search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:rpc_server: replace dce_conn->allow_request with auth->auth_finished
[Samba.git] / source4 / rpc_server / dcerpc_server.c
blobe763b581f4d4ba19a42ad5906605d814950db51b
1 /*
2 Unix SMB/CIFS implementation.
3
4 server side dcerpc core code
5
6 Copyright (C) Andrew Tridgell 2003-2005
7 Copyright (C) Stefan (metze) Metzmacher 2004-2005
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "auth/auth.h"
25 #include "auth/gensec/gensec.h"
26 #include "../lib/util/dlinklist.h"
27 #include "rpc_server/dcerpc_server.h"
28 #include "rpc_server/dcerpc_server_proto.h"
29 #include "rpc_server/common/proto.h"
30 #include "librpc/rpc/dcerpc_proto.h"
31 #include "system/filesys.h"
32 #include "libcli/security/security.h"
33 #include "param/param.h"
34 #include "../lib/tsocket/tsocket.h"
35 #include "../libcli/named_pipe_auth/npa_tstream.h"
36 #include "smbd/service_stream.h"
37 #include "../lib/tsocket/tsocket.h"
38 #include "lib/socket/socket.h"
39 #include "smbd/process_model.h"
40 #include "lib/messaging/irpc.h"
41 #include "librpc/rpc/rpc_common.h"
42 #include "lib/util/samba_modules.h"
43 #include "librpc/gen_ndr/ndr_dcerpc.h"
44 #include "../lib/util/tevent_ntstatus.h"
45
46 static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
47 const struct dcerpc_bind *b,
48 struct dcerpc_ack_ctx *ack_ctx_list);
49
50 /*
51 find an association group given a assoc_group_id
52 */
53 static struct dcesrv_assoc_group *dcesrv_assoc_group_find(struct dcesrv_context *dce_ctx,
54 uint32_t id)
55 {
56 void *id_ptr;
57
58 id_ptr = idr_find(dce_ctx->assoc_groups_idr, id);
59 if (id_ptr == NULL) {
60 return NULL;
61 }
62 return talloc_get_type_abort(id_ptr, struct dcesrv_assoc_group);
63 }
64
65 /*
66 take a reference to an existing association group
67 */
68 static struct dcesrv_assoc_group *dcesrv_assoc_group_reference(TALLOC_CTX *mem_ctx,
69 struct dcesrv_context *dce_ctx,
70 uint32_t id)
71 {
72 struct dcesrv_assoc_group *assoc_group;
73
74 assoc_group = dcesrv_assoc_group_find(dce_ctx, id);
75 if (assoc_group == NULL) {
76 DEBUG(2,(__location__ ": Failed to find assoc_group 0x%08x\n", id));
77 return NULL;
78 }
79 return talloc_reference(mem_ctx, assoc_group);
80 }
81
82 static int dcesrv_assoc_group_destructor(struct dcesrv_assoc_group *assoc_group)
83 {
84 int ret;
85 ret = idr_remove(assoc_group->dce_ctx->assoc_groups_idr, assoc_group->id);
86 if (ret != 0) {
87 DEBUG(0,(__location__ ": Failed to remove assoc_group 0x%08x\n",
88 assoc_group->id));
89 }
90 return 0;
91 }
92
93 /*
94 allocate a new association group
95 */
96 static struct dcesrv_assoc_group *dcesrv_assoc_group_new(TALLOC_CTX *mem_ctx,
97 struct dcesrv_context *dce_ctx)
98 {
99 struct dcesrv_assoc_group *assoc_group;
100 int id;
101
102 assoc_group = talloc_zero(mem_ctx, struct dcesrv_assoc_group);
103 if (assoc_group == NULL) {
104 return NULL;
105 }
106
107 id = idr_get_new_random(dce_ctx->assoc_groups_idr, assoc_group, UINT16_MAX);
108 if (id == -1) {
109 talloc_free(assoc_group);
110 DEBUG(0,(__location__ ": Out of association groups!\n"));
111 return NULL;
112 }
113
114 assoc_group->id = id;
115 assoc_group->dce_ctx = dce_ctx;
116
117 talloc_set_destructor(assoc_group, dcesrv_assoc_group_destructor);
118
119 return assoc_group;
120 }
121
122
123 /*
124 see if two endpoints match
125 */
126 static bool endpoints_match(const struct dcerpc_binding *ep1,
127 const struct dcerpc_binding *ep2)
128 {
129 enum dcerpc_transport_t t1;
130 enum dcerpc_transport_t t2;
131 const char *e1;
132 const char *e2;
133
134 t1 = dcerpc_binding_get_transport(ep1);
135 t2 = dcerpc_binding_get_transport(ep2);
136
137 e1 = dcerpc_binding_get_string_option(ep1, "endpoint");
138 e2 = dcerpc_binding_get_string_option(ep2, "endpoint");
139
140 if (t1 != t2) {
141 return false;
142 }
143
144 if (!e1 || !e2) {
145 return e1 == e2;
146 }
147
148 if (strcasecmp(e1, e2) != 0) {
149 return false;
150 }
151
152 return true;
153 }
154
155 /*
156 find an endpoint in the dcesrv_context
157 */
158 static struct dcesrv_endpoint *find_endpoint(struct dcesrv_context *dce_ctx,
159 const struct dcerpc_binding *ep_description)
160 {
161 struct dcesrv_endpoint *ep;
162 for (ep=dce_ctx->endpoint_list; ep; ep=ep->next) {
163 if (endpoints_match(ep->ep_description, ep_description)) {
164 return ep;
165 }
166 }
167 return NULL;
168 }
169
170 /*
171 find a registered context_id from a bind or alter_context
172 */
173 static struct dcesrv_connection_context *dcesrv_find_context(struct dcesrv_connection *conn,
174 uint16_t context_id)
175 {
176 struct dcesrv_connection_context *c;
177 for (c=conn->contexts;c;c=c->next) {
178 if (c->context_id == context_id) return c;
179 }
180 return NULL;
181 }
182
183 /*
184 see if a uuid and if_version match to an interface
185 */
186 static bool interface_match(const struct dcesrv_interface *if1,
187 const struct dcesrv_interface *if2)
188 {
189 return (if1->syntax_id.if_version == if2->syntax_id.if_version &&
190 GUID_equal(&if1->syntax_id.uuid, &if2->syntax_id.uuid));
191 }
192
193 /*
194 find the interface operations on any endpoint with this binding
195 */
196 static const struct dcesrv_interface *find_interface_by_binding(struct dcesrv_context *dce_ctx,
197 struct dcerpc_binding *binding,
198 const struct dcesrv_interface *iface)
199 {
200 struct dcesrv_endpoint *ep;
201 for (ep=dce_ctx->endpoint_list; ep; ep=ep->next) {
202 if (endpoints_match(ep->ep_description, binding)) {
203 struct dcesrv_if_list *ifl;
204 for (ifl=ep->interface_list; ifl; ifl=ifl->next) {
205 if (interface_match(&(ifl->iface), iface)) {
206 return &(ifl->iface);
207 }
208 }
209 }
210 }
211 return NULL;
212 }
213
214 /*
215 see if a uuid and if_version match to an interface
216 */
217 static bool interface_match_by_uuid(const struct dcesrv_interface *iface,
218 const struct GUID *uuid, uint32_t if_version)
219 {
220 return (iface->syntax_id.if_version == if_version &&
221 GUID_equal(&iface->syntax_id.uuid, uuid));
222 }
223
224 /*
225 find the interface operations on an endpoint by uuid
226 */
227 const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoint *endpoint,
228 const struct GUID *uuid, uint32_t if_version)
229 {
230 struct dcesrv_if_list *ifl;
231 for (ifl=endpoint->interface_list; ifl; ifl=ifl->next) {
232 if (interface_match_by_uuid(&(ifl->iface), uuid, if_version)) {
233 return &(ifl->iface);
234 }
235 }
236 return NULL;
237 }
238
239 /*
240 find the earlier parts of a fragmented call awaiting reassembily
241 */
242 static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint32_t call_id)
243 {
244 struct dcesrv_call_state *c;
245 for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) {
246 if (c->pkt.call_id == call_id) {
247 return c;
248 }
249 }
250 return NULL;
251 }
252
253 /*
254 register an interface on an endpoint
255
256 An endpoint is one unix domain socket (for ncalrpc), one TCP port
257 (for ncacn_ip_tcp) or one (forwarded) named pipe (for ncacn_np).
258
259 Each endpoint can have many interfaces such as netlogon, lsa or
260 samr. Some have essentially the full set.
261
262 This is driven from the set of interfaces listed in each IDL file
263 via the PIDL generated *__op_init_server() functions.
264 */
265 _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
266 const char *ep_name,
267 const struct dcesrv_interface *iface,
268 const struct security_descriptor *sd)
269 {
270 struct dcesrv_endpoint *ep;
271 struct dcesrv_if_list *ifl;
272 struct dcerpc_binding *binding;
273 bool add_ep = false;
274 NTSTATUS status;
275 enum dcerpc_transport_t transport;
276 char *ep_string = NULL;
277 bool use_single_process = true;
278 const char *ep_process_string;
279
280 /*
281 * If we are not using handles, there is no need for force
282 * this service into using a single process.
283 *
284 * However, due to the way we listen for RPC packets, we can
285 * only do this if we have a single service per pipe or TCP
286 * port, so we still force a single combined process for
287 * ncalrpc.
288 */
289 if (iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) {
290 use_single_process = false;
291 }
292
293 status = dcerpc_parse_binding(dce_ctx, ep_name, &binding);
294
295 if (NT_STATUS_IS_ERR(status)) {
296 DEBUG(0, ("Trouble parsing binding string '%s'\n", ep_name));
297 return status;
298 }
299
300 transport = dcerpc_binding_get_transport(binding);
301 if (transport == NCACN_IP_TCP) {
302 int port;
303 char port_str[6];
304
305 /*
306 * First check if there is already a port specified, eg
307 * for epmapper on ncacn_ip_tcp:[135]
308 */
309 const char *endpoint
310 = dcerpc_binding_get_string_option(binding,
311 "endpoint");
312 if (endpoint == NULL) {
313 port = lpcfg_parm_int(dce_ctx->lp_ctx, NULL,
314 "rpc server port", iface->name, 0);
315
316 /*
317 * For RPC services that are not set to use a single
318 * process, we do not default to using the 'rpc server
319 * port' because that would cause a double-bind on
320 * that port.
321 */
322 if (port == 0 && !use_single_process) {
323 port = lpcfg_rpc_server_port(dce_ctx->lp_ctx);
324 }
325 if (port != 0) {
326 snprintf(port_str, sizeof(port_str), "%u", port);
327 status = dcerpc_binding_set_string_option(binding,
328 "endpoint",
329 port_str);
330 if (!NT_STATUS_IS_OK(status)) {
331 return status;
332 }
333 }
334 }
335 }
336
337 /* see if the interface is already registered on the endpoint */
338 if (find_interface_by_binding(dce_ctx, binding, iface)!=NULL) {
339 DEBUG(0,("dcesrv_interface_register: interface '%s' already registered on endpoint '%s'\n",
340 iface->name, ep_name));
341 return NT_STATUS_OBJECT_NAME_COLLISION;
342 }
343
344 /* check if this endpoint exists
345 */
346 ep = find_endpoint(dce_ctx, binding);
347
348 if (ep != NULL) {
349 /*
350 * We want a new port on ncacn_ip_tcp for NETLOGON, so
351 * it can be multi-process. Other processes can also
352 * listen on distinct ports, if they have one forced
353 * in the code above with eg 'rpc server port:drsuapi = 1027'
354 *
355 * If we have mulitiple endpoints on port 0, they each
356 * get an epemeral port (currently by walking up from
357 * 1024).
358 *
359 * Because one endpoint can only have one process
360 * model, we add a new IP_TCP endpoint for each model.
361 *
362 * This works in conjunction with the forced overwrite
363 * of ep->use_single_process below.
364 */
365 if (ep->use_single_process != use_single_process
366 && transport == NCACN_IP_TCP) {
367 add_ep = true;
368 }
369 }
370
371 if (ep == NULL || add_ep) {
372 ep = talloc_zero(dce_ctx, struct dcesrv_endpoint);
373 if (!ep) {
374 return NT_STATUS_NO_MEMORY;
375 }
376 ZERO_STRUCTP(ep);
377 ep->ep_description = talloc_move(ep, &binding);
378 add_ep = true;
379
380 /* add mgmt interface */
381 ifl = talloc_zero(ep, struct dcesrv_if_list);
382 if (!ifl) {
383 return NT_STATUS_NO_MEMORY;
384 }
385
386 ifl->iface = dcesrv_get_mgmt_interface();
387
388 DLIST_ADD(ep->interface_list, ifl);
389 }
390
391 /*
392 * By default don't force into a single process, but if any
393 * interface on this endpoint on this service uses handles
394 * (most do), then we must force into single process mode
395 *
396 * By overwriting this each time a new interface is added to
397 * this endpoint, we end up with the most restrictive setting.
