2 Unix SMB/CIFS implementation.
4 smbd-specific dcerpc server code
6 Copyright (C) Andrew Tridgell 2003-2005
7 Copyright (C) Stefan (metze) Metzmacher 2004-2005
8 Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2004,2007
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "librpc/gen_ndr/ndr_dcerpc.h"
26 #include "auth/auth.h"
27 #include "../lib/util/dlinklist.h"
28 #include "rpc_server/dcerpc_server.h"
29 #include "rpc_server/dcerpc_server_proto.h"
30 #include "system/filesys.h"
31 #include "lib/messaging/irpc.h"
32 #include "system/network.h"
33 #include "lib/socket/netif.h"
34 #include "param/param.h"
35 #include "../lib/tsocket/tsocket.h"
36 #include "librpc/rpc/dcerpc_proto.h"
37 #include "../lib/util/tevent_ntstatus.h"
38 #include "libcli/raw/smb.h"
39 #include "../libcli/named_pipe_auth/npa_tstream.h"
40 #include "smbd/process_model.h"
42 struct dcesrv_socket_context
{
43 const struct dcesrv_endpoint
*endpoint
;
44 struct dcesrv_context
*dcesrv_ctx
;
47 static void dcesrv_terminate_connection(struct dcesrv_connection
*dce_conn
, const char *reason
)
49 struct stream_connection
*srv_conn
;
50 srv_conn
= talloc_get_type(dce_conn
->transport
.private_data
,
51 struct stream_connection
);
53 stream_terminate_connection(srv_conn
, reason
);
56 static void dcesrv_sock_reply_done(struct tevent_req
*subreq
);
58 struct dcesrv_sock_reply_state
{
59 struct dcesrv_connection
*dce_conn
;
60 struct dcesrv_call_state
*call
;
64 static void dcesrv_sock_report_output_data(struct dcesrv_connection
*dce_conn
)
66 struct dcesrv_call_state
*call
;
68 call
= dce_conn
->call_list
;
69 if (!call
|| !call
->replies
) {
73 while (call
->replies
) {
74 struct data_blob_list_item
*rep
= call
->replies
;
75 struct dcesrv_sock_reply_state
*substate
;
76 struct tevent_req
*subreq
;
78 substate
= talloc(call
, struct dcesrv_sock_reply_state
);
80 dcesrv_terminate_connection(dce_conn
, "no memory");
84 substate
->dce_conn
= dce_conn
;
85 substate
->call
= NULL
;
87 DLIST_REMOVE(call
->replies
, rep
);
89 if (call
->replies
== NULL
) {
90 substate
->call
= call
;
93 substate
->iov
.iov_base
= (void *) rep
->blob
.data
;
94 substate
->iov
.iov_len
= rep
->blob
.length
;
96 subreq
= tstream_writev_queue_send(substate
,
102 dcesrv_terminate_connection(dce_conn
, "no memory");
105 tevent_req_set_callback(subreq
, dcesrv_sock_reply_done
,
109 DLIST_REMOVE(call
->conn
->call_list
, call
);
110 call
->list
= DCESRV_LIST_NONE
;
113 static void dcesrv_sock_reply_done(struct tevent_req
*subreq
)
115 struct dcesrv_sock_reply_state
*substate
= tevent_req_callback_data(subreq
,
116 struct dcesrv_sock_reply_state
);
120 struct dcesrv_call_state
*call
= substate
->call
;
122 ret
= tstream_writev_queue_recv(subreq
, &sys_errno
);
125 status
= map_nt_error_from_unix(sys_errno
);
126 dcesrv_terminate_connection(substate
->dce_conn
, nt_errstr(status
));
130 talloc_free(substate
);
136 struct dcerpc_read_ncacn_packet_state
{
142 struct ncacn_packet
*pkt
;
145 static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context
*stream
,
148 struct iovec
**_vector
,
150 static void dcerpc_read_ncacn_packet_done(struct tevent_req
*subreq
);
152 static struct tevent_req
*dcerpc_read_ncacn_packet_send(TALLOC_CTX
*mem_ctx
,
153 struct tevent_context
*ev
,
154 struct tstream_context
*stream
)
156 struct tevent_req
*req
;
157 struct dcerpc_read_ncacn_packet_state
*state
;
158 struct tevent_req
*subreq
;
160 req
= tevent_req_create(mem_ctx
, &state
,
161 struct dcerpc_read_ncacn_packet_state
);
