2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Largely re-written : 2005
6 * Copyright (C) Jeremy Allison 1998 - 2005
7 * Copyright (C) Simo Sorce 2010
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "rpc_server/srv_pipe_internal.h"
26 #include "../libcli/named_pipe_auth/npa_tstream.h"
27 #include "rpc_server/rpc_ncacn_np.h"
28 #include "librpc/gen_ndr/netlogon.h"
31 #define DBGC_CLASS DBGC_RPC_SRV
33 static int pipes_open;
35 static struct pipes_struct *InternalPipes;
38 * the following prototypes are declared here to avoid
39 * code being moved about too much for a patch to be
40 * disrupted / less obvious.
42 * these functions, and associated functions that they
43 * call, should be moved behind a .so module-loading
44 * system _anyway_. so that's the next step...
47 /****************************************************************************
48 Internal Pipe iterator functions.
49 ****************************************************************************/
51 struct pipes_struct *get_first_internal_pipe(void)
56 struct pipes_struct *get_next_internal_pipe(struct pipes_struct *p)
61 static void free_pipe_rpc_context_internal( PIPE_RPC_FNS *list )
63 PIPE_RPC_FNS *tmp = list;
75 bool check_open_pipes(void)
77 struct pipes_struct *p;
79 for (p = InternalPipes; p != NULL; p = p->next) {
80 if (num_pipe_handles(p) != 0) {
87 /****************************************************************************
89 ****************************************************************************/
91 int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
94 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
98 TALLOC_FREE(p->auth.auth_ctx);
100 free_pipe_rpc_context_internal( p->contexts );
102 /* Free the handles database. */
103 close_policy_by_pipe(p);
105 DLIST_REMOVE(InternalPipes, p);
112 /****************************************************************************
113 Make an internal namedpipes structure
114 ****************************************************************************/
116 struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
117 const struct ndr_syntax_id *syntax,
118 struct client_address *client_id,
119 const struct auth_serversupplied_info *server_info,
120 struct messaging_context *msg_ctx)
122 struct pipes_struct *p;
124 DEBUG(4,("Create pipe requested %s\n",
125 get_pipe_name_from_syntax(talloc_tos(), syntax)));
127 p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
130 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
134 p->mem_ctx = talloc_named(p, 0, "pipe %s %p",
135 get_pipe_name_from_syntax(talloc_tos(),
137 if (p->mem_ctx == NULL) {
138 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
143 if (!init_pipe_handles(p, syntax)) {
144 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
149 p->server_info = copy_serverinfo(p, server_info);
150 if (p->server_info == NULL) {
151 DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
152 close_policy_by_pipe(p);
157 p->msg_ctx = msg_ctx;
159 DLIST_ADD(InternalPipes, p);
161 p->client_id = client_id;
163 p->endian = RPC_LITTLE_ENDIAN;
167 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
168 get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
170 talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
175 static NTSTATUS rpcint_dispatch(struct pipes_struct *p,
178 const DATA_BLOB *in_data,
181 uint32_t num_cmds = rpc_srv_get_pipe_num_cmds(&p->syntax);
182 const struct api_struct *cmds = rpc_srv_get_pipe_cmds(&p->syntax);
189 for (i = 0; i < num_cmds; i++) {
190 if (cmds[i].opnum == opnum && cmds[i].fn != NULL) {
196 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
199 p->in_data.data = *in_data;
200 p->out_data.rdata = data_blob_null;
203 p->in_data.data = data_blob_null;
205 data_blob_free(&p->out_data.rdata);
206 talloc_free_children(p->mem_ctx);
207 return NT_STATUS_RPC_CALL_FAILED;
210 if (p->fault_state) {
211 p->fault_state = false;
212 data_blob_free(&p->out_data.rdata);
213 talloc_free_children(p->mem_ctx);
214 return NT_STATUS_RPC_CALL_FAILED;
217 if (p->bad_handle_fault_state) {
218 p->bad_handle_fault_state = false;
219 data_blob_free(&p->out_data.rdata);
220 talloc_free_children(p->mem_ctx);
221 return NT_STATUS_RPC_SS_CONTEXT_MISMATCH;
224 if (p->rng_fault_state) {
225 p->rng_fault_state = false;
226 data_blob_free(&p->out_data.rdata);
227 talloc_free_children(p->mem_ctx);
