search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbd: Fix coredump on failing chdir during logoff
[Samba.git] / libcli / named_pipe_auth / npa_tstream.c
blobd333ce6ee229ed59747cac3b0d7d66a41ec3de60
1 /*
2 Unix SMB/CIFS implementation.
3
4 Copyright (C) Stefan Metzmacher 2009
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/network.h"
22 #include "../util/tevent_unix.h"
23 #include "../lib/tsocket/tsocket.h"
24 #include "../lib/tsocket/tsocket_internal.h"
25 #include "../librpc/gen_ndr/ndr_named_pipe_auth.h"
26 #include "../libcli/named_pipe_auth/npa_tstream.h"
27 #include "../libcli/smb/smb_constants.h"
28
29 static const struct tstream_context_ops tstream_npa_ops;
30
31 struct tstream_npa {
32 struct tstream_context *unix_stream;
33
34 uint16_t file_type;
35
36 struct iovec pending;
37 };
38
39 struct tstream_npa_connect_state {
40 struct {
41 struct tevent_context *ev;
42 } caller;
43
44 const char *unix_path;
45 struct tsocket_address *unix_laddr;
46 struct tsocket_address *unix_raddr;
47 struct tstream_context *unix_stream;
48
49 struct named_pipe_auth_req auth_req;
50 DATA_BLOB auth_req_blob;
51 struct iovec auth_req_iov;
52
53 struct named_pipe_auth_rep auth_rep;
54 DATA_BLOB auth_rep_blob;
55 };
56
57 static void tstream_npa_connect_unix_done(struct tevent_req *subreq);
58
59 struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
60 struct tevent_context *ev,
61 const char *directory,
62 const char *npipe,
63 const struct tsocket_address *remote_client_addr,
64 const char *remote_client_name_in,
65 const struct tsocket_address *local_server_addr,
66 const char *local_server_name,
67 const struct auth_session_info_transport *session_info)
68 {
69 struct tevent_req *req;
70 struct tstream_npa_connect_state *state;
71 struct tevent_req *subreq;
72 int ret;
73 enum ndr_err_code ndr_err;
74 char *lower_case_npipe;
75 struct named_pipe_auth_req_info4 *info4;
76
77 req = tevent_req_create(mem_ctx, &state,
78 struct tstream_npa_connect_state);
79 if (!req) {
80 return NULL;
81 }
82
83 state->caller.ev = ev;
84
85 lower_case_npipe = strlower_talloc(state, npipe);
86 if (tevent_req_nomem(lower_case_npipe, req)) {
87 goto post;
88 }
89
90 state->unix_path = talloc_asprintf(state, "%s/%s",
91 directory,
92 lower_case_npipe);
93 talloc_free(lower_case_npipe);
94 if (tevent_req_nomem(state->unix_path, req)) {
95 goto post;
96 }
97
98 ret = tsocket_address_unix_from_path(state,
99 "",
100 &state->unix_laddr);
101 if (ret == -1) {
102 tevent_req_error(req, errno);
103 goto post;
104 }
105
106 ret = tsocket_address_unix_from_path(state,
107 state->unix_path,
108 &state->unix_raddr);
109 if (ret == -1) {
110 tevent_req_error(req, errno);
111 goto post;
112 }
113
114 ZERO_STRUCT(state->auth_req);
115
116 if (!local_server_addr) {
117 tevent_req_error(req, EINVAL);
118 goto post;
119 }
120
121 state->auth_req.level = 4;
122 info4 = &state->auth_req.info.info4;
123
124 info4->remote_client_name = remote_client_name_in;
125 info4->remote_client_addr = tsocket_address_inet_addr_string(remote_client_addr,
126 state);
127 if (!info4->remote_client_addr) {
128 /* errno might be EINVAL */
129 tevent_req_error(req, errno);
130 goto post;
131 }
132 info4->remote_client_port = tsocket_address_inet_port(remote_client_addr);
133 if (!info4->remote_client_name) {
134 info4->remote_client_name = info4->remote_client_addr;
135 }
136
137 info4->local_server_addr = tsocket_address_inet_addr_string(local_server_addr,
138 state);
139 if (!info4->local_server_addr) {
140 /* errno might be EINVAL */
141 tevent_req_error(req, errno);
142 goto post;
143 }
144 info4->local_server_port = tsocket_address_inet_port(local_server_addr);
145 if (!info4->local_server_name) {
146 info4->local_server_name = info4->local_server_addr;
147 }
148
149 info4->session_info = discard_const_p(struct auth_session_info_transport, session_info);
150
151 if (DEBUGLVL(10)) {
152 NDR_PRINT_DEBUG(named_pipe_auth_req, &state->auth_req);
153 }
154
155 ndr_err = ndr_push_struct_blob(&state->auth_req_blob,
156 state, &state->auth_req,
157 (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req);
158 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
159 tevent_req_error(req, EINVAL);
160 goto post;
161 }
162
163 state->auth_req_iov.iov_base = (char *) state->auth_req_blob.data;
164 state->auth_req_iov.iov_len = state->auth_req_blob.length;
165
166 subreq = tstream_unix_connect_send(state,
167 state->caller.ev,
168 state->unix_laddr,
169 state->unix_raddr);
170 if (tevent_req_nomem(subreq, req)) {
171 goto post;
172 }
173 tevent_req_set_callback(subreq, tstream_npa_connect_unix_done, req);
174
175 return req;
176
177 post:
178 tevent_req_post(req, ev);
179 return req;
180 }
181
182 static void tstream_npa_connect_writev_done(struct tevent_req *subreq);
183