398 */
399 if (use_single_process) {
400 ep->use_single_process = true;
401 }
402
403 /* talloc a new interface list element */
404 ifl = talloc_zero(ep, struct dcesrv_if_list);
405 if (!ifl) {
406 return NT_STATUS_NO_MEMORY;
407 }
408
409 /* copy the given interface struct to the one on the endpoints interface list */
410 memcpy(&(ifl->iface),iface, sizeof(struct dcesrv_interface));
411
412 /* if we have a security descriptor given,
413 * we should see if we can set it up on the endpoint
414 */
415 if (sd != NULL) {
416 /* if there's currently no security descriptor given on the endpoint
417 * we try to set it
418 */
419 if (ep->sd == NULL) {
420 ep->sd = security_descriptor_copy(ep, sd);
421 }
422
423 /* if now there's no security descriptor given on the endpoint
424 * something goes wrong, either we failed to copy the security descriptor
425 * or there was already one on the endpoint
426 */
427 if (ep->sd != NULL) {
428 DEBUG(0,("dcesrv_interface_register: interface '%s' failed to setup a security descriptor\n"
429 " on endpoint '%s'\n",
430 iface->name, ep_name));
431 if (add_ep) free(ep);
432 free(ifl);
433 return NT_STATUS_OBJECT_NAME_COLLISION;
434 }
435 }
436
437 /* finally add the interface on the endpoint */
438 DLIST_ADD(ep->interface_list, ifl);
439
440 /* if it's a new endpoint add it to the dcesrv_context */
441 if (add_ep) {
442 DLIST_ADD(dce_ctx->endpoint_list, ep);
443 }
444
445 /* Re-get the string as we may have set a port */
446 ep_string = dcerpc_binding_string(dce_ctx, ep->ep_description);
447
448 if (use_single_process) {
449 ep_process_string = "single process required";
450 } else {
451 ep_process_string = "multi process compatible";
452 }
453
454 DBG_INFO("dcesrv_interface_register: interface '%s' "
455 "registered on endpoint '%s' (%s)\n",
456 iface->name, ep_string, ep_process_string);
457 TALLOC_FREE(ep_string);
458
459 return NT_STATUS_OK;
460 }
461
462 static NTSTATUS dcesrv_session_info_session_key(struct dcesrv_auth *auth,
463 DATA_BLOB *session_key)
464 {
465 if (auth->session_info == NULL) {
466 return NT_STATUS_NO_USER_SESSION_KEY;
467 }
468
469 if (auth->session_info->session_key.length == 0) {
470 return NT_STATUS_NO_USER_SESSION_KEY;
471 }
472
473 *session_key = auth->session_info->session_key;
474 return NT_STATUS_OK;
475 }
476
477 static NTSTATUS dcesrv_remote_session_key(struct dcesrv_auth *auth,
478 DATA_BLOB *session_key)
479 {
480 if (auth->auth_type != DCERPC_AUTH_TYPE_NONE) {
481 return NT_STATUS_NO_USER_SESSION_KEY;
482 }
483
484 return dcesrv_session_info_session_key(auth, session_key);
485 }
486
487 static NTSTATUS dcesrv_local_fixed_session_key(struct dcesrv_auth *auth,
488 DATA_BLOB *session_key)
489 {
490 return dcerpc_generic_session_key(NULL, session_key);
491 }
492
493 /*
494 * Fetch the authentication session key if available.
495 *
496 * This is the key generated by a gensec authentication.
497 *
498 */
499 _PUBLIC_ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call,
500 DATA_BLOB *session_key)
501 {
502 struct dcesrv_auth *auth = call->auth_state;
503
504 return dcesrv_session_info_session_key(auth, session_key);
505 }
506
507 /*
508 * Fetch the transport session key if available.
509 * Typically this is the SMB session key
510 * or a fixed key for local transports.
511 *
512 * The key is always truncated to 16 bytes.
513 */
514 _PUBLIC_ NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call,
515 DATA_BLOB *session_key)
516 {
517 struct dcesrv_auth *auth = call->auth_state;
518 NTSTATUS status;
519
520 if (auth->session_key_fn == NULL) {
521 return NT_STATUS_NO_USER_SESSION_KEY;
522 }
523
524 status = auth->session_key_fn(auth, session_key);
525 if (!NT_STATUS_IS_OK(status)) {
526 return status;
527 }
528
529 session_key->length = MIN(session_key->length, 16);
530
531 return NT_STATUS_OK;
532 }
533
534 static struct dcesrv_auth *dcesrv_auth_create(struct dcesrv_connection *conn)
535 {
536 const struct dcesrv_endpoint *ep = conn->endpoint;
537 enum dcerpc_transport_t transport =
538 dcerpc_binding_get_transport(ep->ep_description);
539 struct dcesrv_auth *auth = NULL;
540
541 auth = talloc_zero(conn, struct dcesrv_auth);
542 if (auth == NULL) {
543 return NULL;
544 }
545
546 switch (transport) {
547 case NCACN_NP:
548 auth->session_key_fn = dcesrv_remote_session_key;
549 break;
550 case NCALRPC:
551 case NCACN_UNIX_STREAM:
552 auth->session_key_fn = dcesrv_local_fixed_session_key;
553 break;
554 default:
555 /*
556 * All other's get a NULL pointer, which
557 * results in NT_STATUS_NO_USER_SESSION_KEY
558 */
559 break;
560 }
561
562 return auth;
563 }
564
565 /*
566 connect to a dcerpc endpoint
567 */
568 static NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx,
569 TALLOC_CTX *mem_ctx,
570 const struct dcesrv_endpoint *ep,
571 struct auth_session_info *session_info,
572 struct tevent_context *event_ctx,
573 struct imessaging_context *msg_ctx,
574 struct server_id server_id,
575 uint32_t state_flags,
576 struct dcesrv_connection **_p)
577 {
578 struct dcesrv_auth *auth = NULL;
579 struct dcesrv_connection *p;
580
581 if (!session_info) {
582 return NT_STATUS_ACCESS_DENIED;
583 }
584
585 p = talloc_zero(mem_ctx, struct dcesrv_connection);
586 NT_STATUS_HAVE_NO_MEMORY(p);
587
588 p->dce_ctx = dce_ctx;
589 p->endpoint = ep;
590 p->packet_log_dir = lpcfg_lock_directory(dce_ctx->lp_ctx);
591 p->event_ctx = event_ctx;
592 p->msg_ctx = msg_ctx;
593 p->server_id = server_id;
594 p->state_flags = state_flags;
595 p->allow_bind = true;
596 p->max_recv_frag = 5840;
597 p->max_xmit_frag = 5840;
598 p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE;
599
600 auth = dcesrv_auth_create(p);
601 if (auth == NULL) {
602 talloc_free(p);
603 return NT_STATUS_NO_MEMORY;
604 }
605
606 auth->session_info = talloc_reference(auth, session_info);
607 if (auth->session_info == NULL) {
608 talloc_free(p);
609 return NT_STATUS_NO_MEMORY;
610 }
611
612 p->default_auth_state = auth;
613
614 /*
615 * For now we only support NDR32.
616 */
617 p->preferred_transfer = &ndr_transfer_syntax_ndr;
618
619 *_p = p;
620 return NT_STATUS_OK;
621 }
622
623 /*
624 move a call from an existing linked list to the specified list. This
625 prevents bugs where we forget to remove the call from a previous
626 list when moving it.
627 */
628 static void dcesrv_call_set_list(struct dcesrv_call_state *call,
629 enum dcesrv_call_list list)
630 {
631 switch (call->list) {
632 case DCESRV_LIST_NONE:
633 break;
634 case DCESRV_LIST_CALL_LIST:
635 DLIST_REMOVE(call->conn->call_list, call);
636 break;
637 case DCESRV_LIST_FRAGMENTED_CALL_LIST:
638 DLIST_REMOVE(call->conn->incoming_fragmented_call_list, call);
639 break;
640 case DCESRV_LIST_PENDING_CALL_LIST:
641 DLIST_REMOVE(call->conn->pending_call_list, call);
642 break;
643 }
644 call->list = list;
645 switch (list) {
646 case DCESRV_LIST_NONE:
647 break;
648 case DCESRV_LIST_CALL_LIST:
649 DLIST_ADD_END(call->conn->call_list, call);
650 break;
651 case DCESRV_LIST_FRAGMENTED_CALL_LIST:
652 DLIST_ADD_END(call->conn->incoming_fragmented_call_list, call);
653 break;
654 case DCESRV_LIST_PENDING_CALL_LIST:
655 DLIST_ADD_END(call->conn->pending_call_list, call);
656 break;
657 }
658 }
659
660 static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call,
661 const char *reason)
662 {
663 if (call->conn->terminate != NULL) {
664 return;
665 }
666
667 call->conn->allow_bind = false;
668 call->conn->allow_alter = false;
669
670 call->conn->default_auth_state->auth_invalid = true;
671
672 call->terminate_reason = talloc_strdup(call, reason);
673 if (call->terminate_reason == NULL) {
674 call->terminate_reason = __location__;
675 }
676 }
677
678 /*
679 return a dcerpc bind_nak
680 */
681 static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason)
682 {
683 struct ncacn_packet pkt;
684 struct dcerpc_bind_nak_version version;
685 struct data_blob_list_item *rep;
686 NTSTATUS status;
687 static const uint8_t _pad[3] = { 0, };
688
689 /*
690 * We add the call to the pending_call_list
691 * in order to defer the termination.
692 */
693 dcesrv_call_disconnect_after(call, "dcesrv_bind_nak");
694
695 /* setup a bind_nak */
696 dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
697 pkt.auth_length = 0;
698 pkt.call_id = call->pkt.call_id;
699 pkt.ptype = DCERPC_PKT_BIND_NAK;
700 pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
701 pkt.u.bind_nak.reject_reason = reason;
702 version.rpc_vers = 5;
703 version.rpc_vers_minor = 0;
704 pkt.u.bind_nak.num_versions = 1;
705 pkt.u.bind_nak.versions = &version;
706 pkt.u.bind_nak._pad = data_blob_const(_pad, sizeof(_pad));
707
708 rep = talloc_zero(call, struct data_blob_list_item);
709 if (!rep) {
710 return NT_STATUS_NO_MEMORY;
711 }
712
713 status = ncacn_push_auth(&rep->blob, call, &pkt, NULL);
714 if (!NT_STATUS_IS_OK(status)) {
715 return status;
716 }
717
718 dcerpc_set_frag_length(&rep->blob, rep->blob.length);
719
720 DLIST_ADD_END(call->replies, rep);
721 dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST);
722
723 if (call->conn->call_list && call->conn->call_list->replies) {
724 if (call->conn->transport.report_output_data) {
725 call->conn->transport.report_output_data(call->conn);
726 }
727 }
728
729 return NT_STATUS_OK;
730 }
731
732 static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call,
733 uint32_t fault_code)
734 {
735 /*
736 * We add the call to the pending_call_list
737 * in order to defer the termination.
738 */
739 dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect");
740
741 return dcesrv_fault_with_flags(call, fault_code,
742 DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
743 }
744
745 static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c)
746 {
747 DLIST_REMOVE(c->conn->contexts, c);
748
749 if (c->iface && c->iface->unbind) {
750 c->iface->unbind(c, c->iface);
751 c->iface = NULL;
752 }
753
754 return 0;
755 }
756
757 static void dcesrv_prepare_context_auth(struct dcesrv_call_state *dce_call)
758 {
759 struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
760 const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
761 enum dcerpc_transport_t transport =
762 dcerpc_binding_get_transport(endpoint->ep_description);
763 struct dcesrv_connection_context *context = dce_call->context;
764 const struct dcesrv_interface *iface = context->iface;
765
766 context->min_auth_level = DCERPC_AUTH_LEVEL_NONE;
767
768 if (transport == NCALRPC) {
769 context->allow_connect = true;
770 return;
771 }
772
773 /*
774 * allow overwrite per interface
775 * allow dcerpc auth level connect:<interface>
776 */
777 context->allow_connect = lpcfg_allow_dcerpc_auth_level_connect(lp_ctx);
778 context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL,
779 "allow dcerpc auth level connect",
780 iface->name,
781 context->allow_connect);
782 }
783
784 NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_call_state *dce_call,
785 const struct dcesrv_interface *iface)
786 {
787 if (dce_call->context == NULL) {
788 return NT_STATUS_INTERNAL_ERROR;
789 }
790
791 /*
792 * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4)
793 * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5).
794 */
795 dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET;
796 return NT_STATUS_OK;
797 }
798
799 NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_call_state *dce_call,
800 const struct dcesrv_interface *iface)
801 {
802 if (dce_call->context == NULL) {
803 return NT_STATUS_INTERNAL_ERROR;
804 }
805
806 dce_call->context->min_auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
807 return NT_STATUS_OK;
808 }
809
810 _PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_call_state *dce_call,
811 const struct dcesrv_interface *iface)
812 {
813 struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
814 const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
815 enum dcerpc_transport_t transport =
816 dcerpc_binding_get_transport(endpoint->ep_description);
817 struct dcesrv_connection_context *context = dce_call->context;
818
819 if (context == NULL) {
820 return NT_STATUS_INTERNAL_ERROR;
821 }
822
823 if (transport == NCALRPC) {
824 context->allow_connect = true;
825 return NT_STATUS_OK;
826 }
827
828 /*
829 * allow overwrite per interface
830 * allow dcerpc auth level connect:<interface>
831 */
832 context->allow_connect = false;
833 context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL,
834 "allow dcerpc auth level connect",
835 iface->name,
836 context->allow_connect);
837 return NT_STATUS_OK;
838 }
839
840 _PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_call_state *dce_call,
841 const struct dcesrv_interface *iface)
842 {
843 struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
844 const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint;
845 enum dcerpc_transport_t transport =
846 dcerpc_binding_get_transport(endpoint->ep_description);
847 struct dcesrv_connection_context *context = dce_call->context;
848
849 if (context == NULL) {
850 return NT_STATUS_INTERNAL_ERROR;
851 }
852
853 if (transport == NCALRPC) {
854 context->allow_connect = true;
855 return NT_STATUS_OK;
856 }
857
858 /*
859 * allow overwrite per interface
860 * allow dcerpc auth level connect:<interface>
861 */
862 context->allow_connect = true;
863 context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL,
864 "allow dcerpc auth level connect",
865 iface->name,
866 context->allow_connect);
867 return NT_STATUS_OK;
868 }
869
870 struct dcesrv_conn_auth_wait_context {
871 struct tevent_req *req;
872 bool done;
873 NTSTATUS status;
874 };
875
876 struct dcesrv_conn_auth_wait_state {
877 uint8_t dummy;
878 };
879
880 static struct tevent_req *dcesrv_conn_auth_wait_send(TALLOC_CTX *mem_ctx,
881 struct tevent_context *ev,
882 void *private_data)
883 {
884 struct dcesrv_conn_auth_wait_context *auth_wait =
885 talloc_get_type_abort(private_data,
886 struct dcesrv_conn_auth_wait_context);
887 struct tevent_req *req = NULL;
888 struct dcesrv_conn_auth_wait_state *state = NULL;
889
890 req = tevent_req_create(mem_ctx, &state,
891 struct dcesrv_conn_auth_wait_state);
892 if (req == NULL) {
893 return NULL;
894 }
895 auth_wait->req = req;
896
897 tevent_req_defer_callback(req, ev);
898
899 if (!auth_wait->done) {
900 return req;
901 }
902
903 if (tevent_req_nterror(req, auth_wait->status)) {
904 return tevent_req_post(req, ev);
905 }
906
907 tevent_req_done(req);
908 return tevent_req_post(req, ev);
909 }
910
911 static NTSTATUS dcesrv_conn_auth_wait_recv(struct tevent_req *req)
912 {
913 return tevent_req_simple_recv_ntstatus(req);
914 }
915
916 static NTSTATUS dcesrv_conn_auth_wait_setup(struct dcesrv_connection *conn)
917 {
918 struct dcesrv_conn_auth_wait_context *auth_wait = NULL;
919
920 if (conn->wait_send != NULL) {
921 return NT_STATUS_INTERNAL_ERROR;
922 }
923
924 auth_wait = talloc_zero(conn, struct dcesrv_conn_auth_wait_context);
925 if (auth_wait == NULL) {
926 return NT_STATUS_NO_MEMORY;
927 }
928
929 conn->wait_private = auth_wait;
930 conn->wait_send = dcesrv_conn_auth_wait_send;
931 conn->wait_recv = dcesrv_conn_auth_wait_recv;
932 return NT_STATUS_OK;
933 }
934
935 static void dcesrv_conn_auth_wait_finished(struct dcesrv_connection *conn,
936 NTSTATUS status)
937 {
938 struct dcesrv_conn_auth_wait_context *auth_wait =
939 talloc_get_type_abort(conn->wait_private,
940 struct dcesrv_conn_auth_wait_context);
941
942 auth_wait->done = true;
943 auth_wait->status = status;
944
945 if (auth_wait->req == NULL) {
946 return;
947 }
948
949 if (tevent_req_nterror(auth_wait->req, status)) {
950 return;
951 }
952
953 tevent_req_done(auth_wait->req);
954 }
955
956 static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call);
957
958 static void dcesrv_bind_done(struct tevent_req *subreq);
959
960 /*
961 handle a bind request
962 */
963 static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
964 {
965 struct dcesrv_connection *conn = call->conn;
966 struct ncacn_packet *pkt = &call->ack_pkt;
967 NTSTATUS status;
968 uint32_t extra_flags = 0;
969 uint16_t max_req = 0;
970 uint16_t max_rep = 0;
971 const char *ep_prefix = "";
972 const char *endpoint = NULL;
973 struct dcesrv_auth *auth = call->auth_state;
974 struct dcerpc_ack_ctx *ack_ctx_list = NULL;
975 struct dcerpc_ack_ctx *ack_features = NULL;
976 struct tevent_req *subreq = NULL;
977 size_t i;
978
979 status = dcerpc_verify_ncacn_packet_header(&call->pkt,
980 DCERPC_PKT_BIND,
981 call->pkt.u.bind.auth_info.length,
982 0, /* required flags */
983 DCERPC_PFC_FLAG_FIRST |
984 DCERPC_PFC_FLAG_LAST |
985 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
986 0x08 | /* this is not defined, but should be ignored */
987 DCERPC_PFC_FLAG_CONC_MPX |
988 DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
989 DCERPC_PFC_FLAG_MAYBE |
990 DCERPC_PFC_FLAG_OBJECT_UUID);
991 if (!NT_STATUS_IS_OK(status)) {
992 return dcesrv_bind_nak(call,
993 DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED);
994 }
995
996 /* max_recv_frag and max_xmit_frag result always in the same value! */
997 max_req = MIN(call->pkt.u.bind.max_xmit_frag,
998 call->pkt.u.bind.max_recv_frag);
999 /*
1000 * The values are between 2048 and 5840 tested against Windows 2012R2
1001 * via ncacn_ip_tcp on port 135.