166 state
->buffer
= data_blob_const(NULL
, 0);
167 state
->pkt
= talloc(state
, struct ncacn_packet
);
168 if (tevent_req_nomem(state
->pkt
, req
)) {
172 subreq
= tstream_readv_pdu_send(state
, ev
,
174 dcerpc_read_ncacn_packet_next_vector
,
176 if (tevent_req_nomem(subreq
, req
)) {
179 tevent_req_set_callback(subreq
, dcerpc_read_ncacn_packet_done
, req
);
183 tevent_req_post(req
, ev
);
187 static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context
*stream
,
190 struct iovec
**_vector
,
193 struct dcerpc_read_ncacn_packet_state
*state
=
194 talloc_get_type_abort(private_data
,
195 struct dcerpc_read_ncacn_packet_state
);
196 struct iovec
*vector
;
199 if (state
->buffer
.length
== 0) {
200 /* first get enough to read the fragment length */
202 state
->buffer
.length
= DCERPC_FRAG_LEN_OFFSET
+ 2;
203 state
->buffer
.data
= talloc_array(state
, uint8_t,
204 state
->buffer
.length
);
205 if (!state
->buffer
.data
) {
208 } else if (state
->buffer
.length
== (DCERPC_FRAG_LEN_OFFSET
+ 2)) {
209 /* now read the fragment length and allocate the full buffer */
210 size_t frag_len
= dcerpc_get_frag_length(&state
->buffer
);
212 ofs
= state
->buffer
.length
;
214 state
->buffer
.data
= talloc_realloc(state
,
217 if (!state
->buffer
.data
) {
220 state
->buffer
.length
= frag_len
;
222 /* if we reach this we have a full fragment */
228 /* now create the vector that we want to be filled */
229 vector
= talloc_array(mem_ctx
, struct iovec
, 1);
234 vector
[0].iov_base
= (void *) (state
->buffer
.data
+ ofs
);
235 vector
[0].iov_len
= state
->buffer
.length
- ofs
;
242 static void dcerpc_read_ncacn_packet_done(struct tevent_req
*subreq
)
244 struct tevent_req
*req
= tevent_req_callback_data(subreq
,
246 struct dcerpc_read_ncacn_packet_state
*state
= tevent_req_data(req
,
247 struct dcerpc_read_ncacn_packet_state
);
250 struct ndr_pull
*ndr
;
251 enum ndr_err_code ndr_err
;
254 ret
= tstream_readv_pdu_recv(subreq
, &sys_errno
);
257 status
= map_nt_error_from_unix(sys_errno
);
258 tevent_req_nterror(req
, status
);
262 ndr
= ndr_pull_init_blob(&state
->buffer
, state
->pkt
);
263 if (tevent_req_nomem(ndr
, req
)) {
267 if (!(CVAL(ndr
->data
, DCERPC_DREP_OFFSET
) & DCERPC_DREP_LE
)) {
268 ndr
->flags
|= LIBNDR_FLAG_BIGENDIAN
;
271 if (CVAL(ndr
->data
, DCERPC_PFC_OFFSET
) & DCERPC_PFC_FLAG_OBJECT_UUID
) {
272 ndr
->flags
|= LIBNDR_FLAG_OBJECT_PRESENT
;
275 ndr_err
= ndr_pull_ncacn_packet(ndr
, NDR_SCALARS
|NDR_BUFFERS
, state
->pkt
);
277 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
278 status
= ndr_map_error2ntstatus(ndr_err
);
279 tevent_req_nterror(req
, status
);
283 tevent_req_done(req
);
286 static NTSTATUS
dcerpc_read_ncacn_packet_recv(struct tevent_req
*req
,
288 struct ncacn_packet
**pkt
,
291 struct dcerpc_read_ncacn_packet_state
*state
= tevent_req_data(req
,
292 struct dcerpc_read_ncacn_packet_state
);
295 if (tevent_req_is_nterror(req
, &status
)) {
296 tevent_req_received(req
);
300 *pkt
= talloc_move(mem_ctx
, &state
->pkt
);
302 buffer
->data
= talloc_move(mem_ctx
, &state
->buffer
.data
);
303 buffer
->length
= state
->buffer
.length
;
306 tevent_req_received(req
);
310 static void dcesrv_read_fragment_done(struct tevent_req
*subreq
);
312 static void dcesrv_sock_accept(struct stream_connection
*srv_conn
)
315 struct dcesrv_socket_context
*dcesrv_sock
=
316 talloc_get_type(srv_conn
->private_data
, struct dcesrv_socket_context
);
317 struct dcesrv_connection
*dcesrv_conn
= NULL
;
319 struct tevent_req
*subreq
;
320 struct loadparm_context
