Merge branch 'master' of ssh://git.samba.org/data/git/samba
[kai/samba.git] / source4 / smbd / service_named_pipe.c
1 /*
2    Unix SMB/CIFS implementation.
3
4    helper functions for NAMED PIPE servers
5
6    Copyright (C) Stefan (metze) Metzmacher      2008
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include <tevent.h>
24 #include "lib/socket/socket.h"
25 #include "smbd/service.h"
26 #include "param/param.h"
27 #include "auth/session.h"
28 #include "lib/stream/packet.h"
29 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
30 #include "system/passwd.h"
31
32 struct named_pipe_socket {
33         const char *pipe_name;
34         const char *pipe_path;
35         const struct stream_server_ops *ops;
36         void *private_data;
37 };
38
39 struct named_pipe_connection {
40         struct stream_connection *connection;
41         struct packet_context *packet;
42         const struct named_pipe_socket *pipe_sock;
43         NTSTATUS status;
44 };
45
46 static void named_pipe_handover_connection(void *private_data)
47 {
48         struct named_pipe_connection *pipe_conn = talloc_get_type(
49                 private_data, struct named_pipe_connection);
50         struct stream_connection *conn = pipe_conn->connection;
51
52         TEVENT_FD_NOT_WRITEABLE(conn->event.fde);
53
54         if (!NT_STATUS_IS_OK(pipe_conn->status)) {
55                 stream_terminate_connection(conn, nt_errstr(pipe_conn->status));
56                 return;
57         }
58
59         /*
60          * remove the named_pipe layer together with its packet layer
61          */
62         conn->ops       = pipe_conn->pipe_sock->ops;
63         conn->private   = pipe_conn->pipe_sock->private_data;
64         talloc_free(pipe_conn);
65
66         /* we're now ready to start receiving events on this stream */
67         TEVENT_FD_READABLE(conn->event.fde);
68
69         /*
70          * hand over to the real pipe implementation,
71          * now that we have setup the transport session_info
72          */
73         conn->ops->accept_connection(conn);
74
75         DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n",
76               conn->ops->name));
77 }
78
79 static NTSTATUS named_pipe_recv_auth_request(void *private_data,
80                                              DATA_BLOB req_blob)
81 {
82         struct named_pipe_connection *pipe_conn = talloc_get_type(
83                 private_data, struct named_pipe_connection);
84         struct stream_connection *conn = pipe_conn->connection;
85         enum ndr_err_code ndr_err;
86         struct named_pipe_auth_req req;
87         union netr_Validation val;
88         struct auth_serversupplied_info *server_info;
89         struct named_pipe_auth_rep rep;
90         DATA_BLOB rep_blob;
91         NTSTATUS status;
92
93         /*
94          * make sure nothing happens on the socket untill the
95          * real implemenation takes over
96          */
97         packet_recv_disable(pipe_conn->packet);
98
99         /*
100          * TODO: check it's a root (uid == 0) pipe
101          */
102
103         ZERO_STRUCT(rep);
104         rep.level = 0;
105         rep.status = NT_STATUS_INTERNAL_ERROR;
106
107         DEBUG(10,("named_pipe_auth: req_blob.length[%u]\n",
108                   (unsigned int)req_blob.length));
109         dump_data(10, req_blob.data, req_blob.length);
110
111         /* parse the passed credentials */
112         ndr_err = ndr_pull_struct_blob_all(
113                         &req_blob,
114                         pipe_conn,
115                         lp_iconv_convenience(conn->lp_ctx),
116                         &req,
117                         (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req);
118         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
119                 rep.status = ndr_map_error2ntstatus(ndr_err);
120                 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
121                           nt_errstr(rep.status)));
122                 goto reply;
123         }
124
125         if (strcmp(NAMED_PIPE_AUTH_MAGIC, req.magic) != 0) {
126                 DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n",
127                           req.magic, NAMED_PIPE_AUTH_MAGIC));
128                 rep.status = NT_STATUS_INVALID_PARAMETER;
129                 goto reply;
130         }
131
132         switch (req.level) {
133         case 0:
134                 /*
135                  * anon connection, we don't create a session info
136                  * and leave it NULL
137                  */
