search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:rpc_server: Fix hidden strict aliasing issues
[Samba.git] / source3 / rpc_server / rpc_server.c
blob747562e3a3b44fcdfb828887cfcc962e47e84fae
1 /*
2 Unix SMB/Netbios implementation.
3 Generic infrstructure for RPC Daemons
4 Copyright (C) Simo Sorce 2010
5 Copyright (C) Andrew Bartlett 2011
6 Copyright (C) Andreas Schneider 2011
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "rpc_server/rpc_pipes.h"
24 #include "rpc_server/rpc_server.h"
25 #include "rpc_server/rpc_config.h"
26 #include "rpc_dce.h"
27 #include "librpc/gen_ndr/netlogon.h"
28 #include "librpc/gen_ndr/auth.h"
29 #include "lib/tsocket/tsocket.h"
30 #include "libcli/named_pipe_auth/npa_tstream.h"
31 #include "../auth/auth_sam_reply.h"
32 #include "auth.h"
33 #include "rpc_server/rpc_ncacn_np.h"
34 #include "rpc_server/srv_pipe_hnd.h"
35 #include "rpc_server/srv_pipe.h"
36
37 /* Creates a pipes_struct and initializes it with the information
38 * sent from the client */
39 int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
40 struct messaging_context *msg_ctx,
41 const char *pipe_name,
42 enum dcerpc_transport_t transport,
43 const struct tsocket_address *remote_address,
44 const struct tsocket_address *local_address,
45 struct auth_session_info **psession_info,
46 struct pipes_struct **_p,
47 int *perrno)
48 {
49 struct auth_session_info *session_info = *psession_info;
50 struct pipes_struct *p;
51 int ret;
52
53 ret = make_base_pipes_struct(mem_ctx, msg_ctx, pipe_name,
54 transport, RPC_LITTLE_ENDIAN,
55 remote_address, local_address, &p);
56 if (ret) {
57 *perrno = ret;
58 return -1;
59 }
60
61 if ((session_info->unix_token == NULL) ||
62 (session_info->unix_info == NULL) ||
63 (session_info->security_token == NULL)) {
64 DBG_ERR("Supplied session_info was incomplete!\n");
65 TALLOC_FREE(p);
66 *perrno = EINVAL;
67 return -1;
68 }
69
70 /* Don't call create_local_token(), we already have the full details here */
71 p->session_info = talloc_move(p, psession_info);
72
73 *_p = p;
74 return 0;
75 }
76
77 /* Start listening on the appropriate unix socket and setup all is needed to
78 * dispatch requests to the pipes rpc implementation */
79
80 struct dcerpc_ncacn_listen_state {
81 struct ndr_syntax_id syntax_id;
82
83 int fd;
84 union {
85 char *name;
86 uint16_t port;
87 } ep;
88
89 struct tevent_context *ev_ctx;
90 struct messaging_context *msg_ctx;
91 dcerpc_ncacn_disconnect_fn disconnect_fn;
92 };
93
94 static void dcesrv_ncacn_np_listener(struct tevent_context *ev,
95 struct tevent_fd *fde,
96 uint16_t flags,
97 void *private_data);
98
99 NTSTATUS dcesrv_create_ncacn_np_socket(const char *pipe_name, int *out_fd)
100 {
101 char *np_dir = NULL;
102 int fd = -1;
103 NTSTATUS status;
104
105 /*
106 * As lp_ncalrpc_dir() should have 0755, but
107 * lp_ncalrpc_dir()/np should have 0700, we need to
108 * create lp_ncalrpc_dir() first.
109 */
110 if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) {
111 status = map_nt_error_from_unix_common(errno);
112 DBG_ERR("Failed to create pipe directory %s - %s\n",
113 lp_ncalrpc_dir(), strerror(errno));
114 goto out;
115 }
116
117 np_dir = talloc_asprintf(talloc_tos(), "%s/np", lp_ncalrpc_dir());
118 if (!np_dir) {
119 status = NT_STATUS_NO_MEMORY;
120 DBG_ERR("Out of memory\n");
121 goto out;
122 }
123
124 if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) {
125 status = map_nt_error_from_unix_common(errno);
126 DBG_ERR("Failed to create pipe directory %s - %s\n",
127 np_dir, strerror(errno));
128 goto out;
129 }
130
131 fd = create_pipe_sock(np_dir, pipe_name, 0700);
132 if (fd == -1) {
133 status = map_nt_error_from_unix_common(errno);
134 DBG_ERR("Failed to create ncacn_np socket! '%s/%s': %s\n",
135 np_dir, pipe_name, strerror(errno));
136 goto out;
137 }
138
139 DBG_DEBUG("Opened pipe socket fd %d for %s\n", fd, pipe_name);
140
141 *out_fd = fd;
142
143 status = NT_STATUS_OK;
144
145 out:
146 talloc_free(np_dir);
147 return status;
148 }
149
150 NTSTATUS dcesrv_setup_ncacn_np_socket(const char *pipe_name,
151 struct tevent_context *ev_ctx,
152 struct messaging_context *msg_ctx)
153 {
154 struct dcerpc_ncacn_listen_state *state;
155 struct tevent_fd *fde;
156 int rc;
157 NTSTATUS status;
158
159 state = talloc_zero(ev_ctx, struct dcerpc_ncacn_listen_state);
160 if (state == NULL) {
161 DBG_ERR("Out of memory\n");
162 return NT_STATUS_NO_MEMORY;
163 }
164 state->fd = -1;
165 state->ep.name = talloc_strdup(state, pipe_name);
166 if (state->ep.name == NULL) {
167 DBG_ERR("Out of memory\n");
168 status = NT_STATUS_NO_MEMORY;
169 goto out;
170 }
171 status = dcesrv_create_ncacn_np_socket(pipe_name, &state->fd);
172 if (!NT_STATUS_IS_OK(status)) {
173 goto out;
174 }
175
176 rc = listen(state->fd, 5);
177 if (rc < 0) {
178 status = map_nt_error_from_unix_common(errno);
179 DBG_ERR("Failed to listen on ncacn_np socket %s: %s\n",
180 pipe_name, strerror(errno));
181 goto out;
