2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Largely re-written : 2005
6 * Copyright (C) Jeremy Allison 1998 - 2005
7 * Copyright (C) Simo Sorce 2010
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "rpc_server/srv_pipe_internal.h"
26 #include "../libcli/named_pipe_auth/npa_tstream.h"
27 #include "rpc_server/rpc_ncacn_np.h"
28 #include "librpc/gen_ndr/netlogon.h"
29 #include "librpc/gen_ndr/auth.h"
30 #include "../auth/auth_sam_reply.h"
33 #define DBGC_CLASS DBGC_RPC_SRV
35 static int pipes_open;
37 static struct pipes_struct *InternalPipes;
40 * the following prototypes are declared here to avoid
41 * code being moved about too much for a patch to be
42 * disrupted / less obvious.
44 * these functions, and associated functions that they
45 * call, should be moved behind a .so module-loading
46 * system _anyway_. so that's the next step...
49 /****************************************************************************
50 Internal Pipe iterator functions.
51 ****************************************************************************/
53 struct pipes_struct *get_first_internal_pipe(void)
58 struct pipes_struct *get_next_internal_pipe(struct pipes_struct *p)
63 static void free_pipe_rpc_context_internal( PIPE_RPC_FNS *list )
65 PIPE_RPC_FNS *tmp = list;
77 bool check_open_pipes(void)
79 struct pipes_struct *p;
81 for (p = InternalPipes; p != NULL; p = p->next) {
82 if (num_pipe_handles(p) != 0) {
89 /****************************************************************************
91 ****************************************************************************/
93 int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
96 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
100 TALLOC_FREE(p->auth.auth_ctx);
102 free_pipe_rpc_context_internal( p->contexts );
104 /* Free the handles database. */
105 close_policy_by_pipe(p);
107 DLIST_REMOVE(InternalPipes, p);
114 /****************************************************************************
115 Make an internal namedpipes structure
116 ****************************************************************************/
118 struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
119 const struct ndr_syntax_id *syntax,
120 struct client_address *client_id,
121 const struct auth_serversupplied_info *server_info,
122 struct messaging_context *msg_ctx)
124 struct pipes_struct *p;
126 DEBUG(4,("Create pipe requested %s\n",
127 get_pipe_name_from_syntax(talloc_tos(), syntax)));
129 p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
132 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
136 p->mem_ctx = talloc_named(p, 0, "pipe %s %p",
137 get_pipe_name_from_syntax(talloc_tos(),
139 if (p->mem_ctx == NULL) {
140 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
145 if (!init_pipe_handles(p, syntax)) {
146 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
151 p->server_info = copy_serverinfo(p, server_info);
152 if (p->server_info == NULL) {
153 DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
154 close_policy_by_pipe(p);
159 p->msg_ctx = msg_ctx;
161 DLIST_ADD(InternalPipes, p);
163 p->client_id = client_id;
165 p->endian = RPC_LITTLE_ENDIAN;
169 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
170 get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
172 talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
177 static NTSTATUS rpcint_dispatch(struct pipes_struct *p,
180 const DATA_BLOB *in_data,
183 uint32_t num_cmds = rpc_srv_get_pipe_num_cmds(&p->syntax);
