search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:librpc: autonegotiate SMB1/2/3
[Samba.git] / source4 / librpc / rpc / dcerpc_connect.c
blobc23e85e7cb1933307b888645681db9dc114ec401
1 /*
2 Unix SMB/CIFS implementation.
3
4 dcerpc connect functions
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Jelmer Vernooij 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2007
9 Copyright (C) Rafal Szczesniak 2005
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25
26 #include "includes.h"
27 #include "libcli/composite/composite.h"
28 #include "libcli/smb_composite/smb_composite.h"
29 #include "lib/events/events.h"
30 #include "libcli/smb2/smb2.h"
31 #include "libcli/smb2/smb2_calls.h"
32 #include "libcli/smb/smbXcli_base.h"
33 #include "librpc/rpc/dcerpc.h"
34 #include "librpc/rpc/dcerpc_proto.h"
35 #include "auth/credentials/credentials.h"
36 #include "param/param.h"
37 #include "libcli/resolve/resolve.h"
38 #include "lib/http/http.h"
39 #include "lib/util/util_net.h"
40
41 struct dcerpc_pipe_connect {
42 struct dcecli_connection *conn;
43 struct dcerpc_binding *binding;
44 const struct ndr_interface_table *interface;
45 struct cli_credentials *creds;
46 struct resolve_context *resolve_ctx;
47 struct {
48 const char *dir;
49 } ncalrpc;
50 struct {
51 struct smbXcli_conn *conn;
52 struct smbXcli_session *session;
53 struct smbXcli_tcon *tcon;
54 const char *pipe_name;
55 } smb;
56 };
57
58 struct pipe_np_smb_state {
59 struct smb_composite_connect conn;
60 struct dcerpc_pipe_connect io;
61 };
62
63
64 /*
65 Stage 3 of ncacn_np_smb: Named pipe opened (or not)
66 */
67 static void continue_pipe_open_smb(struct composite_context *ctx)
68 {
69 struct composite_context *c = talloc_get_type(ctx->async.private_data,
70 struct composite_context);
71
72 /* receive result of named pipe open request on smb */
73 c->status = dcerpc_pipe_open_smb_recv(ctx);
74 if (!composite_is_ok(c)) return;
75
76 composite_done(c);
77 }
78
79 static void continue_smb_open(struct composite_context *c);
80 static void continue_smb2_connect(struct tevent_req *subreq);
81 static void continue_smbXcli_connect(struct tevent_req *subreq);
82
83 /*
84 Stage 2 of ncacn_np_smb: Open a named pipe after successful smb connection
85 */
86 static void continue_smb_connect(struct composite_context *ctx)
87 {
88 struct composite_context *c = talloc_get_type(ctx->async.private_data,
89 struct composite_context);
90 struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
91 struct pipe_np_smb_state);
92 struct smbcli_tree *t;
93
94 /* receive result of smb connect request */
95 c->status = smb_composite_connect_recv(ctx, s->io.conn);
96 if (!composite_is_ok(c)) return;
97
98 t = s->conn.out.tree;
99
100 /* prepare named pipe open parameters */
101 s->io.smb.conn = t->session->transport->conn;
102 s->io.smb.session = t->session->smbXcli;
103 s->io.smb.tcon = t->smbXcli;
104 smb1cli_tcon_set_id(s->io.smb.tcon, t->tid);
105 s->io.smb.pipe_name = dcerpc_binding_get_string_option(s->io.binding,
106 "endpoint");
107
108 continue_smb_open(c);
109 }
110
111 static void continue_smb_open(struct composite_context *c)
112 {
113 struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
114 struct pipe_np_smb_state);
115 struct composite_context *open_ctx;
116
117 /* send named pipe open request */
118 open_ctx = dcerpc_pipe_open_smb_send(s->io.conn,
119 s->io.smb.conn,
120 s->io.smb.session,
121 s->io.smb.tcon,
122 DCERPC_REQUEST_TIMEOUT * 1000,
123 s->io.smb.pipe_name);
124 if (composite_nomem(open_ctx, c)) return;
125
126 composite_continue(c, open_ctx, continue_pipe_open_smb, c);
127 }
128
129
130 /*
131 Initiate async open of a rpc connection to a rpc pipe on SMB using
132 the binding structure to determine the endpoint and options
133 */
134 static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe_connect *io, struct loadparm_context *lp_ctx)
135 {
136 struct composite_context *c;
137 struct pipe_np_smb_state *s;
138 struct tevent_req *subreq = NULL;
139 struct smb_composite_connect *conn;
140 uint32_t flags;
141 const char *target_hostname = NULL;
142 const char *dest_address = NULL;
143 const char *calling_name = NULL;
144
145 /* composite context allocation and setup */
146 c = composite_create(mem_ctx, io->conn->event_ctx);
147 if (c == NULL) return NULL;
148
149 s = talloc_zero(c, struct pipe_np_smb_state);
150 if (composite_nomem(s, c)) return c;
151 c->private_data = s;
152
153 s->io = *io;
154 conn = &s->conn;
155
156 if (smbXcli_conn_is_connected(s->io.smb.conn)) {
157 continue_smb_open(c);
158 return c;
159 }
160
161 if (s->io.creds == NULL) {
162 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
163 return c;
164 }
165
166 /* prepare smb connection parameters: we're connecting to IPC$ share on
167 remote rpc server */
168 target_hostname = dcerpc_binding_get_string_option(s->io.binding, "target_hostname");
169 conn->in.dest_host = dcerpc_binding_get_string_option(s->io.binding, "host");
170 conn->in.dest_ports = lpcfg_smb_ports(lp_ctx);
171 conn->in.called_name = target_hostname;
172 if (conn->in.called_name == NULL) {
173 conn->in.called_name = "*SMBSERVER";
174 }
175 conn->in.socket_options = lpcfg_socket_options(lp_ctx);
176 conn->in.service = "IPC$";
177 conn->in.service_type = NULL;
178 conn->in.workgroup = lpcfg_workgroup(lp_ctx);
179 conn->in.gensec_settings = lpcfg_gensec_settings(conn, lp_ctx);
180
181 lpcfg_smbcli_options(lp_ctx, &conn->in.options);
182 lpcfg_smbcli_session_options(lp_ctx, &conn->in.session_options);
183
184 /*
185 * provide proper credentials - user supplied, but allow a
186 * fallback to anonymous if this is an schannel connection
187 * (might be NT4 not allowing machine logins at session
188 * setup) or if asked to do so by the caller (perhaps a SAMR password change?)