182 }
183
184 state->ev_ctx = ev_ctx;
185 state->msg_ctx = msg_ctx;
186
187 DBG_DEBUG("Opened pipe socket fd %d for %s\n",
188 state->fd, pipe_name);
189
190 errno = 0;
191 fde = tevent_add_fd(ev_ctx,
192 state, state->fd, TEVENT_FD_READ,
193 dcesrv_ncacn_np_listener, state);
194 if (fde == NULL) {
195 if (errno == 0) {
196 errno = ENOMEM;
197 }
198 status = map_nt_error_from_unix_common(errno);
199 DBG_ERR("Failed to add event handler for ncacn_np: %s\n",
200 strerror(errno));
201 goto out;
202 }
203
204 tevent_fd_set_auto_close(fde);
205 return NT_STATUS_OK;
206
207 out:
208 if (state->fd != -1) {
209 close(state->fd);
210 }
211 TALLOC_FREE(state);
212 return status;
213 }
214
215 static void dcesrv_ncacn_np_listener(struct tevent_context *ev,
216 struct tevent_fd *fde,
217 uint16_t flags,
218 void *private_data)
219 {
220 struct dcerpc_ncacn_listen_state *state =
221 talloc_get_type_abort(private_data,
222 struct dcerpc_ncacn_listen_state);
223 struct samba_sockaddr addr = {
224 .sa_socklen = sizeof(struct sockaddr_un),
225 };
226 int sd = -1;
227
228 /* TODO: should we have a limit to the number of clients ? */
229
230 sd = accept(state->fd, &addr.u.sa, &addr.sa_socklen);
231
232 if (sd == -1) {
233 if (errno != EINTR) {
234 DEBUG(6, ("Failed to get a valid socket [%s]\n",
235 strerror(errno)));
236 }
237 return;
238 }
239 smb_set_close_on_exec(sd);
240
241 DBG_DEBUG("Accepted ncacn_np socket %s (fd: %d)\n",
242 addr.u.un.sun_path, sd);
243
244 named_pipe_accept_function(state->ev_ctx,
245 state->msg_ctx,
246 state->ep.name,
247 sd, NULL, 0);
248 }
249
250
251 /* This is the core of the rpc server.
252 * Accepts connections from clients and process requests using the appropriate
253 * dispatcher table. */
254
255 static int named_pipe_destructor(struct named_pipe_client *npc)
256 {
257 if (npc->term_fn) {
258 npc->term_fn(npc->private_data);
259 }
260 return 0;
261 }
262
263 struct named_pipe_client *named_pipe_client_init(TALLOC_CTX *mem_ctx,
264 struct tevent_context *ev_ctx,
265 struct messaging_context *msg_ctx,
266 const char *pipe_name,
267 named_pipe_termination_fn *term_fn,
268 uint16_t file_type,
269 uint16_t device_state,
270 uint64_t allocation_size,
271 void *private_data)
272 {
273 struct named_pipe_client *npc;
274
275 npc = talloc_zero(mem_ctx, struct named_pipe_client);
276 if (npc == NULL) {
277 DEBUG(0, ("Out of memory!\n"));
278 return NULL;
279 }
280 talloc_set_destructor(npc, named_pipe_destructor);
281
282 npc->pipe_name = talloc_strdup(npc, pipe_name);
283 if (npc->pipe_name == NULL) {
284 DEBUG(0, ("Out of memory!\n"));
285 talloc_free(npc);
286 return NULL;
287 }
288
289 npc->ev = ev_ctx;
290 npc->msg_ctx = msg_ctx;
291 npc->term_fn = term_fn;
292 npc->private_data = private_data;
293
294 npc->file_type = file_type;
295 npc->device_state = device_state;
296 npc->allocation_size = allocation_size;
297
298 return npc;
299 }
300
301 static void named_pipe_accept_done(struct tevent_req *subreq);
302
303 void named_pipe_accept_function(struct tevent_context *ev_ctx,
304 struct messaging_context *msg_ctx,
305 const char *pipe_name, int fd,
306 named_pipe_termination_fn *term_fn,
307 void *private_data)
308 {
309 struct named_pipe_client *npc;
310 struct tstream_context *plain;
311 struct tevent_req *subreq;
312 int ret;
313
314 npc = named_pipe_client_init(
315 ev_ctx,
316 ev_ctx,
317 msg_ctx,
318 pipe_name,
319 term_fn,
320 FILE_TYPE_MESSAGE_MODE_PIPE, /* file_type */
321 0xff | 0x0400 | 0x0100, /* device_state */
322 4096, /* allocation_size */
323 private_data);
324 if (npc == NULL) {
325 DEBUG(0, ("Out of memory!\n"));
326 close(fd);
327 return;
328 }
329
330 /* make sure socket is in NON blocking state */
331 ret = set_blocking(fd, false);
332 if (ret != 0) {
333 DEBUG(2, ("Failed to make socket non-blocking\n"));
334 TALLOC_FREE(npc);
335 close(fd);
336 return;
337 }
338
339 ret = tstream_bsd_existing_socket(npc, fd, &plain);
340 if (ret != 0) {
341 DEBUG(2, ("Failed to create tstream socket\n"));
342 TALLOC_FREE(npc);
343 close(fd);
344 return;
345 }
346
347 subreq = tstream_npa_accept_existing_send(npc, npc->ev, plain,
348 npc->file_type,
349 npc->device_state,
350 npc->allocation_size);
351 if (!subreq) {
352 DEBUG(2, ("Failed to start async accept procedure\n"));
353 TALLOC_FREE(npc);
354 close(fd);
355 return;
356 }
357 tevent_req_set_callback(subreq, named_pipe_accept_done, npc);
358 }
359
360 static void named_pipe_packet_done(struct tevent_req *subreq);
361
362 static void named_pipe_accept_done(struct tevent_req *subreq)
363 {
364 struct auth_session_info_transport *session_info_transport;
365 struct named_pipe_client *npc =
366 tevent_req_callback_data(subreq, struct named_pipe_client);
367 int error;
368 int ret;
369
370 ret = tstream_npa_accept_existing_recv(subreq, &error, npc,
371 &npc->tstream,
372 &npc->remote_client_addr,
373 &npc->remote_client_name,
374 &npc->local_server_addr,
375 &npc->local_server_name,
