2 Unix SMB/CIFS implementation.
4 dcerpc utility functions
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Jelmer Vernooij 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 Copyright (C) Rafal Szczesniak 2006
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 2 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software
23 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #include "lib/events/events.h"
28 #include "libcli/composite/composite.h"
29 #include "librpc/gen_ndr/ndr_epmapper_c.h"
30 #include "librpc/gen_ndr/ndr_dcerpc.h"
31 #include "librpc/gen_ndr/ndr_misc.h"
32 #include "auth/credentials/credentials.h"
35 find a dcerpc call on an interface by name
37 const struct dcerpc_interface_call *dcerpc_iface_find_call(const struct dcerpc_interface_table *iface,
41 for (i=0;i<iface->num_calls;i++) {
42 if (strcmp(iface->calls[i].name, name) == 0) {
43 return &iface->calls[i];
50 push a ncacn_packet into a blob, potentially with auth info
52 NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
53 struct ncacn_packet *pkt,
54 struct dcerpc_auth *auth_info)
59 ndr = ndr_push_init_ctx(mem_ctx);
61 return NT_STATUS_NO_MEMORY;
64 if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
65 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
68 if (pkt->pfc_flags & DCERPC_PFC_FLAG_ORPC) {
69 ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
73 pkt->auth_length = auth_info->credentials.length;
78 status = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
79 if (!NT_STATUS_IS_OK(status)) {
84 status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
87 *blob = ndr_push_blob(ndr);
89 /* fill in the frag length */
90 dcerpc_set_frag_length(blob, blob->length);
95 #define MAX_PROTSEQ 10
99 enum dcerpc_transport_t transport;
101 enum epm_protocol protseq[MAX_PROTSEQ];
103 { "ncacn_np", NCACN_NP, 3,
104 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_SMB, EPM_PROTOCOL_NETBIOS }},
105 { "ncacn_ip_tcp", NCACN_IP_TCP, 3,
106 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_TCP, EPM_PROTOCOL_IP } },
107 { "ncacn_http", NCACN_HTTP, 3,
108 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_HTTP, EPM_PROTOCOL_IP } },
109 { "ncadg_ip_udp", NCACN_IP_UDP, 3,
110 { EPM_PROTOCOL_NCADG, EPM_PROTOCOL_UDP, EPM_PROTOCOL_IP } },
111 { "ncalrpc", NCALRPC, 2,
112 { EPM_PROTOCOL_NCALRPC, EPM_PROTOCOL_PIPE } },
113 { "ncacn_unix_stream", NCACN_UNIX_STREAM, 2,
114 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_UNIX_DS } },
115 { "ncadg_unix_dgram", NCADG_UNIX_DGRAM, 2,
116 { EPM_PROTOCOL_NCADG, EPM_PROTOCOL_UNIX_DS } },
117 { "ncacn_at_dsp", NCACN_AT_DSP, 3,
118 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_APPLETALK, EPM_PROTOCOL_DSP } },
119 { "ncadg_at_ddp", NCADG_AT_DDP, 3,
120 { EPM_PROTOCOL_NCADG, EPM_PROTOCOL_APPLETALK, EPM_PROTOCOL_DDP } },
121 { "ncacn_vns_ssp", NCACN_VNS_SPP, 3,
122 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_STREETTALK, EPM_PROTOCOL_VINES_SPP } },
123 { "ncacn_vns_ipc", NCACN_VNS_IPC, 3,
124 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_STREETTALK, EPM_PROTOCOL_VINES_IPC }, },
125 { "ncadg_ipx", NCADG_IPX, 2,
126 { EPM_PROTOCOL_NCADG, EPM_PROTOCOL_IPX },
128 { "ncacn_spx", NCACN_SPX, 3,
129 /* I guess some MS programmer confused the identifier for
130 * EPM_PROTOCOL_UUID (0x0D or 13) with the one for
131 * EPM_PROTOCOL_SPX (0x13) here. -- jelmer*/
132 { EPM_PROTOCOL_NCACN, EPM_PROTOCOL_NCALRPC, EPM_PROTOCOL_UUID },
136 static const struct {
139 } ncacn_options[] = {
140 {"sign", DCERPC_SIGN},
141 {"seal", DCERPC_SEAL},
142 {"connect", DCERPC_CONNECT},
143 {"spnego", DCERPC_AUTH_SPNEGO},
144 {"ntlm", DCERPC_AUTH_NTLM},
145 {"krb5", DCERPC_AUTH_KRB5},
146 {"validate", DCERPC_DEBUG_VALIDATE_BOTH},
147 {"print", DCERPC_DEBUG_PRINT_BOTH},
148 {"padcheck", DCERPC_DEBUG_PAD_CHECK},
149 {"bigendian", DCERPC_PUSH_BIGENDIAN},
150 {"smb2", DCERPC_SMB2}
153 const char *epm_floor_string(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
155 struct dcerpc_syntax_id syntax;
158 switch(epm_floor->lhs.protocol) {
159 case EPM_PROTOCOL_UUID:
