e073fe45a283f299a0b62d19bcc6b3e3ab1bacf2
[kai/samba.git] / source3 / rpc_server / rpc_handles.c
1 /* 
2  *  Unix SMB/CIFS implementation.
3  *  RPC Pipe client / server routines
4  *  Copyright (C) Andrew Tridgell              1992-1997,
5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
6  *  Copyright (C) Jeremy Allison                           2001.
7  *  
8  *  This program is free software; you can redistribute it and/or modify
9  *  it under the terms of the GNU General Public License as published by
10  *  the Free Software Foundation; either version 3 of the License, or
11  *  (at your option) any later version.
12  *  
13  *  This program is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  *  GNU General Public License for more details.
17  *  
18  *  You should have received a copy of the GNU General Public License
19  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
20  */
21
22 #include "includes.h"
23 #include "../librpc/gen_ndr/ndr_lsa.h"
24 #include "../librpc/gen_ndr/ndr_samr.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_SRV
28
29 /*
30  * Handle database - stored per pipe.
31  */
32
33 struct dcesrv_handle {
34         struct dcesrv_handle *prev, *next;
35         struct policy_handle wire_handle;
36         uint32_t access_granted;
37         void *data;
38 };
39
40 struct handle_list {
41         struct dcesrv_handle *handles;  /* List of pipe handles. */
42         size_t count;                   /* Current number of handles. */
43         size_t pipe_ref_count;          /* Number of pipe handles referring
44                                          * to this tree. */
45 };
46
47 /* This is the max handles across all instances of a pipe name. */
48 #ifndef MAX_OPEN_POLS
49 #define MAX_OPEN_POLS 2048
50 #endif
51
52 /****************************************************************************
53  Hack as handles need to be persisant over lsa pipe closes so long as a samr
54  pipe is open. JRA.
55 ****************************************************************************/
56
57 static bool is_samr_lsa_pipe(const struct ndr_syntax_id *syntax)
58 {
59         return (ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id)
60                 || ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id));
61 }
62
63 size_t num_pipe_handles(pipes_struct *p)
64 {
65         if (p->pipe_handles == NULL) {
66                 return 0;
67         }
68         return p->pipe_handles->count;
69 }
70
71 /****************************************************************************
72  Initialise a policy handle list on a pipe. Handle list is shared between all
73  pipes of the same name.
74 ****************************************************************************/
75
76 bool init_pipe_handles(pipes_struct *p, const struct ndr_syntax_id *syntax)
77 {
78         pipes_struct *plist;
79         struct handle_list *hl;
80
81         for (plist = get_first_internal_pipe();
82              plist;
83              plist = get_next_internal_pipe(plist)) {
84                 if (ndr_syntax_id_equal(syntax, &plist->syntax)) {
85                         break;
86                 }
87                 if (is_samr_lsa_pipe(&plist->syntax)
88                     && is_samr_lsa_pipe(syntax)) {
89                         /*
90                          * samr and lsa share a handle space (same process
91                          * under Windows?)
92                          */
93                         break;
94                 }
95         }
96
97         if (plist != NULL) {
98                 hl = plist->pipe_handles;
99                 if (hl == NULL) {
100                         return false;
101                 }
102         } else {
103                 /*
104                  * First open, we have to create the handle list
105                  */
106                 hl = talloc_zero(NULL, struct handle_list);
107                 if (hl == NULL) {
108                         return false;
109                 }
110
111                 DEBUG(10,("init_pipe_handle_list: created handle list for "
112                           "pipe %s\n",
113                           get_pipe_name_from_syntax(talloc_tos(), syntax)));
114         }
115
116         /*
117          * One more pipe is using this list.
118          */
119
120         hl->pipe_ref_count++;
121
122         /*
123          * Point this pipe at this list.
124          */
125
126         p->pipe_handles = hl;
127
128         DEBUG(10,("init_pipe_handle_list: pipe_handles ref count = %lu for "
129                   "pipe %s\n", (unsigned long)p->pipe_handles->pipe_ref_count,
130                   get_pipe_name_from_syntax(talloc_tos(), syntax)));
131
132         return True;
133 }
134
135 /****************************************************************************
136   find first available policy slot.  creates a policy handle for you.
