Unix SMB/Netbios implementation.
Generic infrstructure for RPC Daemons
Copyright (C) Simo Sorce 2010
+ Copyright (C) Andrew Bartlett 2011
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
+#include "ntdomain.h"
#include "rpc_server/rpc_server.h"
#include "rpc_dce.h"
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/named_pipe_auth/npa_tstream.h"
#include "../auth/auth_sam_reply.h"
#include "auth.h"
-#include "ntdomain.h"
+#include "rpc_server/rpc_ncacn_np.h"
+#include "rpc_server/srv_pipe_hnd.h"
+#include "rpc_server/srv_pipe.h"
#define SERVER_TCP_LOW_PORT 1024
#define SERVER_TCP_HIGH_PORT 1300
static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,
- struct auth_session_info_transport **session_info)
+ struct auth_session_info **session_info)
{
- struct auth_session_info_transport *i;
- struct auth_serversupplied_info *s;
+ struct auth_session_info *i;
+ struct auth3_session_info *s;
struct auth_user_info_dc *u;
union netr_Validation val;
NTSTATUS status;
- i = talloc_zero(mem_ctx, struct auth_session_info_transport);
+ i = talloc_zero(mem_ctx, struct auth_session_info);
if (i == NULL) {
return NT_STATUS_NO_MEMORY;
}
- status = make_server_info_guest(i, &s);
+ status = make_session_info_guest(i, &s);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
* sent from the client */
static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
const char *pipe_name,
- const struct ndr_syntax_id id,
enum dcerpc_transport_t transport,
bool ncalrpc_as_system,
- const char *client_address,
- const char *server_address,
- struct auth_session_info_transport *session_info,
+ const struct tsocket_address *local_address,
+ const struct tsocket_address *remote_address,
+ struct auth_session_info *session_info,
struct pipes_struct **_p,
int *perrno)
{
struct netr_SamInfo3 *info3;
struct auth_user_info_dc *auth_user_info_dc;
struct pipes_struct *p;
- struct auth_serversupplied_info *server_info;
NTSTATUS status;
- bool ok;
p = talloc_zero(mem_ctx, struct pipes_struct);
if (!p) {
*perrno = ENOMEM;
return -1;
}
- p->syntax = id;
+
p->transport = transport;
p->ncalrpc_as_system = ncalrpc_as_system;
return -1;
}
- ok = init_pipe_handles(p, &id);
- if (!ok) {
- DEBUG(1, ("Failed to init handles\n"));
- TALLOC_FREE(p);
- *perrno = EINVAL;
- return -1;
- }
-
-
data_blob_free(&p->in_data.data);
data_blob_free(&p->in_data.pdu);
return -1;
}
- status = make_server_info_info3(p,
- info3->base.account_name.string,
- info3->base.domain.string,
- &server_info, info3);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to init server info\n"));
- TALLOC_FREE(p);
- *perrno = EINVAL;
- return -1;
- }
+ if (session_info->unix_token && session_info->unix_info && session_info->security_token) {
+ /* Don't call create_local_token(), we already have the full details here */
+ p->session_info = talloc_zero(p, struct auth3_session_info);
+ if (p->session_info == NULL) {
+ TALLOC_FREE(p);
+ *perrno = ENOMEM;
+ return -1;
+ }
+ p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token);
+ p->session_info->unix_token = talloc_move(p->session_info, &session_info->unix_token);
+ p->session_info->unix_info = talloc_move(p->session_info, &session_info->unix_info);
+ p->session_info->info3 = talloc_move(p->session_info, &info3);
+ p->session_info->session_key = session_info->session_key;
+ p->session_info->session_key.data = talloc_move(p->session_info, &session_info->session_key.data);
- /*
- * Some internal functions need a local token to determine access to
- * resoutrces.
- */
- status = create_local_token(p, server_info, &session_info->session_key, &p->session_info);
- talloc_free(server_info);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to init local auth token\n"));
- TALLOC_FREE(p);
- *perrno = EINVAL;
- return -1;
- }
+ } else {
+ struct auth_serversupplied_info *server_info;
- /* Now override the session_info->security_token with the exact
- * security_token we were given from the other side,
- * regardless of what we just calculated */
- p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token);
+ status = make_server_info_info3(p,
+ info3->base.account_name.string,
+ info3->base.domain.string,
+ &server_info, info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to init server info\n"));
+ TALLOC_FREE(p);
+ *perrno = EINVAL;
+ return -1;
+ }
- p->client_id = talloc_zero(p, struct client_address);
- if (!p->client_id) {
- TALLOC_FREE(p);
- *perrno = ENOMEM;
- return -1;
+ /*
+ * Some internal functions need a local token to determine access to
+ * resources.
