 talloc_free(ox->bindings);
235 ox->bindings = bindings;
236 talloc_steal(ox, bindings);
240 struct dcom_object_exporter *object_exporter_by_ip(struct com_context *ctx, struct IUnknown *ip)
242 return object_exporter_by_oxid(ctx, ip->obj.u_objref.u_standard.std.oxid);
245 WERROR dcom_create_object(struct com_context *ctx, struct GUID *clsid, const char *server, int num_ifaces, struct GUID *iid, struct IUnknown ***ip, HRESULT *results)
247 uint16_t protseq[] = DCOM_NEGOTIATED_PROTOCOLS;
248 struct dcerpc_pipe *p;
249 struct dcom_object_exporter *m;
251 struct RemoteActivation r;
252 struct DUALSTRINGARRAY *pds;
256 struct GUID ipidRemUnknown;
257 struct IUnknown *ru_template;
258 struct ORPCTHAT that;
260 struct COMVERSION ServerVersion;
261 struct MInterfacePointer **ifaces;
264 status = dcom_connect_host(ctx, &p, server);
265 if (NT_STATUS_IS_ERR(status)) {
266 DEBUG(1, ("Unable to connect to %s - %s\n", server, get_friendly_nt_error_msg(status)));
267 return ntstatus_to_werror(status);
269 loc_ctx = talloc_new(ctx);
271 ifaces = talloc_array(loc_ctx, struct MInterfacePointer *, num_ifaces);
274 r.in.this.version.MajorVersion = COM_MAJOR_VERSION;
275 r.in.this.version.MinorVersion = COM_MINOR_VERSION;
276 r.in.this.cid = GUID_random();
278 r.in.ClientImpLevel = RPC_C_IMP_LEVEL_IDENTIFY;
279 r.in.num_protseqs = ARRAY_SIZE(protseq);
280 r.in.protseq = protseq;
281 r.in.Interfaces = num_ifaces;
285 r.out.pdsaOxidBindings = &pds;
286 r.out.ipidRemUnknown = &ipidRemUnknown;
287 r.out.AuthnHint = &AuthnHint;
288 r.out.ServerVersion = &ServerVersion;
290 r.out.ifaces = ifaces;
291 r.out.results = results;
293 status = dcerpc_RemoteActivation(p, loc_ctx, &r);
296 if(NT_STATUS_IS_ERR(status)) {
297 DEBUG(1, ("Error while running RemoteActivation %s\n", nt_errstr(status)));
298 hr = ntstatus_to_werror(status);
302 if(!W_ERROR_IS_OK(r.out.result)) {
307 if(!HRES_IS_OK(hr)) {
311 m = object_exporter_update_oxid(ctx, oxid, pds);
314 *ip = talloc_array(ctx, struct IUnknown *, num_ifaces);
315 for (i = 0; i < num_ifaces; i++) {
317 if (W_ERROR_IS_OK(results[i])) {
318 status = dcom_IUnknown_from_OBJREF(ctx, &(*ip)[i], &r.out.ifaces[i]->obj);
319 if (!NT_STATUS_IS_OK(status)) {
320 results[i] = ntstatus_to_werror(status);
321 } else if (!ru_template)
322 ru_template = (*ip)[i];
326 /* TODO:avg check when exactly oxid should be updated,its lifetime etc */
327 if (m->rem_unknown && memcmp(&m->rem_unknown->obj.u_objref.u_standard.std.ipid, &ipidRemUnknown, sizeof(ipidRemUnknown))) {
328 talloc_free(m->rem_unknown);
329 m->rem_unknown = NULL;
331 if (!m->rem_unknown) {
333 DEBUG(1,("dcom_create_object: Cannot Create IRemUnknown - template interface not available\n"));
334 hr = WERR_GEN_FAILURE;
336 m->rem_unknown = talloc_zero(m, struct IRemUnknown);
337 memcpy(m->rem_unknown, ru_template, sizeof(struct IUnknown));
338 GUID_from_string(COM_IREMUNKNOWN_UUID, &m->rem_unknown->obj.iid);
339 m->rem_unknown->obj.u_objref.u_standard.std.ipid = ipidRemUnknown;
