s4:rpc_server: remove unused dcesrv_inherited_session_key()
[samba.git] / source4 / rpc_server / dcerpc_server.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    server side dcerpc core code
5
6    Copyright (C) Andrew Tridgell 2003-2005
7    Copyright (C) Stefan (metze) Metzmacher 2004-2005
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "auth/auth.h"
25 #include "auth/gensec/gensec.h"
26 #include "../lib/util/dlinklist.h"
27 #include "rpc_server/dcerpc_server.h"
28 #include "rpc_server/dcerpc_server_proto.h"
29 #include "rpc_server/common/proto.h"
30 #include "librpc/rpc/dcerpc_proto.h"
31 #include "system/filesys.h"
32 #include "libcli/security/security.h"
33 #include "param/param.h"
34 #include "../lib/tsocket/tsocket.h"
35 #include "../libcli/named_pipe_auth/npa_tstream.h"
36 #include "smbd/service_stream.h"
37 #include "../lib/tsocket/tsocket.h"
38 #include "lib/socket/socket.h"
39 #include "smbd/process_model.h"
40 #include "lib/messaging/irpc.h"
41 #include "librpc/rpc/rpc_common.h"
42 #include "lib/util/samba_modules.h"
43 #include "librpc/gen_ndr/ndr_dcerpc.h"
44 #include "../lib/util/tevent_ntstatus.h"
45
46 static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
47                                 const struct dcerpc_bind *b,
48                                 struct dcerpc_ack_ctx *ack_ctx_list);
49
50 /*
51   find an association group given a assoc_group_id
52  */
53 static struct dcesrv_assoc_group *dcesrv_assoc_group_find(struct dcesrv_context *dce_ctx,
54                                                           uint32_t id)
55 {
56         void *id_ptr;
57
58         id_ptr = idr_find(dce_ctx->assoc_groups_idr, id);
59         if (id_ptr == NULL) {
60                 return NULL;
61         }
62         return talloc_get_type_abort(id_ptr, struct dcesrv_assoc_group);
63 }
64
65 /*
66   take a reference to an existing association group
67  */
68 static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(TALLOC_CTX *mem_ctx,
69                                                                struct dcesrv_context *dce_ctx,
70                                                                uint32_t id)
71 {
72         struct dcesrv_assoc_group *assoc_group;
73
74         assoc_group = dcesrv_assoc_group_find(dce_ctx, id);
75         if (assoc_group == NULL) {
76                 DEBUG(2,(__location__ ": Failed to find assoc_group 0x%08x\n", id));
77                 return NULL;
78         }
79         return talloc_reference(mem_ctx, assoc_group);
80 }
81
82 static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group)
83 {
84         int ret;
85         ret = idr_remove(assoc_group->dce_ctx->assoc_groups_idr, assoc_group->id);
86         if (ret != 0) {
87                 DEBUG(0,(__location__ ": Failed to remove assoc_group 0x%08x\n",
88                          assoc_group->id));
89         }
90         return 0;
91 }
92
93 /*
94   allocate a new association group
95  */
96 static struct dcesrv_assoc_group *dcesrv_assoc_group_new(TALLOC_CTX *mem_ctx,
97                                                          struct dcesrv_context *dce_ctx)
98 {
99         struct dcesrv_assoc_group *assoc_group;
100         int id;
101
102         assoc_group = talloc_zero(mem_ctx, struct dcesrv_assoc_group);
103         if (assoc_group == NULL) {
104                 return NULL;
105         }
106         
107         id = idr_get_new_random(dce_ctx->assoc_groups_idr, assoc_group, UINT16_MAX);
108         if (id == -1) {
109                 talloc_free(assoc_group);
110                 DEBUG(0,(__location__ ": Out of association groups!\n"));
111                 return NULL;
112         }
113
114         assoc_group->id = id;
115         assoc_group->dce_ctx = dce_ctx;
116
117         talloc_set_destructor(assoc_group, dcesrv_assoc_group_destructor);
118
119         return assoc_group;
120 }
121
122
123 /*
124   see if two endpoints match
125 */
126 static bool endpoints_match(const struct dcerpc_binding *ep1,
127                             const struct dcerpc_binding *ep2)
128 {
129         enum dcerpc_transport_t t1;
130         enum dcerpc_transport_t t2;
131         const char *e1;
132         const char *e2;
133
134         t1 = dcerpc_binding_get_transport(ep1);
135         t2 = dcerpc_binding_get_transport(ep2);
136
137         e1 = dcerpc_binding_get_string_option(ep1, "endpoint");
138         e2 = dcerpc_binding_get_string_option(ep2, "endpoint");
139
140         if (t1 != t2) {
141                 return false;
142         }
143
144         if (!e1 || !e2) {
145                 return e1 == e2;
146         }
147
148         if (strcasecmp(e1, e2) != 0) {
149                 return false;
150         }
151
152         return true;
153 }
154
155 /*
156   find an endpoint in the dcesrv_context
157 */
158 static struct dcesrv_endpoint *find_endpoint(struct dcesrv_context *dce_ctx,
159                                              const struct dcerpc_binding *ep_description)
160 {
161         struct dcesrv_endpoint *ep;
162         for (ep=dce_ctx->endpoint_list; ep; ep=ep->next) {
163                 if (endpoints_match(ep->ep_description, ep_description)) {
164                         return ep;
165                 }
166         }
167         return NULL;
168 }
169
170 /*
171   find a registered context_id from a bind or alter_context
172 */
173 static struct dcesrv_connection_context *dcesrv_find_context(struct dcesrv_connection *conn, 
174                                                              uint16_t context_id)
175 {
176         struct dcesrv_connection_context *c;
177         for (c=conn->contexts;c;c=c->next) {
178                 if (c->context_id == context_id) return c;
179         }
180         return NULL;
181 }
182
183 /*
184   see if a uuid and if_version match to an interface
185 */
186 static bool interface_match(const struct dcesrv_interface *if1,
187                                                         const struct dcesrv_interface *if2)
188 {
189         return (if1->syntax_id.if_version == if2->syntax_id.if_version && 
190                         GUID_equal(&if1->syntax_id.uuid, &if2->syntax_id.uuid));
191 }
192
193 /*
194   find the interface operations on any endpoint with this binding
195 */
196 static const struct dcesrv_interface *find_interface_by_binding(struct dcesrv_context *dce_ctx,
197                                                                 struct dcerpc_binding *binding,
198                                                                 const struct dcesrv_interface *iface)
199 {
200         struct dcesrv_endpoint *ep;
201         for (ep=dce_ctx->endpoint_list; ep; ep=ep->next) {
202                 if (endpoints_match(ep->ep_description, binding)) {
203                         struct dcesrv_if_list *ifl;
204                         for (ifl=ep->interface_list; ifl; ifl=ifl->next) {
205                                 if (interface_match(&(ifl->iface), iface)) {
206                                         return &(ifl->iface);
207                                 }
208                         }
209                 }
210         }
211         return NULL;
212 }
213
214 /*
215   see if a uuid and if_version match to an interface
216 */
217 static bool interface_match_by_uuid(const struct dcesrv_interface *iface,
218                                     const struct GUID *uuid, uint32_t if_version)
219 {
220         return (iface->syntax_id.if_version == if_version && 
221                         GUID_equal(&iface->syntax_id.uuid, uuid));
222 }
223
224 /*
225   find the interface operations on an endpoint by uuid
226 */
227 const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoint *endpoint,
228                                                       const struct GUID *uuid, uint32_t if_version)
229 {
230         struct dcesrv_if_list *ifl;
231         for (ifl=endpoint->interface_list; ifl; ifl=ifl->next) {
232                 if (interface_match_by_uuid(&(ifl->iface), uuid, if_version)) {
233                         return &(ifl->iface);
234                 }
235         }
236         return NULL;
237 }
238
239 /*
240   find the earlier parts of a fragmented call awaiting reassembily
241 */
242 static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint32_t call_id)
243 {
244         struct dcesrv_call_state *c;
245         for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) {
246                 if (c->pkt.call_id == call_id) {
247                         return c;
248                 }
249         }
250         return NULL;
251 }
252
253 /*
254   register an interface on an endpoint
255
256   An endpoint is one unix domain socket (for ncalrpc), one TCP port
257   (for ncacn_ip_tcp) or one (forwarded) named pipe (for ncacn_np).
258
259   Each endpoint can have many interfaces such as netlogon, lsa or
260   samr.  Some have essentially the full set.
261
262   This is driven from the set of interfaces listed in each IDL file
263   via the PIDL generated *__op_init_server() functions.
264 */
265 _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
266                                    const char *ep_name,
267                                    const struct dcesrv_interface *iface,
268                                    const struct security_descriptor *sd)
269 {
270         struct dcesrv_endpoint *ep;
271         struct dcesrv_if_list *ifl;
272         struct dcerpc_binding *binding;
273         bool add_ep = false;
274         NTSTATUS status;
275         enum dcerpc_transport_t transport;
276         char *ep_string = NULL;
277         bool use_single_process = true;
278         const char *ep_process_string;
279
280         /*
281          * If we are not using handles, there is no need for force
282          * this service into using a single process.
283          *
284          * However, due to the way we listen for RPC packets, we can
285          * only do this if we have a single service per pipe or TCP
286          * port, so we still force a single combined process for
287          * ncalrpc.
288          */
289         if (iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) {
290                 use_single_process = false;
291         }
292
293         status = dcerpc_parse_binding(dce_ctx, ep_name, &binding);
294
295         if (NT_STATUS_IS_ERR(status)) {
296                 DEBUG(0, ("Trouble parsing binding string '%s'\n", ep_name));
297                 return status;
298         }
299
300         transport = dcerpc_binding_get_transport(binding);
301         if (transport == NCACN_IP_TCP) {
302                 int port;
303                 char port_str[6];
304
305                 /* 
306                  * First check if there is already a port specified, eg
307                  * for epmapper on ncacn_ip_tcp:[135]
308                  */
309                 const char *endpoint
310                         = dcerpc_binding_get_string_option(binding,
311                                                            "endpoint");
312                 if (endpoint == NULL) {
313                         port = lpcfg_parm_int(dce_ctx->lp_ctx, NULL,
314                                               "rpc server port", iface->name, 0);
315                         
316                         /*
317                          * For RPC services that are not set to use a single
318                          * process, we do not default to using the 'rpc server
319                          * port' because that would cause a double-bind on
320                          * that port.
321                          */
322                         if (port == 0 && !use_single_process) {
323                                 port = lpcfg_rpc_server_port(dce_ctx->lp_ctx);
324                         }
325                         if (port != 0) {
326                                 snprintf(port_str, sizeof(port_str), "%u", port);
327                                 status = dcerpc_binding_set_string_option(binding,
328                                                                           "endpoint",
329                                                                           port_str);
330                                 if (!NT_STATUS_IS_OK(status)) {
331                                         return status;
332                                 }
333                         }
334                 }
335         }
336
337         /* see if the interface is already registered on the endpoint */
338         if (find_interface_by_binding(dce_ctx, binding, iface)!=NULL) {
339                 DEBUG(0,("dcesrv_interface_register: interface '%s' already registered on endpoint '%s'\n",
340                          iface->name, ep_name));
341                 return NT_STATUS_OBJECT_NAME_COLLISION;
342         }
343
344         /* check if this endpoint exists
345          */
346         ep = find_endpoint(dce_ctx, binding);
347
348         if (ep != NULL) {
349                 /*
350                  * We want a new port on ncacn_ip_tcp for NETLOGON, so
351                  * it can be multi-process.  Other processes can also
352                  * listen on distinct ports, if they have one forced
353                  * in the code above with eg 'rpc server port:drsuapi = 1027'
354                  *
355                  * If we have mulitiple endpoints on port 0, they each
356                  * get an epemeral port (currently by walking up from
357                  * 1024).
358                  *
359                  * Because one endpoint can only have one process
360                  * model, we add a new IP_TCP endpoint for each model.
361                  *
362                  * This works in conjunction with the forced overwrite
363                  * of ep->use_single_process below.
364                  */
365                 if (ep->use_single_process != use_single_process
366                     && transport == NCACN_IP_TCP) {
367                         add_ep = true;
368                 }
369         }
370
371         if (ep == NULL || add_ep) {
372                 ep = talloc_zero(dce_ctx, struct dcesrv_endpoint);
373                 if (!ep) {
374                         return NT_STATUS_NO_MEMORY;
375                 }
376                 ZERO_STRUCTP(ep);
377                 ep->ep_description = talloc_move(ep, &binding);
378                 add_ep = true;
379
380                 /* add mgmt interface */
381                 ifl = talloc_zero(ep, struct dcesrv_if_list);
382                 if (!ifl) {
383                         return NT_STATUS_NO_MEMORY;
384                 }
385
386                 ifl->iface = dcesrv_get_mgmt_interface();
387
388                 DLIST_ADD(ep->interface_list, ifl);
389         }
390
391         /*
392          * By default don't force into a single process, but if any
393          * interface on this endpoint on this service uses handles
394          * (most do), then we must force into single process mode
395          *
396          * By overwriting this each time a new interface is added to
397          * this endpoint, we end up with the most restrictive setting.