184 static void tstream_npa_connect_unix_done(struct tevent_req *subreq)
185 {
186 struct tevent_req *req =
187 tevent_req_callback_data(subreq,
188 struct tevent_req);
189 struct tstream_npa_connect_state *state =
190 tevent_req_data(req,
191 struct tstream_npa_connect_state);
192 int ret;
193 int sys_errno;
194
195 ret = tstream_unix_connect_recv(subreq, &sys_errno,
196 state, &state->unix_stream);
197 TALLOC_FREE(subreq);
198 if (ret == -1) {
199 tevent_req_error(req, sys_errno);
200 return;
201 }
202
203 subreq = tstream_writev_send(state,
204 state->caller.ev,
205 state->unix_stream,
206 &state->auth_req_iov, 1);
207 if (tevent_req_nomem(subreq, req)) {
208 return;
209 }
210 tevent_req_set_callback(subreq, tstream_npa_connect_writev_done, req);
211 }
212
213 static int tstream_npa_connect_next_vector(struct tstream_context *unix_stream,
214 void *private_data,
215 TALLOC_CTX *mem_ctx,
216 struct iovec **_vector,
217 size_t *_count);
218 static void tstream_npa_connect_readv_done(struct tevent_req *subreq);
219
220 static void tstream_npa_connect_writev_done(struct tevent_req *subreq)
221 {
222 struct tevent_req *req =
223 tevent_req_callback_data(subreq,
224 struct tevent_req);
225 struct tstream_npa_connect_state *state =
226 tevent_req_data(req,
227 struct tstream_npa_connect_state);
228 int ret;
229 int sys_errno;
230
231 ret = tstream_writev_recv(subreq, &sys_errno);
232 TALLOC_FREE(subreq);
233 if (ret == -1) {
234 tevent_req_error(req, sys_errno);
235 return;
236 }
237
238 state->auth_rep_blob = data_blob_const(NULL, 0);
239
240 subreq = tstream_readv_pdu_send(state, state->caller.ev,
241 state->unix_stream,
242 tstream_npa_connect_next_vector,
243 state);
244 if (tevent_req_nomem(subreq, req)) {
245 return;
246 }
247 tevent_req_set_callback(subreq, tstream_npa_connect_readv_done, req);
248 }
249
250 static int tstream_npa_connect_next_vector(struct tstream_context *unix_stream,
251 void *private_data,
252 TALLOC_CTX *mem_ctx,
253 struct iovec **_vector,
254 size_t *_count)
255 {
256 struct tstream_npa_connect_state *state = talloc_get_type_abort(private_data,
257 struct tstream_npa_connect_state);
258 struct iovec *vector;
259 size_t count;
260 off_t ofs = 0;
261
262 if (state->auth_rep_blob.length == 0) {
263 state->auth_rep_blob = data_blob_talloc(state, NULL, 4);
264 if (!state->auth_rep_blob.data) {
265 return -1;
266 }
267 } else if (state->auth_rep_blob.length == 4) {
268 uint32_t msg_len;
269
270 ofs = 4;
271
272 msg_len = RIVAL(state->auth_rep_blob.data, 0);
273
274 if (msg_len > 0x00FFFFFF) {
275 errno = EMSGSIZE;
276 return -1;
277 }
278
279 if (msg_len == 0) {
280 errno = EMSGSIZE;
281 return -1;
282 }
283
284 msg_len += ofs;
285
286 state->auth_rep_blob.data = talloc_realloc(state,
287 state->auth_rep_blob.data,
288 uint8_t, msg_len);
289 if (!state->auth_rep_blob.data) {
290 return -1;
291 }
292 state->auth_rep_blob.length = msg_len;
293 } else {
294 *_vector = NULL;
295 *_count = 0;
296 return 0;
297 }
298
299 /* we need to get a message header */
300 vector = talloc_array(mem_ctx, struct iovec, 1);
301 if (!vector) {
302 return -1;
303 }
304 vector[0].iov_base = (char *) (state->auth_rep_blob.data + ofs);
305 vector[0].iov_len = state->auth_rep_blob.length - ofs;
306 count = 1;
307
308 *_vector = vector;
309 *_count = count;
310 return 0;
311 }
312
313 static void tstream_npa_connect_readv_done(struct tevent_req *subreq)
314 {
315 struct tevent_req *req =
316 tevent_req_callback_data(subreq,
317 struct tevent_req);
318 struct tstream_npa_connect_state *state =
319 tevent_req_data(req,
320 struct tstream_npa_connect_state);
321 int ret;
322 int sys_errno;
323 enum ndr_err_code ndr_err;
324
325 ret = tstream_readv_pdu_recv(subreq, &sys_errno);
326 TALLOC_FREE(subreq);
327 if (ret == -1) {
328 tevent_req_error(req, sys_errno);
329 return;
330 }
331
332 DEBUG(10,("name_pipe_auth_rep(client)[%u]\n",
333 (uint32_t)state->auth_rep_blob.length));
334 dump_data(11, state->auth_rep_blob.data, state->auth_rep_blob.length);
335
336 ndr_err = ndr_pull_struct_blob(
337 &state->auth_rep_blob, state,
338 &state->auth_rep,
339 (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_rep);
340
341 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
342 DEBUG(0, ("ndr_pull_named_pipe_auth_rep failed: %s\n",
343 ndr_map_error2string(ndr_err)));
344 tevent_req_error(req, EIO);
345 return;
346 }
347
348 if (DEBUGLVL(10)) {
349 NDR_PRINT_DEBUG(named_pipe_auth_rep, &state->auth_rep);
350 }
351
352 if (state->auth_rep.length < 16) {
353 DEBUG(0, ("req invalid length: %u < 16\n",
354 state->auth_rep.length));
355 tevent_req_error(req, EIO);
356 return;
357 }
358
359 if (strcmp(NAMED_PIPE_AUTH_MAGIC, state->auth_rep.magic) != 0) {
360 DEBUG(0, ("req invalid magic: %s != %s\n",
361 state->auth_rep.magic, NAMED_PIPE_AUTH_MAGIC));
362 tevent_req_error(req, EIO);
363 return;