138                 rep.level = 0;
139                 rep.status = NT_STATUS_OK;
140                 break;
141         case 1:
142                 val.sam3 = &req.info.info1;
143
144                 rep.level = 1;
145                 rep.status = make_server_info_netlogon_validation(pipe_conn,
146                                                                   "TODO",
147                                                                   3, &val,
148                                                                   &server_info);
149                 if (!NT_STATUS_IS_OK(rep.status)) {
150                         DEBUG(2, ("make_server_info_netlogon_validation returned "
151                                   "%s\n", nt_errstr(rep.status)));
152                         goto reply;
153                 }
154
155                 /* setup the session_info on the connection */
156                 rep.status = auth_generate_session_info(conn,
157                                                         conn->event.ctx,
158                                                         conn->lp_ctx,
159                                                         server_info,
160                                                         &conn->session_info);
161                 if (!NT_STATUS_IS_OK(rep.status)) {
162                         DEBUG(2, ("auth_generate_session_info failed: %s\n",
163                                   nt_errstr(rep.status)));
164                         goto reply;
165                 }
166
167                 break;
168         default:
169                 DEBUG(2, ("named_pipe_auth_req: unknown level %u\n",
170                           req.level));
171                 rep.level = 0;
172                 rep.status = NT_STATUS_INVALID_LEVEL;
173                 goto reply;
174         }
175
176 reply:
177         /* create the output */
178         ndr_err = ndr_push_struct_blob(&rep_blob, pipe_conn,
179                         lp_iconv_convenience(conn->lp_ctx),
180                         &rep,
181                         (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep);
182         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
183                 status = ndr_map_error2ntstatus(ndr_err);
184                 DEBUG(2, ("Could not marshall named_pipe_auth_rep: %s\n",
185                           nt_errstr(status)));
186                 return status;
187         }
188
189         pipe_conn->status = rep.status;
190
191         DEBUG(10,("named_pipe_auth reply[%u]\n", rep_blob.length));
192         dump_data(10, rep_blob.data, rep_blob.length);
193         status = packet_send_callback(pipe_conn->packet, rep_blob,
194                                       named_pipe_handover_connection,
195                                       pipe_conn);
196         if (!NT_STATUS_IS_OK(status)) {
197                 DEBUG(0, ("packet_send_callback returned %s\n",
198                           nt_errstr(status)));
199                 return status;
200         }
201
202         return NT_STATUS_OK;
203 }
204
205 /*
206   called when a pipe socket becomes readable
207 */
208 static void named_pipe_recv(struct stream_connection *conn, uint16_t flags)
209 {
210         struct named_pipe_connection *pipe_conn = talloc_get_type(
211                 conn->private, struct named_pipe_connection);
212
213         DEBUG(10,("named_pipe_recv\n"));
214
215         packet_recv(pipe_conn->packet);
216 }
217
218 /*
219   called when a pipe socket becomes writable
220 */
221 static void named_pipe_send(struct stream_connection *conn, uint16_t flags)
222 {
223         struct named_pipe_connection *pipe_conn = talloc_get_type(
224                 conn->private, struct named_pipe_connection);
225
226         packet_queue_run(pipe_conn->packet);
227 }
228
229 /*
230   handle socket recv errors
231 */
232 static void named_pipe_recv_error(void *private_data, NTSTATUS status)
233 {
234         struct named_pipe_connection *pipe_conn = talloc_get_type(
235                 private_data, struct named_pipe_connection);
236
237         stream_terminate_connection(pipe_conn->connection, nt_errstr(status));
238 }
239
240 static NTSTATUS named_pipe_full_request(void *private, DATA_BLOB blob, size_t *size)
241 {
242         if (blob.length < 8) {
243                 return STATUS_MORE_ENTRIES;
244         }
245
246         if (memcmp(NAMED_PIPE_AUTH_MAGIC, &blob.data[4], 4) != 0) {
247                 DEBUG(0,("named_pipe_full_request: wrong protocol\n"));
248                 *size = blob.length;
