*/
#include "includes.h"
+#include "rpc_client/cli_pipe.h"
#include "rpc_server/srv_pipe_internal.h"
#include "rpc_dce.h"
#include "../libcli/named_pipe_auth/npa_tstream.h"
#include "rpc_server/rpc_ncacn_np.h"
#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/auth.h"
+#include "../auth/auth_sam_reply.h"
+#include "auth.h"
+#include "ntdomain.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *syntax,
struct client_address *client_id,
- const struct auth_serversupplied_info *server_info,
+ const struct auth_serversupplied_info *session_info,
struct messaging_context *msg_ctx)
{
struct pipes_struct *p;
return NULL;
}
- p->server_info = copy_serverinfo(p, server_info);
- if (p->server_info == NULL) {
+ p->session_info = copy_serverinfo(p, session_info);
+ if (p->session_info == NULL) {
DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
close_policy_by_pipe(p);
TALLOC_FREE(p);
p->endian = RPC_LITTLE_ENDIAN;
p->syntax = *syntax;
+ p->transport = NCALRPC;
DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
const struct ndr_syntax_id *abstract_syntax,
const struct ndr_interface_table *ndr_table,
struct client_address *client_id,
- const struct auth_serversupplied_info *server_info,
+ const struct auth_serversupplied_info *session_info,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle **binding_handle)
{
hs->p = make_internal_rpc_pipe_p(hs,
abstract_syntax,
client_id,
- server_info,
+ session_info,
msg_ctx);
if (hs->p == NULL) {
TALLOC_FREE(h);
* status = rpcint_binding_handle(tmp_ctx,
* &ndr_table_winreg,
* p->client_id,
- * p->server_info,
+ * p->session_info,
* p->msg_ctx
* &winreg_binding);
* @endcode
NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
const struct ndr_interface_table *ndr_table,
struct client_address *client_id,
- const struct auth_serversupplied_info *server_info,
+ const struct auth_serversupplied_info *session_info,
struct messaging_context *msg_ctx,
struct dcerpc_binding_handle **binding_handle)
{
return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, client_id,
- server_info, msg_ctx, binding_handle);
+ session_info, msg_ctx, binding_handle);
}
/**
- * @brief Create a new RPC client context which uses a local dispatch function.
+ * @internal
+ *
+ * @brief Create a new RPC client context which uses a local transport.
+ *
+ * This creates a local transport. It is a shortcut to directly call the server
+ * functions and avoid marschalling.
*
* @param[in] mem_ctx The memory context to use.
*
* @param[in] abstract_syntax Normally the syntax_id of the autogenerated
* ndr_table_<name>.
*
- * @param[in] dispatch The corresponding autogenerated dispatch function
- * rpc_<name>_dispatch.
- *
* @param[in] serversupplied_info The server supplied authentication function.
*
+ * @param[in] client_id The client address information.
+ *
+ * @param[in] msg_ctx The messaging context to use.
+ *
* @param[out] presult A pointer to store the connected rpc client pipe.
*
* @return NT_STATUS_OK on success, a corresponding NT status if an
*
* status = rpc_pipe_open_internal(tmp_ctx,
* &ndr_table_winreg.syntax_id,
- * rpc_winreg_dispatch,
- * p->server_info,
+ * p->session_info,
+ * client_id,
* &winreg_pipe);
* @endcode
*/
NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *abstract_syntax,
- struct auth_serversupplied_info *serversupplied_info,
+ const struct auth_serversupplied_info *serversupplied_info,
struct client_address *client_id,
struct messaging_context *msg_ctx,
struct rpc_pipe_client **presult)
const char *pipe_name,
const struct tsocket_address *local_address,
const struct tsocket_address *remote_address,
- struct auth_serversupplied_info *server_info)
+ const struct auth_serversupplied_info *session_info)
{
struct np_proxy_state *result;
char *socket_np_dir;
const char *socket_dir;
struct tevent_context *ev;
struct tevent_req *subreq;
- struct netr_SamInfo3 *info3;
+ struct auth_session_info_transport *session_info_t;
+ struct auth_session_info *session_info_npa;
+ struct auth_user_info_dc *user_info_dc;
+ union netr_Validation val;
NTSTATUS status;
bool ok;
int ret;
goto fail;
}
- info3 = talloc_zero(talloc_tos(), struct netr_SamInfo3);
- if (info3 == NULL) {
+ session_info_npa = talloc_zero(talloc_tos(), struct auth_session_info);
+ if (session_info_npa == NULL) {
DEBUG(0, ("talloc failed\n"));
goto fail;
}
- status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
+ /* Send the named_pipe_auth server the user's full token */
+ session_info_npa->security_token = session_info->security_token;
+ session_info_npa->session_key = session_info->session_key;
+
+ val.sam3 = session_info->info3;
+
+ /* Convert into something we can build a struct
+ * auth_session_info from. Most of the work here
+ * will be to convert the SIDS, which we will then ignore, but
+ * this is the easier way to handle it */
+ status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(info3);
- DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
- nt_errstr(status)));
+ DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
+ goto fail;
+ }
+
+ session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);
+ talloc_free(user_info_dc);
+
+ session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
+ if (session_info_npa == NULL) {
+ DEBUG(0, ("talloc failed\n"));
goto fail;
}
+ session_info_t->session_info = talloc_steal(session_info_t, session_info_npa);
+
become_root();
subreq = tstream_npa_connect_send(talloc_tos(), ev,
socket_np_dir,
NULL, /* client_name */
local_address, /* server_addr */
NULL, /* server_name */
- info3,
- server_info->user_session_key,
- data_blob_null /* delegated_creds */);
+ session_info_t);
if (subreq == NULL) {
unbecome_root();
DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
"user %s\\%s failed\n",
- socket_np_dir, pipe_name, info3->base.domain.string,
- info3->base.account_name.string));
+ socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+ session_info_t->session_info->info->account_name));
goto fail;
}
ok = tevent_req_poll(subreq, ev);
if (!ok) {
DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
"failed for tstream_npa_connect: %s\n",
- socket_np_dir, pipe_name, info3->base.domain.string,
- info3->base.account_name.string,
+ socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+ session_info_t->session_info->info->account_name,
strerror(errno)));
goto fail;
if (ret != 0) {
DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and "
"user %s\\%s failed: %s\n",
- socket_np_dir, pipe_name, info3->base.domain.string,
- info3->base.account_name.string,
+ socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
+ session_info_t->session_info->info->account_name,
strerror(sys_errno)));
goto fail;
}
static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx,
const char *pipe_name,
const struct ndr_syntax_id *abstract_syntax,
- struct auth_serversupplied_info *server_info,
+ const struct auth_serversupplied_info *session_info,
struct rpc_pipe_client **_result)
{
struct tsocket_address *local, *remote;
}
proxy_state = make_external_rpc_pipe_p(mem_ctx, pipe_name,
- local, remote, server_info);
+ local, remote, session_info);
if (!proxy_state) {
return NT_STATUS_UNSUCCESSFUL;
}
result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
status = rpc_transport_tstream_init(result,
- proxy_state->npipe,
- proxy_state->read_queue,
- proxy_state->write_queue,
+ &proxy_state->npipe,
&result->transport);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
+ result->binding_handle = rpccli_bh_create(result);
+ if (result->binding_handle == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ DEBUG(0, ("Failed to create binding handle.\n"));
+ goto done;
+ }
+
result->auth = talloc_zero(result, struct pipe_auth_data);
if (!result->auth) {
status = NT_STATUS_NO_MEMORY;
status = rpc_pipe_bind(result, auth);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("Failed to bind spoolss pipe.\n"));
+ DEBUG(0, ("Failed to bind external pipe.\n"));
goto done;
}
+
done:
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(result);
* @param mem_ctx The memory context on which thje pipe will ultimately
* be allocated
* @param name The pipe name to connect to.
- * @param server_info Credentials to use for the connection.
+ * @param session_info Credentials to use for the connection.
* @param pipe [in|out] Checks if a pipe is connected, and connects it
* if not
*
NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
const struct ndr_syntax_id *syntax,
- struct auth_serversupplied_info *server_info,
+ const struct auth_serversupplied_info *session_info,
struct client_address *client_id,
struct messaging_context *msg_ctx,
struct rpc_pipe_client **cli_pipe)
goto done;
}
- DEBUG(10, ("Connecting to %s pipe.\n", pipe_name));
+ while (pipe_name[0] == '\\') {
+ pipe_name++;
+ }
+
+ DEBUG(5, ("Connecting to %s pipe.\n", pipe_name));
server_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
"rpc_server", pipe_name,
"embedded");
+
if (StrCaseCmp(server_type, "embedded") == 0) {
status = rpc_pipe_open_internal(tmp_ctx,
- syntax, server_info,
+ syntax, session_info,
client_id, msg_ctx,
&cli);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- } else {
+ } else if (StrCaseCmp(server_type, "daemon") == 0 ||
+ StrCaseCmp(server_type, "external") == 0) {
/* It would be nice to just use rpc_pipe_open_ncalrpc() but
* for now we need to use the special proxy setup to connect
* to spoolssd. */
status = rpc_pipe_open_external(tmp_ctx,
pipe_name, syntax,
- server_info,
+ session_info,
&cli);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
- }
+ } else {
+ status = NT_STATUS_NOT_IMPLEMENTED;
+ DEBUG(0, ("Wrong servertype specified in config file: %s",
+ nt_errstr(status)));
+ goto done;
+ }
status = NT_STATUS_OK;
done: