search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add unique IP address binding for client connections (EPM and ncacn_ip_tcp levels)
[Samba.git] / source4 / librpc / rpc / dcerpc_sock.c
blob4ab8c350914774c591b277e02a7fb242864847e8
1 /*
2 Unix SMB/CIFS implementation.
3
4 dcerpc over standard sockets transport
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Jelmer Vernooij 2004
8 Copyright (C) Rafal Szczesniak 2006
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "lib/events/events.h"
26 #include "lib/socket/socket.h"
27 #include "lib/stream/packet.h"
28 #include "libcli/composite/composite.h"
29 #include "librpc/rpc/dcerpc.h"
30 #include "librpc/rpc/dcerpc_proto.h"
31 #include "libcli/resolve/resolve.h"
32
33 /* transport private information used by general socket pipe transports */
34 struct sock_private {
35 struct tevent_fd *fde;
36 struct socket_context *sock;
37 char *server_name;
38
39 struct packet_context *packet;
40 uint32_t pending_reads;
41
42 const char *path; /* For ncacn_unix_sock and ncalrpc */
43 };
44
45
46 /*
47 mark the socket dead
48 */
49 static void sock_dead(struct dcerpc_connection *p, NTSTATUS status)
50 {
51 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
52
53 if (!sock) return;
54
55 if (sock->packet) {
56 packet_recv_disable(sock->packet);
57 packet_set_fde(sock->packet, NULL);
58 packet_set_socket(sock->packet, NULL);
59 }
60
61 if (sock->fde) {
62 talloc_free(sock->fde);
63 sock->fde = NULL;
64 }
65
66 if (sock->sock) {
67 talloc_free(sock->sock);
68 sock->sock = NULL;
69 }
70
71 if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
72 status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
73 }
74
75 if (NT_STATUS_EQUAL(NT_STATUS_OK, status)) {
76 status = NT_STATUS_END_OF_FILE;
77 }
78
79 if (p->transport.recv_data) {
80 p->transport.recv_data(p, NULL, status);
81 }
82 }
83
84
85 /*
86 handle socket recv errors
87 */
88 static void sock_error_handler(void *private_data, NTSTATUS status)
89 {
90 struct dcerpc_connection *p = talloc_get_type(private_data,
91 struct dcerpc_connection);
92 sock_dead(p, status);
93 }
94
95 /*
96 check if a blob is a complete packet
97 */
98 static NTSTATUS sock_complete_packet(void *private_data, DATA_BLOB blob, size_t *size)
99 {
100 if (blob.length < DCERPC_FRAG_LEN_OFFSET+2) {
101 return STATUS_MORE_ENTRIES;
102 }
103 *size = dcerpc_get_frag_length(&blob);
104 if (*size > blob.length) {
105 return STATUS_MORE_ENTRIES;
106 }
107 return NT_STATUS_OK;
108 }
109
110 /*
111 process recv requests
112 */
113 static NTSTATUS sock_process_recv(void *private_data, DATA_BLOB blob)
114 {
115 struct dcerpc_connection *p = talloc_get_type(private_data,
116 struct dcerpc_connection);
117 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
118 sock->pending_reads--;
119 if (sock->pending_reads == 0) {
120 packet_recv_disable(sock->packet);
121 }
122 p->transport.recv_data(p, &blob, NT_STATUS_OK);
123 return NT_STATUS_OK;
124 }
125
126 /*
127 called when a IO is triggered by the events system
128 */
129 static void sock_io_handler(struct tevent_context *ev, struct tevent_fd *fde,
130 uint16_t flags, void *private_data)
131 {
132 struct dcerpc_connection *p = talloc_get_type(private_data,
133 struct dcerpc_connection);
134 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
135
136 if (flags & EVENT_FD_WRITE) {
137 packet_queue_run(sock->packet);
138 return;
139 }
140
141 if (sock->sock == NULL) {
142 return;
143 }
144
145 if (flags & EVENT_FD_READ) {
146 packet_recv(sock->packet);
147 }
148 }
149
150 /*
151 initiate a read request - not needed for dcerpc sockets
152 */
153 static NTSTATUS sock_send_read(struct dcerpc_connection *p)
154 {
155 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
156 sock->pending_reads++;