1002 */
1003 max_req = MAX(2048, max_req);
1004 max_rep = MIN(max_req, call->conn->max_recv_frag);
1005 /* They are truncated to an 8 byte boundary. */
1006 max_rep &= 0xFFF8;
1007
1008 /* max_recv_frag and max_xmit_frag result always in the same value! */
1009 call->conn->max_recv_frag = max_rep;
1010 call->conn->max_xmit_frag = max_rep;
1011
1012 /*
1013 if provided, check the assoc_group is valid
1014 */
1015 if (call->pkt.u.bind.assoc_group_id != 0) {
1016 call->conn->assoc_group = dcesrv_assoc_group_reference(call->conn,
1017 call->conn->dce_ctx,
1018 call->pkt.u.bind.assoc_group_id);
1019 } else {
1020 call->conn->assoc_group = dcesrv_assoc_group_new(call->conn,
1021 call->conn->dce_ctx);
1022 }
1023
1024 /*
1025 * The NETLOGON server does not use handles and so
1026 * there is no need to support association groups, but
1027 * we need to give back a number regardless.
1028 *
1029 * We have to do this when it is not run as a single process,
1030 * because then it can't see the other valid association
1031 * groups. We handle this genericly for all endpoints not
1032 * running in single process mode.
1033 *
1034 * We know which endpoint we are on even before checking the
1035 * iface UUID, so for simplicity we enforce the same policy
1036 * for all interfaces on the endpoint.
1037 *
1038 * This means that where NETLOGON
1039 * shares an endpoint (such as ncalrpc or of 'lsa over
1040 * netlogon' is set) we will still check association groups.
1041 *
1042 */
1043
1044 if (call->conn->assoc_group == NULL &&
1045 !call->conn->endpoint->use_single_process) {
1046 call->conn->assoc_group
1047 = dcesrv_assoc_group_new(call->conn,
1048 call->conn->dce_ctx);
1049 }
1050 if (call->conn->assoc_group == NULL) {
1051 return dcesrv_bind_nak(call, 0);
1052 }
1053
1054 if (call->pkt.u.bind.num_contexts < 1) {
1055 return dcesrv_bind_nak(call, 0);
1056 }
1057
1058 ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx,
1059 call->pkt.u.bind.num_contexts);
1060 if (ack_ctx_list == NULL) {
1061 return dcesrv_bind_nak(call, 0);
1062 }
1063
1064 /*
1065 * Set some sane defaults (required by dcesrv_negotiate_contexts()/
1066 * dcesrv_check_or_create_context()) and do some protocol validation
1067 * and set sane defaults.
1068 */
1069 for (i = 0; i < call->pkt.u.bind.num_contexts; i++) {
1070 const struct dcerpc_ctx_list *c = &call->pkt.u.bind.ctx_list[i];
1071 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1072 bool is_feature = false;
1073 uint64_t features = 0;
1074
1075 if (c->num_transfer_syntaxes == 0) {
1076 return dcesrv_bind_nak(call, 0);
1077 }
1078
1079 a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1080 a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
1081
1082 /*
1083 * It's only treated as bind time feature request, if the first
1084 * transfer_syntax matches, all others are ignored.
1085 */
1086 is_feature = dcerpc_extract_bind_time_features(c->transfer_syntaxes[0],
1087 &features);
1088 if (!is_feature) {
1089 continue;
1090 }
1091
1092 if (ack_features != NULL) {
1093 /*
1094 * Only one bind time feature context is allowed.
1095 */
1096 return dcesrv_bind_nak(call, 0);
1097 }
1098 ack_features = a;
1099
1100 a->result = DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK;
1101 a->reason.negotiate = 0;
1102 if (features & DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING) {
1103 /* not supported yet */
1104 }
1105 if (features & DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN) {
1106 a->reason.negotiate |=
1107 DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN;
1108 }
1109
1110 call->conn->bind_time_features = a->reason.negotiate;
1111 }
1112
1113 /*
1114 * Try to negotiate one new presentation context.
1115 *
1116 * Deep in here we locate the iface (by uuid) that the client
1117 * requested, from the list of interfaces on the
1118 * call->conn->endpoint, and call iface->bind() on that iface.
1119 *
1120 * call->conn was set up at the accept() of the socket, and
1121 * call->conn->endpoint has a list of interfaces restricted to
1122 * this port or pipe.
1123 */
1124 status = dcesrv_negotiate_contexts(call, &call->pkt.u.bind, ack_ctx_list);
1125 if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
1126 return dcesrv_bind_nak(call, 0);
1127 }
1128 if (!NT_STATUS_IS_OK(status)) {
1129 return status;
1130 }
1131
1132 /*
1133 * At this point we still don't know which interface (eg
1134 * netlogon, lsa, drsuapi) the caller requested in this bind!
1135 * The most recently added context is available as the first
1136 * element in the linked list at call->conn->contexts, that is
1137 * call->conn->contexts->iface, but they may not have
1138 * requested one at all!
1139 */
1140
1141 if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
1142 (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
1143 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
1144 extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
1145 }
1146
1147 if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
1148 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
1149 }
1150
1151 /*
1152 * After finding the interface and setting up the NDR
1153 * transport negotiation etc, handle any authentication that
1154 * is being requested.
1155 */
1156 if (!dcesrv_auth_bind(call)) {
1157
1158 if (auth->auth_level == DCERPC_AUTH_LEVEL_NONE) {
1159 /*
1160 * With DCERPC_AUTH_LEVEL_NONE, we get the
1161 * reject_reason in auth->auth_context_id.
1162 */
1163 return dcesrv_bind_nak(call, auth->auth_context_id);
1164 }
1165
1166 /*
1167 * This must a be a temporary failure e.g. talloc or invalid
1168 * configuration, e.g. no machine account.
1169 */
1170 return dcesrv_bind_nak(call,
1171 DCERPC_BIND_NAK_REASON_TEMPORARY_CONGESTION);
1172 }
1173
1174 /* setup a bind_ack */
1175 dcesrv_init_hdr(pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
1176 pkt->auth_length = 0;
1177 pkt->call_id = call->pkt.call_id;
1178 pkt->ptype = DCERPC_PKT_BIND_ACK;
1179 pkt->pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
1180 pkt->u.bind_ack.max_xmit_frag = call->conn->max_xmit_frag;
1181 pkt->u.bind_ack.max_recv_frag = call->conn->max_recv_frag;
1182 pkt->u.bind_ack.assoc_group_id = call->conn->assoc_group->id;
1183
1184 endpoint = dcerpc_binding_get_string_option(
1185 call->conn->endpoint->ep_description,
1186 "endpoint");
1187 if (endpoint == NULL) {
1188 endpoint = "";
1189 }
1190
1191 if (strncasecmp(endpoint, "\\pipe\\", 6) == 0) {
1192 /*
1193 * TODO: check if this is really needed
1194 *
1195 * Or if we should fix this in our idl files.
1196 */
1197 ep_prefix = "\\PIPE\\";
1198 endpoint += 6;
1199 }
1200
1201 pkt->u.bind_ack.secondary_address = talloc_asprintf(call, "%s%s",
1202 ep_prefix,
1203 endpoint);
1204 if (pkt->u.bind_ack.secondary_address == NULL) {
1205 return NT_STATUS_NO_MEMORY;
1206 }
1207 pkt->u.bind_ack.num_results = call->pkt.u.bind.num_contexts;
1208 pkt->u.bind_ack.ctx_list = ack_ctx_list;
1209 pkt->u.bind_ack.auth_info = data_blob_null;
1210
1211 status = dcesrv_auth_prepare_bind_ack(call, pkt);
1212 if (!NT_STATUS_IS_OK(status)) {
1213 return dcesrv_bind_nak(call, 0);
1214 }
1215
1216 if (auth->auth_finished) {
1217 return dcesrv_auth_reply(call);
1218 }
1219
1220 subreq = gensec_update_send(call, call->event_ctx,
1221 auth->gensec_security,
1222 call->in_auth_info.credentials);
1223 if (subreq == NULL) {
1224 return NT_STATUS_NO_MEMORY;
1225 }
1226 tevent_req_set_callback(subreq, dcesrv_bind_done, call);
1227
1228 return dcesrv_conn_auth_wait_setup(conn);
1229 }
1230
1231 static void dcesrv_bind_done(struct tevent_req *subreq)
1232 {
1233 struct dcesrv_call_state *call =
1234 tevent_req_callback_data(subreq,
1235 struct dcesrv_call_state);
1236 struct dcesrv_connection *conn = call->conn;
1237 NTSTATUS status;
1238
1239 status = gensec_update_recv(subreq, call,
1240 &call->out_auth_info->credentials);
1241 TALLOC_FREE(subreq);
1242
1243 status = dcesrv_auth_complete(call, status);
1244 if (!NT_STATUS_IS_OK(status)) {
1245 status = dcesrv_bind_nak(call, 0);
1246 dcesrv_conn_auth_wait_finished(conn, status);
1247 return;
1248 }
1249
1250 status = dcesrv_auth_reply(call);
1251 dcesrv_conn_auth_wait_finished(conn, status);
1252 return;
1253 }
1254
1255 static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call)
1256 {
1257 struct ncacn_packet *pkt = &call->ack_pkt;
1258 struct data_blob_list_item *rep = NULL;
1259 NTSTATUS status;
1260
1261 rep = talloc_zero(call, struct data_blob_list_item);
1262 if (!rep) {
1263 return NT_STATUS_NO_MEMORY;
1264 }
1265
1266 status = ncacn_push_auth(&rep->blob, call, pkt,
1267 call->out_auth_info);
1268 if (!NT_STATUS_IS_OK(status)) {
1269 return status;
1270 }
1271
1272 dcerpc_set_frag_length(&rep->blob, rep->blob.length);
1273
1274 DLIST_ADD_END(call->replies, rep);
1275 dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST);
1276
1277 if (call->conn->call_list && call->conn->call_list->replies) {
1278 if (call->conn->transport.report_output_data) {
1279 call->conn->transport.report_output_data(call->conn);
1280 }
1281 }
1282
1283 return NT_STATUS_OK;
1284 }
1285
1286
1287 static void dcesrv_auth3_done(struct tevent_req *subreq);
1288
1289 /*
1290 handle a auth3 request
1291 */
1292 static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
1293 {
1294 struct dcesrv_connection *conn = call->conn;
1295 struct dcesrv_auth *auth = call->auth_state;
1296 struct tevent_req *subreq = NULL;
1297 NTSTATUS status;
1298
1299 if (!auth->auth_started) {
1300 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1301 }
1302
1303 if (auth->auth_finished) {
1304 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1305 }
1306
1307 status = dcerpc_verify_ncacn_packet_header(&call->pkt,
1308 DCERPC_PKT_AUTH3,
1309 call->pkt.u.auth3.auth_info.length,
1310 0, /* required flags */
1311 DCERPC_PFC_FLAG_FIRST |
1312 DCERPC_PFC_FLAG_LAST |
1313 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
1314 0x08 | /* this is not defined, but should be ignored */
1315 DCERPC_PFC_FLAG_CONC_MPX |
1316 DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
1317 DCERPC_PFC_FLAG_MAYBE |
1318 DCERPC_PFC_FLAG_OBJECT_UUID);
1319 if (!NT_STATUS_IS_OK(status)) {
1320 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1321 }
1322
1323 /* handle the auth3 in the auth code */
1324 if (!dcesrv_auth_prepare_auth3(call)) {
1325 /*
1326 * we don't send a reply to a auth3 request,
1327 * except by a fault.
