X-Git-Url: http://git.samba.org/?p=samba.git;a=blobdiff_plain;f=source4%2Frpc_server%2Fdcerpc_server.h;h=cb600cd3a81d71983cc9bf4c42ed3a64c3644f2f;hp=59a4bab083e2d599f14ade1e1a1b101e0c541743;hb=a30eee5745af275861aaa64d8c11cf5abc52eee2;hpb=5209a846a9157e649fcdcb561f7eaf19c8c0e465 diff --git a/source4/rpc_server/dcerpc_server.h b/source4/rpc_server/dcerpc_server.h index 59a4bab083e..cb600cd3a81 100644 --- a/source4/rpc_server/dcerpc_server.h +++ b/source4/rpc_server/dcerpc_server.h @@ -23,7 +23,7 @@ #ifndef SAMBA_DCERPC_SERVER_H #define SAMBA_DCERPC_SERVER_H -#include "librpc/gen_ndr/security.h" +#include "librpc/gen_ndr/server_id.h" #include "librpc/rpc/dcerpc.h" #include "librpc/ndr/libndr.h" @@ -44,7 +44,7 @@ struct dcesrv_interface { struct ndr_syntax_id syntax_id; /* this function is called when the client binds to this interface */ - NTSTATUS (*bind)(struct dcesrv_call_state *, const struct dcesrv_interface *); + NTSTATUS (*bind)(struct dcesrv_call_state *, const struct dcesrv_interface *, uint32_t if_version); /* this function is called when the client disconnects the endpoint */ void (*unbind)(struct dcesrv_connection_context *, const struct dcesrv_interface *); @@ -66,7 +66,7 @@ struct dcesrv_interface { NTSTATUS (*ndr_push)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_push *, const void *); /* for any private use by the interface code */ - const void *private; + const void *private_data; }; enum dcesrv_call_list { @@ -76,6 +76,11 @@ enum dcesrv_call_list { DCESRV_LIST_PENDING_CALL_LIST }; +struct data_blob_list_item { + struct data_blob_list_item *prev,*next; + DATA_BLOB blob; +}; + /* the state of an ongoing dcerpc call */ struct dcesrv_call_state { struct dcesrv_call_state *next, *prev; @@ -101,17 +106,18 @@ struct dcesrv_call_state { */ #define DCESRV_CALL_STATE_FLAG_ASYNC (1<<0) #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1) -#define DCESRV_CALL_STATE_FLAG_HEADER_SIGNING (1<<2) +#define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3) +#define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4) uint32_t state_flags; /* the time the request arrived in the server */ struct timeval time; /* the backend can use this event context for async replies */ - struct event_context *event_ctx; + struct tevent_context *event_ctx; /* the message_context that will be used for async replies */ - struct messaging_context *msg_ctx; + struct imessaging_context *msg_ctx; /* this is the pointer to the allocated function struct */ void *r; @@ -129,6 +135,14 @@ struct dcesrv_call_state { /* this is used by the boilerplate code to generate DCERPC faults */ uint32_t fault_code; + + /* the reason why we terminate the connection after sending a response */ + const char *terminate_reason; + + /* temporary auth_info fields */ + struct dcerpc_auth in_auth_info; + struct dcerpc_auth _out_auth_info; + struct dcerpc_auth *out_auth_info; }; #define DCESRV_HANDLE_ANY 255 @@ -136,23 +150,33 @@ struct dcesrv_call_state { /* a dcerpc handle in internal format */ struct dcesrv_handle { struct dcesrv_handle *next, *prev; - struct dcesrv_connection_context *context; + struct dcesrv_assoc_group *assoc_group; struct policy_handle wire_handle; + struct dom_sid *sid; + const struct dcesrv_interface *iface; void *data; }; /* hold the authentication state information */ struct dcesrv_auth { - struct dcerpc_auth *auth_info; + enum dcerpc_AuthType auth_type; + enum dcerpc_AuthLevel auth_level; + uint32_t auth_context_id; struct gensec_security *gensec_security; struct auth_session_info *session_info; NTSTATUS (*session_key)(struct dcesrv_connection *, DATA_BLOB *session_key); + bool client_hdr_signing; + bool hdr_signing; + bool auth_finished; + bool auth_invalid; }; struct dcesrv_connection_context { struct dcesrv_connection_context *next, *prev; uint32_t context_id; + struct dcesrv_assoc_group *assoc_group; + /* the connection this is on */ struct dcesrv_connection *conn; @@ -160,16 +184,21 @@ struct dcesrv_connection_context { const struct dcesrv_interface *iface; /* private data for the interface implementation */ - void *private; + void *private_data; - /* current rpc handles - this is really the wrong scope for - them, but it will do for now */ - struct dcesrv_handle *handles; + /* + * the minimum required auth level for this interface + */ + enum dcerpc_AuthLevel min_auth_level; + bool allow_connect; }; /* the state associated with a dcerpc server connection */ struct dcesrv_connection { + /* for the broken_connections DLIST */ + struct dcesrv_connection *prev, *next; + /* the top level context for this server */ struct dcesrv_context *dce_ctx; @@ -189,18 +218,26 @@ struct dcesrv_connection { struct dcesrv_call_state *call_list; /* the maximum size the client wants to receive */ - uint32_t cli_max_recv_frag; + uint16_t max_recv_frag; + uint16_t max_xmit_frag; DATA_BLOB partial_input; - /* the current authentication state */ - struct dcesrv_auth auth_state; + /* This can be removed in master... */ + struct { + struct dcerpc_auth *auth_info; + struct gensec_security *gensec_security; + struct auth_session_info *session_info; + NTSTATUS (*session_key)(struct dcesrv_connection *, DATA_BLOB *session_key); + bool client_hdr_signing; + bool hdr_signing; + } _unused_auth_state; /* the event_context that will be used for this connection */ - struct event_context *event_ctx; + struct tevent_context *event_ctx; /* the message_context that will