2 Unix SMB/CIFS implementation.
4 server side dcerpc defines
6 Copyright (C) Andrew Tridgell 2003-2005
7 Copyright (C) Stefan (metze) Metzmacher 2004-2005
8 Copyright (C) Samuel Cabrero <scabrero@samba.org> 2019
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #ifndef _LIBRPC_RPC_DCESRV_CORE_H_
25 #define _LIBRPC_RPC_DCESRV_CORE_H_
27 #include "librpc/rpc/rpc_common.h"
28 #include "librpc/ndr/libndr.h"
29 #include "librpc/gen_ndr/security.h"
31 /* modules can use the following to determine if the interface has changed
32 * please increment the version number after each interface change
33 * with a comment and maybe update struct dcesrv_critical_sizes.
35 /* version 1 - initial version - metze */
36 #define DCERPC_MODULE_VERSION 1
38 struct dcesrv_connection;
39 struct dcesrv_call_state;
41 struct dcesrv_connection_context;
42 struct dcesrv_iface_state;
43 struct cli_credentials;
45 struct dcesrv_interface {
47 struct ndr_syntax_id syntax_id;
49 /* this function is called when the client binds to this interface */
50 NTSTATUS (*bind)(struct dcesrv_connection_context *, const struct dcesrv_interface *);
52 /* this function is called when the client disconnects the endpoint */
53 void (*unbind)(struct dcesrv_connection_context *, const struct dcesrv_interface *);
55 /* the ndr_pull function for the chosen interface.
57 NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **);
59 /* the dispatch function for the chosen interface.
61 NTSTATUS (*dispatch)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
63 /* the reply function for the chosen interface.
65 NTSTATUS (*reply)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
67 /* the ndr_push function for the chosen interface.
69 NTSTATUS (*ndr_push)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_push *, const void *);
71 /* the local dispatch function for the chosen interface.
73 NTSTATUS (*local)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
75 /* for any private use by the interface code */
76 const void *private_data;
81 #define DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED 0x00000001
83 enum dcesrv_call_list {
85 DCESRV_LIST_CALL_LIST,
86 DCESRV_LIST_FRAGMENTED_CALL_LIST,
87 DCESRV_LIST_PENDING_CALL_LIST
90 struct data_blob_list_item {
91 struct data_blob_list_item *prev,*next;
95 /* the state of an ongoing dcerpc call */
96 struct dcesrv_call_state {
97 struct dcesrv_call_state *next, *prev;
98 struct dcesrv_auth *auth_state;
99 struct dcesrv_connection *conn;
100 struct dcesrv_connection_context *context;
101 struct ncacn_packet pkt;
104 * Used during async bind/alter_context.
106 struct ncacn_packet ack_pkt;
109 which list this request is in, if any
111 enum dcesrv_call_list list;
113 /* the backend can mark the call
114 * with DCESRV_CALL_STATE_FLAG_ASYNC
115 * that will cause the frontend to not touch r->out
118 * this is only allowed to the backend when DCESRV_CALL_STATE_FLAG_MAY_ASYNC
119 * is already set by the frontend
121 * the backend then needs to call dcesrv_reply() when it's
122 * ready to send the reply
124 #define DCESRV_CALL_STATE_FLAG_ASYNC (1<<0)
125 #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1)
126 #define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3)
127 #define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4)
128 #define DCESRV_CALL_STATE_FLAG_WINBIND_OFF (1 << 5)
129 uint32_t state_flags;
131 /* the time the request arrived in the server */
134 /* the backend can use this event context for async replies */
135 struct tevent_context *event_ctx;
137 /* this is the pointer to the allocated function struct */
141 * that's the ndr pull context used in dcesrv_request()
142 * needed by dcesrv_reply() to carry over information
143 * for full pointer support.
145 struct ndr_pull *ndr_pull;
149 struct data_blob_list_item *replies;
151 /* this is used by the boilerplate code to generate DCERPC faults */
154 /* the reason why we terminate the connection after sending a response */
155 const char *terminate_reason;
157 /* temporary auth_info fields */
158 struct dcerpc_auth in_auth_info;
159 struct dcerpc_auth _out_auth_info;
160 struct dcerpc_auth *out_auth_info;
163 * Optional subreq for pending calls,
164 * will be used to call tevent_req_cancel()
165 * if the connection terminates,
166 * we got an ORPHANED PDU
167 * or got a CO_CANCEL PDU
172 struct tevent_req *subreq;
178 * The various handles that are used in the RPC servers should be
179 * created and fetch using the dcesrv_handle_* functions.