137
138   If "data_ptr" is given, this must be a talloc'ed object, create_policy_hnd
139   talloc_moves this into the handle. If the policy_hnd is closed,
140   data_ptr is TALLOC_FREE()'ed
141 ****************************************************************************/
142
143 static struct dcesrv_handle *create_rpc_handle_internal(pipes_struct *p,
144                                 struct policy_handle *hnd, void *data_ptr)
145 {
146         struct dcesrv_handle *rpc_hnd;
147         static uint32 pol_hnd_low  = 0;
148         static uint32 pol_hnd_high = 0;
149         time_t t = time(NULL);
150
151         if (p->pipe_handles->count > MAX_OPEN_POLS) {
152                 DEBUG(0,("create_policy_hnd: ERROR: too many handles (%d) on this pipe.\n",
153                                 (int)p->pipe_handles->count));
154                 return NULL;
155         }
156
157         rpc_hnd = talloc_zero(p->pipe_handles, struct dcesrv_handle);
158         if (!rpc_hnd) {
159                 DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));
160                 return NULL;
161         }
162
163         if (data_ptr != NULL) {
164                 rpc_hnd->data = talloc_move(rpc_hnd, &data_ptr);
165         }
166
167         pol_hnd_low++;
168         if (pol_hnd_low == 0) {
169                 pol_hnd_high++;
170         }
171
172         /* first bit must be null */
173         SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , 0);
174
175         /* second bit is incrementing */
176         SIVAL(&rpc_hnd->wire_handle.uuid.time_low, 0 , pol_hnd_low);
177         SSVAL(&rpc_hnd->wire_handle.uuid.time_mid, 0 , pol_hnd_high);
178         SSVAL(&rpc_hnd->wire_handle.uuid.time_hi_and_version, 0, (pol_hnd_high >> 16));
179
180         /* split the current time into two 16 bit values */
181
182         /* something random */
183         SSVAL(rpc_hnd->wire_handle.uuid.clock_seq, 0, (t >> 16));
184         /* something random */
185         SSVAL(rpc_hnd->wire_handle.uuid.node, 0, t);
186         /* something more random */
187         SIVAL(rpc_hnd->wire_handle.uuid.node, 2, sys_getpid());
188
189         DLIST_ADD(p->pipe_handles->handles, rpc_hnd);
190         p->pipe_handles->count++;
191
192         *hnd = rpc_hnd->wire_handle;
193
194         DEBUG(4, ("Opened policy hnd[%d] ", (int)p->pipe_handles->count));
195         dump_data(4, (uint8_t *)hnd, sizeof(*hnd));
196
197         return rpc_hnd;
198 }
199
200 bool create_policy_hnd(pipes_struct *p, struct policy_handle *hnd,
201                        void *data_ptr)
202 {
203         struct dcesrv_handle *rpc_hnd;
204
205         rpc_hnd = create_rpc_handle_internal(p, hnd, data_ptr);
206         if (rpc_hnd == NULL) {
207                 return false;
208         }
209         return true;
210 }
211
212 /****************************************************************************
213   find policy by handle - internal version.
214 ****************************************************************************/
215
216 static struct dcesrv_handle *find_policy_by_hnd_internal(pipes_struct *p,
217                                 const struct policy_handle *hnd, void **data_p)
218 {
219         struct dcesrv_handle *h;
220         unsigned int count;
221
222         if (data_p) {
223                 *data_p = NULL;
224         }
225
226         count = 0;
227         for (h = p->pipe_handles->handles; h != NULL; h = h->next) {
228                 if (memcmp(&h->wire_handle, hnd, sizeof(*hnd)) == 0) {
229                         DEBUG(4,("Found policy hnd[%u] ", count));
230                         dump_data(4, (uint8 *)hnd, sizeof(*hnd));
231                         if (data_p) {
232                                 *data_p = h->data;
233                         }
234                         return h;
235                 }
236                 count++;
237         }
238
239         DEBUG(4,("Policy not found: "));
240         dump_data(4, (uint8_t *)hnd, sizeof(*hnd));
241
242         p->bad_handle_fault_state = true;
243
244         return NULL;
245 }
246
247 /****************************************************************************
248   find policy by handle
249 ****************************************************************************/
250
251 bool find_policy_by_hnd(pipes_struct *p, const struct policy_handle *hnd,
252                         void **data_p)
253 {
254         struct dcesrv_handle *rpc_hnd;
255
256         rpc_hnd = find_policy_by_hnd_internal(p, hnd, data_p);
257         if (rpc_hnd == NULL) {
258                 return false;
259         }
260         return true;
261 }
262
263 /****************************************************************************
264   Close a policy.
265 ****************************************************************************/
266
267 bool close_policy_hnd(pipes_struct *p, struct policy_handle *hnd)
268 {
269         struct dcesrv_handle *rpc_hnd;
270
271         rpc_hnd = find_policy_by_hnd_internal(p, hnd, NULL);
272
273         if (rpc_hnd == NULL) {
274                 DEBUG(3, ("Error closing policy (policy not found)\n"));
275                 return false;
276         }
277
278         DEBUG(3,("Closed policy\n"));
279
280         p->pipe_handles->count--;
281
282         DLIST_REMOVE(p->pipe_handles->handles, rpc_hnd);
283         TALLOC_FREE(rpc_hnd);
284
285         return true;
286 }
287
288 /****************************************************************************
289  Close a pipe - free the handle set if it was the last pipe reference.
290 ****************************************************************************/
291
292 void close_policy_by_pipe(pipes_struct *p)
293 {
294         p->pipe_handles->pipe_ref_count--;
295
296         if (p->pipe_handles->pipe_ref_count == 0) {
297                 /*
298                  * Last pipe open on this list - free the list.
