search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
samba-tool group removemembers: adapt functionality to addmembers command
[Samba.git] / source4 / rpc_server / handles.c
blobf0947efc95b7ba5570c82fd55502e2988bc6cc8b
1 /*
2 Unix SMB/CIFS implementation.
3
4 server side dcerpc handle code
5
6 Copyright (C) Andrew Tridgell 2003
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "lib/util/dlinklist.h"
24 #include "rpc_server/dcerpc_server.h"
25 #include "libcli/security/security.h"
26 #include "librpc/gen_ndr/auth.h"
27
28 /*
29 destroy a rpc handle
30 */
31 static int dcesrv_handle_destructor(struct dcesrv_handle *h)
32 {
33 DLIST_REMOVE(h->assoc_group->handles, h);
34 return 0;
35 }
36
37
38 /*
39 allocate a new rpc handle
40 */
41 _PUBLIC_
42 struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
43 uint8_t handle_type)
44 {
45 struct dcesrv_connection_context *context = call->context;
46 struct auth_session_info *session_info =
47 dcesrv_call_session_info(call);
48 struct dcesrv_handle *h;
49 struct dom_sid *sid;
50
51 /*
52 * For simplicty, ensure we abort here for an interface that has no handles (programmer error)
53 */
54 SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
55
56 sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
57
58 h = talloc_zero(context->conn->assoc_group, struct dcesrv_handle);
59 if (!h) {
60 return NULL;
61 }
62 h->data = NULL;
63 h->sid = dom_sid_dup(h, sid);
64 if (h->sid == NULL) {
65 talloc_free(h);
66 return NULL;
67 }
68 h->min_auth_level = call->auth_state->auth_level;
69 h->assoc_group = context->conn->assoc_group;
70 h->iface = context->iface;
71 h->wire_handle.handle_type = handle_type;
72 h->wire_handle.uuid = GUID_random();
73
74 DLIST_ADD(context->conn->assoc_group->handles, h);
75
76 talloc_set_destructor(h, dcesrv_handle_destructor);
77
78 return h;
79 }
80
81 /**
82 find an internal handle given a wire handle. If the wire handle is NULL then
83 allocate a new handle
84 */
85
86 _PUBLIC_
87 struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
88 const struct policy_handle *p,
89 uint8_t handle_type)
90 {
91 struct dcesrv_connection_context *context = call->context;
92 struct auth_session_info *session_info =
93 dcesrv_call_session_info(call);
94 struct dcesrv_handle *h;
95 struct dom_sid *sid;
96
97 /*
98 * For simplicty, ensure we abort here for an interface that has no handles (programmer error)
99 */
100 SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
101
102 sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
103
104 if (ndr_policy_handle_empty(p)) {
105 /* TODO: we should probably return a NULL handle here */
106 return dcesrv_handle_create(call, handle_type);
107 }
108
109 for (h=context->conn->assoc_group->handles; h; h=h->next) {
110 if (h->wire_handle.handle_type == p->handle_type &&
111 GUID_equal(&p->uuid, &h->wire_handle.uuid)) {
112 if (handle_type != DCESRV_HANDLE_ANY &&
113 p->handle_type != handle_type) {
114 DEBUG(0,("client gave us the wrong handle type (%d should be %d)\n",
115 p->handle_type, handle_type));
116 return NULL;
117 }
118 if (!dom_sid_equal(h->sid, sid)) {
119 struct dom_sid_buf buf1, buf2;
120 DBG_ERR("Attempt to use invalid sid %s - %s\n",
121 dom_sid_str_buf(h->sid, &buf1),
122 dom_sid_str_buf(sid, &buf2));
123 return NULL;
124 }
125 if (call->auth_state->auth_level < h->min_auth_level) {
126 DEBUG(0,(__location__ ": Attempt to use invalid auth_level %u < %u\n",
127 call->auth_state->auth_level,
128 h->min_auth_level));
129 return NULL;
130 }
131 if (h->iface != context->iface) {
132 DEBUG(0,(__location__ ": Attempt to use invalid iface\n"));
133 return NULL;
134 }
135 return h;
136 }
137 }
138
139 return NULL;
140 }
141
142 struct dcesrv_iface_state {
143 struct dcesrv_iface_state *prev, *next;
144 struct dcesrv_assoc_group *assoc;
145 const struct dcesrv_interface *iface;
146 struct dom_sid owner;
147 const struct dcesrv_connection *conn;
148 const struct dcesrv_auth *auth;
149 const struct dcesrv_connection_context *pres;
150 uint64_t magic;
151 void *ptr;
152 const char *location;
153 };
154
155 static int dcesrv_iface_state_destructor(struct dcesrv_iface_state *istate)
156 {
157 DLIST_REMOVE(istate->assoc->iface_states, istate);
158 return 0;
159 }
160
161 static void *dcesrv_iface_state_find(struct dcesrv_assoc_group *assoc,
162 const struct dcesrv_interface *iface,
163 const struct dom_sid *owner,