+ */
+ status = create_local_token(p, server_info, &session_info->session_key, &p->session_info);
+ talloc_free(server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to init local auth token\n"));
+ TALLOC_FREE(p);
+ *perrno = EINVAL;
+ return -1;
+ }
}
- strlcpy(p->client_id->addr,
- client_address, sizeof(p->client_id->addr));
- p->client_id->name = talloc_strdup(p->client_id, client_address);
- if (p->client_id->name == NULL) {
+
+ p->remote_address = tsocket_address_copy(remote_address, p);
+ if (p->remote_address == NULL) {
TALLOC_FREE(p);
*perrno = ENOMEM;
return -1;
}
- if (server_address != NULL) {
- p->server_id = talloc_zero(p, struct client_address);
- if (p->client_id == NULL) {
- TALLOC_FREE(p);
- *perrno = ENOMEM;
- return -1;
- }
-
- strlcpy(p->server_id->addr,
- server_address,
- sizeof(p->server_id->addr));
-
- p->server_id->name = talloc_strdup(p->server_id,
- server_address);
- if (p->server_id->name == NULL) {
+ if (local_address != NULL) {
+ p->local_address = tsocket_address_copy(local_address, p);
+ if (p->local_address == NULL) {
TALLOC_FREE(p);
*perrno = ENOMEM;
return -1;
void *private_data);
bool setup_named_pipe_socket(const char *pipe_name,
- struct tevent_context *ev_ctx)
+ struct tevent_context *ev_ctx,
+ struct messaging_context *msg_ctx)
{
struct dcerpc_ncacn_listen_state *state;
struct tevent_fd *fde;
}
state->fd = -1;
+ state->ev_ctx = ev_ctx;
+ state->msg_ctx = msg_ctx;
+
+ /*
+ * As lp_ncalrpc_dir() should have 0755, but
+ * lp_ncalrpc_dir()/np should have 0700, we need to
+ * create lp_ncalrpc_dir() first.
+ */
+ if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0755)) {
+ DEBUG(0, ("Failed to create pipe directory %s - %s\n",
+ lp_ncalrpc_dir(), strerror(errno)));
+ goto out;
+ }
+
np_dir = talloc_asprintf(state, "%s/np", lp_ncalrpc_dir());
if (!np_dir) {
DEBUG(0, ("Out of memory\n"));
return false;
}
-static void named_pipe_accept_function(const char *pipe_name, int fd);
+static void named_pipe_accept_function(struct tevent_context *ev_ctx,
+ struct messaging_context *msg_ctx,
+ const char *pipe_name,
+ int fd);
static void named_pipe_listener(struct tevent_context *ev,
struct tevent_fd *fde,
DEBUG(6, ("Accepted socket %d\n", sd));
- named_pipe_accept_function(state->ep.name, sd);
+ named_pipe_accept_function(state->ev_ctx,
+ state->msg_ctx,
+ state->ep.name,
+ sd);
}
struct named_pipe_client {
const char *pipe_name;
- struct ndr_syntax_id pipe_id;
struct tevent_context *ev;
struct messaging_context *msg_ctx;
char *client_name;
struct tsocket_address *server;
char *server_name;
- struct auth_session_info_transport *session_info;
+
+ struct auth_session_info *session_info;
struct pipes_struct *p;
static void named_pipe_accept_done(struct tevent_req *subreq);
-static void named_pipe_accept_function(const char *pipe_name, int fd)
+static void named_pipe_accept_function(struct tevent_context *ev_ctx,
+ struct messaging_context *msg_ctx,
+ const char *pipe_name,
+ int fd)
{
- struct ndr_syntax_id syntax;
struct named_pipe_client *npc;
struct tstream_context *plain;
struct tevent_req *subreq;
- bool ok;
int ret;
- ok = is_known_pipename(pipe_name, &syntax);
- if (!ok) {
- DEBUG(1, ("Unknown pipe [%s]\n", pipe_name));
- close(fd);
- return;
- }
-
npc = talloc_zero(NULL, struct named_pipe_client);
if (!npc) {
DEBUG(0, ("Out of memory!\n"));
return;
}
npc->pipe_name = pipe_name;
- npc->pipe_id = syntax;
- npc->ev = server_event_context();
- npc->msg_ctx = server_messaging_context();
+ npc->ev = ev_ctx;
+ npc->msg_ctx = msg_ctx;
