* Copyright (C) Andrew Tridgell 1992-1998,
* Largely re-written : 2005
* Copyright (C) Jeremy Allison 1998 - 2005
+ * Copyright (C) Simo Sorce 2010
+ * Copyright (C) Andrew Bartlett 2011
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
+#include "rpc_client/cli_pipe.h"
#include "rpc_server/srv_pipe_internal.h"
#include "rpc_dce.h"
+#include "../libcli/named_pipe_auth/npa_tstream.h"
+#include "rpc_server/rpc_ncacn_np.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/auth.h"
+#include "../auth/auth_sam_reply.h"
+#include "auth.h"
+#include "ntdomain.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "rpc_contexts.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
-static int pipes_open;
-
static struct pipes_struct *InternalPipes;
/* TODO
return False;
}
- if (p->auth.auth_data_free_func) {
- (*p->auth.auth_data_free_func)(&p->auth);
- }
-
- free_pipe_rpc_context_internal( p->contexts );
+ TALLOC_FREE(p->auth.auth_ctx);
/* Free the handles database. */
close_policy_by_pipe(p);
+ free_pipe_rpc_context_internal( p->contexts );
+
DLIST_REMOVE(InternalPipes, p);
ZERO_STRUCTP(p);
struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *syntax,
- struct client_address *client_id,
- const struct auth_serversupplied_info *server_info,
+ const struct tsocket_address *remote_address,
+ const struct auth3_session_info *session_info,
struct messaging_context *msg_ctx)
{
struct pipes_struct *p;
+ struct pipe_rpc_fns *context_fns;
DEBUG(4,("Create pipe requested %s\n",
get_pipe_name_from_syntax(talloc_tos(), syntax)));
- p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
+ p = talloc_zero(mem_ctx, struct pipes_struct);
if (!p) {
DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
return NULL;
}
- p->server_info = copy_serverinfo(p, server_info);
- if (p->server_info == NULL) {
+ p->session_info = copy_session_info(p, session_info);
+ if (p->session_info == NULL) {
DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
close_policy_by_pipe(p);
TALLOC_FREE(p);
DLIST_ADD(InternalPipes, p);
- p->client_id = client_id;
+ p->remote_address = tsocket_address_copy(remote_address, p);
+ if (p->remote_address == NULL) {
+ return false;
+ }
p->endian = RPC_LITTLE_ENDIAN;
- p->syntax = *syntax;
+ p->transport = NCALRPC;
- DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
- get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
+ context_fns = SMB_MALLOC_P(struct pipe_rpc_fns);
+ if (context_fns == NULL) {
+ DEBUG(0,("malloc() failed!\n"));
+ return False;
+ }
+
+ context_fns->next = context_fns->prev = NULL;
+ context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(syntax);
+ context_fns->cmds = rpc_srv_get_pipe_cmds(syntax);
+ context_fns->context_id = 0;
+ context_fns->syntax = *syntax;
+
+ /* add to the list of open contexts */
+ DLIST_ADD(p->contexts, context_fns);
+
+ DEBUG(4,("Created internal pipe %s\n",
+ get_pipe_name_from_syntax(talloc_tos(), syntax)));
talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
const DATA_BLOB *in_data,
DATA_BLOB *out_data)
{
- uint32_t num_cmds = rpc_srv_get_pipe_num_cmds(&p->syntax);
- const struct api_struct *cmds = rpc_srv_get_pipe_cmds(&p->syntax);
+ struct pipe_rpc_fns *fns = find_pipe_fns_by_context(p->contexts, 0);
+ uint32_t num_cmds = fns->n_cmds;
+ const struct api_struct *cmds = fns->cmds;
uint32_t i;
bool ok;
{
void *struct_ptr = discard_const(_struct_ptr);
- if (DEBUGLEVEL < 10) {
+ if (DEBUGLEVEL < 11) {
return;
}
static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *abstract_syntax,
const struct ndr_interface_table *ndr_table,
- struct client_address *client_id,
- const struct auth_serversupplied_info *server_info,
+ const struct tsocket_address *remote_address,
+ const struct auth3_session_info *session_info,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle **binding_handle)
{
}
hs->p = make_internal_rpc_pipe_p(hs,
abstract_syntax,
- client_id,
- server_info,
+ remote_address,
+ session_info,
msg_ctx);
if (hs->p == NULL) {
TALLOC_FREE(h);
*
* @param[in] ndr_table Normally the ndr_table_<name>.