1328 *
1329 * In anycase we mark the connection as
1330 * invalid.
1331 */
1332 auth->auth_invalid = true;
1333 if (call->fault_code != 0) {
1334 return dcesrv_fault_disconnect(call, call->fault_code);
1335 }
1336 TALLOC_FREE(call);
1337 return NT_STATUS_OK;
1338 }
1339
1340 subreq = gensec_update_send(call, call->event_ctx,
1341 auth->gensec_security,
1342 call->in_auth_info.credentials);
1343 if (subreq == NULL) {
1344 return NT_STATUS_NO_MEMORY;
1345 }
1346 tevent_req_set_callback(subreq, dcesrv_auth3_done, call);
1347
1348 return dcesrv_conn_auth_wait_setup(conn);
1349 }
1350
1351 static void dcesrv_auth3_done(struct tevent_req *subreq)
1352 {
1353 struct dcesrv_call_state *call =
1354 tevent_req_callback_data(subreq,
1355 struct dcesrv_call_state);
1356 struct dcesrv_connection *conn = call->conn;
1357 struct dcesrv_auth *auth = call->auth_state;
1358 NTSTATUS status;
1359
1360 status = gensec_update_recv(subreq, call,
1361 &call->out_auth_info->credentials);
1362 TALLOC_FREE(subreq);
1363
1364 status = dcesrv_auth_complete(call, status);
1365 if (!NT_STATUS_IS_OK(status)) {
1366 /*
1367 * we don't send a reply to a auth3 request,
1368 * except by a fault.
1369 *
1370 * In anycase we mark the connection as
1371 * invalid.
1372 */
1373 auth->auth_invalid = true;
1374 if (call->fault_code != 0) {
1375 status = dcesrv_fault_disconnect(call, call->fault_code);
1376 dcesrv_conn_auth_wait_finished(conn, status);
1377 return;
1378 }
1379 TALLOC_FREE(call);
1380 dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK);
1381 return;
1382 }
1383
1384 /*
1385 * we don't send a reply to a auth3 request.
1386 */
1387 TALLOC_FREE(call);
1388 dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK);
1389 return;
1390 }
1391
1392
1393 static NTSTATUS dcesrv_check_or_create_context(struct dcesrv_call_state *call,
1394 const struct dcerpc_bind *b,
1395 const struct dcerpc_ctx_list *ctx,
1396 struct dcerpc_ack_ctx *ack,
1397 bool validate_only,
1398 const struct ndr_syntax_id *supported_transfer)
1399 {
1400 uint32_t if_version;
1401 struct dcesrv_connection_context *context;
1402 const struct dcesrv_interface *iface;
1403 struct GUID uuid;
1404 NTSTATUS status;
1405 const struct ndr_syntax_id *selected_transfer = NULL;
1406 size_t i;
1407 bool ok;
1408
1409 if (b == NULL) {
1410 return NT_STATUS_INTERNAL_ERROR;
1411 }
1412 if (ctx == NULL) {
1413 return NT_STATUS_INTERNAL_ERROR;
1414 }
1415 if (ctx->num_transfer_syntaxes < 1) {
1416 return NT_STATUS_INTERNAL_ERROR;
1417 }
1418 if (ack == NULL) {
1419 return NT_STATUS_INTERNAL_ERROR;
1420 }
1421 if (supported_transfer == NULL) {
1422 return NT_STATUS_INTERNAL_ERROR;
1423 }
1424
1425 switch (ack->result) {
1426 case DCERPC_BIND_ACK_RESULT_ACCEPTANCE:
1427 case DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK:
1428 /*
1429 * We is already completed.
1430 */
1431 return NT_STATUS_OK;
1432 default:
1433 break;
1434 }
1435
1436 ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1437 ack->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
1438
1439 if_version = ctx->abstract_syntax.if_version;
1440 uuid = ctx->abstract_syntax.uuid;
1441
1442 iface = find_interface_by_uuid(call->conn->endpoint, &uuid, if_version);
1443 if (iface == NULL) {
1444 char *uuid_str = GUID_string(call, &uuid);
1445 DEBUG(2,("Request for unknown dcerpc interface %s/%d\n", uuid_str, if_version));
1446 talloc_free(uuid_str);
1447 /*
1448 * We report this only via ack->result
1449 */
1450 return NT_STATUS_OK;
1451 }
1452
1453 ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1454 ack->reason.value = DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED;
1455
1456 if (validate_only) {
1457 /*
1458 * We report this only via ack->result
1459 */
1460 return NT_STATUS_OK;
1461 }
1462
1463 for (i = 0; i < ctx->num_transfer_syntaxes; i++) {
1464 /*
1465 * we only do NDR encoded dcerpc for now.
1466 */
1467 ok = ndr_syntax_id_equal(&ctx->transfer_syntaxes[i],
1468 supported_transfer);
1469 if (ok) {
1470 selected_transfer = supported_transfer;
1471 break;
1472 }
1473 }
1474
1475 context = dcesrv_find_context(call->conn, ctx->context_id);
1476 if (context != NULL) {
1477 ok = ndr_syntax_id_equal(&context->iface->syntax_id,
1478 &ctx->abstract_syntax);
1479 if (!ok) {
1480 return NT_STATUS_RPC_PROTOCOL_ERROR;
1481 }
1482
1483 if (selected_transfer != NULL) {
1484 ok = ndr_syntax_id_equal(&context->transfer_syntax,
1485 selected_transfer);
1486 if (!ok) {
1487 return NT_STATUS_RPC_PROTOCOL_ERROR;
1488 }
1489
1490 ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE;
1491 ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED;
1492 ack->syntax = context->transfer_syntax;
1493 }
1494
1495 /*
1496 * We report this only via ack->result
1497 */
1498 return NT_STATUS_OK;
1499 }
1500
1501 if (selected_transfer == NULL) {
1502 /*
1503 * We report this only via ack->result
1504 */
1505 return NT_STATUS_OK;
1506 }
1507
1508 ack->result = DCERPC_BIND_ACK_RESULT_USER_REJECTION;
1509 ack->reason.value = DCERPC_BIND_ACK_REASON_LOCAL_LIMIT_EXCEEDED;
1510
1511 /* add this context to the list of available context_ids */
1512 context = talloc_zero(call->conn, struct dcesrv_connection_context);
1513 if (context == NULL) {
1514 return NT_STATUS_NO_MEMORY;
1515 }
1516 context->conn = call->conn;
1517 context->context_id = ctx->context_id;
1518 context->iface = iface;
1519 context->transfer_syntax = *selected_transfer;
1520 context->private_data = NULL;
1521 DLIST_ADD(call->conn->contexts, context);
1522 call->context = context;
1523 talloc_set_destructor(context, dcesrv_connection_context_destructor);
1524
1525 dcesrv_prepare_context_auth(call);
1526
1527 /*
1528 * Multiplex is supported by default
1529 */
1530 call->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
1531
1532 status = iface->bind(call, iface, if_version);
1533 call->context = NULL;
1534 if (!NT_STATUS_IS_OK(status)) {
1535 /* we don't want to trigger the iface->unbind() hook */
1536 context->iface = NULL;
1537 talloc_free(context);
1538 /*
1539 * We report this only via ack->result
1540 */
1541 return NT_STATUS_OK;
1542 }
1543
1544 ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE;
1545 ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED;
1546 ack->syntax = context->transfer_syntax;
1547 return NT_STATUS_OK;
1548 }
1549
1550 static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call,
1551 const struct dcerpc_bind *b,
1552 struct dcerpc_ack_ctx *ack_ctx_list)
1553 {
1554 NTSTATUS status;
1555 size_t i;
1556 bool validate_only = false;
1557 bool preferred_ndr32;
1558
1559 /*
1560 * Try to negotiate one new presentation context,
1561 * using our preferred transfer syntax.
1562 */
1563 for (i = 0; i < b->num_contexts; i++) {
1564 const struct dcerpc_ctx_list *c = &b->ctx_list[i];
1565 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1566
1567 status = dcesrv_check_or_create_context(call, b, c, a,
1568 validate_only,
1569 call->conn->preferred_transfer);
1570 if (!NT_STATUS_IS_OK(status)) {
1571 return status;
1572 }
1573
1574 if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) {
1575 /*
1576 * We managed to negotiate one context.
1577 *
1578 * => we're done.
1579 */
1580 validate_only = true;
1581 }
1582 }
1583
1584 preferred_ndr32 = ndr_syntax_id_equal(&ndr_transfer_syntax_ndr,
1585 call->conn->preferred_transfer);
1586 if (preferred_ndr32) {
1587 /*
1588 * We're done.
1589 */
1590 return NT_STATUS_OK;
1591 }
1592
1593 /*
1594 * Try to negotiate one new presentation context,
1595 * using NDR 32 as fallback.
1596 */
1597 for (i = 0; i < b->num_contexts; i++) {
1598 const struct dcerpc_ctx_list *c = &b->ctx_list[i];
1599 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1600
1601 status = dcesrv_check_or_create_context(call, b, c, a,
1602 validate_only,
1603 &ndr_transfer_syntax_ndr);
1604 if (!NT_STATUS_IS_OK(status)) {
1605 return status;
1606 }
1607
1608 if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) {
1609 /*
1610 * We managed to negotiate one context.
1611 *
1612 * => we're done.
1613 */
1614 validate_only = true;
1615 }
1616 }
1617
1618 return NT_STATUS_OK;
1619 }
1620
1621 static void dcesrv_alter_done(struct tevent_req *subreq);
1622
1623 /*
1624 handle a alter context request
1625 */
1626 static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
1627 {
1628 struct dcesrv_connection *conn = call->conn;
1629 NTSTATUS status;
1630 bool auth_ok = false;
1631 struct ncacn_packet *pkt = &call->ack_pkt;
1632 uint32_t extra_flags = 0;
1633 struct dcesrv_auth *auth = call->auth_state;
1634 struct dcerpc_ack_ctx *ack_ctx_list = NULL;
1635 struct tevent_req *subreq = NULL;
1636 size_t i;
1637
1638 if (!call->conn->allow_alter) {
1639 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1640 }
1641
1642 status = dcerpc_verify_ncacn_packet_header(&call->pkt,
1643 DCERPC_PKT_ALTER,
1644 call->pkt.u.alter.auth_info.length,
1645 0, /* required flags */
1646 DCERPC_PFC_FLAG_FIRST |
1647 DCERPC_PFC_FLAG_LAST |
1648 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN |
1649 0x08 | /* this is not defined, but should be ignored */
1650 DCERPC_PFC_FLAG_CONC_MPX |
1651 DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
1652 DCERPC_PFC_FLAG_MAYBE |
1653 DCERPC_PFC_FLAG_OBJECT_UUID);
1654 if (!NT_STATUS_IS_OK(status)) {
1655 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1656 }
1657
1658 auth_ok = dcesrv_auth_alter(call);
1659 if (!auth_ok) {
1660 if (call->fault_code != 0) {
1661 return dcesrv_fault_disconnect(call, call->fault_code);
1662 }
1663 }
1664
1665 if (call->pkt.u.alter.num_contexts < 1) {
1666 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1667 }
1668
1669 ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx,
1670 call->pkt.u.alter.num_contexts);
1671 if (ack_ctx_list == NULL) {
1672 return NT_STATUS_NO_MEMORY;
1673 }
1674
1675 /*
1676 * Set some sane defaults (required by dcesrv_negotiate_contexts()/
1677 * dcesrv_check_or_create_context()) and do some protocol validation
1678 * and set sane defaults.
1679 */
1680 for (i = 0; i < call->pkt.u.alter.num_contexts; i++) {
1681 const struct dcerpc_ctx_list *c = &call->pkt.u.alter.ctx_list[i];
1682 struct dcerpc_ack_ctx *a = &ack_ctx_list[i];
1683
1684 if (c->num_transfer_syntaxes == 0) {
1685 return dcesrv_fault_disconnect(call,
1686 DCERPC_NCA_S_PROTO_ERROR);
1687 }
1688
1689 a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION;
1690 a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED;
1691 }
1692
1693 /*
1694 * Try to negotiate one new presentation context.