376 &session_info_transport);
377
378 TALLOC_FREE(subreq);
379 if (ret != 0) {
380 DEBUG(2, ("Failed to accept named pipe connection! (%s)\n",
381 strerror(error)));
382 TALLOC_FREE(npc);
383 return;
384 }
385
386 npc->session_info = talloc_move(
387 npc, &session_info_transport->session_info);
388
389 ret = make_server_pipes_struct(npc,
390 npc->msg_ctx,
391 npc->pipe_name, NCACN_NP,
392 npc->remote_client_addr,
393 npc->local_server_addr,
394 &npc->session_info,
395 &npc->p, &error);
396 if (ret != 0) {
397 DEBUG(2, ("Failed to create pipes_struct! (%s)\n",
398 strerror(error)));
399 goto fail;
400 }
401
402 npc->write_queue = tevent_queue_create(npc, "np_server_write_queue");
403 if (!npc->write_queue) {
404 DEBUG(2, ("Failed to set up write queue!\n"));
405 goto fail;
406 }
407
408 /* And now start receiving and processing packets */
409 subreq = dcerpc_read_ncacn_packet_send(npc, npc->ev, npc->tstream);
410 if (!subreq) {
411 DEBUG(2, ("Failed to start receiving packets\n"));
412 goto fail;
413 }
414 tevent_req_set_callback(subreq, named_pipe_packet_process, npc);
415 return;
416
417 fail:
418 DEBUG(2, ("Fatal error. Terminating client(%s) connection!\n",
419 npc->remote_client_name));
420 /* terminate client connection */
421 talloc_free(npc);
422 return;
423 }
424
425 void named_pipe_packet_process(struct tevent_req *subreq)
426 {
427 struct named_pipe_client *npc =
428 tevent_req_callback_data(subreq, struct named_pipe_client);
429 struct _output_data *out = &npc->p->out_data;
430 DATA_BLOB recv_buffer = data_blob_null;
431 struct ncacn_packet *pkt;
432 NTSTATUS status;
433 uint32_t to_send;
434 size_t i;
435 bool ok;
436
437 status = dcerpc_read_ncacn_packet_recv(subreq, npc, &pkt, &recv_buffer);
438 TALLOC_FREE(subreq);
439 if (!NT_STATUS_IS_OK(status)) {
440 goto fail;
441 }
442
443 /* dcerpc_read_ncacn_packet_recv() returns a full PDU */
444 npc->p->in_data.pdu_needed_len = 0;
445 npc->p->in_data.pdu = recv_buffer;
446 if (dcerpc_get_endian_flag(&recv_buffer) & DCERPC_DREP_LE) {
447 npc->p->endian = RPC_LITTLE_ENDIAN;
448 } else {
449 npc->p->endian = RPC_BIG_ENDIAN;
450 }
451 DEBUG(10, ("PDU is in %s Endian format!\n",
452 npc->p->endian ? "Big" : "Little"));
453 process_complete_pdu(npc->p, pkt);
454
455 /* reset pipe state and free PDU */
456 npc->p->in_data.pdu.length = 0;
457 talloc_free(recv_buffer.data);
458 talloc_free(pkt);
459
460 /* this is needed because of the way DCERPC Binds work in
461 * the RPC marshalling code */
462 to_send = out->frag.length - out->current_pdu_sent;
463 if (to_send > 0) {
464
465 npc->iov = talloc_zero(npc, struct iovec);
466 if (!npc->iov) {
467 status = NT_STATUS_NO_MEMORY;
468 goto fail;
469 }
470 npc->count = 1;
471
472 npc->iov[0].iov_base = out->frag.data
473 + out->current_pdu_sent;
474 npc->iov[0].iov_len = to_send;
475
476 out->current_pdu_sent += to_send;
477 }
478
479 /* this condition is false for bind packets, or when we haven't
480 * yet got a full request, and need to wait for more data from
481 * the client */
482 while (out->data_sent_length < out->rdata.length) {
483
484 ok = create_next_pdu(npc->p);
485 if (!ok) {
486 DEBUG(3, ("Failed to create next PDU!\n"));
487 status = NT_STATUS_UNEXPECTED_IO_ERROR;
488 goto fail;
489 }
490
491 npc->iov = talloc_realloc(npc, npc->iov,
492 struct iovec, npc->count + 1);
493 if (!npc->iov) {
494 status = NT_STATUS_NO_MEMORY;
495 goto fail;
496 }
497
498 npc->iov[npc->count].iov_base = out->frag.data;
499 npc->iov[npc->count].iov_len = out->frag.length;
500
501 npc->count++;
502 }
503
504 /* we still don't have a complete request, go back and wait for more
505 * data */
506 if (npc->count == 0) {
507 /* Wait for the next packet */
508 subreq = dcerpc_read_ncacn_packet_send(npc, npc->ev, npc->tstream);
509 if (!subreq) {
510 DEBUG(2, ("Failed to start receiving packets\n"));
511 status = NT_STATUS_NO_MEMORY;
512 goto fail;
513 }
514 tevent_req_set_callback(subreq, named_pipe_packet_process, npc);
515 return;
516 }
517
518 DBG_DEBUG("Sending %zu fragments in a total of %"PRIu32" bytes\n",
519 npc->count,
520 npc->p->out_data.data_sent_length);
521
522 for (i = 0; i < npc->count; i++) {
523 DBG_DEBUG("Sending PDU number: %zu, PDU Length: %zu\n",
524 i,
525 npc->iov[i].iov_len);
526 dump_data(11, (const uint8_t *)npc->iov[i].iov_base,
527 npc->iov[i].iov_len);
528
529 subreq = tstream_writev_queue_send(npc,
530 npc->ev,
531 npc->tstream,
532 npc->write_queue,
533 (npc->iov + i),
534 1);
535 if (!subreq) {
536 DEBUG(2, ("Failed to send packet\n"));
537 status = NT_STATUS_NO_MEMORY;
538 goto fail;
539 }
540 tevent_req_set_callback(subreq, named_pipe_packet_done, npc);
541 }
542
543 return;
544
545 fail:
546 DEBUG(2, ("Fatal error(%s). "
547 "Terminating client(%s) connection!\n",
548 nt_errstr(status), npc->remote_client_name));
549 /* terminate client connection */
550 talloc_free(npc);
551 return;
552 }
553
554 static void named_pipe_packet_done(struct tevent_req *subreq)