398          */
399         if (use_single_process) {
400                 ep->use_single_process = true;
401         }
402
403         /* talloc a new interface list element */
404         ifl = talloc_zero(ep, struct dcesrv_if_list);
405         if (!ifl) {
406                 return NT_STATUS_NO_MEMORY;
407         }
408
409         /* copy the given interface struct to the one on the endpoints interface list */
410         memcpy(&(ifl->iface),iface, sizeof(struct dcesrv_interface));
411
412         /* if we have a security descriptor given,
413          * we should see if we can set it up on the endpoint
414          */
415         if (sd != NULL) {
416                 /* if there's currently no security descriptor given on the endpoint
417                  * we try to set it
418                  */
419                 if (ep->sd == NULL) {
420                         ep->sd = security_descriptor_copy(ep, sd);
421                 }
422
423                 /* if now there's no security descriptor given on the endpoint
424                  * something goes wrong, either we failed to copy the security descriptor
425                  * or there was already one on the endpoint
426                  */
427                 if (ep->sd != NULL) {
428                         DEBUG(0,("dcesrv_interface_register: interface '%s' failed to setup a security descriptor\n"
429                                  "                           on endpoint '%s'\n",
430                                 iface->name, ep_name));
431                         if (add_ep) free(ep);
432                         free(ifl);
433                         return NT_STATUS_OBJECT_NAME_COLLISION;
434                 }
435         }
436
437         /* finally add the interface on the endpoint */
438         DLIST_ADD(ep->interface_list, ifl);
439
440         /* if it's a new endpoint add it to the dcesrv_context */
441         if (add_ep) {
442                 DLIST_ADD(dce_ctx->endpoint_list, ep);
443         }
444
445         /* Re-get the string as we may have set a port */
446         ep_string = dcerpc_binding_string(dce_ctx, ep->ep_description);
447
448         if (use_single_process) {
449                 ep_process_string = "single process required";
450         } else {
451                 ep_process_string = "multi process compatible";
452         }
453
454         DBG_INFO("dcesrv_interface_register: interface '%s' "
455                  "registered on endpoint '%s' (%s)\n",
456                  iface->name, ep_string, ep_process_string);
457         TALLOC_FREE(ep_string);
458
459         return NT_STATUS_OK;
460 }
461
462 static NTSTATUS dcesrv_session_info_session_key(struct dcesrv_auth *auth,
463                                                 DATA_BLOB *session_key)
464 {
465         if (auth->session_info == NULL) {
466                 return NT_STATUS_NO_USER_SESSION_KEY;
467         }
468
469         if (auth->session_info->session_key.length == 0) {
470                 return NT_STATUS_NO_USER_SESSION_KEY;
471         }
472
473         *session_key = auth->session_info->session_key;
474         return NT_STATUS_OK;
475 }
476
477 static NTSTATUS dcesrv_remote_session_key(struct dcesrv_auth *auth,
478                                           DATA_BLOB *session_key)
479 {
480         if (auth->auth_type != DCERPC_AUTH_TYPE_NONE) {
481                 return NT_STATUS_NO_USER_SESSION_KEY;
482         }
483
484         return dcesrv_session_info_session_key(auth, session_key);
485 }
486
487 static NTSTATUS dcesrv_local_fixed_session_key(struct dcesrv_auth *auth,
488                                                DATA_BLOB *session_key)
489 {
490         return dcerpc_generic_session_key(NULL, session_key);
491 }
492
493 /*
494  * Fetch the authentication session key if available.
495  *
496  * This is the key generated by a gensec authentication.
497  *
498  */
499 _PUBLIC_ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
500                                           DATA_BLOB *session_key)
501 {
502         struct dcesrv_auth *auth = &call->conn->auth_state;
503
504         return dcesrv_session_info_session_key(auth, session_key);
505 }
506
507 /*
508   fetch the user session key - may be default (above) or the SMB session key
509
510   The key is always truncated to 16 bytes 
511 */
512 _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p,
513                                   DATA_BLOB *session_key)
514 {
515         struct dcesrv_auth *auth = &p->auth_state;
516         NTSTATUS status;
517
518         if (auth->session_key_fn == NULL) {
519                 return NT_STATUS_NO_USER_SESSION_KEY;
520         }
521
522         status = auth->session_key_fn(auth, session_key);
523         if (!NT_STATUS_IS_OK(status)) {
524                 return status;
525         }
526
527         session_key->length = MIN(session_key->length, 16);
528
529         return NT_STATUS_OK;
530 }
531
532 /*
533  * Fetch the transport session key if available.
534  * Typically this is the SMB session key
535  * or a fixed key for local transports.
536  *
537  * The key is always truncated to 16 bytes.
538 */
539 _PUBLIC_ NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
540                                                DATA_BLOB *session_key)
541 {
542         return dcesrv_fetch_session_key(call->conn, session_key);
543 }
544
545 /*
546   connect to a dcerpc endpoint
547 */
548 static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
549                                  TALLOC_CTX *mem_ctx,
550                                  const struct dcesrv_endpoint *ep,
551                                  struct auth_session_info *session_info,
552                                  struct tevent_context *event_ctx,
553                                  struct imessaging_context *msg_ctx,
554                                  struct server_id server_id,
555                                  uint32_t state_flags,
556                                  struct dcesrv_connection **_p)
557 {
558         enum dcerpc_transport_t transport =
559                 dcerpc_binding_get_transport(ep->ep_description);
560         struct dcesrv_connection *p;
561
562         if (!session_info) {
563                 return NT_STATUS_ACCESS_DENIED;
564         }
565
566         p = talloc_zero(mem_ctx, struct dcesrv_connection);
567         NT_STATUS_HAVE_NO_MEMORY(p);
568
569         if (!talloc_reference(p, session_info)) {
570                 talloc_free(p);
571                 return NT_STATUS_NO_MEMORY;
572         }
573
574         p->dce_ctx = dce_ctx;
575         p->endpoint = ep;
576         p->packet_log_dir = lpcfg_lock_directory(dce_ctx->lp_ctx);
577         p->event_ctx = event_ctx;
578         p->msg_ctx = msg_ctx;
579         p->server_id = server_id;
580         p->state_flags = state_flags;
581         p->allow_bind = true;
582         p->max_recv_frag = 5840;
583         p->max_xmit_frag = 5840;
584         p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
585
586         p->auth_state.session_info = session_info;
587         switch (transport) {
588         case NCACN_NP:
589                 p->auth_state.session_key_fn = dcesrv_remote_session_key;
590                 break;
591         case NCALRPC:
592         case NCACN_UNIX_STREAM:
593                 p->auth_state.session_key_fn = dcesrv_local_fixed_session_key;
594                 break;
595         default:
596                 /*
597                  * All other's get a NULL pointer, which
598                  * results in NT_STATUS_NO_USER_SESSION_KEY
599                  */
600                 break;
601         }
602
603         /*
604          * For now we only support NDR32.
605          */
606         p->preferred_transfer = &ndr_transfer_syntax_ndr;
607
608         *_p = p;
609         return NT_STATUS_OK;
610 }
611
612 /*
613   move a call from an existing linked list to the specified list. This
614   prevents bugs where we forget to remove the call from a previous
615   list when moving it.
616  */
617 static void dcesrv_call_set_list(struct dcesrv_call_state *call, 
618                                  enum dcesrv_call_list list)
619 {
620         switch (call->list) {
621         case DCESRV_LIST_NONE:
622                 break;
623         case DCESRV_LIST_CALL_LIST:
624                 DLIST_REMOVE(call->conn->call_list, call);
625                 break;
626         case DCESRV_LIST_FRAGMENTED_CALL_LIST:
627                 DLIST_REMOVE(call->conn->incoming_fragmented_call_list, call);
628                 break;
629         case DCESRV_LIST_PENDING_CALL_LIST:
630                 DLIST_REMOVE(call->conn->pending_call_list, call);
631                 break;
632         }
633         call->list = list;
634         switch (list) {
635         case DCESRV_LIST_NONE:
636                 break;
637         case DCESRV_LIST_CALL_LIST:
638                 DLIST_ADD_END(call->conn->call_list, call);
639                 break;
640         case DCESRV_LIST_FRAGMENTED_CALL_LIST:
641                 DLIST_ADD_END(call->conn->incoming_fragmented_call_list, call);
642                 break;
643         case DCESRV_LIST_PENDING_CALL_LIST:
644                 DLIST_ADD_END(call->conn->pending_call_list, call);
645                 break;
646         }
647 }
648
649 static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
650                                          const char *reason)
651 {
652         if (call->conn->terminate != NULL) {
653                 return;
654         }
655
656         call->conn->allow_bind = false;
657         call->conn->allow_alter = false;
658         call->conn->allow_auth3 = false;
659         call->conn->allow_request = false;
660
661         call->terminate_reason = talloc_strdup(call, reason);
662         if (call->terminate_reason == NULL) {
663                 call->terminate_reason = __location__;
664         }
665 }
666
667 /*
668   return a dcerpc bind_nak
669 */
670 static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
671 {
672         struct ncacn_packet pkt;
673         struct dcerpc_bind_nak_version version;
674         struct data_blob_list_item *rep;
675         NTSTATUS status;
676         static const uint8_t _pad[3] = { 0, };
677
678         /*
679          * We add the call to the pending_call_list
680          * in order to defer the termination.
681          */
682         dcesrv_call_disconnect_after(call, "dcesrv_bind_nak");
683
684         /* setup a bind_nak */
685         dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
686         pkt.auth_length = 0;
687         pkt.call_id = call->pkt.call_id;
688         pkt.ptype = DCERPC_PKT_BIND_NAK;
689         pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
690         pkt.u.bind_nak.reject_reason = reason;
691         version.rpc_vers = 5;
692         version.rpc_vers_minor = 0;
693         pkt.u.bind_nak.num_versions = 1;
694         pkt.u.bind_nak.versions = &version;
695         pkt.u.bind_nak._pad = data_blob_const(_pad, sizeof(_pad));
696
697         rep = talloc_zero(call, struct data_blob_list_item);
698         if (!rep) {
699                 return NT_STATUS_NO_MEMORY;
700         }
701
702         status = ncacn_push_auth(&rep->blob, call, &pkt, NULL);
703         if (!NT_STATUS_IS_OK(status)) {
704                 return status;
705         }
706
707         dcerpc_set_frag_length(&rep->blob, rep->blob.length);
708
709         DLIST_ADD_END(call->replies, rep);
710         dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST);
711
712         if (call->conn->call_list && call->conn->call_list->replies) {
713                 if (call->conn->transport.report_output_data) {
714                         call->conn->transport.report_output_data(call->conn);
715                 }
716         }
717
718         return NT_STATUS_OK;    
719 }
720
721 static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call,
722                                  uint32_t fault_code)
723 {
724         /*
725          * We add the call to the pending_call_list
726          * in order to defer the termination.
727          */
728         dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect");
729
730         return dcesrv_fault_with_flags(call, fault_code,
731                                        DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
732 }
733
734 static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c)
735 {
736         DLIST_REMOVE(c->conn->contexts, c);
737
738         if (c->iface && c->iface->unbind) {
739                 c->iface->unbind(c, c->iface);
740                 c->iface = NULL;
741         }
742
743         return 0;
744 }
745
746 static void dcesrv_prepare_context_auth(struct dcesrv_call_state *dce_call)
747 {
748         struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
749         const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
750         enum dcerpc_transport_t transport =
751                 dcerpc_binding_get_transport(endpoint->ep_description);
752         struct dcesrv_connection_context *context = dce_call->context;
753         const struct dcesrv_interface *iface = context->iface;
754
755         context->min_auth_level = DCERPC_AUTH_LEVEL_NONE;
756
757         if (transport == NCALRPC) {
758                 context->allow_connect = true;
759                 return;
760         }
761
762         /*
763          * allow overwrite per interface
764          * allow dcerpc auth level connect:<interface>
765          */
766         context->allow_connect = lpcfg_allow_dcerpc_auth_level_connect(lp_ctx);
767         context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL,
768                                         "allow dcerpc auth level connect",
769                                         iface->name,
770                                         context->allow_connect);
771 }
772
773 NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_call,
774                                                  const struct dcesrv_interface *iface)
775 {
776         if (dce_call->context == NULL) {
777                 return NT_STATUS_INTERNAL_ERROR;
778         }
779
780         /*
781          * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4)
782          * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5).
