2 Unix SMB/CIFS implementation.
4 helper functions for NAMED PIPE servers
6 Copyright (C) Stefan (metze) Metzmacher 2008
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "smbd/service.h"
25 #include "param/param.h"
26 #include "auth/session.h"
27 #include "auth/auth_sam_reply.h"
28 #include "lib/socket/socket.h"
29 #include "lib/tsocket/tsocket.h"
30 #include "libcli/util/tstream.h"
31 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
32 #include "system/passwd.h"
33 #include "system/network.h"
34 #include "libcli/raw/smb.h"
35 #include "auth/credentials/credentials.h"
36 #include "auth/credentials/credentials_krb5.h"
38 struct named_pipe_socket
{
39 const char *pipe_name
;
40 const char *pipe_path
;
41 const struct stream_server_ops
*ops
;
45 struct named_pipe_connection
{
46 struct stream_connection
*connection
;
47 const struct named_pipe_socket
*pipe_sock
;
48 struct tstream_context
*tstream
;
51 static void named_pipe_terminate_connection(struct named_pipe_connection
*pipe_conn
, const char *reason
)
53 stream_terminate_connection(pipe_conn
->connection
, reason
);
56 static NTSTATUS
named_pipe_full_request(void *private_data
, DATA_BLOB blob
, size_t *size
)
58 if (blob
.length
< 8) {
59 return STATUS_MORE_ENTRIES
;
62 if (memcmp(NAMED_PIPE_AUTH_MAGIC
, &blob
.data
[4], 4) != 0) {
63 DEBUG(0,("named_pipe_full_request: wrong protocol\n"));
65 /* the error will be handled in named_pipe_recv_auth_request */
69 *size
= 4 + RIVAL(blob
.data
, 0);
70 if (*size
> blob
.length
) {
71 return STATUS_MORE_ENTRIES
;
77 static void named_pipe_auth_request(struct tevent_req
*subreq
);
79 static void named_pipe_accept(struct stream_connection
*conn
)
81 struct named_pipe_socket
*pipe_sock
= talloc_get_type(conn
->private_data
,
82 struct named_pipe_socket
);
83 struct named_pipe_connection
*pipe_conn
;
84 struct tevent_req
*subreq
;
87 pipe_conn
= talloc_zero(conn
, struct named_pipe_connection
);
88 if (pipe_conn
== NULL
) {
89 stream_terminate_connection(conn
,
90 "named_pipe_accept: out of memory");
94 TALLOC_FREE(conn
->event
.fde
);
97 * We have to duplicate the fd, cause it gets closed when the tstream
98 * is freed and you shouldn't work a fd the tstream is based on.
100 fd
= dup(socket_get_fd(conn
->socket
));
104 reason
= talloc_asprintf(conn
,
105 "named_pipe_accept: failed to duplicate the file descriptor - %s",
107 if (reason
== NULL
) {
108 reason
= strerror(errno
);
110 stream_terminate_connection(conn
, reason
);
112 rc
= tstream_bsd_existing_socket(pipe_conn
,
114 &pipe_conn
->tstream
);
116 stream_terminate_connection(conn
,
117 "named_pipe_accept: out of memory");
121 pipe_conn
->connection
= conn
;
122 pipe_conn
->pipe_sock
= pipe_sock
;
123 conn
->private_data
= pipe_conn
;
126 * The named pipe pdu's have the length as 8 byte (initial_read_size),
127 * named_pipe_full_request provides the pdu length then.
