#include "lib/util/samba_modules.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
-/* this is only used when the client asks for an unknown interface */
-#define DUMMY_ASSOC_GROUP 0x0FFFFFFF
-
extern const struct dcesrv_interface dcesrv_mgmt_interface;
+static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
+ const struct dcerpc_bind *b,
+ struct dcerpc_ack_ctx *ack_ctx_list);
/*
find an association group given a assoc_group_id
assoc_group = dcesrv_assoc_group_find(dce_ctx, id);
if (assoc_group == NULL) {
- DEBUG(0,(__location__ ": Failed to find assoc_group 0x%08x\n", id));
+ DEBUG(2,(__location__ ": Failed to find assoc_group 0x%08x\n", id));
return NULL;
}
return talloc_reference(mem_ctx, assoc_group);
find a registered context_id from a bind or alter_context
*/
static struct dcesrv_connection_context *dcesrv_find_context(struct dcesrv_connection *conn,
- uint32_t context_id)
+ uint16_t context_id)
{
struct dcesrv_connection_context *c;
for (c=conn->contexts;c;c=c->next) {
p->allow_bind = true;
p->max_recv_frag = 5840;
p->max_xmit_frag = 5840;
+ p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
+
+ /*
+ * For now we only support NDR32.
+ */
+ p->preferred_transfer = &ndr_transfer_syntax_ndr;
*_p = p;
return NT_STATUS_OK;
return NT_STATUS_INTERNAL_ERROR;
}
- dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
+ /*
+ * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4)
+ * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5).
+ */
+ dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET;
return NT_STATUS_OK;
}
*/
static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
{
- uint32_t if_version, transfer_syntax_version;
- struct GUID uuid, *transfer_syntax_uuid;
struct ncacn_packet pkt;
struct data_blob_list_item *rep;
NTSTATUS status;
- uint32_t result=0, reason=0;
- uint32_t context_id;
- const struct dcesrv_interface *iface;
uint32_t extra_flags = 0;
uint16_t max_req = 0;
uint16_t max_rep = 0;
const char *ep_prefix = "";
const char *endpoint = NULL;
+ struct dcerpc_ack_ctx *ack_ctx_list = NULL;
+ struct dcerpc_ack_ctx *ack_features = NULL;
+ size_t i;
status = dcerpc_verify_ncacn_packet_header(&call->pkt,
DCERPC_PKT_BIND,
/*
if provided, check the assoc_group is valid
*/
- if (call->pkt.u.bind.assoc_group_id != 0 &&
- lpcfg_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","assoc group checking", true) &&
- dcesrv_assoc_group_find(call->conn->dce_ctx, call->pkt.u.bind.assoc_group_id) == NULL) {
- return dcesrv_bind_nak(call, 0);
+ if (call->pkt.u.bind.assoc_group_id != 0) {
+ call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn,
+ call->conn->dce_ctx,
+ call->pkt.u.bind.assoc_group_id);
+ } else {
+ call->conn->assoc_group = dcesrv_assoc_group_new(call->conn,
+ call->conn->dce_ctx);
}
-
- if (call->pkt.u.bind.num_contexts < 1 ||
- call->pkt.u.bind.ctx_list[0].num_transfer_syntaxes < 1) {
+ if (call->conn->assoc_group == NULL) {
return dcesrv_bind_nak(call, 0);
}
- context_id = call->pkt.u.bind.ctx_list[0].context_id;
- if_version = call->pkt.u.bind.ctx_list[0].abstract_syntax.if_version;
- uuid = call->pkt.u.bind.ctx_list[0].abstract_syntax.uuid;
-
- transfer_syntax_version = call->pkt.u.bind.ctx_list[0].transfer_syntaxes[0].if_version;
- transfer_syntax_uuid = &call->pkt.u.bind.ctx_list[0].transfer_syntaxes[0].uuid;
- if (!GUID_equal(&ndr_transfer_syntax_ndr.uuid, transfer_syntax_uuid) != 0 ||
- ndr_transfer_syntax_ndr.if_version != transfer_syntax_version) {
- char *uuid_str = GUID_string(call, transfer_syntax_uuid);
- /* we only do NDR encoded dcerpc */
- DEBUG(0,("Non NDR transfer syntax requested - %s\n", uuid_str));
- talloc_free(uuid_str);
+ if (call->pkt.u.bind.num_contexts < 1) {
return dcesrv_bind_nak(call, 0);
}
- iface = find_interface_by_uuid(call->conn->endpoint, &uuid, if_version);
- if (iface == NULL) {
- char *uuid_str = GUID_string(call, &uuid);
- DEBUG(2,("Request for unknown dcerpc interface %s/%d\n", uuid_str, if_version));
- talloc_free(uuid_str);
-
- /* we don't know about that interface */
- result = DCERPC_BIND_PROVIDER_REJECT;
- reason = DCERPC_BIND_REASON_ASYNTAX;
+ ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx,
+ call->pkt.u.bind.num_contexts);
+ if (ack_ctx_list == NULL) {
+ return dcesrv_bind_nak(call, 0);
}
- if (iface) {
- /* add this context to the list of available context_ids */
- struct dcesrv_connection_context *context = talloc_zero(call->conn,
- struct dcesrv_connection_context);
- if (context == NULL) {
+ /*
+ * Set some sane defaults (required by dcesrv_negotiate_contexts()/
+ * dcesrv_check_or_create_context()) and do some protocol validation
+ * and set sane defaults.
