2 Unix SMB/CIFS implementation.
4 server side dcerpc defines
6 Copyright (C) Andrew Tridgell 2003-2005
7 Copyright (C) Stefan (metze) Metzmacher 2004-2005
8 Copyright (C) Samuel Cabrero <scabrero@samba.org> 2019
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #ifndef _LIBRPC_RPC_DCESRV_CORE_H_
25 #define _LIBRPC_RPC_DCESRV_CORE_H_
27 #include "librpc/rpc/rpc_common.h"
28 #include "librpc/ndr/libndr.h"
29 #include "librpc/gen_ndr/security.h"
31 /* modules can use the following to determine if the interface has changed
32 * please increment the version number after each interface change
33 * with a comment and maybe update struct dcesrv_critical_sizes.
35 /* version 1 - initial version - metze */
36 #define DCERPC_MODULE_VERSION 1
38 struct dcesrv_connection;
39 struct dcesrv_call_state;
41 struct dcesrv_connection_context;
42 struct dcesrv_iface_state;
43 struct cli_credentials;
45 struct dcesrv_interface {
47 struct ndr_syntax_id syntax_id;
49 /* this function is called when the client binds to this interface */
50 NTSTATUS (*bind)(struct dcesrv_connection_context *, const struct dcesrv_interface *);
52 /* this function is called when the client disconnects the endpoint */
53 void (*unbind)(struct dcesrv_connection_context *, const struct dcesrv_interface *);
55 /* the ndr_pull function for the chosen interface.
57 NTSTATUS (*ndr_pull)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_pull *, void **);
59 /* the dispatch function for the chosen interface.
61 NTSTATUS (*dispatch)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
63 /* the reply function for the chosen interface.
65 NTSTATUS (*reply)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
67 /* the ndr_push function for the chosen interface.
69 NTSTATUS (*ndr_push)(struct dcesrv_call_state *, TALLOC_CTX *, struct ndr_push *, const void *);
71 /* the local dispatch function for the chosen interface.
73 NTSTATUS (*local)(struct dcesrv_call_state *, TALLOC_CTX *, void *);
75 /* for any private use by the interface code */
76 const void *private_data;
81 #define DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED 0x00000001
83 enum dcesrv_call_list {
85 DCESRV_LIST_CALL_LIST,
86 DCESRV_LIST_FRAGMENTED_CALL_LIST,
87 DCESRV_LIST_PENDING_CALL_LIST
90 struct data_blob_list_item {
91 struct data_blob_list_item *prev,*next;
95 /* the state of an ongoing dcerpc call */
96 struct dcesrv_call_state {
97 struct dcesrv_call_state *next, *prev;
98 struct dcesrv_auth *auth_state;
99 struct dcesrv_connection *conn;
100 struct dcesrv_connection_context *context;
101 struct ncacn_packet pkt;
104 * Used during async bind/alter_context.
106 struct ncacn_packet ack_pkt;
109 which list this request is in, if any
111 enum dcesrv_call_list list;
113 /* the backend can mark the call
114 * with DCESRV_CALL_STATE_FLAG_ASYNC
115 * that will cause the frontend to not touch r->out
118 * this is only allowed to the backend when DCESRV_CALL_STATE_FLAG_MAY_ASYNC
119 * is already set by the frontend
121 * the backend then needs to call dcesrv_reply() when it's
122 * ready to send the reply
124 #define DCESRV_CALL_STATE_FLAG_ASYNC (1<<0)
125 #define DCESRV_CALL_STATE_FLAG_MAY_ASYNC (1<<1)
126 #define DCESRV_CALL_STATE_FLAG_MULTIPLEXED (1<<3)
127 #define DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL (1<<4)
128 #define DCESRV_CALL_STATE_FLAG_WINBIND_OFF (1 << 5)
129 uint32_t state_flags;
131 /* the time the request arrived in the server */
134 /* the backend can use this event context for async replies */
135 struct tevent_context *event_ctx;
137 /* this is the pointer to the allocated function struct */
141 * that's the ndr pull context used in dcesrv_request()
142 * needed by dcesrv_reply() to carry over information
143 * for full pointer support.