555 {
556 struct named_pipe_client *npc =
557 tevent_req_callback_data(subreq, struct named_pipe_client);
558 int sys_errno;
559 int ret;
560
561 ret = tstream_writev_queue_recv(subreq, &sys_errno);
562 TALLOC_FREE(subreq);
563 if (ret == -1) {
564 DEBUG(2, ("Writev failed!\n"));
565 goto fail;
566 }
567
568 if (tevent_queue_length(npc->write_queue) > 0) {
569 return;
570 }
571
572 if (npc->p->fault_state != 0) {
573 DEBUG(2, ("Disconnect after fault\n"));
574 sys_errno = EINVAL;
575 goto fail;
576 }
577
578 /* clear out any data that may have been left around */
579 npc->count = 0;
580 TALLOC_FREE(npc->iov);
581 data_blob_free(&npc->p->in_data.data);
582 data_blob_free(&npc->p->out_data.frag);
583 data_blob_free(&npc->p->out_data.rdata);
584
585 talloc_free_children(npc->p->mem_ctx);
586
587 /* Wait for the next packet */
588 subreq = dcerpc_read_ncacn_packet_send(npc, npc->ev, npc->tstream);
589 if (!subreq) {
590 DEBUG(2, ("Failed to start receiving packets\n"));
591 sys_errno = ENOMEM;
592 goto fail;
593 }
594 tevent_req_set_callback(subreq, named_pipe_packet_process, npc);
595 return;
596
597 fail:
598 DEBUG(2, ("Fatal error(%s). "
599 "Terminating client(%s) connection!\n",
600 strerror(sys_errno), npc->remote_client_name));
601 /* terminate client connection */
602 talloc_free(npc);
603 return;
604 }
605
606 /********************************************************************
607 * Start listening on the tcp/ip socket
608 ********************************************************************/
609
610 static void dcesrv_ncacn_ip_tcp_listener(struct tevent_context *ev,
611 struct tevent_fd *fde,
612 uint16_t flags,
613 void *private_data);
614
615 NTSTATUS dcesrv_create_ncacn_ip_tcp_socket(const struct sockaddr_storage *ifss,
616 uint16_t *port,
617 int *out_fd)
618 {
619 int fd = -1;
620
621 if (*port == 0) {
622 uint16_t i;
623
624 for (i = lp_rpc_low_port(); i <= lp_rpc_high_port(); i++) {
625 fd = open_socket_in(SOCK_STREAM,
626 i,
627 0,
628 ifss,
629 false);
630 if (fd >= 0) {
631 *port = i;
632 break;
633 }
634 }
635 } else {
636 fd = open_socket_in(SOCK_STREAM,
637 *port,
638 0,
639 ifss,
640 true);
641 }
642 if (fd == -1) {
643 DBG_ERR("Failed to create socket on port %u!\n", *port);
644 return NT_STATUS_UNSUCCESSFUL;
645 }
646
647 DBG_DEBUG("Opened ncacn_ip_tcp socket fd %d for port %u\n", fd, *port);
648
649 *out_fd = fd;
650
651 return NT_STATUS_OK;
652 }
653
654 NTSTATUS dcesrv_setup_ncacn_ip_tcp_socket(struct tevent_context *ev_ctx,
655 struct messaging_context *msg_ctx,
656 const struct sockaddr_storage *ifss,
657 uint16_t *port)
658 {
659 struct dcerpc_ncacn_listen_state *state;
660 struct tevent_fd *fde;
661 int rc;
662 NTSTATUS status;
663
664 state = talloc_zero(ev_ctx, struct dcerpc_ncacn_listen_state);
665 if (state == NULL) {
666 DBG_ERR("Out of memory\n");
667 return NT_STATUS_NO_MEMORY;
668 }
669
670 state->fd = -1;
671 state->ep.port = *port;
672 state->disconnect_fn = NULL;
673
674 status = dcesrv_create_ncacn_ip_tcp_socket(ifss, &state->ep.port,
675 &state->fd);
676 if (!NT_STATUS_IS_OK(status)) {
677 goto out;
678 }
679
680 state->ev_ctx = ev_ctx;
681 state->msg_ctx = msg_ctx;
682
683 /* ready to listen */
684 set_socket_options(state->fd, "SO_KEEPALIVE");
685 set_socket_options(state->fd, lp_socket_options());
686
687 /* Set server socket to non-blocking for the accept. */
688 set_blocking(state->fd, false);
689
690 rc = listen(state->fd, SMBD_LISTEN_BACKLOG);
691 if (rc == -1) {
692 status = map_nt_error_from_unix_common(errno);
693 DBG_ERR("Failed to listen on ncacn_ip_tcp socket: %s\n",
694 strerror(errno));
695 goto out;
696 }
697
698 DBG_DEBUG("Opened socket fd %d for port %u\n",
699 state->fd, state->ep.port);
700
701 errno = 0;
702 fde = tevent_add_fd(state->ev_ctx,
703 state,
704 state->fd,
705 TEVENT_FD_READ,
706 dcesrv_ncacn_ip_tcp_listener,
707 state);
708 if (fde == NULL) {
709 if (errno == 0) {
710 errno = ENOMEM;
711 }
712 status = map_nt_error_from_unix_common(errno);
713 DBG_ERR("Failed to add event handler for ncacn_ip_tcp: %s\n",
714 strerror(errno));
715 goto out;
716 }
717
718 tevent_fd_set_auto_close(fde);
719
720 *port = state->ep.port;
721
722 return NT_STATUS_OK;
723
724 out:
725 if (state->fd != -1) {
726 close(state->fd);
727 }
728 TALLOC_FREE(state);
729
730 return status;
731 }
732
733 static void dcesrv_ncacn_ip_tcp_listener(struct tevent_context *ev,
734 struct tevent_fd *fde,
735 uint16_t flags,
736 void *private_data)
737 {
738 struct dcerpc_ncacn_listen_state *state =
739 talloc_get_type_abort(private_data,
740 struct dcerpc_ncacn_listen_state);
741 struct tsocket_address *cli_addr = NULL;
742 struct tsocket_address *srv_addr = NULL;
743 struct samba_sockaddr addr = {
744 .sa_socklen = sizeof(struct sockaddr_storage),
745 };
746 int s = -1;
747 int rc;
748
749 s = accept(state->fd, &addr.u.sa, &addr.sa_socklen);
750 if (s == -1) {
751 if (errno != EINTR) {