*lp_ctx
= dcesrv_sock
->dcesrv_ctx
->lp_ctx
;
322 if (!srv_conn
->session_info
) {
323 status
= auth_anonymous_session_info(srv_conn
,
325 &srv_conn
->session_info
);
326 if (!NT_STATUS_IS_OK(status
)) {
327 DEBUG(0,("dcesrv_sock_accept: auth_anonymous_session_info failed: %s\n",
329 stream_terminate_connection(srv_conn
, nt_errstr(status
));
334 status
= dcesrv_endpoint_connect(dcesrv_sock
->dcesrv_ctx
,
336 dcesrv_sock
->endpoint
,
337 srv_conn
->session_info
,
341 DCESRV_CALL_STATE_FLAG_MAY_ASYNC
,
343 if (!NT_STATUS_IS_OK(status
)) {
344 DEBUG(0,("dcesrv_sock_accept: dcesrv_endpoint_connect failed: %s\n",
346 stream_terminate_connection(srv_conn
, nt_errstr(status
));
350 dcesrv_conn
->transport
.private_data
= srv_conn
;
351 dcesrv_conn
->transport
.report_output_data
= dcesrv_sock_report_output_data
;
353 TALLOC_FREE(srv_conn
->event
.fde
);
355 dcesrv_conn
->send_queue
= tevent_queue_create(dcesrv_conn
, "dcesrv send queue");
356 if (!dcesrv_conn
->send_queue
) {
357 status
= NT_STATUS_NO_MEMORY
;
358 DEBUG(0,("dcesrv_sock_accept: tevent_queue_create(%s)\n",
360 stream_terminate_connection(srv_conn
, nt_errstr(status
));
364 if (dcesrv_sock
->endpoint
->ep_description
->transport
== NCACN_NP
) {
365 dcesrv_conn
->auth_state
.session_key
= dcesrv_inherited_session_key
;
366 dcesrv_conn
->stream
= talloc_move(dcesrv_conn
,
369 ret
= tstream_bsd_existing_socket(dcesrv_conn
,
370 socket_get_fd(srv_conn
->socket
),
371 &dcesrv_conn
->stream
);
373 status
= map_nt_error_from_unix(errno
);
374 DEBUG(0, ("dcesrv_sock_accept: "
375 "failed to setup tstream: %s\n",
377 stream_terminate_connection(srv_conn
, nt_errstr(status
));
382 dcesrv_conn
->local_address
= srv_conn
->local_address
;
383 dcesrv_conn
->remote_address
= srv_conn
->remote_address
;
385 srv_conn
->private_data
= dcesrv_conn
;
387 irpc_add_name(srv_conn
->msg_ctx
, "rpc_server");
389 subreq
= dcerpc_read_ncacn_packet_send(dcesrv_conn
,
390 dcesrv_conn
->event_ctx
,
391 dcesrv_conn
->stream
);
393 status
= NT_STATUS_NO_MEMORY
;
394 DEBUG(0,("dcesrv_sock_accept: dcerpc_read_fragment_buffer_send(%s)\n",
396 stream_terminate_connection(srv_conn
, nt_errstr(status
));
399 tevent_req_set_callback(subreq
, dcesrv_read_fragment_done
, dcesrv_conn
);
404 static void dcesrv_read_fragment_done(struct tevent_req
*subreq
)
406 struct dcesrv_connection
*dce_conn
= tevent_req_callback_data(subreq
,
407 struct dcesrv_connection
);
408 struct ncacn_packet
*pkt
;
412 status
= dcerpc_read_ncacn_packet_recv(subreq
, dce_conn
,
415 if (!NT_STATUS_IS_OK(status
)) {
416 dcesrv_terminate_connection(dce_conn
, nt_errstr(status
));
420 status
= dcesrv_process_ncacn_packet(dce_conn
, pkt
, buffer
);
421 if (!NT_STATUS_IS_OK(status
)) {
422 dcesrv_terminate_connection(dce_conn
, nt_errstr(status
));
426 subreq
= dcerpc_read_ncacn_packet_send(dce_conn
,
430 status
= NT_STATUS_NO_MEMORY
;
431 dcesrv_terminate_connection(dce_conn
, nt_errstr(status
));
434 tevent_req_set_callback(subreq
, dcesrv_read_fragment_done
, dce_conn
);
437 static void dcesrv_sock_recv(struct stream_connection
*conn
, uint16_t flags
)
439 struct dcesrv_connection
*dce_conn
= talloc_get_type(conn
->private_data
,
440 struct dcesrv_connection
);
441 dcesrv_terminate_connection(dce_conn
, "dcesrv_sock_recv triggered");
444 static void dcesrv_sock_send(struct stream_connection
*conn
, uint16_t flags
)
446 struct dcesrv_connection
*dce_conn
= talloc_get_type(conn
->private_data
,
447 struct dcesrv_connection
);
448 dcesrv_terminate_connection(dce_conn