129 subreq
= tstream_read_pdu_blob_send(pipe_conn
,
130 pipe_conn
->connection
->event
.ctx
,
132 8, /* initial_read_size */
133 named_pipe_full_request
,
135 if (subreq
== NULL
) {
136 named_pipe_terminate_connection(pipe_conn
,
137 "named_pipe_accept: "
138 "no memory for tstream_read_pdu_blob_send");
141 tevent_req_set_callback(subreq
, named_pipe_auth_request
, pipe_conn
);
144 struct named_pipe_call
{
145 struct named_pipe_connection
*pipe_conn
;
148 struct iovec out_iov
[1];
152 static void named_pipe_handover_connection(struct tevent_req
*subreq
);
154 static void named_pipe_auth_request(struct tevent_req
*subreq
)
156 struct named_pipe_connection
*pipe_conn
= tevent_req_callback_data(subreq
,
157 struct named_pipe_connection
);
158 struct stream_connection
*conn
= pipe_conn
->connection
;
159 struct named_pipe_call
*call
;
160 enum ndr_err_code ndr_err
;
161 union netr_Validation val
;
162 struct auth_serversupplied_info
*server_info
;
163 struct named_pipe_auth_req pipe_request
;
164 struct named_pipe_auth_rep pipe_reply
;
167 call
= talloc(pipe_conn
, struct named_pipe_call
);
169 named_pipe_terminate_connection(pipe_conn
,
170 "named_pipe_auth_request: "
171 "no memory for named_pipe_call");
174 call
->pipe_conn
= pipe_conn
;
176 status
= tstream_read_pdu_blob_recv(subreq
,
180 if (!NT_STATUS_IS_OK(status
)) {
183 reason
= talloc_asprintf(call
, "named_pipe_call_loop: "
184 "tstream_read_pdu_blob_recv() - %s",
186 if (reason
== NULL
) {
187 reason
= nt_errstr(status
);
190 named_pipe_terminate_connection(pipe_conn
, reason
);
194 DEBUG(10,("Received named_pipe packet of length %lu from %s\n",
195 (long) call
->in
.length
,
196 tsocket_address_string(pipe_conn
->connection
->remote_address
, call
)));
197 dump_data(11, call
->in
.data
, call
->in
.length
);
200 * TODO: check it's a root (uid == 0) pipe
203 ZERO_STRUCT(pipe_reply
);
204 pipe_reply
.level
= 0;
205 pipe_reply
.status
= NT_STATUS_INTERNAL_ERROR
;
207 /* parse the passed credentials */
208 ndr_err
= ndr_pull_struct_blob_all(
211 lp_iconv_convenience(conn
->lp_ctx
),
213 (ndr_pull_flags_fn_t
) ndr_pull_named_pipe_auth_req
);
214 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
215 pipe_reply
.status
= ndr_map_error2ntstatus(ndr_err
);
216 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
217 nt_errstr(pipe_reply
.status
)));
222 NDR_PRINT_DEBUG(named_pipe_auth_req
, &pipe_request
);
225 if (strcmp(NAMED_PIPE_AUTH_MAGIC
, pipe_request
.magic
) != 0) {
226 DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n",
227 pipe_request
.magic
, NAMED_PIPE_AUTH_MAGIC
));
228 pipe_reply
.status
= NT_STATUS_INVALID_PARAMETER
;
232 switch (pipe_request
.level
) {
235 * anon connection, we don't create a session info
238 pipe_reply
.level
= 0;
239 pipe_reply
.status
= NT_STATUS_OK
;
242 val
.sam3
= &pipe_request
.info
.info1
;
244 pipe_reply
.level
= 1;
245 pipe_reply
.status
= make_server_info_netlogon_validation(pipe_conn
,
249 if (!NT_STATUS_IS_OK(pipe_reply
.status
)) {
250 DEBUG(2, ("make_server_info_netlogon_validation returned "
251 "%s\n", nt_errstr(pipe_reply
.status
)));
255 /* setup the session_info on the connection */
256 pipe_reply