189 */
190 s->conn.in.credentials = s->io.creds;
191 flags = dcerpc_binding_get_flags(s->io.binding);
192 if (flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) {
193 conn->in.fallback_to_anonymous = true;
194 } else {
195 conn->in.fallback_to_anonymous = false;
196 }
197
198 conn->in.options.min_protocol = lpcfg_client_ipc_min_protocol(lp_ctx);
199 conn->in.options.max_protocol = lpcfg_client_ipc_max_protocol(lp_ctx);
200 if ((flags & DCERPC_SMB1) && (flags & DCERPC_SMB2)) {
201 /* auto */
202 } else if (flags & DCERPC_SMB2) {
203 if (conn->in.options.min_protocol < PROTOCOL_SMB2_02) {
204 conn->in.options.min_protocol = PROTOCOL_SMB2_02;
205 }
206 if (conn->in.options.max_protocol < PROTOCOL_SMB2_02) {
207 conn->in.options.max_protocol = PROTOCOL_LATEST;
208 }
209 } else if (flags & DCERPC_SMB1) {
210 conn->in.options.min_protocol = PROTOCOL_NT1;
211 conn->in.options.max_protocol = PROTOCOL_NT1;
212 } else {
213 /* auto */
214 }
215
216 conn->in.options.signing = lpcfg_client_ipc_signing(lp_ctx);
217
218 if (s->conn.in.credentials != NULL) {
219 calling_name = cli_credentials_get_workstation(s->conn.in.credentials);
220 }
221 if (calling_name == NULL) {
222 calling_name = "SMBCLIENT";
223 }
224
225 if (target_hostname == NULL) {
226 target_hostname = conn->in.dest_host;
227 }
228
229 if (is_ipaddress(conn->in.dest_host)) {
230 dest_address = conn->in.dest_host;
231 }
232
233 subreq = smb_connect_nego_send(s,
234 c->event_ctx,
235 s->io.resolve_ctx,
236 &conn->in.options,
237 conn->in.socket_options,
238 conn->in.dest_host,
239 dest_address,
240 conn->in.dest_ports,
241 target_hostname,
242 conn->in.called_name,
243 calling_name);
244 if (composite_nomem(subreq, c)) return c;
245 tevent_req_set_callback(subreq,
246 continue_smbXcli_connect,
247 c);
248
249 return c;
250 }
251
252 static void continue_smbXcli_connect(struct tevent_req *subreq)
253 {
254 struct composite_context *c =
255 tevent_req_callback_data(subreq,
256 struct composite_context);
257 struct pipe_np_smb_state *s =
258 talloc_get_type_abort(c->private_data,
259 struct pipe_np_smb_state);
260 struct smb_composite_connect *conn = &s->conn;
261 struct composite_context *creq = NULL;
262 enum protocol_types protocol;
263
264 c->status = smb_connect_nego_recv(subreq, s,
265 &conn->in.existing_conn);
266 TALLOC_FREE(subreq);
267 if (!composite_is_ok(c)) return;
268
269 protocol = smbXcli_conn_protocol(conn->in.existing_conn);
270 if (protocol >= PROTOCOL_SMB2_02) {
271 /*
272 * continue with smb2 session setup/tree connect
273 * on the established connection.
274 */
275 subreq = smb2_connect_send(s, c->event_ctx,
276 conn->in.dest_host,
277 conn->in.dest_ports,
278 conn->in.service,
279 s->io.resolve_ctx,
280 conn->in.credentials,
281 conn->in.fallback_to_anonymous,
282 &conn->in.existing_conn,
283 0, /* previous_session_id */
284 &conn->in.options,
285 conn->in.socket_options,
286 conn->in.gensec_settings);
287 if (composite_nomem(subreq, c)) return;
288 tevent_req_set_callback(subreq, continue_smb2_connect, c);
289 return;
290 }
291
292 /*
293 * continue with smb1 session setup/tree connect
294 * on the established connection.