249                 /* the error will be handled in named_pipe_recv_auth_request */
250                 return NT_STATUS_OK;
251         }
252
253         *size = 4 + RIVAL(blob.data, 0);
254         if (*size > blob.length) {
255                 return STATUS_MORE_ENTRIES;
256         }
257
258         return NT_STATUS_OK;
259 }
260
261 static void named_pipe_accept(struct stream_connection *conn)
262 {
263         struct named_pipe_socket *pipe_sock = talloc_get_type(
264                 conn->private, struct named_pipe_socket);
265         struct named_pipe_connection *pipe_conn;
266
267         DEBUG(5,("named_pipe_accept\n"));
268
269         pipe_conn = talloc_zero(conn, struct named_pipe_connection);
270         if (!pipe_conn) {
271                 stream_terminate_connection(conn, "out of memory");
272                 return;
273         }
274
275         pipe_conn->packet = packet_init(pipe_conn);
276         if (!pipe_conn->packet) {
277                 stream_terminate_connection(conn, "out of memory");
278                 return;
279         }
280         packet_set_private(pipe_conn->packet, pipe_conn);
281         packet_set_socket(pipe_conn->packet, conn->socket);
282         packet_set_callback(pipe_conn->packet, named_pipe_recv_auth_request);
283         packet_set_full_request(pipe_conn->packet, named_pipe_full_request);
284         packet_set_error_handler(pipe_conn->packet, named_pipe_recv_error);
285         packet_set_event_context(pipe_conn->packet, conn->event.ctx);
286         packet_set_fde(pipe_conn->packet, conn->event.fde);
287         packet_set_serialise(pipe_conn->packet);
288         packet_set_initial_read(pipe_conn->packet, 8);
289
290         pipe_conn->pipe_sock = pipe_sock;
291
292         pipe_conn->connection = conn;
293         conn->private = pipe_conn;
294 }
295
296 static const struct stream_server_ops named_pipe_stream_ops = {
297         .name                   = "named_pipe",
298         .accept_connection      = named_pipe_accept,
299         .recv_handler           = named_pipe_recv,
300         .send_handler           = named_pipe_send,
301 };
302
303 NTSTATUS stream_setup_named_pipe(struct tevent_context *event_context,
304                                  struct loadparm_context *lp_ctx,
305                                  const struct model_ops *model_ops,
306                                  const struct stream_server_ops *stream_ops,
307                                  const char *pipe_name,
308                                  void *private_data)
309 {
310         char *dirname;
311         struct named_pipe_socket *pipe_sock;
312         NTSTATUS status = NT_STATUS_NO_MEMORY;;
313
314         pipe_sock = talloc(event_context, struct named_pipe_socket);
315         if (pipe_sock == NULL) {
316                 goto fail;
317         }
318
319         /* remember the details about the pipe */
320         pipe_sock->pipe_name    = talloc_strdup(pipe_sock, pipe_name);
321         if (pipe_sock->pipe_name == NULL) {
322                 goto fail;
323         }
324
325         dirname = talloc_asprintf(pipe_sock, "%s/np", lp_ncalrpc_dir(lp_ctx));
326         if (dirname == NULL) {
327                 goto fail;
328         }
329
330         if (!directory_create_or_exist(dirname, geteuid(), 0700)) {
331                 status = map_nt_error_from_unix(errno);
332                 goto fail;
333         }
334
335         if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
336                 pipe_name += 6;
337         }
338
339         pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
340                                                pipe_name);
341         if (pipe_sock->pipe_path == NULL) {
342                 goto fail;
343         }
344
345         talloc_free(dirname);
346
347         pipe_sock->ops          = stream_ops;
348         pipe_sock->private_data = talloc_reference(pipe_sock, private_data);
349
350         status = stream_setup_socket(event_context,
351                                      lp_ctx,
352                                      model_ops,
353                                      &named_pipe_stream_ops,
354                                      "unix",
355                                      pipe_sock->pipe_path,
356                                      NULL,
357                                      NULL,
358                                      pipe_sock);
359         if (!NT_STATUS_IS_OK(status)) {
360                 goto fail;
361         }
362         return NT_STATUS_OK;
363
364  fail:
365         talloc_free(pipe_sock);
366         return status;
367 }