#include "librpc/rpc/rpc_common.h"
#include "lib/util/samba_modules.h"
#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "../lib/util/tevent_ntstatus.h"
static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
const struct dcerpc_bind *b,
/*
find the earlier parts of a fragmented call awaiting reassembily
*/
-static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint16_t call_id)
+static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint32_t call_id)
{
struct dcesrv_call_state *c;
for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) {
enum dcerpc_transport_t transport;
char *ep_string = NULL;
bool use_single_process = true;
-
+ const char *ep_process_string;
+
/*
* If we are not using handles, there is no need for force
* this service into using a single process.
* If we have mulitiple endpoints on port 0, they each
* get an epemeral port (currently by walking up from
* 1024).
+ *
+ * Because one endpoint can only have one process
+ * model, we add a new IP_TCP endpoint for each model.
+ *
+ * This works in conjunction with the forced overwrite
+ * of ep->use_single_process below.
*/
- if (!use_single_process && transport == NCACN_IP_TCP) {
+ if (ep->use_single_process != use_single_process
+ && transport == NCACN_IP_TCP) {
add_ep = true;
}
}
/* Re-get the string as we may have set a port */
ep_string = dcerpc_binding_string(dce_ctx, ep->ep_description);
- DEBUG(4,("dcesrv_interface_register: interface '%s' registered on endpoint '%s'\n",
- iface->name, ep_string));
+ if (use_single_process) {
+ ep_process_string = "single process required";
+ } else {
+ ep_process_string = "multi process compatible";
+ }
+
+ DBG_INFO("dcesrv_interface_register: interface '%s' "
+ "registered on endpoint '%s' (%s)\n",
+ iface->name, ep_string, ep_process_string);
TALLOC_FREE(ep_string);
return NT_STATUS_OK;
return NT_STATUS_OK;
}
+struct dcesrv_conn_auth_wait_context {
+ struct tevent_req *req;
+ bool done;
+ NTSTATUS status;
+};
+
+struct dcesrv_conn_auth_wait_state {
+ uint8_t dummy;
+};
+
+static struct tevent_req *dcesrv_conn_auth_wait_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ void *private_data)
+{
+ struct dcesrv_conn_auth_wait_context *auth_wait =
+ talloc_get_type_abort(private_data,
+ struct dcesrv_conn_auth_wait_context);
+ struct tevent_req *req = NULL;
+ struct dcesrv_conn_auth_wait_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct dcesrv_conn_auth_wait_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ auth_wait->req = req;
+
+ tevent_req_defer_callback(req, ev);
+
+ if (!auth_wait->done) {
+ return req;
+ }
+
+ if (tevent_req_nterror(req, auth_wait->status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+}
+
+static NTSTATUS dcesrv_conn_auth_wait_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+static NTSTATUS dcesrv_conn_auth_wait_setup(struct dcesrv_connection *conn)
+{
+ struct dcesrv_conn_auth_wait_context *auth_wait = NULL;
+
+ if (conn->wait_send != NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ auth_wait = talloc_zero(conn, struct dcesrv_conn_auth_wait_context);
+ if (auth_wait == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ conn->wait_private = auth_wait;
+ conn->wait_send = dcesrv_conn_auth_wait_send;
+ conn->wait_recv = dcesrv_conn_auth_wait_recv;
+ return NT_STATUS_OK;
+}
+
+static void dcesrv_conn_auth_wait_finished(struct dcesrv_connection *conn,
+ NTSTATUS status)
+{
+ struct dcesrv_conn_auth_wait_context *auth_wait =
+ talloc_get_type_abort(conn->wait_private,
+ struct dcesrv_conn_auth_wait_context);
+
+ auth_wait->done = true;