160 status = dcerpc_floor_get_lhs_data(epm_floor, &syntax);
161 if (NT_STATUS_IS_OK(status)) {
162 /* lhs is used: UUID */
165 if (GUID_equal(&syntax.uuid, &ndr_transfer_syntax.uuid)) {
169 if (GUID_equal(&syntax.uuid, &ndr64_transfer_syntax.uuid)) {
173 uuidstr = GUID_string(mem_ctx, &syntax.uuid);
175 return talloc_asprintf(mem_ctx, " uuid %s/0x%02x", uuidstr, syntax.if_version);
177 return talloc_asprintf(mem_ctx, "IPX:%s",
178 data_blob_hex_string(mem_ctx, &epm_floor->rhs.uuid.unknown));
181 case EPM_PROTOCOL_NCACN:
184 case EPM_PROTOCOL_NCADG:
187 case EPM_PROTOCOL_NCALRPC:
190 case EPM_PROTOCOL_DNET_NSP:
193 case EPM_PROTOCOL_IP:
194 return talloc_asprintf(mem_ctx, "IP:%s", epm_floor->rhs.ip.ipaddr);
196 case EPM_PROTOCOL_PIPE:
197 return talloc_asprintf(mem_ctx, "PIPE:%s", epm_floor->rhs.pipe.path);
199 case EPM_PROTOCOL_SMB:
200 return talloc_asprintf(mem_ctx, "SMB:%s", epm_floor->rhs.smb.unc);
202 case EPM_PROTOCOL_UNIX_DS:
203 return talloc_asprintf(mem_ctx, "Unix:%s", epm_floor->rhs.unix_ds.path);
205 case EPM_PROTOCOL_NETBIOS:
206 return talloc_asprintf(mem_ctx, "NetBIOS:%s", epm_floor->rhs.netbios.name);
208 case EPM_PROTOCOL_NETBEUI:
211 case EPM_PROTOCOL_SPX:
214 case EPM_PROTOCOL_NB_IPX:
217 case EPM_PROTOCOL_HTTP:
218 return talloc_asprintf(mem_ctx, "HTTP:%d", epm_floor->rhs.http.port);
220 case EPM_PROTOCOL_TCP:
221 return talloc_asprintf(mem_ctx, "TCP:%d", epm_floor->rhs.tcp.port);
223 case EPM_PROTOCOL_UDP:
224 return talloc_asprintf(mem_ctx, "UDP:%d", epm_floor->rhs.udp.port);
227 return talloc_asprintf(mem_ctx, "UNK(%02x):", epm_floor->lhs.protocol);
233 form a binding string from a binding structure
235 const char *dcerpc_binding_string(TALLOC_CTX *mem_ctx, const struct dcerpc_binding *b)
237 char *s = talloc_strdup(mem_ctx, "");
239 const char *t_name=NULL;
241 for (i=0;i<ARRAY_SIZE(transports);i++) {
242 if (transports[i].transport == b->transport) {
243 t_name = transports[i].name;
250 if (!GUID_all_zero(&b->object.uuid)) {
251 s = talloc_asprintf(s, "%s@",
252 GUID_string(mem_ctx, &b->object.uuid));
255 s = talloc_asprintf_append(s, "%s:", t_name);
259 s = talloc_asprintf_append(s, "%s", b->host);
262 if (!b->endpoint && !b->options && !b->flags) {
266 s = talloc_asprintf_append(s, "[");
269 s = talloc_asprintf_append(s, "%s", b->endpoint);
272 /* this is a *really* inefficent way of dealing with strings,
273 but this is rarely called and the strings are always short,
275 for (i=0;b->options && b->options[i];i++) {
276 s = talloc_asprintf_append(s, ",%s", b->options[i]);
280 for (i=0;i<ARRAY_SIZE(ncacn_options);i++) {
281 if (b->flags & ncacn_options[i].flag) {
282 s = talloc_asprintf_append(s, ",%s", ncacn_options[i].name);
287 s = talloc_asprintf_append(s, "]");
293 parse a binding string into a dcerpc_binding structure
295 NTSTATUS dcerpc_parse_binding(TALLOC_CTX *mem_ctx, const char *s, struct dcerpc_binding **b_out)
297 struct dcerpc_binding *b;
298 char *options, *type;
300 int i, j, comma_count;
302 b = talloc(mem_ctx, struct dcerpc_binding);
304 return NT_STATUS_NO_MEMORY;
309 if (p && PTR_DIFF(p, s) == 36) { /* 36 is the length of a UUID */
312 status = GUID_from_string(s, &b->object.uuid);
314 if (NT_STATUS_IS_ERR(status)) {
315 DEBUG(0, ("Failed parsing UUID\n"));
321 ZERO_STRUCT(b->object);
324 b->object.if_version = 0;
328 return NT_STATUS_INVALID_PARAMETER;
331 type = talloc_strndup(mem_ctx, s, PTR_DIFF(p, s));
333 return NT_STATUS_NO_MEMORY;
336 for (i=0;i<ARRAY_SIZE(transports);i++) {
337 if (strcasecmp(type, transports[i].name) == 0) {
338 b->transport = transports[i].transport;
342 if (i==ARRAY_SIZE(transports)) {
343 DEBUG(0,("Unknown dcerpc transport '%s'\n", type));
344 return NT_STATUS_INVALID_PARAMETER;
351 b->host = talloc_strndup(b, s, PTR_DIFF(p, s));
352 options = talloc_strdup(mem_ctx, p+1);
353 if (options[strlen(options)-1] != ']') {
354 return NT_STATUS_INVALID_PARAMETER;
356 options[strlen(options)-1] = 0;
358 b->host = talloc_strdup(b, s);
363 return NT_STATUS_NO_MEMORY;
375 comma_count = count_chars(options, ',');