364 }
365
366 if (!NT_STATUS_IS_OK(state->auth_rep.status)) {
367 DEBUG(0, ("req failed: %s\n",
368 nt_errstr(state->auth_rep.status)));
369 tevent_req_error(req, EACCES);
370 return;
371 }
372
373 if (state->auth_rep.level != state->auth_req.level) {
374 DEBUG(0, ("req invalid level: %u != %u\n",
375 state->auth_rep.level, state->auth_req.level));
376 tevent_req_error(req, EIO);
377 return;
378 }
379
380 tevent_req_done(req);
381 }
382
383 int _tstream_npa_connect_recv(struct tevent_req *req,
384 int *perrno,
385 TALLOC_CTX *mem_ctx,
386 struct tstream_context **_stream,
387 uint16_t *_file_type,
388 uint16_t *_device_state,
389 uint64_t *_allocation_size,
390 const char *location)
391 {
392 struct tstream_npa_connect_state *state =
393 tevent_req_data(req,
394 struct tstream_npa_connect_state);
395 struct tstream_context *stream;
396 struct tstream_npa *npas;
397 uint16_t device_state = 0;
398 uint64_t allocation_size = 0;
399
400 if (tevent_req_is_unix_error(req, perrno)) {
401 tevent_req_received(req);
402 return -1;
403 }
404
405 stream = tstream_context_create(mem_ctx,
406 &tstream_npa_ops,
407 &npas,
408 struct tstream_npa,
409 location);
410 if (!stream) {
411 *perrno = ENOMEM;
412 tevent_req_received(req);
413 return -1;
414 }
415 ZERO_STRUCTP(npas);
416
417 npas->unix_stream = talloc_move(stream, &state->unix_stream);
418 switch (state->auth_rep.level) {
419 case 4:
420 npas->file_type = state->auth_rep.info.info4.file_type;
421 device_state = state->auth_rep.info.info4.device_state;
422 allocation_size = state->auth_rep.info.info4.allocation_size;
423 break;
424 }
425
426 *_stream = stream;
427 *_file_type = npas->file_type;
428 *_device_state = device_state;
429 *_allocation_size = allocation_size;
430 tevent_req_received(req);
431 return 0;
432 }
433
434 static ssize_t tstream_npa_pending_bytes(struct tstream_context *stream)
435 {
436 struct tstream_npa *npas = tstream_context_data(stream,
437 struct tstream_npa);
438 ssize_t ret;
439
440 if (!npas->unix_stream) {
441 errno = ENOTCONN;
442 return -1;
443 }
444
445 switch (npas->file_type) {
446 case FILE_TYPE_BYTE_MODE_PIPE:
447 ret = tstream_pending_bytes(npas->unix_stream);
448 break;
449
450 case FILE_TYPE_MESSAGE_MODE_PIPE:
451 ret = npas->pending.iov_len;
452 break;
453
454 default:
455 ret = -1;
456 }
457
458 return ret;
459 }
460
461 struct tstream_npa_readv_state {
462 struct tstream_context *stream;
463
464 struct iovec *vector;
465 size_t count;
466
467 /* the header for message mode */
468 uint8_t hdr[2];
469 bool wait_for_hdr;
470
471 int ret;
472 };
473
474 static void tstream_npa_readv_byte_mode_handler(struct tevent_req *subreq);
475 static int tstream_npa_readv_next_vector(struct tstream_context *stream,
476 void *private_data,
477 TALLOC_CTX *mem_ctx,
478 struct iovec **_vector,
479 size_t *_count);
480 static void tstream_npa_readv_msg_mode_handler(struct tevent_req *subreq);
481
482 static struct tevent_req *tstream_npa_readv_send(TALLOC_CTX *mem_ctx,
483 struct tevent_context *ev,
484 struct tstream_context *stream,
485 struct iovec *vector,
486 size_t count)
487 {
488 struct tevent_req *req;
489 struct tstream_npa_readv_state *state;
490 struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa);
491 struct tevent_req *subreq;
492 off_t ofs;
493 size_t left;
494 uint8_t *pbase;
495
496 req = tevent_req_create(mem_ctx, &state,
497 struct tstream_npa_readv_state);
498 if (!req) {
499 return NULL;
500 }
501
502 state->stream = stream;
503 state->ret = 0;
504
505 if (!npas->unix_stream) {
506 tevent_req_error(req, ENOTCONN);
507 goto post;
508 }
509
510 switch (npas->file_type) {
511 case FILE_TYPE_BYTE_MODE_PIPE:
512 state->vector = vector;
513 state->count = count;
514
515 subreq = tstream_readv_send(state,
516 ev,
517 npas->unix_stream,
518 state->vector,
519 state->count);
520 if (tevent_req_nomem(subreq,req)) {
521 goto post;
522 }
523 tevent_req_set_callback(subreq,
524 tstream_npa_readv_byte_mode_handler,
525 req);
526
527 return req;
528
529 case FILE_TYPE_MESSAGE_MODE_PIPE:
530 /*
531 * we make a copy of the vector and prepend a header
532 * with the length
533 */
534 state->vector = talloc_array(state, struct iovec, count);
535 if (tevent_req_nomem(state->vector, req)) {
536 goto post;
537 }
538 memcpy(state->vector, vector, sizeof(struct iovec)*count);
539 state->count = count;
540
541 /*
542 * copy the pending buffer first
543 */
544 ofs = 0;
545 left = npas->pending.iov_len;
546 pbase = (uint8_t *)npas->pending.iov_base;
547
548 while (left > 0 && state->count > 0) {
549 uint8_t *base;
550 base = (uint8_t *)state->vector[0].iov_base;
551 if (left < state->vector[0].iov_len) {
552 memcpy(base, pbase + ofs, left);
553
554 base += left;
555 state->vector[0].iov_base = (char *) base;
556 state->vector[0].iov_len -= left;
557
558 ofs += left;
559 left = 0;