182 * dcesrv_handle_create(struct dcesrv_call_state \*, uint8 handle_type)
183 * to obtain a new handle of the specified type. Handle types are
184 * unique within each pipe.
186 * The handle can later be fetched again using:
188 * struct dcesrv_handle *dcesrv_handle_lookup(
189 * struct dcesrv_call_state *dce_call,
190 * struct policy_handle *p,
195 * TALLOC_FREE(struct dcesrv_handle *).
197 * User data should be stored in the 'data' member of the dcesrv_handle
201 #define DCESRV_HANDLE_ANY 255
203 /* a dcerpc handle in internal format */
204 struct dcesrv_handle {
205 struct dcesrv_handle *next, *prev;
206 struct dcesrv_assoc_group *assoc_group;
207 struct policy_handle wire_handle;
209 enum dcerpc_AuthLevel min_auth_level;
210 const struct dcesrv_interface *iface;
214 /* hold the authentication state information */
216 struct dcesrv_auth *prev, *next;
217 enum dcerpc_AuthType auth_type;
218 enum dcerpc_AuthLevel auth_level;
219 uint32_t auth_context_id;
220 struct gensec_security *gensec_security;
221 struct auth_session_info *session_info;
222 NTSTATUS (*session_key_fn)(struct dcesrv_auth *, DATA_BLOB *session_key);
229 struct dcesrv_connection_context {
230 struct dcesrv_connection_context *next, *prev;
233 /* the connection this is on */
234 struct dcesrv_connection *conn;
236 /* the ndr function table for the chosen interface */
237 const struct dcesrv_interface *iface;
240 * the minimum required auth level for this interface
242 enum dcerpc_AuthLevel min_auth_level;
245 /* the negotiated transfer syntax */
246 struct ndr_syntax_id transfer_syntax;
251 /* the state associated with a dcerpc server connection */
252 struct dcesrv_connection {
253 /* for the broken_connections DLIST */
254 struct dcesrv_connection *prev, *next;
256 /* the top level context for this server */
257 struct dcesrv_context *dce_ctx;
259 /* the endpoint that was opened */
260 const struct dcesrv_endpoint *endpoint;
262 /* a list of established context_ids */
263 struct dcesrv_connection_context *contexts;
265 /* the state of the current incoming call fragments */
266 struct dcesrv_call_state *incoming_fragmented_call_list;
268 /* the state of the async pending calls */
269 struct dcesrv_call_state *pending_call_list;
271 /* the state of the current outgoing calls */
272 struct dcesrv_call_state *call_list;
274 /* the maximum size the client wants to receive */
275 uint16_t transport_max_recv_frag;
276 uint16_t max_recv_frag;
277 uint16_t max_xmit_frag;
279 DATA_BLOB partial_input;
281 /* the event_context that will be used for this connection */
282 struct tevent_context *event_ctx;
284 /* is this connection pending termination? If so, why? */
285 const char *terminate;
287 const char *packet_log_dir;
289 /* this is the default state_flags for dcesrv_call_state structs */
290 uint32_t state_flags;
294 void (*report_output_data)(struct dcesrv_connection *);
295 void (*terminate_connection)(struct dcesrv_connection *,
299 struct tstream_context *stream;
300 struct tevent_queue *send_queue;
302 const struct tsocket_address *local_address;
303 const struct tsocket_address *remote_address;
305 /* the current authentication state */
306 struct dcesrv_auth *default_auth_state;
307 size_t max_auth_states;
308 struct dcesrv_auth *auth_states;
309 bool got_explicit_auth_level_connect;
310 struct dcesrv_auth *default_auth_level_connect;
311 bool client_hdr_signing;
312 bool support_hdr_signing;
313 bool negotiated_hdr_signing;
316 * remember which pdu types are allowed
321 /* the association group the connection belongs to */
322 struct dcesrv_assoc_group *assoc_group;
324 /* The maximum total payload of reassembled request pdus */
325 size_t max_total_request_size;
328 * Our preferred transfer syntax.