157 if (sock->pending_reads == 1) {
158 packet_recv_enable(sock->packet);
159 }
160 return NT_STATUS_OK;
161 }
162
163 /*
164 send an initial pdu in a multi-pdu sequence
165 */
166 static NTSTATUS sock_send_request(struct dcerpc_connection *p, DATA_BLOB *data,
167 bool trigger_read)
168 {
169 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
170 DATA_BLOB blob;
171 NTSTATUS status;
172
173 if (sock->sock == NULL) {
174 return NT_STATUS_CONNECTION_DISCONNECTED;
175 }
176
177 blob = data_blob_talloc(sock->packet, data->data, data->length);
178 if (blob.data == NULL) {
179 return NT_STATUS_NO_MEMORY;
180 }
181
182 status = packet_send(sock->packet, blob);
183 if (!NT_STATUS_IS_OK(status)) {
184 return status;
185 }
186
187 if (trigger_read) {
188 sock_send_read(p);
189 }
190
191 return NT_STATUS_OK;
192 }
193
194 /*
195 shutdown sock pipe connection
196 */
197 static NTSTATUS sock_shutdown_pipe(struct dcerpc_connection *p, NTSTATUS status)
198 {
199 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
200
201 if (sock && sock->sock) {
202 sock_dead(p, status);
203 }
204
205 return status;
206 }
207
208 /*
209 return sock server name
210 */
211 static const char *sock_peer_name(struct dcerpc_connection *p)
212 {
213 struct sock_private *sock = talloc_get_type(p->transport.private_data, struct sock_private);
214 return sock->server_name;
215 }
216
217 /*
218 return remote name we make the actual connection (good for kerberos)
219 */
220 static const char *sock_target_hostname(struct dcerpc_connection *p)
221 {
222 struct sock_private *sock = talloc_get_type(p->transport.private_data, struct sock_private);
223 return sock->server_name;
224 }
225
226
227 struct pipe_open_socket_state {
228 struct dcerpc_connection *conn;
229 struct socket_context *socket_ctx;
230 struct sock_private *sock;
231 struct socket_address *localaddr;
232 struct socket_address *server;
233 const char *target_hostname;
234 enum dcerpc_transport_t transport;
235 };
236
237
238 static void continue_socket_connect(struct composite_context *ctx)
239 {
240 struct dcerpc_connection *conn;
241 struct sock_private *sock;
242 struct composite_context *c = talloc_get_type(ctx->async.private_data,
243 struct composite_context);
244 struct pipe_open_socket_state *s = talloc_get_type(c->private_data,
245 struct pipe_open_socket_state);
246
247 /* make it easier to write a function calls */
248 conn = s->conn;
249 sock = s->sock;
250
251 c->status = socket_connect_recv(ctx);
252 if (!NT_STATUS_IS_OK(c->status)) {
253 DEBUG(0, ("Failed to connect host %s on port %d - %s\n",
254 s->server->addr, s->server->port,
255 nt_errstr(c->status)));
256 composite_error(c, c->status);
257 return;
258 }
259
260 /*
261 fill in the transport methods
262 */
263 conn->transport.transport = s->transport;
264 conn->transport.private_data = NULL;
265
266 conn->transport.send_request = sock_send_request;
267 conn->transport.send_read = sock_send_read;
268 conn->transport.recv_data = NULL;
269
270 conn->transport.shutdown_pipe = sock_shutdown_pipe;
271 conn->transport.peer_name = sock_peer_name;
272 conn->transport.target_hostname = sock_target_hostname;
273
274 sock->sock = s->socket_ctx;
275 sock->pending_reads = 0;
276 sock->server_name = strupper_talloc(sock, s->target_hostname);
277
278 sock->fde = event_add_fd(conn->event_ctx, sock->sock, socket_get_fd(sock->sock),
279 EVENT_FD_READ, sock_io_handler, conn);
280
281 conn->transport.private_data = sock;
282
283 sock->packet = packet_init(sock);
284 if (sock->packet == NULL) {
285 composite_error(c, NT_STATUS_NO_MEMORY);
286 talloc_free(sock);
287 return;
288 }
289
290 packet_set_private(sock->packet, conn);
291 packet_set_socket(sock->packet, sock->sock);
292 packet_set_callback(sock->packet, sock_process_recv);