377 b->options = talloc_array(b, const char *, comma_count+2);
379 return NT_STATUS_NO_MEMORY;
382 for (i=0; (p = strchr(options, ',')); i++) {
383 b->options[i] = talloc_strndup(b, options, PTR_DIFF(p, options));
384 if (!b->options[i]) {
385 return NT_STATUS_NO_MEMORY;
389 b->options[i] = options;
390 b->options[i+1] = NULL;
392 /* some options are pre-parsed for convenience */
393 for (i=0;b->options[i];i++) {
394 for (j=0;j<ARRAY_SIZE(ncacn_options);j++) {
395 if (strcasecmp(ncacn_options[j].name, b->options[i]) == 0) {
397 b->flags |= ncacn_options[j].flag;
398 for (k=i;b->options[k];k++) {
399 b->options[k] = b->options[k+1];
408 /* Endpoint is first option */
409 b->endpoint = b->options[0];
410 if (strlen(b->endpoint) == 0) b->endpoint = NULL;
412 for (i=0;b->options[i];i++) {
413 b->options[i] = b->options[i+1];
417 if (b->options[0] == NULL)
424 NTSTATUS dcerpc_floor_get_lhs_data(struct epm_floor *epm_floor, struct dcerpc_syntax_id *syntax)
426 TALLOC_CTX *mem_ctx = talloc_init("floor_get_lhs_data");
427 struct ndr_pull *ndr = ndr_pull_init_blob(&epm_floor->lhs.lhs_data, mem_ctx);
429 uint16_t if_version=0;
431 ndr->flags |= LIBNDR_FLAG_NOALIGN;
433 status = ndr_pull_GUID(ndr, NDR_SCALARS | NDR_BUFFERS, &syntax->uuid);
434 if (NT_STATUS_IS_ERR(status)) {
435 talloc_free(mem_ctx);
439 status = ndr_pull_uint16(ndr, NDR_SCALARS, &if_version);
440 syntax->if_version = if_version;
442 talloc_free(mem_ctx);
447 static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX *mem_ctx, const struct dcerpc_syntax_id *syntax)
449 struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx);
451 ndr->flags |= LIBNDR_FLAG_NOALIGN;
453 ndr_push_GUID(ndr, NDR_SCALARS | NDR_BUFFERS, &syntax->uuid);
454 ndr_push_uint16(ndr, NDR_SCALARS, syntax->if_version);
456 return ndr_push_blob(ndr);
459 const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor)
461 switch (epm_floor->lhs.protocol) {
462 case EPM_PROTOCOL_TCP:
463 if (epm_floor->rhs.tcp.port == 0) return NULL;
464 return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.tcp.port);
466 case EPM_PROTOCOL_UDP:
467 if (epm_floor->rhs.udp.port == 0) return NULL;
468 return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.udp.port);
470 case EPM_PROTOCOL_HTTP:
471 if (epm_floor->rhs.http.port == 0) return NULL;
472 return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.http.port);
474 case EPM_PROTOCOL_IP:
475 return talloc_strdup(mem_ctx, epm_floor->rhs.ip.ipaddr);
477 case EPM_PROTOCOL_NCACN:
480 case EPM_PROTOCOL_NCADG:
483 case EPM_PROTOCOL_SMB:
484 if (strlen(epm_floor->rhs.smb.unc) == 0) return NULL;
485 return talloc_strdup(mem_ctx, epm_floor->rhs.smb.unc);
487 case EPM_PROTOCOL_PIPE:
488 if (strlen(epm_floor->rhs.pipe.path) == 0) return NULL;
489 return talloc_strdup(mem_ctx, epm_floor->rhs.pipe.path);
491 case EPM_PROTOCOL_NETBIOS:
492 if (strlen(epm_floor->rhs.netbios.name) == 0) return NULL;
493 return talloc_strdup(mem_ctx, epm_floor->rhs.netbios.name);
495 case EPM_PROTOCOL_NCALRPC:
498 case EPM_PROTOCOL_VINES_SPP:
499 return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.vines_spp.port);
501 case EPM_PROTOCOL_VINES_IPC:
502 return talloc_asprintf(mem_ctx, "%d", epm_floor->rhs.vines_ipc.port);
504 case EPM_PROTOCOL_STREETTALK:
505 return talloc_strdup(mem_ctx, epm_floor->rhs.streettalk.streettalk);
507 case EPM_PROTOCOL_UNIX_DS:
508 if (strlen(epm_floor->rhs.unix_ds.path) == 0) return NULL;
509 return talloc_strdup(mem_ctx, epm_floor->rhs.unix_ds.path);
511 case EPM_PROTOCOL_NULL:
515 DEBUG(0,("Unsupported lhs protocol %d\n", epm_floor->lhs.protocol));
522 static NTSTATUS dcerpc_floor_set_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor, const char *data)
524 switch (epm_floor->lhs.protocol) {
525 case EPM_PROTOCOL_TCP:
526 epm_floor->rhs.tcp.port = atoi(data);
529 case EPM_PROTOCOL_UDP:
530 epm_floor->rhs.udp.port = atoi(data);
533 case EPM_PROTOCOL_HTTP:
534 epm_floor->rhs.http.port = atoi(data);
537 case EPM_PROTOCOL_IP:
538 epm_floor->rhs.ip.ipaddr = talloc_strdup(mem_ctx, data);
539 NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.ip.ipaddr);