560 TALLOC_FREE(pbase);
561 ZERO_STRUCT(npas->pending);
562 break;
563 }
564 memcpy(base, pbase + ofs, state->vector[0].iov_len);
565
566 ofs += state->vector[0].iov_len;
567 left -= state->vector[0].iov_len;
568 state->vector += 1;
569 state->count -= 1;
570
571 if (left == 0) {
572 TALLOC_FREE(pbase);
573 ZERO_STRUCT(npas->pending);
574 break;
575 }
576 }
577
578 if (left > 0) {
579 memmove(pbase, pbase + ofs, left);
580 npas->pending.iov_base = (char *) pbase;
581 npas->pending.iov_len = left;
582 /*
583 * this cannot fail and even if it
584 * fails we can handle it
585 */
586 pbase = talloc_realloc(npas, pbase, uint8_t, left);
587 if (pbase) {
588 npas->pending.iov_base = (char *) pbase;
589 }
590 pbase = NULL;
591 }
592
593 state->ret += ofs;
594
595 if (state->count == 0) {
596 tevent_req_done(req);
597 goto post;
598 }
599
600 ZERO_STRUCT(state->hdr);
601 state->wait_for_hdr = false;
602
603 subreq = tstream_readv_pdu_send(state,
604 ev,
605 npas->unix_stream,
606 tstream_npa_readv_next_vector,
607 state);
608 if (tevent_req_nomem(subreq, req)) {
609 goto post;
610 }
611 tevent_req_set_callback(subreq,
612 tstream_npa_readv_msg_mode_handler,
613 req);
614
615 return req;
616 }
617
618 /* this can't happen */
619 tevent_req_error(req, EINVAL);
620 goto post;
621
622 post:
623 tevent_req_post(req, ev);
624 return req;
625 }
626
627 static void tstream_npa_readv_byte_mode_handler(struct tevent_req *subreq)
628 {
629 struct tevent_req *req = tevent_req_callback_data(subreq,
630 struct tevent_req);
631 struct tstream_npa_readv_state *state = tevent_req_data(req,
632 struct tstream_npa_readv_state);
633 int ret;
634 int sys_errno;
635
636 ret = tstream_readv_recv(subreq, &sys_errno);
637 TALLOC_FREE(subreq);
638 if (ret == -1) {
639 tevent_req_error(req, sys_errno);
640 return;
641 }
642
643 state->ret = ret;
644
645 tevent_req_done(req);
646 }
647
648 static int tstream_npa_readv_next_vector(struct tstream_context *unix_stream,
649 void *private_data,
650 TALLOC_CTX *mem_ctx,
651 struct iovec **_vector,
652 size_t *_count)
653 {
654 struct tstream_npa_readv_state *state = talloc_get_type_abort(private_data,
655 struct tstream_npa_readv_state);
656 struct tstream_npa *npas = tstream_context_data(state->stream,
657 struct tstream_npa);
658 struct iovec *vector;
659 size_t count;
660 uint16_t msg_len;
661 size_t left;
662
663 if (state->count == 0) {
664 *_vector = NULL;
665 *_count = 0;
666 return 0;
667 }
668
669 if (!state->wait_for_hdr) {
670 /* we need to get a message header */
671 vector = talloc_array(mem_ctx, struct iovec, 1);
672 if (!vector) {
673 return -1;
674 }
675 ZERO_STRUCT(state->hdr);
676 vector[0].iov_base = (char *) state->hdr;
677 vector[0].iov_len = sizeof(state->hdr);
678
679 count = 1;
680
681 state->wait_for_hdr = true;
682
683 *_vector = vector;
684 *_count = count;
685 return 0;
686 }
687
688 /* and now fill the callers buffers and maybe the pending buffer */
689 state->wait_for_hdr = false;
690
691 msg_len = SVAL(state->hdr, 0);
692
693 if (msg_len == 0) {
694 errno = EIO;
695 return -1;
696 }
697
698 state->wait_for_hdr = false;
699
700 /* +1 because we may need to fill the pending buffer */
701 vector = talloc_array(mem_ctx, struct iovec, state->count + 1);
702 if (!vector) {
703 return -1;
704 }
705
706 count = 0;
707 left = msg_len;
708 while (left > 0 && state->count > 0) {
709 if (left < state->vector[0].iov_len) {
710 uint8_t *base;
711 base = (uint8_t *)state->vector[0].iov_base;
712 vector[count].iov_base = (char *) base;
713 vector[count].iov_len = left;
714 count++;
715 base += left;
716 state->vector[0].iov_base = (char *) base;
717 state->vector[0].iov_len -= left;
718 break;
719 }
720 vector[count] = state->vector[0];
721 count++;
722 left -= state->vector[0].iov_len;
723 state->vector += 1;
724 state->count -= 1;
725 }
726
727 if (left > 0) {
728 /*
729 * if the message is longer than the buffers the caller
730 * requested, we need to consume the rest of the message
731 * into the pending buffer, where the next readv can
732 * be served from.
733 */
734 npas->pending.iov_base = talloc_array(npas, char, left);
735 if (!npas->pending.iov_base) {
736 return -1;
737 }
738 npas->pending.iov_len = left;
739
740 vector[count] = npas->pending;
741 count++;
742 }
743
744 state->ret += (msg_len - left);
745
746 *_vector = vector;
747 *_count = count;
748 return 0;
749 }
750
751 static void tstream_npa_readv_msg_mode_handler(struct tevent_req *subreq)
752 {
753 struct tevent_req *req = tevent_req_callback_data(subreq,
754 struct tevent_req);
755 int ret;
756 int sys_errno;
757
758 ret = tstream_readv_pdu_recv(subreq, &sys_errno);
759 TALLOC_FREE(subreq);
760 if (ret == -1) {
761 tevent_req_error(req, sys_errno);
762 return;
763 }
764
765 /*
766 * we do not set state->ret here as ret includes the headr size.