293 packet_set_full_request(sock->packet, sock_complete_packet);
294 packet_set_error_handler(sock->packet, sock_error_handler);
295 packet_set_event_context(sock->packet, conn->event_ctx);
296 packet_set_fde(sock->packet, sock->fde);
297 packet_set_serialise(sock->packet);
298 packet_set_initial_read(sock->packet, 16);
299
300 /* ensure we don't get SIGPIPE */
301 BlockSignals(true, SIGPIPE);
302
303 composite_done(c);
304 }
305
306
307 static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ctx,
308 struct dcerpc_connection *cn,
309 struct socket_address *localaddr,
310 struct socket_address *server,
311 const char *target_hostname,
312 const char *full_path,
313 enum dcerpc_transport_t transport)
314 {
315 struct composite_context *c;
316 struct pipe_open_socket_state *s;
317 struct composite_context *conn_req;
318
319 c = composite_create(mem_ctx, cn->event_ctx);
320 if (c == NULL) return NULL;
321
322 s = talloc_zero(c, struct pipe_open_socket_state);
323 if (composite_nomem(s, c)) return c;
324 c->private_data = s;
325
326 s->conn = cn;
327 s->transport = transport;
328 if (localaddr) {
329 s->localaddr = talloc_reference(c, localaddr);
330 if (composite_nomem(s->localaddr, c)) return c;
331 }
332 s->server = talloc_reference(c, server);
333 if (composite_nomem(s->server, c)) return c;
334 s->target_hostname = talloc_reference(s, target_hostname);
335
336 s->sock = talloc(cn, struct sock_private);
337 if (composite_nomem(s->sock, c)) return c;
338
339 c->status = socket_create(server->family, SOCKET_TYPE_STREAM, &s->socket_ctx, 0);
340 if (!composite_is_ok(c)) return c;
341
342 talloc_steal(s->sock, s->socket_ctx);
343
344 s->sock->path = talloc_reference(s->sock, full_path);
345
346 conn_req = socket_connect_send(s->socket_ctx, s->localaddr, s->server, 0,
347 c->event_ctx);
348 composite_continue(c, conn_req, continue_socket_connect, c);
349 return c;
350 }
351
352
353 static NTSTATUS dcerpc_pipe_open_socket_recv(struct composite_context *c)
354 {
355 NTSTATUS status = composite_wait(c);
356
357 talloc_free(c);
358 return status;
359 }
360
361 struct pipe_tcp_state {
362 const char *server;
363 const char *target_hostname;
364 const char *address;
365 uint32_t port;
366 struct socket_address *localaddr;
367 struct socket_address *srvaddr;
368 struct resolve_context *resolve_ctx;
369 struct dcerpc_connection *conn;
370 };
371
372
373 #if 0 /* disabled till we can resolve names to ipv6 addresses */
374 static void continue_ipv6_open_socket(struct composite_context *ctx);
375 #endif
376 static void continue_ipv4_open_socket(struct composite_context *ctx);
377 static void continue_ip_resolve_name(struct composite_context *ctx);
378
379 static void continue_ip_resolve_name(struct composite_context *ctx)
380 {
381 struct composite_context *c = talloc_get_type(ctx->async.private_data,
382 struct composite_context);
383 struct pipe_tcp_state *s = talloc_get_type(c->private_data,
384 struct pipe_tcp_state);
385 struct composite_context *sock_ipv4_req;
386
387 c->status = resolve_name_recv(ctx, s, &s->address);
388 if (!composite_is_ok(c)) return;
389
390 /* prepare server address using host ip:port and transport name */
391 s->srvaddr = socket_address_from_strings(s->conn, "ipv4", s->address, s->port);
392 if (composite_nomem(s->srvaddr, c)) return;
393
394 /* resolve_nbt_name gives only ipv4 ... - send socket open request */
395 sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
396 s->srvaddr, s->target_hostname,
397 NULL,
398 NCACN_IP_TCP);
399 composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c);
400 }
401
402 /*
403 Stage 2 of dcerpc_pipe_open_tcp_send: receive result of pipe open request
404 on IPv6 and send the request on IPv4 unless IPv6 transport succeeded.
