source4/smbd/service_named_pipe.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    helper functions for NAMED PIPE servers
   5
   6    Copyright (C) Stefan (metze) Metzmacher      2008
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "lib/socket/socket.h"
  24 #include "smbd/service.h"
  25 #include "param/param.h"
  26 #include "auth/session.h"
  27 #include "lib/stream/packet.h"
  28 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
  29 #include "system/passwd.h"
  30
  31 struct named_pipe_socket {
  32         const char *pipe_name;
  33         const char *pipe_path;
  34         const struct stream_server_ops *ops;
  35         void *private_data;
  36 };
  37
  38 struct named_pipe_connection {
  39         struct stream_connection *connection;
  40         struct packet_context *packet;
  41         const struct named_pipe_socket *pipe_sock;
  42         NTSTATUS status;
  43 };
  44
  45 static void named_pipe_handover_connection(void *private_data)
  46 {
  47         struct named_pipe_connection *pipe_conn = talloc_get_type(
  48                 private_data, struct named_pipe_connection);
  49         struct stream_connection *conn = pipe_conn->connection;
  50
  51         EVENT_FD_NOT_WRITEABLE(conn->event.fde);
  52
  53         if (!NT_STATUS_IS_OK(pipe_conn->status)) {
  54                 stream_terminate_connection(conn, nt_errstr(pipe_conn->status));
  55                 return;
  56         }
  57
  58         /*
  59          * remove the named_pipe layer together with its packet layer
  60          */
  61         conn->ops       = pipe_conn->pipe_sock->ops;
  62         conn->private   = pipe_conn->pipe_sock->private_data;
  63         talloc_free(pipe_conn);
  64
  65         /* we're now ready to start receiving events on this stream */
  66         EVENT_FD_READABLE(conn->event.fde);
  67
  68         /*
  69          * hand over to the real pipe implementation,
  70          * now that we have setup the transport session_info
  71          */
  72         conn->ops->accept_connection(conn);
  73
  74         DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n",
  75               conn->ops->name));
  76 }
  77
  78 static NTSTATUS named_pipe_recv_auth_request(void *private_data,
  79                                              DATA_BLOB req_blob)
  80 {
  81         struct named_pipe_connection *pipe_conn = talloc_get_type(
  82                 private_data, struct named_pipe_connection);
  83         struct stream_connection *conn = pipe_conn->connection;
  84         enum ndr_err_code ndr_err;
  85         struct named_pipe_auth_req req;
  86         union netr_Validation val;
  87         struct auth_serversupplied_info *server_info;
  88         struct named_pipe_auth_rep rep;
  89         DATA_BLOB rep_blob;
  90         NTSTATUS status;
  91
  92         /*
  93          * make sure nothing happens on the socket untill the
  94          * real implemenation takes over
  95          */
  96         packet_recv_disable(pipe_conn->packet);
  97
  98         /*
  99          * TODO: check it's a root (uid == 0) pipe
 100          */
 101
 102         ZERO_STRUCT(rep);
 103         rep.level = 0;
 104         rep.status = NT_STATUS_INTERNAL_ERROR;
 105
 106         DEBUG(10,("named_pipe_auth: req_blob.length[%u]\n",
 107                   (unsigned int)req_blob.length));
 108         dump_data(10, req_blob.data, req_blob.length);
 109
 110         /* parse the passed credentials */
 111         ndr_err = ndr_pull_struct_blob_all(
 112                         &req_blob,
 113                         pipe_conn,
 114                         lp_iconv_convenience(conn->lp_ctx),
 115                         &req,
 116                         (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req);
 117         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 118                 rep.status = ndr_map_error2ntstatus(ndr_err);
 119                 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
 120                           nt_errstr(rep.status)));
 121                 goto reply;
 122         }
 123
 124         if (strcmp(NAMED_PIPE_AUTH_MAGIC, req.magic) != 0) {
 125                 DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n",
 126                           req.magic, NAMED_PIPE_AUTH_MAGIC));
 127                 rep.status = NT_STATUS_INVALID_PARAMETER;
 128                 goto reply;
 129         }
 130
 131         switch (req.level) {
 132         case 0:
 133                 /*
 134                  * anon connection, we don't create a session info
 135                  * and leave it NULL
 136                  */
 137                 rep.level = 0;
 138                 rep.status = NT_STATUS_OK;
 139                 break;
 140         case 1:
 141                 val.sam3 = &req.info.info1;
 142
 143                 rep.level = 1;
 144                 rep.status = make_server_info_netlogon_validation(pipe_conn,
 145                                                                   "TODO",
 146                                                                   3, &val,
 147                                                                   &server_info);
 148                 if (!NT_STATUS_IS_OK(rep.status)) {
 149                         DEBUG(2, ("make_server_info_netlogon_validation returned "
 150                                   "%s\n", nt_errstr(rep.status)));
 151                         goto reply;
 152                 }
 153
 154                 /* setup the session_info on the connection */
 155                 rep.status = auth_generate_session_info(conn,
 156                                                         conn->event.ctx,
 157                                                         conn->lp_ctx,
 158                                                         server_info,
 159                                                         &conn->session_info);
 160                 if (!NT_STATUS_IS_OK(rep.status)) {
 161                         DEBUG(2, ("auth_generate_session_info failed: %s\n",
 162                                   nt_errstr(rep.status)));
 163                         goto reply;
 164                 }
 165
 166                 break;
 167         default:
 168                 DEBUG(2, ("named_pipe_auth_req: unknown level %u\n",
 169                           req.level));
 170                 rep.level = 0;
 171                 rep.status = NT_STATUS_INVALID_LEVEL;
 172                 goto reply;
 173         }
 174
 175 reply:
 176         /* create the output */
 177         ndr_err = ndr_push_struct_blob(&rep_blob, pipe_conn,
 178                         lp_iconv_convenience(conn->lp_ctx),
 179                         &rep,
 180                         (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep);
 181         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 182                 status = ndr_map_error2ntstatus(ndr_err);
 183                 DEBUG(2, ("Could not marshall named_pipe_auth_rep: %s\n",
 184                           nt_errstr(status)));
 185                 return status;
 186         }
 187
 188         pipe_conn->status = rep.status;
 189
 190         DEBUG(10,("named_pipe_auth reply[%u]\n", rep_blob.length));
 191         dump_data(10, rep_blob.data, rep_blob.length);
 192         status = packet_send_callback(pipe_conn->packet, rep_blob,
 193                                       named_pipe_handover_connection,
 194                                       pipe_conn);
 195         if (!NT_STATUS_IS_OK(status)) {
 196                 DEBUG(0, ("packet_send_callback returned %s\n",
 197                           nt_errstr(status)));
 198                 return status;
 199         }
 200
 201         return NT_STATUS_OK;
 202 }
 203
 204 /*
 205   called when a pipe socket becomes readable
 206 */
 207 static void named_pipe_recv(struct stream_connection *conn, uint16_t flags)
 208 {
 209         struct named_pipe_connection *pipe_conn = talloc_get_type(
 210                 conn->private, struct named_pipe_connection);
 211
 212         DEBUG(10,("named_pipe_recv\n"));
 213
 214         packet_recv(pipe_conn->packet);
 215 }
 216
 217 /*
 218   called when a pipe socket becomes writable
 219 */
 220 static void named_pipe_send(struct stream_connection *conn, uint16_t flags)
 221 {
 222         struct named_pipe_connection *pipe_conn = talloc_get_type(
 223                 conn->private, struct named_pipe_connection);
 224
 225         packet_queue_run(pipe_conn->packet);
 226 }
 227
 228 /*
 229   handle socket recv errors
 230 */
 231 static void named_pipe_recv_error(void *private_data, NTSTATUS status)
 232 {
 233         struct named_pipe_connection *pipe_conn = talloc_get_type(
 234                 private_data, struct named_pipe_connection);
 235
 236         stream_terminate_connection(pipe_conn->connection, nt_errstr(status));
 237 }
 238
 239 static NTSTATUS named_pipe_full_request(void *private, DATA_BLOB blob, size_t *size)
 240 {
 241         if (blob.length < 8) {
 242                 return STATUS_MORE_ENTRIES;
 243         }
 244
 245         if (memcmp(NAMED_PIPE_AUTH_MAGIC, &blob.data[4], 4) != 0) {
 246                 DEBUG(0,("named_pipe_full_request: wrong protocol\n"));
 247                 *size = blob.length;
 248                 /* the error will be handled in named_pipe_recv_auth_request */
