2 Unix SMB/CIFS implementation.
4 helper functions for NAMED PIPE servers
6 Copyright (C) Stefan (metze) Metzmacher 2008
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "lib/socket/socket.h"
25 #include "smbd/service.h"
26 #include "param/param.h"
27 #include "auth/session.h"
28 #include "auth/auth_sam_reply.h"
29 #include "lib/stream/packet.h"
30 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
31 #include "system/passwd.h"
32 #include "libcli/raw/smb.h"
33 #include "auth/credentials/credentials.h"
34 #include "auth/credentials/credentials_krb5.h"
35 #include <gssapi/gssapi.h>
37 struct named_pipe_socket
{
38 const char *pipe_name
;
39 const char *pipe_path
;
40 const struct stream_server_ops
*ops
;
44 struct named_pipe_connection
{
45 struct stream_connection
*connection
;
46 struct packet_context
*packet
;
47 const struct named_pipe_socket
*pipe_sock
;
51 static void named_pipe_handover_connection(void *private_data
)
53 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
54 private_data
, struct named_pipe_connection
);
55 struct stream_connection
*conn
= pipe_conn
->connection
;
57 TEVENT_FD_NOT_WRITEABLE(conn
->event
.fde
);
59 packet_set_socket(pipe_conn
->packet
, NULL
);
60 packet_set_event_context(pipe_conn
->packet
, NULL
);
61 packet_set_fde(pipe_conn
->packet
, NULL
);
62 TALLOC_FREE(pipe_conn
->packet
);
64 if (!NT_STATUS_IS_OK(pipe_conn
->status
)) {
65 stream_terminate_connection(conn
, nt_errstr(pipe_conn
->status
));
70 * remove the named_pipe layer together with its packet layer
72 conn
->ops
= pipe_conn
->pipe_sock
->ops
;
73 conn
->private_data
= pipe_conn
->pipe_sock
->private_data
;
74 talloc_unlink(conn
, pipe_conn
);
76 /* we're now ready to start receiving events on this stream */
77 TEVENT_FD_READABLE(conn
->event
.fde
);
80 * hand over to the real pipe implementation,
81 * now that we have setup the transport session_info
83 conn
->ops
->accept_connection(conn
);
85 DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n",
89 static NTSTATUS
named_pipe_recv_auth_request(void *private_data
,
92 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
93 private_data
, struct named_pipe_connection
);
94 struct stream_connection
*conn
= pipe_conn
->connection
;
95 enum ndr_err_code ndr_err
;
96 struct named_pipe_auth_req req
;
97 union netr_Validation val
;
98 struct auth_serversupplied_info
*server_info
;
99 struct named_pipe_auth_rep rep
;
104 * make sure nothing happens on the socket untill the
105 * real implemenation takes over
107 packet_recv_disable(pipe_conn
->packet
);
110 * TODO: check it's a root (uid == 0) pipe
115 rep
.status
= NT_STATUS_INTERNAL_ERROR
;
117 DEBUG(10,("named_pipe_auth: req_blob.length[%u]\n",
118 (unsigned int)req_blob
.length
));
119 dump_data(11, req_blob
.data
, req_blob
.length
);
121 /* parse the passed credentials */
122 ndr_err
= ndr_pull_struct_blob_all(
125 lp_iconv_convenience(conn
->lp_ctx
),
127 (ndr_pull_flags_fn_t
)ndr_pull_named_pipe_auth_req
);
128 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
129 rep
.status
= ndr_map_error2ntstatus(ndr_err
);
130 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