340 m->rem_unknown->vtable = (struct IRemUnknown_vtable *)dcom_proxy_vtable_by_iid(&m->rem_unknown->obj.iid);
341 /* TODO:avg copy stringbindigs?? */
344 dcom_update_credentials_for_aliases(ctx, server, pds);
347 c = strchr(server, '[');
348 if (m->host) talloc_free(m->host);
349 m->host = c ? talloc_strndup(m, server, c - server) : talloc_strdup(m, server);
353 talloc_free(loc_ctx);
357 int find_similar_binding(struct STRINGBINDING **sb, const char *host)
361 for (i = 0; sb[i]; ++i) {
362 if ((sb[i]->wTowerId == EPM_PROTOCOL_TCP) && !strncasecmp(host, sb[i]->NetworkAddr, l) && (sb[i]->NetworkAddr[l] == '['))
368 WERROR dcom_query_interface(struct IUnknown *d, uint32_t cRefs, uint16_t cIids, struct GUID *iids, struct IUnknown **ip, WERROR *results)
370 struct dcom_object_exporter *ox;
371 struct REMQIRESULT *rqir;
378 loc_ctx = talloc_new(d);
379 ox = object_exporter_by_ip(d->ctx, d);
381 result = IRemUnknown_RemQueryInterface(ox->rem_unknown, loc_ctx, &IUnknown_ipid(d), cRefs, cIids, iids, &rqir);
382 if (!W_ERROR_IS_OK(result)) {
383 DEBUG(1, ("dcom_query_interface failed: %08X\n", W_ERROR_V(result)));
384 talloc_free(loc_ctx);
387 ru = *(struct IUnknown *)ox->rem_unknown;
388 for (i = 0; i < cIids; ++i) {
390 results[i] = rqir[i].hResult;
391 if (W_ERROR_IS_OK(results[i])) {
392 ru.obj.iid = iids[i];
393 ru.obj.u_objref.u_standard.std = rqir[i].std;
394 status = dcom_IUnknown_from_OBJREF(d->ctx, &ip[i], &ru.obj);
395 if (!NT_STATUS_IS_OK(status)) {
396 results[i] = ntstatus_to_werror(status);
401 talloc_free(loc_ctx);
405 int is_ip_binding(const char* s)
407 while (*s && (*s != '[')) {
408 if (((*s >= '0') && (*s <= '9')) || *s == '.')
416 NTSTATUS dcom_get_pipe(struct IUnknown *iface, struct dcerpc_pipe **pp)
418 struct dcerpc_binding *binding;
423 struct dcerpc_pipe *p;
424 struct dcom_object_exporter *ox;
425 const struct ndr_interface_table *table;
427 ox = object_exporter_by_oxid(iface->ctx, iface->obj.u_objref.u_standard.std.oxid);
429 DEBUG(0, ("dcom_get_pipe: OXID not found\n"));
430 return NT_STATUS_NOT_SUPPORTED;
435 iid = iface->vtable->iid;
436 table = ndr_table_by_uuid(&iid);
439 guid_str = GUID_string(NULL, &iid);
440 DEBUG(0,(__location__": dcom_get_pipe - unrecognized interface{%s}\n", guid_str));
441 talloc_free(guid_str);
442 return NT_STATUS_NOT_SUPPORTED;
445 if (p && p->last_fault_code) {
451 if (!GUID_equal(&p->syntax.uuid, &iid)) {
452 ox->pipe->syntax.uuid = iid;
454 /* interface will always be present, so
455 * idl_iface_by_uuid can't return NULL */
456 /* status = dcerpc_secondary_context(p, &p2, idl_iface_by_uuid(&iid)); */
457 status = dcerpc_alter_context(p, p, &ndr_table_by_uuid(&iid)->syntax_id, &p->transfer_syntax);
459 status = NT_STATUS_OK;
464 status = NT_STATUS_NO_MORE_ENTRIES;
466 /* To avoid delays whe connecting nonroutable bindings we 1st check binding starting with hostname */
467 /* FIX:low create concurrent connections to all bindings, fastest wins - Win2k and newer does this way???? */
