search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:registry: add comment header block to registry.h
[Samba/gebeck_regimport.git] / source4 / smbd / service_named_pipe.c
blob235d4c2a3ac9137ef9ccfecb0965917a48f67d96
1 /*
2 Unix SMB/CIFS implementation.
3
4 helper functions for NAMED PIPE servers
5
6 Copyright (C) Stefan (metze) Metzmacher 2008
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include <tevent.h>
24 #include "smbd/service.h"
25 #include "param/param.h"
26 #include "auth/auth.h"
27 #include "auth/session.h"
28 #include "auth/auth_sam_reply.h"
29 #include "lib/socket/socket.h"
30 #include "lib/tsocket/tsocket.h"
31 #include "libcli/util/tstream.h"
32 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
33 #include "system/passwd.h"
34 #include "system/network.h"
35 #include "libcli/raw/smb.h"
36 #include "auth/credentials/credentials.h"
37 #include "auth/credentials/credentials_krb5.h"
38 #include "libcli/security/dom_sid.h"
39
40 struct named_pipe_socket {
41 const char *pipe_name;
42 const char *pipe_path;
43 const struct stream_server_ops *ops;
44 void *private_data;
45 };
46
47 struct named_pipe_connection {
48 struct stream_connection *connection;
49 const struct named_pipe_socket *pipe_sock;
50 struct tstream_context *tstream;
51 };
52
53 static void named_pipe_terminate_connection(struct named_pipe_connection *pipe_conn, const char *reason)
54 {
55 stream_terminate_connection(pipe_conn->connection, reason);
56 }
57
58 static NTSTATUS named_pipe_full_request(void *private_data, DATA_BLOB blob, size_t *size)
59 {
60 if (blob.length < 8) {
61 return STATUS_MORE_ENTRIES;
62 }
63
64 if (memcmp(NAMED_PIPE_AUTH_MAGIC, &blob.data[4], 4) != 0) {
65 DEBUG(0,("named_pipe_full_request: wrong protocol\n"));
66 *size = blob.length;
67 /* the error will be handled in named_pipe_recv_auth_request */
68 return NT_STATUS_OK;
69 }
70
71 *size = 4 + RIVAL(blob.data, 0);
72 if (*size > blob.length) {
73 return STATUS_MORE_ENTRIES;
74 }
75
76 return NT_STATUS_OK;
77 }
78
79 static void named_pipe_auth_request(struct tevent_req *subreq);
80
81 static void named_pipe_accept(struct stream_connection *conn)
82 {
83 struct named_pipe_socket *pipe_sock = talloc_get_type(conn->private_data,
84 struct named_pipe_socket);
85 struct named_pipe_connection *pipe_conn;
86 struct tevent_req *subreq;
87 int rc, fd;
88
89 pipe_conn = talloc_zero(conn, struct named_pipe_connection);
90 if (pipe_conn == NULL) {
91 stream_terminate_connection(conn,
92 "named_pipe_accept: out of memory");
93 return;
94 }
95
96 TALLOC_FREE(conn->event.fde);
97
98 /*
99 * We have to duplicate the fd, cause it gets closed when the tstream
100 * is freed and you shouldn't work a fd the tstream is based on.
101 */
102 fd = dup(socket_get_fd(conn->socket));
103 if (fd == -1) {
104 char *reason;
105
106 reason = talloc_asprintf(conn,
107 "named_pipe_accept: failed to duplicate the file descriptor - %s",
108 strerror(errno));
109 if (reason == NULL) {
110 reason = strerror(errno);
111 }
112 stream_terminate_connection(conn, reason);
113 }
114 rc = tstream_bsd_existing_socket(pipe_conn,
115 fd,
116 &pipe_conn->tstream);
117 if (rc < 0) {
118 stream_terminate_connection(conn,
119 "named_pipe_accept: out of memory");
120 return;
121 }
122
123 pipe_conn->connection = conn;
124 pipe_conn->pipe_sock = pipe_sock;
125 conn->private_data = pipe_conn;
126
127 /*
128 * The named pipe pdu's have the length as 8 byte (initial_read_size),
129 * named_pipe_full_request provides the pdu length then.