752 DBG_ERR("Failed to accept: %s\n", strerror(errno));
753 }
754 return;
755 }
756 smb_set_close_on_exec(s);
757
758 rc = tsocket_address_bsd_from_samba_sockaddr(state, &addr, &cli_addr);
759 if (rc < 0) {
760 close(s);
761 return;
762 }
763
764 rc = getsockname(s, &addr.u.sa, &addr.sa_socklen);
765 if (rc < 0) {
766 close(s);
767 return;
768 }
769
770 rc = tsocket_address_bsd_from_samba_sockaddr(state, &addr, &srv_addr);
771 if (rc < 0) {
772 close(s);
773 return;
774 }
775
776 DBG_DEBUG("Accepted ncacn_ip_tcp socket %d\n", s);
777
778 dcerpc_ncacn_accept(state->ev_ctx,
779 state->msg_ctx,
780 NCACN_IP_TCP,
781 "IP",
782 cli_addr,
783 srv_addr,
784 s,
785 NULL);
786 }
787
788 /********************************************************************
789 * Start listening on the ncalrpc socket
790 ********************************************************************/
791
792 static void dcesrv_ncalrpc_listener(struct tevent_context *ev,
793 struct tevent_fd *fde,
794 uint16_t flags,
795 void *private_data);
796
797 NTSTATUS dcesrv_create_ncalrpc_socket(const char *name, int *out_fd)
798 {
799 int fd = -1;
800 NTSTATUS status;
801
802 if (name == NULL) {
803 name = "DEFAULT";
804 }
805
806 if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) {
807 status = map_nt_error_from_unix_common(errno);
808 DBG_ERR("Failed to create ncalrpc directory '%s': %s\n",
809 lp_ncalrpc_dir(), strerror(errno));
810 goto out;
811 }
812
813 fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0755);
814 if (fd == -1) {
815 status = map_nt_error_from_unix_common(errno);
816 DBG_ERR("Failed to create ncalrpc socket '%s/%s': %s\n",
817 lp_ncalrpc_dir(), name, strerror(errno));
818 goto out;
819 }
820
821 DBG_DEBUG("Opened ncalrpc socket fd '%d' for '%s/%s'\n",
822 fd, lp_ncalrpc_dir(), name);
823
824 *out_fd = fd;
825
826 return NT_STATUS_OK;
827
828 out:
829 return status;
830 }
831
832 NTSTATUS dcesrv_setup_ncalrpc_socket(struct tevent_context *ev_ctx,
833 struct messaging_context *msg_ctx,
834 const char *name,
835 dcerpc_ncacn_disconnect_fn fn)
836 {
837 struct dcerpc_ncacn_listen_state *state;
838 struct tevent_fd *fde;
839 int rc;
840 NTSTATUS status;
841
842 state = talloc_zero(ev_ctx, struct dcerpc_ncacn_listen_state);
843 if (state == NULL) {
844 DBG_ERR("Out of memory\n");
845 return NT_STATUS_NO_MEMORY;
846 }
847
848 state->fd = -1;
849 state->disconnect_fn = fn;
850
851 if (name == NULL) {
852 name = "DEFAULT";
853 }
854
855 state->ep.name = talloc_strdup(state, name);
856 if (state->ep.name == NULL) {
857 DBG_ERR("Out of memory\n");
858 talloc_free(state);
859 return NT_STATUS_NO_MEMORY;
860 }
861
862 status = dcesrv_create_ncalrpc_socket(name, &state->fd);
863 if (!NT_STATUS_IS_OK(status)) {
864 DBG_ERR("Failed to create ncalrpc socket: %s\n",
865 nt_errstr(status));
866 goto out;
867 }
868
869 rc = listen(state->fd, 5);
870 if (rc < 0) {
871 status = map_nt_error_from_unix_common(errno);
872 DBG_ERR("Failed to listen on ncalrpc socket %s: %s\n",
873 name, strerror(errno));
874 goto out;
875 }
876
877 state->ev_ctx = ev_ctx;
878 state->msg_ctx = msg_ctx;
879
880 /* Set server socket to non-blocking for the accept. */
881 set_blocking(state->fd, false);
882
883 errno = 0;
884 fde = tevent_add_fd(state->ev_ctx,
885 state,
886 state->fd,
887 TEVENT_FD_READ,
888 dcesrv_ncalrpc_listener,
889 state);
890 if (fde == NULL) {
891 if (errno == 0) {
892 errno = ENOMEM;
893 }
894 status = map_nt_error_from_unix_common(errno);
895 DBG_ERR("Failed to add event handler for ncalrpc: %s\n",
896 strerror(errno));
897 goto out;
898 }
899
900 tevent_fd_set_auto_close(fde);
901
902 return NT_STATUS_OK;
903 out:
904 if (state->fd != -1) {
905 close(state->fd);
906 }
907 TALLOC_FREE(state);
908
909 return status;
910 }
911
912 static void dcesrv_ncalrpc_listener(struct tevent_context *ev,
913 struct tevent_fd *fde,
914 uint16_t flags,
915 void *private_data)
916 {
917 struct dcerpc_ncacn_listen_state *state =
918 talloc_get_type_abort(private_data,
919 struct dcerpc_ncacn_listen_state);
920 struct tsocket_address *cli_addr = NULL, *srv_addr = NULL;
921 struct samba_sockaddr addr = {
922 .sa_socklen = sizeof(struct sockaddr_un),
923 };
924 struct samba_sockaddr addr_server = {
925 .sa_socklen = sizeof(struct sockaddr_un),
926 };
927 int sd = -1;
928 int rc;
929
930 sd = accept(state->fd, &addr.u.sa, &addr.sa_socklen);
931 if (sd == -1) {
932 if (errno != EINTR) {
933 DBG_ERR("Failed to accept: %s\n", strerror(errno));
934 }
935 return;
936 }
937 smb_set_close_on_exec(sd);
938
939 rc = tsocket_address_bsd_from_samba_sockaddr(state, &addr, &cli_addr);
940 if (rc < 0) {
941 close(sd);
942 return;
943 }
944
945 rc = getsockname(sd, &addr_server.u.sa, &addr_server.sa_socklen);
946 if (rc < 0) {
947 close(sd);
948 return;
949 }
950
951 rc = tsocket_address_bsd_from_samba_sockaddr(state,
952 &addr_server,
953 &srv_addr);
954 if (rc < 0) {
955 close(sd);
956 return;
957 }
958