228 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
231 *out_data = p->out_data.rdata;
232 talloc_steal(mem_ctx, out_data->data);
233 p->out_data.rdata = data_blob_null;
235 talloc_free_children(p->mem_ctx);
239 struct rpcint_bh_state {
240 struct pipes_struct *p;
243 static bool rpcint_bh_is_connected(struct dcerpc_binding_handle *h)
245 struct rpcint_bh_state *hs = dcerpc_binding_handle_data(h,
246 struct rpcint_bh_state);
255 static uint32_t rpcint_bh_set_timeout(struct dcerpc_binding_handle *h,
258 /* TODO: implement timeouts */
262 struct rpcint_bh_raw_call_state {
268 static struct tevent_req *rpcint_bh_raw_call_send(TALLOC_CTX *mem_ctx,
269 struct tevent_context *ev,
270 struct dcerpc_binding_handle *h,
271 const struct GUID *object,
274 const uint8_t *in_data,
277 struct rpcint_bh_state *hs =
278 dcerpc_binding_handle_data(h,
279 struct rpcint_bh_state);
280 struct tevent_req *req;
281 struct rpcint_bh_raw_call_state *state;
285 req = tevent_req_create(mem_ctx, &state,
286 struct rpcint_bh_raw_call_state);
290 state->in_data.data = discard_const_p(uint8_t, in_data);
291 state->in_data.length = in_length;
293 ok = rpcint_bh_is_connected(h);
295 tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
296 return tevent_req_post(req, ev);
299 /* TODO: allow async */
300 status = rpcint_dispatch(hs->p, state, opnum,
303 if (!NT_STATUS_IS_OK(status)) {
304 tevent_req_nterror(req, status);
305 return tevent_req_post(req, ev);
308 tevent_req_done(req);
309 return tevent_req_post(req, ev);
312 static NTSTATUS rpcint_bh_raw_call_recv(struct tevent_req *req,
318 struct rpcint_bh_raw_call_state *state =
320 struct rpcint_bh_raw_call_state);
323 if (tevent_req_is_nterror(req, &status)) {
324 tevent_req_received(req);
328 *out_data = talloc_move(mem_ctx, &state->out_data.data);
329 *out_length = state->out_data.length;
331 tevent_req_received(req);
335 struct rpcint_bh_disconnect_state {
339 static struct tevent_req *rpcint_bh_disconnect_send(TALLOC_CTX *mem_ctx,
340 struct tevent_context *ev,
341 struct dcerpc_binding_handle *h)
343 struct rpcint_bh_state *hs = dcerpc_binding_handle_data(h,
344 struct rpcint_bh_state);
345 struct tevent_req *req;
346 struct rpcint_bh_disconnect_state *state;
349 req = tevent_req_create(mem_ctx, &state,
350 struct rpcint_bh_disconnect_state);
355 ok = rpcint_bh_is_connected(h);
357 tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
358 return tevent_req_post(req, ev);
362 * TODO: do a real async disconnect ...
364 * For now the caller needs to free pipes_struct
368 tevent_req_done(req);
369 return tevent_req_post(req, ev);
372 static NTSTATUS rpcint_bh_disconnect_recv(struct tevent_req *req)
376 if (tevent_req_is_nterror(req, &status)) {
377 tevent_req_received(req);
381 tevent_req_received(req);
385 static bool rpcint_bh_ref_alloc(struct dcerpc_binding_handle *h)
390 static void rpcint_bh_do_ndr_print(struct dcerpc_binding_handle *h,
392 const void *_struct_ptr,
393 const struct ndr_interface_call *call)
395 void *struct_ptr = discard_const(_struct_ptr);
397 if (DEBUGLEVEL < 11) {
401 if (ndr_flags & NDR_IN) {
402 ndr_print_function_debug(call->ndr_print,
407 if (ndr_flags & NDR_OUT) {
408 ndr_print_function_debug(call->ndr_print,
415 static const struct dcerpc_binding_handle_ops rpcint_bh_ops = {
417 .is_connected = rpcint_bh_is_connected,
418 .set_timeout = rpcint_bh_set_timeout,
419 .raw_call_send = rpcint_bh_raw_call_send,
420 .raw_call_recv = rpcint_bh_raw_call_recv,
421 .disconnect_send = rpcint_bh_disconnect_send,
422 .disconnect_recv = rpcint_bh_disconnect_recv,
424 .ref_alloc = rpcint_bh_ref_alloc,
425 .do_ndr_print = rpcint_bh_do_ndr_print,
428 static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx,
429 const struct ndr_syntax_id *abstract_syntax,
430 const struct ndr_interface_table *ndr_table,
431 struct client_address *client_id,
432 const struct auth_serversupplied_info *server_info,
433 struct messaging_context *msg_ctx,
434 struct dcerpc_binding_handle **binding_handle)
436 struct dcerpc_binding_handle *h;
437 struct rpcint_bh_state *hs;
440 abstract_syntax = &ndr_table->syntax_id;
443 h = dcerpc_binding_handle_create(mem_ctx,
448 struct rpcint_bh_state,
451 return NT_STATUS_NO_MEMORY;
453 hs->p = make_internal_rpc_pipe_p(hs,
460 return NT_STATUS_NO_MEMORY;
467 * @brief Create a new DCERPC Binding Handle which uses a local dispatch function.