+ */
+ for (i = 0; i < call->pkt.u.bind.num_contexts; i++) {
+ const struct dcerpc_ctx_list *c = &call->pkt.u.bind.ctx_list[i];
+ struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
+ bool is_feature = false;
+ uint64_t features = 0;
+
+ if (c->num_transfer_syntaxes == 0) {
return dcesrv_bind_nak(call, 0);
}
- context->conn = call->conn;
- context->iface = iface;
- context->context_id = context_id;
- if (call->pkt.u.bind.assoc_group_id != 0) {
- context->assoc_group = dcesrv_assoc_group_reference(context,
- call->conn->dce_ctx,
- call->pkt.u.bind.assoc_group_id);
- } else {
- context->assoc_group = dcesrv_assoc_group_new(context, call->conn->dce_ctx);
+
+ a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
+ a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
+
+ /*
+ * It's only treated as bind time feature request, if the first
+ * transfer_syntax matches, all others are ignored.
+ */
+ is_feature = dcerpc_extract_bind_time_features(c->transfer_syntaxes[0],
+ &features);
+ if (!is_feature) {
+ continue;
}
- if (context->assoc_group == NULL) {
- talloc_free(context);
+
+ if (ack_features != NULL) {
+ /*
+ * Only one bind time feature context is allowed.
+ */
return dcesrv_bind_nak(call, 0);
}
- context->private_data = NULL;
- DLIST_ADD(call->conn->contexts, context);
- call->context = context;
- talloc_set_destructor(context, dcesrv_connection_context_destructor);
-
- dcesrv_prepare_context_auth(call);
+ ack_features = a;
- status = iface->bind(call, iface, if_version);
- if (!NT_STATUS_IS_OK(status)) {
- char *uuid_str = GUID_string(call, &uuid);
- DEBUG(2,("Request for dcerpc interface %s/%d rejected: %s\n",
- uuid_str, if_version, nt_errstr(status)));
- talloc_free(uuid_str);
- /* we don't want to trigger the iface->unbind() hook */
- context->iface = NULL;
- talloc_free(call->context);
- call->context = NULL;
- return dcesrv_bind_nak(call, 0);
+ a->result = DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK;
+ a->reason.negotiate = 0;
+ if (features & DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING) {
+ /* not supported yet */
+ }
+ if (features & DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN) {
+ /* not supported yet */
}
+
+ call->conn->bind_time_features = a->reason.negotiate;
+ }
+
+ /*
+ * Try to negotiate one new presentation context.
+ */
+ status = dcesrv_negotiate_contexts(call, &call->pkt.u.bind, ack_ctx_list);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+ return dcesrv_bind_nak(call, 0);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
(call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
- call->context->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
+ call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
}
if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
- call->context->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
+ call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
}
/* handle any authentication that is being requested */
if (!dcesrv_auth_bind(call)) {
- talloc_free(call->context);
- call->context = NULL;
- return dcesrv_bind_nak(call, DCERPC_BIND_REASON_INVALID_AUTH_TYPE);
+ struct dcesrv_auth *auth = &call->conn->auth_state;
+
+ TALLOC_FREE(call->context);
+
+ if (auth->auth_level == DCERPC_AUTH_LEVEL_NONE) {
+ /*
+ * With DCERPC_AUTH_LEVEL_NONE, we get the
+ * reject_reason in auth->auth_context_id.
+ */
+ return dcesrv_bind_nak(call, auth->auth_context_id);
+ }
+
+ /*
+ * This must a be a temporary failure e.g. talloc or invalid
+ * configuration, e.g. no machine account.
+ */
+ return dcesrv_bind_nak(call,
+ DCERPC_BIND_NAK_REASON_TEMPORARY_CONGESTION);
}
/* setup a bind_ack */
pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
pkt.u.bind_ack.max_xmit_frag = call->conn->max_xmit_frag;
pkt.u.bind_ack.max_recv_frag = call->conn->max_recv_frag;
+ pkt.u.bind_ack.assoc_group_id = call->conn->assoc_group->id;
- /*
- make it possible for iface->bind() to specify the assoc_group_id
- This helps the openchange mapiproxy plugin to work correctly.