*
- * @param[in] client_id The info about the connected client.
+ * @param[in] remote_address The info about the connected client.
*
* @param[in] serversupplied_info The server supplied authentication function.
*
*
* status = rpcint_binding_handle(tmp_ctx,
* &ndr_table_winreg,
- * p->client_id,
- * p->server_info,
+ * p->remote_address,
+ * p->session_info,
* p->msg_ctx
* &winreg_binding);
* @endcode
*/
NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
const struct ndr_interface_table *ndr_table,
- struct client_address *client_id,
- const struct auth_serversupplied_info *server_info,
+ const struct tsocket_address *remote_address,
+ const struct auth3_session_info *session_info,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle **binding_handle)
{
- return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, client_id,
- server_info, msg_ctx, binding_handle);
+ return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, remote_address,
+ session_info, msg_ctx, binding_handle);
}
/**
- * @brief Create a new RPC client context which uses a local dispatch function.
+ * @internal
+ *
+ * @brief Create a new RPC client context which uses a local transport.
+ *
+ * This creates a local transport. It is a shortcut to directly call the server
+ * functions and avoid marshalling.
+ * NOTE: this function should be used only by rpc_pipe_open_interface()
*
* @param[in] mem_ctx The memory context to use.
*
* @param[in] abstract_syntax Normally the syntax_id of the autogenerated
* ndr_table_<name>.
*
- * @param[in] dispatch The corresponding autogenerated dispatch function
- * rpc_<name>_dispatch.
- *
* @param[in] serversupplied_info The server supplied authentication function.
*
+ * @param[in] remote_address The client address information.
+ *
+ * @param[in] msg_ctx The messaging context to use.
+ *
* @param[out] presult A pointer to store the connected rpc client pipe.
*
* @return NT_STATUS_OK on success, a corresponding NT status if an
* error occured.
- *
- * @code
- * struct rpc_pipe_client *winreg_pipe;
- * NTSTATUS status;
- *
- * status = rpc_pipe_open_internal(tmp_ctx,
- * &ndr_table_winreg.syntax_id,
- * rpc_winreg_dispatch,
- * p->server_info,
- * &winreg_pipe);
- * @endcode
*/
-NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
+static NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *abstract_syntax,
- struct auth_serversupplied_info *serversupplied_info,
- struct client_address *client_id,
+ const struct auth3_session_info *session_info,
+ const struct tsocket_address *remote_address,
struct messaging_context *msg_ctx,
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
NTSTATUS status;
- result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
+ result = talloc_zero(mem_ctx, struct rpc_pipe_client);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
- if (client_id == NULL) {
- static struct client_address unknown;
- strlcpy(unknown.addr, "<UNKNOWN>", sizeof(unknown.addr));
- unknown.name = "<UNKNOWN>";
- client_id = &unknown;
+ if (remote_address == NULL) {
+ struct tsocket_address *local;
+ int rc;
+
+ rc = tsocket_address_inet_from_strings(mem_ctx,
+ "ip",
+ "127.0.0.1",
+ 0,
+ &local);
+ if (rc < 0) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ remote_address = local;
}
result->max_xmit_frag = -1;
status = rpcint_binding_handle_ex(result,
abstract_syntax,
NULL,
- client_id,
- serversupplied_info,
+ remote_address,
+ session_info,
msg_ctx,
&result->binding_handle);
if (!NT_STATUS_IS_OK(status)) {
*presult = result;
return NT_STATUS_OK;
}
+
+/****************************************************************************
+ * External pipes functions
+ ***************************************************************************/
+
+
+struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
+ const char *pipe_name,
+ const struct tsocket_address *local_address,
+ const struct tsocket_address *remote_address,
+ const struct auth3_session_info *session_info)
+{
+ struct np_proxy_state *result;
+ char *socket_np_dir;
+ const char *socket_dir;
+ struct tevent_context *ev;
+ struct tevent_req *subreq;
+ struct auth_session_info_transport *session_info_t;
+ struct auth_session_info *session_info_npa;
+ struct auth_user_info_dc *user_info_dc;