767 * we set it in tstream_npa_readv_pdu_next_vector()
768 */
769
770 tevent_req_done(req);
771 }
772
773 static int tstream_npa_readv_recv(struct tevent_req *req,
774 int *perrno)
775 {
776 struct tstream_npa_readv_state *state = tevent_req_data(req,
777 struct tstream_npa_readv_state);
778 int ret;
779
780 ret = tsocket_simple_int_recv(req, perrno);
781 if (ret == 0) {
782 ret = state->ret;
783 }
784
785 tevent_req_received(req);
786 return ret;
787 }
788
789 struct tstream_npa_writev_state {
790 const struct iovec *vector;
791 size_t count;
792
793 /* the header for message mode */
794 bool hdr_used;
795 uint8_t hdr[2];
796
797 int ret;
798 };
799
800 static void tstream_npa_writev_handler(struct tevent_req *subreq);
801
802 static struct tevent_req *tstream_npa_writev_send(TALLOC_CTX *mem_ctx,
803 struct tevent_context *ev,
804 struct tstream_context *stream,
805 const struct iovec *vector,
806 size_t count)
807 {
808 struct tevent_req *req;
809 struct tstream_npa_writev_state *state;
810 struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa);
811 struct tevent_req *subreq;
812 size_t msg_len;
813 size_t i;
814 struct iovec *new_vector;
815
816 req = tevent_req_create(mem_ctx, &state,
817 struct tstream_npa_writev_state);
818 if (!req) {
819 return NULL;
820 }
821
822 state->ret = 0;
823
824 if (!npas->unix_stream) {
825 tevent_req_error(req, ENOTCONN);
826 goto post;
827 }
828
829 switch (npas->file_type) {
830 case FILE_TYPE_BYTE_MODE_PIPE:
831 state->hdr_used = false;
832 state->vector = vector;
833 state->count = count;
834 break;
835
836 case FILE_TYPE_MESSAGE_MODE_PIPE:
837 /*
838 * we make a copy of the vector and prepend a header
839 * with the length
840 */
841 new_vector = talloc_array(state, struct iovec, count + 1);
842 if (tevent_req_nomem(new_vector, req)) {
843 goto post;
844 }
845 new_vector[0].iov_base = (char *) state->hdr;
846 new_vector[0].iov_len = sizeof(state->hdr);
847 memcpy(new_vector + 1, vector, sizeof(struct iovec)*count);
848
849 state->hdr_used = true;
850 state->vector = new_vector;
851 state->count = count + 1;
852
853 msg_len = 0;
854 for (i=0; i < count; i++) {
855 msg_len += vector[i].iov_len;
856 }
857
858 if (msg_len > UINT16_MAX) {
859 tevent_req_error(req, EMSGSIZE);
860 goto post;
861 }
862
863 SSVAL(state->hdr, 0, msg_len);
864 break;
865 }
866
867 subreq = tstream_writev_send(state,
868 ev,
869 npas->unix_stream,
870 state->vector,
871 state->count);
872 if (tevent_req_nomem(subreq, req)) {
873 goto post;
874 }
875 tevent_req_set_callback(subreq, tstream_npa_writev_handler, req);
876
877 return req;
878
879 post:
880 tevent_req_post(req, ev);
881 return req;
882 }
883
884 static void tstream_npa_writev_handler(struct tevent_req *subreq)
885 {
886 struct tevent_req *req = tevent_req_callback_data(subreq,
887 struct tevent_req);
888 struct tstream_npa_writev_state *state = tevent_req_data(req,
889 struct tstream_npa_writev_state);
890 int ret;
891 int sys_errno;
892
893 ret = tstream_writev_recv(subreq, &sys_errno);
894 TALLOC_FREE(subreq);
895 if (ret == -1) {
896 tevent_req_error(req, sys_errno);
897 return;
898 }
899
900 /*
901 * in message mode we need to hide the length
902 * of the hdr from the caller
903 */
904 if (state->hdr_used) {
905 ret -= sizeof(state->hdr);
906 }
907
908 state->ret = ret;
909
910 tevent_req_done(req);
911 }
912
913 static int tstream_npa_writev_recv(struct tevent_req *req,
914 int *perrno)
915 {
916 struct tstream_npa_writev_state *state = tevent_req_data(req,
917 struct tstream_npa_writev_state);
918 int ret;
919
920 ret = tsocket_simple_int_recv(req, perrno);
921 if (ret == 0) {
922 ret = state->ret;
923 }
924
925 tevent_req_received(req);
926 return ret;
927 }
928
929 struct tstream_npa_disconnect_state {
930 struct tstream_context *stream;
931 };
932
933 static void tstream_npa_disconnect_handler(struct tevent_req *subreq);
934
935 static struct tevent_req *tstream_npa_disconnect_send(TALLOC_CTX *mem_ctx,
936 struct tevent_context *ev,
937 struct tstream_context *stream)
938 {
939 struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa);
940 struct tevent_req *req;
941 struct tstream_npa_disconnect_state *state;
942 struct tevent_req *subreq;
943
944 req = tevent_req_create(mem_ctx, &state,
945 struct tstream_npa_disconnect_state);
946 if (req == NULL) {
947 return NULL;
948 }
949
950 state->stream = stream;
951
952 if (!npas->unix_stream) {
953 tevent_req_error(req, ENOTCONN);
954 goto post;
955 }