130 */
131 subreq = tstream_read_pdu_blob_send(pipe_conn,
132 pipe_conn->connection->event.ctx,
133 pipe_conn->tstream,
134 8, /* initial_read_size */
135 named_pipe_full_request,
136 pipe_conn);
137 if (subreq == NULL) {
138 named_pipe_terminate_connection(pipe_conn,
139 "named_pipe_accept: "
140 "no memory for tstream_read_pdu_blob_send");
141 return;
142 }
143 tevent_req_set_callback(subreq, named_pipe_auth_request, pipe_conn);
144 }
145
146 struct named_pipe_call {
147 struct named_pipe_connection *pipe_conn;
148 DATA_BLOB in;
149 DATA_BLOB out;
150 struct iovec out_iov[1];
151 NTSTATUS status;
152 };
153
154 static void named_pipe_handover_connection(struct tevent_req *subreq);
155
156 static void named_pipe_auth_request(struct tevent_req *subreq)
157 {
158 struct named_pipe_connection *pipe_conn = tevent_req_callback_data(subreq,
159 struct named_pipe_connection);
160 struct stream_connection *conn = pipe_conn->connection;
161 struct named_pipe_call *call;
162 enum ndr_err_code ndr_err;
163 union netr_Validation val;
164 struct auth_serversupplied_info *server_info;
165 struct named_pipe_auth_req pipe_request;
166 struct named_pipe_auth_rep pipe_reply;
167 struct auth_context *auth_context;
168 uint32_t session_flags = 0;
169 struct dom_sid *anonymous_sid;
170 NTSTATUS status;
171 int ret;
172
173 call = talloc(pipe_conn, struct named_pipe_call);
174 if (call == NULL) {
175 named_pipe_terminate_connection(pipe_conn,
176 "named_pipe_auth_request: "
177 "no memory for named_pipe_call");
178 return;
179 }
180 call->pipe_conn = pipe_conn;
181
182 status = tstream_read_pdu_blob_recv(subreq,
183 call,
184 &call->in);
185 TALLOC_FREE(subreq);
186 if (!NT_STATUS_IS_OK(status)) {
187 const char *reason;
188
189 reason = talloc_asprintf(call, "named_pipe_call_loop: "
190 "tstream_read_pdu_blob_recv() - %s",
191 nt_errstr(status));
192 if (reason == NULL) {
193 reason = nt_errstr(status);
194 }
195
196 named_pipe_terminate_connection(pipe_conn, reason);
197 return;
198 }
199
200 DEBUG(10,("Received named_pipe packet of length %lu from %s\n",
201 (long) call->in.length,
202 tsocket_address_string(pipe_conn->connection->remote_address, call)));
203 dump_data(11, call->in.data, call->in.length);
204
205 /*
206 * TODO: check it's a root (uid == 0) pipe
207 */
208
209 ZERO_STRUCT(pipe_reply);
210 pipe_reply.level = 0;
211 pipe_reply.status = NT_STATUS_INTERNAL_ERROR;
212
213 /* parse the passed credentials */
214 ndr_err = ndr_pull_struct_blob_all(
215 &call->in,
216 pipe_conn,
217 &pipe_request,
218 (ndr_pull_flags_fn_t) ndr_pull_named_pipe_auth_req);
219 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
220 pipe_reply.status = ndr_map_error2ntstatus(ndr_err);
221 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
222 nt_errstr(pipe_reply.status)));
223 goto reply;
224 }
225
226 if (DEBUGLVL(10)) {
227 NDR_PRINT_DEBUG(named_pipe_auth_req, &pipe_request);
228 }
229
230 if (strcmp(NAMED_PIPE_AUTH_MAGIC, pipe_request.magic) != 0) {
231 DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n",
232 pipe_request.magic, NAMED_PIPE_AUTH_MAGIC));
233 pipe_reply.status = NT_STATUS_INVALID_PARAMETER;
234 goto reply;
235 }
236
237 switch (pipe_request.level) {
238 case 0:
239 /*
240 * anon connection, we don't create a session info
241 * and leave it NULL
242 */
243 pipe_reply.level = 0;
244 pipe_reply.status = NT_STATUS_OK;
245 break;
246 case 1:
247 val.sam3 = &pipe_request.info.info1;
248
249 pipe_reply.level = 1;
250 pipe_reply.status = make_server_info_netlogon_validation(pipe_conn,
251 "TODO",
252 3, &val,
253 &server_info);
254 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
255 DEBUG(2, ("make_server_info_netlogon_validation returned "