295 */
296 creq = smb_composite_connect_send(conn, s->io.conn,
297 s->io.resolve_ctx,
298 c->event_ctx);
299 if (composite_nomem(creq, c)) return;
300
301 composite_continue(c, creq, continue_smb_connect, c);
302 return;
303 }
304
305
306 /*
307 Receive result of a rpc connection to a rpc pipe on SMB
308 */
309 static NTSTATUS dcerpc_pipe_connect_ncacn_np_smb_recv(struct composite_context *c)
310 {
311 NTSTATUS status = composite_wait(c);
312
313 talloc_free(c);
314 return status;
315 }
316
317 /*
318 Stage 2 of ncacn_np_smb2: Open a named pipe after successful smb2 connection
319 */
320 static void continue_smb2_connect(struct tevent_req *subreq)
321 {
322 struct composite_context *c =
323 tevent_req_callback_data(subreq,
324 struct composite_context);
325 struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
326 struct pipe_np_smb_state);
327 struct smb2_tree *t;
328
329 /* receive result of smb2 connect request */
330 c->status = smb2_connect_recv(subreq, s->io.conn, &t);
331 TALLOC_FREE(subreq);
332 if (!composite_is_ok(c)) return;
333
334 s->io.smb.conn = t->session->transport->conn;
335 s->io.smb.session = t->session->smbXcli;
336 s->io.smb.tcon = t->smbXcli;
337 s->io.smb.pipe_name = dcerpc_binding_get_string_option(s->io.binding,
338 "endpoint");
339
340 continue_smb_open(c);
341 }
342
343
344 struct pipe_ip_tcp_state {
345 struct dcerpc_pipe_connect io;
346 const char *localaddr;
347 const char *host;
348 const char *target_hostname;
349 uint32_t port;
350 };
351
352
353 /*
354 Stage 2 of ncacn_ip_tcp: rpc pipe opened (or not)
355 */
356 static void continue_pipe_open_ncacn_ip_tcp(struct composite_context *ctx)
357 {
358 struct composite_context *c = talloc_get_type(ctx->async.private_data,
359 struct composite_context);
360 struct pipe_ip_tcp_state *s = talloc_get_type(c->private_data,
361 struct pipe_ip_tcp_state);
362 char *localaddr = NULL;
363 char *remoteaddr = NULL;
364
365 /* receive result of named pipe open request on tcp/ip */
366 c->status = dcerpc_pipe_open_tcp_recv(ctx, s, &localaddr, &remoteaddr);
367 if (!composite_is_ok(c)) return;
368
369 c->status = dcerpc_binding_set_string_option(s->io.binding,
370 "localaddress",
371 localaddr);
372 if (!composite_is_ok(c)) return;
373
374 c->status = dcerpc_binding_set_string_option(s->io.binding,
375 "host",
376 remoteaddr);
377 if (!composite_is_ok(c)) return;
378
379 composite_done(c);
380 }
381
382
383 /*
384 Initiate async open of a rpc connection to a rpc pipe on TCP/IP using
385 the binding structure to determine the endpoint and options
386 */
387 static struct composite_context* dcerpc_pipe_connect_ncacn_ip_tcp_send(TALLOC_CTX *mem_ctx,
388 struct dcerpc_pipe_connect *io)
389 {
390 struct composite_context *c;
391 struct pipe_ip_tcp_state *s;
392 struct composite_context *pipe_req;
393 const char *endpoint;
394
395 /* composite context allocation and setup */
396 c = composite_create(mem_ctx, io->conn->event_ctx);
397 if (c == NULL) return NULL;
398
399 s = talloc_zero(c, struct pipe_ip_tcp_state);
400 if (composite_nomem(s, c)) return c;
401 c->private_data = s;
402
403 /* store input parameters in state structure */
404 s->io = *io;
405 s->localaddr = dcerpc_binding_get_string_option(io->binding,
406 "localaddress");
407 s->host = dcerpc_binding_get_string_option(io->binding, "host");
408 s->target_hostname = dcerpc_binding_get_string_option(io->binding,
409 "target_hostname");
410 endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
411 /* port number is a binding endpoint here */
412 if (endpoint != NULL) {
413 s->port = atoi(endpoint);
414 }
415
416 if (s->port == 0) {
417 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
418 return c;
419 }
420
421 /* send pipe open request on tcp/ip */
422 pipe_req = dcerpc_pipe_open_tcp_send(s->io.conn, s->localaddr, s->host, s->target_hostname,
423 s->port, io->resolve_ctx);
424 composite_continue(c, pipe_req, continue_pipe_open_ncacn_ip_tcp, c);
425 return c;
426 }
427
428
429 /*
430 Receive result of a rpc connection to a rpc pipe on TCP/IP
431 */
432 static NTSTATUS dcerpc_pipe_connect_ncacn_ip_tcp_recv(struct composite_context *c)
433 {
434 NTSTATUS status = composite_wait(c);
435
436 talloc_free(c);
437 return status;
438 }
439
440
441 struct pipe_http_state {
442 struct dcerpc_pipe_connect io;
443 const char *localaddr;
444 const char *target_hostname;
445 const char *rpc_server;
446 uint32_t rpc_server_port;
447 char *rpc_proxy;
448 uint32_t rpc_proxy_port;
449 char *http_proxy;
450 uint32_t http_proxy_port;
451 bool use_tls;
452 bool use_proxy;
453 enum http_auth_method http_auth;
454 struct loadparm_context *lp_ctx;
455 };
456
457 /*
458 Stage 2 of ncacn_http: rpc pipe opened (or not)
459 */
460 static void continue_pipe_open_ncacn_http(struct tevent_req *subreq)
461 {
462 struct composite_context *c = NULL;
463 struct pipe_http_state *s = NULL;
464 struct tstream_context *stream = NULL;
465 struct tevent_queue *queue = NULL;
466
467 c = tevent_req_callback_data(subreq, struct composite_context);
468 s = talloc_get_type(c->private_data, struct pipe_http_state);
469
470 /* receive result of RoH connect request */
471 c->status = dcerpc_pipe_open_roh_recv(subreq, s->io.conn,
472 &stream, &queue);
473 TALLOC_FREE(subreq);
474 if (!composite_is_ok(c)) return;
475
476 s->io.conn->transport.transport = NCACN_HTTP;
477 s->io.conn->transport.stream = stream;
478 s->io.conn->transport.write_queue = queue;
479 s->io.conn->transport.pending_reads = 0;