783          */
784         dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET;
785         return NT_STATUS_OK;
786 }
787
788 NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_call_state *dce_call,
789                                                const struct dcesrv_interface *iface)
790 {
791         if (dce_call->context == NULL) {
792                 return NT_STATUS_INTERNAL_ERROR;
793         }
794
795         dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
796         return NT_STATUS_OK;
797 }
798
799 _PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_call_state *dce_call,
800                                                        const struct dcesrv_interface *iface)
801 {
802         struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
803         const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
804         enum dcerpc_transport_t transport =
805                 dcerpc_binding_get_transport(endpoint->ep_description);
806         struct dcesrv_connection_context *context = dce_call->context;
807
808         if (context == NULL) {
809                 return NT_STATUS_INTERNAL_ERROR;
810         }
811
812         if (transport == NCALRPC) {
813                 context->allow_connect = true;
814                 return NT_STATUS_OK;
815         }
816
817         /*
818          * allow overwrite per interface
819          * allow dcerpc auth level connect:<interface>
820          */
821         context->allow_connect = false;
822         context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL,
823                                         "allow dcerpc auth level connect",
824                                         iface->name,
825                                         context->allow_connect);
826         return NT_STATUS_OK;
827 }
828
829 _PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_call_state *dce_call,
830                                                       const struct dcesrv_interface *iface)
831 {
832         struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
833         const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
834         enum dcerpc_transport_t transport =
835                 dcerpc_binding_get_transport(endpoint->ep_description);
836         struct dcesrv_connection_context *context = dce_call->context;
837
838         if (context == NULL) {
839                 return NT_STATUS_INTERNAL_ERROR;
840         }
841
842         if (transport == NCALRPC) {
843                 context->allow_connect = true;
844                 return NT_STATUS_OK;
845         }
846
847         /*
848          * allow overwrite per interface
849          * allow dcerpc auth level connect:<interface>
850          */
851         context->allow_connect = true;
852         context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL,
853                                         "allow dcerpc auth level connect",
854                                         iface->name,
855                                         context->allow_connect);
856         return NT_STATUS_OK;
857 }
858
859 struct dcesrv_conn_auth_wait_context {
860         struct tevent_req *req;
861         bool done;
862         NTSTATUS status;
863 };
864
865 struct dcesrv_conn_auth_wait_state {
866         uint8_t dummy;
867 };
868
869 static struct tevent_req *dcesrv_conn_auth_wait_send(TALLOC_CTX *mem_ctx,
870                                                      struct tevent_context *ev,
871                                                      void *private_data)
872 {
873         struct dcesrv_conn_auth_wait_context *auth_wait =
874                 talloc_get_type_abort(private_data,
875                 struct dcesrv_conn_auth_wait_context);
876         struct tevent_req *req = NULL;
877         struct dcesrv_conn_auth_wait_state *state = NULL;
878
879         req = tevent_req_create(mem_ctx, &state,
880                                 struct dcesrv_conn_auth_wait_state);
881         if (req == NULL) {
882                 return NULL;
883         }
884         auth_wait->req = req;
885
886         tevent_req_defer_callback(req, ev);
887
888         if (!auth_wait->done) {
889                 return req;
890         }
891
892         if (tevent_req_nterror(req, auth_wait->status)) {
893                 return tevent_req_post(req, ev);
894         }
895
896         tevent_req_done(req);
897         return tevent_req_post(req, ev);
898 }
899
900 static NTSTATUS dcesrv_conn_auth_wait_recv(struct tevent_req *req)
901 {
902         return tevent_req_simple_recv_ntstatus(req);
903 }
904
905 static NTSTATUS dcesrv_conn_auth_wait_setup(struct dcesrv_connection *conn)
906 {
907         struct dcesrv_conn_auth_wait_context *auth_wait = NULL;
908
909         if (conn->wait_send != NULL) {
910                 return NT_STATUS_INTERNAL_ERROR;
911         }
912
913         auth_wait = talloc_zero(conn, struct dcesrv_conn_auth_wait_context);
914         if (auth_wait == NULL) {
915                 return NT_STATUS_NO_MEMORY;
916         }
917
918         conn->wait_private = auth_wait;
919         conn->wait_send = dcesrv_conn_auth_wait_send;
920         conn->wait_recv = dcesrv_conn_auth_wait_recv;
921         return NT_STATUS_OK;
922 }
923
924 static void dcesrv_conn_auth_wait_finished(struct dcesrv_connection *conn,
925                                            NTSTATUS status)
926 {
927         struct dcesrv_conn_auth_wait_context *auth_wait =
928                 talloc_get_type_abort(conn->wait_private,
929                 struct dcesrv_conn_auth_wait_context);
930
931         auth_wait->done = true;
932         auth_wait->status = status;
933
934         if (auth_wait->req == NULL) {
935                 return;
936         }
937
938         if (tevent_req_nterror(auth_wait->req, status)) {
939                 return;
940         }
941
942         tevent_req_done(auth_wait->req);
943 }
944
945 static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call);
946
947 static void dcesrv_bind_done(struct tevent_req *subreq);
948
949 /*
950   handle a bind request
951 */
952 static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
953 {
954         struct dcesrv_connection *conn = call->conn;
955         struct ncacn_packet *pkt = &call->ack_pkt;
956         NTSTATUS status;
957         uint32_t extra_flags = 0;
958         uint16_t max_req = 0;
959         uint16_t max_rep = 0;
960         const char *ep_prefix = "";
961         const char *endpoint = NULL;
962         struct dcesrv_auth *auth = &call->conn->auth_state;
963         struct dcerpc_ack_ctx *ack_ctx_list = NULL;
964         struct dcerpc_ack_ctx *ack_features = NULL;
965         struct tevent_req *subreq = NULL;
966         size_t i;
967
968         status = dcerpc_verify_ncacn_packet_header(&call->pkt,
969                         DCERPC_PKT_BIND,
970                         call->pkt.u.bind.auth_info.length,
971                         0, /* required flags */
972                         DCERPC_PFC_FLAG_FIRST |
973                         DCERPC_PFC_FLAG_LAST |
974                         DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
975                         0x08 | /* this is not defined, but should be ignored */
976                         DCERPC_PFC_FLAG_CONC_MPX |
977                         DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
978                         DCERPC_PFC_FLAG_MAYBE |
979                         DCERPC_PFC_FLAG_OBJECT_UUID);
980         if (!NT_STATUS_IS_OK(status)) {
981                 return dcesrv_bind_nak(call,
982                         DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED);
983         }
984
985         /* max_recv_frag and max_xmit_frag result always in the same value! */
986         max_req = MIN(call->pkt.u.bind.max_xmit_frag,
987                       call->pkt.u.bind.max_recv_frag);
988         /*
989          * The values are between 2048 and 5840 tested against Windows 2012R2
990          * via ncacn_ip_tcp on port 135.
991          */
992         max_req = MAX(2048, max_req);
993         max_rep = MIN(max_req, call->conn->max_recv_frag);
994         /* They are truncated to an 8 byte boundary. */
995         max_rep &= 0xFFF8;
996
997         /* max_recv_frag and max_xmit_frag result always in the same value! */
998         call->conn->max_recv_frag = max_rep;
999         call->conn->max_xmit_frag = max_rep;
1000
1001         /*
1002           if provided, check the assoc_group is valid
1003          */
1004         if (call->pkt.u.bind.assoc_group_id != 0) {
1005                 call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn,
1006                                                                        call->conn->dce_ctx,
1007                                                                        call->pkt.u.bind.assoc_group_id);
1008         } else {
1009                 call->conn->assoc_group = dcesrv_assoc_group_new(call->conn,
1010                                                                  call->conn->dce_ctx);
1011         }
1012
1013         /*
1014          * The NETLOGON server does not use handles and so
1015          * there is no need to support association groups, but
1016          * we need to give back a number regardless.
1017          *
1018          * We have to do this when it is not run as a single process,
1019          * because then it can't see the other valid association
1020          * groups.  We handle this genericly for all endpoints not
1021          * running in single process mode.
1022          *
1023          * We know which endpoint we are on even before checking the
1024          * iface UUID, so for simplicity we enforce the same policy
1025          * for all interfaces on the endpoint.
1026          *
1027          * This means that where NETLOGON
1028          * shares an endpoint (such as ncalrpc or of 'lsa over
1029          * netlogon' is set) we will still check association groups.
1030          *
1031          */
1032
1033         if (call->conn->assoc_group == NULL &&
1034             !call->conn->endpoint->use_single_process) {
1035                 call->conn->assoc_group
1036                         = dcesrv_assoc_group_new(call->conn,
1037                                                  call->conn->dce_ctx);
1038         }
1039         if (call->conn->assoc_group == NULL) {
1040                 return dcesrv_bind_nak(call, 0);
1041         }
1042
1043         if (call->pkt.u.bind.num_contexts < 1) {
1044                 return dcesrv_bind_nak(call, 0);
1045         }
1046
1047         ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx,
1048                                          call->pkt.u.bind.num_contexts);
1049         if (ack_ctx_list == NULL) {
1050                 return dcesrv_bind_nak(call, 0);
1051         }
1052
1053         /*
1054          * Set some sane defaults (required by dcesrv_negotiate_contexts()/
1055          * dcesrv_check_or_create_context()) and do some protocol validation
1056          * and set sane defaults.
1057          */
1058         for (i = 0; i < call->pkt.u.bind.num_contexts; i++) {
1059                 const struct dcerpc_ctx_list *c = &call->pkt.u.bind.ctx_list[i];
1060                 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1061                 bool is_feature = false;
1062                 uint64_t features = 0;
1063
1064                 if (c->num_transfer_syntaxes == 0) {
1065                         return dcesrv_bind_nak(call, 0);
1066                 }
1067
1068                 a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1069                 a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
1070
1071                 /*
1072                  * It's only treated as bind time feature request, if the first
1073                  * transfer_syntax matches, all others are ignored.
1074                  */
1075                 is_feature = dcerpc_extract_bind_time_features(c->transfer_syntaxes[0],
1076                                                                &features);
1077                 if (!is_feature) {
1078                         continue;
1079                 }
1080
1081                 if (ack_features != NULL) {
1082                         /*
1083                          * Only one bind time feature context is allowed.
1084                          */
1085                         return dcesrv_bind_nak(call, 0);
1086                 }
1087                 ack_features = a;
1088
1089                 a->result = DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK;
1090                 a->reason.negotiate = 0;
1091                 if (features & DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING) {
1092                         /* not supported yet */
1093                 }
1094                 if (features & DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN) {
1095                         a->reason.negotiate |=
1096                                 DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN;
1097                 }
1098
1099                 call->conn->bind_time_features = a->reason.negotiate;
1100         }
1101
1102         /*
1103          * Try to negotiate one new presentation context.
1104          *
1105          * Deep in here we locate the iface (by uuid) that the client
1106          * requested, from the list of interfaces on the
1107          * call->conn->endpoint, and call iface->bind() on that iface.
1108          *
1109          * call->conn was set up at the accept() of the socket, and
1110          * call->conn->endpoint has a list of interfaces restricted to
1111          * this port or pipe.
1112          */
1113         status = dcesrv_negotiate_contexts(call, &call->pkt.u.bind, ack_ctx_list);
1114         if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
1115                 return dcesrv_bind_nak(call, 0);
1116         }
1117         if (!NT_STATUS_IS_OK(status)) {
1118                 return status;
1119         }
1120
1121         /*
1122          * At this point we still don't know which interface (eg
1123          * netlogon, lsa, drsuapi) the caller requested in this bind!
1124          * The most recently added context is available as the first
1125          * element in the linked list at call->conn->contexts, that is
1126          * call->conn->contexts->iface, but they may not have
1127          * requested one at all!
1128          */
1129
1130         if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
1131             (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
1132                 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
1133                 extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
1134         }
1135
1136         if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
1137                 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
1138         }
1139
1140         /*
1141          * After finding the interface and setting up the NDR
1142          * transport negotiation etc, handle any authentication that
1143          * is being requested.
1144          */
1145         if (!dcesrv_auth_bind(call)) {
1146
1147                 if (auth->auth_level == DCERPC_AUTH_LEVEL_NONE) {
1148                         /*
1149                          * With DCERPC_AUTH_LEVEL_NONE, we get the
1150                          * reject_reason in auth->auth_context_id.
1151                          */
1152                         return dcesrv_bind_nak(call, auth->auth_context_id);
1153                 }
1154
1155                 /*
1156                  * This must a be a temporary failure e.g. talloc or invalid
1157                  * configuration, e.g. no machine account.
1158                  */
1159                 return dcesrv_bind_nak(call,
1160                                 DCERPC_BIND_NAK_REASON_TEMPORARY_CONGESTION);
1161         }
1162
1163         /* setup a bind_ack */
1164         dcesrv_init_hdr(pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
1165         pkt->auth_length = 0;
1166         pkt->call_id = call->pkt.call_id;
1167         pkt->ptype = DCERPC_PKT_BIND_ACK;
1168         pkt->pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
1169         pkt->u.bind_ack.max_xmit_frag = call->conn->max_xmit_frag;
1170         pkt->u.bind_ack.max_recv_frag = call->conn->max_recv_frag;
1171         pkt->u.bind_ack.assoc_group_id = call->conn->assoc_group->id;
1172
1173         endpoint = dcerpc_binding_get_string_option(
1174                                 call->conn->endpoint->ep_description,
1175                                 "endpoint");
1176         if (endpoint == NULL) {
1177                 endpoint = "";
1178         }
1179
1180         if (strncasecmp(endpoint, "\\pipe\\", 6) == 0) {
1181                 /*
1182                  * TODO: check if this is really needed
1183                  *
1184                  * Or if we should fix this in our idl files.
1185                  */
1186                 ep_prefix = "\\PIPE\\";
1187                 endpoint += 6;
1188         }
1189
1190         pkt->u.bind_ack.secondary_address = talloc_asprintf(call, "%s%s",
1191                                                            ep_prefix,
1192                                                            endpoint);
1193         if (pkt->u.bind_ack.secondary_address == NULL) {
1194                 return NT_STATUS_NO_MEMORY;
1195         }
1196         pkt->u.bind_ack.num_results = call->pkt.u.bind.num_contexts;
1197         pkt->u.bind_ack.ctx_list = ack_ctx_list;
1198         pkt->u.bind_ack.auth_info = data_blob_null;
1199
1200         status = dcesrv_auth_prepare_bind_ack(call, pkt);
1201         if (!NT_STATUS_IS_OK(status)) {
1202                 return dcesrv_bind_nak(call, 0);
1203         }
1204
1205         if (auth->auth_finished) {
1206                 return dcesrv_auth_reply(call);
1207         }
1208
1209         subreq = gensec_update_send(call, call->event_ctx,
1210                                     auth->gensec_security,
1211                                     call->in_auth_info.credentials);
1212         if (subreq == NULL) {
1213                 return NT_STATUS_NO_MEMORY;
1214         }
1215         tevent_req_set_callback(subreq, dcesrv_bind_done, call);
1216
1217         return dcesrv_conn_auth_wait_setup(conn);
1218 }
1219
1220 static void dcesrv_bind_done(struct tevent_req *subreq)
1221 {
1222         struct dcesrv_call_state *call =
1223                 tevent_req_callback_data(subreq,
1224                 struct dcesrv_call_state);
1225         struct dcesrv_connection *conn = call->conn;
1226         NTSTATUS status;
1227
1228         status = gensec_update_recv(subreq, call,
1229                                     &call->out_auth_info->credentials);
1230         TALLOC_FREE(subreq);
1231
1232         status = dcesrv_auth_complete(call, status);
1233         if (!NT_STATUS_IS_OK(status)) {
1234                 status = dcesrv_bind_nak(call, 0);
1235                 dcesrv_conn_auth_wait_finished(conn, status);
1236                 return;
1237         }
1238
1239         status = dcesrv_auth_reply(call);
1240         dcesrv_conn_auth_wait_finished(conn, status);
1241         return;
1242 }
1243
1244 static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call)
1245 {
1246         struct ncacn_packet *pkt = &call->ack_pkt;
1247         struct data_blob_list_item *rep = NULL;
1248         NTSTATUS status;
1249
1250         rep = talloc_zero(call, struct data_blob_list_item);
1251         if (!rep) {
1252                 return NT_STATUS_NO_MEMORY;
1253         }
1254
1255         status = ncacn_push_auth(&rep->blob, call, pkt,
1256                                  call->out_auth_info);
1257         if (!NT_STATUS_IS_OK(status)) {
1258                 return status;
1259         }
1260
1261         dcerpc_set_frag_length(&rep->blob, rep->blob.length);
1262
1263         DLIST_ADD_END(call->replies, rep);
1264         dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST);
1265
1266         if (call->conn->call_list && call->conn->call_list->replies) {
1267                 if (call->conn->transport.report_output_data) {
1268                         call->conn->transport.report_output_data(call->conn);
1269                 }
1270         }
1271
1272         return NT_STATUS_OK;
1273 }
1274
1275
1276 static void dcesrv_auth3_done(struct tevent_req *subreq);
1277
1278 /*
1279   handle a auth3 request
1280 */
1281 static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
1282 {
1283         struct dcesrv_connection *conn = call->conn;
1284         struct dcesrv_auth *auth = &call->conn->auth_state;
1285         struct tevent_req *subreq = NULL;
1286         NTSTATUS status;
1287
1288         if (!call->conn->allow_auth3) {
1289                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1290         }
1291
1292         if (call->conn->auth_state.auth_finished) {
1293                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1294         }
1295
1296         status = dcerpc_verify_ncacn_packet_header(&call->pkt,
1297                         DCERPC_PKT_AUTH3,
1298                         call->pkt.u.auth3.auth_info.length,
1299                         0, /* required flags */
1300                         DCERPC_PFC_FLAG_FIRST |
1301                         DCERPC_PFC_FLAG_LAST |
1302                         DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
1303                         0x08 | /* this is not defined, but should be ignored */
1304                         DCERPC_PFC_FLAG_CONC_MPX |
1305                         DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
1306                         DCERPC_PFC_FLAG_MAYBE |
1307                         DCERPC_PFC_FLAG_OBJECT_UUID);
1308         if (!NT_STATUS_IS_OK(status)) {
1309                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1310         }
1311
1312         /* handle the auth3 in the auth code */
1313         if (!dcesrv_auth_prepare_auth3(call)) {
1314                 /*
1315                  * we don't send a reply to a auth3 request,
1316                  * except by a fault.
