search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3: fix crash in winbindd (similar to commit f8cc0e88fbbb082ead023e0cb437b1e12cf35459)
[Samba.git] / source3 / rpc_client / rpc_transport_np.c
blobfe3303095d7696f0924090130a5a1fb2ca1efa83
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC client transport over named pipes
4 * Copyright (C) Volker Lendecke 2009
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21
22 #undef DBGC_CLASS
23 #define DBGC_CLASS DBGC_RPC_CLI
24
25 struct rpc_transport_np_state {
26 struct cli_state *cli;
27 const char *pipe_name;
28 uint16_t fnum;
29 };
30
31 static int rpc_transport_np_state_destructor(struct rpc_transport_np_state *s)
32 {
33 bool ret;
34
35 if (s->cli->fd == -1) {
36 DEBUG(10, ("socket was closed, no need to send close request.\n"));
37 return 0;
38 }
39
40 ret = cli_close(s->cli, s->fnum);
41 if (!ret) {
42 DEBUG(1, ("rpc_transport_np_state_destructor: cli_close "
43 "failed on pipe %s. Error was %s\n", s->pipe_name,
44 cli_errstr(s->cli)));
45 }
46 DEBUG(10, ("rpc_pipe_destructor: closed %s\n", s->pipe_name));
47 /*
48 * We can't do much on failure
49 */
50 return 0;
51 }
52
53 struct rpc_np_write_state {
54 size_t size;
55 size_t written;
56 };
57
58 static void rpc_np_write_done(struct async_req *subreq);
59
60 static struct async_req *rpc_np_write_send(TALLOC_CTX *mem_ctx,
61 struct event_context *ev,
62 const uint8_t *data, size_t size,
63 void *priv)
64 {
65 struct rpc_transport_np_state *np_transport = talloc_get_type_abort(
66 priv, struct rpc_transport_np_state);
67 struct async_req *result, *subreq;
68 struct rpc_np_write_state *state;
69
70 if (!async_req_setup(mem_ctx, &result, &state,
71 struct rpc_np_write_state)) {
72 return NULL;
73 }
74 state->size = size;
75
76 subreq = cli_write_andx_send(mem_ctx, ev, np_transport->cli,
77 np_transport->fnum,
78 8, /* 8 means message mode. */
79 data, 0, size);
80 if (subreq == NULL) {
81 goto fail;
82 }
83 subreq->async.fn = rpc_np_write_done;
84 subreq->async.priv = result;
85 return result;
86 fail:
87 TALLOC_FREE(result);
88 return NULL;
89 }
90
91 static void rpc_np_write_done(struct async_req *subreq)
92 {
93 struct async_req *req = talloc_get_type_abort(
94 subreq->async.priv, struct async_req);
95 struct rpc_np_write_state *state = talloc_get_type_abort(
96 req->private_data, struct rpc_np_write_state);
97 NTSTATUS status;
98
99 status = cli_write_andx_recv(subreq, &state->written);
100 TALLOC_FREE(subreq);
101 if (!NT_STATUS_IS_OK(status)) {
102 async_req_nterror(req, status);
103 return;
104 }
105 async_req_done(req);
106 }
107
108 static NTSTATUS rpc_np_write_recv(struct async_req *req, ssize_t *pwritten)
109 {
110 struct rpc_np_write_state *state = talloc_get_type_abort(
111 req->private_data, struct rpc_np_write_state);
112 NTSTATUS status;
113
114 if (async_req_is_nterror(req, &status)) {
115 return status;
116 }
117 *pwritten = state->written;
118 return NT_STATUS_OK;
119 }
120
121 struct rpc_np_read_state {
122 uint8_t *data;
123 size_t size;
124 ssize_t received;
125 };
126
127 static void rpc_np_read_done(struct async_req *subreq);
128
129 static struct async_req *rpc_np_read_send(TALLOC_CTX *mem_ctx,
130 struct event_context *ev,
131 uint8_t *data, size_t size,
132 void *priv)
133 {
134 struct rpc_transport_np_state *np_transport = talloc_get_type_abort(
135 priv, struct rpc_transport_np_state);
136 struct async_req *result, *subreq;
137 struct rpc_np_read_state *state;
138
139 if (!async_req_setup(mem_ctx, &result, &state,
140 struct rpc_np_read_state)) {
141 return NULL;
142 }
143 state->data = data;
144 state->size = size;
145
146 subreq = cli_read_andx_send(mem_ctx, ev, np_transport->cli,
147 np_transport->fnum, 0, size);
148 if (subreq == NULL) {
149 goto fail;
150 }
151 subreq->async.fn = rpc_np_read_done;
152 subreq->async.priv = result;
153 return result;
154 fail:
155 TALLOC_FREE(result);
156 return NULL;
157 }
158
159 static void rpc_np_read_done(struct async_req *subreq)
160 {
161 struct async_req *req = talloc_get_type_abort(
162 subreq->async.priv, struct async_req);
163 struct rpc_np_read_state *state = talloc_get_type_abort(
164 req->private_data, struct rpc_np_read_state);
165 NTSTATUS status;
166 uint8_t *rcvbuf;
167
168 /* We must free subreq in this function as there is
169 a timer event attached to it. */
170
171 status = cli_read_andx_recv(subreq, &state->received, &rcvbuf);
172 /*
173 * We can't TALLOC_FREE(subreq) as usual here, as rcvbuf still is a
174 * child of that.