480 s->io.conn->server_name = strupper_talloc(s->io.conn,
481 s->target_hostname);
482
483 composite_done(c);
484 }
485
486 /*
487 Initiate async open of a rpc connection to a rpc pipe using HTTP transport,
488 and using the binding structure to determine the endpoint and options
489 */
490 static struct composite_context* dcerpc_pipe_connect_ncacn_http_send(
491 TALLOC_CTX *mem_ctx, struct dcerpc_pipe_connect *io,
492 struct loadparm_context *lp_ctx)
493 {
494 struct composite_context *c;
495 struct pipe_http_state *s;
496 struct tevent_req *subreq;
497 const char *endpoint;
498 const char *use_proxy;
499 char *proxy;
500 char *port;
501 const char *opt;
502
503 /* composite context allocation and setup */
504 c = composite_create(mem_ctx, io->conn->event_ctx);
505 if (c == NULL) return NULL;
506
507 s = talloc_zero(c, struct pipe_http_state);
508 if (composite_nomem(s, c)) return c;
509 c->private_data = s;
510
511 /* store input parameters in state structure */
512 s->lp_ctx = lp_ctx;
513 s->io = *io;
514 s->localaddr = dcerpc_binding_get_string_option(io->binding,
515 "localaddress");
516 /* RPC server and port (the endpoint) */
517 s->rpc_server = dcerpc_binding_get_string_option(io->binding, "host");
518 s->target_hostname = dcerpc_binding_get_string_option(io->binding,
519 "target_hostname");
520 endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
521 if (endpoint == NULL) {
522 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
523 return c;
524 }
525 s->rpc_server_port = atoi(endpoint);
526 if (s->rpc_server_port == 0) {
527 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
528 return c;
529 }
530
531 /* Use TLS */
532 opt = dcerpc_binding_get_string_option(io->binding, "HttpUseTls");
533 if (opt) {
534 if (strcasecmp(opt, "true") == 0) {
535 s->use_tls = true;
536 } else if (strcasecmp(opt, "false") == 0) {
537 s->use_tls = false;
538 } else {
539 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
540 return c;
541 }
542 } else {
543 s->use_tls = true;
544 }
545
546 /* RPC Proxy */
547 proxy = port = talloc_strdup(s, dcerpc_binding_get_string_option(
548 io->binding, "RpcProxy"));
549 s->rpc_proxy = strsep(&port, ":");
550 if (proxy && port) {
551 s->rpc_proxy_port = atoi(port);
552 } else {
553 s->rpc_proxy_port = s->use_tls ? 443 : 80;
554 }
555 if (s->rpc_proxy == NULL) {
556 s->rpc_proxy = talloc_strdup(s, s->rpc_server);
557 if (composite_nomem(s->rpc_proxy, c)) return c;
558 }
559
560 /* HTTP Proxy */
561 proxy = port = talloc_strdup(s, dcerpc_binding_get_string_option(
562 io->binding, "HttpProxy"));
563 s->http_proxy = strsep(&port, ":");
564 if (proxy && port) {
565 s->http_proxy_port = atoi(port);
566 } else {
567 s->http_proxy_port = s->use_tls ? 443 : 80;
568 }
569
570 /* Use local proxy */
571 use_proxy = dcerpc_binding_get_string_option(io->binding,
572 "HttpConnectOption");
573 if (use_proxy && strcasecmp(use_proxy, "UseHttpProxy")) {
574 s->use_proxy = true;
575 }
576
577 /* If use local proxy set, the http proxy should be provided */
578 if (s->use_proxy && !s->http_proxy) {
579 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
580 return c;
581 }
582
583 /* Check which HTTP authentication method to use */
584 opt = dcerpc_binding_get_string_option(io->binding, "HttpAuthOption");
585 if (opt) {
586 if (strcasecmp(opt, "basic") == 0) {
587 s->http_auth = HTTP_AUTH_BASIC;
588 } else if (strcasecmp(opt, "ntlm") == 0) {
589 s->http_auth = HTTP_AUTH_NTLM;
590 } else if (strcasecmp(opt, "negotiate") == 0) {
591 s->http_auth = HTTP_AUTH_NEGOTIATE;
592 } else {
593 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
594 return c;
595 }
596 } else {
597 s->http_auth = HTTP_AUTH_NTLM;
598 }
599
600 subreq = dcerpc_pipe_open_roh_send(s->io.conn, s->localaddr,
601 s->rpc_server, s->rpc_server_port,
602 s->rpc_proxy, s->rpc_proxy_port,
603 s->http_proxy, s->http_proxy_port,
604 s->use_tls, s->use_proxy,
605 s->io.creds, io->resolve_ctx,
606 s->lp_ctx, s->http_auth);
607 if (composite_nomem(subreq, c)) return c;
608
609 tevent_req_set_callback(subreq, continue_pipe_open_ncacn_http, c);
610 return c;
611 }
612
613 static NTSTATUS dcerpc_pipe_connect_ncacn_http_recv(struct composite_context *c)
614 {
615 return composite_wait_free(c);
616 }
617
618
619 struct pipe_unix_state {
620 struct dcerpc_pipe_connect io;
621 const char *path;
622 };
623
624
625 /*
626 Stage 2 of ncacn_unix: rpc pipe opened (or not)
627 */
628 static void continue_pipe_open_ncacn_unix_stream(struct composite_context *ctx)
629 {
630 struct composite_context *c = talloc_get_type(ctx->async.private_data,
631 struct composite_context);
632
633 /* receive result of pipe open request on unix socket */
634 c->status = dcerpc_pipe_open_unix_stream_recv(ctx);
635 if (!composite_is_ok(c)) return;
636
637 composite_done(c);
638 }
639
640
641 /*
642 Initiate async open of a rpc connection to a rpc pipe on unix socket using
643 the binding structure to determine the endpoint and options
644 */
645 static struct composite_context* dcerpc_pipe_connect_ncacn_unix_stream_send(TALLOC_CTX *mem_ctx,
646 struct dcerpc_pipe_connect *io)
647 {
648 struct composite_context *c;
649 struct pipe_unix_state *s;
650 struct composite_context *pipe_req;
651
652 /* composite context allocation and setup */
653 c = composite_create(mem_ctx, io->conn->event_ctx);
654 if (c == NULL) return NULL;
655
656 s = talloc_zero(c, struct pipe_unix_state);
657 if (composite_nomem(s, c)) return c;
658 c->private_data = s;
659