131 nt_errstr(rep
.status
)));
136 NDR_PRINT_DEBUG(named_pipe_auth_req
, &req
);
139 if (strcmp(NAMED_PIPE_AUTH_MAGIC
, req
.magic
) != 0) {
140 DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n",
141 req
.magic
, NAMED_PIPE_AUTH_MAGIC
));
142 rep
.status
= NT_STATUS_INVALID_PARAMETER
;
149 * anon connection, we don't create a session info
153 rep
.status
= NT_STATUS_OK
;
156 val
.sam3
= &req
.info
.info1
;
159 rep
.status
= make_server_info_netlogon_validation(pipe_conn
,
163 if (!NT_STATUS_IS_OK(rep
.status
)) {
164 DEBUG(2, ("make_server_info_netlogon_validation returned "
165 "%s\n", nt_errstr(rep
.status
)));
169 /* setup the session_info on the connection */
170 rep
.status
= auth_generate_session_info(conn
,
174 &conn
->session_info
);
175 if (!NT_STATUS_IS_OK(rep
.status
)) {
176 DEBUG(2, ("auth_generate_session_info failed: %s\n",
177 nt_errstr(rep
.status
)));
184 rep
.info
.info2
.file_type
= FILE_TYPE_MESSAGE_MODE_PIPE
;
185 rep
.info
.info2
.device_state
= 0xff | 0x0400 | 0x0100;
186 rep
.info
.info2
.allocation_size
= 4096;
188 if (!req
.info
.info2
.sam_info3
) {
190 * anon connection, we don't create a session info
193 rep
.status
= NT_STATUS_OK
;
197 val
.sam3
= req
.info
.info2
.sam_info3
;
199 rep
.status
= make_server_info_netlogon_validation(pipe_conn
,
200 val
.sam3
->base
.account_name
.string
,
201 3, &val
, &server_info
);
202 if (!NT_STATUS_IS_OK(rep
.status
)) {
203 DEBUG(2, ("make_server_info_netlogon_validation returned "
204 "%s\n", nt_errstr(rep
.status
)));
208 /* setup the session_info on the connection */
209 rep
.status
= auth_generate_session_info(conn
,
213 &conn
->session_info
);
214 if (!NT_STATUS_IS_OK(rep
.status
)) {
215 DEBUG(2, ("auth_generate_session_info failed: %s\n",
216 nt_errstr(rep
.status
)));
220 conn
->session_info
->session_key
= data_blob_const(req
.info
.info2
.session_key
,
221 req
.info
.info2
.session_key_length
);
222 talloc_steal(conn
->session_info
, req
.info
.info2
.session_key
);
227 rep
.info
.info3
.file_type
= FILE_TYPE_MESSAGE_MODE_PIPE
;
228 rep
.info
.info3
.device_state
= 0xff | 0x0400 | 0x0100;
229 rep
.info
.info3
.allocation_size
= 4096;
231 if (!req
.info
.info3
.sam_info3
) {
233 * anon connection, we don't create a session info
236 rep
.status
= NT_STATUS_OK
;
240 val
.sam3
= req
.info
.info3
.sam_info3
;
242 rep
.status
= make_server_info_netlogon_validation(pipe_conn
,
243 val
.sam3
->base
.account_name
.string
,
244 3, &val
, &server_info
);
245 if (!NT_STATUS_IS_OK(rep
.status
)) {
246 DEBUG(2, ("make_server_info_netlogon_validation returned "
247 "%s\n", nt_errstr(rep
.status
)));
251 /* setup the session_info on the connection */
252 rep
.status
= auth_generate_session_info(conn
,
256 &conn
->session_info
);
257 if (!NT_STATUS_IS_OK(rep
.status
)) {
258 DEBUG(2, ("auth_generate_session_info failed: %s\n",
259 nt_errstr(rep
.status
)));
263 if (req
.info
.info3
.gssapi_delegated_creds_length
) {
264 OM_uint32 minor_status
;
265 gss_buffer_desc cred_token
;
266 gss_cred_id_t cred_handle
;
269 DEBUG(10, ("named_pipe_auth: delegated credentials supplied by client\n"));