542 case EPM_PROTOCOL_NCACN:
543 epm_floor->rhs.ncacn.minor_version = 0;
546 case EPM_PROTOCOL_NCADG:
547 epm_floor->rhs.ncadg.minor_version = 0;
550 case EPM_PROTOCOL_SMB:
551 epm_floor->rhs.smb.unc = talloc_strdup(mem_ctx, data);
552 NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.smb.unc);
555 case EPM_PROTOCOL_PIPE:
556 epm_floor->rhs.pipe.path = talloc_strdup(mem_ctx, data);
557 NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.pipe.path);
560 case EPM_PROTOCOL_NETBIOS:
561 epm_floor->rhs.netbios.name = talloc_strdup(mem_ctx, data);
562 NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.netbios.name);
565 case EPM_PROTOCOL_NCALRPC:
568 case EPM_PROTOCOL_VINES_SPP:
569 epm_floor->rhs.vines_spp.port = atoi(data);
572 case EPM_PROTOCOL_VINES_IPC:
573 epm_floor->rhs.vines_ipc.port = atoi(data);
576 case EPM_PROTOCOL_STREETTALK:
577 epm_floor->rhs.streettalk.streettalk = talloc_strdup(mem_ctx, data);
578 NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.streettalk.streettalk);
581 case EPM_PROTOCOL_UNIX_DS:
582 epm_floor->rhs.unix_ds.path = talloc_strdup(mem_ctx, data);
583 NT_STATUS_HAVE_NO_MEMORY(epm_floor->rhs.unix_ds.path);
586 case EPM_PROTOCOL_NULL:
590 DEBUG(0,("Unsupported lhs protocol %d\n", epm_floor->lhs.protocol));
594 return NT_STATUS_NOT_SUPPORTED;
597 enum dcerpc_transport_t dcerpc_transport_by_endpoint_protocol(int prot)
601 /* Find a transport that has 'prot' as 4th protocol */
602 for (i=0;i<ARRAY_SIZE(transports);i++) {
603 if (transports[i].num_protocols >= 2 &&
604 transports[i].protseq[1] == prot) {
605 return transports[i].transport;
609 /* Unknown transport */
613 enum dcerpc_transport_t dcerpc_transport_by_tower(struct epm_tower *tower)
617 /* Find a transport that matches this tower */
618 for (i=0;i<ARRAY_SIZE(transports);i++) {
620 if (transports[i].num_protocols != tower->num_floors - 2) {
624 for (j = 0; j < transports[i].num_protocols; j++) {
625 if (transports[i].protseq[j] != tower->floors[j+2].lhs.protocol) {
630 if (j == transports[i].num_protocols) {
631 return transports[i].transport;
635 /* Unknown transport */
639 NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx, struct epm_tower *tower, struct dcerpc_binding **b_out)
642 struct dcerpc_binding *binding;
644 binding = talloc(mem_ctx, struct dcerpc_binding);
645 NT_STATUS_HAVE_NO_MEMORY(binding);
647 ZERO_STRUCT(binding->object);
648 binding->options = NULL;
649 binding->host = NULL;
652 binding->transport = dcerpc_transport_by_tower(tower);
654 if (binding->transport == -1) {
655 return NT_STATUS_NOT_SUPPORTED;
658 if (tower->num_floors < 1) {
662 /* Set object uuid */
663 status = dcerpc_floor_get_lhs_data(&tower->floors[0], &binding->object);
665 if (!NT_STATUS_IS_OK(status)) {
666 DEBUG(1, ("Error pulling object uuid and version: %s", nt_errstr(status)));
670 /* Ignore floor 1, it contains the NDR version info */
672 binding->options = NULL;
675 if (tower->num_floors >= 4) {
676 binding->endpoint = dcerpc_floor_get_rhs_data(mem_ctx, &tower->floors[3]);
678 binding->endpoint = NULL;
681 /* Set network address */
682 if (tower->num_floors >= 5) {
683 binding->host = dcerpc_floor_get_rhs_data(mem_ctx, &tower->floors[4]);
689 NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding, struct epm_tower *tower)
691 const enum epm_protocol *protseq = NULL;
692 int num_protocols = -1, i;
696 for (i=0;i<ARRAY_SIZE(transports);i++) {
697 if (transports[i].transport == binding->transport) {
698 protseq = transports[i].protseq;
699 num_protocols = transports[i].num_protocols;
704 if (num_protocols == -1) {
705 DEBUG(0, ("Unable to find transport with id '%d'\n", binding->transport));
706 return NT_STATUS_UNSUCCESSFUL;
709 tower->num_floors = 2 + num_protocols;
710 tower->floors = talloc_array(mem_ctx, struct epm_floor, tower->num_floors);
713 tower->floors[0].lhs.protocol = EPM_PROTOCOL_UUID;
715 tower->floors[0].lhs.lhs_data = dcerpc_floor_pack_lhs_data(mem_ctx, &binding->object);
717 tower->floors[0].rhs.uuid.unknown = data_blob_talloc_zero(mem_ctx, 2);