be used for this connection */ - struct messaging_context *msg_ctx; + struct imessaging_context *msg_ctx; /* the server_id that will be used for this connection */ struct server_id server_id; @@ -208,7 +245,10 @@ struct dcesrv_connection { /* the transport level session key */ DATA_BLOB transport_session_key; - bool processing; + /* is this connection pending termination? If so, why? */ + const char *terminate; + + const char *packet_log_dir; /* this is the default state_flags for dcesrv_call_state structs */ uint32_t state_flags; @@ -216,9 +256,24 @@ struct dcesrv_connection { struct { void *private_data; void (*report_output_data)(struct dcesrv_connection *); - struct socket_address *(*get_my_addr)(struct dcesrv_connection *, TALLOC_CTX *mem_ctx); - struct socket_address *(*get_peer_addr)(struct dcesrv_connection *, TALLOC_CTX *mem_ctx); } transport; + + struct tstream_context *stream; + struct tevent_queue *send_queue; + + const struct tsocket_address *local_address; + const struct tsocket_address *remote_address; + + /* the current authentication state */ + struct dcesrv_auth auth_state; + + /* + * remember which pdu types are allowed + */ + bool allow_bind; + bool allow_auth3; + bool allow_alter; + bool allow_request; }; @@ -245,8 +300,30 @@ struct dcesrv_endpoint_server { }; +/* one association groups */ +struct dcesrv_assoc_group { + /* the wire id */ + uint32_t id; + + /* list of handles in this association group */ + struct dcesrv_handle *handles; + + /* parent context */ + struct dcesrv_context *dce_ctx; + + /* Remote association group ID (if proxied) */ + uint32_t proxied_id; +}; + /* server-wide context information for the dcerpc server */ struct dcesrv_context { + /* + * The euid at startup time. + * + * This is required for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM + */ + uid_t initial_euid; + /* the list of endpoints that have registered * by the configured endpoint servers */ @@ -265,6 +342,10 @@ struct dcesrv_context { /* loadparm context to use for this connection */ struct loadparm_context *lp_ctx; + + struct idr_context *assoc_groups_idr; + + struct dcesrv_connection *broken_connections; }; /* this structure is used by modules to determine the size of some critical types */ @@ -291,27 +372,12 @@ NTSTATUS dcerpc_register_ep_server(const void *_ep_server); NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, const char **endpoint_servers, struct dcesrv_context **_dce_ctx); -NTSTATUS dcesrv_init_ipc_context(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, - struct dcesrv_context **_dce_ctx); -NTSTATUS dcesrv_endpoint_search_connect(struct dcesrv_context *dce_ctx, - TALLOC_CTX *mem_ctx, - const struct dcerpc_binding *ep_description, - struct auth_session_info *session_info, - struct event_context *event_ctx, - struct messaging_context *msg_ctx, - struct server_id server_id, - uint32_t state_flags, - struct dcesrv_connection **dce_conn_p); -NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn, - void *private_data, - NTSTATUS (*write_fn)(void *private_data, DATA_BLOB *output, size_t *nwritten)); -NTSTATUS dcesrv_input(struct dcesrv_connection *dce_conn, const DATA_BLOB *data); NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, TALLOC_CTX *mem_ctx, const struct dcesrv_endpoint *ep, struct auth_session_info *session_info, - struct event_context *event_ctx, - struct messaging_context *msg_ctx, + struct tevent_context *event_ctx, + struct imessaging_context *msg_ctx, struct server_id server_id, uint32_t state_flags, struct dcesrv_connection **_p); @@ -327,6 +393,8 @@ struct dcesrv_handle *dcesrv_handle_fetch( struct socket_address *dcesrv_connection_get_my_addr(struct dcesrv_connection *conn, TALLOC_CTX *mem_ctx); struct socket_address *dcesrv_connection_get_peer_addr(struct dcesrv_connection *conn, TALLOC_CTX *mem_ctx); +const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn); +const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn); NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, DATA_BLOB *session_key); @@ -367,6 +435,34 @@ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, DATA_BLOB *sessio #define DCESRV_PULL_HANDLE(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, NT_STATUS_INVALID_HANDLE) #define DCESRV_PULL_HANDLE_WERR(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, WERR_BADFID) +NTSTATUS dcesrv_add_ep(struct dcesrv_context *dce_ctx, + struct loadparm_context *lp_ctx, + struct dcesrv_endpoint *e, + struct tevent_context *event_ctx, + const struct model_ops *model_ops); +/** + * retrieve credentials from a dce_call + */ +_PUBLIC_ struct cli_credentials *dcesrv_call_credentials(struct dcesrv_call_state *dce_call); + +/** + * returns true if this is an authenticated call + */ +_PUBLIC_ bool dcesrv_call_authenticated(struct dcesrv_call_state *dce_call); + +/** + * retrieve account_name for a dce_call + */ +_PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call); + +_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_call, + const struct dcesrv_interface *iface); +_PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_call_state *dce_call, + const struct dcesrv_interface *iface); +_PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_call_state *dce_call, + const struct dcesrv_interface *iface); +_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_call_state *dce_call, + const struct dcesrv_interface *iface); #endif /* SAMBA_DCERPC_SERVER_H */