1695 */
1696 status = dcesrv_negotiate_contexts(call, &call->pkt.u.alter, ack_ctx_list);
1697 if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
1698 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1699 }
1700 if (!NT_STATUS_IS_OK(status)) {
1701 return status;
1702 }
1703
1704 if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) &&
1705 (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
1706 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED;
1707 extra_flags |= DCERPC_PFC_FLAG_CONC_MPX;
1708 }
1709
1710 if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
1711 call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL;
1712 }
1713
1714 /* handle any authentication that is being requested */
1715 if (!auth_ok) {
1716 if (call->in_auth_info.auth_type != auth->auth_type) {
1717 return dcesrv_fault_disconnect(call,
1718 DCERPC_FAULT_SEC_PKG_ERROR);
1719 }
1720 return dcesrv_fault_disconnect(call, DCERPC_FAULT_ACCESS_DENIED);
1721 }
1722
1723 dcesrv_init_hdr(pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx));
1724 pkt->auth_length = 0;
1725 pkt->call_id = call->pkt.call_id;
1726 pkt->ptype = DCERPC_PKT_ALTER_RESP;
1727 pkt->pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags;
1728 pkt->u.alter_resp.max_xmit_frag = call->conn->max_xmit_frag;
1729 pkt->u.alter_resp.max_recv_frag = call->conn->max_recv_frag;
1730 pkt->u.alter_resp.assoc_group_id = call->conn->assoc_group->id;
1731 pkt->u.alter_resp.secondary_address = "";
1732 pkt->u.alter_resp.num_results = call->pkt.u.alter.num_contexts;
1733 pkt->u.alter_resp.ctx_list = ack_ctx_list;
1734 pkt->u.alter_resp.auth_info = data_blob_null;
1735
1736 status = dcesrv_auth_prepare_alter_ack(call, pkt);
1737 if (!NT_STATUS_IS_OK(status)) {
1738 return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
1739 }
1740
1741 if (auth->auth_finished) {
1742 return dcesrv_auth_reply(call);
1743 }
1744
1745 subreq = gensec_update_send(call, call->event_ctx,
1746 auth->gensec_security,
1747 call->in_auth_info.credentials);
1748 if (subreq == NULL) {
1749 return NT_STATUS_NO_MEMORY;
1750 }
1751 tevent_req_set_callback(subreq, dcesrv_alter_done, call);
1752
1753 return dcesrv_conn_auth_wait_setup(conn);
1754 }
1755
1756 static void dcesrv_alter_done(struct tevent_req *subreq)
1757 {
1758 struct dcesrv_call_state *call =
1759 tevent_req_callback_data(subreq,
1760 struct dcesrv_call_state);
1761 struct dcesrv_connection *conn = call->conn;
1762 NTSTATUS status;
1763
1764 status = gensec_update_recv(subreq, call,
1765 &call->out_auth_info->credentials);
1766 TALLOC_FREE(subreq);
1767
1768 status = dcesrv_auth_complete(call, status);
1769 if (!NT_STATUS_IS_OK(status)) {
1770 status = dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR);
1771 dcesrv_conn_auth_wait_finished(conn, status);
1772 return;
1773 }
1774
1775 status = dcesrv_auth_reply(call);
1776 dcesrv_conn_auth_wait_finished(conn, status);
1777 return;
1778 }
1779
1780 /*
1781 possibly save the call for inspection with ndrdump
1782 */
1783 static void dcesrv_save_call(struct dcesrv_call_state *call, const char *why)
1784 {
1785 #ifdef DEVELOPER
1786 char *fname;
1787 const char *dump_dir;
1788 dump_dir = lpcfg_parm_string(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv", "stubs directory");
1789 if (!dump_dir) {
1790 return;
1791 }
1792 fname = talloc_asprintf(call, "%s/RPC-%s-%u-%s.dat",
1793 dump_dir,
1794 call->context->iface->name,
1795 call->pkt.u.request.opnum,
1796 why);
1797 if (file_save(fname, call->pkt.u.request.stub_and_verifier.data, call->pkt.u.request.stub_and_verifier.length)) {
1798 DEBUG(0,("RPC SAVED %s\n", fname));
1799 }
1800 talloc_free(fname);
1801 #endif
1802 }
1803
1804 static NTSTATUS dcesrv_check_verification_trailer(struct dcesrv_call_state *call)
1805 {
1806 TALLOC_CTX *frame = talloc_stackframe();
1807 const struct dcesrv_auth *auth = call->auth_state;
1808 const uint32_t bitmask1 = auth->client_hdr_signing ?
1809 DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING : 0;
1810 const struct dcerpc_sec_vt_pcontext pcontext = {
1811 .abstract_syntax = call->context->iface->syntax_id,
1812 .transfer_syntax = call->context->transfer_syntax,
1813 };
1814 const struct dcerpc_sec_vt_header2 header2 =
1815 dcerpc_sec_vt_header2_from_ncacn_packet(&call->pkt);
1816 enum ndr_err_code ndr_err;
1817 struct dcerpc_sec_verification_trailer *vt = NULL;
1818 NTSTATUS status = NT_STATUS_OK;
1819 bool ok;
1820
1821 SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_REQUEST);
1822
1823 ndr_err = ndr_pop_dcerpc_sec_verification_trailer(call->ndr_pull,
1824 frame, &vt);
1825 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1826 status = ndr_map_error2ntstatus(ndr_err);
1827 goto done;
1828 }
1829
1830 ok = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
1831 &pcontext, &header2);
1832 if (!ok) {
1833 status = NT_STATUS_ACCESS_DENIED;
1834 goto done;
1835 }
1836 done:
1837 TALLOC_FREE(frame);
1838 return status;
1839 }
1840
1841 /*
1842 handle a dcerpc request packet
1843 */
1844 static NTSTATUS dcesrv_request(struct dcesrv_call_state *call)
1845 {
1846 const struct dcesrv_endpoint *endpoint = call->conn->endpoint;
1847 struct dcesrv_auth *auth = call->auth_state;
1848 enum dcerpc_transport_t transport =
1849 dcerpc_binding_get_transport(endpoint->ep_description);
1850 struct ndr_pull *pull;
1851 NTSTATUS status;
1852
1853 if (!auth->auth_finished) {
1854 return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
1855 }
1856
1857 /* if authenticated, and the mech we use can't do async replies, don't use them... */
1858 if (auth->gensec_security != NULL &&
1859 !gensec_have_feature(auth->gensec_security, GENSEC_FEATURE_ASYNC_REPLIES)) {
1860 call->state_flags &= ~DCESRV_CALL_STATE_FLAG_MAY_ASYNC;
1861 }
1862
1863 if (call->context == NULL) {
1864 return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
1865 DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
1866 }
1867
1868 switch (auth->auth_level) {
1869 case DCERPC_AUTH_LEVEL_NONE:
1870 case DCERPC_AUTH_LEVEL_PACKET:
1871 case DCERPC_AUTH_LEVEL_INTEGRITY:
1872 case DCERPC_AUTH_LEVEL_PRIVACY:
1873 break;
1874 default:
1875 if (!call->context->allow_connect) {
1876 char *addr;
1877
1878 addr = tsocket_address_string(call->conn->remote_address,
1879 call);
1880
1881 DEBUG(2, ("%s: restrict auth_level_connect access "
1882 "to [%s] with auth[type=0x%x,level=0x%x] "
1883 "on [%s] from [%s]\n",
1884 __func__, call->context->iface->name,
1885 auth->auth_type,
1886 auth->auth_level,
1887 derpc_transport_string_by_transport(transport),
1888 addr));
1889 return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
1890 }
1891 break;
1892 }
1893
1894 if (auth->auth_level < call->context->min_auth_level) {
1895 char *addr;
1896
1897 addr = tsocket_address_string(call->conn->remote_address, call);
1898
1899 DEBUG(2, ("%s: restrict access by min_auth_level[0x%x] "
1900 "to [%s] with auth[type=0x%x,level=0x%x] "
1901 "on [%s] from [%s]\n",
1902 __func__,
1903 call->context->min_auth_level,
1904 call->context->iface->name,
1905 auth->auth_type,
1906 auth->auth_level,
1907 derpc_transport_string_by_transport(transport),
1908 addr));
1909 return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
1910 }
1911
1912 pull = ndr_pull_init_blob(&call->pkt.u.request.stub_and_verifier, call);
1913 NT_STATUS_HAVE_NO_MEMORY(pull);
1914
1915 pull->flags |= LIBNDR_FLAG_REF_ALLOC;
1916
1917 call->ndr_pull = pull;
1918
1919 if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) {
1920 pull->flags |= LIBNDR_FLAG_BIGENDIAN;
1921 }
1922
1923 status = dcesrv_check_verification_trailer(call);
1924 if (!NT_STATUS_IS_OK(status)) {
1925 uint32_t faultcode = DCERPC_FAULT_OTHER;
1926 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
1927 faultcode = DCERPC_FAULT_ACCESS_DENIED;
1928 }
1929 DEBUG(10, ("dcesrv_check_verification_trailer failed: %s\n",
1930 nt_errstr(status)));
1931 return dcesrv_fault(call, faultcode);
1932 }
1933
1934 /* unravel the NDR for the packet */
1935 status = call->context->iface->ndr_pull(call, call, pull, &call->r);
1936 if (!NT_STATUS_IS_OK(status)) {
1937 uint8_t extra_flags = 0;
1938 if (call->fault_code == DCERPC_FAULT_OP_RNG_ERROR) {
1939 /* we got an unknown call */
1940 DEBUG(3,(__location__ ": Unknown RPC call %u on %s\n",
1941 call->pkt.u.request.opnum,
1942 call->context->iface->name));
1943 dcesrv_save_call(call, "unknown");
1944 extra_flags |= DCERPC_PFC_FLAG_DID_NOT_EXECUTE;
1945 } else {
1946 dcesrv_save_call(call, "pullfail");
1947 }
1948 return dcesrv_fault_with_flags(call, call->fault_code, extra_flags);
1949 }
1950
1951 if (pull->offset != pull->data_size) {
1952 dcesrv_save_call(call, "extrabytes");
1953 DEBUG(3,("Warning: %d extra bytes in incoming RPC request\n",
1954 pull->data_size - pull->offset));
1955 }
1956
1957 /* call the dispatch function */
1958 status = call->context->iface->dispatch(call, call, call->r);
1959 if (!NT_STATUS_IS_OK(status)) {
1960 DEBUG(5,("dcerpc fault in call %s:%02x - %s\n",
1961 call->context->iface->name,
1962 call->pkt.u.request.opnum,
1963 dcerpc_errstr(pull, call->fault_code)));
1964 return dcesrv_fault(call, call->fault_code);
1965 }
1966
1967 /* add the call to the pending list */
1968 dcesrv_call_set_list(call, DCESRV_LIST_PENDING_CALL_LIST);
1969
1970 if (call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) {
1971 return NT_STATUS_OK;
1972 }
1973
1974 return dcesrv_reply(call);
1975 }
1976
1977
1978 /*
1979 remove the call from the right list when freed
1980 */
1981 static int dcesrv_call_dequeue(struct dcesrv_call_state *call)
1982 {
1983 dcesrv_call_set_list(call, DCESRV_LIST_NONE);
1984 return 0;
1985 }
1986
1987 _PUBLIC_ const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn)
1988 {
1989 return conn->local_address;
1990 }
1991
1992 _PUBLIC_ const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn)
1993 {
1994 return conn->remote_address;
1995 }
1996
1997 /*
1998 process some input to a dcerpc endpoint server.
1999 */
2000 static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn,
2001 struct ncacn_packet *pkt,
2002 DATA_BLOB blob)
2003 {
2004 NTSTATUS status;
2005 struct dcesrv_call_state *call;
2006 struct dcesrv_call_state *existing = NULL;
2007
2008 call = talloc_zero(dce_conn, struct dcesrv_call_state);
2009 if (!call) {
2010 data_blob_free(&blob);
2011 talloc_free(pkt);
2012 return NT_STATUS_NO_MEMORY;
2013 }
2014 call->conn = dce_conn;
2015 call->event_ctx = dce_conn->event_ctx;
2016 call->msg_ctx = dce_conn->msg_ctx;
2017 call->state_flags = call->conn->state_flags;
2018 call->time = timeval_current();
2019 call->list = DCESRV_LIST_NONE;
2020
2021 talloc_steal(call, pkt);
2022 talloc_steal(call, blob.data);
2023 call->pkt = *pkt;
2024
2025 call->auth_state = dce_conn->default_auth_state;
2026
2027 talloc_set_destructor(call, dcesrv_call_dequeue);
2028
2029 if (call->conn->allow_bind) {
2030 /*
2031 * Only one bind is possible per connection
2032 */
2033 call->conn->allow_bind = false;
2034 return dcesrv_bind(call);
2035 }
2036
2037 /* we have to check the signing here, before combining the
2038 pdus */
2039 if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
2040 if (!call->auth_state->auth_finished) {
2041 return dcesrv_fault_disconnect(call,
2042 DCERPC_NCA_S_PROTO_ERROR);
2043 }
2044
2045 status = dcerpc_verify_ncacn_packet_header(&call->pkt,
2046 DCERPC_PKT_REQUEST,
2047 call->pkt.u.request.stub_and_verifier.length,
2048 0, /* required_flags */
2049 DCERPC_PFC_FLAG_FIRST |
2050 DCERPC_PFC_FLAG_LAST |
2051 DCERPC_PFC_FLAG_PENDING_CANCEL |
2052 0x08 | /* this is not defined, but should be ignored */
2053 DCERPC_PFC_FLAG_CONC_MPX |
2054 DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
2055 DCERPC_PFC_FLAG_MAYBE |
2056 DCERPC_PFC_FLAG_OBJECT_UUID);
2057 if (!NT_STATUS_IS_OK(status)) {
2058 return dcesrv_fault_disconnect(call,
2059 DCERPC_NCA_S_PROTO_ERROR);
2060 }
2061
2062 if (call->pkt.frag_length > DCERPC_FRAG_MAX_SIZE) {
2063 /*
2064 * We don't use dcesrv_fault_disconnect()
2065 * here, because we don't want to set
2066 * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
2067 *
2068 * Note that we don't check against the negotiated
2069 * max_recv_frag, but a hard coded value.
2070 */
2071 dcesrv_call_disconnect_after(call,
2072 "dcesrv_auth_request - frag_length too large");
2073 return dcesrv_fault(call,
2074 DCERPC_NCA_S_PROTO_ERROR);
2075 }
2076
2077 if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) {
2078 if (dce_conn->pending_call_list != NULL) {
2079 /*
2080 * concurrent requests are only allowed
2081 * if DCERPC_PFC_FLAG_CONC_MPX was negotiated.
2082 */
2083 if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
2084 dcesrv_call_disconnect_after(call,
2085 "dcesrv_auth_request - "
2086 "existing pending call without CONN_MPX");
2087 return dcesrv_fault(call,
2088 DCERPC_NCA_S_PROTO_ERROR);
2089 }
2090 }
2091 /* only one request is possible in the fragmented list */
2092 if (dce_conn->incoming_fragmented_call_list != NULL) {
2093 if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) {
2094 /*
2095 * Without DCERPC_PFC_FLAG_CONC_MPX
2096 * we need to return the FAULT on the
2097 * already existing call.
2098 *
2099 * This is important to get the
2100 * call_id and context_id right.