1317                  *
1318                  * In anycase we mark the connection as
1319                  * invalid.
1320                  */
1321                 call->conn->auth_state.auth_invalid = true;
1322                 if (call->fault_code != 0) {
1323                         return dcesrv_fault_disconnect(call, call->fault_code);
1324                 }
1325                 TALLOC_FREE(call);
1326                 return NT_STATUS_OK;
1327         }
1328
1329         subreq = gensec_update_send(call, call->event_ctx,
1330                                     auth->gensec_security,
1331                                     call->in_auth_info.credentials);
1332         if (subreq == NULL) {
1333                 return NT_STATUS_NO_MEMORY;
1334         }
1335         tevent_req_set_callback(subreq, dcesrv_auth3_done, call);
1336
1337         return dcesrv_conn_auth_wait_setup(conn);
1338 }
1339
1340 static void dcesrv_auth3_done(struct tevent_req *subreq)
1341 {
1342         struct dcesrv_call_state *call =
1343                 tevent_req_callback_data(subreq,
1344                 struct dcesrv_call_state);
1345         struct dcesrv_connection *conn = call->conn;
1346         NTSTATUS status;
1347
1348         status = gensec_update_recv(subreq, call,
1349                                     &call->out_auth_info->credentials);
1350         TALLOC_FREE(subreq);
1351
1352         status = dcesrv_auth_complete(call, status);
1353         if (!NT_STATUS_IS_OK(status)) {
1354                 /*
1355                  * we don't send a reply to a auth3 request,
1356                  * except by a fault.
1357                  *
1358                  * In anycase we mark the connection as
1359                  * invalid.
1360                  */
1361                 call->conn->auth_state.auth_invalid = true;
1362                 if (call->fault_code != 0) {
1363                         status = dcesrv_fault_disconnect(call, call->fault_code);
1364                         dcesrv_conn_auth_wait_finished(conn, status);
1365                         return;
1366                 }
1367                 TALLOC_FREE(call);
1368                 dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK);
1369                 return;
1370         }
1371
1372         /*
1373          * we don't send a reply to a auth3 request.
1374          */
1375         TALLOC_FREE(call);
1376         dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK);
1377         return;
1378 }
1379
1380
1381 static NTSTATUS dcesrv_check_or_create_context(struct dcesrv_call_state *call,
1382                                 const struct dcerpc_bind *b,
1383                                 const struct dcerpc_ctx_list *ctx,
1384                                 struct dcerpc_ack_ctx *ack,
1385                                 bool validate_only,
1386                                 const struct ndr_syntax_id *supported_transfer)
1387 {
1388         uint32_t if_version;
1389         struct dcesrv_connection_context *context;
1390         const struct dcesrv_interface *iface;
1391         struct GUID uuid;
1392         NTSTATUS status;
1393         const struct ndr_syntax_id *selected_transfer = NULL;
1394         size_t i;
1395         bool ok;
1396
1397         if (b == NULL) {
1398                 return NT_STATUS_INTERNAL_ERROR;
1399         }
1400         if (ctx == NULL) {
1401                 return NT_STATUS_INTERNAL_ERROR;
1402         }
1403         if (ctx->num_transfer_syntaxes < 1) {
1404                 return NT_STATUS_INTERNAL_ERROR;
1405         }
1406         if (ack == NULL) {
1407                 return NT_STATUS_INTERNAL_ERROR;
1408         }
1409         if (supported_transfer == NULL) {
1410                 return NT_STATUS_INTERNAL_ERROR;
1411         }
1412
1413         switch (ack->result) {
1414         case DCERPC_BIND_ACK_RESULT_ACCEPTANCE:
1415         case DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK:
1416                 /*
1417                  * We is already completed.
1418                  */
1419                 return NT_STATUS_OK;
1420         default:
1421                 break;
1422         }
1423
1424         ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1425         ack->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
1426
1427         if_version = ctx->abstract_syntax.if_version;
1428         uuid = ctx->abstract_syntax.uuid;
1429
1430         iface = find_interface_by_uuid(call->conn->endpoint, &uuid, if_version);
1431         if (iface == NULL) {
1432                 char *uuid_str = GUID_string(call, &uuid);
1433                 DEBUG(2,("Request for unknown dcerpc interface %s/%d\n", uuid_str, if_version));
1434                 talloc_free(uuid_str);
1435                 /*
1436                  * We report this only via ack->result
1437                  */
1438                 return NT_STATUS_OK;
1439         }
1440
1441         ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1442         ack->reason.value = DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED;
1443
1444         if (validate_only) {
1445                 /*
1446                  * We report this only via ack->result
1447                  */
1448                 return NT_STATUS_OK;
1449         }
1450
1451         for (i = 0; i < ctx->num_transfer_syntaxes; i++) {
1452                 /*
1453                  * we only do NDR encoded dcerpc for now.
1454                  */
1455                 ok = ndr_syntax_id_equal(&ctx->transfer_syntaxes[i],
1456                                          supported_transfer);
1457                 if (ok) {
1458                         selected_transfer = supported_transfer;
1459                         break;
1460                 }
1461         }
1462
1463         context = dcesrv_find_context(call->conn, ctx->context_id);
1464         if (context != NULL) {
1465                 ok = ndr_syntax_id_equal(&context->iface->syntax_id,
1466                                          &ctx->abstract_syntax);
1467                 if (!ok) {
1468                         return NT_STATUS_RPC_PROTOCOL_ERROR;
1469                 }
1470
1471                 if (selected_transfer != NULL) {
1472                         ok = ndr_syntax_id_equal(&context->transfer_syntax,
1473                                                  selected_transfer);
1474                         if (!ok) {
1475                                 return NT_STATUS_RPC_PROTOCOL_ERROR;
1476                         }
1477
1478                         ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE;
1479                         ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED;
1480                         ack->syntax = context->transfer_syntax;
1481                 }
1482
1483                 /*
1484                  * We report this only via ack->result
1485                  */
1486                 return NT_STATUS_OK;
1487         }
1488
1489         if (selected_transfer == NULL) {
1490                 /*
1491                  * We report this only via ack->result
1492                  */
1493                 return NT_STATUS_OK;
1494         }
1495
1496         ack->result = DCERPC_BIND_ACK_RESULT_USER_REJECTION;
1497         ack->reason.value = DCERPC_BIND_ACK_REASON_LOCAL_LIMIT_EXCEEDED;
1498
1499         /* add this context to the list of available context_ids */
1500         context = talloc_zero(call->conn, struct dcesrv_connection_context);
1501         if (context == NULL) {
1502                 return NT_STATUS_NO_MEMORY;
1503         }
1504         context->conn = call->conn;
1505         context->context_id = ctx->context_id;
1506         context->iface = iface;
1507         context->transfer_syntax = *selected_transfer;
1508         context->private_data = NULL;
1509         DLIST_ADD(call->conn->contexts, context);
1510         call->context = context;
1511         talloc_set_destructor(context, dcesrv_connection_context_destructor);
1512
1513         dcesrv_prepare_context_auth(call);
1514
1515         /*
1516          * Multiplex is supported by default
1517          */
1518         call->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
1519
1520         status = iface->bind(call, iface, if_version);
1521         call->context = NULL;
1522         if (!NT_STATUS_IS_OK(status)) {
1523                 /* we don't want to trigger the iface->unbind() hook */
1524                 context->iface = NULL;
1525                 talloc_free(context);
1526                 /*
1527                  * We report this only via ack->result
1528                  */
1529                 return NT_STATUS_OK;
1530         }
1531
1532         ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE;
1533         ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED;
1534         ack->syntax = context->transfer_syntax;
1535         return NT_STATUS_OK;
1536 }
1537
1538 static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
1539                                 const struct dcerpc_bind *b,
1540                                 struct dcerpc_ack_ctx *ack_ctx_list)
1541 {
1542         NTSTATUS status;
1543         size_t i;
1544         bool validate_only = false;
1545         bool preferred_ndr32;
1546
1547         /*
1548          * Try to negotiate one new presentation context,
1549          * using our preferred transfer syntax.
1550          */
1551         for (i = 0; i < b->num_contexts; i++) {
1552                 const struct dcerpc_ctx_list *c = &b->ctx_list[i];
1553                 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1554
1555                 status = dcesrv_check_or_create_context(call, b, c, a,
1556                                                 validate_only,
1557                                                 call->conn->preferred_transfer);
1558                 if (!NT_STATUS_IS_OK(status)) {
1559                         return status;
1560                 }
1561
1562                 if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) {
1563                         /*
1564                          * We managed to negotiate one context.
1565                          *
1566                          * => we're done.
1567                          */
1568                         validate_only = true;
1569                 }
1570         }
1571
1572         preferred_ndr32 = ndr_syntax_id_equal(&ndr_transfer_syntax_ndr,
1573                                         call->conn->preferred_transfer);
1574         if (preferred_ndr32) {
1575                 /*
1576                  * We're done.
1577                  */
1578                 return NT_STATUS_OK;
1579         }
1580
1581         /*
1582          * Try to negotiate one new presentation context,
1583          * using NDR 32 as fallback.
1584          */
1585         for (i = 0; i < b->num_contexts; i++) {
1586                 const struct dcerpc_ctx_list *c = &b->ctx_list[i];
1587                 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1588
1589                 status = dcesrv_check_or_create_context(call, b, c, a,
1590                                                 validate_only,
1591                                                 &ndr_transfer_syntax_ndr);
1592                 if (!NT_STATUS_IS_OK(status)) {
1593                         return status;
1594                 }
1595
1596                 if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) {
1597                         /*
1598                          * We managed to negotiate one context.
1599                          *
1600                          * => we're done.
1601                          */
1602                         validate_only = true;
1603                 }
1604         }
1605
1606         return NT_STATUS_OK;
1607 }
1608
1609 static void dcesrv_alter_done(struct tevent_req *subreq);
1610
1611 /*
1612   handle a alter context request
1613 */
1614 static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
1615 {
1616         struct dcesrv_connection *conn = call->conn;
1617         NTSTATUS status;
1618         bool auth_ok = false;
1619         struct ncacn_packet *pkt = &call->ack_pkt;
1620         uint32_t extra_flags = 0;
1621         struct dcesrv_auth *auth = &call->conn->auth_state;
1622         struct dcerpc_ack_ctx *ack_ctx_list = NULL;
1623         struct tevent_req *subreq = NULL;
1624         size_t i;
1625
1626         if (!call->conn->allow_alter) {
1627                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1628         }
1629
1630         status = dcerpc_verify_ncacn_packet_header(&call->pkt,
1631                         DCERPC_PKT_ALTER,
1632                         call->pkt.u.alter.auth_info.length,
1633                         0, /* required flags */
1634                         DCERPC_PFC_FLAG_FIRST |
1635                         DCERPC_PFC_FLAG_LAST |
1636                         DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
1637                         0x08 | /* this is not defined, but should be ignored */
1638                         DCERPC_PFC_FLAG_CONC_MPX |
1639                         DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
1640                         DCERPC_PFC_FLAG_MAYBE |
1641                         DCERPC_PFC_FLAG_OBJECT_UUID);
1642         if (!NT_STATUS_IS_OK(status)) {
1643                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1644         }
1645
1646         auth_ok = dcesrv_auth_alter(call);
1647         if (!auth_ok) {
1648                 if (call->fault_code != 0) {
1649                         return dcesrv_fault_disconnect(call, call->fault_code);
1650                 }
1651         }
1652
1653         if (call->pkt.u.alter.num_contexts < 1) {
1654                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1655         }
1656
1657         ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx,
1658                                          call->pkt.u.alter.num_contexts);
1659         if (ack_ctx_list == NULL) {
1660                 return NT_STATUS_NO_MEMORY;
1661         }
1662
1663         /*
1664          * Set some sane defaults (required by dcesrv_negotiate_contexts()/
1665          * dcesrv_check_or_create_context()) and do some protocol validation
1666          * and set sane defaults.
1667          */
1668         for (i = 0; i < call->pkt.u.alter.num_contexts; i++) {
1669                 const struct dcerpc_ctx_list *c = &call->pkt.u.alter.ctx_list[i];
1670                 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1671
1672                 if (c->num_transfer_syntaxes == 0) {
1673                         return dcesrv_fault_disconnect(call,
1674                                         DCERPC_NCA_S_PROTO_ERROR);
1675                 }
1676
1677                 a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1678                 a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
1679         }
1680
1681         /*
1682          * Try to negotiate one new presentation context.