468 isimilar = find_similar_binding(ox->bindings->stringbindings, ox->host);
469 DEBUG(1, (__location__": dcom_get_pipe: host=%s, similar=%s\n", ox->host, ox->bindings->stringbindings[isimilar] ? ox->bindings->stringbindings[isimilar]->NetworkAddr : "None"));
471 for (i = 0; ox->bindings->stringbindings[i]; ++i) {
472 if (!ox->bindings->stringbindings[++j]) j = 0;
473 /* FIXME:LOW Use also other transports if possible */
474 if ((j != isimilar) && (ox->bindings->stringbindings[j]->wTowerId != EPM_PROTOCOL_TCP || !is_ip_binding(ox->bindings->stringbindings[j]->NetworkAddr))) {
475 DEBUG(9, ("dcom_get_pipe: Skipping stringbinding %24.24s\n", ox->bindings->stringbindings[j]->NetworkAddr));
478 DEBUG(9, ("dcom_get_pipe: Trying stringbinding %s\n", ox->bindings->stringbindings[j]->NetworkAddr));
479 status = dcerpc_binding_from_STRINGBINDING(iface->ctx, &binding,
480 ox->bindings->stringbindings[j]);
481 if (!NT_STATUS_IS_OK(status)) {
482 DEBUG(1, ("Error parsing string binding"));
484 /* FIXME:LOW Make flags more flexible */
485 binding->flags |= DCERPC_AUTH_NTLM | DCERPC_SIGN;
487 binding->flags |= DCERPC_DEBUG_PRINT_BOTH;
488 status = dcerpc_pipe_connect_b(iface->ctx->event_ctx, &p, binding,
489 ndr_table_by_uuid(&iid),
490 dcom_get_server_credentials(iface->ctx, binding->host),
491 iface->ctx->event_ctx, iface->ctx->lp_ctx);
492 talloc_unlink(iface->ctx, binding);
494 if (NT_STATUS_IS_OK(status)) break;
497 if (NT_STATUS_IS_ERR(status)) {
498 DEBUG(0, ("Unable to connect to remote host - %s\n", nt_errstr(status)));
502 DEBUG(2, ("Successfully connected to OXID %llx\n", (long long)oxid));
509 NTSTATUS dcom_OBJREF_from_IUnknown(TALLLOC_CTX *mem_ctx, struct OBJREF *o, struct IUnknown *p)
511 /* FIXME: Cache generated objref objects? */
515 o->signature = OBJREF_SIGNATURE;
516 o->flags = OBJREF_NULL;
520 case OBJREF_CUSTOM: {
523 marshal = dcom_marshal_by_clsid(&o->u_objref.u_custom.clsid);
525 return marshal(mem_ctx, p, o);
527 return NT_STATUS_NOT_SUPPORTED;
536 enum ndr_err_code dcom_IUnknown_from_OBJREF(struct com_context *ctx, struct IUnknown **_p, struct OBJREF *o)
539 struct dcom_object_exporter *ox;
540 unmarshal_fn unmarshal;
545 return NDR_ERR_SUCCESS;
547 case OBJREF_STANDARD:
548 p = talloc_zero(ctx, struct IUnknown);
551 p->vtable = dcom_proxy_vtable_by_iid(&o->iid);
554 DEBUG(0, ("Unable to find proxy class for interface with IID %s\n", GUID_string(ctx, &o->iid)));
555 return NDR_ERR_INVALID_POINTER;
558 p->vtable->Release_send = dcom_release_send;
560 ox = object_exporter_by_oxid(ctx, o->u_objref.u_standard.std.oxid);
561 /* FIXME: Add object to list of objects to ping */
563 return NDR_ERR_SUCCESS;
566 p = talloc_zero(ctx, struct IUnknown);
569 ox = object_exporter_by_oxid(ctx, o->u_objref.u_handler.std.oxid );
570 /* FIXME: Add object to list of objects to ping */
571 /*FIXME p->vtable = dcom_vtable_by_clsid(&o->u_objref.u_handler.clsid);*/
572 /* FIXME: Do the custom unmarshaling call */