2101 */
2102 TALLOC_FREE(call);
2103 call = dce_conn->incoming_fragmented_call_list;
2104 }
2105 dcesrv_call_disconnect_after(call,
2106 "dcesrv_auth_request - "
2107 "existing fragmented call");
2108 return dcesrv_fault(call,
2109 DCERPC_NCA_S_PROTO_ERROR);
2110 }
2111 if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) {
2112 return dcesrv_fault_disconnect(call,
2113 DCERPC_FAULT_NO_CALL_ACTIVE);
2114 }
2115 call->context = dcesrv_find_context(call->conn,
2116 call->pkt.u.request.context_id);
2117 if (call->context == NULL) {
2118 return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF,
2119 DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
2120 }
2121 } else {
2122 const struct dcerpc_request *nr = &call->pkt.u.request;
2123 const struct dcerpc_request *er = NULL;
2124 int cmp;
2125
2126 existing = dcesrv_find_fragmented_call(dce_conn,
2127 call->pkt.call_id);
2128 if (existing == NULL) {
2129 dcesrv_call_disconnect_after(call,
2130 "dcesrv_auth_request - "
2131 "no existing fragmented call");
2132 return dcesrv_fault(call,
2133 DCERPC_NCA_S_PROTO_ERROR);
2134 }
2135 er = &existing->pkt.u.request;
2136
2137 if (call->pkt.ptype != existing->pkt.ptype) {
2138 /* trying to play silly buggers are we? */
2139 return dcesrv_fault_disconnect(existing,
2140 DCERPC_NCA_S_PROTO_ERROR);
2141 }
2142 cmp = memcmp(call->pkt.drep, existing->pkt.drep,
2143 sizeof(pkt->drep));
2144 if (cmp != 0) {
2145 return dcesrv_fault_disconnect(existing,
2146 DCERPC_NCA_S_PROTO_ERROR);
2147 }
2148 if (nr->context_id != er->context_id) {
2149 return dcesrv_fault_disconnect(existing,
2150 DCERPC_NCA_S_PROTO_ERROR);
2151 }
2152 if (nr->opnum != er->opnum) {
2153 return dcesrv_fault_disconnect(existing,
2154 DCERPC_NCA_S_PROTO_ERROR);
2155 }
2156 }
2157 }
2158
2159 if (call->pkt.ptype == DCERPC_PKT_REQUEST) {
2160 bool ok;
2161 uint8_t payload_offset = DCERPC_REQUEST_LENGTH;
2162
2163 if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
2164 payload_offset += 16;
2165 }
2166
2167 ok = dcesrv_auth_pkt_pull(call, &blob,
2168 0, /* required_flags */
2169 DCERPC_PFC_FLAG_FIRST |
2170 DCERPC_PFC_FLAG_LAST |
2171 DCERPC_PFC_FLAG_PENDING_CANCEL |
2172 0x08 | /* this is not defined, but should be ignored */
2173 DCERPC_PFC_FLAG_CONC_MPX |
2174 DCERPC_PFC_FLAG_DID_NOT_EXECUTE |
2175 DCERPC_PFC_FLAG_MAYBE |
2176 DCERPC_PFC_FLAG_OBJECT_UUID,
2177 payload_offset,
2178 &call->pkt.u.request.stub_and_verifier);
2179 if (!ok) {
2180 /*
2181 * We don't use dcesrv_fault_disconnect()
2182 * here, because we don't want to set
2183 * DCERPC_PFC_FLAG_DID_NOT_EXECUTE
2184 */
2185 dcesrv_call_disconnect_after(call,
2186 "dcesrv_auth_request - failed");
2187 if (call->fault_code == 0) {
2188 call->fault_code = DCERPC_FAULT_ACCESS_DENIED;
2189 }
2190 return dcesrv_fault(call, call->fault_code);
2191 }
2192 }
2193
2194 /* see if this is a continued packet */
2195 if (existing != NULL) {
2196 struct dcerpc_request *er = &existing->pkt.u.request;
2197 const struct dcerpc_request *nr = &call->pkt.u.request;
2198 size_t available;
2199 size_t alloc_size;
2200 size_t alloc_hint;
2201
2202 /*
2203 * Up to 4 MByte are allowed by all fragments
2204 */
2205 available = dce_conn->max_total_request_size;
2206 if (er->stub_and_verifier.length > available) {
2207 dcesrv_call_disconnect_after(existing,
2208 "dcesrv_auth_request - existing payload too large");
2209 return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
2210 }
2211 available -= er->stub_and_verifier.length;
2212 if (nr->alloc_hint > available) {
2213 dcesrv_call_disconnect_after(existing,
2214 "dcesrv_auth_request - alloc hint too large");
2215 return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
2216 }
2217 if (nr->stub_and_verifier.length > available) {
2218 dcesrv_call_disconnect_after(existing,
2219 "dcesrv_auth_request - new payload too large");
2220 return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED);
2221 }
2222 alloc_hint = er->stub_and_verifier.length + nr->alloc_hint;
2223 /* allocate at least 1 byte */
2224 alloc_hint = MAX(alloc_hint, 1);
2225 alloc_size = er->stub_and_verifier.length +
2226 nr->stub_and_verifier.length;
2227 alloc_size = MAX(alloc_size, alloc_hint);
2228
2229 er->stub_and_verifier.data =
2230 talloc_realloc(existing,
2231 er->stub_and_verifier.data,
2232 uint8_t, alloc_size);
2233 if (er->stub_and_verifier.data == NULL) {
2234 TALLOC_FREE(call);
2235 return dcesrv_fault_with_flags(existing,
2236 DCERPC_FAULT_OUT_OF_RESOURCES,
2237 DCERPC_PFC_FLAG_DID_NOT_EXECUTE);
2238 }
2239 memcpy(er->stub_and_verifier.data +
2240 er->stub_and_verifier.length,
2241 nr->stub_and_verifier.data,
2242 nr->stub_and_verifier.length);
2243 er->stub_and_verifier.length += nr->stub_and_verifier.length;
2244
2245 existing->pkt.pfc_flags |= (call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST);
2246
2247 TALLOC_FREE(call);
2248 call = existing;
2249 }
2250
2251 /* this may not be the last pdu in the chain - if its isn't then
2252 just put it on the incoming_fragmented_call_list and wait for the rest */
2253 if (call->pkt.ptype == DCERPC_PKT_REQUEST &&
2254 !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) {
2255 /*
2256 * Up to 4 MByte are allowed by all fragments
2257 */
2258 if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) {
2259 dcesrv_call_disconnect_after(call,
2260 "dcesrv_auth_request - initial alloc hint too large");
2261 return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED);
2262 }
2263 dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST);
2264 return NT_STATUS_OK;
2265 }
2266
2267 /* This removes any fragments we may have had stashed away */
2268 dcesrv_call_set_list(call, DCESRV_LIST_NONE);
2269
2270 switch (call->pkt.ptype) {
2271 case DCERPC_PKT_BIND:
2272 status = dcesrv_bind_nak(call,
2273 DCERPC_BIND_NAK_REASON_NOT_SPECIFIED);
2274 break;
2275 case DCERPC_PKT_AUTH3:
2276 status = dcesrv_auth3(call);
2277 break;
2278 case DCERPC_PKT_ALTER:
2279 status = dcesrv_alter(call);
2280 break;
2281 case DCERPC_PKT_REQUEST:
2282 status = dcesrv_request(call);
2283 break;
2284 case DCERPC_PKT_CO_CANCEL:
2285 case DCERPC_PKT_ORPHANED:
2286 /*
2287 * Window just ignores CO_CANCEL and ORPHANED,
2288 * so we do...
2289 */
2290 status = NT_STATUS_OK;
2291 TALLOC_FREE(call);
2292 break;
2293 case DCERPC_PKT_BIND_ACK:
2294 case DCERPC_PKT_BIND_NAK:
2295 case DCERPC_PKT_ALTER_RESP:
2296 case DCERPC_PKT_RESPONSE:
2297 case DCERPC_PKT_FAULT:
2298 case DCERPC_PKT_SHUTDOWN:
2299 default:
2300 status = dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR);
2301 break;
2302 }
2303
2304 /* if we are going to be sending a reply then add
2305 it to the list of pending calls. We add it to the end to keep the call
2306 list in the order we will answer */
2307 if (!NT_STATUS_IS_OK(status)) {
2308 talloc_free(call);
2309 }
2310
2311 return status;
2312 }
2313
2314 _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx,
2315 struct loadparm_context *lp_ctx,
2316 const char **endpoint_servers, struct dcesrv_context **_dce_ctx)
2317 {
2318 NTSTATUS status;
2319 struct dcesrv_context *dce_ctx;
2320 int i;
2321
2322 if (!endpoint_servers) {
2323 DEBUG(0,("dcesrv_init_context: no endpoint servers configured\n"));
2324 return NT_STATUS_INTERNAL_ERROR;
2325 }
2326
2327 dce_ctx = talloc_zero(mem_ctx, struct dcesrv_context);
2328 NT_STATUS_HAVE_NO_MEMORY(dce_ctx);
2329
2330 if (uid_wrapper_enabled()) {
2331 setenv("UID_WRAPPER_MYUID", "1", 1);
2332 }
2333 dce_ctx->initial_euid = geteuid();
2334 if (uid_wrapper_enabled()) {
2335 unsetenv("UID_WRAPPER_MYUID");
2336 }
2337
2338 dce_ctx->endpoint_list = NULL;
2339 dce_ctx->lp_ctx = lp_ctx;
2340 dce_ctx->assoc_groups_idr = idr_init(dce_ctx);
2341 NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr);
2342 dce_ctx->broken_connections = NULL;
2343
2344 for (i=0;endpoint_servers[i];i++) {
2345 const struct dcesrv_endpoint_server *ep_server;
2346
2347 ep_server = dcesrv_ep_server_byname(endpoint_servers[i]);
2348 if (!ep_server) {
2349 DEBUG(0,("dcesrv_init_context: failed to find endpoint server = '%s'\n", endpoint_servers[i]));
2350 return NT_STATUS_INTERNAL_ERROR;
2351 }
2352
2353 status = ep_server->init_server(dce_ctx, ep_server);
2354 if (!NT_STATUS_IS_OK(status)) {
2355 DEBUG(0,("dcesrv_init_context: failed to init endpoint server = '%s': %s\n", endpoint_servers[i],
2356 nt_errstr(status)));
2357 return status;
2358 }
2359 }
2360
2361 *_dce_ctx = dce_ctx;
2362 return NT_STATUS_OK;
2363 }
2364
2365 /* the list of currently registered DCERPC endpoint servers.
2366 */
2367 static struct ep_server {
2368 struct dcesrv_endpoint_server *ep_server;
2369 } *ep_servers = NULL;
2370 static int num_ep_servers;
2371
2372 /*
2373 register a DCERPC endpoint server.
2374
2375 The 'name' can be later used by other backends to find the operations
2376 structure for this backend.
2377
2378 */
2379 _PUBLIC_ NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server)
2380 {
2381
2382 if (dcesrv_ep_server_byname(ep_server->name) != NULL) {
2383 /* its already registered! */
2384 DEBUG(0,("DCERPC endpoint server '%s' already registered\n",
2385 ep_server->name));
2386 return NT_STATUS_OBJECT_NAME_COLLISION;
2387 }
2388
2389 ep_servers = realloc_p(ep_servers, struct ep_server, num_ep_servers+1);
2390 if (!ep_servers) {
2391 smb_panic("out of memory in dcerpc_register");
2392 }
2393
2394 ep_servers[num_ep_servers].ep_server = smb_xmemdup(ep_server, sizeof(*ep_server));
2395 ep_servers[num_ep_servers].ep_server->name = smb_xstrdup(ep_server->name);
2396
2397 num_ep_servers++;
2398
2399 DEBUG(3,("DCERPC endpoint server '%s' registered\n",
2400 ep_server->name));
2401
2402 return NT_STATUS_OK;
2403 }
2404
2405 /*
2406 return the operations structure for a named backend of the specified type
2407 */
2408 const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name)
2409 {
2410 int i;
2411
2412 for (i=0;i<num_ep_servers;i++) {
2413 if (strcmp(ep_servers[i].ep_server->name, name) == 0) {
2414 return ep_servers[i].ep_server;
2415 }
2416 }
2417
2418 return NULL;
2419 }
2420
2421 void dcerpc_server_init(struct loadparm_context *lp_ctx)
2422 {
2423 static bool initialized;
2424 #define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
2425 STATIC_dcerpc_server_MODULES_PROTO;
2426 init_module_fn static_init[] = { STATIC_dcerpc_server_MODULES };
2427 init_module_fn *shared_init;
2428
2429 if (initialized) {
2430 return;
2431 }
2432 initialized = true;
2433
2434 shared_init = load_samba_modules(NULL, "dcerpc_server");
2435
2436 run_init_functions(NULL, static_init);
2437 run_init_functions(NULL, shared_init);
2438
2439 talloc_free(shared_init);
2440 }
2441
2442 /*
2443 return the DCERPC module version, and the size of some critical types
2444 This can be used by endpoint server modules to either detect compilation errors, or provide
2445 multiple implementations for different smbd compilation options in one module
2446 */
2447 const struct dcesrv_critical_sizes *dcerpc_module_version(void)
2448 {
2449 static const struct dcesrv_critical_sizes critical_sizes = {
2450 DCERPC_MODULE_VERSION,
2451 sizeof(struct dcesrv_context),
2452 sizeof(struct dcesrv_endpoint),
2453 sizeof(struct dcesrv_endpoint_server),
2454 sizeof(struct dcesrv_interface),
2455 sizeof(struct dcesrv_if_list),
2456 sizeof(struct dcesrv_connection),
2457 sizeof(struct dcesrv_call_state),
2458 sizeof(struct dcesrv_auth),
2459 sizeof(struct dcesrv_handle)
2460 };
2461
2462 return &critical_sizes;
2463 }
2464
2465 static void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, const char *reason)
2466 {
2467 struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
2468 struct stream_connection *srv_conn;
2469 srv_conn = talloc_get_type(dce_conn->transport.private_data,
2470 struct stream_connection);
2471
2472 dce_conn->wait_send = NULL;
2473 dce_conn->wait_recv = NULL;
2474 dce_conn->wait_private = NULL;
2475
2476 dce_conn->allow_bind = false;
2477 dce_conn->allow_alter = false;
2478
2479 dce_conn->default_auth_state->auth_invalid = true;
2480
2481 if (dce_conn->pending_call_list == NULL) {
2482 char *full_reason = talloc_asprintf(dce_conn, "dcesrv: %s", reason);
2483
2484 DLIST_REMOVE(dce_ctx->broken_connections, dce_conn);
2485 stream_terminate_connection(srv_conn, full_reason ? full_reason : reason);
2486 return;
2487 }
2488
2489 if (dce_conn->terminate != NULL) {
2490 return;
2491 }
2492
2493 DEBUG(3,("dcesrv: terminating connection due to '%s' deferred due to pending calls\n",
2494 reason));
2495 dce_conn->terminate = talloc_strdup(dce_conn, reason);
2496 if (dce_conn->terminate == NULL) {
2497 dce_conn->terminate = "dcesrv: deferred terminating connection - no memory";
2498 }
2499 DLIST_ADD_END(dce_ctx->broken_connections, dce_conn);
2500 }
2501
2502 static void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx)
2503 {
2504 struct dcesrv_connection *cur, *next;
2505
2506 next = dce_ctx->broken_connections;
2507 while (next != NULL) {
2508 cur = next;
2509 next = cur->next;
2510
2511 if (cur->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) {
2512 struct dcesrv_connection_context *context_cur, *context_next;
2513
2514 context_next = cur->contexts;
2515 while (context_next != NULL) {
2516 context_cur = context_next;
2517 context_next = context_cur->next;
2518
2519 dcesrv_connection_context_destructor(context_cur);
2520 }
2521 }
2522
2523 dcesrv_terminate_connection(cur, cur->terminate);
2524 }
2525 }
2526
2527 /* We need this include to be able to compile on some plateforms
2528 * (ie. freebsd 7.2) as it seems that <sys/uio.h> is not included
2529 * correctly.