+ union netr_Validation val;
+ NTSTATUS status;
+ bool ok;
+ int ret;
+ int sys_errno;
+
+ result = talloc(mem_ctx, struct np_proxy_state);
+ if (result == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return NULL;
+ }
+
+ result->read_queue = tevent_queue_create(result, "np_read");
+ if (result->read_queue == NULL) {
+ DEBUG(0, ("tevent_queue_create failed\n"));
+ goto fail;
+ }
+
+ result->write_queue = tevent_queue_create(result, "np_write");
+ if (result->write_queue == NULL) {
+ DEBUG(0, ("tevent_queue_create failed\n"));
+ goto fail;
+ }
+
+ ev = s3_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ DEBUG(0, ("s3_tevent_context_init failed\n"));
+ goto fail;
+ }
+
+ socket_dir = lp_parm_const_string(
+ GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
+ lp_ncalrpc_dir());
+ if (socket_dir == NULL) {
+ DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n"));
+ goto fail;
+ }
+ socket_np_dir = talloc_asprintf(talloc_tos(), "%s/np", socket_dir);
+ if (socket_np_dir == NULL) {
+ DEBUG(0, ("talloc_asprintf failed\n"));
+ goto fail;
+ }
+
+ session_info_npa = talloc_zero(talloc_tos(), struct auth_session_info);
+ if (session_info_npa == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ goto fail;
+ }
+
+ /* Send the named_pipe_auth server the user's full token */
+ session_info_npa->security_token = session_info->security_token;
+ session_info_npa->session_key = session_info->session_key;
+ session_info_npa->unix_token = session_info->unix_token;
+ session_info_npa->unix_info = session_info->unix_info;
+
+ val.sam3 = session_info->info3;
+
+ /* Convert into something we can build a struct
+ * auth_session_info from. Most of the work here
+ * will be to convert the SIDS, which we will then ignore, but
+ * this is the easier way to handle it */
+ status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
+ goto fail;
+ }
+
+ session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);
+ talloc_free(user_info_dc);
+
+ session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
+ if (session_info_npa == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ goto fail;
+ }
+
+ session_info_t->session_info = talloc_steal(session_info_t, session_info_npa);
+
+ become_root();
+ subreq = tstream_npa_connect_send(talloc_tos(), ev,
+ socket_np_dir,
+ pipe_name,
+ remote_address, /* client_addr */
+ NULL, /* client_name */
+ local_address, /* server_addr */
+ NULL, /* server_name */
+ session_info_t);
+ if (subreq == NULL) {
+ unbecome_root();
+ DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
+ "user %s\\%s failed\n",
+ socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+ session_info_t->session_info->info->account_name));
+ goto fail;
+ }
+ ok = tevent_req_poll(subreq, ev);
+ unbecome_root();
+ if (!ok) {
+ DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
+ "failed for tstream_npa_connect: %s\n",
+ socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+ session_info_t->session_info->info->account_name,
+ strerror(errno)));
+ goto fail;
+
+ }
+ ret = tstream_npa_connect_recv(subreq, &sys_errno,
+ result,
+ &result->npipe,
+ &result->file_type,
+ &result->device_state,
+ &result->allocation_size);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and "
+ "user %s\\%s failed: %s\n",
+ socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+ session_info_t->session_info->info->account_name,
+ strerror(sys_errno)));
+ goto fail;
+ }
+
+ return result;
+
+ fail:
+ TALLOC_FREE(result);
+ return NULL;
+}
+
+static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx,
+ const char *pipe_name,
+ const struct ndr_syntax_id *abstract_syntax,
+ const struct auth3_session_info *session_info,
+ struct rpc_pipe_client **_result)
+{
+ struct tsocket_address *local, *remote;
+ struct rpc_pipe_client *result = NULL;
+ struct np_proxy_state *proxy_state = NULL;
+ struct pipe_auth_data *auth;
+ NTSTATUS status;
+ int ret;
+
+ /* this is an internal connection, fake up ip addresses */
+ ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
+ NULL, 0, &local);
+ if (ret) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
+ NULL, 0, &remote);
+ if (ret) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ proxy_state = make_external_rpc_pipe_p(mem_ctx, pipe_name,