184 const struct api_struct *cmds = rpc_srv_get_pipe_cmds(&p->syntax);
191 for (i = 0; i < num_cmds; i++) {
192 if (cmds[i].opnum == opnum && cmds[i].fn != NULL) {
198 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
201 p->in_data.data = *in_data;
202 p->out_data.rdata = data_blob_null;
205 p->in_data.data = data_blob_null;
207 data_blob_free(&p->out_data.rdata);
208 talloc_free_children(p->mem_ctx);
209 return NT_STATUS_RPC_CALL_FAILED;
212 if (p->fault_state) {
213 p->fault_state = false;
214 data_blob_free(&p->out_data.rdata);
215 talloc_free_children(p->mem_ctx);
216 return NT_STATUS_RPC_CALL_FAILED;
219 if (p->bad_handle_fault_state) {
220 p->bad_handle_fault_state = false;
221 data_blob_free(&p->out_data.rdata);
222 talloc_free_children(p->mem_ctx);
223 return NT_STATUS_RPC_SS_CONTEXT_MISMATCH;
226 if (p->rng_fault_state) {
227 p->rng_fault_state = false;
228 data_blob_free(&p->out_data.rdata);
229 talloc_free_children(p->mem_ctx);
230 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
233 *out_data = p->out_data.rdata;
234 talloc_steal(mem_ctx, out_data->data);
235 p->out_data.rdata = data_blob_null;
237 talloc_free_children(p->mem_ctx);
241 struct rpcint_bh_state {
242 struct pipes_struct *p;
245 static bool rpcint_bh_is_connected(struct dcerpc_binding_handle *h)
247 struct rpcint_bh_state *hs = dcerpc_binding_handle_data(h,
248 struct rpcint_bh_state);
257 static uint32_t rpcint_bh_set_timeout(struct dcerpc_binding_handle *h,
260 /* TODO: implement timeouts */
264 struct rpcint_bh_raw_call_state {
270 static struct tevent_req *rpcint_bh_raw_call_send(TALLOC_CTX *mem_ctx,
271 struct tevent_context *ev,
272 struct dcerpc_binding_handle *h,
273 const struct GUID *object,
276 const uint8_t *in_data,
279 struct rpcint_bh_state *hs =
280 dcerpc_binding_handle_data(h,
281 struct rpcint_bh_state);
282 struct tevent_req *req;
283 struct rpcint_bh_raw_call_state *state;
287 req = tevent_req_create(mem_ctx, &state,
288 struct rpcint_bh_raw_call_state);
292 state->in_data.data = discard_const_p(uint8_t, in_data);
293 state->in_data.length = in_length;
295 ok = rpcint_bh_is_connected(h);
297 tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
298 return tevent_req_post(req, ev);
301 /* TODO: allow async */
302 status = rpcint_dispatch(hs->p, state, opnum,
305 if (!NT_STATUS_IS_OK(status)) {
306 tevent_req_nterror(req, status);
307 return tevent_req_post(req, ev);
310 tevent_req_done(req);
311 return tevent_req_post(req, ev);
314 static NTSTATUS rpcint_bh_raw_call_recv(struct tevent_req *req,
320 struct rpcint_bh_raw_call_state *state =
322 struct rpcint_bh_raw_call_state);
325 if (tevent_req_is_nterror(req, &status)) {
326 tevent_req_received(req);
330 *out_data = talloc_move(mem_ctx, &state->out_data.data);
331 *out_length = state->out_data.length;
333 tevent_req_received(req);
337 struct rpcint_bh_disconnect_state {
341 static struct tevent_req *rpcint_bh_disconnect_send(TALLOC_CTX *mem_ctx,
342 struct tevent_context *ev,
343 struct dcerpc_binding_handle *h)
345 struct rpcint_bh_state *hs = dcerpc_binding_handle_data(h,
346 struct rpcint_bh_state);
347 struct tevent_req *req;
348 struct rpcint_bh_disconnect_state *state;
351 req = tevent_req_create(mem_ctx, &state,
352 struct rpcint_bh_disconnect_state);
357 ok = rpcint_bh_is_connected(h);
359 tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
360 return tevent_req_post(req, ev);
364 * TODO: do a real async disconnect ...