+ auth_wait->status = status;
+
+ if (auth_wait->req == NULL) {
+ return;
+ }
+
+ if (tevent_req_nterror(auth_wait->req, status)) {
+ return;
+ }
+
+ tevent_req_done(auth_wait->req);
+}
+
static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call);
+static void dcesrv_bind_done(struct tevent_req *subreq);
+
/*
handle a bind request
*/
static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
{
+ struct dcesrv_connection *conn = call->conn;
struct ncacn_packet *pkt = &call->ack_pkt;
NTSTATUS status;
uint32_t extra_flags = 0;
struct dcesrv_auth *auth = &call->conn->auth_state;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct dcerpc_ack_ctx *ack_features = NULL;
+ struct tevent_req *subreq = NULL;
size_t i;
status = dcerpc_verify_ncacn_packet_header(&call->pkt,
return dcesrv_auth_reply(call);
}
- status = gensec_update_ev(auth->gensec_security,
- call, call->event_ctx,
- call->in_auth_info.credentials,
- &call->out_auth_info->credentials);
+ subreq = gensec_update_send(call, call->event_ctx,
+ auth->gensec_security,
+ call->in_auth_info.credentials);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ tevent_req_set_callback(subreq, dcesrv_bind_done, call);
+
+ return dcesrv_conn_auth_wait_setup(conn);
+}
+
+static void dcesrv_bind_done(struct tevent_req *subreq)
+{
+ struct dcesrv_call_state *call =
+ tevent_req_callback_data(subreq,
+ struct dcesrv_call_state);
+ struct dcesrv_connection *conn = call->conn;
+ NTSTATUS status;
+
+ status = gensec_update_recv(subreq, call,
+ &call->out_auth_info->credentials);
+ TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
if (!NT_STATUS_IS_OK(status)) {
- return dcesrv_bind_nak(call, 0);
+ status = dcesrv_bind_nak(call, 0);
+ dcesrv_conn_auth_wait_finished(conn, status);
+ return;
}
- return dcesrv_auth_reply(call);
+ status = dcesrv_auth_reply(call);
+ dcesrv_conn_auth_wait_finished(conn, status);
+ return;
}
static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call)
}
+static void dcesrv_auth3_done(struct tevent_req *subreq);
+
/*
handle a auth3 request
*/
static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
{
+ struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = &call->conn->auth_state;
+ struct tevent_req *subreq = NULL;
NTSTATUS status;
if (!call->conn->allow_auth3) {
return NT_STATUS_OK;
}
- status = gensec_update_ev(auth->gensec_security,
- call, call->event_ctx,
- call->in_auth_info.credentials,
- &call->out_auth_info->credentials);
+ subreq = gensec_update_send(call, call->event_ctx,
+ auth->gensec_security,
+ call->in_auth_info.credentials);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ tevent_req_set_callback(subreq, dcesrv_auth3_done, call);
+
+ return dcesrv_conn_auth_wait_setup(conn);
+}
+
+static void dcesrv_auth3_done(struct tevent_req *subreq)
+{
+ struct dcesrv_call_state *call =
+ tevent_req_callback_data(subreq,
+ struct dcesrv_call_state);
+ struct dcesrv_connection *conn = call->conn;
+ NTSTATUS status;
+
+ status = gensec_update_recv(subreq, call,
+ &call->out_auth_info->credentials);
+ TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
if (!NT_STATUS_IS_OK(status)) {
*/
call->conn->auth_state.auth_invalid = true;
if (call->fault_code != 0) {
- return dcesrv_fault_disconnect(call, call->fault_code);
+ status = dcesrv_fault_disconnect(call, call->fault_code);
+ dcesrv_conn_auth_wait_finished(conn, status);
+ return;
}
TALLOC_FREE(call);
- return NT_STATUS_OK;
+ dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK);
+ return;
}
/*
* we don't send a reply to a auth3 request.