-
- metze
- */
- if (call->context) {
- pkt.u.bind_ack.assoc_group_id = call->context->assoc_group->id;
- } else {
- pkt.u.bind_ack.assoc_group_id = DUMMY_ASSOC_GROUP;
- }
-
- if (iface) {
- endpoint = dcerpc_binding_get_string_option(
+ endpoint = dcerpc_binding_get_string_option(
call->conn->endpoint->ep_description,
"endpoint");
- }
-
if (endpoint == NULL) {
endpoint = "";
}
TALLOC_FREE(call->context);
return NT_STATUS_NO_MEMORY;
}
- pkt.u.bind_ack.num_results = 1;
- pkt.u.bind_ack.ctx_list = talloc_zero(call, struct dcerpc_ack_ctx);
- if (!pkt.u.bind_ack.ctx_list) {
- talloc_free(call->context);
- call->context = NULL;
- return NT_STATUS_NO_MEMORY;
- }
- pkt.u.bind_ack.ctx_list[0].result = result;
- pkt.u.bind_ack.ctx_list[0].reason.value = reason;
- pkt.u.bind_ack.ctx_list[0].syntax = ndr_transfer_syntax_ndr;
- pkt.u.bind_ack.auth_info = data_blob(NULL, 0);
+ pkt.u.bind_ack.num_results = call->pkt.u.bind.num_contexts;
+ pkt.u.bind_ack.ctx_list = ack_ctx_list;
+ pkt.u.bind_ack.auth_info = data_blob_null;
status = dcesrv_auth_bind_ack(call, &pkt);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(call->context);
- call->context = NULL;
+ TALLOC_FREE(call->context);
return dcesrv_bind_nak(call, 0);
}
rep = talloc_zero(call, struct data_blob_list_item);
if (!rep) {
- talloc_free(call->context);
- call->context = NULL;
+ TALLOC_FREE(call->context);
return NT_STATUS_NO_MEMORY;
}
status = ncacn_push_auth(&rep->blob, call, &pkt,
call->out_auth_info);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(call->context);
- call->context = NULL;
+ TALLOC_FREE(call->context);
return status;
}
/* handle the auth3 in the auth code */
if (!dcesrv_auth_auth3(call)) {
- return dcesrv_fault(call, DCERPC_FAULT_OTHER);
+ call->conn->auth_state.auth_invalid = true;
+ if (call->fault_code != 0) {
+ return dcesrv_fault_disconnect(call, call->fault_code);
+ }
}
talloc_free(call);
}
-/*
- handle a bind request
-*/
-static NTSTATUS dcesrv_alter_new_context(struct dcesrv_call_state *call, uint32_t context_id)
+static NTSTATUS dcesrv_check_or_create_context(struct dcesrv_call_state *call,
+ const struct dcerpc_bind *b,
+ const struct dcerpc_ctx_list *ctx,
+ struct dcerpc_ack_ctx *ack,
+ bool validate_only,
+ const struct ndr_syntax_id *supported_transfer)
{
- uint32_t if_version, transfer_syntax_version;
+ uint32_t if_version;
struct dcesrv_connection_context *context;
const struct dcesrv_interface *iface;
- struct GUID uuid, *transfer_syntax_uuid;
+ struct GUID uuid;
NTSTATUS status;
+ const struct ndr_syntax_id *selected_transfer = NULL;
+ size_t i;
+ bool ok;
- if_version = call->pkt.u.alter.ctx_list[0].abstract_syntax.if_version;
- uuid = call->pkt.u.alter.ctx_list[0].abstract_syntax.uuid;
+ if (b == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (ctx == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (ctx->num_transfer_syntaxes < 1) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (ack == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (supported_transfer == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
- transfer_syntax_version = call->pkt.u.alter.ctx_list[0].transfer_syntaxes[0].if_version;
- transfer_syntax_uuid = &call->pkt.u.alter.ctx_list[0].transfer_syntaxes[0].uuid;
- if (!GUID_equal(transfer_syntax_uuid, &ndr_transfer_syntax_ndr.uuid) ||
- ndr_transfer_syntax_ndr.if_version != transfer_syntax_version) {
- /* we only do NDR encoded dcerpc */
- return NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED;
+ switch (ack->result) {
+ case DCERPC_BIND_ACK_RESULT_ACCEPTANCE:
+ case DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK:
+ /*
+ * We is already completed.