.status
= auth_generate_session_info(conn
,
260 &conn
->session_info
);
261 if (!NT_STATUS_IS_OK(pipe_reply
.status
)) {
262 DEBUG(2, ("auth_generate_session_info failed: %s\n",
263 nt_errstr(pipe_reply
.status
)));
269 pipe_reply
.level
= 2;
270 pipe_reply
.info
.info2
.file_type
= FILE_TYPE_MESSAGE_MODE_PIPE
;
271 pipe_reply
.info
.info2
.device_state
= 0xff | 0x0400 | 0x0100;
272 pipe_reply
.info
.info2
.allocation_size
= 4096;
274 if (pipe_request
.info
.info2
.sam_info3
== NULL
) {
276 * anon connection, we don't create a session info
279 pipe_reply
.status
= NT_STATUS_OK
;
283 val
.sam3
= pipe_request
.info
.info2
.sam_info3
;
285 pipe_reply
.status
= make_server_info_netlogon_validation(pipe_conn
,
286 val
.sam3
->base
.account_name
.string
,
287 3, &val
, &server_info
);
288 if (!NT_STATUS_IS_OK(pipe_reply
.status
)) {
289 DEBUG(2, ("make_server_info_netlogon_validation returned "
290 "%s\n", nt_errstr(pipe_reply
.status
)));
294 /* setup the session_info on the connection */
295 pipe_reply
.status
= auth_generate_session_info(conn
,
299 &conn
->session_info
);
300 if (!NT_STATUS_IS_OK(pipe_reply
.status
)) {
301 DEBUG(2, ("auth_generate_session_info failed: %s\n",
302 nt_errstr(pipe_reply
.status
)));
306 conn
->session_info
->session_key
= data_blob_const(pipe_request
.info
.info2
.session_key
,
307 pipe_request
.info
.info2
.session_key_length
);
308 talloc_steal(conn
->session_info
, pipe_request
.info
.info2
.session_key
);
312 pipe_reply
.level
= 3;
313 pipe_reply
.info
.info3
.file_type
= FILE_TYPE_MESSAGE_MODE_PIPE
;
314 pipe_reply
.info
.info3
.device_state
= 0xff | 0x0400 | 0x0100;
315 pipe_reply
.info
.info3
.allocation_size
= 4096;
317 if (pipe_request
.info
.info3
.sam_info3
== NULL
) {
319 * anon connection, we don't create a session info
322 pipe_reply
.status
= NT_STATUS_OK
;
326 val
.sam3
= pipe_request
.info
.info3
.sam_info3
;
328 pipe_reply
.status
= make_server_info_netlogon_validation(pipe_conn
,
329 val
.sam3
->base
.account_name
.string
,
330 3, &val
, &server_info
);
331 if (!NT_STATUS_IS_OK(pipe_reply
.status
)) {
332 DEBUG(2, ("make_server_info_netlogon_validation returned "
333 "%s\n", nt_errstr(pipe_reply
.status
)));
337 /* setup the session_info on the connection */
338 pipe_reply
.status
= auth_generate_session_info(conn
,
342 &conn
->session_info
);
343 if (!NT_STATUS_IS_OK(pipe_reply
.status
)) {
344 DEBUG(2, ("auth_generate_session_info failed: %s\n",
345 nt_errstr(pipe_reply
.status
)));
349 if (pipe_request
.info
.info3
.gssapi_delegated_creds_length
) {
350 OM_uint32 minor_status
;
351 gss_buffer_desc cred_token
;
352 gss_cred_id_t cred_handle
;
354 const char *error_string
;
356 DEBUG(10, ("named_pipe_auth: delegated credentials supplied by client\n"));
358 cred_token
.value
= pipe_request
.info
.info3
.gssapi_delegated_creds
;
359 cred_token
.length
= pipe_request
.info
.info3
.gssapi_delegated_creds_length
;
361 ret
= gss_import_cred(&minor_status
,
364 if (ret
!= GSS_S_COMPLETE
) {
365 pipe_reply
.status
= NT_STATUS_INTERNAL_ERROR
;
369 conn
->session_info
->credentials
= cli_credentials_init(conn
->session_info
);
370 if (conn
->session_info
->credentials
== NULL
) {