145 struct ndr_pull *ndr_pull;
149 struct data_blob_list_item *replies;
151 /* this is used by the boilerplate code to generate DCERPC faults */
154 /* the reason why we terminate the connection after sending a response */
155 const char *terminate_reason;
157 /* temporary auth_info fields */
158 struct dcerpc_auth in_auth_info;
159 struct dcerpc_auth _out_auth_info;
160 struct dcerpc_auth *out_auth_info;
163 * Optional subreq for pending calls,
164 * will be used to call tevent_req_cancel()
165 * if the connection terminates,
166 * we got an ORPHANED PDU
167 * or got a CO_CANCEL PDU
172 struct tevent_req *subreq;
178 * The various handles that are used in the RPC servers should be
179 * created and fetch using the dcesrv_handle_* functions.
182 * dcesrv_handle_create(struct dcesrv_call_state \*, uint8 handle_type)
183 * to obtain a new handle of the specified type. Handle types are
184 * unique within each pipe.
186 * The handle can later be fetched again using:
188 * struct dcesrv_handle *dcesrv_handle_lookup(
189 * struct dcesrv_call_state *dce_call,
190 * struct policy_handle *p,
195 * TALLOC_FREE(struct dcesrv_handle *).
197 * User data should be stored in the 'data' member of the dcesrv_handle
201 #define DCESRV_HANDLE_ANY 255
203 /* a dcerpc handle in internal format */
204 struct dcesrv_handle {
205 struct dcesrv_handle *next, *prev;
206 struct dcesrv_assoc_group *assoc_group;
207 struct policy_handle wire_handle;
209 enum dcerpc_AuthLevel min_auth_level;
210 const struct dcesrv_interface *iface;
214 /* hold the authentication state information */
216 struct dcesrv_auth *prev, *next;
217 enum dcerpc_AuthType auth_type;
218 enum dcerpc_AuthLevel auth_level;
219 uint32_t auth_context_id;
220 struct gensec_security *gensec_security;
221 struct auth_session_info *session_info;
222 NTSTATUS (*session_key_fn)(struct dcesrv_auth *, DATA_BLOB *session_key);
229 struct dcesrv_connection_context {
230 struct dcesrv_connection_context *next, *prev;
233 /* the connection this is on */
234 struct dcesrv_connection *conn;
236 /* the ndr function table for the chosen interface */
237 const struct dcesrv_interface *iface;
240 * the minimum required auth level for this interface
242 enum dcerpc_AuthLevel min_auth_level;
245 /* the negotiated transfer syntax */
246 struct ndr_syntax_id transfer_syntax;
251 /* the state associated with a dcerpc server connection */
252 struct dcesrv_connection {
253 /* for the broken_connections DLIST */
254 struct dcesrv_connection *prev, *next;
256 /* the top level context for this server */
257 struct dcesrv_context *dce_ctx;
259 /* the endpoint that was opened */
260 const struct dcesrv_endpoint *endpoint;
262 /* a list of established context_ids */
263 struct dcesrv_connection_context *contexts;
265 /* the state of the current incoming call fragments */
266 struct dcesrv_call_state *incoming_fragmented_call_list;
268 /* the state of the async pending calls */
269 struct dcesrv_call_state *pending_call_list;
271 /* the state of the current outgoing calls */
272 struct dcesrv_call_state *call_list;
274 /* the maximum size the client wants to receive */
275 uint16_t max_recv_frag;
276 uint16_t max_xmit_frag;
278 DATA_BLOB partial_input;
280 /* the event_context that will be used for this connection */
281 struct tevent_context *event_ctx;
283 /* is this connection pending termination? If so, why? */
284 const char *terminate;
286 const char *packet_log_dir;
288 /* this is the default state_flags for dcesrv_call_state structs */
289 uint32_t state_flags;
293 void (*report_output_data)(struct dcesrv_connection *);
294 void (*terminate_connection)(struct dcesrv_connection *,
298 struct tstream_context *stream;
299 struct tevent_queue *send_queue;
301 const struct tsocket_address *local_address;
302 const struct tsocket_address *remote_address;
304 /* the current authentication state */
305 struct dcesrv_auth *default_auth_state;
306 size_t max_auth_states;
307 struct dcesrv_auth *auth_states;
308 bool got_explicit_auth_level_connect;
309 struct dcesrv_auth *default_auth_level_connect;
310 bool client_hdr_signing;
311 bool support_hdr_signing;
312 bool negotiated_hdr_signing;
315 * remember which pdu types are allowed
320 /* the association group the connection belongs to */
321 struct dcesrv_assoc_group *assoc_group;
323 /* The maximum total payload of reassembled request pdus */
324 size_t max_total_request_size;
327 * Our preferred transfer syntax.