+ */
+ return NT_STATUS_OK;
+ default:
+ break;
}
+ ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
+ ack->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
+
+ if_version = ctx->abstract_syntax.if_version;
+ uuid = ctx->abstract_syntax.uuid;
+
iface = find_interface_by_uuid(call->conn->endpoint, &uuid, if_version);
if (iface == NULL) {
char *uuid_str = GUID_string(call, &uuid);
DEBUG(2,("Request for unknown dcerpc interface %s/%d\n", uuid_str, if_version));
talloc_free(uuid_str);
- return NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED;
+ /*
+ * We report this only via ack->result
+ */
+ return NT_STATUS_OK;
+ }
+
+ ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
+ ack->reason.value = DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED;
+
+ if (validate_only) {
+ /*
+ * We report this only via ack->result
+ */
+ return NT_STATUS_OK;
+ }
+
+ for (i = 0; i < ctx->num_transfer_syntaxes; i++) {
+ /*
+ * we only do NDR encoded dcerpc for now.
+ */
+ ok = ndr_syntax_id_equal(&ctx->transfer_syntaxes[i],
+ supported_transfer);
+ if (ok) {
+ selected_transfer = supported_transfer;
+ break;
+ }
+ }
+
+ context = dcesrv_find_context(call->conn, ctx->context_id);
+ if (context != NULL) {
+ ok = ndr_syntax_id_equal(&context->iface->syntax_id,
+ &ctx->abstract_syntax);
+ if (!ok) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ if (selected_transfer != NULL) {
+ ok = ndr_syntax_id_equal(&context->transfer_syntax,
+ selected_transfer);
+ if (!ok) {
+ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE;
+ ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED;
+ ack->syntax = context->transfer_syntax;
+ }
+
+ /*
+ * We report this only via ack->result
+ */
+ return NT_STATUS_OK;
+ }
+
+ if (selected_transfer == NULL) {
+ /*
+ * We report this only via ack->result
+ */
+ return NT_STATUS_OK;
}
+ ack->result = DCERPC_BIND_ACK_RESULT_USER_REJECTION;
+ ack->reason.value = DCERPC_BIND_ACK_REASON_LOCAL_LIMIT_EXCEEDED;
+
/* add this context to the list of available context_ids */
context = talloc_zero(call->conn, struct dcesrv_connection_context);
if (context == NULL) {
return NT_STATUS_NO_MEMORY;
}
context->conn = call->conn;
+ context->context_id = ctx->context_id;
context->iface = iface;
- context->context_id = context_id;
- if (call->pkt.u.alter.assoc_group_id != 0) {
- context->assoc_group = dcesrv_assoc_group_reference(context,
- call->conn->dce_ctx,
- call->pkt.u.alter.assoc_group_id);
- } else {
- context->assoc_group = dcesrv_assoc_group_new(context, call->conn->dce_ctx);
- }
- if (context->assoc_group == NULL) {
- talloc_free(context);
- call->context = NULL;
- return NT_STATUS_NO_MEMORY;
- }
+ context->transfer_syntax = *selected_transfer;
context->private_data = NULL;
DLIST_ADD(call->conn->contexts, context);
call->context = context;
dcesrv_prepare_context_auth(call);
status = iface->bind(call, iface, if_version);
+ call->context = NULL;
if (!NT_STATUS_IS_OK(status)) {
/* we don't want to trigger the iface->unbind() hook */
context->iface = NULL;
talloc_free(context);
- call->context = NULL;
- return status;
+ /*
+ * We report this only via ack->result
+ */
+ return NT_STATUS_OK;
}
+ ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE;
+ ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED;
+ ack->syntax = context->transfer_syntax;
return NT_STATUS_OK;
}
-/* setup and send an alter_resp */
-static NTSTATUS dcesrv_alter_resp(struct dcesrv_call_state *call,
- uint32_t result,
- uint32_t reason)
+static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
+ const struct dcerpc_bind *b,
+ struct dcerpc_ack_ctx *ack_ctx_list)
{
- struct ncacn_packet pkt;
- uint32_t extra_flags = 0;
- struct data_blob_list_item *rep = NULL;
NTSTATUS status;
+ size_t i;
+ bool validate_only = false;
+ bool preferred_ndr32;
- dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
- pkt.auth_length = 0;
- pkt.call_id = call->pkt.call_id;
- pkt.ptype = DCERPC_PKT_ALTER_RESP;
- if (result == 0) {
- if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
- call->context->conn->state_flags &
- DCESRV_CALL_STATE_FLAG_MULTIPLEXED) {
- extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
- }
- if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
- call->context->conn->state_flags |=
- DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
- }
- }
- pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
- pkt.u.alter_resp.max_xmit_frag = call->conn->max_xmit_frag;
- pkt.u.alter_resp.max_recv_frag = call->conn->max_recv_frag;
- if (result == 0) {
- pkt.u.alter_resp.assoc_group_id = call->context->assoc_group->id;
- } else {
- pkt.u.alter_resp.assoc_group_id = 0;
- }
- pkt.u.alter_resp.num_results = 1;
- pkt.u.alter_resp.ctx_list = talloc_zero(call, struct dcerpc_ack_ctx);
- if (!pkt.u.alter_resp.ctx_list) {
- return NT_STATUS_NO_MEMORY;
- }
- pkt.u.alter_resp.ctx_list[0].result = result;
- pkt.u.alter_resp.ctx_list[0].reason.value = reason;
- pkt.u.alter_resp.ctx_list[0].syntax = ndr_transfer_syntax_ndr;
- pkt.u.alter_resp.auth_info = data_blob(NULL, 0);
- pkt.u.alter_resp.secondary_address = "";
+ /*
+ * Try to negotiate one new presentation context,
+ * using our preferred transfer syntax.