469 * @param[in] mem_ctx The memory context to use.
471 * @param[in] ndr_table Normally the ndr_table_<name>.
473 * @param[in] client_id The info about the connected client.
475 * @param[in] serversupplied_info The server supplied authentication function.
477 * @param[in] msg_ctx The messaging context that can be used by the server
479 * @param[out] binding_handle A pointer to store the connected
480 * dcerpc_binding_handle
482 * @return NT_STATUS_OK on success, a corresponding NT status if an
486 * struct dcerpc_binding_handle *winreg_binding;
489 * status = rpcint_binding_handle(tmp_ctx,
497 NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
498 const struct ndr_interface_table *ndr_table,
499 struct client_address *client_id,
500 const struct auth_serversupplied_info *server_info,
501 struct messaging_context *msg_ctx,
502 struct dcerpc_binding_handle **binding_handle)
504 return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, client_id,
505 server_info, msg_ctx, binding_handle);
509 * @brief Create a new RPC client context which uses a local dispatch function.
511 * @param[in] mem_ctx The memory context to use.
513 * @param[in] abstract_syntax Normally the syntax_id of the autogenerated
516 * @param[in] dispatch The corresponding autogenerated dispatch function
517 * rpc_<name>_dispatch.
519 * @param[in] serversupplied_info The server supplied authentication function.
521 * @param[out] presult A pointer to store the connected rpc client pipe.
523 * @return NT_STATUS_OK on success, a corresponding NT status if an
527 * struct rpc_pipe_client *winreg_pipe;
530 * status = rpc_pipe_open_internal(tmp_ctx,
531 * &ndr_table_winreg.syntax_id,
532 * rpc_winreg_dispatch,
537 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
538 const struct ndr_syntax_id *abstract_syntax,
539 const struct auth_serversupplied_info *serversupplied_info,
540 struct client_address *client_id,
541 struct messaging_context *msg_ctx,
542 struct rpc_pipe_client **presult)
544 struct rpc_pipe_client *result;
547 result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
548 if (result == NULL) {
549 return NT_STATUS_NO_MEMORY;
552 result->abstract_syntax = *abstract_syntax;
553 result->transfer_syntax = ndr_transfer_syntax;
555 if (client_id == NULL) {
556 static struct client_address unknown;
557 strlcpy(unknown.addr, "<UNKNOWN>", sizeof(unknown.addr));
558 unknown.name = "<UNKNOWN>";
559 client_id = &unknown;
562 result->max_xmit_frag = -1;
563 result->max_recv_frag = -1;
565 status = rpcint_binding_handle_ex(result,
571 &result->binding_handle);
572 if (!NT_STATUS_IS_OK(status)) {
581 /****************************************************************************
582 * External pipes functions
583 ***************************************************************************/
586 struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
587 const char *pipe_name,
588 const struct tsocket_address *local_address,
589 const struct tsocket_address *remote_address,
590 const struct auth_serversupplied_info *server_info)
592 struct np_proxy_state *result;
594 const char *socket_dir;
595 struct tevent_context *ev;
596 struct tevent_req *subreq;
597 struct netr_SamInfo3 *info3;
603 result = talloc(mem_ctx, struct np_proxy_state);
604 if (result == NULL) {
605 DEBUG(0, ("talloc failed\n"));
609 result->read_queue = tevent_queue_create(result, "np_read");
610 if (result->read_queue == NULL) {
611 DEBUG(0, ("tevent_queue_create failed\n"));
615 result->write_queue = tevent_queue_create(result, "np_write");
616 if (result->write_queue == NULL) {
617 DEBUG(0, ("tevent_queue_create failed\n"));
621 ev = s3_tevent_context_init(talloc_tos());
623 DEBUG(0, ("s3_tevent_context_init failed\n"));
627 socket_dir = lp_parm_const_string(
628 GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
630 if (socket_dir == NULL) {
631 DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n"));
634 socket_np_dir = talloc_asprintf(talloc_tos(), "%s/np", socket_dir);
635 if (socket_np_dir == NULL) {
636 DEBUG(0, ("talloc_asprintf failed\n"));
640 info3 = talloc_zero(talloc_tos(), struct netr_SamInfo3);
642 DEBUG(0, ("talloc failed\n"));
646 status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
647 if (!NT_STATUS_IS_OK(status)) {
649 DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
655 subreq = tstream_npa_connect_send(talloc_tos(), ev,
658 remote_address, /* client_addr */
659 NULL, /* client_name */
660 local_address, /* server_addr */
661 NULL, /* server_name */
663 server_info->user_session_key,