956
957 subreq = tstream_disconnect_send(state,
958 ev,
959 npas->unix_stream);
960 if (tevent_req_nomem(subreq, req)) {
961 goto post;
962 }
963 tevent_req_set_callback(subreq, tstream_npa_disconnect_handler, req);
964
965 return req;
966
967 post:
968 tevent_req_post(req, ev);
969 return req;
970 }
971
972 static void tstream_npa_disconnect_handler(struct tevent_req *subreq)
973 {
974 struct tevent_req *req = tevent_req_callback_data(subreq,
975 struct tevent_req);
976 struct tstream_npa_disconnect_state *state = tevent_req_data(req,
977 struct tstream_npa_disconnect_state);
978 struct tstream_context *stream = state->stream;
979 struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa);
980 int ret;
981 int sys_errno;
982
983 ret = tstream_disconnect_recv(subreq, &sys_errno);
984 TALLOC_FREE(subreq);
985 if (ret == -1) {
986 tevent_req_error(req, sys_errno);
987 return;
988 }
989
990 TALLOC_FREE(npas->unix_stream);
991
992 tevent_req_done(req);
993 }
994
995 static int tstream_npa_disconnect_recv(struct tevent_req *req,
996 int *perrno)
997 {
998 int ret;
999
1000 ret = tsocket_simple_int_recv(req, perrno);
1001
1002 tevent_req_received(req);
1003 return ret;
1004 }
1005
1006 static const struct tstream_context_ops tstream_npa_ops = {
1007 .name = "npa",
1008
1009 .pending_bytes = tstream_npa_pending_bytes,
1010
1011 .readv_send = tstream_npa_readv_send,
1012 .readv_recv = tstream_npa_readv_recv,
1013
1014 .writev_send = tstream_npa_writev_send,
1015 .writev_recv = tstream_npa_writev_recv,
1016
1017 .disconnect_send = tstream_npa_disconnect_send,
1018 .disconnect_recv = tstream_npa_disconnect_recv,
1019 };
1020
1021 int _tstream_npa_existing_socket(TALLOC_CTX *mem_ctx,
1022 int fd,
1023 uint16_t file_type,
1024 struct tstream_context **_stream,
1025 const char *location)
1026 {
1027 struct tstream_context *stream;
1028 struct tstream_npa *npas;
1029 int ret;
1030
1031 switch (file_type) {
1032 case FILE_TYPE_BYTE_MODE_PIPE:
1033 break;
1034 case FILE_TYPE_MESSAGE_MODE_PIPE:
1035 break;
1036 default:
1037 errno = EINVAL;
1038 return -1;
1039 }
1040
1041 stream = tstream_context_create(mem_ctx,
1042 &tstream_npa_ops,
1043 &npas,
1044 struct tstream_npa,
1045 location);
1046 if (!stream) {
1047 return -1;
1048 }
1049 ZERO_STRUCTP(npas);
1050
1051 npas->file_type = file_type;
1052
1053 ret = tstream_bsd_existing_socket(stream, fd,
1054 &npas->unix_stream);
1055 if (ret == -1) {
1056 int saved_errno = errno;
1057 talloc_free(stream);
1058 errno = saved_errno;
1059 return -1;
1060 }
1061
1062 *_stream = stream;
1063 return 0;
1064 }
1065
1066
1067 struct tstream_npa_accept_state {
1068 struct tevent_context *ev;
1069 struct tstream_context *plain;
1070 uint16_t file_type;
1071 uint16_t device_state;
1072 uint64_t alloc_size;
1073
1074 DATA_BLOB npa_blob;
1075 struct iovec out_iov;
1076
1077 /* results */
1078 NTSTATUS accept_status;
1079 struct tsocket_address *remote_client_addr;
1080 char *remote_client_name;
1081 struct tsocket_address *local_server_addr;
1082 char *local_server_name;
1083 struct auth_session_info_transport *session_info;
1084 };
1085
1086 static int tstream_npa_accept_next_vector(struct tstream_context *unix_stream,
1087 void *private_data,
1088 TALLOC_CTX *mem_ctx,
1089 struct iovec **_vector,
1090 size_t *_count);
1091 static void tstream_npa_accept_existing_reply(struct tevent_req *subreq);
1092 static void tstream_npa_accept_existing_done(struct tevent_req *subreq);
1093
1094 struct tevent_req *tstream_npa_accept_existing_send(TALLOC_CTX *mem_ctx,
1095 struct tevent_context *ev,
1096 struct tstream_context *plain,
1097 uint16_t file_type,
1098 uint16_t device_state,
1099 uint64_t allocation_size)
1100 {
1101 struct tstream_npa_accept_state *state;
1102 struct tevent_req *req, *subreq;
1103
1104 req = tevent_req_create(mem_ctx, &state,
1105 struct tstream_npa_accept_state);
1106 if (req == NULL) {
1107 return NULL;
1108 }
1109
1110 switch (file_type) {
1111 case FILE_TYPE_BYTE_MODE_PIPE:
1112 break;
1113 case FILE_TYPE_MESSAGE_MODE_PIPE:
1114 break;
1115 default:
1116 tevent_req_error(req, EINVAL);
1117 goto post;
1118 }
1119
1120 ZERO_STRUCTP(state);
1121
1122 state->ev = ev;
1123 state->plain = plain;
1124 state->file_type = file_type;
1125 state->device_state = device_state;
1126 state->alloc_size = allocation_size;
1127
1128 /*
1129 * The named pipe pdu's have the length as 8 byte (initial_read_size),
1130 * named_pipe_full_request provides the pdu length then.