+ local, remote, session_info);
+ if (!proxy_state) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ result = talloc_zero(mem_ctx, struct rpc_pipe_client);
+ if (result == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ result->abstract_syntax = *abstract_syntax;
+ result->transfer_syntax = ndr_transfer_syntax;
+
+ result->desthost = get_myname(result);
+ result->srv_name_slash = talloc_asprintf_strupper_m(
+ result, "\\\\%s", result->desthost);
+ if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
+
+ status = rpc_transport_tstream_init(result,
+ &proxy_state->npipe,
+ &result->transport);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ result->binding_handle = rpccli_bh_create(result);
+ if (result->binding_handle == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ DEBUG(0, ("Failed to create binding handle.\n"));
+ goto done;
+ }
+
+ result->auth = talloc_zero(result, struct pipe_auth_data);
+ if (!result->auth) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ result->auth->auth_type = DCERPC_AUTH_TYPE_NONE;
+ result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
+
+ status = rpccli_anon_bind_data(result, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to initialize anonymous bind.\n"));
+ goto done;
+ }
+
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to bind external pipe.\n"));
+ goto done;
+ }
+
+done:
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(result);
+ }
+ TALLOC_FREE(proxy_state);
+ *_result = result;
+ return status;
+}
+
+/**
+ * @brief Create a new RPC client context which uses a local dispatch function
+ * or a remote transport, depending on rpc_server configuration for the
+ * specific service.
+ *
+ * @param[in] mem_ctx The memory context to use.
+ *
+ * @param[in] abstract_syntax Normally the syntax_id of the autogenerated
+ * ndr_table_<name>.
+ *
+ * @param[in] serversupplied_info The server supplied authentication function.
+ *
+ * @param[in] remote_address The client address information.
+ *
+ * @param[in] msg_ctx The messaging context to use.
+ *
+ * @param[out] presult A pointer to store the connected rpc client pipe.
+ *
+ * @return NT_STATUS_OK on success, a corresponding NT status if an
+ * error occured.
+ *
+ * @code
+ * struct rpc_pipe_client *winreg_pipe;
+ * NTSTATUS status;
+ *
+ * status = rpc_pipe_open_interface(tmp_ctx,
+ * &ndr_table_winreg.syntax_id,
+ * p->session_info,
+ * remote_address,
+ * &winreg_pipe);
+ * @endcode
+ */
+
+NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
+ const struct ndr_syntax_id *syntax,
+ const struct auth3_session_info *session_info,
+ const struct tsocket_address *remote_address,
+ struct messaging_context *msg_ctx,
+ struct rpc_pipe_client **cli_pipe)
+{
+ struct rpc_pipe_client *cli = NULL;
+ const char *server_type;
+ const char *pipe_name;
+ NTSTATUS status;
+ TALLOC_CTX *tmp_ctx;
+
+ if (cli_pipe && rpccli_is_connected(*cli_pipe)) {
+ return NT_STATUS_OK;
+ } else {
+ TALLOC_FREE(*cli_pipe);
+ }
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax);
+ if (pipe_name == NULL) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ while (pipe_name[0] == '\\') {
+ pipe_name++;
+ }
+
+ DEBUG(5, ("Connecting to %s pipe.\n", pipe_name));
+
+ server_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
+ "rpc_server", pipe_name,
+ "embedded");
+
+ if (strcasecmp_m(server_type, "embedded") == 0) {
+ status = rpc_pipe_open_internal(tmp_ctx,
+ syntax, session_info,
+ remote_address, msg_ctx,
+ &cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ } else if (strcasecmp_m(server_type, "daemon") == 0 ||
+ strcasecmp_m(server_type, "external") == 0) {
+ /* It would be nice to just use rpc_pipe_open_ncalrpc() but
+ * for now we need to use the special proxy setup to connect
+ * to spoolssd. */
+
+ status = rpc_pipe_open_external(tmp_ctx,
+ pipe_name, syntax,
+ session_info,
+ &cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ } else {
+ status = NT_STATUS_NOT_IMPLEMENTED;
+ DEBUG(0, ("Wrong servertype specified in config file: %s",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ status = NT_STATUS_OK;
+done:
+ if (NT_STATUS_IS_OK(status)) {
+ *cli_pipe = talloc_move(mem_ctx, &cli);
+ }
+ TALLOC_FREE(tmp_ctx);
+ return status;
+}