271 cred_token
.value
= req
.info
.info3
.gssapi_delegated_creds
;
272 cred_token
.length
= req
.info
.info3
.gssapi_delegated_creds_length
;
274 ret
= gss_import_cred(&minor_status
,
277 if (ret
!= GSS_S_COMPLETE
) {
278 rep
.status
= NT_STATUS_INTERNAL_ERROR
;
282 conn
->session_info
->credentials
= cli_credentials_init(conn
->session_info
);
283 if (!conn
->session_info
->credentials
) {
284 rep
.status
= NT_STATUS_NO_MEMORY
;
288 cli_credentials_set_conf(conn
->session_info
->credentials
,
290 /* Just so we don't segfault trying to get at a username */
291 cli_credentials_set_anonymous(conn
->session_info
->credentials
);
293 ret
= cli_credentials_set_client_gss_creds(conn
->session_info
->credentials
,
299 rep
.status
= NT_STATUS_INTERNAL_ERROR
;
303 /* This credential handle isn't useful for password authentication, so ensure nobody tries to do that */
304 cli_credentials_set_kerberos_state(conn
->session_info
->credentials
,
305 CRED_MUST_USE_KERBEROS
);
308 conn
->session_info
->session_key
= data_blob_const(req
.info
.info3
.session_key
,
309 req
.info
.info3
.session_key_length
);
310 talloc_steal(conn
->session_info
, req
.info
.info3
.session_key
);
314 DEBUG(2, ("named_pipe_auth_req: unknown level %u\n",
317 rep
.status
= NT_STATUS_INVALID_LEVEL
;
322 /* create the output */
323 ndr_err
= ndr_push_struct_blob(&rep_blob
, pipe_conn
,
324 lp_iconv_convenience(conn
->lp_ctx
),
326 (ndr_push_flags_fn_t
)ndr_push_named_pipe_auth_rep
);
327 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
328 status
= ndr_map_error2ntstatus(ndr_err
);
329 DEBUG(2, ("Could not marshall named_pipe_auth_rep: %s\n",
334 DEBUG(10,("named_pipe_auth reply[%u]\n", (unsigned)rep_blob
.length
));
335 dump_data(11, rep_blob
.data
, rep_blob
.length
);
337 NDR_PRINT_DEBUG(named_pipe_auth_rep
, &rep
);
340 pipe_conn
->status
= rep
.status
;
341 status
= packet_send_callback(pipe_conn
->packet
, rep_blob
,
342 named_pipe_handover_connection
,
344 if (!NT_STATUS_IS_OK(status
)) {
345 DEBUG(0, ("packet_send_callback returned %s\n",
354 called when a pipe socket becomes readable
356 static void named_pipe_recv(struct stream_connection
*conn
, uint16_t flags
)
358 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
359 conn
->private_data
, struct named_pipe_connection
);
361 DEBUG(10,("named_pipe_recv\n"));
363 packet_recv(pipe_conn
->packet
);
367 called when a pipe socket becomes writable
369 static void named_pipe_send(struct stream_connection
*conn
, uint16_t flags
)
371 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
372 conn
->private_data
, struct named_pipe_connection
);
374 packet_queue_run(pipe_conn
->packet
);
378 handle socket recv errors
380 static void named_pipe_recv_error(void *private_data
, NTSTATUS status
)
382 struct named_pipe_connection
*pipe_conn
= talloc_get_type(
383 private_data
, struct named_pipe_connection
);
385 stream_terminate_connection(pipe_conn
->connection
, nt_errstr(status
));
388 static NTSTATUS
named_pipe_full_request(void *private_data
, DATA_BLOB blob
, size_t *size
)
390 if (blob
.length
< 8) {
391 return STATUS_MORE_ENTRIES