175 */
176 if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
177 status = NT_STATUS_OK;
178 }
179 if (!NT_STATUS_IS_OK(status)) {
180 TALLOC_FREE(subreq);
181 async_req_nterror(req, status);
182 return;
183 }
184
185 if (state->received > state->size) {
186 TALLOC_FREE(subreq);
187 async_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
188 return;
189 }
190
191 if (state->received == 0) {
192 TALLOC_FREE(subreq);
193 async_req_nterror(req, NT_STATUS_PIPE_BROKEN);
194 return;
195 }
196
197 memcpy(state->data, rcvbuf, state->received);
198 TALLOC_FREE(subreq);
199 async_req_done(req);
200 }
201
202 static NTSTATUS rpc_np_read_recv(struct async_req *req, ssize_t *preceived)
203 {
204 struct rpc_np_read_state *state = talloc_get_type_abort(
205 req->private_data, struct rpc_np_read_state);
206 NTSTATUS status;
207
208 if (async_req_is_nterror(req, &status)) {
209 return status;
210 }
211 *preceived = state->received;
212 return NT_STATUS_OK;
213 }
214
215 struct rpc_np_trans_state {
216 uint16_t setup[2];
217 uint8_t *rdata;
218 uint32_t rdata_len;
219 };
220
221 static void rpc_np_trans_done(struct async_req *subreq);
222
223 static struct async_req *rpc_np_trans_send(TALLOC_CTX *mem_ctx,
224 struct event_context *ev,
225 uint8_t *data, size_t data_len,
226 uint32_t max_rdata_len,
227 void *priv)
228 {
229 struct rpc_transport_np_state *np_transport = talloc_get_type_abort(
230 priv, struct rpc_transport_np_state);
231 struct async_req *result, *subreq;
232 struct rpc_np_trans_state *state;
233
234 if (!async_req_setup(mem_ctx, &result, &state,
235 struct rpc_np_trans_state)) {
236 return NULL;
237 }
238
239 SSVAL(state->setup+0, 0, TRANSACT_DCERPCCMD);
240 SSVAL(state->setup+1, 0, np_transport->fnum);
241
242 subreq = cli_trans_send(
243 state, ev, np_transport->cli, SMBtrans,
244 "\\PIPE\\", 0, 0, 0, state->setup, 2, 0,
245 NULL, 0, 0, data, data_len, max_rdata_len);
246 if (subreq == NULL) {
247 goto fail;
248 }
249 subreq->async.fn = rpc_np_trans_done;
250 subreq->async.priv = result;
251 return result;
252
253 fail:
254 TALLOC_FREE(result);
255 return NULL;
256 }
257
258 static void rpc_np_trans_done(struct async_req *subreq)
259 {
260 struct async_req *req = talloc_get_type_abort(
261 subreq->async.priv, struct async_req);
262 struct rpc_np_trans_state *state = talloc_get_type_abort(
263 req->private_data, struct rpc_np_trans_state);
264 NTSTATUS status;
265
266 status = cli_trans_recv(subreq, state, NULL, NULL, NULL, NULL,
267 &state->rdata, &state->rdata_len);
268 TALLOC_FREE(subreq);
269 if (!NT_STATUS_IS_OK(status)) {
270 async_req_nterror(req, status);
271 return;
272 }
273 async_req_done(req);
274 }
275
276 static NTSTATUS rpc_np_trans_recv(struct async_req *req, TALLOC_CTX *mem_ctx,
277 uint8_t **prdata, uint32_t *prdata_len)
278 {
279 struct rpc_np_trans_state *state = talloc_get_type_abort(
280 req->private_data, struct rpc_np_trans_state);
281 NTSTATUS status;
282
283 if (async_req_is_nterror(req, &status)) {
284 return status;
285 }
286 *prdata = talloc_move(mem_ctx, &state->rdata);
287 *prdata_len = state->rdata_len;
288 return NT_STATUS_OK;
289 }
290
291 struct rpc_transport_np_init_state {
292 struct rpc_cli_transport *transport;
293 struct rpc_transport_np_state *transport_np;
294 };
295
296 static void rpc_transport_np_init_pipe_open(struct async_req *subreq);
297
298 struct async_req *rpc_transport_np_init_send(TALLOC_CTX *mem_ctx,
299 struct event_context *ev,
300 struct cli_state *cli,
301 const struct ndr_syntax_id *abstract_syntax)