660 /* prepare pipe open parameters and store them in state structure
661 also, verify whether biding endpoint is not null */
662 s->io = *io;
663
664 s->path = dcerpc_binding_get_string_option(io->binding, "endpoint");
665 if (s->path == NULL) {
666 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
667 return c;
668 }
669
670 /* send pipe open request on unix socket */
671 pipe_req = dcerpc_pipe_open_unix_stream_send(s->io.conn, s->path);
672 composite_continue(c, pipe_req, continue_pipe_open_ncacn_unix_stream, c);
673 return c;
674 }
675
676
677 /*
678 Receive result of a rpc connection to a pipe on unix socket
679 */
680 static NTSTATUS dcerpc_pipe_connect_ncacn_unix_stream_recv(struct composite_context *c)
681 {
682 NTSTATUS status = composite_wait(c);
683
684 talloc_free(c);
685 return status;
686 }
687
688
689 struct pipe_ncalrpc_state {
690 struct dcerpc_pipe_connect io;
691 };
692
693 static NTSTATUS dcerpc_pipe_connect_ncalrpc_recv(struct composite_context *c);
694
695 /*
696 Stage 2 of ncalrpc: rpc pipe opened (or not)
697 */
698 static void continue_pipe_open_ncalrpc(struct composite_context *ctx)
699 {
700 struct composite_context *c = talloc_get_type(ctx->async.private_data,
701 struct composite_context);
702
703 /* receive result of pipe open request on ncalrpc */
704 c->status = dcerpc_pipe_connect_ncalrpc_recv(ctx);
705 if (!composite_is_ok(c)) return;
706
707 composite_done(c);
708 }
709
710
711 /*
712 Initiate async open of a rpc connection request on NCALRPC using
713 the binding structure to determine the endpoint and options
714 */
715 static struct composite_context* dcerpc_pipe_connect_ncalrpc_send(TALLOC_CTX *mem_ctx,
716 struct dcerpc_pipe_connect *io)
717 {
718 struct composite_context *c;
719 struct pipe_ncalrpc_state *s;
720 struct composite_context *pipe_req;
721 const char *endpoint;
722
723 /* composite context allocation and setup */
724 c = composite_create(mem_ctx, io->conn->event_ctx);
725 if (c == NULL) return NULL;
726
727 s = talloc_zero(c, struct pipe_ncalrpc_state);
728 if (composite_nomem(s, c)) return c;
729 c->private_data = s;
730
731 /* store input parameters in state structure */
732 s->io = *io;
733
734 endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
735 if (endpoint == NULL) {
736 composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
737 return c;
738 }
739
740 /* send pipe open request */
741 pipe_req = dcerpc_pipe_open_pipe_send(s->io.conn,
742 s->io.ncalrpc.dir,
743 endpoint);
744 composite_continue(c, pipe_req, continue_pipe_open_ncalrpc, c);
745 return c;
746 }
747
748
749 /*
750 Receive result of a rpc connection to a rpc pipe on NCALRPC
751 */
752 static NTSTATUS dcerpc_pipe_connect_ncalrpc_recv(struct composite_context *c)
753 {
754 NTSTATUS status = composite_wait(c);
755
756 talloc_free(c);
757 return status;
758 }
759
760
761 struct pipe_connect_state {
762 struct dcerpc_pipe *pipe;
763 struct dcerpc_binding *binding;
764 const struct ndr_interface_table *table;
765 struct cli_credentials *credentials;
766 struct loadparm_context *lp_ctx;
767 };
768
769
770 static void continue_map_binding(struct composite_context *ctx);
771 static void continue_connect(struct composite_context *c, struct pipe_connect_state *s);
772 static void continue_pipe_connect_ncacn_np_smb(struct composite_context *ctx);
773 static void continue_pipe_connect_ncacn_ip_tcp(struct composite_context *ctx);
774 static void continue_pipe_connect_ncacn_http(struct composite_context *ctx);
775 static void continue_pipe_connect_ncacn_unix(struct composite_context *ctx);
776 static void continue_pipe_connect_ncalrpc(struct composite_context *ctx);
777 static void continue_pipe_connect(struct composite_context *c, struct pipe_connect_state *s);
778 static void continue_pipe_auth(struct composite_context *ctx);
779
780
781 /*
782 Stage 2 of pipe_connect_b: Receive result of endpoint mapping
783 */
784 static void continue_map_binding(struct composite_context *ctx)
785 {
786 struct composite_context *c = talloc_get_type(ctx->async.private_data,
787 struct composite_context);
788 struct pipe_connect_state *s = talloc_get_type(c->private_data,
789 struct pipe_connect_state);
790 const char *endpoint;
791
792 c->status = dcerpc_epm_map_binding_recv(ctx);
793 if (!composite_is_ok(c)) return;
794
795 endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
796 DEBUG(4,("Mapped to DCERPC endpoint %s\n", endpoint));
797
798 continue_connect(c, s);
799 }
800
801
802 /*
803 Stage 2 of pipe_connect_b: Continue connection after endpoint is known
804 */
805 static void continue_connect(struct composite_context *c, struct pipe_connect_state *s)
806 {
807 struct dcerpc_pipe_connect pc;
808
809 /* potential exits to another stage by sending an async request */
810 struct composite_context *ncacn_np_smb_req;
811 struct composite_context *ncacn_ip_tcp_req;
812 struct composite_context *ncacn_http_req;
813 struct composite_context *ncacn_unix_req;
814 struct composite_context *ncalrpc_req;
815 enum dcerpc_transport_t transport;
816
817 /* dcerpc pipe connect input parameters */
818 ZERO_STRUCT(pc);
819 pc.conn = s->pipe->conn;
820 pc.binding = s->binding;
821 pc.interface = s->table;
822 pc.creds = s->credentials;
823 pc.resolve_ctx = lpcfg_resolve_context(s->lp_ctx);
824
825 transport = dcerpc_binding_get_transport(s->binding);
826
827 /* connect dcerpc pipe depending on required transport */
828 switch (transport) {
829 case NCACN_NP:
830 /*
831 * SMB1/2/3...