959 DBG_DEBUG("Accepted ncalrpc socket %s (fd: %d)\n",
960 addr.u.un.sun_path, sd);
961
962 dcerpc_ncacn_accept(state->ev_ctx,
963 state->msg_ctx,
964 NCALRPC,
965 state->ep.name,
966 cli_addr, srv_addr, sd,
967 state->disconnect_fn);
968 }
969
970 struct dcerpc_ncacn_conn {
971 enum dcerpc_transport_t transport;
972
973 int sock;
974
975 struct pipes_struct *p;
976 dcerpc_ncacn_disconnect_fn disconnect_fn;
977
978 struct tevent_context *ev_ctx;
979 struct messaging_context *msg_ctx;
980
981 struct tstream_context *tstream;
982 struct tevent_queue *send_queue;
983
984 struct tsocket_address *remote_client_addr;
985 char *remote_client_name;
986 struct tsocket_address *local_server_addr;
987 char *local_server_name;
988 struct auth_session_info *session_info;
989
990 struct iovec *iov;
991 size_t count;
992 };
993
994 static void dcerpc_ncacn_packet_process(struct tevent_req *subreq);
995 static void dcerpc_ncacn_packet_done(struct tevent_req *subreq);
996
997 void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,
998 struct messaging_context *msg_ctx,
999 enum dcerpc_transport_t transport,
1000 const char *name,
1001 struct tsocket_address *cli_addr,
1002 struct tsocket_address *srv_addr,
1003 int s,
1004 dcerpc_ncacn_disconnect_fn fn) {
1005 struct dcerpc_ncacn_conn *ncacn_conn;
1006 struct tevent_req *subreq;
1007 char *pipe_name;
1008 NTSTATUS status;
1009 int sys_errno;
1010 uid_t uid;
1011 gid_t gid;
1012 int rc;
1013
1014 DEBUG(10, ("dcerpc_ncacn_accept\n"));
1015
1016 ncacn_conn = talloc_zero(ev_ctx, struct dcerpc_ncacn_conn);
1017 if (ncacn_conn == NULL) {
1018 DEBUG(0, ("Out of memory!\n"));
1019 close(s);
1020 return;
1021 }
1022
1023 ncacn_conn->transport = transport;
1024 ncacn_conn->ev_ctx = ev_ctx;
1025 ncacn_conn->msg_ctx = msg_ctx;
1026 ncacn_conn->sock = s;
1027 ncacn_conn->disconnect_fn = fn;
1028
1029 ncacn_conn->remote_client_addr = talloc_move(ncacn_conn, &cli_addr);
1030 if (tsocket_address_is_inet(ncacn_conn->remote_client_addr, "ip")) {
1031 ncacn_conn->remote_client_name =
1032 tsocket_address_inet_addr_string(ncacn_conn->remote_client_addr,
1033 ncacn_conn);
1034 } else {
1035 ncacn_conn->remote_client_name =
1036 tsocket_address_unix_path(ncacn_conn->remote_client_addr,
1037 ncacn_conn);
1038 }
1039 if (ncacn_conn->remote_client_name == NULL) {
1040 DEBUG(0, ("Out of memory obtaining remote socket address as a string!\n"));
1041 talloc_free(ncacn_conn);
1042 close(s);
1043 return;
1044 }
1045
1046 if (srv_addr != NULL) {
1047 ncacn_conn->local_server_addr = talloc_move(ncacn_conn, &srv_addr);
1048
1049 if (tsocket_address_is_inet(ncacn_conn->local_server_addr, "ip")) {
1050 ncacn_conn->local_server_name =
1051 tsocket_address_inet_addr_string(ncacn_conn->local_server_addr,
1052 ncacn_conn);
1053 } else {
1054 ncacn_conn->local_server_name =
1055 tsocket_address_unix_path(ncacn_conn->local_server_addr,
1056 ncacn_conn);
1057 }
1058 if (ncacn_conn->local_server_name == NULL) {
1059 DEBUG(0, ("Out of memory obtaining local socket address as a string!\n"));
1060 talloc_free(ncacn_conn);
1061 close(s);
1062 return;
1063 }
1064 }
1065
1066 switch (transport) {
1067 case NCACN_IP_TCP:
1068 pipe_name = tsocket_address_string(ncacn_conn->remote_client_addr,
1069 ncacn_conn);
1070 if (pipe_name == NULL) {
1071 close(s);
1072 talloc_free(ncacn_conn);
1073 return;
1074 }
1075
1076 break;
1077 case NCALRPC:
1078 rc = getpeereid(s, &uid, &gid);
1079 if (rc < 0) {
1080 DEBUG(2, ("Failed to get ncalrpc connecting "
1081 "uid - %s!\n", strerror(errno)));
1082 } else {
1083 if (uid == sec_initial_uid()) {
1084 TALLOC_FREE(ncacn_conn->remote_client_addr);
1085
1086 rc = tsocket_address_unix_from_path(ncacn_conn,
1087 AS_SYSTEM_MAGIC_PATH_TOKEN,
1088 &ncacn_conn->remote_client_addr);
1089 if (rc < 0) {
1090 DEBUG(0, ("Out of memory building magic ncalrpc_as_system path!\n"));
1091 talloc_free(ncacn_conn);
1092 close(s);
1093 return;
1094 }
1095
1096 TALLOC_FREE(ncacn_conn->remote_client_name);
1097 ncacn_conn->remote_client_name
1098 = tsocket_address_unix_path(ncacn_conn->remote_client_addr,
1099 ncacn_conn);
1100 if (ncacn_conn->remote_client_name == NULL) {
1101 DEBUG(0, ("Out of memory getting magic ncalrpc_as_system string!\n"));
1102 talloc_free(ncacn_conn);
1103 close(s);
1104 return;
1105 }
1106 }
1107 }
1108
1109 FALL_THROUGH;
1110 case NCACN_NP:
1111 pipe_name = talloc_strdup(ncacn_conn,
1112 name);
1113 if (pipe_name == NULL) {
1114 close(s);
1115 talloc_free(ncacn_conn);
1116 return;
1117 }
1118 break;
1119 default:
1120 DEBUG(0, ("unknown dcerpc transport: %u!\n",
1121 transport));
1122 talloc_free(ncacn_conn);
1123 close(s);
1124 return;
1125 }
1126
1127 rc = set_blocking(s, false);
1128 if (rc < 0) {
1129 DEBUG(2, ("Failed to set dcerpc socket to non-blocking\n"));
1130 talloc_free(ncacn_conn);
1131 close(s);
1132 return;
1133 }
1134
1135 /*
1136 * As soon as we have tstream_bsd_existing_socket set up it will
1137 * take care of closing the socket.