299                  */
300                 TALLOC_FREE(p->pipe_handles);
301
302                 DEBUG(10,("close_policy_by_pipe: deleted handle list for "
303                           "pipe %s\n",
304                           get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
305         }
306 }
307
308 /*******************************************************************
309 Shall we allow access to this rpc?  Currently this function
310 implements the 'restrict anonymous' setting by denying access to
311 anonymous users if the restrict anonymous level is > 0.  Further work
312 will be checking a security descriptor to determine whether a user
313 token has enough access to access the pipe.
314 ********************************************************************/
315
316 bool pipe_access_check(pipes_struct *p)
317 {
318         /* Don't let anonymous users access this RPC if restrict
319            anonymous > 0 */
320
321         if (lp_restrict_anonymous() > 0) {
322
323                 /* schannel, so we must be ok */
324                 if (p->pipe_bound && (p->auth.auth_type == PIPE_AUTH_TYPE_SCHANNEL)) {
325                         return True;
326                 }
327
328                 if (p->server_info->guest) {
329                         return False;
330                 }
331         }
332
333         return True;
334 }
335
336 void *_policy_handle_create(struct pipes_struct *p, struct policy_handle *hnd,
337                             uint32_t access_granted, size_t data_size,
338                             const char *type, NTSTATUS *pstatus)
339 {
340         struct dcesrv_handle *rpc_hnd;
341         void *data;
342
343         if (p->pipe_handles->count > MAX_OPEN_POLS) {
344                 DEBUG(0, ("policy_handle_create: ERROR: too many handles (%d) "
345                           "on pipe %s.\n", (int)p->pipe_handles->count,
346                           get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
347                 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES;
348                 return NULL;
349         }
350
351         data = talloc_size(talloc_tos(), data_size);
352         if (data == NULL) {
353                 *pstatus = NT_STATUS_NO_MEMORY;
354                 return NULL;
355         }
356         talloc_set_name_const(data, type);
357
358         rpc_hnd = create_rpc_handle_internal(p, hnd, data);
359         if (rpc_hnd == NULL) {
360                 TALLOC_FREE(data);
361                 *pstatus = NT_STATUS_NO_MEMORY;
362                 return NULL;
363         }
364         rpc_hnd->access_granted = access_granted;
365         *pstatus = NT_STATUS_OK;
366         return data;
367 }
368
369 void *_policy_handle_find(struct pipes_struct *p,
370                           const struct policy_handle *hnd,
371                           uint32_t access_required,
372                           uint32_t *paccess_granted,
373                           const char *name, const char *location,
374                           NTSTATUS *pstatus)
375 {
376         struct dcesrv_handle *rpc_hnd;
377         void *data;
378
379         rpc_hnd = find_policy_by_hnd_internal(p, hnd, &data);
380         if (rpc_hnd == NULL) {
381                 *pstatus = NT_STATUS_INVALID_HANDLE;
382                 return NULL;
383         }
384         if (strcmp(name, talloc_get_name(data)) != 0) {
385                 DEBUG(10, ("expected %s, got %s\n", name,
386                            talloc_get_name(data)));
387                 *pstatus = NT_STATUS_INVALID_HANDLE;
388                 return NULL;
389         }
390         if ((access_required & rpc_hnd->access_granted) != access_required) {
391                 if (geteuid() == sec_initial_uid()) {
392                         DEBUG(4, ("%s: ACCESS should be DENIED (granted: "
393                                   "%#010x; required: %#010x)\n", location,
394                                   rpc_hnd->access_granted, access_required));
395                         DEBUGADD(4,("but overwritten by euid == 0\n"));
396                         goto okay;
397                 }
398                 DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: "
399                          "%#010x)\n", location, rpc_hnd->access_granted,
400                          access_required));
401                 *pstatus = NT_STATUS_ACCESS_DENIED;
402                 return NULL;
403         }
404
405  okay:
406         DEBUG(10, ("found handle of type %s\n", talloc_get_name(data)));
407         if (paccess_granted != NULL) {
408                 *paccess_granted = rpc_hnd->access_granted;
409         }
410         *pstatus = NT_STATUS_OK;
411         return data;
412 }