371 pipe_reply
.status
= NT_STATUS_NO_MEMORY
;
375 cli_credentials_set_conf(conn
->session_info
->credentials
,
377 /* Just so we don't segfault trying to get at a username */
378 cli_credentials_set_anonymous(conn
->session_info
->credentials
);
380 ret
= cli_credentials_set_client_gss_creds(conn
->session_info
->credentials
,
384 CRED_SPECIFIED
, &error_string
);
386 pipe_reply
.status
= NT_STATUS_INTERNAL_ERROR
;
387 DEBUG(2, ("Failed to set pipe forwarded creds: %s\n", error_string
));
391 /* This credential handle isn't useful for password authentication, so ensure nobody tries to do that */
392 cli_credentials_set_kerberos_state(conn
->session_info
->credentials
,
393 CRED_MUST_USE_KERBEROS
);
396 conn
->session_info
->session_key
= data_blob_const(pipe_request
.info
.info3
.session_key
,
397 pipe_request
.info
.info3
.session_key_length
);
398 talloc_steal(conn
->session_info
, pipe_request
.info
.info3
.session_key
);
402 DEBUG(0, ("named_pipe_auth_req: unknown level %u\n",
403 pipe_request
.level
));
404 pipe_reply
.level
= 0;
405 pipe_reply
.status
= NT_STATUS_INVALID_LEVEL
;
410 /* create the output */
411 ndr_err
= ndr_push_struct_blob(&call
->out
, pipe_conn
,
412 lp_iconv_convenience(conn
->lp_ctx
),
414 (ndr_push_flags_fn_t
)ndr_push_named_pipe_auth_rep
);
415 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
417 status
= ndr_map_error2ntstatus(ndr_err
);
419 reason
= talloc_asprintf(pipe_conn
, "named_pipe_auth_request: could not marshall named_pipe_auth_rep: %s\n",
421 if (reason
== NULL
) {
422 reason
= "named_pipe_auth_request: could not marshall named_pipe_auth_rep";
424 named_pipe_terminate_connection(pipe_conn
, reason
);
428 DEBUG(10,("named_pipe_auth_request: named_pipe_auth reply[%u]\n",
429 (unsigned) call
->out
.length
));
430 dump_data(11, call
->out
.data
, call
->out
.length
);
432 NDR_PRINT_DEBUG(named_pipe_auth_rep
, &pipe_reply
);
435 call
->status
= pipe_reply
.status
;
437 call
->out_iov
[0].iov_base
= call
->out
.data
;
438 call
->out_iov
[0].iov_len
= call
->out
.length
;
440 subreq
= tstream_writev_send(call
,
441 pipe_conn
->connection
->event
.ctx
,
444 if (subreq
== NULL
) {
445 named_pipe_terminate_connection(pipe_conn
, "named_pipe_auth_request: "
446 "no memory for tstream_writev_send");
450 tevent_req_set_callback(subreq
, named_pipe_handover_connection
, call
);
453 static void named_pipe_handover_connection(struct tevent_req
*subreq
)
455 struct named_pipe_call
*call
= tevent_req_callback_data(subreq
,
456 struct named_pipe_call
);
457 struct named_pipe_connection
*pipe_conn
= call
->pipe_conn
;
458 struct stream_connection
*conn
= pipe_conn
->connection
;
462 rc
= tstream_writev_recv(subreq
, &sys_errno
);
467 reason
= talloc_asprintf(call
, "named_pipe_handover_connection: "
468 "tstream_writev_recv() - %d:%s",
469 sys_errno
, strerror(sys_errno
));
470 if (reason
== NULL
) {
471 reason
= "named_pipe_handover_connection: "
472 "tstream_writev_recv() failed";
475 named_pipe_terminate_connection(pipe_conn
, reason
);
479 if (!NT_STATUS_IS_OK(call
->status
)) {
482 reason
= talloc_asprintf(call
, "named_pipe_handover_connection: "
483 "reply status - %s", nt_errstr(call