1138 */
1139 rc = tstream_bsd_existing_socket(ncacn_conn, s, &ncacn_conn->tstream);
1140 if (rc < 0) {
1141 DEBUG(2, ("Failed to create tstream socket for dcerpc\n"));
1142 talloc_free(ncacn_conn);
1143 close(s);
1144 return;
1145 }
1146
1147 if (ncacn_conn->session_info == NULL) {
1148 status = make_session_info_anonymous(ncacn_conn,
1149 &ncacn_conn->session_info);
1150 if (!NT_STATUS_IS_OK(status)) {
1151 DEBUG(2, ("Failed to create "
1152 "make_session_info_anonymous - %s\n",
1153 nt_errstr(status)));
1154 talloc_free(ncacn_conn);
1155 return;
1156 }
1157 }
1158
1159 rc = make_server_pipes_struct(ncacn_conn,
1160 ncacn_conn->msg_ctx,
1161 pipe_name,
1162 ncacn_conn->transport,
1163 ncacn_conn->remote_client_addr,
1164 ncacn_conn->local_server_addr,
1165 &ncacn_conn->session_info,
1166 &ncacn_conn->p,
1167 &sys_errno);
1168 if (rc < 0) {
1169 DEBUG(2, ("Failed to create pipe struct - %s",
1170 strerror(sys_errno)));
1171 talloc_free(ncacn_conn);
1172 return;
1173 }
1174
1175 ncacn_conn->send_queue = tevent_queue_create(ncacn_conn,
1176 "dcerpc send queue");
1177 if (ncacn_conn->send_queue == NULL) {
1178 DEBUG(0, ("Out of memory building dcerpc send queue!\n"));
1179 talloc_free(ncacn_conn);
1180 return;
1181 }
1182
1183 subreq = dcerpc_read_ncacn_packet_send(ncacn_conn,
1184 ncacn_conn->ev_ctx,
1185 ncacn_conn->tstream);
1186 if (subreq == NULL) {
1187 DEBUG(2, ("Failed to send ncacn packet\n"));
1188 talloc_free(ncacn_conn);
1189 return;
1190 }
1191
1192 tevent_req_set_callback(subreq, dcerpc_ncacn_packet_process, ncacn_conn);
1193
1194 DEBUG(10, ("dcerpc_ncacn_accept done\n"));
1195
1196 return;
1197 }
1198
1199 static void dcerpc_ncacn_packet_process(struct tevent_req *subreq)
1200 {
1201 struct dcerpc_ncacn_conn *ncacn_conn =
1202 tevent_req_callback_data(subreq, struct dcerpc_ncacn_conn);
1203
1204 struct _output_data *out = &ncacn_conn->p->out_data;
1205 DATA_BLOB recv_buffer = data_blob_null;
1206 struct ncacn_packet *pkt;
1207 uint32_t to_send;
1208 NTSTATUS status;
1209 bool ok;
1210
1211 status = dcerpc_read_ncacn_packet_recv(subreq, ncacn_conn, &pkt, &recv_buffer);
1212 TALLOC_FREE(subreq);
1213 if (!NT_STATUS_IS_OK(status)) {
1214 if (ncacn_conn->disconnect_fn != NULL) {
1215 ok = ncacn_conn->disconnect_fn(ncacn_conn->p);
1216 if (!ok) {
1217 DEBUG(3, ("Failed to call disconnect function\n"));
1218 }
1219 }
1220 goto fail;
1221 }
1222
1223 /* dcerpc_read_ncacn_packet_recv() returns a full PDU */
1224 ncacn_conn->p->in_data.pdu_needed_len = 0;
1225 ncacn_conn->p->in_data.pdu = recv_buffer;
1226 if (dcerpc_get_endian_flag(&recv_buffer) & DCERPC_DREP_LE) {
1227 ncacn_conn->p->endian = RPC_LITTLE_ENDIAN;
1228 } else {
1229 ncacn_conn->p->endian = RPC_BIG_ENDIAN;
1230 }
1231 DEBUG(10, ("PDU is in %s Endian format!\n",
1232 ncacn_conn->p->endian ? "Big" : "Little"));
1233 process_complete_pdu(ncacn_conn->p, pkt);
1234
1235 /* reset pipe state and free PDU */
1236 ncacn_conn->p->in_data.pdu.length = 0;
1237 talloc_free(recv_buffer.data);
1238 talloc_free(pkt);
1239
1240 /*
1241 * This is needed because of the way DCERPC binds work in the RPC
1242 * marshalling code
1243 */
1244 to_send = out->frag.length - out->current_pdu_sent;
1245 if (to_send > 0) {
1246
1247 DEBUG(10, ("Current_pdu_len = %u, "
1248 "current_pdu_sent = %u "
1249 "Returning %u bytes\n",
1250 (unsigned int)out->frag.length,
1251 (unsigned int)out->current_pdu_sent,
1252 (unsigned int)to_send));
1253
1254 ncacn_conn->iov = talloc_zero(ncacn_conn, struct iovec);
1255 if (ncacn_conn->iov == NULL) {
1256 status = NT_STATUS_NO_MEMORY;
1257 DEBUG(3, ("Out of memory!\n"));
1258 goto fail;
1259 }
1260 ncacn_conn->count = 1;
1261
1262 ncacn_conn->iov[0].iov_base = out->frag.data
1263 + out->current_pdu_sent;
1264 ncacn_conn->iov[0].iov_len = to_send;
1265
1266 out->current_pdu_sent += to_send;
1267 }
1268
1269 /*
1270 * This condition is false for bind packets, or when we haven't yet got