;
394 if (memcmp(NAMED_PIPE_AUTH_MAGIC
, &blob
.data
[4], 4) != 0) {
395 DEBUG(0,("named_pipe_full_request: wrong protocol\n"));
397 /* the error will be handled in named_pipe_recv_auth_request */
401 *size
= 4 + RIVAL(blob
.data
, 0);
402 if (*size
> blob
.length
) {
403 return STATUS_MORE_ENTRIES
;
409 static void named_pipe_accept(struct stream_connection
*conn
)
411 struct named_pipe_socket
*pipe_sock
= talloc_get_type(
412 conn
->private_data
, struct named_pipe_socket
);
413 struct named_pipe_connection
*pipe_conn
;
415 DEBUG(5,("named_pipe_accept\n"));
417 pipe_conn
= talloc_zero(conn
, struct named_pipe_connection
);
419 stream_terminate_connection(conn
, "out of memory");
423 pipe_conn
->packet
= packet_init(pipe_conn
);
424 if (!pipe_conn
->packet
) {
425 stream_terminate_connection(conn
, "out of memory");
428 packet_set_private(pipe_conn
->packet
, pipe_conn
);
429 packet_set_socket(pipe_conn
->packet
, conn
->socket
);
430 packet_set_callback(pipe_conn
->packet
, named_pipe_recv_auth_request
);
431 packet_set_full_request(pipe_conn
->packet
, named_pipe_full_request
);
432 packet_set_error_handler(pipe_conn
->packet
, named_pipe_recv_error
);
433 packet_set_event_context(pipe_conn
->packet
, conn
->event
.ctx
);
434 packet_set_fde(pipe_conn
->packet
, conn
->event
.fde
);
435 packet_set_serialise(pipe_conn
->packet
);
436 packet_set_initial_read(pipe_conn
->packet
, 8);
438 pipe_conn
->pipe_sock
= pipe_sock
;
440 pipe_conn
->connection
= conn
;
441 conn
->private_data
= pipe_conn
;
444 static const struct stream_server_ops named_pipe_stream_ops
= {
445 .name
= "named_pipe",
446 .accept_connection
= named_pipe_accept
,
447 .recv_handler
= named_pipe_recv
,
448 .send_handler
= named_pipe_send
,
451 NTSTATUS
stream_setup_named_pipe(struct tevent_context
*event_context
,
452 struct loadparm_context
*lp_ctx
,
453 const struct model_ops
*model_ops
,
454 const struct stream_server_ops
*stream_ops
,
455 const char *pipe_name
,
459 struct named_pipe_socket
*pipe_sock
;
460 NTSTATUS status
= NT_STATUS_NO_MEMORY
;;
462 pipe_sock
= talloc(event_context
, struct named_pipe_socket
);
463 if (pipe_sock
== NULL
) {
467 /* remember the details about the pipe */
468 pipe_sock
->pipe_name
= talloc_strdup(pipe_sock
, pipe_name
);
469 if (pipe_sock
->pipe_name
== NULL
) {
473 dirname
= talloc_asprintf(pipe_sock
, "%s/np", lp_ncalrpc_dir(lp_ctx
));
474 if (dirname
== NULL
) {
478 if (!directory_create_or_exist(dirname
, geteuid(), 0700)) {
479 status
= map_nt_error_from_unix(errno
);
480 DEBUG(0,(__location__
": Failed to create stream pipe directory %s - %s\n",
481 dirname
, nt_errstr(status
)));
485 if (strncmp(pipe_name
, "\\pipe\\", 6) == 0) {
489 pipe_sock
->pipe_path
= talloc_asprintf(pipe_sock
, "%s/%s", dirname
,
491 if (pipe_sock
->pipe_path
== NULL
) {
495 talloc_free(dirname
);
497 pipe_sock
->ops
= stream_ops
;
498 pipe_sock
->private_data
= talloc_reference(pipe_sock
, private_data
);
500 status
= stream_setup_socket(event_context
,
503 &named_pipe_stream_ops
,
505 pipe_sock
->pipe_path
,
509 if (!NT_STATUS_IS_OK(status
)) {
515 talloc_free(pipe_sock
);