330 const struct ndr_syntax_id *preferred_transfer;
332 struct dcerpc_sec_vt_preauth preauth;
335 * This is used to block the connection during
336 * pending authentication.
338 struct tevent_req *(*wait_send)(TALLOC_CTX *mem_ctx,
339 struct tevent_context *ev,
341 NTSTATUS (*wait_recv)(struct tevent_req *req);
346 struct dcesrv_endpoint_server {
347 /* this is the name of the endpoint server */
350 /* true if the endpoint server has been initialized */
353 /* this function should register endpoints and some other setup stuff,
354 * it is called when the dcesrv_context gets initialized.
356 NTSTATUS (*init_server)(struct dcesrv_context *, const struct dcesrv_endpoint_server *);
358 /* this function should cleanup endpoint server state and unregister
359 * the endpoint server from dcesrv_context */
360 NTSTATUS (*shutdown_server)(struct dcesrv_context *, const struct dcesrv_endpoint_server *);
362 /* this function can be used by other endpoint servers to
363 * ask for a dcesrv_interface implementation
364 * - iface must be reference to an already existing struct !
366 bool (*interface_by_uuid)(struct dcesrv_interface *iface, const struct GUID *, uint32_t);
368 /* this function can be used by other endpoint servers to
369 * ask for a dcesrv_interface implementation
370 * - iface must be reference to an already existing struct !
372 bool (*interface_by_name)(struct dcesrv_interface *iface, const char *);
376 /* one association groups */
377 struct dcesrv_assoc_group {
381 /* The transport this is valid on */
382 enum dcerpc_transport_t transport;
384 /* list of handles in this association group */
385 struct dcesrv_handle *handles;
388 * list of iface states per assoc/conn
390 struct dcesrv_iface_state *iface_states;
393 struct dcesrv_context *dce_ctx;
395 /* the negotiated bind time features */
396 uint16_t bind_time_features;
399 struct dcesrv_context_callbacks {
401 void (*successful_authz)(
402 struct dcesrv_call_state *call, void *private_data);
406 NTSTATUS (*gensec_prepare)(
408 struct dcesrv_call_state *call,
409 struct gensec_security **out,
412 void (*become_root)(void);
413 void (*unbecome_root)(void);
417 struct dcesrv_call_state *call, void *private_data);
422 /* server-wide context information for the dcerpc server */
423 struct dcesrv_context {
425 * The euid at startup time.
427 * This is required for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM
431 /* the list of endpoints that have registered
432 * by the configured endpoint servers
434 struct dcesrv_endpoint {
435 struct dcesrv_endpoint *next, *prev;
436 /* the type and location of the endpoint */
437 struct dcerpc_binding *ep_description;
438 /* the secondary endpoint description for the BIND_ACK */
439 struct dcerpc_binding *ep_2nd_description;
440 /* the security descriptor for smb named pipes */
441 struct security_descriptor *sd;
442 /* the list of interfaces available on this endpoint */
443 struct dcesrv_if_list {
444 struct dcesrv_if_list *next, *prev;
445 struct dcesrv_interface *iface;
449 * Should this service be run in a single process (so far only
450 * NETLOGON is not run in a single process)
452 bool use_single_process;
456 * registered auth_type/principals
457 * for dcesrv_mgmt_inq_princ_name()
459 struct dcesrv_ctx_principal {
460 struct dcesrv_ctx_principal *next, *prev;
461 enum dcerpc_AuthType auth_type;
462 const char *principal_name;
465 /* loadparm context to use for this connection */
466 struct loadparm_context *lp_ctx;
468 struct idr_context *assoc_groups_idr;
469 uint32_t assoc_groups_num;
471 struct dcesrv_connection *broken_connections;
474 * Our preferred transfer syntax.