1271 * a full request, and need to wait for more data from the client
1272 */
1273 while (out->data_sent_length < out->rdata.length) {
1274 ok = create_next_pdu(ncacn_conn->p);
1275 if (!ok) {
1276 DEBUG(3, ("Failed to create next PDU!\n"));
1277 status = NT_STATUS_UNEXPECTED_IO_ERROR;
1278 goto fail;
1279 }
1280
1281 ncacn_conn->iov = talloc_realloc(ncacn_conn,
1282 ncacn_conn->iov,
1283 struct iovec,
1284 ncacn_conn->count + 1);
1285 if (ncacn_conn->iov == NULL) {
1286 DEBUG(3, ("Out of memory!\n"));
1287 status = NT_STATUS_NO_MEMORY;
1288 goto fail;
1289 }
1290
1291 ncacn_conn->iov[ncacn_conn->count].iov_base = out->frag.data;
1292 ncacn_conn->iov[ncacn_conn->count].iov_len = out->frag.length;
1293
1294 DEBUG(10, ("PDU number: %d, PDU Length: %u\n",
1295 (unsigned int) ncacn_conn->count,
1296 (unsigned int) ncacn_conn->iov[ncacn_conn->count].iov_len));
1297 dump_data(11, (const uint8_t *) ncacn_conn->iov[ncacn_conn->count].iov_base,
1298 ncacn_conn->iov[ncacn_conn->count].iov_len);
1299 ncacn_conn->count++;
1300 }
1301
1302 /*
1303 * We still don't have a complete request, go back and wait for more
1304 * data.
1305 */
1306 if (ncacn_conn->count == 0) {
1307 /* Wait for the next packet */
1308 subreq = dcerpc_read_ncacn_packet_send(ncacn_conn,
1309 ncacn_conn->ev_ctx,
1310 ncacn_conn->tstream);
1311 if (subreq == NULL) {
1312 DEBUG(2, ("Failed to start receiving packets\n"));
1313 status = NT_STATUS_NO_MEMORY;
1314 goto fail;
1315 }
1316 tevent_req_set_callback(subreq, dcerpc_ncacn_packet_process, ncacn_conn);
1317 return;
1318 }
1319
1320 DEBUG(10, ("Sending a total of %u bytes\n",
1321 (unsigned int)ncacn_conn->p->out_data.data_sent_length));
1322
1323 subreq = tstream_writev_queue_send(ncacn_conn,
1324 ncacn_conn->ev_ctx,
1325 ncacn_conn->tstream,
1326 ncacn_conn->send_queue,
1327 ncacn_conn->iov,
1328 ncacn_conn->count);
1329 if (subreq == NULL) {
1330 DEBUG(2, ("Failed to send packet\n"));
1331 status = NT_STATUS_NO_MEMORY;
1332 goto fail;
1333 }
1334
1335 tevent_req_set_callback(subreq, dcerpc_ncacn_packet_done, ncacn_conn);
1336 return;
1337
1338 fail:
1339 DEBUG(3, ("Terminating client(%s) connection! - '%s'\n",
1340 ncacn_conn->remote_client_name, nt_errstr(status)));
1341
1342 /* Terminate client connection */
1343 talloc_free(ncacn_conn);
1344 return;
1345 }
1346
1347 static void dcerpc_ncacn_packet_done(struct tevent_req *subreq)
1348 {
1349 struct dcerpc_ncacn_conn *ncacn_conn =
1350 tevent_req_callback_data(subreq, struct dcerpc_ncacn_conn);
1351 NTSTATUS status = NT_STATUS_OK;
1352 int sys_errno;
1353 int rc;
1354
1355 rc = tstream_writev_queue_recv(subreq, &sys_errno);
1356 TALLOC_FREE(subreq);
1357 if (rc < 0) {
1358 DEBUG(2, ("Writev failed!\n"));
1359 status = map_nt_error_from_unix(sys_errno);
1360 goto fail;
1361 }
1362
1363 if (ncacn_conn->p->fault_state != 0) {
1364 DEBUG(2, ("Disconnect after fault\n"));
1365 sys_errno = EINVAL;
1366 goto fail;
1367 }
1368
1369 /* clear out any data that may have been left around */
1370 ncacn_conn->count = 0;
1371 TALLOC_FREE(ncacn_conn->iov);
1372 data_blob_free(&ncacn_conn->p->in_data.data);
1373 data_blob_free(&ncacn_conn->p->out_data.frag);
1374 data_blob_free(&ncacn_conn->p->out_data.rdata);
1375
1376 talloc_free_children(ncacn_conn->p->mem_ctx);
1377
1378 /* Wait for the next packet */
1379 subreq = dcerpc_read_ncacn_packet_send(ncacn_conn,
1380 ncacn_conn->ev_ctx,
1381 ncacn_conn->tstream);
1382 if (subreq == NULL) {
1383 DEBUG(2, ("Failed to start receiving packets\n"));
1384 status = NT_STATUS_NO_MEMORY;
1385 goto fail;
1386 }
1387
1388 tevent_req_set_callback(subreq, dcerpc_ncacn_packet_process, ncacn_conn);
1389 return;
1390
1391 fail:
1392 DEBUG(3, ("Terminating client(%s) connection! - '%s'\n",
1393 ncacn_conn->remote_client_name, nt_errstr(status)));
1394
1395 /* Terminate client connection */
1396 talloc_free(ncacn_conn);
1397 return;
1398 }
1399
1400 /* vim: set ts=8 sw=8 noet cindent syntax=c.doxygen: */
Samba GIT mirror