2530 * It has to be that deep because otherwise we have a conflict on
2531 * const struct dcesrv_interface declaration.
2532 * This is mostly due to socket_wrapper defining #define bind swrap_bind
2533 * which conflict with the bind used before.
2534 */
2535 #include "system/network.h"
2536
2537 struct dcesrv_sock_reply_state {
2538 struct dcesrv_connection *dce_conn;
2539 struct dcesrv_call_state *call;
2540 struct iovec iov;
2541 };
2542
2543 static void dcesrv_sock_reply_done(struct tevent_req *subreq);
2544 static void dcesrv_call_terminate_step1(struct tevent_req *subreq);
2545
2546 static void dcesrv_sock_report_output_data(struct dcesrv_connection *dce_conn)
2547 {
2548 struct dcesrv_call_state *call;
2549
2550 call = dce_conn->call_list;
2551 if (!call || !call->replies) {
2552 return;
2553 }
2554
2555 while (call->replies) {
2556 struct data_blob_list_item *rep = call->replies;
2557 struct dcesrv_sock_reply_state *substate;
2558 struct tevent_req *subreq;
2559
2560 substate = talloc_zero(call, struct dcesrv_sock_reply_state);
2561 if (!substate) {
2562 dcesrv_terminate_connection(dce_conn, "no memory");
2563 return;
2564 }
2565
2566 substate->dce_conn = dce_conn;
2567 substate->call = NULL;
2568
2569 DLIST_REMOVE(call->replies, rep);
2570
2571 if (call->replies == NULL && call->terminate_reason == NULL) {
2572 substate->call = call;
2573 }
2574
2575 substate->iov.iov_base = (void *) rep->blob.data;
2576 substate->iov.iov_len = rep->blob.length;
2577
2578 subreq = tstream_writev_queue_send(substate,
2579 dce_conn->event_ctx,
2580 dce_conn->stream,
2581 dce_conn->send_queue,
2582 &substate->iov, 1);
2583 if (!subreq) {
2584 dcesrv_terminate_connection(dce_conn, "no memory");
2585 return;
2586 }
2587 tevent_req_set_callback(subreq, dcesrv_sock_reply_done,
2588 substate);
2589 }
2590
2591 if (call->terminate_reason != NULL) {
2592 struct tevent_req *subreq;
2593
2594 subreq = tevent_queue_wait_send(call,
2595 dce_conn->event_ctx,
2596 dce_conn->send_queue);
2597 if (!subreq) {
2598 dcesrv_terminate_connection(dce_conn, __location__);
2599 return;
2600 }
2601 tevent_req_set_callback(subreq, dcesrv_call_terminate_step1,
2602 call);
2603 }
2604
2605 DLIST_REMOVE(call->conn->call_list, call);
2606 call->list = DCESRV_LIST_NONE;
2607 }
2608
2609 static void dcesrv_sock_reply_done(struct tevent_req *subreq)
2610 {
2611 struct dcesrv_sock_reply_state *substate = tevent_req_callback_data(subreq,
2612 struct dcesrv_sock_reply_state);
2613 int ret;
2614 int sys_errno;
2615 NTSTATUS status;
2616 struct dcesrv_call_state *call = substate->call;
2617
2618 ret = tstream_writev_queue_recv(subreq, &sys_errno);
2619 TALLOC_FREE(subreq);
2620 if (ret == -1) {
2621 status = map_nt_error_from_unix_common(sys_errno);
2622 dcesrv_terminate_connection(substate->dce_conn, nt_errstr(status));
2623 return;
2624 }
2625
2626 talloc_free(substate);
2627 if (call) {
2628 talloc_free(call);
2629 }
2630 }
2631
2632 static void dcesrv_call_terminate_step2(struct tevent_req *subreq);
2633
2634 static void dcesrv_call_terminate_step1(struct tevent_req *subreq)
2635 {
2636 struct dcesrv_call_state *call = tevent_req_callback_data(subreq,
2637 struct dcesrv_call_state);
2638 bool ok;
2639 struct timeval tv;
2640
2641 /* make sure we stop send queue before removing subreq */
2642 tevent_queue_stop(call->conn->send_queue);
2643
2644 ok = tevent_queue_wait_recv(subreq);
2645 TALLOC_FREE(subreq);
2646 if (!ok) {
2647 dcesrv_terminate_connection(call->conn, __location__);
2648 return;
2649 }
2650
2651 /* disconnect after 200 usecs */
2652 tv = timeval_current_ofs_usec(200);
2653 subreq = tevent_wakeup_send(call, call->conn->event_ctx, tv);
2654 if (subreq == NULL) {
2655 dcesrv_terminate_connection(call->conn, __location__);
2656 return;
2657 }
2658 tevent_req_set_callback(subreq, dcesrv_call_terminate_step2,
2659 call);
2660 }
2661
2662 static void dcesrv_call_terminate_step2(struct tevent_req *subreq)
2663 {
2664 struct dcesrv_call_state *call = tevent_req_callback_data(subreq,
2665 struct dcesrv_call_state);
2666 bool ok;
2667
2668 ok = tevent_wakeup_recv(subreq);
2669 TALLOC_FREE(subreq);
2670 if (!ok) {
2671 dcesrv_terminate_connection(call->conn, __location__);
2672 return;
2673 }
2674
2675 dcesrv_terminate_connection(call->conn, call->terminate_reason);
2676 }
2677
2678 struct dcesrv_socket_context {
2679 const struct dcesrv_endpoint *endpoint;
2680 struct dcesrv_context *dcesrv_ctx;
2681 };
2682
2683
2684 static void dcesrv_read_fragment_done(struct tevent_req *subreq);
2685
2686 static void dcesrv_sock_accept(struct stream_connection *srv_conn)
2687 {
2688 NTSTATUS status;
2689 struct dcesrv_socket_context *dcesrv_sock =
2690 talloc_get_type(srv_conn->private_data, struct dcesrv_socket_context);
2691 enum dcerpc_transport_t transport =
2692 dcerpc_binding_get_transport(dcesrv_sock->endpoint->ep_description);
2693 struct dcesrv_connection *dcesrv_conn = NULL;
2694 int ret;
2695 struct tevent_req *subreq;
2696 struct loadparm_context *lp_ctx = dcesrv_sock->dcesrv_ctx->lp_ctx;
2697
2698 dcesrv_cleanup_broken_connections(dcesrv_sock->dcesrv_ctx);
2699
2700 if (!srv_conn->session_info) {
2701 status = auth_anonymous_session_info(srv_conn,
2702 lp_ctx,
2703 &srv_conn->session_info);
2704 if (!NT_STATUS_IS_OK(status)) {
2705 DEBUG(0,("dcesrv_sock_accept: auth_anonymous_session_info failed: %s\n",
2706 nt_errstr(status)));
2707 stream_terminate_connection(srv_conn, nt_errstr(status));
2708 return;
2709 }
2710 }
2711
2712 /*
2713 * This fills in dcesrv_conn->endpoint with the endpoint
2714 * associated with the socket. From this point on we know
2715 * which (group of) services we are handling, but not the
2716 * specific interface.
2717 */
2718
2719 status = dcesrv_endpoint_connect(dcesrv_sock->dcesrv_ctx,
2720 srv_conn,
2721 dcesrv_sock->endpoint,
2722 srv_conn->session_info,
2723 srv_conn->event.ctx,
2724 srv_conn->msg_ctx,
2725 srv_conn->server_id,
2726 DCESRV_CALL_STATE_FLAG_MAY_ASYNC,
2727 &dcesrv_conn);
2728 if (!NT_STATUS_IS_OK(status)) {
2729 DEBUG(0,("dcesrv_sock_accept: dcesrv_endpoint_connect failed: %s\n",
2730 nt_errstr(status)));
2731 stream_terminate_connection(srv_conn, nt_errstr(status));
2732 return;
2733 }
2734
2735 dcesrv_conn->transport.private_data = srv_conn;
2736 dcesrv_conn->transport.report_output_data = dcesrv_sock_report_output_data;
2737
2738 TALLOC_FREE(srv_conn->event.fde);
2739
2740 dcesrv_conn->send_queue = tevent_queue_create(dcesrv_conn, "dcesrv send queue");
2741 if (!dcesrv_conn->send_queue) {
2742 status = NT_STATUS_NO_MEMORY;
2743 DEBUG(0,("dcesrv_sock_accept: tevent_queue_create(%s)\n",
2744 nt_errstr(status)));
2745 stream_terminate_connection(srv_conn, nt_errstr(status));
2746 return;
2747 }
2748
2749 if (transport == NCACN_NP) {
2750 dcesrv_conn->stream = talloc_move(dcesrv_conn,
2751 &srv_conn->tstream);
2752 } else {
2753 ret = tstream_bsd_existing_socket(dcesrv_conn,
2754 socket_get_fd(srv_conn->socket),
2755 &dcesrv_conn->stream);
2756 if (ret == -1) {
2757 status = map_nt_error_from_unix_common(errno);
2758 DEBUG(0, ("dcesrv_sock_accept: "
2759 "failed to setup tstream: %s\n",
2760 nt_errstr(status)));
2761 stream_terminate_connection(srv_conn, nt_errstr(status));
2762 return;
2763 }
2764 socket_set_flags(srv_conn->socket, SOCKET_FLAG_NOCLOSE);
2765 }
2766
2767 dcesrv_conn->local_address = srv_conn->local_address;
2768 dcesrv_conn->remote_address = srv_conn->remote_address;
2769
2770 if (transport == NCALRPC) {
2771 uid_t uid;
2772 gid_t gid;
2773 int sock_fd;
2774
2775 sock_fd = socket_get_fd(srv_conn->socket);
2776 if (sock_fd == -1) {
2777 stream_terminate_connection(
2778 srv_conn, "socket_get_fd failed\n");
2779 return;
2780 }
2781
2782 ret = getpeereid(sock_fd, &uid, &gid);
2783 if (ret == -1) {
2784 status = map_nt_error_from_unix_common(errno);
2785 DEBUG(0, ("dcesrv_sock_accept: "
2786 "getpeereid() failed for NCALRPC: %s\n",
2787 nt_errstr(status)));
2788 stream_terminate_connection(srv_conn, nt_errstr(status));
2789 return;
2790 }
2791 if (uid == dcesrv_conn->dce_ctx->initial_euid) {
2792 struct tsocket_address *r = NULL;
2793
2794 ret = tsocket_address_unix_from_path(dcesrv_conn,
2795 AS_SYSTEM_MAGIC_PATH_TOKEN,
2796 &r);
2797 if (ret == -1) {
2798 status = map_nt_error_from_unix_common(errno);
2799 DEBUG(0, ("dcesrv_sock_accept: "
2800 "tsocket_address_unix_from_path() failed for NCALRPC: %s\n",
2801 nt_errstr(status)));
2802 stream_terminate_connection(srv_conn, nt_errstr(status));
2803 return;
2804 }
2805 dcesrv_conn->remote_address = r;
2806 }
2807 }
2808
2809 srv_conn->private_data = dcesrv_conn;
2810
2811 subreq = dcerpc_read_ncacn_packet_send(dcesrv_conn,
2812 dcesrv_conn->event_ctx,
2813 dcesrv_conn->stream);
2814 if (!subreq) {
2815 status = NT_STATUS_NO_MEMORY;
2816 DEBUG(0,("dcesrv_sock_accept: dcerpc_read_fragment_buffer_send(%s)\n",
2817 nt_errstr(status)));
2818 stream_terminate_connection(srv_conn, nt_errstr(status));
2819 return;
2820 }
2821 tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dcesrv_conn);
2822
2823 return;
2824 }
2825
2826 static void dcesrv_conn_wait_done(struct tevent_req *subreq);
2827
2828 static void dcesrv_read_fragment_done(struct tevent_req *subreq)
2829 {
2830 struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq,
2831 struct dcesrv_connection);
2832 struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
2833 struct ncacn_packet *pkt;
2834 DATA_BLOB buffer;
2835 NTSTATUS status;
2836
2837 if (dce_conn->terminate) {
2838 /*
2839 * if the current connection is broken
2840 * we need to clean it up before any other connection
2841 */
2842 dcesrv_terminate_connection(dce_conn, dce_conn->terminate);
2843 dcesrv_cleanup_broken_connections(dce_ctx);
2844 return;
2845 }
2846
2847 dcesrv_cleanup_broken_connections(dce_ctx);
2848
2849 status = dcerpc_read_ncacn_packet_recv(subreq, dce_conn,
2850 &pkt, &buffer);
2851 TALLOC_FREE(subreq);
2852 if (!NT_STATUS_IS_OK(status)) {
2853 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2854 return;
2855 }
2856
2857 status = dcesrv_process_ncacn_packet(dce_conn, pkt, buffer);
2858 if (!NT_STATUS_IS_OK(status)) {
2859 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2860 return;
2861 }
2862
2863 /*
2864 * This is used to block the connection during
2865 * pending authentication.