 249                 return NT_STATUS_OK;
 250         }
 251
 252         *size = 4 + RIVAL(blob.data, 0);
 253         if (*size > blob.length) {
 254                 return STATUS_MORE_ENTRIES;
 255         }
 256
 257         return NT_STATUS_OK;
 258 }
 259
 260 static void named_pipe_accept(struct stream_connection *conn)
 261 {
 262         struct named_pipe_socket *pipe_sock = talloc_get_type(
 263                 conn->private, struct named_pipe_socket);
 264         struct named_pipe_connection *pipe_conn;
 265
 266         DEBUG(5,("named_pipe_accept\n"));
 267
 268         pipe_conn = talloc_zero(conn, struct named_pipe_connection);
 269         if (!pipe_conn) {
 270                 stream_terminate_connection(conn, "out of memory");
 271                 return;
 272         }
 273
 274         pipe_conn->packet = packet_init(pipe_conn);
 275         if (!pipe_conn->packet) {
 276                 stream_terminate_connection(conn, "out of memory");
 277                 return;
 278         }
 279         packet_set_private(pipe_conn->packet, pipe_conn);
 280         packet_set_socket(pipe_conn->packet, conn->socket);
 281         packet_set_callback(pipe_conn->packet, named_pipe_recv_auth_request);
 282         packet_set_full_request(pipe_conn->packet, named_pipe_full_request);
 283         packet_set_error_handler(pipe_conn->packet, named_pipe_recv_error);
 284         packet_set_event_context(pipe_conn->packet, conn->event.ctx);
 285         packet_set_fde(pipe_conn->packet, conn->event.fde);
 286         packet_set_serialise(pipe_conn->packet);
 287         packet_set_initial_read(pipe_conn->packet, 8);
 288
 289         pipe_conn->pipe_sock = pipe_sock;
 290
 291         pipe_conn->connection = conn;
 292         conn->private = pipe_conn;
 293 }
 294
 295 static const struct stream_server_ops named_pipe_stream_ops = {
 296         .name                   = "named_pipe",
 297         .accept_connection      = named_pipe_accept,
 298         .recv_handler           = named_pipe_recv,
 299         .send_handler           = named_pipe_send,
 300 };
 301
 302 NTSTATUS stream_setup_named_pipe(struct event_context *event_context,
 303                                  struct loadparm_context *lp_ctx,
 304                                  const struct model_ops *model_ops,
 305                                  const struct stream_server_ops *stream_ops,
 306                                  const char *pipe_name,
 307                                  void *private_data)
 308 {
 309         char *dirname;
 310         struct named_pipe_socket *pipe_sock;
 311         NTSTATUS status = NT_STATUS_NO_MEMORY;;
 312
 313         pipe_sock = talloc(event_context, struct named_pipe_socket);
 314         if (pipe_sock == NULL) {
 315                 goto fail;
 316         }
 317
 318         /* remember the details about the pipe */
 319         pipe_sock->pipe_name    = talloc_strdup(pipe_sock, pipe_name);
 320         if (pipe_sock->pipe_name == NULL) {
 321                 goto fail;
 322         }
 323
 324         dirname = talloc_asprintf(pipe_sock, "%s/np", lp_ncalrpc_dir(lp_ctx));
 325         if (dirname == NULL) {
 326                 goto fail;
 327         }
 328
 329         if (!directory_create_or_exist(dirname, geteuid(), 0700)) {
 330                 status = map_nt_error_from_unix(errno);
 331                 goto fail;
 332         }
 333
 334         if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
 335                 pipe_name += 6;
 336         }
 337
 338         pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
 339                                                pipe_name);
 340         if (pipe_sock->pipe_path == NULL) {
 341                 goto fail;
 342         }
 343
 344         talloc_free(dirname);
 345
 346         pipe_sock->ops          = stream_ops;
 347         pipe_sock->private_data = talloc_reference(pipe_sock, private_data);
 348
 349         status = stream_setup_socket(event_context,
 350                                      lp_ctx,
 351                                      model_ops,
 352                                      &named_pipe_stream_ops,
 353                                      "unix",
 354                                      pipe_sock->pipe_path,
 355                                      NULL,
 356                                      NULL,
 357                                      pipe_sock);
 358         if (!NT_STATUS_IS_OK(status)) {
 359                 goto fail;
 360         }
 361         return NT_STATUS_OK;
 362
 363  fail:
 364         talloc_free(pipe_sock);
 365         return status;
 366 }