1683          */
1684         status = dcesrv_negotiate_contexts(call, &call->pkt.u.alter, ack_ctx_list);
1685         if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
1686                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1687         }
1688         if (!NT_STATUS_IS_OK(status)) {
1689                 return status;
1690         }
1691
1692         if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
1693             (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
1694                 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
1695                 extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
1696         }
1697
1698         if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
1699                 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
1700         }
1701
1702         /* handle any authentication that is being requested */
1703         if (!auth_ok) {
1704                 if (call->in_auth_info.auth_type !=
1705                     call->conn->auth_state.auth_type)
1706                 {
1707                         return dcesrv_fault_disconnect(call,
1708                                         DCERPC_FAULT_SEC_PKG_ERROR);
1709                 }
1710                 return dcesrv_fault_disconnect(call, DCERPC_FAULT_ACCESS_DENIED);
1711         }
1712
1713         dcesrv_init_hdr(pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
1714         pkt->auth_length = 0;
1715         pkt->call_id = call->pkt.call_id;
1716         pkt->ptype = DCERPC_PKT_ALTER_RESP;
1717         pkt->pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
1718         pkt->u.alter_resp.max_xmit_frag = call->conn->max_xmit_frag;
1719         pkt->u.alter_resp.max_recv_frag = call->conn->max_recv_frag;
1720         pkt->u.alter_resp.assoc_group_id = call->conn->assoc_group->id;
1721         pkt->u.alter_resp.secondary_address = "";
1722         pkt->u.alter_resp.num_results = call->pkt.u.alter.num_contexts;
1723         pkt->u.alter_resp.ctx_list = ack_ctx_list;
1724         pkt->u.alter_resp.auth_info = data_blob_null;
1725
1726         status = dcesrv_auth_prepare_alter_ack(call, pkt);
1727         if (!NT_STATUS_IS_OK(status)) {
1728                 return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
1729         }
1730
1731         if (auth->auth_finished) {
1732                 return dcesrv_auth_reply(call);
1733         }
1734
1735         subreq = gensec_update_send(call, call->event_ctx,
1736                                     auth->gensec_security,
1737                                     call->in_auth_info.credentials);
1738         if (subreq == NULL) {
1739                 return NT_STATUS_NO_MEMORY;
1740         }
1741         tevent_req_set_callback(subreq, dcesrv_alter_done, call);
1742
1743         return dcesrv_conn_auth_wait_setup(conn);
1744 }
1745
1746 static void dcesrv_alter_done(struct tevent_req *subreq)
1747 {
1748         struct dcesrv_call_state *call =
1749                 tevent_req_callback_data(subreq,
1750                 struct dcesrv_call_state);
1751         struct dcesrv_connection *conn = call->conn;
1752         NTSTATUS status;
1753
1754         status = gensec_update_recv(subreq, call,
1755                                     &call->out_auth_info->credentials);
1756         TALLOC_FREE(subreq);
1757
1758         status = dcesrv_auth_complete(call, status);
1759         if (!NT_STATUS_IS_OK(status)) {
1760                 status = dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
1761                 dcesrv_conn_auth_wait_finished(conn, status);
1762                 return;
1763         }
1764
1765         status = dcesrv_auth_reply(call);
1766         dcesrv_conn_auth_wait_finished(conn, status);
1767         return;
1768 }
1769
1770 /*
1771   possibly save the call for inspection with ndrdump
1772  */
1773 static void dcesrv_save_call(struct dcesrv_call_state *call, const char *why)
1774 {
1775 #ifdef DEVELOPER
1776         char *fname;
1777         const char *dump_dir;
1778         dump_dir = lpcfg_parm_string(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv", "stubs directory");
1779         if (!dump_dir) {
1780                 return;
1781         }
1782         fname = talloc_asprintf(call, "%s/RPC-%s-%u-%s.dat",
1783                                 dump_dir,
1784                                 call->context->iface->name,
1785                                 call->pkt.u.request.opnum,
1786                                 why);
1787         if (file_save(fname, call->pkt.u.request.stub_and_verifier.data, call->pkt.u.request.stub_and_verifier.length)) {
1788                 DEBUG(0,("RPC SAVED %s\n", fname));
1789         }
1790         talloc_free(fname);
1791 #endif
1792 }
1793
1794 static NTSTATUS dcesrv_check_verification_trailer(struct dcesrv_call_state *call)
1795 {
1796         TALLOC_CTX *frame = talloc_stackframe();
1797         const uint32_t bitmask1 = call->conn->auth_state.client_hdr_signing ?
1798                 DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING : 0;
1799         const struct dcerpc_sec_vt_pcontext pcontext = {
1800                 .abstract_syntax = call->context->iface->syntax_id,
1801                 .transfer_syntax = call->context->transfer_syntax,
1802         };
1803         const struct dcerpc_sec_vt_header2 header2 =
1804                 dcerpc_sec_vt_header2_from_ncacn_packet(&call->pkt);
1805         enum ndr_err_code ndr_err;
1806         struct dcerpc_sec_verification_trailer *vt = NULL;
1807         NTSTATUS status = NT_STATUS_OK;
1808         bool ok;
1809
1810         SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_REQUEST);
1811
1812         ndr_err = ndr_pop_dcerpc_sec_verification_trailer(call->ndr_pull,
1813                                                           frame, &vt);
1814         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1815                 status = ndr_map_error2ntstatus(ndr_err);
1816                 goto done;
1817         }
1818
1819         ok = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
1820                                                    &pcontext, &header2);
1821         if (!ok) {
1822                 status = NT_STATUS_ACCESS_DENIED;
1823                 goto done;
1824         }
1825 done:
1826         TALLOC_FREE(frame);
1827         return status;
1828 }
1829
1830 /*
1831   handle a dcerpc request packet
1832 */
1833 static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
1834 {
1835         const struct dcesrv_endpoint *endpoint = call->conn->endpoint;
1836         enum dcerpc_transport_t transport =
1837                 dcerpc_binding_get_transport(endpoint->ep_description);
1838         struct ndr_pull *pull;
1839         NTSTATUS status;
1840
1841         if (!call->conn->allow_request) {
1842                 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1843         }
1844
1845         /* if authenticated, and the mech we use can't do async replies, don't use them... */
1846         if (call->conn->auth_state.gensec_security && 
1847             !gensec_have_feature(call->conn->auth_state.gensec_security, GENSEC_FEATURE_ASYNC_REPLIES)) {
1848                 call->state_flags &= ~DCESRV_CALL_STATE_FLAG_MAY_ASYNC;
1849         }
1850
1851         if (call->context == NULL) {
1852                 return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
1853                                         DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
1854         }
1855
1856         switch (call->conn->auth_state.auth_level) {
1857         case DCERPC_AUTH_LEVEL_NONE:
1858         case DCERPC_AUTH_LEVEL_PACKET:
1859         case DCERPC_AUTH_LEVEL_INTEGRITY:
1860         case DCERPC_AUTH_LEVEL_PRIVACY:
1861                 break;
1862         default:
1863                 if (!call->context->allow_connect) {
1864                         char *addr;
1865
1866                         addr = tsocket_address_string(call->conn->remote_address,
1867                                                       call);
1868
1869                         DEBUG(2, ("%s: restrict auth_level_connect access "
1870                                   "to [%s] with auth[type=0x%x,level=0x%x] "
1871                                   "on [%s] from [%s]\n",
1872                                   __func__, call->context->iface->name,
1873                                   call->conn->auth_state.auth_type,
1874                                   call->conn->auth_state.auth_level,
1875                                   derpc_transport_string_by_transport(transport),
1876                                   addr));
1877                         return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
1878                 }
1879                 break;
1880         }
1881
1882         if (call->conn->auth_state.auth_level < call->context->min_auth_level) {
1883                 char *addr;
1884
1885                 addr = tsocket_address_string(call->conn->remote_address, call);
1886
1887                 DEBUG(2, ("%s: restrict access by min_auth_level[0x%x] "
1888                           "to [%s] with auth[type=0x%x,level=0x%x] "
1889                           "on [%s] from [%s]\n",
1890                           __func__,
1891                           call->context->min_auth_level,
1892                           call->context->iface->name,
1893                           call->conn->auth_state.auth_type,
1894                           call->conn->auth_state.auth_level,
1895                           derpc_transport_string_by_transport(transport),
1896                           addr));
1897                 return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
1898         }
1899
1900         pull = ndr_pull_init_blob(&call->pkt.u.request.stub_and_verifier, call);
1901         NT_STATUS_HAVE_NO_MEMORY(pull);
1902
1903         pull->flags |= LIBNDR_FLAG_REF_ALLOC;
1904
1905         call->ndr_pull  = pull;
1906
1907         if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) {
1908                 pull->flags |= LIBNDR_FLAG_BIGENDIAN;
1909         }
1910
1911         status = dcesrv_check_verification_trailer(call);
1912         if (!NT_STATUS_IS_OK(status)) {
1913                 uint32_t faultcode = DCERPC_FAULT_OTHER;
1914                 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1915                         faultcode = DCERPC_FAULT_ACCESS_DENIED;
1916                 }
1917                 DEBUG(10, ("dcesrv_check_verification_trailer failed: %s\n",
1918                            nt_errstr(status)));
1919                 return dcesrv_fault(call, faultcode);
1920         }
1921
1922         /* unravel the NDR for the packet */
1923         status = call->context->iface->ndr_pull(call, call, pull, &call->r);
1924         if (!NT_STATUS_IS_OK(status)) {
1925                 uint8_t extra_flags = 0;
1926                 if (call->fault_code == DCERPC_FAULT_OP_RNG_ERROR) {
1927                         /* we got an unknown call */
1928                         DEBUG(3,(__location__ ": Unknown RPC call %u on %s\n",
1929                                  call->pkt.u.request.opnum,
1930                                  call->context->iface->name));
1931                         dcesrv_save_call(call, "unknown");
1932                         extra_flags |= DCERPC_PFC_FLAG_DID_NOT_EXECUTE;
1933                 } else {
1934                         dcesrv_save_call(call, "pullfail");
1935                 }
1936                 return dcesrv_fault_with_flags(call, call->fault_code, extra_flags);
1937         }
1938
1939         if (pull->offset != pull->data_size) {
1940                 dcesrv_save_call(call, "extrabytes");
1941                 DEBUG(3,("Warning: %d extra bytes in incoming RPC request\n", 
1942                          pull->data_size - pull->offset));
1943         }
1944
1945         /* call the dispatch function */
1946         status = call->context->iface->dispatch(call, call, call->r);
1947         if (!NT_STATUS_IS_OK(status)) {
1948                 DEBUG(5,("dcerpc fault in call %s:%02x - %s\n",
1949                          call->context->iface->name,
1950                          call->pkt.u.request.opnum,
1951                          dcerpc_errstr(pull, call->fault_code)));
1952                 return dcesrv_fault(call, call->fault_code);
1953         }
1954
1955         /* add the call to the pending list */
1956         dcesrv_call_set_list(call, DCESRV_LIST_PENDING_CALL_LIST);
1957
1958         if (call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
1959                 return NT_STATUS_OK;
1960         }
1961
1962         return dcesrv_reply(call);
1963 }
1964
1965
1966 /*
1967   remove the call from the right list when freed
1968  */
1969 static int dcesrv_call_dequeue(struct dcesrv_call_state *call)
1970 {
1971         dcesrv_call_set_list(call, DCESRV_LIST_NONE);
1972         return 0;
1973 }
1974
1975 _PUBLIC_ const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn)
1976 {
1977         return conn->local_address;
1978 }
1979
1980 _PUBLIC_ const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn)
1981 {
1982         return conn->remote_address;
1983 }
1984
1985 /*
1986   process some input to a dcerpc endpoint server.
1987 */
1988 static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
1989                                             struct ncacn_packet *pkt,
1990                                             DATA_BLOB blob)
1991 {
1992         NTSTATUS status;
1993         struct dcesrv_call_state *call;
1994         struct dcesrv_call_state *existing = NULL;
1995
1996         call = talloc_zero(dce_conn, struct dcesrv_call_state);
1997         if (!call) {
1998                 data_blob_free(&blob);
1999                 talloc_free(pkt);
2000                 return NT_STATUS_NO_MEMORY;
2001         }
2002         call->conn              = dce_conn;
2003         call->event_ctx         = dce_conn->event_ctx;
2004         call->msg_ctx           = dce_conn->msg_ctx;
2005         call->state_flags       = call->conn->state_flags;
2006         call->time              = timeval_current();
2007         call->list              = DCESRV_LIST_NONE;
2008
2009         talloc_steal(call, pkt);
2010         talloc_steal(call, blob.data);
2011         call->pkt = *pkt;
2012
2013         talloc_set_destructor(call, dcesrv_call_dequeue);
2014
2015         if (call->conn->allow_bind) {
2016                 /*
2017                  * Only one bind is possible per connection
2018                  */
2019                 call->conn->allow_bind = false;
2020                 return dcesrv_bind(call);
2021         }
2022
2023         /* we have to check the signing here, before combining the
2024            pdus */
2025         if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
2026                 if (!call->conn->allow_request) {
2027                         return dcesrv_fault_disconnect(call,
2028                                         DCERPC_NCA_S_PROTO_ERROR);
2029                 }
2030
2031                 status = dcerpc_verify_ncacn_packet_header(&call->pkt,
2032                                 DCERPC_PKT_REQUEST,
2033                                 call->pkt.u.request.stub_and_verifier.length,
2034                                 0, /* required_flags */
2035                                 DCERPC_PFC_FLAG_FIRST |
2036                                 DCERPC_PFC_FLAG_LAST |
2037                                 DCERPC_PFC_FLAG_PENDING_CANCEL |
2038                                 0x08 | /* this is not defined, but should be ignored */
2039                                 DCERPC_PFC_FLAG_CONC_MPX |
2040                                 DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
2041                                 DCERPC_PFC_FLAG_MAYBE |
2042                                 DCERPC_PFC_FLAG_OBJECT_UUID);
2043                 if (!NT_STATUS_IS_OK(status)) {
2044                         return dcesrv_fault_disconnect(call,
2045                                         DCERPC_NCA_S_PROTO_ERROR);
2046                 }
2047
2048                 if (call->pkt.frag_length > DCERPC_FRAG_MAX_SIZE) {
2049                         /*
2050                          * We don't use dcesrv_fault_disconnect()
2051                          * here, because we don't want to set
2052                          * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
2053                          *
2054                          * Note that we don't check against the negotiated
2055                          * max_recv_frag, but a hard coded value.
2056                          */
2057                         dcesrv_call_disconnect_after(call,
2058                                 "dcesrv_auth_request - frag_length too large");
2059                         return dcesrv_fault(call,
2060                                         DCERPC_NCA_S_PROTO_ERROR);
2061                 }
2062
2063                 if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
2064                         if (dce_conn->pending_call_list != NULL) {
2065                                 /*
2066                                  * concurrent requests are only allowed
2067                                  * if DCERPC_PFC_FLAG_CONC_MPX was negotiated.