1131 */
1132 subreq = tstream_readv_pdu_send(state, ev, plain,
1133 tstream_npa_accept_next_vector,
1134 state);
1135 if (tevent_req_nomem(subreq, req)) {
1136 goto post;
1137 }
1138
1139 tevent_req_set_callback(subreq,
1140 tstream_npa_accept_existing_reply, req);
1141
1142 return req;
1143
1144 post:
1145 tevent_req_post(req, ev);
1146 return req;
1147 }
1148
1149 static int tstream_npa_accept_next_vector(struct tstream_context *unix_stream,
1150 void *private_data,
1151 TALLOC_CTX *mem_ctx,
1152 struct iovec **_vector,
1153 size_t *_count)
1154 {
1155 struct tstream_npa_accept_state *state =
1156 talloc_get_type_abort(private_data,
1157 struct tstream_npa_accept_state);
1158 struct iovec *vector;
1159 size_t count;
1160 off_t ofs = 0;
1161
1162 if (state->npa_blob.length == 0) {
1163 state->npa_blob = data_blob_talloc(state, NULL, 4);
1164 if (!state->npa_blob.data) {
1165 return -1;
1166 }
1167 } else if (state->npa_blob.length == 4) {
1168 uint32_t msg_len;
1169
1170 ofs = 4;
1171
1172 msg_len = RIVAL(state->npa_blob.data, 0);
1173
1174 if (msg_len > 0x00FFFFFF) {
1175 errno = EMSGSIZE;
1176 return -1;
1177 }
1178
1179 if (msg_len == 0) {
1180 errno = EMSGSIZE;
1181 return -1;
1182 }
1183
1184 msg_len += ofs;
1185
1186 state->npa_blob.data = talloc_realloc(state,
1187 state->npa_blob.data,
1188 uint8_t, msg_len);
1189 if (!state->npa_blob.data) {
1190 return -1;
1191 }
1192 state->npa_blob.length = msg_len;
1193 } else {
1194 if (memcmp(&state->npa_blob.data[4],
1195 NAMED_PIPE_AUTH_MAGIC, 4) != 0) {
1196 DEBUG(0, ("Wrong protocol\n"));
1197 #if defined(EPROTONOSUPPORT)
1198 errno = EPROTONOSUPPORT;
1199 #elif defined(EPROTO)
1200 errno = EPROTO;
1201 #else
1202 errno = EINVAL;
1203 #endif
1204 return -1;
1205 }
1206 *_vector = NULL;
1207 *_count = 0;
1208 return 0;
1209 }
1210
1211 /* we need to get a message header */
1212 vector = talloc_array(mem_ctx, struct iovec, 1);
1213 if (!vector) {
1214 return -1;
1215 }
1216 vector[0].iov_base = (char *) (state->npa_blob.data + ofs);
1217 vector[0].iov_len = state->npa_blob.length - ofs;
1218 count = 1;
1219
1220 *_vector = vector;
1221 *_count = count;
1222 return 0;
1223 }
1224
1225 static void tstream_npa_accept_existing_reply(struct tevent_req *subreq)
1226 {
1227 struct tevent_req *req =
1228 tevent_req_callback_data(subreq, struct tevent_req);
1229 struct tstream_npa_accept_state *state =
1230 tevent_req_data(req, struct tstream_npa_accept_state);
1231 struct named_pipe_auth_req *pipe_request;
1232 struct named_pipe_auth_rep pipe_reply;
1233 struct named_pipe_auth_req_info4 i4;
1234 enum ndr_err_code ndr_err;
1235 DATA_BLOB out;
1236 int sys_errno;
1237 int ret;
1238
1239 ret = tstream_readv_pdu_recv(subreq, &sys_errno);
1240 TALLOC_FREE(subreq);
1241 if (ret == -1) {
1242 tevent_req_error(req, sys_errno);
1243 return;
1244 }
1245
1246 DEBUG(10, ("Received packet of length %lu\n",
1247 (long)state->npa_blob.length));
1248 dump_data(11, state->npa_blob.data, state->npa_blob.length);
1249
1250 ZERO_STRUCT(pipe_reply);
1251 pipe_reply.level = 0;
1252 pipe_reply.status = NT_STATUS_INTERNAL_ERROR;
1253 /*
1254 * TODO: check it's a root (uid == 0) pipe
1255 */
1256
1257 pipe_request = talloc(state, struct named_pipe_auth_req);
1258 if (!pipe_request) {
1259 DEBUG(0, ("Out of memory!\n"));
1260 goto reply;
1261 }
1262
1263 /* parse the passed credentials */
1264 ndr_err = ndr_pull_struct_blob_all(
1265 &state->npa_blob, pipe_request, pipe_request,
1266 (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req);
1267 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1268 pipe_reply.status = ndr_map_error2ntstatus(ndr_err);
1269 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
1270 nt_errstr(pipe_reply.status)));
1271 goto reply;
1272 }
1273
1274 if (DEBUGLVL(10)) {
1275 NDR_PRINT_DEBUG(named_pipe_auth_req, pipe_request);
1276 }
1277
1278 ZERO_STRUCT(i4);
1279
1280 if (pipe_request->level != 4) {
1281 DEBUG(0, ("Unknown level %u\n", pipe_request->level));
1282 pipe_reply.level = 0;
1283 pipe_reply.status = NT_STATUS_INVALID_LEVEL;
1284 goto reply;
1285 }
1286
1287 pipe_reply.level = 4;
1288 pipe_reply.status = NT_STATUS_OK;
1289 pipe_reply.info.info4.file_type = state->file_type;
1290 pipe_reply.info.info4.device_state = state->device_state;
1291 pipe_reply.info.info4.allocation_size = state->alloc_size;
1292
1293 i4 = pipe_request->info.info4;
1294 if (i4.local_server_addr == NULL) {
1295 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
1296 DEBUG(2, ("Missing local server address\n"));
1297 goto reply;
1298 }
1299 if (i4.remote_client_addr == NULL) {
1300 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
1301 DEBUG(2, ("Missing remote client address\n"));
1302 goto reply;
1303 }
1304
1305 state->local_server_name = discard_const_p(char,
1306 talloc_move(state,
1307 &i4.local_server_name));
1308 ret = tsocket_address_inet_from_strings(state, "ip",
1309 i4.local_server_addr,
1310 i4.local_server_port,
1311 &state->local_server_addr);
1312 if (ret != 0) {
1313 DEBUG(2, ("Invalid local server address[%s:%u] - %s\n",
1314 i4.local_server_addr, i4.local_server_port,
1315 strerror(errno)));
1316 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
1317 goto reply;
1318 }
1319
1320 state->remote_client_name = discard_const_p(char,
1321 talloc_move(state,
1322 &i4.remote_client_name));
1323 ret = tsocket_address_inet_from_strings(state, "ip",
1324 i4.remote_client_addr,