+ */
+ for (i = 0; i < b->num_contexts; i++) {
+ const struct dcerpc_ctx_list *c = &b->ctx_list[i];
+ struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
- status = dcesrv_auth_alter_ack(call, &pkt);
- if (!NT_STATUS_IS_OK(status)) {
- if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)
- || NT_STATUS_EQUAL(status, NT_STATUS_LOGON_FAILURE)
- || NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
- || NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
- return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
+ status = dcesrv_check_or_create_context(call, b, c, a,
+ validate_only,
+ call->conn->preferred_transfer);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return dcesrv_fault(call, 0);
- }
- rep = talloc_zero(call, struct data_blob_list_item);
- if (!rep) {
- return NT_STATUS_NO_MEMORY;
+ if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) {
+ /*
+ * We managed to negotiate one context.
+ *
+ * => we're done.
+ */
+ validate_only = true;
+ }
}
- status = ncacn_push_auth(&rep->blob, call, &pkt, call->out_auth_info);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ preferred_ndr32 = ndr_syntax_id_equal(&ndr_transfer_syntax_ndr,
+ call->conn->preferred_transfer);
+ if (preferred_ndr32) {
+ /*
+ * We're done.
+ */
+ return NT_STATUS_OK;
}
- dcerpc_set_frag_length(&rep->blob, rep->blob.length);
+ /*
+ * Try to negotiate one new presentation context,
+ * using NDR 32 as fallback.
+ */
+ for (i = 0; i < b->num_contexts; i++) {
+ const struct dcerpc_ctx_list *c = &b->ctx_list[i];
+ struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
- DLIST_ADD_END(call->replies, rep);
- dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST);
+ status = dcesrv_check_or_create_context(call, b, c, a,
+ validate_only,
+ &ndr_transfer_syntax_ndr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- if (call->conn->call_list && call->conn->call_list->replies) {
- if (call->conn->transport.report_output_data) {
- call->conn->transport.report_output_data(call->conn);
+ if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) {
+ /*
+ * We managed to negotiate one context.
+ *
+ * => we're done.
+ */
+ validate_only = true;
}
}
static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
{
NTSTATUS status;
- const struct dcerpc_ctx_list *ctx = NULL;
bool auth_ok = false;
+ struct ncacn_packet pkt;
+ uint32_t extra_flags = 0;
+ struct data_blob_list_item *rep = NULL;
+ struct dcerpc_ack_ctx *ack_ctx_list = NULL;
+ size_t i;
if (!call->conn->allow_alter) {
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
auth_ok = dcesrv_auth_alter(call);
if (!auth_ok) {
- if (call->in_auth_info.auth_type == DCERPC_AUTH_TYPE_NONE) {
- return dcesrv_fault_disconnect(call,
- DCERPC_FAULT_ACCESS_DENIED);
+ if (call->fault_code != 0) {
+ return dcesrv_fault_disconnect(call, call->fault_code);
}
}
if (call->pkt.u.alter.num_contexts < 1) {
return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
}
- ctx = &call->pkt.u.alter.ctx_list[0];
- if (ctx->num_transfer_syntaxes < 1) {
- return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
+
+ ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx,
+ call->pkt.u.alter.num_contexts);
+ if (ack_ctx_list == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
- /* see if they are asking for a new interface */
- call->context = dcesrv_find_context(call->conn, ctx->context_id);
- if (!call->context) {
- status = dcesrv_alter_new_context(call, ctx->context_id);
- if (!NT_STATUS_IS_OK(status)) {
- return dcesrv_alter_resp(call,
- DCERPC_BIND_PROVIDER_REJECT,
- DCERPC_BIND_REASON_ASYNTAX);
- }
- } else {
- bool ok;
+ /*
+ * Set some sane defaults (required by dcesrv_negotiate_contexts()/
+ * dcesrv_check_or_create_context()) and do some protocol validation
+ * and set sane defaults.