720 tower->floors[1].lhs.protocol = EPM_PROTOCOL_UUID;
722 tower->floors[1].lhs.lhs_data = dcerpc_floor_pack_lhs_data(mem_ctx,
723 &ndr_transfer_syntax);
725 tower->floors[1].rhs.uuid.unknown = data_blob_talloc_zero(mem_ctx, 2);
727 /* Floor 2 to num_protocols */
728 for (i = 0; i < num_protocols; i++) {
729 tower->floors[2 + i].lhs.protocol = protseq[i];
730 tower->floors[2 + i].lhs.lhs_data = data_blob_talloc(mem_ctx, NULL, 0);
731 ZERO_STRUCT(tower->floors[2 + i].rhs);
732 dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[2 + i], "");
735 /* The 4th floor contains the endpoint */
736 if (num_protocols >= 2 && binding->endpoint) {
737 status = dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[3], binding->endpoint);
738 if (NT_STATUS_IS_ERR(status)) {
743 /* The 5th contains the network address */
744 if (num_protocols >= 3 && binding->host) {
745 if (is_ipaddress(binding->host)) {
746 status = dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[4],
749 /* note that we don't attempt to resolve the
750 name here - when we get a hostname here we
751 are in the client code, and want to put in
752 a wildcard all-zeros IP for the server to
754 status = dcerpc_floor_set_rhs_data(mem_ctx, &tower->floors[4],
757 if (NT_STATUS_IS_ERR(status)) {
766 struct epm_map_binding_state {
767 struct dcerpc_binding *binding;
768 const struct dcerpc_interface_table *table;
769 struct dcerpc_pipe *pipe;
770 struct policy_handle handle;
772 struct epm_twr_t twr;
773 struct epm_twr_t *twr_r;
778 static void continue_epm_recv_binding(struct composite_context *ctx);
779 static void continue_epm_map(struct rpc_request *req);
783 Stage 2 of epm_map_binding: Receive connected rpc pipe and send endpoint
786 static void continue_epm_recv_binding(struct composite_context *ctx)
788 struct rpc_request *map_req;
790 struct composite_context *c = talloc_get_type(ctx->async.private_data,
791 struct composite_context);
792 struct epm_map_binding_state *s = talloc_get_type(c->private_data,
793 struct epm_map_binding_state);
795 /* receive result of rpc pipe connect request */
796 c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
797 if (!composite_is_ok(c)) return;
799 /* prepare requested binding parameters */
800 s->binding->object = s->table->syntax_id;
802 c->status = dcerpc_binding_build_tower(s->pipe, s->binding, &s->twr.tower);
803 if (!composite_is_ok(c)) return;
805 /* with some nice pretty paper around it of course */
806 s->r.in.object = &s->guid;
807 s->r.in.map_tower = &s->twr;
808 s->r.in.entry_handle = &s->handle;
809 s->r.in.max_towers = 1;
810 s->r.out.entry_handle = &s->handle;
812 /* send request for an endpoint mapping - a rpc request on connected pipe */
813 map_req = dcerpc_epm_Map_send(s->pipe, c, &s->r);
814 if (composite_nomem(map_req, c)) return;
816 composite_continue_rpc(c, map_req, continue_epm_map, c);
821 Stage 3 of epm_map_binding: Receive endpoint mapping and provide binding details
823 static void continue_epm_map(struct rpc_request *req)
825 struct composite_context *c = talloc_get_type(req->async.private,
826 struct composite_context);
827 struct epm_map_binding_state *s = talloc_get_type(c->private_data,
828 struct epm_map_binding_state);
830 /* receive result of a rpc request */
831 c->status = dcerpc_ndr_request_recv(req);
832 if (!composite_is_ok(c)) return;
834 /* check the details */
835 if (s->r.out.result != 0 || s->r.out.num_towers != 1) {
836 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
840 s->twr_r = s->r.out.towers[0].twr;
841 if (s->twr_r == NULL) {
842 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
846 if (s->twr_r->tower.num_floors != s->twr.tower.num_floors ||
847 s->twr_r->tower.floors[3].lhs.protocol != s->twr.tower.floors[3].lhs.protocol) {
848 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
852 /* get received endpoint */
853 s->binding->endpoint = talloc_reference(s->binding,
854 dcerpc_floor_get_rhs_data(c, &s->twr_r->tower.floors[3]));
860 Request for endpoint mapping of dcerpc binding - try to request for endpoint
861 unless there is default one.
