source/rpc_server/srv_lsa_hnd.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  RPC Pipe client / server routines
   4  *  Copyright (C) Andrew Tridgell              1992-1997,
   5  *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
   6  *  Copyright (C) Jeremy Allison                           2001.
   7  *
   8  *  This program is free software; you can redistribute it and/or modify
   9  *  it under the terms of the GNU General Public License as published by
  10  *  the Free Software Foundation; either version 2 of the License, or
  11  *  (at your option) any later version.
  12  *
  13  *  This program is distributed in the hope that it will be useful,
  14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  *  GNU General Public License for more details.
  17  *
  18  *  You should have received a copy of the GNU General Public License
  19  *  along with this program; if not, write to the Free Software
  20  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21  */
  22
  23 #include "includes.h"
  24
  25 #undef DBGC_CLASS
  26 #define DBGC_CLASS DBGC_RPC_SRV
  27
  28 /* This is the max handles across all instances of a pipe name. */
  29 #ifndef MAX_OPEN_POLS
  30 #define MAX_OPEN_POLS 1024
  31 #endif
  32
  33 /****************************************************************************
  34  Hack as handles need to be persisant over lsa pipe closes so long as a samr
  35  pipe is open. JRA.
  36 ****************************************************************************/
  37
  38 static BOOL is_samr_lsa_pipe(const char *pipe_name)
  39 {
  40         return (strstr(pipe_name, "samr") || strstr(pipe_name, "lsa"));
  41 }
  42
  43 /****************************************************************************
  44  Initialise a policy handle list on a pipe. Handle list is shared between all
  45  pipes of the same name.
  46 ****************************************************************************/
  47
  48 BOOL init_pipe_handle_list(pipes_struct *p, char *pipe_name)
  49 {
  50         pipes_struct *plist = get_first_internal_pipe();
  51         struct handle_list *hl = NULL;
  52
  53         for (plist = get_first_internal_pipe(); plist; plist = get_next_internal_pipe(plist)) {
  54                 if (strequal( plist->name, pipe_name) ||
  55                                 (is_samr_lsa_pipe(plist->name) && is_samr_lsa_pipe(pipe_name))) {
  56                         if (!plist->pipe_handles) {
  57                                 pstring msg;
  58                                 slprintf(msg, sizeof(msg)-1, "init_pipe_handles: NULL pipe_handle pointer in pipe %s",
  59                                                 pipe_name );
  60                                 smb_panic(msg);
  61                         }
  62                         hl = plist->pipe_handles;
  63                         break;
  64                 }
  65         }
  66
  67         if (!hl) {
  68                 /*
  69                  * No handle list for this pipe (first open of pipe).
  70                  * Create list.
  71                  */
  72
  73                 if ((hl = (struct handle_list *)malloc(sizeof(struct handle_list))) == NULL)
  74                         return False;
  75                 ZERO_STRUCTP(hl);
  76
  77                 DEBUG(10,("init_pipe_handles: created handle list for pipe %s\n", pipe_name ));
  78         }
  79
  80         /*
  81          * One more pipe is using this list.
  82          */
  83
  84         hl->pipe_ref_count++;
  85
  86         /*
  87          * Point this pipe at this list.
  88          */
  89
  90         p->pipe_handles = hl;
  91
  92         DEBUG(10,("init_pipe_handles: pipe_handles ref count = %u for pipe %s\n",
  93                         p->pipe_handles->pipe_ref_count, pipe_name ));
  94
  95         return True;
  96 }
  97
  98 /****************************************************************************
  99   find first available policy slot.  creates a policy handle for you.
 100 ****************************************************************************/
 101
 102 BOOL create_policy_hnd(pipes_struct *p, POLICY_HND *hnd, void (*free_fn)(void *), void *data_ptr)
 103 {
 104         static uint32 pol_hnd_low  = 0;
 105         static uint32 pol_hnd_high = 0;
 106
 107         struct policy *pol;
 108
 109         if (p->pipe_handles->count > MAX_OPEN_POLS) {
 110                 DEBUG(0,("create_policy_hnd: ERROR: too many handles (%d) on this pipe.\n",
 111                                 (int)p->pipe_handles->count));
 112                 return False;
 113         }
 114
 115         pol = (struct policy *)malloc(sizeof(*p));
 116         if (!pol) {
 117                 DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));
 118                 return False;
 119         }
 120
 121         ZERO_STRUCTP(pol);
 122
 123         pol->data_ptr = data_ptr;
 124         pol->free_fn = free_fn;
 125
 126         pol_hnd_low++;
 127         if (pol_hnd_low == 0)
 128                 (pol_hnd_high)++;
 129
 130         SIVAL(&pol->pol_hnd.data1, 0 , 0);  /* first bit must be null */
 131         SIVAL(&pol->pol_hnd.data2, 0 , pol_hnd_low ); /* second bit is incrementing */
 132         SSVAL(&pol->pol_hnd.data3, 0 , pol_hnd_high); /* second bit is incrementing */
 133         SSVAL(&pol->pol_hnd.data4, 0 , (pol_hnd_high>>16)); /* second bit is incrementing */
 134         SIVAL(pol->pol_hnd.data5, 0, time(NULL)); /* something random */
 135         SIVAL(pol->pol_hnd.data5, 4, sys_getpid()); /* something more random */
 136
 137         DLIST_ADD(p->pipe_handles->Policy, pol);
 138         p->pipe_handles->count++;
 139
 140         /*
 141          * Ensure we don't idle this connection if a handle is open.