+ */
+ for (i = 0; i < call->pkt.u.alter.num_contexts; i++) {
+ const struct dcerpc_ctx_list *c = &call->pkt.u.alter.ctx_list[i];
+ struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
- ok = ndr_syntax_id_equal(&ctx->abstract_syntax,
- &call->context->iface->syntax_id);
- if (!ok) {
+ if (c->num_transfer_syntaxes == 0) {
return dcesrv_fault_disconnect(call,
DCERPC_NCA_S_PROTO_ERROR);
}
- if (ctx->num_transfer_syntaxes != 1) {
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
- }
+ a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
+ a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
+ }
- ok = ndr_syntax_id_equal(&ctx->transfer_syntaxes[0],
- &ndr_transfer_syntax_ndr);
- if (!ok) {
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
- }
+ /*
+ * Try to negotiate one new presentation context.
+ */
+ status = dcesrv_negotiate_contexts(call, &call->pkt.u.alter, ack_ctx_list);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+ return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (call->pkt.u.alter.assoc_group_id != 0 &&
- lpcfg_parm_bool(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv","assoc group checking", true) &&
- call->pkt.u.alter.assoc_group_id != call->context->assoc_group->id) {
- DEBUG(0,(__location__ ": Failed attempt to use new assoc_group in alter context (0x%08x 0x%08x)\n",
- call->context->assoc_group->id, call->pkt.u.alter.assoc_group_id));
- /* TODO: can they ask for a new association group? */
- return dcesrv_alter_resp(call,
- DCERPC_BIND_PROVIDER_REJECT,
- DCERPC_BIND_REASON_ASYNTAX);
+ if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
+ (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
+ call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
+ extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
+ }
+
+ if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
+ call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
}
/* handle any authentication that is being requested */
return dcesrv_fault_disconnect(call, DCERPC_FAULT_ACCESS_DENIED);
}
- return dcesrv_alter_resp(call,
- DCERPC_BIND_ACK_RESULT_ACCEPTANCE,
- DCERPC_BIND_ACK_REASON_NOT_SPECIFIED);
+ dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
+ pkt.auth_length = 0;
+ pkt.call_id = call->pkt.call_id;
+ pkt.ptype = DCERPC_PKT_ALTER_RESP;
+ pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
+ pkt.u.alter_resp.max_xmit_frag = call->conn->max_xmit_frag;
+ pkt.u.alter_resp.max_recv_frag = call->conn->max_recv_frag;
+ pkt.u.alter_resp.assoc_group_id = call->conn->assoc_group->id;
+ pkt.u.alter_resp.secondary_address = "";
+ pkt.u.alter_resp.num_results = call->pkt.u.alter.num_contexts;
+ pkt.u.alter_resp.ctx_list = ack_ctx_list;
+ pkt.u.alter_resp.auth_info = data_blob_null;
+
+ status = dcesrv_auth_alter_ack(call, &pkt);
+ if (!NT_STATUS_IS_OK(status)) {
+ return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
+ }
+
+ rep = talloc_zero(call, struct data_blob_list_item);
+ if (!rep) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = ncacn_push_auth(&rep->blob, call, &pkt, call->out_auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ dcerpc_set_frag_length(&rep->blob, rep->blob.length);
+
+ DLIST_ADD_END(call->replies, rep);
+ dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST);
+
+ if (call->conn->call_list && call->conn->call_list->replies) {
+ if (call->conn->transport.report_output_data) {
+ call->conn->transport.report_output_data(call->conn);
+ }
+ }
+
+ return NT_STATUS_OK;
}
/*
DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING : 0;
const struct dcerpc_sec_vt_pcontext pcontext = {
.abstract_syntax = call->context->iface->syntax_id,
- .transfer_syntax = ndr_transfer_syntax_ndr,
+ .transfer_syntax = call->context->transfer_syntax,
};
const struct dcerpc_sec_vt_header2 header2 =
dcerpc_sec_vt_header2_from_ncacn_packet(&call->pkt);
context = dcesrv_find_context(call->conn, call->pkt.u.request.context_id);
if (context == NULL) {
- return dcesrv_fault(call, DCERPC_FAULT_UNK_IF);
+ return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
}
switch (call->conn->auth_state.auth_level) {
case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_PACKET:
case DCERPC_AUTH_LEVEL_INTEGRITY:
case DCERPC_AUTH_LEVEL_PRIVACY:
break;
/* unravel the NDR for the packet */
status = context->iface->ndr_pull(call, call, pull, &call->r);
if (!NT_STATUS_IS_OK(status)) {
+ uint8_t extra_flags = 0;