863 struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
864 struct dcerpc_binding *binding,
865 const struct dcerpc_interface_table *table,
866 struct event_context *ev)
868 struct composite_context *c;
869 struct epm_map_binding_state *s;
870 struct composite_context *pipe_connect_req;
871 struct cli_credentials *anon_creds;
874 struct dcerpc_binding *epmapper_binding;
877 /* composite context allocation and setup */
878 c = talloc_zero(mem_ctx, struct composite_context);
879 if (c == NULL) return NULL;
881 s = talloc_zero(c, struct epm_map_binding_state);
882 if (composite_nomem(s, c)) return c;
884 c->state = COMPOSITE_STATE_IN_PROGRESS;
888 /* Try to find event context in memory context in case passed
889 * event_context (argument) was NULL. If there's none, just
892 if (c->event_ctx == NULL) {
893 c->event_ctx = event_context_find(mem_ctx);
896 s->binding = binding;
899 /* anonymous credentials for rpc connection used to get endpoint mapping */
900 anon_creds = cli_credentials_init(mem_ctx);
901 cli_credentials_set_conf(anon_creds);
902 cli_credentials_set_anonymous(anon_creds);
905 First, check if there is a default endpoint specified in the IDL
908 struct dcerpc_binding *default_binding;
910 /* Find one of the default pipes for this interface */
911 for (i = 0; i < table->endpoints->count; i++) {
912 status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
914 if (NT_STATUS_IS_OK(status)) {
915 if (default_binding->transport == binding->transport && default_binding->endpoint) {
916 binding->endpoint = talloc_reference(binding, default_binding->endpoint);
917 talloc_free(default_binding);
923 talloc_free(default_binding);
929 epmapper_binding = talloc_zero(c, struct dcerpc_binding);
930 if (composite_nomem(epmapper_binding, c)) return c;
932 /* basic endpoint mapping data */
933 epmapper_binding->transport = binding->transport;
934 epmapper_binding->host = talloc_reference(epmapper_binding, binding->host);
935 epmapper_binding->options = NULL;
936 epmapper_binding->flags = 0;
937 epmapper_binding->endpoint = NULL;
939 /* initiate rpc pipe connection */
940 pipe_connect_req = dcerpc_pipe_connect_b_send(c, epmapper_binding, &dcerpc_table_epmapper,
941 anon_creds, c->event_ctx);
942 if (composite_nomem(pipe_connect_req, c)) return c;
944 composite_continue(c, pipe_connect_req, continue_epm_recv_binding, c);
950 Receive result of endpoint mapping request
952 NTSTATUS dcerpc_epm_map_binding_recv(struct composite_context *c)
954 NTSTATUS status = composite_wait(c);
962 Get endpoint mapping for rpc connection
964 NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding,
965 const struct dcerpc_interface_table *table, struct event_context *ev)
967 struct composite_context *c;
969 c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, ev);
970 return dcerpc_epm_map_binding_recv(c);
974 struct pipe_auth_state {
975 struct dcerpc_pipe *pipe;
976 struct dcerpc_binding *binding;
977 const struct dcerpc_interface_table *table;
978 struct cli_credentials *credentials;
980 BOOL try_ntlm_fallback;
984 static void continue_new_auth_bind(struct composite_context *ctx);
988 Stage 2 of pipe_auth: Receive result of schannel bind request
990 static void continue_auth_schannel(struct composite_context *ctx)
992 struct composite_context *c = talloc_get_type(ctx->async.private_data,
993 struct composite_context);
995 c->status = dcerpc_bind_auth_schannel_recv(ctx);
996 if (!composite_is_ok(c)) return;
1003 Stage 2 of pipe_auth: Receive result of authenticated bind request, but handle fallbacks:
1006 static void continue_recv_bind(struct composite_context *ctx)
1009 struct composite_context *c = talloc_get_type(ctx->async.private_data,
1010 struct composite_context);
1011 struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state);
1013 status = dcerpc_bind_auth_recv(ctx);
1014 if (s->auth_type == DCERPC_AUTH_TYPE_SPNEGO
1015 && s->try_ntlm_fallback
1016 && NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1017 struct composite_context *sec_conn_req;
1018 s->try_ntlm_fallback = False;
1019 s->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
1020 /* send a request for secondary rpc connection */
1021 sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
1023 if (composite_nomem(sec_conn_req, c)) return;
1025 composite_continue(c, sec_conn_req, continue_new_auth_bind, c);
1028 } else if (s->auth_type == DCERPC_AUTH_TYPE_SPNEGO && NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1029 struct composite_context *sec_conn_req;
1030 if (cli_credentials_wrong_password(s->credentials)) {
1031 /* send a request for secondary rpc connection */
1032 sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
1034 if (composite_nomem(sec_conn_req, c)) return;
1036 composite_continue(c, sec_conn_req, continue_new_auth_bind, c);
1043 if (!composite_is_ok(c)) return;