256 "%s\n", nt_errstr(pipe_reply.status)));
257 goto reply;
258 }
259
260 pipe_reply.status = auth_context_create(conn,
261 conn->event.ctx, conn->msg_ctx,
262 conn->lp_ctx,
263 &auth_context);
264 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
265 DEBUG(2, ("auth_context_create returned "
266 "%s\n", nt_errstr(pipe_reply.status)));
267 goto reply;
268 }
269
270 anonymous_sid = dom_sid_parse_talloc(auth_context, SID_NT_ANONYMOUS);
271 if (anonymous_sid == NULL) {
272 named_pipe_terminate_connection(pipe_conn, "Failed to parse Anonymous SID ");
273 talloc_free(auth_context);
274 return;
275 }
276
277 session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
278 if (!dom_sid_equal(anonymous_sid, server_info->account_sid)) {
279 session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
280 }
281
282 /* setup the session_info on the connection */
283 pipe_reply.status = auth_context->generate_session_info(conn,
284 auth_context,
285 server_info,
286 session_flags,
287 &conn->session_info);
288 talloc_free(auth_context);
289 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
290 DEBUG(2, ("auth_generate_session_info failed: %s\n",
291 nt_errstr(pipe_reply.status)));
292 goto reply;
293 }
294
295 break;
296 case 2:
297 pipe_reply.level = 2;
298 pipe_reply.info.info2.file_type = FILE_TYPE_MESSAGE_MODE_PIPE;
299 pipe_reply.info.info2.device_state = 0xff | 0x0400 | 0x0100;
300 pipe_reply.info.info2.allocation_size = 4096;
301
302 if (pipe_request.info.info2.sam_info3 == NULL) {
303 /*
304 * anon connection, we don't create a session info
305 * and leave it NULL
306 */
307 pipe_reply.status = NT_STATUS_OK;
308 break;
309 }
310
311 val.sam3 = pipe_request.info.info2.sam_info3;
312
313 pipe_reply.status = make_server_info_netlogon_validation(pipe_conn,
314 val.sam3->base.account_name.string,
315 3, &val, &server_info);
316 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
317 DEBUG(2, ("make_server_info_netlogon_validation returned "
318 "%s\n", nt_errstr(pipe_reply.status)));
319 goto reply;
320 }
321
322 /* setup the session_info on the connection */
323 pipe_reply.status = auth_context_create(conn,
324 conn->event.ctx, conn->msg_ctx,
325 conn->lp_ctx,
326 &auth_context);
327 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
328 DEBUG(2, ("auth_context_create returned "
329 "%s\n", nt_errstr(pipe_reply.status)));
330 goto reply;
331 }
332
333 anonymous_sid = dom_sid_parse_talloc(auth_context, SID_NT_ANONYMOUS);
334 if (anonymous_sid == NULL) {
335 named_pipe_terminate_connection(pipe_conn, "Failed to parse Anonymous SID ");
336 talloc_free(auth_context);
337 return;
338 }
339
340 session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
341 if (!dom_sid_equal(anonymous_sid, server_info->account_sid)) {
342 session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
343 }
344
345 pipe_reply.status = auth_context->generate_session_info(conn,
346 auth_context,
347 server_info,
348 session_flags,
349 &conn->session_info);
350 talloc_free(auth_context);
351 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
352 DEBUG(2, ("auth_generate_session_info failed: %s\n",
353 nt_errstr(pipe_reply.status)));
354 goto reply;
355 }
356
357 conn->session_info->session_key = data_blob_const(pipe_request.info.info2.session_key,
358 pipe_request.info.info2.session_key_length);
359 talloc_steal(conn->session_info, pipe_request.info.info2.session_key);
360
361 break;
362 case 3:
363 pipe_reply.level = 3;
364 pipe_reply.info.info3.file_type = FILE_TYPE_MESSAGE_MODE_PIPE;
365 pipe_reply.info.info3.device_state = 0xff | 0x0400 | 0x0100;
366 pipe_reply.info.info3.allocation_size = 4096;
367
368 if (pipe_request.info.info3.server_addr == NULL) {