575 return NDR_ERR_BAD_SWITCH;
578 p = talloc_zero(ctx, struct IUnknown);
582 unmarshal = dcom_unmarshal_by_clsid(&o->u_objref.u_custom.clsid);
585 return unmarshal(ctx, o, _p);
587 return NDR_ERR_BAD_SWITCH;
591 return NDR_ERR_BAD_SWITCH;
594 uint64_t dcom_get_current_oxid(void)
599 /* FIXME:Fake async dcom_get_pipe_* */
600 struct composite_context *dcom_get_pipe_send(struct IUnknown *d, TALLOC_CTX *mem_ctx)
602 struct composite_context *c;
604 c = composite_create(0, d->ctx->event_ctx);
605 if (c == NULL) return NULL;
607 /* composite_done(c); bugged - callback is triggered twice by composite_continue and composite_done */
608 c->state = COMPOSITE_STATE_DONE; /* this is workaround */
613 NTSTATUS dcom_get_pipe_recv(struct composite_context *c, struct dcerpc_pipe **pp)
617 status = dcom_get_pipe((struct IUnknown *)c->private_data, pp);
623 /* FIXME:avg put IUnknown_Release_out into header */
624 struct IUnknown_Release_out {
628 void dcom_release_continue(struct composite_context *cr)
630 struct composite_context *c;
632 struct IUnknown_Release_out *out;
635 c = talloc_get_type(cr->async.private_data, struct composite_context);
637 r = IRemUnknown_RemRelease_recv(cr);
639 out = talloc_zero(c, struct IUnknown_Release_out);
640 out->result = W_ERROR_V(r);
641 c->private_data = out;
645 struct composite_context *dcom_release_send(struct IUnknown *d, TALLOC_CTX *mem_ctx)
647 struct composite_context *c, *cr;
648 struct REMINTERFACEREF iref;
649 struct dcom_object_exporter *ox;
651 c = composite_create(d->ctx, d->ctx->event_ctx);
652 if (c == NULL) return NULL;
655 ox = object_exporter_by_ip(d->ctx, d);
656 iref.ipid = IUnknown_ipid(d);
657 iref.cPublicRefs = 5;
658 iref.cPrivateRefs = 0;
659 cr = IRemUnknown_RemRelease_send(ox->rem_unknown, mem_ctx, 1, &iref);
661 composite_continue(c, cr, dcom_release_continue, c);
665 uint32_t dcom_release_recv(struct composite_context *c)
670 status = composite_wait(c);
671 if (!NT_STATUS_IS_OK(status))
672 r = ntstatus_to_werror(status);
674 W_ERROR_V(r) = ((struct IUnknown_Release_out *)c->private_data)->result;
676 return W_ERROR_IS_OK(r) ? 0 : W_ERROR_V(r);
679 uint32_t dcom_release(void *interface, TALLOC_CTX *mem_ctx)
681 struct composite_context *c;
683 c = dcom_release_send(interface, mem_ctx);
684 return dcom_release_recv(c);
687 void dcom_proxy_async_call_recv_pipe_send_rpc(struct composite_context *c_pipe)
689 struct composite_context *c;
690 struct dcom_proxy_async_call_state *s;
691 struct dcerpc_pipe *p;
692 struct rpc_request *req;
695 c = c_pipe->async.private_data;
696 s = talloc_get_type(c->private_data, struct dcom_proxy_async_call_state);
698 status = dcom_get_pipe_recv(c_pipe, &p);
699 if (!NT_STATUS_IS_OK(status)) {
700 composite_error(c, NT_STATUS_RPC_NT_CALL_FAILED);
703 /*TODO: FIXME - for now this unused anyway */
704 req = dcerpc_ndr_request_send(p, &s->d->obj.u_objref.u_standard.std.ipid, s->table, s->opnum, s, s->r);
705 composite_continue_rpc(c, req, s->continuation, c);