1325 i4.remote_client_port,
1326 &state->remote_client_addr);
1327 if (ret != 0) {
1328 DEBUG(2, ("Invalid remote client address[%s:%u] - %s\n",
1329 i4.remote_client_addr, i4.remote_client_port,
1330 strerror(errno)));
1331 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
1332 goto reply;
1333 }
1334
1335 state->session_info = talloc_move(state, &i4.session_info);
1336 reply:
1337 /* create the output */
1338 ndr_err = ndr_push_struct_blob(&out, state, &pipe_reply,
1339 (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep);
1340 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1341 DEBUG(2, ("Error encoding structure: %s",
1342 ndr_map_error2string(ndr_err)));
1343 tevent_req_error(req, EIO);
1344 return;
1345 }
1346
1347 DEBUG(10, ("named_pipe_auth reply[%u]\n", (unsigned)out.length));
1348 dump_data(11, out.data, out.length);
1349
1350 if (DEBUGLVL(10)) {
1351 NDR_PRINT_DEBUG(named_pipe_auth_rep, &pipe_reply);
1352 }
1353
1354 state->accept_status = pipe_reply.status;
1355
1356 state->out_iov.iov_base = (char *) out.data;
1357 state->out_iov.iov_len = out.length;
1358
1359 subreq = tstream_writev_send(state, state->ev,
1360 state->plain,
1361 &state->out_iov, 1);
1362 if (tevent_req_nomem(subreq, req)) {
1363 DEBUG(0, ("no memory for tstream_writev_send"));
1364 return;
1365 }
1366
1367 tevent_req_set_callback(subreq, tstream_npa_accept_existing_done, req);
1368 }
1369
1370 static void tstream_npa_accept_existing_done(struct tevent_req *subreq)
1371 {
1372 struct tevent_req *req =
1373 tevent_req_callback_data(subreq, struct tevent_req);
1374 int sys_errno;
1375 int ret;
1376
1377 ret = tstream_writev_recv(subreq, &sys_errno);
1378 TALLOC_FREE(subreq);
1379 if (ret == -1) {
1380 tevent_req_error(req, sys_errno);
1381 return;
1382 }
1383
1384 tevent_req_done(req);
1385 }
1386
1387 int _tstream_npa_accept_existing_recv(struct tevent_req *req,
1388 int *perrno,
1389 TALLOC_CTX *mem_ctx,
1390 struct tstream_context **stream,
1391 struct tsocket_address **remote_client_addr,
1392 char **_remote_client_name,
1393 struct tsocket_address **local_server_addr,
1394 char **local_server_name,
1395 struct auth_session_info_transport **session_info,
1396 const char *location)
1397 {
1398 struct tstream_npa_accept_state *state =
1399 tevent_req_data(req, struct tstream_npa_accept_state);
1400 struct tstream_npa *npas;
1401 int ret;
1402
1403 ret = tsocket_simple_int_recv(req, perrno);
1404 if (ret != 0) {
1405 DEBUG(2, ("Failed to accept named pipe conection: %s\n",
1406 strerror(*perrno)));
1407 tevent_req_received(req);
1408 return -1;
1409 }
1410
1411 if (!NT_STATUS_IS_OK(state->accept_status)) {
1412 #if defined(EPROTONOSUPPORT)
1413 *perrno = EPROTONOSUPPORT;
1414 #elif defined(EPROTO)
1415 *perrno = EPROTO;
1416 #else
1417 *perrno = EINVAL;
1418 #endif
1419 DEBUG(2, ("Failed to accept named pipe conection: %s => %s\n",
1420 nt_errstr(state->accept_status),
1421 strerror(*perrno)));
1422 tevent_req_received(req);
1423 return -1;
1424 }
1425
1426 *stream = tstream_context_create(mem_ctx,
1427 &tstream_npa_ops,
1428 &npas,
1429 struct tstream_npa,
1430 location);
1431 if (!*stream) {
1432 *perrno = ENOMEM;
1433 tevent_req_received(req);
1434 return -1;
1435 }
1436 ZERO_STRUCTP(npas);
1437 npas->unix_stream = state->plain;
1438 npas->file_type = state->file_type;
1439
1440 *remote_client_addr = talloc_move(mem_ctx, &state->remote_client_addr);
1441 *_remote_client_name = talloc_move(mem_ctx, &state->remote_client_name);
1442 *local_server_addr = talloc_move(mem_ctx, &state->local_server_addr);
1443 *local_server_name = talloc_move(mem_ctx, &state->local_server_name);
1444 *session_info = talloc_move(mem_ctx, &state->session_info);
1445
1446 tevent_req_received(req);
1447 return 0;
1448 }
1449
1450
1451 /* SOCKETPAIR for internal rpc communication */
1452
1453 /* file_type is FILE_TYPE_BYTE_MODE_PIPE or FILE_TYPE_MESSAGE_MODE_PIPE */
1454 int _tstream_npa_socketpair(uint16_t file_type,
1455 TALLOC_CTX *mem_ctx1,
1456 struct tstream_context **pstream1,
1457 TALLOC_CTX *mem_ctx2,
1458 struct tstream_context **pstream2,
1459 const char *location)
1460 {
1461 struct tstream_context *stream1 = NULL;
1462 struct tstream_context *stream2 = NULL;
1463 int fds[2];
1464 int fd1;
1465 int fd2;
1466 int rc;
1467 bool ok;
1468
1469 rc = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
1470 if (rc == -1) {
1471 return -1;
1472 }
1473 fd1 = fds[0];
1474 fd2 = fds[1];
1475
1476 ok = smb_set_close_on_exec(fd1);
1477 if (!ok) {
1478 goto close_fail;
1479 }
1480
1481 ok = smb_set_close_on_exec(fd2);
1482 if (!ok) {
1483 goto close_fail;
1484 }
1485
1486 rc = set_blocking(fd1, false);
1487 if (rc == -1) {
1488 goto close_fail;
1489 }
1490
1491 rc = set_blocking(fd2, false);
1492 if (rc == -1) {
1493 goto close_fail;
1494 }
1495
1496 rc = _tstream_npa_existing_socket(mem_ctx1,
1497 fd1,
1498 file_type,
1499 &stream1,
1500 location);
1501 if (rc == -1) {
1502 goto close_fail;
1503 }
1504
1505 rc = _tstream_npa_existing_socket(mem_ctx2,
1506 fd2,
1507 file_type,
1508 &stream2,
1509 location);
1510 if (rc == -1) {
1511 int sys_errno = errno;
1512 talloc_free(stream1);
1513 close(fd2);
1514 errno = sys_errno;
1515 return -1;
1516 }
1517
1518 *pstream1 = stream1;
1519 *pstream2 = stream2;
1520
1521 return 0;
1522
1523 close_fail:
1524 {
1525 int sys_errno = errno;
1526 close(fd1);
1527 close(fd2);
1528 errno = sys_errno;
1529 return -1;
1530 }
1531 }
Samba GIT mirror