369 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
370 DEBUG(2, ("Missing server address\n"));
371 goto reply;
372 }
373 if (pipe_request.info.info3.client_addr == NULL) {
374 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
375 DEBUG(2, ("Missing client address\n"));
376 goto reply;
377 }
378
379 ret = tsocket_address_inet_from_strings(conn, "ip",
380 pipe_request.info.info3.server_addr,
381 pipe_request.info.info3.server_port,
382 &conn->local_address);
383 if (ret != 0) {
384 DEBUG(2, ("Invalid server address[%s] port[%u] - %s\n",
385 pipe_request.info.info3.server_addr,
386 pipe_request.info.info3.server_port,
387 strerror(errno)));
388 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
389 goto reply;
390 }
391
392 ret = tsocket_address_inet_from_strings(conn, "ip",
393 pipe_request.info.info3.client_addr,
394 pipe_request.info.info3.client_port,
395 &conn->remote_address);
396 if (ret != 0) {
397 DEBUG(2, ("Invalid client address[%s] port[%u] - %s\n",
398 pipe_request.info.info3.client_addr,
399 pipe_request.info.info3.client_port,
400 strerror(errno)));
401 pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
402 goto reply;
403 }
404
405 if (pipe_request.info.info3.sam_info3 == NULL) {
406 /*
407 * anon connection, we don't create a session info
408 * and leave it NULL
409 */
410 pipe_reply.status = NT_STATUS_OK;
411 break;
412 }
413
414 val.sam3 = pipe_request.info.info3.sam_info3;
415
416 pipe_reply.status = make_server_info_netlogon_validation(pipe_conn,
417 val.sam3->base.account_name.string,
418 3, &val, &server_info);
419 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
420 DEBUG(2, ("make_server_info_netlogon_validation returned "
421 "%s\n", nt_errstr(pipe_reply.status)));
422 goto reply;
423 }
424
425 /* setup the session_info on the connection */
426 pipe_reply.status = auth_context_create(conn,
427 conn->event.ctx, conn->msg_ctx,
428 conn->lp_ctx,
429 &auth_context);
430 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
431 DEBUG(2, ("auth_context_create returned "
432 "%s\n", nt_errstr(pipe_reply.status)));
433 goto reply;
434 }
435
436 anonymous_sid = dom_sid_parse_talloc(auth_context, SID_NT_ANONYMOUS);
437 if (anonymous_sid == NULL) {
438 named_pipe_terminate_connection(pipe_conn, "Failed to parse Anonymous SID ");
439 talloc_free(auth_context);
440 return;
441 }
442
443 session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
444 if (!dom_sid_equal(anonymous_sid, server_info->account_sid)) {
445 session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
446 }
447
448 /* setup the session_info on the connection */
449 pipe_reply.status = auth_context->generate_session_info(conn,
450 auth_context,
451 server_info,
452 session_flags,
453 &conn->session_info);
454 talloc_free(auth_context);
455 if (!NT_STATUS_IS_OK(pipe_reply.status)) {
456 DEBUG(2, ("auth_generate_session_info failed: %s\n",
457 nt_errstr(pipe_reply.status)));
458 goto reply;
459 }
460
461 if (pipe_request.info.info3.gssapi_delegated_creds_length) {
462 OM_uint32 minor_status;
463 gss_buffer_desc cred_token;
464 gss_cred_id_t cred_handle;
465 const char *error_string;
466
467 DEBUG(10, ("named_pipe_auth: delegated credentials supplied by client\n"));
468
469 cred_token.value = pipe_request.info.info3.gssapi_delegated_creds;
470 cred_token.length = pipe_request.info.info3.gssapi_delegated_creds_length;
471
472 ret = gss_import_cred(&minor_status,
473 &cred_token,
474 &cred_handle);
475 if (ret != GSS_S_COMPLETE) {
476 pipe_reply.status = NT_STATUS_INTERNAL_ERROR;
477 goto reply;
478 }
479
480 conn->session_info->credentials = cli_credentials_init(conn->session_info);
481 if (conn->session_info->credentials == NULL) {