329 const struct ndr_syntax_id *preferred_transfer;
332 * This is used to block the connection during
333 * pending authentication.
335 struct tevent_req *(*wait_send)(TALLOC_CTX *mem_ctx,
336 struct tevent_context *ev,
338 NTSTATUS (*wait_recv)(struct tevent_req *req);
343 struct dcesrv_endpoint_server {
344 /* this is the name of the endpoint server */
347 /* true if the endpoint server has been initialized */
350 /* this function should register endpoints and some other setup stuff,
351 * it is called when the dcesrv_context gets initialized.
353 NTSTATUS (*init_server)(struct dcesrv_context *, const struct dcesrv_endpoint_server *);
355 /* this function should cleanup endpoint server state and unregister
356 * the endpoint server from dcesrv_context */
357 NTSTATUS (*shutdown_server)(struct dcesrv_context *, const struct dcesrv_endpoint_server *);
359 /* this function can be used by other endpoint servers to
360 * ask for a dcesrv_interface implementation
361 * - iface must be reference to an already existing struct !
363 bool (*interface_by_uuid)(struct dcesrv_interface *iface, const struct GUID *, uint32_t);
365 /* this function can be used by other endpoint servers to
366 * ask for a dcesrv_interface implementation
367 * - iface must be reference to an already existing struct !
369 bool (*interface_by_name)(struct dcesrv_interface *iface, const char *);
373 /* one association groups */
374 struct dcesrv_assoc_group {
378 /* The transport this is valid on */
379 enum dcerpc_transport_t transport;
381 /* list of handles in this association group */
382 struct dcesrv_handle *handles;
385 * list of iface states per assoc/conn
387 struct dcesrv_iface_state *iface_states;
390 struct dcesrv_context *dce_ctx;
392 /* the negotiated bind time features */
393 uint16_t bind_time_features;
396 struct dcesrv_context_callbacks {
398 void (*successful_authz)(
399 struct dcesrv_call_state *call, void *private_data);
403 NTSTATUS (*gensec_prepare)(
405 struct dcesrv_call_state *call,
406 struct gensec_security **out,
409 void (*become_root)(void);
410 void (*unbecome_root)(void);
414 struct dcesrv_call_state *call, void *private_data);
419 /* server-wide context information for the dcerpc server */
420 struct dcesrv_context {
422 * The euid at startup time.
424 * This is required for DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM
428 /* the list of endpoints that have registered
429 * by the configured endpoint servers
431 struct dcesrv_endpoint {
432 struct dcesrv_endpoint *next, *prev;
433 /* the type and location of the endpoint */
434 struct dcerpc_binding *ep_description;
435 /* the secondary endpoint description for the BIND_ACK */
436 struct dcerpc_binding *ep_2nd_description;
437 /* the security descriptor for smb named pipes */
438 struct security_descriptor *sd;
439 /* the list of interfaces available on this endpoint */
440 struct dcesrv_if_list {
441 struct dcesrv_if_list *next, *prev;
442 struct dcesrv_interface *iface;
446 * Should this service be run in a single process (so far only
447 * NETLOGON is not run in a single process)
449 bool use_single_process;
453 * registered auth_type/principals
454 * for dcesrv_mgmt_inq_princ_name()
456 struct dcesrv_ctx_principal {
457 struct dcesrv_ctx_principal *next, *prev;
458 enum dcerpc_AuthType auth_type;
459 const char *principal_name;
462 /* loadparm context to use for this connection */
463 struct loadparm_context *lp_ctx;
465 struct idr_context *assoc_groups_idr;
466 uint32_t assoc_groups_num;
468 struct dcesrv_connection *broken_connections;
471 * Our preferred transfer syntax.