 142          * Increment the number of files open on the first handle create.
 143          */
 144
 145         if (p->pipe_handles->count == 1)
 146                 p->conn->num_files_open++;
 147
 148         *hnd = pol->pol_hnd;
 149
 150         DEBUG(4,("Opened policy hnd[%d] ", (int)p->pipe_handles->count));
 151         dump_data(4, (char *)hnd, sizeof(*hnd));
 152
 153         return True;
 154 }
 155
 156 /****************************************************************************
 157   find policy by handle - internal version.
 158 ****************************************************************************/
 159
 160 static struct policy *find_policy_by_hnd_internal(pipes_struct *p, POLICY_HND *hnd, void **data_p)
 161 {
 162         struct policy *pol;
 163         size_t i;
 164
 165         if (data_p)
 166                 *data_p = NULL;
 167
 168         for (i = 0, pol=p->pipe_handles->Policy;pol;pol=pol->next, i++) {
 169                 if (memcmp(&pol->pol_hnd, hnd, sizeof(*hnd)) == 0) {
 170                         DEBUG(4,("Found policy hnd[%d] ", (int)i));
 171                         dump_data(4, (char *)hnd, sizeof(*hnd));
 172                         if (data_p)
 173                                 *data_p = pol->data_ptr;
 174                         return pol;
 175                 }
 176         }
 177
 178         DEBUG(4,("Policy not found: "));
 179         dump_data(4, (char *)hnd, sizeof(*hnd));
 180
 181         p->bad_handle_fault_state = True;
 182
 183         return NULL;
 184 }
 185
 186 /****************************************************************************
 187   find policy by handle
 188 ****************************************************************************/
 189
 190 BOOL find_policy_by_hnd(pipes_struct *p, POLICY_HND *hnd, void **data_p)
 191 {
 192         return find_policy_by_hnd_internal(p, hnd, data_p) == NULL ? False : True;
 193 }
 194
 195 /****************************************************************************
 196   Close a policy.
 197 ****************************************************************************/
 198
 199 BOOL close_policy_hnd(pipes_struct *p, POLICY_HND *hnd)
 200 {
 201         struct policy *pol = find_policy_by_hnd_internal(p, hnd, NULL);
 202
 203         if (!pol) {
 204                 DEBUG(3,("Error closing policy\n"));
 205                 return False;
 206         }
 207
 208         DEBUG(3,("Closed policy\n"));
 209
 210         if (pol->free_fn && pol->data_ptr)
 211                 (*pol->free_fn)(pol->data_ptr);
 212
 213         p->pipe_handles->count--;
 214
 215         /*
 216          * Ensure we can idle this connection if this is the last handle.
 217          * Decrement the number of files open on the last handle delete.
 218          */
 219
 220         if (p->pipe_handles->count == 0)
 221                 p->conn->num_files_open--;
 222
 223
 224         DLIST_REMOVE(p->pipe_handles->Policy, pol);
 225
 226         ZERO_STRUCTP(pol);
 227
 228         SAFE_FREE(pol);
 229
 230         return True;
 231 }
 232
 233 /****************************************************************************
 234  Close a pipe - free the handle list if it was the last pipe reference.
 235 ****************************************************************************/
 236
 237 void close_policy_by_pipe(pipes_struct *p)
 238 {
 239         p->pipe_handles->pipe_ref_count--;
 240
 241         if (p->pipe_handles->pipe_ref_count == 0) {
 242                 /*
 243                  * Last pipe open on this list - free the list.
 244                  */
 245                 while (p->pipe_handles->Policy)
 246                         close_policy_hnd(p, &p->pipe_handles->Policy->pol_hnd);
 247
 248                 p->pipe_handles->Policy = NULL;
 249                 p->pipe_handles->count = 0;
 250
 251                 SAFE_FREE(p->pipe_handles);
 252                 DEBUG(10,("close_policy_by_pipe: deleted handle list for pipe %s\n", p->name ));
 253         }
 254 }
 255
 256 /*******************************************************************
 257 Shall we allow access to this rpc?  Currently this function
 258 implements the 'restrict anonymous' setting by denying access to
 259 anonymous users if the restrict anonymous level is > 0.  Further work
 260 will be checking a security descriptor to determine whether a user
 261 token has enough access to access the pipe.
 262 ********************************************************************/
 263
 264 BOOL pipe_access_check(pipes_struct *p)
 265 {
 266         /* Don't let anonymous users access this RPC if restrict
 267            anonymous > 0 */
 268
 269         if (lp_restrict_anonymous() > 0) {
 270                 user_struct *user = get_valid_user_struct(p->vuid);
 271
 272                 if (!user) {
 273                         DEBUG(3, ("invalid vuid %d\n", p->vuid));
 274                         return False;
 275                 }
 276
 277                 if (user->guest)
 278                         return False;
 279         }
 280
 281         return True;
 282 }