*/
TALLOC_FREE(call);
- return NT_STATUS_OK;
+ dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK);
+ return;
}
return NT_STATUS_OK;
}
+static void dcesrv_alter_done(struct tevent_req *subreq);
+
/*
handle a alter context request
*/
static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
{
+ struct dcesrv_connection *conn = call->conn;
NTSTATUS status;
bool auth_ok = false;
struct ncacn_packet *pkt = &call->ack_pkt;
uint32_t extra_flags = 0;
struct dcesrv_auth *auth = &call->conn->auth_state;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
+ struct tevent_req *subreq = NULL;
size_t i;
if (!call->conn->allow_alter) {
return dcesrv_auth_reply(call);
}
- status = gensec_update_ev(auth->gensec_security,
- call, call->event_ctx,
- call->in_auth_info.credentials,
- &call->out_auth_info->credentials);
+ subreq = gensec_update_send(call, call->event_ctx,
+ auth->gensec_security,
+ call->in_auth_info.credentials);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ tevent_req_set_callback(subreq, dcesrv_alter_done, call);
+
+ return dcesrv_conn_auth_wait_setup(conn);
+}
+
+static void dcesrv_alter_done(struct tevent_req *subreq)
+{
+ struct dcesrv_call_state *call =
+ tevent_req_callback_data(subreq,
+ struct dcesrv_call_state);
+ struct dcesrv_connection *conn = call->conn;
+ NTSTATUS status;
+
+ status = gensec_update_recv(subreq, call,
+ &call->out_auth_info->credentials);
+ TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
if (!NT_STATUS_IS_OK(status)) {
- return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
+ status = dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
+ dcesrv_conn_auth_wait_finished(conn, status);
+ return;
}
- return dcesrv_auth_reply(call);
+ status = dcesrv_auth_reply(call);
+ dcesrv_conn_auth_wait_finished(conn, status);
+ return;
}
/*
struct tsocket_address *r = NULL;
ret = tsocket_address_unix_from_path(dcesrv_conn,
- "/root/ncalrpc_as_system",
+ AS_SYSTEM_MAGIC_PATH_TOKEN,
&r);
if (ret == -1) {
status = map_nt_error_from_unix_common(errno);
static NTSTATUS dcesrv_add_ep_unix(struct dcesrv_context *dce_ctx,
struct loadparm_context *lp_ctx,
struct dcesrv_endpoint *e,
- struct tevent_context *event_ctx, const struct model_ops *model_ops)
+ struct tevent_context *event_ctx,
+ const struct model_ops *model_ops,
+ void *process_context)
{
struct dcesrv_socket_context *dcesrv_sock;
uint16_t port = 1;
model_ops, &dcesrv_stream_ops,
"unix", endpoint, &port,
lpcfg_socket_options(lp_ctx),
- dcesrv_sock);
+ dcesrv_sock, process_context);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n",
endpoint, nt_errstr(status)));
static NTSTATUS dcesrv_add_ep_ncalrpc(struct dcesrv_context *dce_ctx,
struct loadparm_context *lp_ctx,
struct dcesrv_endpoint *e,
- struct tevent_context *event_ctx, const struct model_ops *model_ops)
+ struct tevent_context *event_ctx,
+ const struct model_ops *model_ops,
+ void *process_context)
{
struct dcesrv_socket_context *dcesrv_sock;
uint16_t port = 1;
model_ops, &dcesrv_stream_ops,
"unix", full_path, &port,
lpcfg_socket_options(lp_ctx),
- dcesrv_sock);
+ dcesrv_sock, process_context);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("service_setup_stream_socket(identifier=%s,path=%s) failed - %s\n",
endpoint, full_path, nt_errstr(status)));
static NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx,
struct loadparm_context *lp_ctx,
struct dcesrv_endpoint *e,
- struct tevent_context *event_ctx, const struct model_ops *model_ops)