405 */
406 #if 0 /* disabled till we can resolve names to ipv6 addresses */
407 static void continue_ipv6_open_socket(struct composite_context *ctx)
408 {
409 struct composite_context *c = talloc_get_type(ctx->async.private_data,
410 struct composite_context);
411 struct pipe_tcp_state *s = talloc_get_type(c->private_data,
412 struct pipe_tcp_state);
413 struct composite_context *sock_ipv4_req;
414
415 /* receive result of socket open request */
416 c->status = dcerpc_pipe_open_socket_recv(ctx);
417 if (NT_STATUS_IS_OK(c->status)) {
418 composite_done(c);
419 return;
420 }
421
422 talloc_free(s->srvaddr);
423
424 /* prepare server address using host:ip and transport name */
425 s->srvaddr = socket_address_from_strings(s->conn, "ipv4", s->address, s->port);
426 if (composite_nomem(s->srvaddr, c)) return;
427
428 /* try IPv4 if IPv6 fails */
429 sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
430 s->srvaddr, s->target_hostname,
431 NCACN_IP_TCP);
432 composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c);
433 }
434 #endif
435
436 /*
437 Stage 2 of dcerpc_pipe_open_tcp_send: receive result of pipe open request
438 on IPv4 transport.
439 */
440 static void continue_ipv4_open_socket(struct composite_context *ctx)
441 {
442 struct composite_context *c = talloc_get_type(ctx->async.private_data,
443 struct composite_context);
444 struct pipe_tcp_state *s = talloc_get_type(c->private_data,
445 struct pipe_tcp_state);
446
447 /* receive result socket open request */
448 c->status = dcerpc_pipe_open_socket_recv(ctx);
449 if (!NT_STATUS_IS_OK(c->status)) {
450 /* something went wrong... */
451 DEBUG(0, ("Failed to connect host %s (%s) on port %d - %s.\n",
452 s->address, s->target_hostname,
453 s->port, nt_errstr(c->status)));
454
455 composite_error(c, c->status);
456 return;
457 }
458
459 composite_done(c);
460 }
461
462 /*
463 Send rpc pipe open request to given host:port using
464 tcp/ip transport
465 */
466 struct composite_context* dcerpc_pipe_open_tcp_send(struct dcerpc_connection *conn,
467 const char *localaddr,
468 const char *server,
469 const char *target_hostname,
470 uint32_t port,
471 struct resolve_context *resolve_ctx)
472 {
473 struct composite_context *c;
474 struct pipe_tcp_state *s;
475 struct composite_context *resolve_req;
476 struct nbt_name name;
477
478 /* composite context allocation and setup */
479 c = composite_create(conn, conn->event_ctx);
480 if (c == NULL) return NULL;
481
482 s = talloc_zero(c, struct pipe_tcp_state);
483 if (composite_nomem(s, c)) return c;
484 c->private_data = s;
485
486 /* store input parameters in state structure */
487 s->server = talloc_strdup(c, server);
488 if (composite_nomem(s->server, c)) return c;
489 if (target_hostname) {
490 s->target_hostname = talloc_strdup(c, target_hostname);
491 if (composite_nomem(s->target_hostname, c)) return c;
492 }
493 s->port = port;
494 s->conn = conn;
495 s->resolve_ctx = resolve_ctx;
496 if (localaddr) {
497 s->localaddr = socket_address_from_strings(s, "ip", localaddr, 0);
498 /* if there is no localaddr, we pass NULL for
499 s->localaddr, which is handled by the socket libraries as
500 meaning no local binding address specified */
501 }
502
503 make_nbt_name_server(&name, server);
504 resolve_req = resolve_name_send(resolve_ctx, s, &name, c->event_ctx);
505 composite_continue(c, resolve_req, continue_ip_resolve_name, c);
506 return c;
507 }
508
509 /*
510 Receive result of pipe open request on tcp/ip
511 */
512 NTSTATUS dcerpc_pipe_open_tcp_recv(struct composite_context *c)
513 {
514 NTSTATUS status;
515 status = composite_wait(c);
516
517 talloc_free(c);
518 return status;
519 }
520
521
522 struct pipe_unix_state {
523 const char *path;
524 struct socket_address *srvaddr;
525 struct dcerpc_connection *conn;
526 };
527
528
529 /*
530 Stage 2 of dcerpc_pipe_open_unix_stream_send: receive result of pipe open
531 request on unix socket.