1049 Stage 3 of pipe_auth (fallback to NTLMSSP case/SPNEGO password retry case):
1051 Receive secondary rpc connection (the first one can't be used any
1052 more, due to the bind nak) and perform authenticated bind request
1054 Calls back to stage 2 to process the response.
1056 static void continue_new_auth_bind(struct composite_context *ctx)
1058 struct composite_context *c;
1059 struct pipe_auth_state *s;
1060 struct composite_context *auth_req;
1061 struct dcerpc_pipe *p2;
1063 c = talloc_get_type(ctx->async.private_data, struct composite_context);
1064 s = talloc_get_type(c->private_data, struct pipe_auth_state);
1066 /* receive secondary rpc connection */
1067 c->status = dcerpc_secondary_connection_recv(ctx, &p2);
1070 if (!composite_is_ok(c)) return;
1072 /* initiate a authenticated bind */
1073 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
1074 s->credentials, s->auth_type,
1075 dcerpc_auth_level(s->pipe->conn),
1076 s->table->authservices->names[0]);
1077 if (composite_nomem(auth_req, c)) return;
1079 composite_continue(c, auth_req, continue_recv_bind, c);
1084 Stage 2 of pipe_auth: Receive result of non-authenticated bind request
1086 static void continue_auth_recv_none(struct composite_context *ctx)
1088 struct composite_context *c = talloc_get_type(ctx->async.private_data,
1089 struct composite_context);
1091 c->status = dcerpc_bind_auth_none_recv(ctx);
1092 if (!composite_is_ok(c)) return;
1099 Request to perform an authenticated bind if required. Authentication
1100 is determined using credentials passed and binding flags.
1102 struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
1103 struct dcerpc_binding *binding,
1104 const struct dcerpc_interface_table *table,
1105 struct cli_credentials *credentials)
1107 struct composite_context *c;
1108 struct pipe_auth_state *s;
1109 struct composite_context *auth_schannel_req;
1110 struct composite_context *auth_req;
1111 struct composite_context *auth_none_req;
1112 struct dcerpc_connection *conn;
1114 /* composite context allocation and setup */
1115 c = talloc_zero(NULL, struct composite_context);
1116 if (c == NULL) return NULL;
1118 s = talloc_zero(c, struct pipe_auth_state);
1119 if (composite_nomem(s, c)) return c;
1121 c->state = COMPOSITE_STATE_IN_PROGRESS;
1122 c->private_data = s;
1123 c->event_ctx = p->conn->event_ctx;
1125 /* store parameters in state structure */
1126 s->binding = binding;
1128 s->credentials = credentials;
1131 conn = s->pipe->conn;
1132 conn->flags = binding->flags;
1134 /* remember the binding string for possible secondary connections */
1135 conn->binding_string = dcerpc_binding_string(p, binding);
1137 if (!cli_credentials_is_anonymous(s->credentials) &&
1138 (binding->flags & DCERPC_SCHANNEL) &&
1139 !cli_credentials_get_netlogon_creds(s->credentials)) {
1141 /* If we don't already have netlogon credentials for
1142 * the schannel bind, then we have to get these
1144 auth_schannel_req = dcerpc_bind_auth_schannel_send(c, s->pipe, s->table,
1146 dcerpc_auth_level(conn));
1147 if (composite_nomem(auth_schannel_req, c)) return c;
1149 composite_continue(c, auth_schannel_req, continue_auth_schannel, c);
1151 } else if (!cli_credentials_is_anonymous(s->credentials) &&
1152 !(conn->transport.transport == NCACN_NP &&
1153 !(s->binding->flags & DCERPC_SIGN) &&
1154 !(s->binding->flags & DCERPC_SEAL))) {
1156 /* Perform an authenticated DCE-RPC bind, except where
1157 * we ask for a connection on NCACN_NP, and that
1158 * connection is not signed or sealed. For that case
1159 * we rely on the already authenticated CIFS connection
1162 if ((conn->flags & (DCERPC_SIGN|DCERPC_SEAL)) == 0) {
1164 we are doing an authenticated connection,
1165 but not using sign or seal. We must force
1166 the CONNECT dcerpc auth type as a NONE auth
1167 type doesn't allow authentication
1168 information to be passed.