366 * For now the caller needs to free pipes_struct
370 tevent_req_done(req);
371 return tevent_req_post(req, ev);
374 static NTSTATUS rpcint_bh_disconnect_recv(struct tevent_req *req)
378 if (tevent_req_is_nterror(req, &status)) {
379 tevent_req_received(req);
383 tevent_req_received(req);
387 static bool rpcint_bh_ref_alloc(struct dcerpc_binding_handle *h)
392 static void rpcint_bh_do_ndr_print(struct dcerpc_binding_handle *h,
394 const void *_struct_ptr,
395 const struct ndr_interface_call *call)
397 void *struct_ptr = discard_const(_struct_ptr);
399 if (DEBUGLEVEL < 11) {
403 if (ndr_flags & NDR_IN) {
404 ndr_print_function_debug(call->ndr_print,
409 if (ndr_flags & NDR_OUT) {
410 ndr_print_function_debug(call->ndr_print,
417 static const struct dcerpc_binding_handle_ops rpcint_bh_ops = {
419 .is_connected = rpcint_bh_is_connected,
420 .set_timeout = rpcint_bh_set_timeout,
421 .raw_call_send = rpcint_bh_raw_call_send,
422 .raw_call_recv = rpcint_bh_raw_call_recv,
423 .disconnect_send = rpcint_bh_disconnect_send,
424 .disconnect_recv = rpcint_bh_disconnect_recv,
426 .ref_alloc = rpcint_bh_ref_alloc,
427 .do_ndr_print = rpcint_bh_do_ndr_print,
430 static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx,
431 const struct ndr_syntax_id *abstract_syntax,
432 const struct ndr_interface_table *ndr_table,
433 struct client_address *client_id,
434 const struct auth_serversupplied_info *server_info,
435 struct messaging_context *msg_ctx,
436 struct dcerpc_binding_handle **binding_handle)
438 struct dcerpc_binding_handle *h;
439 struct rpcint_bh_state *hs;
442 abstract_syntax = &ndr_table->syntax_id;
445 h = dcerpc_binding_handle_create(mem_ctx,
450 struct rpcint_bh_state,
453 return NT_STATUS_NO_MEMORY;
455 hs->p = make_internal_rpc_pipe_p(hs,
462 return NT_STATUS_NO_MEMORY;
469 * @brief Create a new DCERPC Binding Handle which uses a local dispatch function.
471 * @param[in] mem_ctx The memory context to use.
473 * @param[in] ndr_table Normally the ndr_table_<name>.
475 * @param[in] client_id The info about the connected client.
477 * @param[in] serversupplied_info The server supplied authentication function.
479 * @param[in] msg_ctx The messaging context that can be used by the server
481 * @param[out] binding_handle A pointer to store the connected
482 * dcerpc_binding_handle
484 * @return NT_STATUS_OK on success, a corresponding NT status if an
488 * struct dcerpc_binding_handle *winreg_binding;
491 * status = rpcint_binding_handle(tmp_ctx,
499 NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
500 const struct ndr_interface_table *ndr_table,
501 struct client_address *client_id,
502 const struct auth_serversupplied_info *server_info,
503 struct messaging_context *msg_ctx,
504 struct dcerpc_binding_handle **binding_handle)
506 return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, client_id,
507 server_info, msg_ctx, binding_handle);
511 * @brief Create a new RPC client context which uses a local dispatch function.
513 * @param[in] mem_ctx The memory context to use.
515 * @param[in] abstract_syntax Normally the syntax_id of the autogenerated
518 * @param[in] dispatch The corresponding autogenerated dispatch function
519 * rpc_<name>_dispatch.
521 * @param[in] serversupplied_info The server supplied authentication function.
523 * @param[out] presult A pointer to store the connected rpc client pipe.