2866 */
2867 if (dce_conn->wait_send != NULL) {
2868 subreq = dce_conn->wait_send(dce_conn,
2869 dce_conn->event_ctx,
2870 dce_conn->wait_private);
2871 if (!subreq) {
2872 status = NT_STATUS_NO_MEMORY;
2873 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2874 return;
2875 }
2876 tevent_req_set_callback(subreq, dcesrv_conn_wait_done, dce_conn);
2877 return;
2878 }
2879
2880 subreq = dcerpc_read_ncacn_packet_send(dce_conn,
2881 dce_conn->event_ctx,
2882 dce_conn->stream);
2883 if (!subreq) {
2884 status = NT_STATUS_NO_MEMORY;
2885 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2886 return;
2887 }
2888 tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dce_conn);
2889 }
2890
2891 static void dcesrv_conn_wait_done(struct tevent_req *subreq)
2892 {
2893 struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq,
2894 struct dcesrv_connection);
2895 struct dcesrv_context *dce_ctx = dce_conn->dce_ctx;
2896 NTSTATUS status;
2897
2898 if (dce_conn->terminate) {
2899 /*
2900 * if the current connection is broken
2901 * we need to clean it up before any other connection
2902 */
2903 dcesrv_terminate_connection(dce_conn, dce_conn->terminate);
2904 dcesrv_cleanup_broken_connections(dce_ctx);
2905 return;
2906 }
2907
2908 dcesrv_cleanup_broken_connections(dce_ctx);
2909
2910 status = dce_conn->wait_recv(subreq);
2911 dce_conn->wait_send = NULL;
2912 dce_conn->wait_recv = NULL;
2913 dce_conn->wait_private = NULL;
2914 TALLOC_FREE(subreq);
2915 if (!NT_STATUS_IS_OK(status)) {
2916 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2917 return;
2918 }
2919
2920 subreq = dcerpc_read_ncacn_packet_send(dce_conn,
2921 dce_conn->event_ctx,
2922 dce_conn->stream);
2923 if (!subreq) {
2924 status = NT_STATUS_NO_MEMORY;
2925 dcesrv_terminate_connection(dce_conn, nt_errstr(status));
2926 return;
2927 }
2928 tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dce_conn);
2929 }
2930
2931 static void dcesrv_sock_recv(struct stream_connection *conn, uint16_t flags)
2932 {
2933 struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data,
2934 struct dcesrv_connection);
2935 dcesrv_terminate_connection(dce_conn, "dcesrv_sock_recv triggered");
2936 }
2937
2938 static void dcesrv_sock_send(struct stream_connection *conn, uint16_t flags)
2939 {
2940 struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data,
2941 struct dcesrv_connection);
2942 dcesrv_terminate_connection(dce_conn, "dcesrv_sock_send triggered");
2943 }
2944
2945
2946 static const struct stream_server_ops dcesrv_stream_ops = {
2947 .name = "rpc",
2948 .accept_connection = dcesrv_sock_accept,
2949 .recv_handler = dcesrv_sock_recv,
2950 .send_handler = dcesrv_sock_send,
2951 };
2952
2953 static NTSTATUS dcesrv_add_ep_unix(struct dcesrv_context *dce_ctx,
2954 struct loadparm_context *lp_ctx,
2955 struct dcesrv_endpoint *e,
2956 struct tevent_context *event_ctx,
2957 const struct model_ops *model_ops,
2958 void *process_context)
2959 {
2960 struct dcesrv_socket_context *dcesrv_sock;
2961 uint16_t port = 1;
2962 NTSTATUS status;
2963 const char *endpoint;
2964
2965 dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
2966 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
2967
2968 /* remember the endpoint of this socket */
2969 dcesrv_sock->endpoint = e;
2970 dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx);
2971
2972 endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
2973
2974 status = stream_setup_socket(dcesrv_sock, event_ctx, lp_ctx,
2975 model_ops, &dcesrv_stream_ops,
2976 "unix", endpoint, &port,
2977 lpcfg_socket_options(lp_ctx),
2978 dcesrv_sock, process_context);
2979 if (!NT_STATUS_IS_OK(status)) {
2980 DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n",
2981 endpoint, nt_errstr(status)));
2982 }
2983
2984 return status;
2985 }
2986
2987 static NTSTATUS dcesrv_add_ep_ncalrpc(struct dcesrv_context *dce_ctx,
2988 struct loadparm_context *lp_ctx,
2989 struct dcesrv_endpoint *e,
2990 struct tevent_context *event_ctx,
2991 const struct model_ops *model_ops,
2992 void *process_context)
2993 {
2994 struct dcesrv_socket_context *dcesrv_sock;
2995 uint16_t port = 1;
2996 char *full_path;
2997 NTSTATUS status;
2998 const char *endpoint;
2999
3000 endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
3001
3002 if (endpoint == NULL) {
3003 /*
3004 * No identifier specified: use DEFAULT.
3005 *
3006 * TODO: DO NOT hardcode this value anywhere else. Rather, specify
3007 * no endpoint and let the epmapper worry about it.
3008 */
3009 endpoint = "DEFAULT";
3010 status = dcerpc_binding_set_string_option(e->ep_description,
3011 "endpoint",
3012 endpoint);
3013 if (!NT_STATUS_IS_OK(status)) {
3014 DEBUG(0,("dcerpc_binding_set_string_option() failed - %s\n",
3015 nt_errstr(status)));
3016 return status;
3017 }
3018 }
3019
3020 full_path = talloc_asprintf(dce_ctx, "%s/%s", lpcfg_ncalrpc_dir(lp_ctx),
3021 endpoint);
3022
3023 dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
3024 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
3025
3026 /* remember the endpoint of this socket */
3027 dcesrv_sock->endpoint = e;
3028 dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx);
3029
3030 status = stream_setup_socket(dcesrv_sock, event_ctx, lp_ctx,
3031 model_ops, &dcesrv_stream_ops,
3032 "unix", full_path, &port,
3033 lpcfg_socket_options(lp_ctx),
3034 dcesrv_sock, process_context);
3035 if (!NT_STATUS_IS_OK(status)) {
3036 DEBUG(0,("service_setup_stream_socket(identifier=%s,path=%s) failed - %s\n",
3037 endpoint, full_path, nt_errstr(status)));
3038 }
3039 return status;
3040 }
3041
3042 static NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx,
3043 struct loadparm_context *lp_ctx,
3044 struct dcesrv_endpoint *e,
3045 struct tevent_context *event_ctx,
3046 const struct model_ops *model_ops,
3047 void *process_context)
3048 {
3049 struct dcesrv_socket_context *dcesrv_sock;
3050 NTSTATUS status;
3051 const char *endpoint;
3052
3053 endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
3054 if (endpoint == NULL) {
3055 DEBUG(0, ("Endpoint mandatory for named pipes\n"));
3056 return NT_STATUS_INVALID_PARAMETER;
3057 }
3058
3059 dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
3060 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
3061
3062 /* remember the endpoint of this socket */
3063 dcesrv_sock->endpoint = e;
3064 dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx);
3065
3066 status = tstream_setup_named_pipe(dce_ctx, event_ctx, lp_ctx,
3067 model_ops, &dcesrv_stream_ops,
3068 endpoint,
3069 dcesrv_sock, process_context);
3070 if (!NT_STATUS_IS_OK(status)) {
3071 DEBUG(0,("stream_setup_named_pipe(pipe=%s) failed - %s\n",
3072 endpoint, nt_errstr(status)));
3073 return status;
3074 }
3075
3076 return NT_STATUS_OK;
3077 }
3078
3079 /*
3080 add a socket address to the list of events, one event per dcerpc endpoint
3081 */
3082 static NTSTATUS add_socket_rpc_tcp_iface(struct dcesrv_context *dce_ctx,
3083 struct dcesrv_endpoint *e,
3084 struct tevent_context *event_ctx,
3085 const struct model_ops *model_ops,
3086 const char *address,
3087 void *process_context)
3088 {
3089 struct dcesrv_socket_context *dcesrv_sock;
3090 uint16_t port = 0;
3091 NTSTATUS status;
3092 const char *endpoint;
3093 char port_str[6];
3094
3095 endpoint = dcerpc_binding_get_string_option(e->ep_description, "endpoint");
3096 if (endpoint != NULL) {
3097 port = atoi(endpoint);
3098 }
3099
3100 dcesrv_sock = talloc_zero(event_ctx, struct dcesrv_socket_context);
3101 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock);
3102
3103 /* remember the endpoint of this socket */
3104 dcesrv_sock->endpoint = e;
3105 dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx);
3106
3107 status = stream_setup_socket(dcesrv_sock, event_ctx, dce_ctx->lp_ctx,
3108 model_ops, &dcesrv_stream_ops,
3109 "ip", address, &port,
3110 lpcfg_socket_options(dce_ctx->lp_ctx),
3111 dcesrv_sock, process_context);
3112 if (!NT_STATUS_IS_OK(status)) {
3113 struct dcesrv_if_list *iface;
3114 DEBUG(0,("service_setup_stream_socket(address=%s,port=%u) for ",
3115 address, port));
3116 for (iface = e->interface_list; iface; iface = iface->next) {
3117 DEBUGADD(0, ("%s ", iface->iface.name));
3118 }
3119 DEBUGADD(0, ("failed - %s",
3120 nt_errstr(status)));
3121 return status;
3122 }
3123
3124 snprintf(port_str, sizeof(port_str), "%u", port);
3125
3126 status = dcerpc_binding_set_string_option(e->ep_description,
3127 "endpoint", port_str);
3128 if (!NT_STATUS_IS_OK(status)) {
3129 DEBUG(0,("dcerpc_binding_set_string_option(endpoint, %s) failed - %s\n",
3130 port_str, nt_errstr(status)));
3131 return status;
3132 } else {
3133 struct dcesrv_if_list *iface;
3134 DEBUG(4,("Successfully listening on ncacn_ip_tcp endpoint [%s]:[%s] for ",
3135 address, port_str));
3136 for (iface = e->interface_list; iface; iface = iface->next) {
3137 DEBUGADD(4, ("%s ", iface->iface.name));
3138 }
3139 DEBUGADD(4, ("\n"));
3140 }
3141
3142 return NT_STATUS_OK;
3143 }
3144
3145 #include "lib/socket/netif.h" /* Included here to work around the fact that socket_wrapper redefines bind() */
3146
3147 static NTSTATUS dcesrv_add_ep_tcp(struct dcesrv_context *dce_ctx,
3148 struct loadparm_context *lp_ctx,
3149 struct dcesrv_endpoint *e,
3150 struct tevent_context *event_ctx,
3151 const struct model_ops *model_ops,
3152 void *process_context)
3153 {
3154 NTSTATUS status;
3155
3156 /* Add TCP/IP sockets */
3157 if (lpcfg_interfaces(lp_ctx) && lpcfg_bind_interfaces_only(lp_ctx)) {
3158 int num_interfaces;
3159 int i;
3160 struct interface *ifaces;
3161
3162 load_interface_list(dce_ctx, lp_ctx, &ifaces);
3163
3164 num_interfaces = iface_list_count(ifaces);
3165 for(i = 0; i < num_interfaces; i++) {
3166 const char *address = iface_list_n_ip(ifaces, i);
3167 status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
3168 model_ops, address,
3169 process_context);
3170 NT_STATUS_NOT_OK_RETURN(status);
3171 }
3172 } else {
3173 char **wcard;
3174 size_t i;
3175 size_t num_binds = 0;
3176 wcard = iface_list_wildcard(dce_ctx);
3177 NT_STATUS_HAVE_NO_MEMORY(wcard);
3178 for (i=0; wcard[i]; i++) {
3179 status = add_socket_rpc_tcp_iface(dce_ctx, e, event_ctx,
3180 model_ops, wcard[i],
3181 process_context);
3182 if (NT_STATUS_IS_OK(status)) {
3183 num_binds++;
3184 }
3185 }
3186 talloc_free(wcard);
3187 if (num_binds == 0) {
3188 return NT_STATUS_INVALID_PARAMETER_MIX;
3189 }
3190 }
3191
3192 return NT_STATUS_OK;
3193 }
3194
3195 NTSTATUS dcesrv_add_ep(struct dcesrv_context *dce_ctx,
3196 struct loadparm_context *lp_ctx,
3197 struct dcesrv_endpoint *e,
3198 struct tevent_context *event_ctx,
3199 const struct model_ops *model_ops,
3200 void *process_context)
3201 {
3202 enum dcerpc_transport_t transport =
3203 dcerpc_binding_get_transport(e->ep_description);
3204
3205 switch (transport) {
3206 case NCACN_UNIX_STREAM:
3207 return dcesrv_add_ep_unix(dce_ctx, lp_ctx, e, event_ctx,
3208 model_ops, process_context);
3209
3210 case NCALRPC:
3211 return dcesrv_add_ep_ncalrpc(dce_ctx, lp_ctx, e, event_ctx,
3212 model_ops, process_context);
3213
3214 case NCACN_IP_TCP:
3215 return dcesrv_add_ep_tcp(dce_ctx, lp_ctx, e, event_ctx,
3216 model_ops, process_context);
3217
3218 case NCACN_NP:
3219 return dcesrv_add_ep_np(dce_ctx, lp_ctx, e, event_ctx,
3220 model_ops, process_context);
3221
3222 default:
3223 return NT_STATUS_NOT_SUPPORTED;
3224 }
3225 }
3226
3227
3228 /**
3229 * retrieve credentials from a dce_call
3230 */
3231 _PUBLIC_ struct cli_credentials *dcesrv_call_credentials(struct dcesrv_call_state *dce_call)
3232 {
3233 struct dcesrv_auth *auth = dce_call->auth_state;
3234 return auth->session_info->credentials;
3235 }
3236
3237 /**
3238 * returns true if this is an authenticated call
3239 */
3240 _PUBLIC_ bool dcesrv_call_authenticated(struct dcesrv_call_state *dce_call)
3241 {
3242 struct dcesrv_auth *auth = dce_call->auth_state;
3243 enum security_user_level level;
3244 level = security_session_user_level(auth->session_info, NULL);
3245 return level >= SECURITY_USER;
3246 }
3247
3248 /**
3249 * retrieve account_name for a dce_call
3250 */
3251 _PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call)
3252 {
3253 struct dcesrv_auth *auth = dce_call->auth_state;
3254 return auth->session_info->info->account_name;
3255 }
3256
3257 /**
3258 * retrieve session_info from a dce_call
3259 */
3260 _PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call)
3261 {
3262 struct dcesrv_auth *auth = dce_call->auth_state;
3263 return auth->session_info;
3264 }
3265
3266 /**
3267 * retrieve auth type/level from a dce_call
3268 */
3269 _PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call,
3270 enum dcerpc_AuthType *auth_type,
3271 enum dcerpc_AuthLevel *auth_level)
3272 {
3273 struct dcesrv_auth *auth = dce_call->auth_state;
3274
3275 if (auth_type != NULL) {
3276 *auth_type = auth->auth_type;
3277 }
3278 if (auth_level != NULL) {
3279 *auth_level = auth->auth_level;
3280 }
3281 }
Samba GIT mirror