if (call->fault_code == DCERPC_FAULT_OP_RNG_ERROR) {
/* we got an unknown call */
DEBUG(3,(__location__ ": Unknown RPC call %u on %s\n",
call->pkt.u.request.opnum, context->iface->name));
dcesrv_save_call(call, "unknown");
+ extra_flags |= DCERPC_PFC_FLAG_DID_NOT_EXECUTE;
} else {
dcesrv_save_call(call, "pullfail");
}
- return dcesrv_fault(call, call->fault_code);
+ return dcesrv_fault_with_flags(call, call->fault_code, extra_flags);
}
if (pull->offset != pull->data_size) {
{
NTSTATUS status;
struct dcesrv_call_state *call;
+ struct dcesrv_call_state *existing = NULL;
call = talloc_zero(dce_conn, struct dcesrv_call_state);
if (!call) {
DCERPC_NCA_S_PROTO_ERROR);
}
- if (!dcesrv_auth_request(call, &blob)) {
- return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
- }
- }
-
- /* see if this is a continued packet */
- if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
- !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST)) {
- struct dcesrv_call_state *call2 = call;
- uint32_t alloc_size;
-
- /* this is a continuation of an existing call - find the call
- then tack it on the end */
- call = dcesrv_find_fragmented_call(dce_conn, call2->pkt.call_id);
- if (!call) {
- return dcesrv_fault_disconnect(call2,
+ if (call->pkt.frag_length > DCERPC_FRAG_MAX_SIZE) {
+ /*
+ * We don't use dcesrv_fault_disconnect()
+ * here, because we don't want to set
+ * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
+ *
+ * Note that we don't check against the negotiated
+ * max_recv_frag, but a hard coded value.
+ */
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - frag_length too large");
+ return dcesrv_fault(call,
DCERPC_NCA_S_PROTO_ERROR);
}
- if (call->pkt.ptype != call2->pkt.ptype) {
- /* trying to play silly buggers are we? */
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
+ /* only one request is possible in the fragmented list */
+ if (dce_conn->incoming_fragmented_call_list != NULL) {
+ TALLOC_FREE(call);
+ call = dce_conn->incoming_fragmented_call_list;
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - "
+ "existing fragmented call");
+ return dcesrv_fault(call,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
+ return dcesrv_fault_disconnect(call,
+ DCERPC_FAULT_NO_CALL_ACTIVE);
+ }
+ } else {
+ const struct dcerpc_request *nr = &call->pkt.u.request;
+ const struct dcerpc_request *er = NULL;
+ int cmp;
+
+ existing = dcesrv_find_fragmented_call(dce_conn,
+ call->pkt.call_id);
+ if (existing == NULL) {
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - "
+ "no existing fragmented call");
+ return dcesrv_fault(call,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
+ er = &existing->pkt.u.request;
+
+ if (call->pkt.ptype != existing->pkt.ptype) {
+ /* trying to play silly buggers are we? */
+ return dcesrv_fault_disconnect(existing,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
+ cmp = memcmp(call->pkt.drep, existing->pkt.drep,
+ sizeof(pkt->drep));
+ if (cmp != 0) {
+ return dcesrv_fault_disconnect(existing,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
+ if (nr->context_id != er->context_id) {
+ return dcesrv_fault_disconnect(existing,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
+ if (nr->opnum != er->opnum) {
+ return dcesrv_fault_disconnect(existing,
+ DCERPC_NCA_S_PROTO_ERROR);
+ }
}
- if (memcmp(call->pkt.drep, call2->pkt.drep, sizeof(pkt->drep)) != 0) {
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
+ }
+
+ if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
+ bool ok;
+ uint8_t payload_offset = DCERPC_REQUEST_LENGTH;
+
+ if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
+ payload_offset += 16;
}
- if (call->pkt.call_id != call2->pkt.call_id) {
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
+
+ ok = dcesrv_auth_pkt_pull(call, &blob,
+ 0, /* required_flags */
+ DCERPC_PFC_FLAG_FIRST |
+ DCERPC_PFC_FLAG_LAST |
+ DCERPC_PFC_FLAG_PENDING_CANCEL |
+ 0x08 | /* this is not defined, but should be ignored */
+ DCERPC_PFC_FLAG_CONC_MPX |
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
+ DCERPC_PFC_FLAG_MAYBE |
+ DCERPC_PFC_FLAG_OBJECT_UUID,
+ payload_offset,
+ &call->pkt.u.request.stub_and_verifier);
+ if (!ok) {
+ /*
+ * We don't use dcesrv_fault_disconnect()
+ * here, because we don't want to set
+ * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
+ */
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - failed");
+ if (call->fault_code == 0) {
+ call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