473 const struct ndr_syntax_id *preferred_transfer;
475 struct dcesrv_context_callbacks *callbacks;
478 /* this structure is used by modules to determine the size of some critical types */
479 struct dcesrv_critical_sizes {
480 int interface_version;
481 int sizeof_dcesrv_context;
482 int sizeof_dcesrv_endpoint;
483 int sizeof_dcesrv_endpoint_server;
484 int sizeof_dcesrv_interface;
485 int sizeof_dcesrv_if_list;
486 int sizeof_dcesrv_connection;
487 int sizeof_dcesrv_call_state;
488 int sizeof_dcesrv_auth;
489 int sizeof_dcesrv_handle;
492 NTSTATUS dcesrv_auth_type_principal_register(struct dcesrv_context *dce_ctx,
493 enum dcerpc_AuthType auth_type,
494 const char *principal_name);
495 const char *dcesrv_auth_type_principal_find(struct dcesrv_context *dce_ctx,
496 enum dcerpc_AuthType auth_type);
497 NTSTATUS dcesrv_register_default_auth_types(struct dcesrv_context *dce_ctx,
498 const char *principal);
499 NTSTATUS dcesrv_register_default_auth_types_machine_principal(struct dcesrv_context *dce_ctx);
500 NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
502 const char *ncacn_np_secondary_endpoint,
503 const struct dcesrv_interface *iface,
504 const struct security_descriptor *sd);
505 NTSTATUS dcesrv_interface_register_b(struct dcesrv_context *dce_ctx,
506 struct dcerpc_binding *binding,
507 struct dcerpc_binding *binding2,
508 const struct dcesrv_interface *iface,
509 const struct security_descriptor *sd);
510 NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server);
511 NTSTATUS dcesrv_init_ep_servers(struct dcesrv_context *dce_ctx,
512 const char **ep_servers);
513 NTSTATUS dcesrv_init_registered_ep_servers(struct dcesrv_context *dce_ctx);
514 NTSTATUS dcesrv_shutdown_registered_ep_servers(struct dcesrv_context *dce_ctx);
515 NTSTATUS dcesrv_init_ep_server(struct dcesrv_context *dce_ctx,
516 const char *ep_server_name);
517 NTSTATUS dcesrv_shutdown_ep_server(struct dcesrv_context *dce_ctx,
519 const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name);
521 NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
522 struct loadparm_context *lp_ctx,
523 struct dcesrv_context_callbacks *cb,
524 struct dcesrv_context **_dce_ctx);
525 void dcesrv_context_set_callbacks(
526 struct dcesrv_context *dce_ctx,
527 struct dcesrv_context_callbacks *cb);
530 * Use dcesrv_async_reply() in async code
532 NTSTATUS dcesrv_reply(struct dcesrv_call_state *call);
533 void _dcesrv_async_reply(struct dcesrv_call_state *call,
535 const char *location);
536 #define dcesrv_async_reply(__call) \
537 _dcesrv_async_reply(__call, __func__, __location__)
539 struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
540 uint8_t handle_type);
542 struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
543 const struct policy_handle *p,
544 uint8_t handle_type);
546 const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn);
547 const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn);
550 * Fetch the authentication session key if available.
552 * This is the key generated by a gensec authentication.
554 NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
555 DATA_BLOB *session_key);
558 * Fetch the transport session key if available.
559 * Typically this is the SMB session key
560 * or a fixed key for local transports.
562 * The key is always truncated to 16 bytes.