482 pipe_reply.status = NT_STATUS_NO_MEMORY;
483 goto reply;
484 }
485
486 cli_credentials_set_conf(conn->session_info->credentials,
487 conn->lp_ctx);
488 /* Just so we don't segfault trying to get at a username */
489 cli_credentials_set_anonymous(conn->session_info->credentials);
490
491 ret = cli_credentials_set_client_gss_creds(conn->session_info->credentials,
492 conn->event.ctx,
493 conn->lp_ctx,
494 cred_handle,
495 CRED_SPECIFIED, &error_string);
496 if (ret) {
497 pipe_reply.status = NT_STATUS_INTERNAL_ERROR;
498 DEBUG(2, ("Failed to set pipe forwarded creds: %s\n", error_string));
499 goto reply;
500 }
501
502 /* This credential handle isn't useful for password authentication, so ensure nobody tries to do that */
503 cli_credentials_set_kerberos_state(conn->session_info->credentials,
504 CRED_MUST_USE_KERBEROS);
505 }
506
507 conn->session_info->session_key = data_blob_const(pipe_request.info.info3.session_key,
508 pipe_request.info.info3.session_key_length);
509 talloc_steal(conn->session_info, pipe_request.info.info3.session_key);
510
511 break;
512 default:
513 DEBUG(0, ("named_pipe_auth_req: unknown level %u\n",
514 pipe_request.level));
515 pipe_reply.level = 0;
516 pipe_reply.status = NT_STATUS_INVALID_LEVEL;
517 goto reply;
518 }
519
520 reply:
521 /* create the output */
522 ndr_err = ndr_push_struct_blob(&call->out, pipe_conn,
523 &pipe_reply,
524 (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep);
525 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
526 const char *reason;
527 status = ndr_map_error2ntstatus(ndr_err);
528
529 reason = talloc_asprintf(pipe_conn, "named_pipe_auth_request: could not marshall named_pipe_auth_rep: %s\n",
530 nt_errstr(status));
531 if (reason == NULL) {
532 reason = "named_pipe_auth_request: could not marshall named_pipe_auth_rep";
533 }
534 named_pipe_terminate_connection(pipe_conn, reason);
535 return;
536 }
537
538 DEBUG(10,("named_pipe_auth_request: named_pipe_auth reply[%u]\n",
539 (unsigned) call->out.length));
540 dump_data(11, call->out.data, call->out.length);
541 if (DEBUGLVL(10)) {
542 NDR_PRINT_DEBUG(named_pipe_auth_rep, &pipe_reply);
543 }
544
545 call->status = pipe_reply.status;
546
547 call->out_iov[0].iov_base = call->out.data;
548 call->out_iov[0].iov_len = call->out.length;
549
550 subreq = tstream_writev_send(call,
551 pipe_conn->connection->event.ctx,
552 pipe_conn->tstream,
553 call->out_iov, 1);
554 if (subreq == NULL) {
555 named_pipe_terminate_connection(pipe_conn, "named_pipe_auth_request: "
556 "no memory for tstream_writev_send");
557 return;
558 }
559
560 tevent_req_set_callback(subreq, named_pipe_handover_connection, call);
561 }
562
563 static void named_pipe_handover_connection(struct tevent_req *subreq)
564 {
565 struct named_pipe_call *call = tevent_req_callback_data(subreq,
566 struct named_pipe_call);
567 struct named_pipe_connection *pipe_conn = call->pipe_conn;
568 struct stream_connection *conn = pipe_conn->connection;
569 int sys_errno;
570 int rc;
571
572 rc = tstream_writev_recv(subreq, &sys_errno);
573 TALLOC_FREE(subreq);
574 if (rc == -1) {
575 const char *reason;
576
577 reason = talloc_asprintf(call, "named_pipe_handover_connection: "
578 "tstream_writev_recv() - %d:%s",
579 sys_errno, strerror(sys_errno));
580 if (reason == NULL) {
581 reason = "named_pipe_handover_connection: "
582 "tstream_writev_recv() failed";
583 }
584
585 named_pipe_terminate_connection(pipe_conn, reason);
586 return;
587 }
588
589 if (!NT_STATUS_IS_OK(call->status)) {
590 const char *reason;
591
592 reason = talloc_asprintf(call, "named_pipe_handover_connection: "
593 "reply status - %s", nt_errstr(call->status));
594 if (reason == NULL) {