2068                                  */
2069                                 if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
2070                                         dcesrv_call_disconnect_after(call,
2071                                                 "dcesrv_auth_request - "
2072                                                 "existing pending call without CONN_MPX");
2073                                         return dcesrv_fault(call,
2074                                                 DCERPC_NCA_S_PROTO_ERROR);
2075                                 }
2076                         }
2077                         /* only one request is possible in the fragmented list */
2078                         if (dce_conn->incoming_fragmented_call_list != NULL) {
2079                                 if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
2080                                         /*
2081                                          * Without DCERPC_PFC_FLAG_CONC_MPX
2082                                          * we need to return the FAULT on the
2083                                          * already existing call.
2084                                          *
2085                                          * This is important to get the
2086                                          * call_id and context_id right.
2087                                          */
2088                                         TALLOC_FREE(call);
2089                                         call = dce_conn->incoming_fragmented_call_list;
2090                                 }
2091                                 dcesrv_call_disconnect_after(call,
2092                                         "dcesrv_auth_request - "
2093                                         "existing fragmented call");
2094                                 return dcesrv_fault(call,
2095                                                 DCERPC_NCA_S_PROTO_ERROR);
2096                         }
2097                         if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
2098                                 return dcesrv_fault_disconnect(call,
2099                                                 DCERPC_FAULT_NO_CALL_ACTIVE);
2100                         }
2101                         call->context = dcesrv_find_context(call->conn,
2102                                                 call->pkt.u.request.context_id);
2103                         if (call->context == NULL) {
2104                                 return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
2105                                         DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
2106                         }
2107                 } else {
2108                         const struct dcerpc_request *nr = &call->pkt.u.request;
2109                         const struct dcerpc_request *er = NULL;
2110                         int cmp;
2111
2112                         existing = dcesrv_find_fragmented_call(dce_conn,
2113                                                         call->pkt.call_id);
2114                         if (existing == NULL) {
2115                                 dcesrv_call_disconnect_after(call,
2116                                         "dcesrv_auth_request - "
2117                                         "no existing fragmented call");
2118                                 return dcesrv_fault(call,
2119                                                 DCERPC_NCA_S_PROTO_ERROR);
2120                         }
2121                         er = &existing->pkt.u.request;
2122
2123                         if (call->pkt.ptype != existing->pkt.ptype) {
2124                                 /* trying to play silly buggers are we? */
2125                                 return dcesrv_fault_disconnect(existing,
2126                                                 DCERPC_NCA_S_PROTO_ERROR);
2127                         }
2128                         cmp = memcmp(call->pkt.drep, existing->pkt.drep,
2129                                      sizeof(pkt->drep));
2130                         if (cmp != 0) {
2131                                 return dcesrv_fault_disconnect(existing,
2132                                                 DCERPC_NCA_S_PROTO_ERROR);
2133                         }
2134                         if (nr->context_id != er->context_id)  {
2135                                 return dcesrv_fault_disconnect(existing,
2136                                                 DCERPC_NCA_S_PROTO_ERROR);
2137                         }
2138                         if (nr->opnum != er->opnum)  {
2139                                 return dcesrv_fault_disconnect(existing,
2140                                                 DCERPC_NCA_S_PROTO_ERROR);
2141                         }
2142                 }
2143         }
2144
2145         if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
2146                 bool ok;
2147                 uint8_t payload_offset = DCERPC_REQUEST_LENGTH;
2148
2149                 if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
2150                         payload_offset += 16;
2151                 }
2152
2153                 ok = dcesrv_auth_pkt_pull(call, &blob,
2154                                           0, /* required_flags */
2155                                           DCERPC_PFC_FLAG_FIRST |
2156                                           DCERPC_PFC_FLAG_LAST |
2157                                           DCERPC_PFC_FLAG_PENDING_CANCEL |
2158                                           0x08 | /* this is not defined, but should be ignored */
2159                                           DCERPC_PFC_FLAG_CONC_MPX |
2160                                           DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
2161                                           DCERPC_PFC_FLAG_MAYBE |
2162                                           DCERPC_PFC_FLAG_OBJECT_UUID,
2163                                           payload_offset,
2164                                           &call->pkt.u.request.stub_and_verifier);
2165                 if (!ok) {
2166                         /*
2167                          * We don't use dcesrv_fault_disconnect()
2168                          * here, because we don't want to set
2169                          * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
2170                          */
2171                         dcesrv_call_disconnect_after(call,
2172                                                 "dcesrv_auth_request - failed");
2173                         if (call->fault_code == 0) {
2174                                 call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
2175                         }
2176                         return dcesrv_fault(call, call->fault_code);
2177                 }
2178         }
2179
2180         /* see if this is a continued packet */
2181         if (existing != NULL) {
2182                 struct dcerpc_request *er = &existing->pkt.u.request;
2183                 const struct dcerpc_request *nr = &call->pkt.u.request;
2184                 size_t available;
2185                 size_t alloc_size;
2186                 size_t alloc_hint;
2187
2188                 /*
2189                  * Up to 4 MByte are allowed by all fragments
2190                  */
2191                 available = dce_conn->max_total_request_size;
2192                 if (er->stub_and_verifier.length > available) {
2193                         dcesrv_call_disconnect_after(existing,
2194                                 "dcesrv_auth_request - existing payload too large");
2195                         return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
2196                 }
2197                 available -= er->stub_and_verifier.length;
2198                 if (nr->alloc_hint > available) {
2199                         dcesrv_call_disconnect_after(existing,
2200                                 "dcesrv_auth_request - alloc hint too large");
2201                         return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
2202                 }
2203                 if (nr->stub_and_verifier.length > available) {
2204                         dcesrv_call_disconnect_after(existing,
2205                                 "dcesrv_auth_request - new payload too large");
2206                         return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
2207                 }
2208                 alloc_hint = er->stub_and_verifier.length + nr->alloc_hint;
2209                 /* allocate at least 1 byte */
2210                 alloc_hint = MAX(alloc_hint, 1);
2211                 alloc_size = er->stub_and_verifier.length +
2212                              nr->stub_and_verifier.length;
2213                 alloc_size = MAX(alloc_size, alloc_hint);
2214
2215                 er->stub_and_verifier.data =
2216                         talloc_realloc(existing,
2217                                        er->stub_and_verifier.data,
2218                                        uint8_t, alloc_size);
2219                 if (er->stub_and_verifier.data == NULL) {
2220                         TALLOC_FREE(call);
2221                         return dcesrv_fault_with_flags(existing,
2222                                                        DCERPC_FAULT_OUT_OF_RESOURCES,
2223                                                        DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
2224                 }
2225                 memcpy(er->stub_and_verifier.data +
2226                        er->stub_and_verifier.length,
2227                        nr->stub_and_verifier.data,
2228                        nr->stub_and_verifier.length);
2229                 er->stub_and_verifier.length += nr->stub_and_verifier.length;
2230
2231                 existing->pkt.pfc_flags |= (call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST);
2232
2233                 TALLOC_FREE(call);
2234                 call = existing;
2235         }
2236
2237         /* this may not be the last pdu in the chain - if its isn't then
2238            just put it on the incoming_fragmented_call_list and wait for the rest */
2239         if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
2240             !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
2241                 /*
2242                  * Up to 4 MByte are allowed by all fragments
2243                  */
2244                 if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) {
2245                         dcesrv_call_disconnect_after(call,
2246                                 "dcesrv_auth_request - initial alloc hint too large");
2247                         return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
2248                 }
2249                 dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST);
2250                 return NT_STATUS_OK;
2251         } 
2252         
2253         /* This removes any fragments we may have had stashed away */
2254         dcesrv_call_set_list(call, DCESRV_LIST_NONE);
2255
2256         switch (call->pkt.ptype) {
2257         case DCERPC_PKT_BIND:
2258                 status = dcesrv_bind_nak(call,
2259                         DCERPC_BIND_NAK_REASON_NOT_SPECIFIED);
2260                 break;
2261         case DCERPC_PKT_AUTH3:
2262                 status = dcesrv_auth3(call);
2263                 break;
2264         case DCERPC_PKT_ALTER:
2265                 status = dcesrv_alter(call);
2266                 break;
2267         case DCERPC_PKT_REQUEST:
2268                 status = dcesrv_request(call);
2269                 break;
2270         case DCERPC_PKT_CO_CANCEL:
2271         case DCERPC_PKT_ORPHANED:
2272                 /*
2273                  * Window just ignores CO_CANCEL and ORPHANED,
2274                  * so we do...
2275                  */
2276                 status = NT_STATUS_OK;
2277                 TALLOC_FREE(call);
2278                 break;
2279         case DCERPC_PKT_BIND_ACK:
2280         case DCERPC_PKT_BIND_NAK:
2281         case DCERPC_PKT_ALTER_RESP:
2282         case DCERPC_PKT_RESPONSE:
2283         case DCERPC_PKT_FAULT:
2284         case DCERPC_PKT_SHUTDOWN:
2285         default:
2286                 status = dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
2287                 break;
2288         }
2289
2290         /* if we are going to be sending a reply then add
2291            it to the list of pending calls. We add it to the end to keep the call
2292            list in the order we will answer */
2293         if (!NT_STATUS_IS_OK(status)) {
2294                 talloc_free(call);
2295         }
2296
2297         return status;
2298 }
2299
2300 _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, 
2301                                       struct loadparm_context *lp_ctx,
2302                                       const char **endpoint_servers, struct dcesrv_context **_dce_ctx)
2303 {
2304         NTSTATUS status;
2305         struct dcesrv_context *dce_ctx;
2306         int i;
2307
2308         if (!endpoint_servers) {
2309                 DEBUG(0,("dcesrv_init_context: no endpoint servers configured\n"));
2310                 return NT_STATUS_INTERNAL_ERROR;
2311         }
2312
2313         dce_ctx = talloc_zero(mem_ctx, struct dcesrv_context);
2314         NT_STATUS_HAVE_NO_MEMORY(dce_ctx);
2315
2316         if (uid_wrapper_enabled()) {
2317                 setenv("UID_WRAPPER_MYUID", "1", 1);
2318         }
2319         dce_ctx->initial_euid = geteuid();
2320         if (uid_wrapper_enabled()) {
2321                 unsetenv("UID_WRAPPER_MYUID");
2322         }
2323
2324         dce_ctx->endpoint_list  = NULL;
2325         dce_ctx->lp_ctx = lp_ctx;
2326         dce_ctx->assoc_groups_idr = idr_init(dce_ctx);
2327         NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr);
2328         dce_ctx->broken_connections = NULL;
2329
2330         for (i=0;endpoint_servers[i];i++) {
2331                 const struct dcesrv_endpoint_server *ep_server;
2332
2333                 ep_server = dcesrv_ep_server_byname(endpoint_servers[i]);
2334                 if (!ep_server) {
2335                         DEBUG(0,("dcesrv_init_context: failed to find endpoint server = '%s'\n", endpoint_servers[i]));
2336                         return NT_STATUS_INTERNAL_ERROR;
2337                 }
2338
2339                 status = ep_server->init_server(dce_ctx, ep_server);
2340                 if (!NT_STATUS_IS_OK(status)) {
2341                         DEBUG(0,("dcesrv_init_context: failed to init endpoint server = '%s': %s\n", endpoint_servers[i],
2342                                 nt_errstr(status)));
2343                         return status;
2344                 }
2345         }
2346
2347         *_dce_ctx = dce_ctx;
2348         return NT_STATUS_OK;
2349 }
2350
2351 /* the list of currently registered DCERPC endpoint servers.
2352  */
2353 static struct ep_server {
2354         struct dcesrv_endpoint_server *ep_server;
2355 } *ep_servers = NULL;
2356 static int num_ep_servers;
2357
2358 /*
2359   register a DCERPC endpoint server. 
2360
2361   The 'name' can be later used by other backends to find the operations
2362   structure for this backend.  