164 const struct dcesrv_connection *conn,
165 const struct dcesrv_auth *auth,
166 const struct dcesrv_connection_context *pres,
167 uint64_t magic,
168 const void *ptr)
169 {
170 struct dcesrv_iface_state *cur = NULL;
171
172 for (cur = assoc->iface_states; cur != NULL; cur = cur->next) {
173 bool match;
174
175 SMB_ASSERT(cur->assoc == assoc);
176
177 if (cur->ptr == ptr) {
178 return cur->ptr;
179 }
180
181 if (cur->iface != iface) {
182 continue;
183 }
184
185 match = dom_sid_equal(&cur->owner, owner);
186 if (!match) {
187 continue;
188 }
189
190 if (cur->conn != conn) {
191 continue;
192 }
193
194 if (cur->auth != auth) {
195 continue;
196 }
197
198 if (cur->pres != pres) {
199 continue;
200 }
201
202 if (cur->magic != magic) {
203 continue;
204 }
205
206 return cur->ptr;
207 }
208
209 return NULL;
210 }
211
212 static NTSTATUS dcesrv_iface_state_store(struct dcesrv_assoc_group *assoc,
213 const struct dcesrv_interface *iface,
214 const struct dom_sid *owner,
215 const struct dcesrv_connection *conn,
216 const struct dcesrv_auth *auth,
217 const struct dcesrv_connection_context *pres,
218 uint64_t magic,
219 TALLOC_CTX *mem_ctx,
220 void *ptr,
221 const char *location)
222 {
223 struct dcesrv_iface_state *istate = NULL;
224 void *optr = NULL;
225
226 optr = dcesrv_iface_state_find(assoc,
227 iface,
228 owner,
229 conn,
230 auth,
231 pres,
232 magic,
233 ptr);
234 if (optr != NULL) {
235 return NT_STATUS_OBJECTID_EXISTS;
236 }
237
238 istate = talloc_zero(ptr, struct dcesrv_iface_state);
239 if (istate == NULL) {
240 return NT_STATUS_NO_MEMORY;
241 }
242
243 *istate = (struct dcesrv_iface_state) {
244 .assoc = assoc,
245 .iface = iface,
246 .owner = *owner,
247 .conn = conn,
248 .auth = auth,
249 .pres = pres,
250 .magic = magic,
251 .location = location,
252 };
253
254 istate->ptr = talloc_steal(mem_ctx, ptr);
255
256 talloc_set_destructor(istate, dcesrv_iface_state_destructor);
257
258 DLIST_ADD_END(assoc->iface_states, istate);
259
260 return NT_STATUS_OK;
261 }
262
263 NTSTATUS _dcesrv_iface_state_store_assoc(struct dcesrv_call_state *call,
264 uint64_t magic,
265 void *ptr,
266 const char *location)
267 {
268 struct auth_session_info *session_info =
269 dcesrv_call_session_info(call);
270 const struct dom_sid *owner =
271 &session_info->security_token->sids[0];
272 NTSTATUS status;
273
274 status = dcesrv_iface_state_store(call->conn->assoc_group,
275 call->context->iface,
276 owner,
277 NULL, /* conn */
278 NULL, /* auth */
279 NULL, /* pres */
280 magic,
281 call->conn->assoc_group, /* mem_ctx */
282 ptr,
283 location);
284 if (!NT_STATUS_IS_OK(status)) {
285 return status;
286 }
287
288 return NT_STATUS_OK;
289 }
290
291 void *_dcesrv_iface_state_find_assoc(struct dcesrv_call_state *call, uint64_t magic)
292 {
293 struct auth_session_info *session_info =
294 dcesrv_call_session_info(call);
295 const struct dom_sid *owner =
296 &session_info->security_token->sids[0];
297 void *ptr = NULL;
298
299 ptr = dcesrv_iface_state_find(call->conn->assoc_group,
300 call->context->iface,
301 owner,
302 NULL, /* conn */
303 NULL, /* auth */
304 NULL, /* pres */
305 magic,
306 NULL); /* ptr */
307 if (ptr == NULL) {
308 return NULL;
309 }
310
311 return ptr;
312 }
313
314 NTSTATUS _dcesrv_iface_state_store_conn(struct dcesrv_call_state *call,
315 uint64_t magic,
316 void *ptr,
317 const char *location)
318 {
319 struct auth_session_info *session_info =
320 dcesrv_call_session_info(call);
321 const struct dom_sid *owner =
322 &session_info->security_token->sids[0];
323 NTSTATUS status;
324
325 status = dcesrv_iface_state_store(call->conn->assoc_group,
326 call->context->iface,
327 owner,
328 call->conn,
329 call->auth_state,
330 call->context,
331 magic,
332 call->conn, /* mem_ctx */
333 ptr,
334 location);
335 if (!NT_STATUS_IS_OK(status)) {
336 return status;
337 }
338
339 return NT_STATUS_OK;
340 }
341
342 void *_dcesrv_iface_state_find_conn(struct dcesrv_call_state *call, uint64_t magic)
343 {
344 struct auth_session_info *session_info =
345 dcesrv_call_session_info(call);
346 const struct dom_sid *owner =
347 &session_info->security_token->sids[0];
348 void *ptr = NULL;
349
350 ptr = dcesrv_iface_state_find(call->conn->assoc_group,
351 call->context->iface,
352 owner,
353 call->conn,
354 call->auth_state,
355 call->context,
356 magic,
357 NULL); /* ptr */
358 if (ptr == NULL) {
359 return NULL;
360 }
361
362 return ptr;
363 }
Samba GIT mirror