595 reason = nt_errstr(call->status);
596 }
597
598 named_pipe_terminate_connection(pipe_conn, reason);
599 return;
600 }
601
602 /*
603 * remove the named_pipe layer together with its packet layer
604 */
605 conn->ops = pipe_conn->pipe_sock->ops;
606 conn->private_data = pipe_conn->pipe_sock->private_data;
607 talloc_unlink(conn, pipe_conn);
608
609 conn->event.fde = tevent_add_fd(conn->event.ctx,
610 conn,
611 socket_get_fd(conn->socket),
612 TEVENT_FD_READ,
613 stream_io_handler_fde,
614 conn);
615 if (conn->event.fde == NULL) {
616 named_pipe_terminate_connection(pipe_conn, "named_pipe_handover_connection: "
617 "setting up the stream_io_handler_fde failed");
618 return;
619 }
620
621 /*
622 * hand over to the real pipe implementation,
623 * now that we have setup the transport session_info
624 */
625 conn->ops->accept_connection(conn);
626
627 DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n",
628 conn->ops->name));
629
630 /* we don't have to free call here as the connection got closed */
631 }
632
633 /*
634 called when a pipe socket becomes readable
635 */
636 static void named_pipe_recv(struct stream_connection *conn, uint16_t flags)
637 {
638 struct named_pipe_connection *pipe_conn = talloc_get_type(
639 conn->private_data, struct named_pipe_connection);
640
641 named_pipe_terminate_connection(pipe_conn,
642 "named_pipe_recv: called");
643 }
644
645 /*
646 called when a pipe socket becomes writable
647 */
648 static void named_pipe_send(struct stream_connection *conn, uint16_t flags)
649 {
650 struct named_pipe_connection *pipe_conn = talloc_get_type(
651 conn->private_data, struct named_pipe_connection);
652
653 named_pipe_terminate_connection(pipe_conn,
654 "named_pipe_send: called");
655 }
656
657 static const struct stream_server_ops named_pipe_stream_ops = {
658 .name = "named_pipe",
659 .accept_connection = named_pipe_accept,
660 .recv_handler = named_pipe_recv,
661 .send_handler = named_pipe_send,
662 };
663
664 NTSTATUS stream_setup_named_pipe(struct tevent_context *event_context,
665 struct loadparm_context *lp_ctx,
666 const struct model_ops *model_ops,
667 const struct stream_server_ops *stream_ops,
668 const char *pipe_name,
669 void *private_data)
670 {
671 char *dirname;
672 struct named_pipe_socket *pipe_sock;
673 NTSTATUS status = NT_STATUS_NO_MEMORY;;
674
675 pipe_sock = talloc(event_context, struct named_pipe_socket);
676 if (pipe_sock == NULL) {
677 goto fail;
678 }
679
680 /* remember the details about the pipe */
681 pipe_sock->pipe_name = talloc_strdup(pipe_sock, pipe_name);
682 if (pipe_sock->pipe_name == NULL) {
683 goto fail;
684 }
685
686 dirname = talloc_asprintf(pipe_sock, "%s/np", lp_ncalrpc_dir(lp_ctx));
687 if (dirname == NULL) {
688 goto fail;
689 }
690
691 if (!directory_create_or_exist(dirname, geteuid(), 0700)) {
692 status = map_nt_error_from_unix(errno);
693 DEBUG(0,(__location__ ": Failed to create stream pipe directory %s - %s\n",
694 dirname, nt_errstr(status)));
695 goto fail;
696 }
697
698 if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
699 pipe_name += 6;
700 }
701
702 pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
703 pipe_name);
704 if (pipe_sock->pipe_path == NULL) {
705 goto fail;
706 }
707
708 talloc_free(dirname);
709
710 pipe_sock->ops = stream_ops;
711 pipe_sock->private_data = talloc_reference(pipe_sock, private_data);
712
713 status = stream_setup_socket(event_context,
714 lp_ctx,
715 model_ops,
716 &named_pipe_stream_ops,
717 "unix",
718 pipe_sock->pipe_path,
719 NULL,
720 NULL,
721 pipe_sock);
722 if (!NT_STATUS_IS_OK(status)) {
723 goto fail;
724 }
725 return NT_STATUS_OK;
726
727 fail:
728 talloc_free(pipe_sock);
729 return status;
730 }
reg import