832 */
833 ncacn_np_smb_req = dcerpc_pipe_connect_ncacn_np_smb_send(c, &pc, s->lp_ctx);
834 composite_continue(c, ncacn_np_smb_req, continue_pipe_connect_ncacn_np_smb, c);
835 return;
836
837 case NCACN_IP_TCP:
838 ncacn_ip_tcp_req = dcerpc_pipe_connect_ncacn_ip_tcp_send(c, &pc);
839 composite_continue(c, ncacn_ip_tcp_req, continue_pipe_connect_ncacn_ip_tcp, c);
840 return;
841
842 case NCACN_HTTP:
843 ncacn_http_req = dcerpc_pipe_connect_ncacn_http_send(c, &pc, s->lp_ctx);
844 composite_continue(c, ncacn_http_req, continue_pipe_connect_ncacn_http, c);
845 return;
846
847 case NCACN_UNIX_STREAM:
848 ncacn_unix_req = dcerpc_pipe_connect_ncacn_unix_stream_send(c, &pc);
849 composite_continue(c, ncacn_unix_req, continue_pipe_connect_ncacn_unix, c);
850 return;
851
852 case NCALRPC:
853 pc.ncalrpc.dir = lpcfg_ncalrpc_dir(s->lp_ctx);
854 c->status = dcerpc_binding_set_string_option(s->binding, "ncalrpc_dir",
855 pc.ncalrpc.dir);
856 if (!composite_is_ok(c)) return;
857 ncalrpc_req = dcerpc_pipe_connect_ncalrpc_send(c, &pc);
858 composite_continue(c, ncalrpc_req, continue_pipe_connect_ncalrpc, c);
859 return;
860
861 default:
862 /* looks like a transport we don't support now */
863 composite_error(c, NT_STATUS_NOT_SUPPORTED);
864 }
865 }
866
867
868 /*
869 Stage 3 of pipe_connect_b: Receive result of pipe connect request on
870 named pipe on smb
871 */
872 static void continue_pipe_connect_ncacn_np_smb(struct composite_context *ctx)
873 {
874 struct composite_context *c = talloc_get_type(ctx->async.private_data,
875 struct composite_context);
876 struct pipe_connect_state *s = talloc_get_type(c->private_data,
877 struct pipe_connect_state);
878
879 c->status = dcerpc_pipe_connect_ncacn_np_smb_recv(ctx);
880 if (!composite_is_ok(c)) return;
881
882 continue_pipe_connect(c, s);
883 }
884
885
886 /*
887 Stage 3 of pipe_connect_b: Receive result of pipe connect request on tcp/ip
888 */
889 static void continue_pipe_connect_ncacn_ip_tcp(struct composite_context *ctx)
890 {
891 struct composite_context *c = talloc_get_type(ctx->async.private_data,
892 struct composite_context);
893 struct pipe_connect_state *s = talloc_get_type(c->private_data,
894 struct pipe_connect_state);
895
896 c->status = dcerpc_pipe_connect_ncacn_ip_tcp_recv(ctx);
897 if (!composite_is_ok(c)) return;
898
899 continue_pipe_connect(c, s);
900 }
901
902
903 /*
904 Stage 3 of pipe_connect_b: Receive result of pipe connect request on http
905 */
906 static void continue_pipe_connect_ncacn_http(struct composite_context *ctx)
907 {
908 struct composite_context *c = talloc_get_type(ctx->async.private_data,
909 struct composite_context);
910 struct pipe_connect_state *s = talloc_get_type(c->private_data,
911 struct pipe_connect_state);
912
913 c->status = dcerpc_pipe_connect_ncacn_http_recv(ctx);
914 if (!composite_is_ok(c)) return;
915
916 continue_pipe_connect(c, s);
917 }
918
919
920 /*
921 Stage 3 of pipe_connect_b: Receive result of pipe connect request on unix socket
922 */
923 static void continue_pipe_connect_ncacn_unix(struct composite_context *ctx)
924 {
925 struct composite_context *c = talloc_get_type(ctx->async.private_data,
926 struct composite_context);
927 struct pipe_connect_state *s = talloc_get_type(c->private_data,
928 struct pipe_connect_state);
929
930 c->status = dcerpc_pipe_connect_ncacn_unix_stream_recv(ctx);
931 if (!composite_is_ok(c)) return;
932
933 continue_pipe_connect(c, s);
934 }
935
936
937 /*
938 Stage 3 of pipe_connect_b: Receive result of pipe connect request on local rpc
939 */
940 static void continue_pipe_connect_ncalrpc(struct composite_context *ctx)
941 {
942 struct composite_context *c = talloc_get_type(ctx->async.private_data,
943 struct composite_context);
944 struct pipe_connect_state *s = talloc_get_type(c->private_data,
945 struct pipe_connect_state);
946
947 c->status = dcerpc_pipe_connect_ncalrpc_recv(ctx);
948 if (!composite_is_ok(c)) return;
949
950 continue_pipe_connect(c, s);
951 }
952
953
954 /*
955 Stage 4 of pipe_connect_b: Start an authentication on connected dcerpc pipe
956 depending on credentials and binding flags passed.