476 const struct ndr_syntax_id *preferred_transfer;
478 struct dcesrv_context_callbacks *callbacks;
481 /* this structure is used by modules to determine the size of some critical types */
482 struct dcesrv_critical_sizes {
483 int interface_version;
484 int sizeof_dcesrv_context;
485 int sizeof_dcesrv_endpoint;
486 int sizeof_dcesrv_endpoint_server;
487 int sizeof_dcesrv_interface;
488 int sizeof_dcesrv_if_list;
489 int sizeof_dcesrv_connection;
490 int sizeof_dcesrv_call_state;
491 int sizeof_dcesrv_auth;
492 int sizeof_dcesrv_handle;
495 NTSTATUS dcesrv_auth_type_principal_register(struct dcesrv_context *dce_ctx,
496 enum dcerpc_AuthType auth_type,
497 const char *principal_name);
498 const char *dcesrv_auth_type_principal_find(struct dcesrv_context *dce_ctx,
499 enum dcerpc_AuthType auth_type);
500 NTSTATUS dcesrv_register_default_auth_types(struct dcesrv_context *dce_ctx,
501 const char *principal);
502 NTSTATUS dcesrv_register_default_auth_types_machine_principal(struct dcesrv_context *dce_ctx);
503 NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
505 const char *ncacn_np_secondary_endpoint,
506 const struct dcesrv_interface *iface,
507 const struct security_descriptor *sd);
508 NTSTATUS dcesrv_interface_register_b(struct dcesrv_context *dce_ctx,
509 struct dcerpc_binding *binding,
510 struct dcerpc_binding *binding2,
511 const struct dcesrv_interface *iface,
512 const struct security_descriptor *sd);
513 NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server);
514 NTSTATUS dcesrv_init_ep_servers(struct dcesrv_context *dce_ctx,
515 const char **ep_servers);
516 NTSTATUS dcesrv_init_registered_ep_servers(struct dcesrv_context *dce_ctx);
517 NTSTATUS dcesrv_shutdown_registered_ep_servers(struct dcesrv_context *dce_ctx);
518 NTSTATUS dcesrv_init_ep_server(struct dcesrv_context *dce_ctx,
519 const char *ep_server_name);
520 NTSTATUS dcesrv_shutdown_ep_server(struct dcesrv_context *dce_ctx,
522 const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name);
524 NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
525 struct loadparm_context *lp_ctx,
526 struct dcesrv_context_callbacks *cb,
527 struct dcesrv_context **_dce_ctx);
528 void dcesrv_context_set_callbacks(
529 struct dcesrv_context *dce_ctx,
530 struct dcesrv_context_callbacks *cb);
533 * Use dcesrv_async_reply() in async code
535 NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
536 void _dcesrv_async_reply(struct dcesrv_call_state *call,
538 const char *location);
539 #define dcesrv_async_reply(__call) \
540 _dcesrv_async_reply(__call, __func__, __location__)
542 struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
543 uint8_t handle_type);
545 struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
546 const struct policy_handle *p,
547 uint8_t handle_type);
549 const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn);
550 const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn);
553 * Fetch the authentication session key if available.
555 * This is the key generated by a gensec authentication.
557 NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
558 DATA_BLOB *session_key);
561 * Fetch the transport session key if available.
562 * Typically this is the SMB session key
563 * or a fixed key for local transports.
565 * The key is always truncated to 16 bytes.