525 * @return NT_STATUS_OK on success, a corresponding NT status if an
529 * struct rpc_pipe_client *winreg_pipe;
532 * status = rpc_pipe_open_internal(tmp_ctx,
533 * &ndr_table_winreg.syntax_id,
534 * rpc_winreg_dispatch,
539 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
540 const struct ndr_syntax_id *abstract_syntax,
541 const struct auth_serversupplied_info *serversupplied_info,
542 struct client_address *client_id,
543 struct messaging_context *msg_ctx,
544 struct rpc_pipe_client **presult)
546 struct rpc_pipe_client *result;
549 result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
550 if (result == NULL) {
551 return NT_STATUS_NO_MEMORY;
554 result->abstract_syntax = *abstract_syntax;
555 result->transfer_syntax = ndr_transfer_syntax;
557 if (client_id == NULL) {
558 static struct client_address unknown;
559 strlcpy(unknown.addr, "<UNKNOWN>", sizeof(unknown.addr));
560 unknown.name = "<UNKNOWN>";
561 client_id = &unknown;
564 result->max_xmit_frag = -1;
565 result->max_recv_frag = -1;
567 status = rpcint_binding_handle_ex(result,
573 &result->binding_handle);
574 if (!NT_STATUS_IS_OK(status)) {
583 /****************************************************************************
584 * External pipes functions
585 ***************************************************************************/
588 struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
589 const char *pipe_name,
590 const struct tsocket_address *local_address,
591 const struct tsocket_address *remote_address,
592 const struct auth_serversupplied_info *server_info)
594 struct np_proxy_state *result;
596 const char *socket_dir;
597 struct tevent_context *ev;
598 struct tevent_req *subreq;
599 struct auth_session_info_transport *session_info;
600 struct auth_user_info_dc *user_info_dc;
601 union netr_Validation val;
607 result = talloc(mem_ctx, struct np_proxy_state);
608 if (result == NULL) {
609 DEBUG(0, ("talloc failed\n"));
613 result->read_queue = tevent_queue_create(result, "np_read");
614 if (result->read_queue == NULL) {
615 DEBUG(0, ("tevent_queue_create failed\n"));
619 result->write_queue = tevent_queue_create(result, "np_write");
620 if (result->write_queue == NULL) {
621 DEBUG(0, ("tevent_queue_create failed\n"));
625 ev = s3_tevent_context_init(talloc_tos());
627 DEBUG(0, ("s3_tevent_context_init failed\n"));
631 socket_dir = lp_parm_const_string(
632 GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
634 if (socket_dir == NULL) {
635 DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n"));
638 socket_np_dir = talloc_asprintf(talloc_tos(), "%s/np", socket_dir);
639 if (socket_np_dir == NULL) {
640 DEBUG(0, ("talloc_asprintf failed\n"));
644 session_info = talloc_zero(talloc_tos(), struct auth_session_info_transport);
645 if (session_info == NULL) {
646 DEBUG(0, ("talloc failed\n"));
650 /* Send the named_pipe_auth server the user's full token */
651 session_info->security_token = server_info->security_token;
652 session_info->session_key = server_info->user_session_key;
654 val.sam3 = server_info->info3;
656 /* Convert into something we can build a struct
657 * auth_session_info_transport from. Most of the work here
658 * will be to convert the SIDS, which we will then ignore, but
659 * this is the easier way to handle it */
660 status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
661 if (!NT_STATUS_IS_OK(status)) {
662 DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
666 session_info->info = talloc_move(session_info, &user_info_dc->info);
667 talloc_free(user_info_dc);
670 subreq = tstream_npa_connect_send(talloc_tos(), ev,
673 remote_address, /* client_addr */
674 NULL, /* client_name */
675 local_address, /* server_addr */
676 NULL, /* server_name */
678 if (subreq == NULL) {
680 DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
681 "user %s\\%s failed\n",
682 socket_np_dir, pipe_name, session_info->info->domain_name,
683 session_info->info->account_name));
686 ok = tevent_req_poll(subreq, ev);
689 DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
690 "failed for tstream_npa_connect: %s\n",
691 socket_np_dir, pipe_name, session_info->info->domain_name,
692 session_info->info->account_name,
697 ret = tstream_npa_connect_recv(subreq, &sys_errno,
