struct dcesrv_call_state;
struct dcesrv_auth;
struct dcesrv_connection_context;
+struct dcesrv_iface_state;
struct dcesrv_interface {
const char *name;
/* the state of an ongoing dcerpc call */
struct dcesrv_call_state {
struct dcesrv_call_state *next, *prev;
+ struct dcesrv_auth *auth_state;
struct dcesrv_connection *conn;
struct dcesrv_connection_context *context;
struct ncacn_packet pkt;
* created and fetch using the dcesrv_handle_* functions.
*
* Use
-* dcesrv_handle_new(struct dcesrv_connection \*, uint8 handle_type)
+* dcesrv_handle_create(struct dcesrv_call_state \*, uint8 handle_type)
* to obtain a new handle of the specified type. Handle types are
* unique within each pipe.
*
* The handle can later be fetched again using:
*
-* struct dcesrv_handle *dcesrv_handle_fetch(
-* struct dcesrv_connection *dce_conn,
+* struct dcesrv_handle *dcesrv_handle_lookup(
+* struct dcesrv_call_state *dce_call,
* struct policy_handle *p,
* uint8 handle_type)
*
* and destroyed by:
*
-* dcesrv_handle_destroy(struct dcesrv_handle *).
+* TALLOC_FREE(struct dcesrv_handle *).
*
* User data should be stored in the 'data' member of the dcesrv_handle
* struct.
struct dcesrv_assoc_group *assoc_group;
struct policy_handle wire_handle;
struct dom_sid *sid;
+ enum dcerpc_AuthLevel min_auth_level;
const struct dcesrv_interface *iface;
void *data;
};
uint32_t auth_context_id;
struct gensec_security *gensec_security;
struct auth_session_info *session_info;
- NTSTATUS (*session_key)(struct dcesrv_connection *, DATA_BLOB *session_key);
+ NTSTATUS (*session_key_fn)(struct dcesrv_auth *, DATA_BLOB *session_key);
bool client_hdr_signing;
bool hdr_signing;
+ bool auth_started;
bool auth_finished;
bool auth_invalid;
};
const struct tsocket_address *remote_address;
/* the current authentication state */
- struct dcesrv_auth auth_state;
+ struct dcesrv_auth *default_auth_state;
/*
* remember which pdu types are allowed
*/
bool allow_bind;
- bool allow_auth3;
bool allow_alter;
- bool allow_request;
/* the association group the connection belongs to */
struct dcesrv_assoc_group *assoc_group;
*/
const struct ndr_syntax_id *preferred_transfer;
- /* the negotiated bind time features */
- uint16_t bind_time_features;
-
/*
* This is used to block the connection during
* pending authentication.
/* list of handles in this association group */
struct dcesrv_handle *handles;
+ /*
+ * list of iface states per assoc/conn
+ */
+ struct dcesrv_iface_state *iface_states;
+
/* parent context */
struct dcesrv_context *dce_ctx;
+ /* the negotiated bind time features */
+ uint16_t bind_time_features;
+
/* Remote association group ID (if proxied) */
uint32_t proxied_id;
};
NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char **endpoint_servers, struct dcesrv_context **_dce_ctx);
-NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
- TALLOC_CTX *mem_ctx,
- const struct dcesrv_endpoint *ep,
- struct auth_session_info *session_info,
- struct tevent_context *event_ctx,
- struct imessaging_context *msg_ctx,
- struct server_id server_id,
- uint32_t state_flags,
- struct dcesrv_connection **_p);
NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
-struct dcesrv_handle *dcesrv_handle_new(struct dcesrv_connection_context *context,
- uint8_t handle_type);
+struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
+ uint8_t handle_type);
-struct dcesrv_handle *dcesrv_handle_fetch(
- struct dcesrv_connection_context *context,
- struct policy_handle *p,
- uint8_t handle_type);
+struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
+ const struct policy_handle *p,
+ uint8_t handle_type);
const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn);
const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn);
-NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, DATA_BLOB *session_key);
+/*
+ * Fetch the authentication session key if available.
+ *
+ * This is the key generated by a gensec authentication.
+ */
+NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
+ DATA_BLOB *session_key);
+
+/*
+ * Fetch the transport session key if available.
+ * Typically this is the SMB session key
+ * or a fixed key for local transports.
+ *
+ * The key is always truncated to 16 bytes.
+*/
+NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
+ DATA_BLOB *session_key);
/* a useful macro for generating a RPC fault in the backend code */
#define DCESRV_FAULT(code) do { \
invalid handle or retval if the handle is of the
wrong type */
#define DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, retval) do { \
- (h) = dcesrv_handle_fetch(dce_call->context, (inhandle), DCESRV_HANDLE_ANY); \
+ (h) = dcesrv_handle_lookup(dce_call, (inhandle), DCESRV_HANDLE_ANY); \
DCESRV_CHECK_HANDLE(h); \
if ((t) != DCESRV_HANDLE_ANY && (h)->wire_handle.handle_type != (t)) { \
return retval; \
/* this checks for a valid policy handle and gives a dcerpc fault
if its the wrong type of handle */
#define DCESRV_PULL_HANDLE_FAULT(h, inhandle, t) do { \
- (h) = dcesrv_handle_fetch(dce_call->context, (inhandle), t); \
+ (h) = dcesrv_handle_lookup(dce_call, (inhandle), t); \
DCESRV_CHECK_HANDLE(h); \
} while (0)
*/
_PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call);
+/**
+ * retrieve auth type/level from a dce_call
+ */
+_PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call,
+ enum dcerpc_AuthType *auth_type,
+ enum dcerpc_AuthLevel *auth_level);
+
_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_call,
const struct dcesrv_interface *iface);
_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_call_state *dce_call,
_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_call_state *dce_call,
const struct dcesrv_interface *iface);
+_PUBLIC_ NTSTATUS _dcesrv_iface_state_store_assoc(
+ struct dcesrv_call_state *call,
+ uint64_t magic,
+ void *ptr,
+ const char *location);
+#define dcesrv_iface_state_store_assoc(call, magic, ptr) \
+ _dcesrv_iface_state_store_assoc((call), (magic), (ptr), \
+ __location__)
+_PUBLIC_ void *_dcesrv_iface_state_find_assoc(
+ struct dcesrv_call_state *call,
+ uint64_t magic);
+#define dcesrv_iface_state_find_assoc(call, magic, _type) \
+ talloc_get_type( \
+ _dcesrv_iface_state_find_assoc((call), (magic)), \
+ _type)
+
+_PUBLIC_ NTSTATUS _dcesrv_iface_state_store_conn(
+ struct dcesrv_call_state *call,
+ uint64_t magic,
+ void *_pptr,
+ const char *location);
+#define dcesrv_iface_state_store_conn(call, magic, ptr) \
+ _dcesrv_iface_state_store_conn((call), (magic), (ptr), \
+ __location__)
+_PUBLIC_ void *_dcesrv_iface_state_find_conn(
+ struct dcesrv_call_state *call,
+ uint64_t magic);
+#define dcesrv_iface_state_find_conn(call, magic, _type) \
+ talloc_get_type( \
+ _dcesrv_iface_state_find_conn((call), (magic)), \
+ _type)
+
#endif /* SAMBA_DCERPC_SERVER_H */