664 data_blob_null /* delegated_creds */);
665 if (subreq == NULL) {
667 DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
668 "user %s\\%s failed\n",
669 socket_np_dir, pipe_name, info3->base.domain.string,
670 info3->base.account_name.string));
673 ok = tevent_req_poll(subreq, ev);
676 DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
677 "failed for tstream_npa_connect: %s\n",
678 socket_np_dir, pipe_name, info3->base.domain.string,
679 info3->base.account_name.string,
684 ret = tstream_npa_connect_recv(subreq, &sys_errno,
688 &result->device_state,
689 &result->allocation_size);
692 DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and "
693 "user %s\\%s failed: %s\n",
694 socket_np_dir, pipe_name, info3->base.domain.string,
695 info3->base.account_name.string,
696 strerror(sys_errno)));
707 static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx,
708 const char *pipe_name,
709 const struct ndr_syntax_id *abstract_syntax,
710 const struct auth_serversupplied_info *server_info,
711 struct rpc_pipe_client **_result)
713 struct tsocket_address *local, *remote;
714 struct rpc_pipe_client *result = NULL;
715 struct np_proxy_state *proxy_state = NULL;
716 struct pipe_auth_data *auth;
720 /* this is an internal connection, fake up ip addresses */
721 ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
724 return NT_STATUS_NO_MEMORY;
726 ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
729 return NT_STATUS_NO_MEMORY;
732 proxy_state = make_external_rpc_pipe_p(mem_ctx, pipe_name,
733 local, remote, server_info);
735 return NT_STATUS_UNSUCCESSFUL;
738 result = talloc_zero(mem_ctx, struct rpc_pipe_client);
739 if (result == NULL) {
740 status = NT_STATUS_NO_MEMORY;
744 result->abstract_syntax = *abstract_syntax;
745 result->transfer_syntax = ndr_transfer_syntax;
747 result->desthost = get_myname(result);
748 result->srv_name_slash = talloc_asprintf_strupper_m(
749 result, "\\\\%s", result->desthost);
750 if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
751 status = NT_STATUS_NO_MEMORY;
755 result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
756 result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
758 status = rpc_transport_tstream_init(result,
760 proxy_state->read_queue,
761 proxy_state->write_queue,
763 if (!NT_STATUS_IS_OK(status)) {
767 result->auth = talloc_zero(result, struct pipe_auth_data);
769 status = NT_STATUS_NO_MEMORY;
772 result->auth->auth_type = DCERPC_AUTH_TYPE_NONE;
773 result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
775 status = rpccli_anon_bind_data(result, &auth);
776 if (!NT_STATUS_IS_OK(status)) {
777 DEBUG(0, ("Failed to initialize anonymous bind.\n"));
781 status = rpc_pipe_bind(result, auth);
782 if (!NT_STATUS_IS_OK(status)) {
783 DEBUG(0, ("Failed to bind spoolss pipe.\n"));
787 if (!NT_STATUS_IS_OK(status)) {
790 TALLOC_FREE(proxy_state);
796 * @brief Create a new RPC client context which uses a local dispatch function.
798 * @param mem_ctx The memory context on which thje pipe will ultimately
800 * @param name The pipe name to connect to.
801 * @param server_info Credentials to use for the connection.
802 * @param pipe [in|out] Checks if a pipe is connected, and connects it
805 * @return NT_STATUS_OK on success, a corresponding NT status if
809 NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
810 const struct ndr_syntax_id *syntax,
811 const struct auth_serversupplied_info *server_info,
812 struct client_address *client_id,
813 struct messaging_context *msg_ctx,
814 struct rpc_pipe_client **cli_pipe)
816 struct rpc_pipe_client *cli = NULL;
817 const char *server_type;
818 const char *pipe_name;
822 if (cli_pipe && rpccli_is_connected(*cli_pipe)) {
825 TALLOC_FREE(*cli_pipe);
828 tmp_ctx = talloc_stackframe();
829 if (tmp_ctx == NULL) {
830 return NT_STATUS_NO_MEMORY;
833 pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax);
834 if (pipe_name == NULL) {
835 status = NT_STATUS_INVALID_PARAMETER;
839 DEBUG(10, ("Connecting to %s pipe.\n", pipe_name));
841 server_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
842 "rpc_server", pipe_name,
844 if (StrCaseCmp(server_type, "embedded") == 0) {
845 status = rpc_pipe_open_internal(tmp_ctx,
849 if (!NT_STATUS_IS_OK(status)) {
853 /* It would be nice to just use rpc_pipe_open_ncalrpc() but
854 * for now we need to use the special proxy setup to connect
857 status = rpc_pipe_open_external(tmp_ctx,
861 if (!NT_STATUS_IS_OK(status)) {
866 status = NT_STATUS_OK;
868 if (NT_STATUS_IS_OK(status)) {
869 *cli_pipe = talloc_move(mem_ctx, &cli);
871 TALLOC_FREE(tmp_ctx);