+ }
+ return dcesrv_fault(call, call->fault_code);
}
- if (call->pkt.u.request.context_id != call2->pkt.u.request.context_id) {
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
+ }
+
+ /* see if this is a continued packet */
+ if (existing != NULL) {
+ struct dcerpc_request *er = &existing->pkt.u.request;
+ const struct dcerpc_request *nr = &call->pkt.u.request;
+ size_t available;
+ size_t alloc_size;
+ size_t alloc_hint;
+
+ /*
+ * Up to 4 MByte are allowed by all fragments
+ */
+ available = dce_conn->max_total_request_size;
+ if (er->stub_and_verifier.length > available) {
+ dcesrv_call_disconnect_after(existing,
+ "dcesrv_auth_request - existing payload too large");
+ return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
}
- if (call->pkt.u.request.opnum != call2->pkt.u.request.opnum) {
- return dcesrv_fault_disconnect(call,
- DCERPC_NCA_S_PROTO_ERROR);
+ available -= er->stub_and_verifier.length;
+ if (nr->alloc_hint > available) {
+ dcesrv_call_disconnect_after(existing,
+ "dcesrv_auth_request - alloc hint too large");
+ return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
}
-
- alloc_size = call->pkt.u.request.stub_and_verifier.length +
- call2->pkt.u.request.stub_and_verifier.length;
- if (call->pkt.u.request.alloc_hint > alloc_size) {
- alloc_size = call->pkt.u.request.alloc_hint;
+ if (nr->stub_and_verifier.length > available) {
+ dcesrv_call_disconnect_after(existing,
+ "dcesrv_auth_request - new payload too large");
+ return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
}
-
- call->pkt.u.request.stub_and_verifier.data =
- talloc_realloc(call,
- call->pkt.u.request.stub_and_verifier.data,
+ alloc_hint = er->stub_and_verifier.length + nr->alloc_hint;
+ /* allocate at least 1 byte */
+ alloc_hint = MAX(alloc_hint, 1);
+ alloc_size = er->stub_and_verifier.length +
+ nr->stub_and_verifier.length;
+ alloc_size = MAX(alloc_size, alloc_hint);
+
+ er->stub_and_verifier.data =
+ talloc_realloc(existing,
+ er->stub_and_verifier.data,
uint8_t, alloc_size);
- if (!call->pkt.u.request.stub_and_verifier.data) {
- return dcesrv_fault(call2, DCERPC_FAULT_OTHER);
+ if (er->stub_and_verifier.data == NULL) {
+ TALLOC_FREE(call);
+ return dcesrv_fault_with_flags(existing,
+ DCERPC_FAULT_OUT_OF_RESOURCES,
+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
}
- memcpy(call->pkt.u.request.stub_and_verifier.data +
- call->pkt.u.request.stub_and_verifier.length,
- call2->pkt.u.request.stub_and_verifier.data,
- call2->pkt.u.request.stub_and_verifier.length);
- call->pkt.u.request.stub_and_verifier.length +=
- call2->pkt.u.request.stub_and_verifier.length;
+ memcpy(er->stub_and_verifier.data +
+ er->stub_and_verifier.length,
+ nr->stub_and_verifier.data,
+ nr->stub_and_verifier.length);
+ er->stub_and_verifier.length += nr->stub_and_verifier.length;
- call->pkt.pfc_flags |= (call2->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST);
+ existing->pkt.pfc_flags |= (call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST);
- talloc_free(call2);
+ TALLOC_FREE(call);
+ call = existing;
}
/* this may not be the last pdu in the chain - if its isn't then
just put it on the incoming_fragmented_call_list and wait for the rest */
if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
+ /*
+ * Up to 4 MByte are allowed by all fragments
+ */
+ if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) {
+ dcesrv_call_disconnect_after(call,
+ "dcesrv_auth_request - initial alloc hint too large");
+ return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
+ }
dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST);
return NT_STATUS_OK;
}
case DCERPC_PKT_REQUEST:
status = dcesrv_request(call);
break;
+ case DCERPC_PKT_BIND_ACK:
+ case DCERPC_PKT_BIND_NAK:
+ case DCERPC_PKT_ALTER_RESP:
+ case DCERPC_PKT_RESPONSE:
+ case DCERPC_PKT_FAULT:
+ case DCERPC_PKT_SHUTDOWN:
+ case DCERPC_PKT_CO_CANCEL:
+ case DCERPC_PKT_ORPHANED:
default:
status = dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
break;
if (transport == NCALRPC) {
uid_t uid;
gid_t gid;
+ int sock_fd;
+
+ sock_fd = socket_get_fd(srv_conn->socket);
+ if (sock_fd == -1) {
+ stream_terminate_connection(
+ srv_conn, "socket_get_fd failed\n");
+ return;
+ }
- ret = getpeereid(socket_get_fd(srv_conn->socket), &uid, &gid);
+ ret = getpeereid(sock_fd, &uid, &gid);
if (ret == -1) {
status = map_nt_error_from_unix_common(errno);
DEBUG(0, ("dcesrv_sock_accept: "