701 &result->device_state,
702 &result->allocation_size);
705 DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and "
706 "user %s\\%s failed: %s\n",
707 socket_np_dir, pipe_name, session_info->info->domain_name,
708 session_info->info->account_name,
709 strerror(sys_errno)));
720 static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx,
721 const char *pipe_name,
722 const struct ndr_syntax_id *abstract_syntax,
723 const struct auth_serversupplied_info *server_info,
724 struct rpc_pipe_client **_result)
726 struct tsocket_address *local, *remote;
727 struct rpc_pipe_client *result = NULL;
728 struct np_proxy_state *proxy_state = NULL;
729 struct pipe_auth_data *auth;
733 /* this is an internal connection, fake up ip addresses */
734 ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
737 return NT_STATUS_NO_MEMORY;
739 ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
742 return NT_STATUS_NO_MEMORY;
745 proxy_state = make_external_rpc_pipe_p(mem_ctx, pipe_name,
746 local, remote, server_info);
748 return NT_STATUS_UNSUCCESSFUL;
751 result = talloc_zero(mem_ctx, struct rpc_pipe_client);
752 if (result == NULL) {
753 status = NT_STATUS_NO_MEMORY;
757 result->abstract_syntax = *abstract_syntax;
758 result->transfer_syntax = ndr_transfer_syntax;
760 result->desthost = get_myname(result);
761 result->srv_name_slash = talloc_asprintf_strupper_m(
762 result, "\\\\%s", result->desthost);
763 if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
764 status = NT_STATUS_NO_MEMORY;
768 result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
769 result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
771 status = rpc_transport_tstream_init(result,
774 if (!NT_STATUS_IS_OK(status)) {
778 result->binding_handle = rpccli_bh_create(result);
779 if (result->binding_handle == NULL) {
780 status = NT_STATUS_NO_MEMORY;
781 DEBUG(0, ("Failed to create binding handle.\n"));
785 result->auth = talloc_zero(result, struct pipe_auth_data);
787 status = NT_STATUS_NO_MEMORY;
790 result->auth->auth_type = DCERPC_AUTH_TYPE_NONE;
791 result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
793 status = rpccli_anon_bind_data(result, &auth);
794 if (!NT_STATUS_IS_OK(status)) {
795 DEBUG(0, ("Failed to initialize anonymous bind.\n"));
799 status = rpc_pipe_bind(result, auth);
800 if (!NT_STATUS_IS_OK(status)) {
801 DEBUG(0, ("Failed to bind external pipe.\n"));
806 if (!NT_STATUS_IS_OK(status)) {
809 TALLOC_FREE(proxy_state);
815 * @brief Create a new RPC client context which uses a local dispatch function.
817 * @param mem_ctx The memory context on which thje pipe will ultimately
819 * @param name The pipe name to connect to.
820 * @param server_info Credentials to use for the connection.
821 * @param pipe [in|out] Checks if a pipe is connected, and connects it
824 * @return NT_STATUS_OK on success, a corresponding NT status if
828 NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
829 const struct ndr_syntax_id *syntax,
830 const struct auth_serversupplied_info *server_info,
831 struct client_address *client_id,
832 struct messaging_context *msg_ctx,
833 struct rpc_pipe_client **cli_pipe)
835 struct rpc_pipe_client *cli = NULL;
836 const char *server_type;
837 const char *pipe_name;
841 if (cli_pipe && rpccli_is_connected(*cli_pipe)) {
844 TALLOC_FREE(*cli_pipe);
847 tmp_ctx = talloc_stackframe();
848 if (tmp_ctx == NULL) {
849 return NT_STATUS_NO_MEMORY;
852 pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax);
853 if (pipe_name == NULL) {
854 status = NT_STATUS_INVALID_PARAMETER;
858 while (pipe_name[0] == '\\') {
862 DEBUG(5, ("Connecting to %s pipe.\n", pipe_name));
864 server_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
865 "rpc_server", pipe_name,
868 if (StrCaseCmp(server_type, "embedded") == 0) {
869 status = rpc_pipe_open_internal(tmp_ctx,
873 if (!NT_STATUS_IS_OK(status)) {
877 /* It would be nice to just use rpc_pipe_open_ncalrpc() but
878 * for now we need to use the special proxy setup to connect
881 status = rpc_pipe_open_external(tmp_ctx,
885 if (!NT_STATUS_IS_OK(status)) {
890 status = NT_STATUS_OK;
892 if (NT_STATUS_IS_OK(status)) {
893 *cli_pipe = talloc_move(mem_ctx, &cli);
895 TALLOC_FREE(tmp_ctx);