2363
2364 */
2365 _PUBLIC_ NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server)
2366 {
2367         
2368         if (dcesrv_ep_server_byname(ep_server->name) != NULL) {
2369                 /* its already registered! */
2370                 DEBUG(0,("DCERPC endpoint server '%s' already registered\n", 
2371                          ep_server->name));
2372                 return NT_STATUS_OBJECT_NAME_COLLISION;
2373         }
2374
2375         ep_servers = realloc_p(ep_servers, struct ep_server, num_ep_servers+1);
2376         if (!ep_servers) {
2377                 smb_panic("out of memory in dcerpc_register");
2378         }
2379
2380         ep_servers[num_ep_servers].ep_server = smb_xmemdup(ep_server, sizeof(*ep_server));
2381         ep_servers[num_ep_servers].ep_server->name = smb_xstrdup(ep_server->name);
2382
2383         num_ep_servers++;
2384
2385         DEBUG(3,("DCERPC endpoint server '%s' registered\n", 
2386                  ep_server->name));
2387
2388         return NT_STATUS_OK;
2389 }
2390
2391 /*
2392   return the operations structure for a named backend of the specified type
2393 */
2394 const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name)
2395 {
2396         int i;
2397
2398         for (i=0;i<num_ep_servers;i++) {
2399                 if (strcmp(ep_servers[i].ep_server->name, name) == 0) {
2400                         return ep_servers[i].ep_server;
2401                 }
2402         }
2403
2404         return NULL;
2405 }
2406
2407 void dcerpc_server_init(struct loadparm_context *lp_ctx)
2408 {
2409         static bool initialized;
2410 #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
2411         STATIC_dcerpc_server_MODULES_PROTO;
2412         init_module_fn static_init[] = { STATIC_dcerpc_server_MODULES };
2413         init_module_fn *shared_init;
2414
2415         if (initialized) {
2416                 return;
2417         }
2418         initialized = true;
2419
2420         shared_init = load_samba_modules(NULL, "dcerpc_server");
2421
2422         run_init_functions(NULL, static_init);
2423         run_init_functions(NULL, shared_init);
2424
2425         talloc_free(shared_init);
2426 }
2427
2428 /*
2429   return the DCERPC module version, and the size of some critical types
2430   This can be used by endpoint server modules to either detect compilation errors, or provide
2431   multiple implementations for different smbd compilation options in one module
2432 */
2433 const struct dcesrv_critical_sizes *dcerpc_module_version(void)
2434 {
2435         static const struct dcesrv_critical_sizes critical_sizes = {
2436                 DCERPC_MODULE_VERSION,
2437                 sizeof(struct dcesrv_context),
2438                 sizeof(struct dcesrv_endpoint),
2439                 sizeof(struct dcesrv_endpoint_server),
2440                 sizeof(struct dcesrv_interface),
2441                 sizeof(struct dcesrv_if_list),
2442                 sizeof(struct dcesrv_connection),
2443                 sizeof(struct dcesrv_call_state),
2444                 sizeof(struct dcesrv_auth),
2445                 sizeof(struct dcesrv_handle)
2446         };
2447
2448         return &critical_sizes;
2449 }
2450
2451 static void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, const char *reason)
2452 {
2453         struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
2454         struct stream_connection *srv_conn;
2455         srv_conn = talloc_get_type(dce_conn->transport.private_data,
2456                                    struct stream_connection);
2457
2458         dce_conn->wait_send = NULL;
2459         dce_conn->wait_recv = NULL;
2460         dce_conn->wait_private = NULL;
2461
2462         dce_conn->allow_bind = false;
2463         dce_conn->allow_auth3 = false;
2464         dce_conn->allow_alter = false;
2465         dce_conn->allow_request = false;
2466
2467         if (dce_conn->pending_call_list == NULL) {
2468                 char *full_reason = talloc_asprintf(dce_conn, "dcesrv: %s", reason);
2469
2470                 DLIST_REMOVE(dce_ctx->broken_connections, dce_conn);
2471                 stream_terminate_connection(srv_conn, full_reason ? full_reason : reason);
2472                 return;
2473         }
2474
2475         if (dce_conn->terminate != NULL) {
2476                 return;
2477         }
2478
2479         DEBUG(3,("dcesrv: terminating connection due to '%s' deferred due to pending calls\n",
2480                  reason));
2481         dce_conn->terminate = talloc_strdup(dce_conn, reason);
2482         if (dce_conn->terminate == NULL) {
2483                 dce_conn->terminate = "dcesrv: deferred terminating connection - no memory";
2484         }
2485         DLIST_ADD_END(dce_ctx->broken_connections, dce_conn);
2486 }
2487
2488 static void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx)
2489 {
2490         struct dcesrv_connection *cur, *next;
2491
2492         next = dce_ctx->broken_connections;
2493         while (next != NULL) {
2494                 cur = next;
2495                 next = cur->next;
2496
2497                 if (cur->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
2498                         struct dcesrv_connection_context *context_cur, *context_next;
2499
2500                         context_next = cur->contexts;
2501                         while (context_next != NULL) {
2502                                 context_cur = context_next;
2503                                 context_next = context_cur->next;
2504
2505                                 dcesrv_connection_context_destructor(context_cur);
2506                         }
2507                 }
2508
2509                 dcesrv_terminate_connection(cur, cur->terminate);
2510         }
2511 }
2512
2513 /* We need this include to be able to compile on some plateforms
2514  * (ie. freebsd 7.2) as it seems that <sys/uio.h> is not included
2515  * correctly.
2516  * It has to be that deep because otherwise we have a conflict on
2517  * const struct dcesrv_interface declaration.
2518  * This is mostly due to socket_wrapper defining #define bind swrap_bind
2519  * which conflict with the bind used before.
2520  */
2521 #include "system/network.h"
2522
2523 struct dcesrv_sock_reply_state {
2524         struct dcesrv_connection *dce_conn;
2525         struct dcesrv_call_state *call;
2526         struct iovec iov;
2527 };
2528
2529 static void dcesrv_sock_reply_done(struct tevent_req *subreq);
2530 static void dcesrv_call_terminate_step1(struct tevent_req *subreq);
2531
2532 static void dcesrv_sock_report_output_data(struct dcesrv_connection *dce_conn)
2533 {
2534         struct dcesrv_call_state *call;
2535
2536         call = dce_conn->call_list;
2537         if (!call || !call->replies) {
2538                 return;
2539         }
2540
2541         while (call->replies) {
2542                 struct data_blob_list_item *rep = call->replies;
2543                 struct dcesrv_sock_reply_state *substate;
2544                 struct tevent_req *subreq;
2545
2546                 substate = talloc_zero(call, struct dcesrv_sock_reply_state);
2547                 if (!substate) {
2548                         dcesrv_terminate_connection(dce_conn, "no memory");
2549                         return;
2550                 }
2551
2552                 substate->dce_conn = dce_conn;
2553                 substate->call = NULL;
2554
2555                 DLIST_REMOVE(call->replies, rep);
2556
2557                 if (call->replies == NULL && call->terminate_reason == NULL) {
2558                         substate->call = call;
2559                 }
2560
2561                 substate->iov.iov_base = (void *) rep->blob.data;
2562                 substate->iov.iov_len = rep->blob.length;
2563
2564                 subreq = tstream_writev_queue_send(substate,
2565                                                    dce_conn->event_ctx,
2566                                                    dce_conn->stream,
2567                                                    dce_conn->send_queue,
2568                                                    &substate->iov, 1);
2569                 if (!subreq) {
2570                         dcesrv_terminate_connection(dce_conn, "no memory");
2571                         return;
2572                 }
2573                 tevent_req_set_callback(subreq, dcesrv_sock_reply_done,
2574                                         substate);
2575         }
2576
2577         if (call->terminate_reason != NULL) {
2578                 struct tevent_req *subreq;
2579
2580                 subreq = tevent_queue_wait_send(call,
2581                                                 dce_conn->event_ctx,
2582                                                 dce_conn->send_queue);
2583                 if (!subreq) {
2584                         dcesrv_terminate_connection(dce_conn, __location__);
2585                         return;
2586                 }
2587                 tevent_req_set_callback(subreq, dcesrv_call_terminate_step1,
2588                                         call);
2589         }
2590
2591         DLIST_REMOVE(call->conn->call_list, call);
2592         call->list = DCESRV_LIST_NONE;
2593 }
2594
2595 static void dcesrv_sock_reply_done(struct tevent_req *subreq)
2596 {
2597         struct dcesrv_sock_reply_state *substate = tevent_req_callback_data(subreq,
2598                                                 struct dcesrv_sock_reply_state);
2599         int ret;
2600         int sys_errno;
2601         NTSTATUS status;
2602         struct dcesrv_call_state *call = substate->call;
2603
2604         ret = tstream_writev_queue_recv(subreq, &sys_errno);
2605         TALLOC_FREE(subreq);
2606         if (ret == -1) {
2607                 status = map_nt_error_from_unix_common(sys_errno);
2608                 dcesrv_terminate_connection(substate->dce_conn, nt_errstr(status));
2609                 return;
2610         }
2611
2612         talloc_free(substate);
2613         if (call) {
2614                 talloc_free(call);
2615         }
2616 }
2617
2618 static void dcesrv_call_terminate_step2(struct tevent_req *subreq);
2619
2620 static void dcesrv_call_terminate_step1(struct tevent_req *subreq)
2621 {
2622         struct dcesrv_call_state *call = tevent_req_callback_data(subreq,
2623                                                 struct dcesrv_call_state);
2624         bool ok;
2625         struct timeval tv;
2626
2627         /* make sure we stop send queue before removing subreq */
2628         tevent_queue_stop(call->conn->send_queue);
2629
2630         ok = tevent_queue_wait_recv(subreq);
2631         TALLOC_FREE(subreq);
2632         if (!ok) {
2633                 dcesrv_terminate_connection(call->conn, __location__);
2634                 return;
2635         }
2636
2637         /* disconnect after 200 usecs */
2638         tv = timeval_current_ofs_usec(200);
2639         subreq = tevent_wakeup_send(call, call->conn->event_ctx, tv);
2640         if (subreq == NULL) {
2641                 dcesrv_terminate_connection(call->conn, __location__);
2642                 return;
2643         }
2644         tevent_req_set_callback(subreq, dcesrv_call_terminate_step2,
2645                                 call);
2646 }
2647
2648 static void dcesrv_call_terminate_step2(struct tevent_req *subreq)
2649 {
2650         struct dcesrv_call_state *call = tevent_req_callback_data(subreq,
2651                                                 struct dcesrv_call_state);
2652         bool ok;
2653
2654         ok = tevent_wakeup_recv(subreq);
2655         TALLOC_FREE(subreq);
2656         if (!ok) {
2657                 dcesrv_terminate_connection(call->conn, __location__);
2658                 return;
2659         }
2660
2661         dcesrv_terminate_connection(call->conn, call->terminate_reason);
2662 }
2663
2664 struct dcesrv_socket_context {
2665         const struct dcesrv_endpoint *endpoint;
2666         struct dcesrv_context *dcesrv_ctx;
2667 };
2668
2669
2670 static void dcesrv_read_fragment_done(struct tevent_req *subreq);
2671
2672 static void dcesrv_sock_accept(struct stream_connection *srv_conn)
2673 {
2674         NTSTATUS status;
2675         struct dcesrv_socket_context *dcesrv_sock = 
2676                 talloc_get_type(srv_conn->private_data, struct dcesrv_socket_context);
2677         enum dcerpc_transport_t transport =
2678                 dcerpc_binding_get_transport(dcesrv_sock->endpoint->ep_description);
2679         struct dcesrv_connection *dcesrv_conn = NULL;
2680         int ret;
2681         struct tevent_req *subreq;
2682         struct loadparm_context *lp_ctx = dcesrv_sock->dcesrv_ctx->lp_ctx;
2683
2684         dcesrv_cleanup_broken_connections(dcesrv_sock->dcesrv_ctx);
2685
2686         if (!srv_conn->session_info) {
2687                 status = auth_anonymous_session_info(srv_conn,
2688                                                      lp_ctx,
2689                                                      &srv_conn->session_info);
2690                 if (!NT_STATUS_IS_OK(status)) {
2691                         DEBUG(0,("dcesrv_sock_accept: auth_anonymous_session_info failed: %s\n",
2692                                 nt_errstr(status)));
2693                         stream_terminate_connection(srv_conn, nt_errstr(status));
2694                         return;
2695                 }
2696         }
2697
2698         /*
2699          * This fills in dcesrv_conn->endpoint with the endpoint
2700          * associated with the socket.  From this point on we know
2701          * which (group of) services we are handling, but not the
2702          * specific interface.
2703          */
2704
2705         status = dcesrv_endpoint_connect(dcesrv_sock->dcesrv_ctx,
2706                                          srv_conn,
2707                                          dcesrv_sock->endpoint,
2708                                          srv_conn->session_info,
2709                                          srv_conn->event.ctx,
2710                                          srv_conn->msg_ctx,
2711                                          srv_conn->server_id,
2712                                          DCESRV_CALL_STATE_FLAG_MAY_ASYNC,
2713                                          &dcesrv_conn);
2714         if (!NT_STATUS_IS_OK(status)) {
2715                 DEBUG(0,("dcesrv_sock_accept: dcesrv_endpoint_connect failed: %s\n", 
2716                         nt_errstr(status)));
2717                 stream_terminate_connection(srv_conn, nt_errstr(status));
2718                 return;
2719         }
2720
2721         dcesrv_conn->transport.private_data             = srv_conn;
2722         dcesrv_conn->transport.report_output_data       = dcesrv_sock_report_output_data;
2723
2724         TALLOC_FREE(srv_conn->event.fde);
2725
2726         dcesrv_conn->send_queue = tevent_queue_create(dcesrv_conn, "dcesrv send queue");
2727         if (!dcesrv_conn->send_queue) {
2728                 status = NT_STATUS_NO_MEMORY;
2729                 DEBUG(0,("dcesrv_sock_accept: tevent_queue_create(%s)\n",
2730                         nt_errstr(status)));
2731                 stream_terminate_connection(srv_conn, nt_errstr(status));
2732                 return;
2733         }
2734
2735         if (transport == NCACN_NP) {
2736                 dcesrv_conn->stream = talloc_move(dcesrv_conn,
2737                                                   &srv_conn->tstream);
2738         } else {
2739                 ret = tstream_bsd_existing_socket(dcesrv_conn,
2740                                                   socket_get_fd(srv_conn->socket),
2741                                                   &dcesrv_conn->stream);
2742                 if (ret == -1) {
2743                         status = map_nt_error_from_unix_common(errno);
2744                         DEBUG(0, ("dcesrv_sock_accept: "
2745                                   "failed to setup tstream: %s\n",
2746                                   nt_errstr(status)));
2747                         stream_terminate_connection(srv_conn, nt_errstr(status));
2748                         return;
2749                 }
2750                 socket_set_flags(srv_conn->socket, SOCKET_FLAG_NOCLOSE);
2751         }
2752
2753         dcesrv_conn->local_address = srv_conn->local_address;
2754         dcesrv_conn->remote_address = srv_conn->remote_address;
2755
2756         if (transport == NCALRPC) {
2757                 uid_t uid;
2758                 gid_t gid;
2759                 int sock_fd;
2760
2761                 sock_fd = socket_get_fd(srv_conn->socket);
2762                 if (sock_fd == -1) {
2763                         stream_terminate_connection(
2764                                 srv_conn, "socket_get_fd failed\n");
2765                         return;
2766                 }
2767
2768                 ret = getpeereid(sock_fd, &uid, &gid);
2769                 if (ret == -1) {
2770                         status = map_nt_error_from_unix_common(errno);
2771                         DEBUG(0, ("dcesrv_sock_accept: "
2772                                   "getpeereid() failed for NCALRPC: %s\n",
2773                                   nt_errstr(status)));
2774                         stream_terminate_connection(srv_conn, nt_errstr(status));
2775                         return;
2776                 }
2777                 if (uid == dcesrv_conn->dce_ctx->initial_euid) {
2778                         struct tsocket_address *r = NULL;
2779
2780                         ret = tsocket_address_unix_from_path(dcesrv_conn,
2781                                                              AS_SYSTEM_MAGIC_PATH_TOKEN,
2782                                                              &r);
2783                         if (ret == -1) {
2784                                 status = map_nt_error_from_unix_common(errno);
2785                                 DEBUG(0, ("dcesrv_sock_accept: "
2786                                           "tsocket_address_unix_from_path() failed for NCALRPC: %s\n",
2787                                           nt_errstr(status)));
2788                                 stream_terminate_connection(srv_conn, nt_errstr(status));
2789                                 return;
2790                         }
2791                         dcesrv_conn->remote_address = r;
2792                 }
2793         }
2794
2795         srv_conn->private_data = dcesrv_conn;
2796
2797         subreq = dcerpc_read_ncacn_packet_send(dcesrv_conn,
2798                                                dcesrv_conn->event_ctx,
2799                                                dcesrv_conn->stream);
2800         if (!subreq) {
2801                 status = NT_STATUS_NO_MEMORY;
2802                 DEBUG(0,("dcesrv_sock_accept: dcerpc_read_fragment_buffer_send(%s)\n",
2803                         nt_errstr(status)));
2804                 stream_terminate_connection(srv_conn, nt_errstr(status));
2805                 return;
2806         }
2807         tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dcesrv_conn);
2808
2809         return;
2810 }
2811
2812 static void dcesrv_conn_wait_done(struct tevent_req *subreq);
2813
2814 static void dcesrv_read_fragment_done(struct tevent_req *subreq)
2815 {
2816         struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq,
2817                                              struct dcesrv_connection);
2818         struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
2819         struct ncacn_packet *pkt;
2820         DATA_BLOB buffer;
2821         NTSTATUS status;
2822
2823         if (dce_conn->terminate) {
2824                 /*
2825                  * if the current connection is broken
2826                  * we need to clean it up before any other connection
2827                  */
2828                 dcesrv_terminate_connection(dce_conn, dce_conn->terminate);
2829                 dcesrv_cleanup_broken_connections(dce_ctx);
2830                 return;
2831         }
2832
2833         dcesrv_cleanup_broken_connections(dce_ctx);
2834
2835         status = dcerpc_read_ncacn_packet_recv(subreq, dce_conn,
2836                                                &pkt, &buffer);
2837         TALLOC_FREE(subreq);
2838         if (!NT_STATUS_IS_OK(status)) {
2839                 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2840                 return;
2841         }
2842
2843         status = dcesrv_process_ncacn_packet(dce_conn, pkt, buffer);
2844         if (!NT_STATUS_IS_OK(status)) {
2845                 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2846                 return;
2847         }
2848
2849         /*
2850          * This is used to block the connection during
2851          * pending authentication.