957 */
958 static void continue_pipe_connect(struct composite_context *c, struct pipe_connect_state *s)
959 {
960 struct composite_context *auth_bind_req;
961
962 s->pipe->binding = dcerpc_binding_dup(s->pipe, s->binding);
963 if (composite_nomem(s->pipe->binding, c)) {
964 return;
965 }
966
967 auth_bind_req = dcerpc_pipe_auth_send(s->pipe, s->binding, s->table,
968 s->credentials, s->lp_ctx);
969 composite_continue(c, auth_bind_req, continue_pipe_auth, c);
970 }
971
972
973 /*
974 Stage 5 of pipe_connect_b: Receive result of pipe authentication request
975 and say if all went ok
976 */
977 static void continue_pipe_auth(struct composite_context *ctx)
978 {
979 struct composite_context *c = talloc_get_type(ctx->async.private_data,
980 struct composite_context);
981 struct pipe_connect_state *s = talloc_get_type(c->private_data, struct pipe_connect_state);
982
983 c->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe);
984 if (!composite_is_ok(c)) return;
985
986 composite_done(c);
987 }
988
989
990 /*
991 handle timeouts of a dcerpc connect
992 */
993 static void dcerpc_connect_timeout_handler(struct tevent_context *ev, struct tevent_timer *te,
994 struct timeval t, void *private_data)
995 {
996 struct composite_context *c = talloc_get_type_abort(private_data,
997 struct composite_context);
998 struct pipe_connect_state *s = talloc_get_type_abort(c->private_data, struct pipe_connect_state);
999 if (!s->pipe->inhibit_timeout_processing) {
1000 composite_error(c, NT_STATUS_IO_TIMEOUT);
1001 } else {
1002 s->pipe->timed_out = true;
1003 }
1004 }
1005
1006 /*
1007 start a request to open a rpc connection to a rpc pipe, using
1008 specified binding structure to determine the endpoint and options
1009 */
1010 _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx,
1011 const struct dcerpc_binding *binding,
1012 const struct ndr_interface_table *table,
1013 struct cli_credentials *credentials,
1014 struct tevent_context *ev,
1015 struct loadparm_context *lp_ctx)
1016 {
1017 struct composite_context *c;
1018 struct pipe_connect_state *s;
1019 enum dcerpc_transport_t transport;
1020 const char *endpoint = NULL;
1021 struct cli_credentials *epm_creds = NULL;
1022
1023 /* composite context allocation and setup */
1024 c = composite_create(parent_ctx, ev);
1025 if (c == NULL) {
1026 return NULL;
1027 }
1028
1029 s = talloc_zero(c, struct pipe_connect_state);
1030 if (composite_nomem(s, c)) return c;
1031 c->private_data = s;
1032
1033 /* initialise dcerpc pipe structure */
1034 s->pipe = dcerpc_pipe_init(c, ev);
1035 if (composite_nomem(s->pipe, c)) return c;
1036
1037 if (DEBUGLEVEL >= 10)
1038 s->pipe->conn->packet_log_dir = lpcfg_lock_directory(lp_ctx);
1039
1040 /* store parameters in state structure */
1041 s->binding = dcerpc_binding_dup(s, binding);
1042 if (composite_nomem(s->binding, c)) return c;
1043 s->table = table;
1044 s->credentials = credentials;
1045 s->lp_ctx = lp_ctx;
1046
1047 s->pipe->timed_out = false;
1048 s->pipe->inhibit_timeout_processing = false;
1049
1050 tevent_add_timer(c->event_ctx, c,
1051 timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
1052 dcerpc_connect_timeout_handler, c);
1053
1054 transport = dcerpc_binding_get_transport(s->binding);
1055
1056 switch (transport) {
1057 case NCACN_NP:
1058 case NCACN_IP_TCP:
1059 case NCALRPC:
1060 endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
1061
1062 /* anonymous credentials for rpc connection used to get endpoint mapping */
1063 epm_creds = cli_credentials_init_anon(s);
1064 if (composite_nomem(epm_creds, c)) return c;
1065
1066 break;
1067 case NCACN_HTTP:
1068 endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
1069 epm_creds = credentials;
1070 break;
1071 default:
1072 break;
1073 }
1074
1075 if (endpoint == NULL) {
1076 struct composite_context *binding_req;
1077
1078 binding_req = dcerpc_epm_map_binding_send(c, s->binding, s->table,
1079 epm_creds,
1080 s->pipe->conn->event_ctx,
1081 s->lp_ctx);
1082 composite_continue(c, binding_req, continue_map_binding, c);
1083 return c;
1084 }
1085
1086 continue_connect(c, s);
1087 return c;
1088 }
1089
1090
1091 /*
1092 receive result of a request to open a rpc connection to a rpc pipe
1093 */
1094 _PUBLIC_ NTSTATUS dcerpc_pipe_connect_b_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
1095 struct dcerpc_pipe **p)
1096 {
1097 NTSTATUS status;
1098 struct pipe_connect_state *s;
1099