/* make sure socket is in NON blocking state */
ret = set_blocking(fd, false);
static void named_pipe_accept_done(struct tevent_req *subreq)
{
+ struct auth_session_info_transport *session_info_transport;
struct named_pipe_client *npc =
tevent_req_callback_data(subreq, struct named_pipe_client);
- const char *cli_addr;
int error;
int ret;
&npc->client_name,
&npc->server,
&npc->server_name,
- &npc->session_info);
+ &session_info_transport);
+
+ npc->session_info = talloc_move(npc, &session_info_transport->session_info);
+
TALLOC_FREE(subreq);
if (ret != 0) {
DEBUG(2, ("Failed to accept named pipe connection! (%s)\n",
return;
}
- if (tsocket_address_is_inet(npc->client, "ip")) {
- cli_addr = tsocket_address_inet_addr_string(npc->client,
- subreq);
- if (cli_addr == NULL) {
- TALLOC_FREE(npc);
- return;
- }
- } else {
- cli_addr = "";
- }
-
ret = make_server_pipes_struct(npc,
- npc->pipe_name, npc->pipe_id, NCACN_NP,
- false, cli_addr, NULL, npc->session_info,
+ npc->pipe_name, NCACN_NP,
+ false, npc->server, npc->client, npc->session_info,
&npc->p, &error);
if (ret != 0) {
DEBUG(2, ("Failed to create pipes_struct! (%s)\n",
static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
struct messaging_context *msg_ctx,
- struct ndr_syntax_id syntax_id,
enum dcerpc_transport_t transport,
const char *name,
uint16_t port,
uint16_t setup_dcerpc_ncacn_tcpip_socket(struct tevent_context *ev_ctx,
struct messaging_context *msg_ctx,
- struct ndr_syntax_id syntax_id,
const struct sockaddr_storage *ifss,
uint16_t port)
{
return 0;
}
- state->syntax_id = syntax_id;
state->fd = -1;
state->ep.port = port;
state->disconnect_fn = NULL;
dcerpc_ncacn_accept(state->ev_ctx,
state->msg_ctx,
- state->syntax_id,
NCACN_IP_TCP,
NULL,
state->ep.port,
bool setup_dcerpc_ncalrpc_socket(struct tevent_context *ev_ctx,
struct messaging_context *msg_ctx,
- struct ndr_syntax_id syntax_id,
const char *name,
dcerpc_ncacn_disconnect_fn fn)
{
return false;
}
- state->syntax_id = syntax_id;
state->fd = -1;
state->disconnect_fn = fn;
return false;
}
- if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0700)) {
+ if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0755)) {
DEBUG(0, ("Failed to create pipe directory %s - %s\n",
lp_ncalrpc_dir(), strerror(errno)));
goto out;
}
- state->fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0700);
+ state->fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0755);
if (state->fd == -1) {
DEBUG(0, ("Failed to create pipe socket! [%s/%s]\n",
lp_ncalrpc_dir(), name));
dcerpc_ncacn_accept(state->ev_ctx,
state->msg_ctx,
- state->syntax_id, NCALRPC,
+ NCALRPC,
state->ep.name, 0,
cli_addr, NULL, sd,
state->disconnect_fn);
}
struct dcerpc_ncacn_conn {
- struct ndr_syntax_id syntax_id;
-
enum dcerpc_transport_t transport;
union {
char *client_name;
struct tsocket_address *server;
char *server_name;
- struct auth_session_info_transport *session_info;
+ struct auth_session_info *session_info;
struct iovec *iov;
size_t count;
static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
struct messaging_context *msg_ctx,
- struct ndr_syntax_id syntax_id,
enum dcerpc_transport_t transport,
const char *name,
uint16_t port,
}
ncacn_conn->transport = transport;
- ncacn_conn->syntax_id = syntax_id;
ncacn_conn->ev_ctx = ev_ctx;
ncacn_conn->msg_ctx = msg_ctx;
ncacn_conn->sock = s;
rc = make_server_pipes_struct(ncacn_conn,
pipe_name,
- ncacn_conn->syntax_id,
ncacn_conn->transport,
system_user,
- cli_str,
- srv_str,
+ ncacn_conn->server,
+ ncacn_conn->client,
ncacn_conn->session_info,
&ncacn_conn->p,
&sys_errno);