+ struct tevent_context *event_ctx,
+ const struct model_ops *model_ops,
+ void *process_context)
{
struct dcesrv_socket_context *dcesrv_sock;
NTSTATUS status;
status = tstream_setup_named_pipe(dce_ctx, event_ctx, lp_ctx,
model_ops, &dcesrv_stream_ops,
endpoint,
- dcesrv_sock);
+ dcesrv_sock, process_context);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("stream_setup_named_pipe(pipe=%s) failed - %s\n",
endpoint, nt_errstr(status)));
/*
add a socket address to the list of events, one event per dcerpc endpoint
*/
-static NTSTATUS add_socket_rpc_tcp_iface(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e,
- struct tevent_context *event_ctx, const struct model_ops *model_ops,
- const char *address)
+static NTSTATUS add_socket_rpc_tcp_iface(struct dcesrv_context *dce_ctx,
+ struct dcesrv_endpoint *e,
+ struct tevent_context *event_ctx,
+ const struct model_ops *model_ops,
+ const char *address,
+ void *process_context)
{
struct dcesrv_socket_context *dcesrv_sock;
uint16_t port = 0;
model_ops, &dcesrv_stream_ops,
"ip", address, &port,
lpcfg_socket_options(dce_ctx->lp_ctx),
- dcesrv_sock);
+ dcesrv_sock, process_context);
if (!NT_STATUS_IS_OK(status)) {
struct dcesrv_if_list *iface;
DEBUG(0,("service_setup_stream_socket(address=%s,port=%u) for ",
static NTSTATUS dcesrv_add_ep_tcp(struct dcesrv_context *dce_ctx,
struct loadparm_context *lp_ctx,
struct dcesrv_endpoint *e,
- struct tevent_context *event_ctx, const struct model_ops *model_ops)
+ struct tevent_context *event_ctx,
+ const struct model_ops *model_ops,
+ void *process_context)
{
NTSTATUS status;
num_interfaces = iface_list_count(ifaces);
for(i = 0; i < num_interfaces; i++) {
const char *address = iface_list_n_ip(ifaces, i);
- status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx, model_ops, address);
+ status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
+ model_ops, address,
+ process_context);
NT_STATUS_NOT_OK_RETURN(status);
}
} else {
char **wcard;
- int i;
- int num_binds = 0;
+ size_t i;
+ size_t num_binds = 0;
wcard = iface_list_wildcard(dce_ctx);
NT_STATUS_HAVE_NO_MEMORY(wcard);
for (i=0; wcard[i]; i++) {
- status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx, model_ops, wcard[i]);
+ status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
+ model_ops, wcard[i],
+ process_context);
if (NT_STATUS_IS_OK(status)) {
num_binds++;
}
struct loadparm_context *lp_ctx,
struct dcesrv_endpoint *e,
struct tevent_context *event_ctx,
- const struct model_ops *model_ops)
+ const struct model_ops *model_ops,
+ void *process_context)
{
enum dcerpc_transport_t transport =
dcerpc_binding_get_transport(e->ep_description);
switch (transport) {
case NCACN_UNIX_STREAM:
- return dcesrv_add_ep_unix(dce_ctx, lp_ctx, e, event_ctx, model_ops);
+ return dcesrv_add_ep_unix(dce_ctx, lp_ctx, e, event_ctx,
+ model_ops, process_context);
case NCALRPC:
- return dcesrv_add_ep_ncalrpc(dce_ctx, lp_ctx, e, event_ctx, model_ops);
+ return dcesrv_add_ep_ncalrpc(dce_ctx, lp_ctx, e, event_ctx,
+ model_ops, process_context);
case NCACN_IP_TCP:
- return dcesrv_add_ep_tcp(dce_ctx, lp_ctx, e, event_ctx, model_ops);
+ return dcesrv_add_ep_tcp(dce_ctx, lp_ctx, e, event_ctx,
+ model_ops, process_context);
case NCACN_NP:
- return dcesrv_add_ep_np(dce_ctx, lp_ctx, e, event_ctx, model_ops);
+ return dcesrv_add_ep_np(dce_ctx, lp_ctx, e, event_ctx,
+ model_ops, process_context);
default:
return NT_STATUS_NOT_SUPPORTED;