302 {
303 struct async_req *result, *subreq;
304 struct rpc_transport_np_init_state *state;
305
306 if (!async_req_setup(mem_ctx, &result, &state,
307 struct rpc_transport_np_init_state)) {
308 return NULL;
309 }
310
311 state->transport = talloc(state, struct rpc_cli_transport);
312 if (state->transport == NULL) {
313 goto fail;
314 }
315 state->transport_np = talloc(state->transport,
316 struct rpc_transport_np_state);
317 if (state->transport_np == NULL) {
318 goto fail;
319 }
320 state->transport->priv = state->transport_np;
321
322 state->transport_np->pipe_name = get_pipe_name_from_iface(
323 abstract_syntax);
324 state->transport_np->cli = cli;
325
326 subreq = cli_ntcreate_send(
327 state, ev, cli, state->transport_np->pipe_name, 0,
328 DESIRED_ACCESS_PIPE, 0, FILE_SHARE_READ|FILE_SHARE_WRITE,
329 FILE_OPEN, 0, 0);
330 if (subreq == NULL) {
331 goto fail;
332 }
333 subreq->async.fn = rpc_transport_np_init_pipe_open;
334 subreq->async.priv = result;
335 return result;
336
337 fail:
338 TALLOC_FREE(result);
339 return NULL;
340 }
341
342 static void rpc_transport_np_init_pipe_open(struct async_req *subreq)
343 {
344 struct async_req *req = talloc_get_type_abort(
345 subreq->async.priv, struct async_req);
346 struct rpc_transport_np_init_state *state = talloc_get_type_abort(
347 req->private_data, struct rpc_transport_np_init_state);
348 NTSTATUS status;
349
350 status = cli_ntcreate_recv(subreq, &state->transport_np->fnum);
351 TALLOC_FREE(subreq);
352 if (!NT_STATUS_IS_OK(status)) {
353 async_req_nterror(req, status);
354 return;
355 }
356
357 talloc_set_destructor(state->transport_np,
358 rpc_transport_np_state_destructor);
359 async_req_done(req);
360 }
361
362 NTSTATUS rpc_transport_np_init_recv(struct async_req *req,
363 TALLOC_CTX *mem_ctx,
364 struct rpc_cli_transport **presult)
365 {
366 struct rpc_transport_np_init_state *state = talloc_get_type_abort(
367 req->private_data, struct rpc_transport_np_init_state);
368 NTSTATUS status;
369
370 if (async_req_is_nterror(req, &status)) {
371 return status;
372 }
373
374 state->transport->write_send = rpc_np_write_send;
375 state->transport->write_recv = rpc_np_write_recv;
376 state->transport->read_send = rpc_np_read_send;
377 state->transport->read_recv = rpc_np_read_recv;
378 state->transport->trans_send = rpc_np_trans_send;
379 state->transport->trans_recv = rpc_np_trans_recv;
380
381 *presult = talloc_move(mem_ctx, &state->transport);
382 return NT_STATUS_OK;
383 }
384
385 NTSTATUS rpc_transport_np_init(TALLOC_CTX *mem_ctx, struct cli_state *cli,
386 const struct ndr_syntax_id *abstract_syntax,
387 struct rpc_cli_transport **presult)
388 {
389 TALLOC_CTX *frame = talloc_stackframe();
390 struct event_context *ev;
391 struct async_req *req;
392 NTSTATUS status;
393
394 ev = event_context_init(frame);
395 if (ev == NULL) {
396 status = NT_STATUS_NO_MEMORY;
397 goto fail;
398 }
399
400 req = rpc_transport_np_init_send(frame, ev, cli, abstract_syntax);
401 if (req == NULL) {
402 status = NT_STATUS_NO_MEMORY;
403 goto fail;
404 }
405
406 while (req->state < ASYNC_REQ_DONE) {
407 event_loop_once(ev);
408 }
409
410 status = rpc_transport_np_init_recv(req, mem_ctx, presult);
411 fail:
412 TALLOC_FREE(frame);
413 return status;
414 }
415
416 struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p)
417 {
418 struct rpc_transport_np_state *state = talloc_get_type(
419 p->transport->priv, struct rpc_transport_np_state);
420
421 if (state == NULL) {
422 return NULL;
423 }
424 return state->cli;
425 }
Samba GIT mirror