1170 conn->flags |= DCERPC_CONNECT;
1173 if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
1174 s->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
1176 } else if (s->binding->flags & DCERPC_AUTH_KRB5) {
1177 s->auth_type = DCERPC_AUTH_TYPE_KRB5;
1179 } else if (s->binding->flags & DCERPC_SCHANNEL) {
1180 s->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
1182 } else if (s->binding->flags & DCERPC_AUTH_NTLM) {
1183 s->auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
1185 s->auth_type = DCERPC_AUTH_TYPE_SPNEGO;
1186 s->try_ntlm_fallback = True;
1189 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
1190 s->credentials, s->auth_type,
1191 dcerpc_auth_level(conn),
1192 s->table->authservices->names[0]);
1193 if (composite_nomem(auth_req, c)) return c;
1195 composite_continue(c, auth_req, continue_recv_bind, c);
1198 auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
1199 if (composite_nomem(auth_none_req, c)) return c;
1201 composite_continue(c, auth_none_req, continue_auth_recv_none, c);
1209 Receive result of authenticated bind request on dcerpc pipe
1211 This returns *p, which may be different to the one originally
1212 supllied, as it rebinds to a new pipe due to authentication fallback
1215 NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c,
1216 struct dcerpc_pipe **p)
1220 struct pipe_auth_state *s = talloc_get_type(c->private_data,
1221 struct pipe_auth_state);
1222 status = composite_wait(c);
1223 if (!NT_STATUS_IS_OK(status)) {
1224 char *uuid_str = GUID_string(s->pipe, &s->table->syntax_id.uuid);
1225 DEBUG(0, ("Failed to bind to uuid %s - %s\n", uuid_str, nt_errstr(status)));
1226 talloc_free(uuid_str);
1237 Perform an authenticated bind if needed - sync version
1239 This may change *p, as it rebinds to a new pipe due to authentication fallback
1241 NTSTATUS dcerpc_pipe_auth(struct dcerpc_pipe **p,
1242 struct dcerpc_binding *binding,
1243 const struct dcerpc_interface_table *table,
1244 struct cli_credentials *credentials)
1246 struct composite_context *c;
1248 c = dcerpc_pipe_auth_send(*p, binding, table, credentials);
1249 return dcerpc_pipe_auth_recv(c, p);
1253 NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c,
1254 DATA_BLOB *session_key)
1256 /* this took quite a few CPU cycles to find ... */
1257 session_key->data = discard_const_p(unsigned char, "SystemLibraryDTC");
1258 session_key->length = 16;
1259 return NT_STATUS_OK;
1263 fetch the user session key - may be default (above) or the SMB session key
1265 NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
1266 DATA_BLOB *session_key)
1268 return p->conn->security_state.session_key(p->conn, session_key);
1273 log a rpc packet in a format suitable for ndrdump. This is especially useful
1274 for sealed packets, where ethereal cannot easily see the contents
1276 this triggers on a debug level of >= 10
1278 void dcerpc_log_packet(const struct dcerpc_interface_table *ndr,
1279 uint32_t opnum, uint32_t flags, DATA_BLOB *pkt)
1281 const int num_examples = 20;
1284 if (DEBUGLEVEL < 10) return;
1286 for (i=0;i<num_examples;i++) {
1288 asprintf(&name, "%s/rpclog/%s-%u.%d.%s",
1289 lp_lockdir(), ndr->name, opnum, i,
1290 (flags&NDR_IN)?"in":"out");
1294 if (!file_exist(name)) {
1295 if (file_save(name, pkt->data, pkt->length)) {
1296 DEBUG(10,("Logged rpc packet to %s\n", name));
1308 create a secondary context from a primary connection
1310 this uses dcerpc_alter_context() to create a new dcerpc context_id
1312 NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p,
1313 struct dcerpc_pipe **pp2,
1314 const struct dcerpc_interface_table *table)
1317 struct dcerpc_pipe *p2;
1319 p2 = talloc_zero(p, struct dcerpc_pipe);
1321 return NT_STATUS_NO_MEMORY;
1323 p2->conn = talloc_reference(p2, p->conn);
1324 p2->request_timeout = p->request_timeout;
1326 p2->context_id = ++p->conn->next_context_id;
1328 p2->syntax = table->syntax_id;
1330 p2->transfer_syntax = ndr_transfer_syntax;
1332 status = dcerpc_alter_context(p2, p2, &p2->syntax, &p2->transfer_syntax);
1333 if (!NT_STATUS_IS_OK(status)) {
git.samba.org / jelmer / samba4-debian.git / blob