2852          */
2853         if (dce_conn->wait_send != NULL) {
2854                 subreq = dce_conn->wait_send(dce_conn,
2855                                              dce_conn->event_ctx,
2856                                              dce_conn->wait_private);
2857                 if (!subreq) {
2858                         status = NT_STATUS_NO_MEMORY;
2859                         dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2860                         return;
2861                 }
2862                 tevent_req_set_callback(subreq, dcesrv_conn_wait_done, dce_conn);
2863                 return;
2864         }
2865
2866         subreq = dcerpc_read_ncacn_packet_send(dce_conn,
2867                                                dce_conn->event_ctx,
2868                                                dce_conn->stream);
2869         if (!subreq) {
2870                 status = NT_STATUS_NO_MEMORY;
2871                 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2872                 return;
2873         }
2874         tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dce_conn);
2875 }
2876
2877 static void dcesrv_conn_wait_done(struct tevent_req *subreq)
2878 {
2879         struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq,
2880                                              struct dcesrv_connection);
2881         struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
2882         NTSTATUS status;
2883
2884         if (dce_conn->terminate) {
2885                 /*
2886                  * if the current connection is broken
2887                  * we need to clean it up before any other connection
2888                  */
2889                 dcesrv_terminate_connection(dce_conn, dce_conn->terminate);
2890                 dcesrv_cleanup_broken_connections(dce_ctx);
2891                 return;
2892         }
2893
2894         dcesrv_cleanup_broken_connections(dce_ctx);
2895
2896         status = dce_conn->wait_recv(subreq);
2897         dce_conn->wait_send = NULL;
2898         dce_conn->wait_recv = NULL;
2899         dce_conn->wait_private = NULL;
2900         TALLOC_FREE(subreq);
2901         if (!NT_STATUS_IS_OK(status)) {
2902                 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2903                 return;
2904         }
2905
2906         subreq = dcerpc_read_ncacn_packet_send(dce_conn,
2907                                                dce_conn->event_ctx,
2908                                                dce_conn->stream);
2909         if (!subreq) {
2910                 status = NT_STATUS_NO_MEMORY;
2911                 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2912                 return;
2913         }
2914         tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dce_conn);
2915 }
2916
2917 static void dcesrv_sock_recv(struct stream_connection *conn, uint16_t flags)
2918 {
2919         struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data,
2920                                              struct dcesrv_connection);
2921         dcesrv_terminate_connection(dce_conn, "dcesrv_sock_recv triggered");
2922 }
2923
2924 static void dcesrv_sock_send(struct stream_connection *conn, uint16_t flags)
2925 {
2926         struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data,
2927                                              struct dcesrv_connection);
2928         dcesrv_terminate_connection(dce_conn, "dcesrv_sock_send triggered");
2929 }
2930
2931
2932 static const struct stream_server_ops dcesrv_stream_ops = {
2933         .name                   = "rpc",
2934         .accept_connection      = dcesrv_sock_accept,
2935         .recv_handler           = dcesrv_sock_recv,
2936         .send_handler           = dcesrv_sock_send,
2937 };
2938
2939 static NTSTATUS dcesrv_add_ep_unix(struct dcesrv_context *dce_ctx, 
2940                                    struct loadparm_context *lp_ctx,
2941                                    struct dcesrv_endpoint *e,
2942                                    struct tevent_context *event_ctx,
2943                                    const struct model_ops *model_ops,
2944                                    void *process_context)
2945 {
2946         struct dcesrv_socket_context *dcesrv_sock;
2947         uint16_t port = 1;
2948         NTSTATUS status;
2949         const char *endpoint;
2950
2951         dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
2952         NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
2953
2954         /* remember the endpoint of this socket */
2955         dcesrv_sock->endpoint           = e;
2956         dcesrv_sock->dcesrv_ctx         = talloc_reference(dcesrv_sock, dce_ctx);
2957
2958         endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
2959
2960         status = stream_setup_socket(dcesrv_sock, event_ctx, lp_ctx,
2961                                      model_ops, &dcesrv_stream_ops, 
2962                                      "unix", endpoint, &port,
2963                                      lpcfg_socket_options(lp_ctx),
2964                                      dcesrv_sock, process_context);
2965         if (!NT_STATUS_IS_OK(status)) {
2966                 DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n",
2967                          endpoint, nt_errstr(status)));
2968         }
2969
2970         return status;
2971 }
2972
2973 static NTSTATUS dcesrv_add_ep_ncalrpc(struct dcesrv_context *dce_ctx, 
2974                                       struct loadparm_context *lp_ctx,
2975                                       struct dcesrv_endpoint *e,
2976                                       struct tevent_context *event_ctx,
2977                                       const struct model_ops *model_ops,
2978                                       void *process_context)
2979 {
2980         struct dcesrv_socket_context *dcesrv_sock;
2981         uint16_t port = 1;
2982         char *full_path;
2983         NTSTATUS status;
2984         const char *endpoint;
2985
2986         endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
2987
2988         if (endpoint == NULL) {
2989                 /*
2990                  * No identifier specified: use DEFAULT.
2991                  *
2992                  * TODO: DO NOT hardcode this value anywhere else. Rather, specify
2993                  * no endpoint and let the epmapper worry about it.
2994                  */
2995                 endpoint = "DEFAULT";
2996                 status = dcerpc_binding_set_string_option(e->ep_description,
2997                                                           "endpoint",
2998                                                           endpoint);
2999                 if (!NT_STATUS_IS_OK(status)) {
3000                         DEBUG(0,("dcerpc_binding_set_string_option() failed - %s\n",
3001                                   nt_errstr(status)));
3002                         return status;
3003                 }
3004         }
3005
3006         full_path = talloc_asprintf(dce_ctx, "%s/%s", lpcfg_ncalrpc_dir(lp_ctx),
3007                                     endpoint);
3008
3009         dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
3010         NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
3011
3012         /* remember the endpoint of this socket */
3013         dcesrv_sock->endpoint           = e;
3014         dcesrv_sock->dcesrv_ctx         = talloc_reference(dcesrv_sock, dce_ctx);
3015
3016         status = stream_setup_socket(dcesrv_sock, event_ctx, lp_ctx,
3017                                      model_ops, &dcesrv_stream_ops, 
3018                                      "unix", full_path, &port, 
3019                                      lpcfg_socket_options(lp_ctx),
3020                                      dcesrv_sock, process_context);
3021         if (!NT_STATUS_IS_OK(status)) {
3022                 DEBUG(0,("service_setup_stream_socket(identifier=%s,path=%s) failed - %s\n",
3023                          endpoint, full_path, nt_errstr(status)));
3024         }
3025         return status;
3026 }
3027
3028 static NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx,
3029                                  struct loadparm_context *lp_ctx,
3030                                  struct dcesrv_endpoint *e,
3031                                  struct tevent_context *event_ctx,
3032                                  const struct model_ops *model_ops,
3033                                  void *process_context)
3034 {
3035         struct dcesrv_socket_context *dcesrv_sock;
3036         NTSTATUS status;
3037         const char *endpoint;
3038
3039         endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
3040         if (endpoint == NULL) {
3041                 DEBUG(0, ("Endpoint mandatory for named pipes\n"));
3042                 return NT_STATUS_INVALID_PARAMETER;
3043         }
3044
3045         dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
3046         NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
3047
3048         /* remember the endpoint of this socket */
3049         dcesrv_sock->endpoint           = e;
3050         dcesrv_sock->dcesrv_ctx         = talloc_reference(dcesrv_sock, dce_ctx);
3051
3052         status = tstream_setup_named_pipe(dce_ctx, event_ctx, lp_ctx,
3053                                           model_ops, &dcesrv_stream_ops,
3054                                           endpoint,
3055                                           dcesrv_sock, process_context);
3056         if (!NT_STATUS_IS_OK(status)) {
3057                 DEBUG(0,("stream_setup_named_pipe(pipe=%s) failed - %s\n",
3058                          endpoint, nt_errstr(status)));
3059                 return status;
3060         }
3061
3062         return NT_STATUS_OK;
3063 }
3064
3065 /*
3066   add a socket address to the list of events, one event per dcerpc endpoint
3067 */
3068 static NTSTATUS add_socket_rpc_tcp_iface(struct dcesrv_context *dce_ctx,
3069                                          struct dcesrv_endpoint *e,
3070                                          struct tevent_context *event_ctx,
3071                                          const struct model_ops *model_ops,
3072                                          const char *address,
3073                                          void *process_context)
3074 {
3075         struct dcesrv_socket_context *dcesrv_sock;
3076         uint16_t port = 0;
3077         NTSTATUS status;
3078         const char *endpoint;
3079         char port_str[6];
3080
3081         endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
3082         if (endpoint != NULL) {
3083                 port = atoi(endpoint);
3084         }
3085
3086         dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
3087         NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
3088
3089         /* remember the endpoint of this socket */
3090         dcesrv_sock->endpoint           = e;
3091         dcesrv_sock->dcesrv_ctx         = talloc_reference(dcesrv_sock, dce_ctx);
3092
3093         status = stream_setup_socket(dcesrv_sock, event_ctx, dce_ctx->lp_ctx,
3094                                      model_ops, &dcesrv_stream_ops, 
3095                                      "ip", address, &port,
3096                                      lpcfg_socket_options(dce_ctx->lp_ctx),
3097                                      dcesrv_sock, process_context);
3098         if (!NT_STATUS_IS_OK(status)) {
3099                 struct dcesrv_if_list *iface;
3100                 DEBUG(0,("service_setup_stream_socket(address=%s,port=%u) for ",
3101                          address, port));
3102                 for (iface = e->interface_list; iface; iface = iface->next) {
3103                         DEBUGADD(0, ("%s ", iface->iface.name));
3104                 }
3105                 DEBUGADD(0, ("failed - %s",
3106                              nt_errstr(status)));
3107                 return status;
3108         }
3109
3110         snprintf(port_str, sizeof(port_str), "%u", port);
3111
3112         status = dcerpc_binding_set_string_option(e->ep_description,
3113                                                   "endpoint", port_str);
3114         if (!NT_STATUS_IS_OK(status)) {
3115                 DEBUG(0,("dcerpc_binding_set_string_option(endpoint, %s) failed - %s\n",
3116                          port_str, nt_errstr(status)));
3117                 return status;
3118         } else {
3119                 struct dcesrv_if_list *iface;
3120                 DEBUG(4,("Successfully listening on ncacn_ip_tcp endpoint [%s]:[%s] for ",
3121                          address, port_str));
3122                 for (iface = e->interface_list; iface; iface = iface->next) {
3123                         DEBUGADD(4, ("%s ", iface->iface.name));
3124                 }
3125                 DEBUGADD(4, ("\n"));
3126         }
3127
3128         return NT_STATUS_OK;
3129 }
3130
3131 #include "lib/socket/netif.h" /* Included here to work around the fact that socket_wrapper redefines bind() */
3132
3133 static NTSTATUS dcesrv_add_ep_tcp(struct dcesrv_context *dce_ctx, 
3134                                   struct loadparm_context *lp_ctx,
3135                                   struct dcesrv_endpoint *e,
3136                                   struct tevent_context *event_ctx,
3137                                   const struct model_ops *model_ops,
3138                                   void *process_context)
3139 {
3140         NTSTATUS status;
3141
3142         /* Add TCP/IP sockets */
3143         if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) {
3144                 int num_interfaces;
3145                 int i;
3146                 struct interface *ifaces;
3147
3148                 load_interface_list(dce_ctx, lp_ctx, &ifaces);
3149
3150                 num_interfaces = iface_list_count(ifaces);
3151                 for(i = 0; i < num_interfaces; i++) {
3152                         const char *address = iface_list_n_ip(ifaces, i);
3153                         status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
3154                                                           model_ops, address,
3155                                                           process_context);
3156                         NT_STATUS_NOT_OK_RETURN(status);
3157                 }
3158         } else {
3159                 char **wcard;
3160                 size_t i;
3161                 size_t num_binds = 0;
3162                 wcard = iface_list_wildcard(dce_ctx);
3163                 NT_STATUS_HAVE_NO_MEMORY(wcard);
3164                 for (i=0; wcard[i]; i++) {
3165                         status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
3166                                                           model_ops, wcard[i],
3167                                                           process_context);
3168                         if (NT_STATUS_IS_OK(status)) {
3169                                 num_binds++;
3170                         }
3171                 }