567 NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
568 DATA_BLOB *session_key);
570 /* a useful macro for generating a RPC fault in the backend code */
571 #define DCESRV_FAULT(code) do { \
572 dce_call->fault_code = code; \
573 return r->out.result; \
576 /* a useful macro for generating a RPC fault in the backend code */
577 #define DCESRV_FAULT_VOID(code) do { \
578 dce_call->fault_code = code; \
582 /* a useful macro for checking the validity of a dcerpc policy handle
583 and giving the right fault code if invalid */
584 #define DCESRV_CHECK_HANDLE(h) do {if (!(h)) DCESRV_FAULT(DCERPC_FAULT_CONTEXT_MISMATCH); } while (0)
586 /* this checks for a valid policy handle, and gives a fault if an
587 invalid handle or retval if the handle is of the
589 #define DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, retval) do { \
590 (h) = dcesrv_handle_lookup(dce_call, (inhandle), DCESRV_HANDLE_ANY); \
591 DCESRV_CHECK_HANDLE(h); \
592 if ((t) != DCESRV_HANDLE_ANY && (h)->wire_handle.handle_type != (t)) { \
597 /* this checks for a valid policy handle and gives a dcerpc fault
598 if its the wrong type of handle */
599 #define DCESRV_PULL_HANDLE_FAULT(h, inhandle, t) do { \
600 (h) = dcesrv_handle_lookup(dce_call, (inhandle), t); \
601 DCESRV_CHECK_HANDLE(h); \
604 #define DCESRV_PULL_HANDLE(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, NT_STATUS_INVALID_HANDLE)
605 #define DCESRV_PULL_HANDLE_WERR(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, WERR_INVALID_HANDLE)
608 * retrieve credentials from a dce_call
610 _PUBLIC_ struct cli_credentials *dcesrv_call_credentials(struct dcesrv_call_state *dce_call);
613 * returns true if this is an authenticated call
615 _PUBLIC_ bool dcesrv_call_authenticated(struct dcesrv_call_state *dce_call);
618 * retrieve account_name for a dce_call
620 _PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call);
623 * retrieve session_info from a dce_call
625 _PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call);
628 * retrieve auth type/level from a dce_call
630 _PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call,
631 enum dcerpc_AuthType *auth_type,
632 enum dcerpc_AuthLevel *auth_level);
634 _PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_connection_context *context,
635 const struct dcesrv_interface *iface);
636 _PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_connection_context *context,
637 const struct dcesrv_interface *iface);
638 _PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_connection_context *context,
639 const struct dcesrv_interface *iface);
640 _PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_connection_context *context,
641 const struct dcesrv_interface *iface);
643 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_assoc(
644 struct dcesrv_call_state *call,
647 const char *location);
648 #define dcesrv_iface_state_store_assoc(call, magic, ptr) \
649 _dcesrv_iface_state_store_assoc((call), (magic), (ptr), \
651 _PUBLIC_ void *_dcesrv_iface_state_find_assoc(
652 struct dcesrv_call_state *call,
654 #define dcesrv_iface_state_find_assoc(call, magic, _type) \
656 _dcesrv_iface_state_find_assoc((call), (magic)), \
659 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_conn(
660 struct dcesrv_call_state *call,
663 const char *location);
664 #define dcesrv_iface_state_store_conn(call, magic, ptr) \
665 _dcesrv_iface_state_store_conn((call), (magic), (ptr), \
667 _PUBLIC_ void *_dcesrv_iface_state_find_conn(
668 struct dcesrv_call_state *call,
670 #define dcesrv_iface_state_find_conn(call, magic, _type) \
672 _dcesrv_iface_state_find_conn((call), (magic)), \
675 _PUBLIC_ void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx);
677 _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
679 const struct dcesrv_endpoint *ep,
680 struct auth_session_info *session_info,
681 struct tevent_context *event_ctx,
682 uint32_t state_flags,
683 struct dcesrv_connection **_p);
684 _PUBLIC_ NTSTATUS dcesrv_find_endpoint(struct dcesrv_context *dce_ctx,
685 const struct dcerpc_binding *ep_description,
686 struct dcesrv_endpoint **_out);
688 _PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn,
690 _PUBLIC_ void dcesrv_sock_report_output_data(struct dcesrv_connection *dce_conn);
692 _PUBLIC_ NTSTATUS dcesrv_connection_loop_start(struct dcesrv_connection *conn);
694 _PUBLIC_ void dcesrv_loop_next_packet(
695 struct dcesrv_connection *dce_conn,
696 struct ncacn_packet *pkt,
699 _PUBLIC_ NTSTATUS dcesrv_call_dispatch_local(struct dcesrv_call_state *call);
701 _PUBLIC_ const struct dcesrv_interface *find_interface_by_syntax_id(
702 const struct dcesrv_endpoint *endpoint,
703 const struct ndr_syntax_id *interface);
705 void _dcesrv_save_ndr_fuzz_seed(DATA_BLOB call_blob,
706 struct dcesrv_call_state *call,
707 ndr_flags_type flags);
710 #define dcesrv_save_ndr_fuzz_seed(stub, call, flags) \
711 _dcesrv_save_ndr_fuzz_seed(stub, call, flags)
713 #define dcesrv_save_ndr_fuzz_seed(stub, call, flags) \
718 #endif /* _LIBRPC_RPC_DCESRV_CORE_H_ */