564 NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
565 DATA_BLOB *session_key);
567 /* a useful macro for generating a RPC fault in the backend code */
568 #define DCESRV_FAULT(code) do { \
569 dce_call->fault_code = code; \
570 return r->out.result; \
573 /* a useful macro for generating a RPC fault in the backend code */
574 #define DCESRV_FAULT_VOID(code) do { \
575 dce_call->fault_code = code; \
579 /* a useful macro for checking the validity of a dcerpc policy handle
580 and giving the right fault code if invalid */
581 #define DCESRV_CHECK_HANDLE(h) do {if (!(h)) DCESRV_FAULT(DCERPC_FAULT_CONTEXT_MISMATCH); } while (0)
583 /* this checks for a valid policy handle, and gives a fault if an
584 invalid handle or retval if the handle is of the
586 #define DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, retval) do { \
587 (h) = dcesrv_handle_lookup(dce_call, (inhandle), DCESRV_HANDLE_ANY); \
588 DCESRV_CHECK_HANDLE(h); \
589 if ((t) != DCESRV_HANDLE_ANY && (h)->wire_handle.handle_type != (t)) { \
594 /* this checks for a valid policy handle and gives a dcerpc fault
595 if its the wrong type of handle */
596 #define DCESRV_PULL_HANDLE_FAULT(h, inhandle, t) do { \
597 (h) = dcesrv_handle_lookup(dce_call, (inhandle), t); \
598 DCESRV_CHECK_HANDLE(h); \
601 #define DCESRV_PULL_HANDLE(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, NT_STATUS_INVALID_HANDLE)
602 #define DCESRV_PULL_HANDLE_WERR(h, inhandle, t) DCESRV_PULL_HANDLE_RETVAL(h, inhandle, t, WERR_INVALID_HANDLE)
605 * retrieve credentials from a dce_call
607 _PUBLIC_ struct cli_credentials *dcesrv_call_credentials(struct dcesrv_call_state *dce_call);
610 * returns true if this is an authenticated call
612 _PUBLIC_ bool dcesrv_call_authenticated(struct dcesrv_call_state *dce_call);
615 * retrieve account_name for a dce_call
617 _PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call);
620 * retrieve session_info from a dce_call
622 _PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call);
625 * retrieve auth type/level from a dce_call
627 _PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call,
628 enum dcerpc_AuthType *auth_type,
629 enum dcerpc_AuthLevel *auth_level);
631 _PUBLIC_ NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_connection_context *context,
632 const struct dcesrv_interface *iface);
633 _PUBLIC_ NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_connection_context *context,
634 const struct dcesrv_interface *iface);
635 _PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_connection_context *context,
636 const struct dcesrv_interface *iface);
637 _PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_connection_context *context,
638 const struct dcesrv_interface *iface);
640 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_assoc(
641 struct dcesrv_call_state *call,
644 const char *location);
645 #define dcesrv_iface_state_store_assoc(call, magic, ptr) \
646 _dcesrv_iface_state_store_assoc((call), (magic), (ptr), \
648 _PUBLIC_ void *_dcesrv_iface_state_find_assoc(
649 struct dcesrv_call_state *call,
651 #define dcesrv_iface_state_find_assoc(call, magic, _type) \
653 _dcesrv_iface_state_find_assoc((call), (magic)), \
656 _PUBLIC_ NTSTATUS _dcesrv_iface_state_store_conn(
657 struct dcesrv_call_state *call,
660 const char *location);
661 #define dcesrv_iface_state_store_conn(call, magic, ptr) \
662 _dcesrv_iface_state_store_conn((call), (magic), (ptr), \
664 _PUBLIC_ void *_dcesrv_iface_state_find_conn(
665 struct dcesrv_call_state *call,
667 #define dcesrv_iface_state_find_conn(call, magic, _type) \
669 _dcesrv_iface_state_find_conn((call), (magic)), \
672 _PUBLIC_ void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx);
674 _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
676 const struct dcesrv_endpoint *ep,
677 struct auth_session_info *session_info,
678 struct tevent_context *event_ctx,
679 uint32_t state_flags,
680 struct dcesrv_connection **_p);
681 _PUBLIC_ NTSTATUS dcesrv_find_endpoint(struct dcesrv_context *dce_ctx,
682 const struct dcerpc_binding *ep_description,
683 struct dcesrv_endpoint **_out);
685 _PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn,
687 _PUBLIC_ void dcesrv_sock_report_output_data(struct dcesrv_connection *dce_conn);
689 _PUBLIC_ NTSTATUS dcesrv_connection_loop_start(struct dcesrv_connection *conn);
691 _PUBLIC_ void dcesrv_loop_next_packet(
692 struct dcesrv_connection *dce_conn,
693 struct ncacn_packet *pkt,
696 _PUBLIC_ NTSTATUS dcesrv_call_dispatch_local(struct dcesrv_call_state *call);
698 _PUBLIC_ const struct dcesrv_interface *find_interface_by_syntax_id(
699 const struct dcesrv_endpoint *endpoint,
700 const struct ndr_syntax_id *interface);
702 void _dcesrv_save_ndr_fuzz_seed(DATA_BLOB call_blob,
703 struct dcesrv_call_state *call,
704 ndr_flags_type flags);
707 #define dcesrv_save_ndr_fuzz_seed(stub, call, flags) \
708 _dcesrv_save_ndr_fuzz_seed(stub, call, flags)
710 #define dcesrv_save_ndr_fuzz_seed(stub, call, flags) \
715 #endif /* _LIBRPC_RPC_DCESRV_CORE_H_ */