1100 status = composite_wait(c);
1101
1102 if (NT_STATUS_IS_OK(status)) {
1103 s = talloc_get_type(c->private_data, struct pipe_connect_state);
1104 talloc_steal(mem_ctx, s->pipe);
1105 *p = s->pipe;
1106 }
1107 talloc_free(c);
1108 return status;
1109 }
1110
1111
1112 /*
1113 open a rpc connection to a rpc pipe, using the specified
1114 binding structure to determine the endpoint and options - sync version
1115 */
1116 _PUBLIC_ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
1117 struct dcerpc_pipe **pp,
1118 const struct dcerpc_binding *binding,
1119 const struct ndr_interface_table *table,
1120 struct cli_credentials *credentials,
1121 struct tevent_context *ev,
1122 struct loadparm_context *lp_ctx)
1123 {
1124 struct composite_context *c;
1125
1126 c = dcerpc_pipe_connect_b_send(parent_ctx, binding, table,
1127 credentials, ev, lp_ctx);
1128 return dcerpc_pipe_connect_b_recv(c, parent_ctx, pp);
1129 }
1130
1131
1132 struct pipe_conn_state {
1133 struct dcerpc_pipe *pipe;
1134 };
1135
1136
1137 static void continue_pipe_connect_b(struct composite_context *ctx);
1138
1139
1140 /*
1141 Initiate rpc connection to a rpc pipe, using the specified string
1142 binding to determine the endpoint and options.
1143 The string is to be parsed to a binding structure first.
1144 */
1145 _PUBLIC_ struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx,
1146 const char *binding,
1147 const struct ndr_interface_table *table,
1148 struct cli_credentials *credentials,
1149 struct tevent_context *ev, struct loadparm_context *lp_ctx)
1150 {
1151 struct composite_context *c;
1152 struct pipe_conn_state *s;
1153 struct dcerpc_binding *b;
1154 struct composite_context *pipe_conn_req;
1155
1156 /* composite context allocation and setup */
1157 c = composite_create(parent_ctx, ev);
1158 if (c == NULL) {
1159 return NULL;
1160 }
1161
1162 s = talloc_zero(c, struct pipe_conn_state);
1163 if (composite_nomem(s, c)) return c;
1164 c->private_data = s;
1165
1166 /* parse binding string to the structure */
1167 c->status = dcerpc_parse_binding(c, binding, &b);
1168 if (!NT_STATUS_IS_OK(c->status)) {
1169 DEBUG(0, ("Failed to parse dcerpc binding '%s'\n", binding));
1170 composite_error(c, c->status);
1171 return c;
1172 }
1173
1174 DEBUG(3, ("Using binding %s\n", dcerpc_binding_string(c, b)));
1175
1176 /*
1177 start connecting to a rpc pipe after binding structure
1178 is established
1179 */
1180 pipe_conn_req = dcerpc_pipe_connect_b_send(c, b, table,
1181 credentials, ev, lp_ctx);
1182 composite_continue(c, pipe_conn_req, continue_pipe_connect_b, c);
1183 return c;
1184 }
1185
1186
1187 /*
1188 Stage 2 of pipe_connect: Receive result of actual pipe connect request
1189 and say if we're done ok
1190 */
1191 static void continue_pipe_connect_b(struct composite_context *ctx)
1192 {
1193 struct composite_context *c = talloc_get_type(ctx->async.private_data,
1194 struct composite_context);
1195 struct pipe_conn_state *s = talloc_get_type(c->private_data,
1196 struct pipe_conn_state);
1197
1198 c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
1199 talloc_steal(s, s->pipe);
1200 if (!composite_is_ok(c)) return;
1201
1202 composite_done(c);
1203 }
1204
1205
1206 /*
1207 Receive result of pipe connect (using binding string) request
1208 and return connected pipe structure.
1209 */
1210 NTSTATUS dcerpc_pipe_connect_recv(struct composite_context *c,
1211 TALLOC_CTX *mem_ctx,
1212 struct dcerpc_pipe **pp)
1213 {
1214 NTSTATUS status;
1215 struct pipe_conn_state *s;
1216
1217 status = composite_wait(c);
1218 if (NT_STATUS_IS_OK(status)) {
1219 s = talloc_get_type(c->private_data, struct pipe_conn_state);
1220 *pp = talloc_steal(mem_ctx, s->pipe);
1221 }
1222 talloc_free(c);
1223 return status;
1224 }
1225
1226
1227 /*
1228 Open a rpc connection to a rpc pipe, using the specified string
1229 binding to determine the endpoint and options - sync version
1230 */
1231 _PUBLIC_ NTSTATUS dcerpc_pipe_connect(TALLOC_CTX *parent_ctx,
1232 struct dcerpc_pipe **pp,
1233 const char *binding,
1234 const struct ndr_interface_table *table,
1235 struct cli_credentials *credentials,
1236 struct tevent_context *ev,
1237 struct loadparm_context *lp_ctx)
1238 {
1239 struct composite_context *c;
1240 c = dcerpc_pipe_connect_send(parent_ctx, binding,
1241 table, credentials, ev, lp_ctx);
1242 return dcerpc_pipe_connect_recv(c, parent_ctx, pp);
1243 }
1244
Samba GIT mirror