532 */
533 static void continue_unix_open_socket(struct composite_context *ctx)
534 {
535 struct composite_context *c = talloc_get_type(ctx->async.private_data,
536 struct composite_context);
537
538 c->status = dcerpc_pipe_open_socket_recv(ctx);
539 if (NT_STATUS_IS_OK(c->status)) {
540 composite_done(c);
541 return;
542 }
543
544 composite_error(c, c->status);
545 }
546
547
548 /*
549 Send pipe open request on unix socket
550 */
551 struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcerpc_connection *conn,
552 const char *path)
553 {
554 struct composite_context *c;
555 struct composite_context *sock_unix_req;
556 struct pipe_unix_state *s;
557
558 /* composite context allocation and setup */
559 c = composite_create(conn, conn->event_ctx);
560 if (c == NULL) return NULL;
561
562 s = talloc_zero(c, struct pipe_unix_state);
563 if (composite_nomem(s, c)) return c;
564 c->private_data = s;
565
566 /* store parameters in state structure */
567 s->path = talloc_strdup(c, path);
568 if (composite_nomem(s->path, c)) return c;
569 s->conn = conn;
570
571 /* prepare server address using socket path and transport name */
572 s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0);
573 if (composite_nomem(s->srvaddr, c)) return c;
574
575 /* send socket open request */
576 sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL,
577 s->srvaddr, NULL,
578 s->path,
579 NCALRPC);
580 composite_continue(c, sock_unix_req, continue_unix_open_socket, c);
581 return c;
582 }
583
584
585 /*
586 Receive result of pipe open request on unix socket
587 */
588 NTSTATUS dcerpc_pipe_open_unix_stream_recv(struct composite_context *c)
589 {
590 NTSTATUS status = composite_wait(c);
591
592 talloc_free(c);
593 return status;
594 }
595
596
597 /*
598 Stage 2 of dcerpc_pipe_open_pipe_send: receive socket open request
599 */
600 static void continue_np_open_socket(struct composite_context *ctx)
601 {
602 struct composite_context *c = talloc_get_type(ctx->async.private_data,
603 struct composite_context);
604
605 c->status = dcerpc_pipe_open_socket_recv(ctx);
606 if (!composite_is_ok(c)) return;
607
608 composite_done(c);
609 }
610
611
612 /*
613 Send pipe open request on ncalrpc
614 */
615 struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *conn,
616 const char *ncalrpc_dir,
617 const char *identifier)
618 {
619 char *canon = NULL;
620
621 struct composite_context *c;
622 struct composite_context *sock_np_req;
623 struct pipe_unix_state *s;
624
625 /* composite context allocation and setup */
626 c = composite_create(conn, conn->event_ctx);
627 if (c == NULL) return NULL;
628
629 s = talloc_zero(c, struct pipe_unix_state);
630 if (composite_nomem(s, c)) return c;
631 c->private_data = s;
632
633 /* store parameters in state structure */
634 canon = talloc_strdup(s, identifier);
635 if (composite_nomem(canon, c)) return c;
636 s->conn = conn;
637
638 string_replace(canon, '/', '\\');
639 s->path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon);
640 if (composite_nomem(s->path, c)) return c;
641
642 /* prepare server address using path and transport name */
643 s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0);
644 if (composite_nomem(s->srvaddr, c)) return c;
645
646 /* send socket open request */
647 sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC);
648 composite_continue(c, sock_np_req, continue_np_open_socket, c);
649 return c;
650 }
651
652
653 /*
654 Receive result of pipe open request on ncalrpc
655 */
656 NTSTATUS dcerpc_pipe_open_pipe_recv(struct composite_context *c)
657 {
658 NTSTATUS status = composite_wait(c);
659
660 talloc_free(c);
661 return status;
662 }
663
664
665 /*
666 Open a rpc pipe on a named pipe - sync version
667 */
668 NTSTATUS dcerpc_pipe_open_pipe(struct dcerpc_connection *conn, const char *ncalrpc_dir, const char *identifier)
669 {
670 struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier);
671 return dcerpc_pipe_open_pipe_recv(c);
672 }
673
674 const char *dcerpc_unix_socket_path(struct dcerpc_connection *p)
675 {
676 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
677 return sock->path;
678 }
679
680 struct socket_address *dcerpc_socket_peer_addr(struct dcerpc_connection *p, TALLOC_CTX *mem_ctx)
681 {
682 struct sock_private *sock = (struct sock_private *)p->transport.private_data;
683 return socket_get_peer_addr(sock->sock, mem_ctx);
684 }
685
Samba GIT mirror