->status
));
484 if (reason
== NULL
) {
485 reason
= nt_errstr(call
->status
);
488 named_pipe_terminate_connection(pipe_conn
, reason
);
493 * remove the named_pipe layer together with its packet layer
495 conn
->ops
= pipe_conn
->pipe_sock
->ops
;
496 conn
->private_data
= pipe_conn
->pipe_sock
->private_data
;
497 talloc_unlink(conn
, pipe_conn
);
499 conn
->event
.fde
= tevent_add_fd(conn
->event
.ctx
,
501 socket_get_fd(conn
->socket
),
503 stream_io_handler_fde
,
505 if (conn
->event
.fde
== NULL
) {
506 named_pipe_terminate_connection(pipe_conn
, "named_pipe_handover_connection: "
507 "setting up the stream_io_handler_fde failed");
512 * hand over to the real pipe implementation,
513 * now that we have setup the transport session_info
515 conn
->ops
->accept_connection(conn
);
517 DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n",
520 /* we don't have to free call here as the connection got closed */
524 called when a pipe socket becomes readable
526 static void named_pipe_recv(struct stream_connection
*conn
, uint16_t flags
)
528 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
529 conn
->private_data
, struct named_pipe_connection
);
531 named_pipe_terminate_connection(pipe_conn
,
532 "named_pipe_recv: called");
536 called when a pipe socket becomes writable
538 static void named_pipe_send(struct stream_connection
*conn
, uint16_t flags
)
540 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
541 conn
->private_data
, struct named_pipe_connection
);
543 named_pipe_terminate_connection(pipe_conn
,
544 "named_pipe_send: called");
547 static const struct stream_server_ops named_pipe_stream_ops
= {
548 .name
= "named_pipe",
549 .accept_connection
= named_pipe_accept
,
550 .recv_handler
= named_pipe_recv
,
551 .send_handler
= named_pipe_send
,
554 NTSTATUS
stream_setup_named_pipe(struct tevent_context
*event_context
,
555 struct loadparm_context
*lp_ctx
,
556 const struct model_ops
*model_ops
,
557 const struct stream_server_ops
*stream_ops
,
558 const char *pipe_name
,
562 struct named_pipe_socket
*pipe_sock
;
563 NTSTATUS status
= NT_STATUS_NO_MEMORY
;;
565 pipe_sock
= talloc(event_context
, struct named_pipe_socket
);
566 if (pipe_sock
== NULL
) {
570 /* remember the details about the pipe */
571 pipe_sock
->pipe_name
= talloc_strdup(pipe_sock
, pipe_name
);
572 if (pipe_sock
->pipe_name
== NULL
) {
576 dirname
= talloc_asprintf(pipe_sock
, "%s/np", lp_ncalrpc_dir(lp_ctx
));
577 if (dirname
== NULL
) {
581 if (!directory_create_or_exist(dirname
, geteuid(), 0700)) {
582 status
= map_nt_error_from_unix(errno
);
583 DEBUG(0,(__location__
": Failed to create stream pipe directory %s - %s\n",
584 dirname
, nt_errstr(status
)));
588 if (strncmp(pipe_name
, "\\pipe\\", 6) == 0) {
592 pipe_sock
->pipe_path
= talloc_asprintf(pipe_sock
, "%s/%s", dirname
,
594 if (pipe_sock
->pipe_path
== NULL
) {
598 talloc_free(dirname
);
600 pipe_sock
->ops
= stream_ops
;
601 pipe_sock
->private_data
= talloc_reference(pipe_sock
, private_data
);
603 status
= stream_setup_socket(event_context
,
606 &named_pipe_stream_ops
,
608 pipe_sock
->pipe_path
,
612 if (!NT_STATUS_IS_OK(status
)) {
618 talloc_free(pipe_sock
);