, "dcesrv_sock_send triggered");
452 static const struct stream_server_ops dcesrv_stream_ops
= {
454 .accept_connection
= dcesrv_sock_accept
,
455 .recv_handler
= dcesrv_sock_recv
,
456 .send_handler
= dcesrv_sock_send
,
461 static NTSTATUS
dcesrv_add_ep_unix(struct dcesrv_context
*dce_ctx
,
462 struct loadparm_context
*lp_ctx
,
463 struct dcesrv_endpoint
*e
,
464 struct tevent_context
*event_ctx
, const struct model_ops
*model_ops
)
466 struct dcesrv_socket_context
*dcesrv_sock
;
470 dcesrv_sock
= talloc(event_ctx
, struct dcesrv_socket_context
);
471 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock
);
473 /* remember the endpoint of this socket */
474 dcesrv_sock
->endpoint
= e
;
475 dcesrv_sock
->dcesrv_ctx
= talloc_reference(dcesrv_sock
, dce_ctx
);
477 status
= stream_setup_socket(event_ctx
, lp_ctx
,
478 model_ops
, &dcesrv_stream_ops
,
479 "unix", e
->ep_description
->endpoint
, &port
,
480 lpcfg_socket_options(lp_ctx
),
482 if (!NT_STATUS_IS_OK(status
)) {
483 DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n",
484 e
->ep_description
->endpoint
, nt_errstr(status
)));
490 static NTSTATUS
dcesrv_add_ep_ncalrpc(struct dcesrv_context
*dce_ctx
,
491 struct loadparm_context
*lp_ctx
,
492 struct dcesrv_endpoint
*e
,
493 struct tevent_context
*event_ctx
, const struct model_ops
*model_ops
)
495 struct dcesrv_socket_context
*dcesrv_sock
;
500 if (!e
->ep_description
->endpoint
) {
501 /* No identifier specified: use DEFAULT.
502 * DO NOT hardcode this value anywhere else. Rather, specify
503 * no endpoint and let the epmapper worry about it. */
504 e
->ep_description
->endpoint
= talloc_strdup(dce_ctx
, "DEFAULT");
507 full_path
= talloc_asprintf(dce_ctx
, "%s/%s", lpcfg_ncalrpc_dir(lp_ctx
),
508 e
->ep_description
->endpoint
);
510 dcesrv_sock
= talloc(event_ctx
, struct dcesrv_socket_context
);
511 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock
);
513 /* remember the endpoint of this socket */
514 dcesrv_sock
->endpoint
= e
;
515 dcesrv_sock
->dcesrv_ctx
= talloc_reference(dcesrv_sock
, dce_ctx
);
517 status
= stream_setup_socket(event_ctx
, lp_ctx
,
518 model_ops
, &dcesrv_stream_ops
,
519 "unix", full_path
, &port
,
520 lpcfg_socket_options(lp_ctx
),
522 if (!NT_STATUS_IS_OK(status
)) {
523 DEBUG(0,("service_setup_stream_socket(identifier=%s,path=%s) failed - %s\n",
524 e
->ep_description
->endpoint
, full_path
, nt_errstr(status
)));
529 static NTSTATUS
dcesrv_add_ep_np(struct dcesrv_context
*dce_ctx
,
530 struct loadparm_context
*lp_ctx
,
531 struct dcesrv_endpoint
*e
,
532 struct tevent_context
*event_ctx
, const struct model_ops
*model_ops
)
534 struct dcesrv_socket_context
*dcesrv_sock
;
537 if (e
->ep_description
->endpoint
== NULL
) {
538 DEBUG(0, ("Endpoint mandatory for named pipes\n"));
539 return NT_STATUS_INVALID_PARAMETER
;
542 dcesrv_sock
= talloc(event_ctx
, struct dcesrv_socket_context
);
543 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock
);
545 /* remember the endpoint of this socket */
546 dcesrv_sock
->endpoint
= e
;
547 dcesrv_sock
->dcesrv_ctx
= talloc_reference(dcesrv_sock
, dce_ctx
);
549 status
= tstream_setup_named_pipe(event_ctx
, lp_ctx
,
550 model_ops
, &dcesrv_stream_ops
,
551 e
->ep_description
->endpoint
,
553 if (!NT_STATUS_IS_OK(status
)) {
554 DEBUG(0,("stream_setup_named_pipe(pipe=%s) failed - %s\n",
555 e
->ep_description
->endpoint
, nt_errstr(status
)));
563 add a socket address to the list of events, one event per dcerpc endpoint
565 static NTSTATUS
add_socket_rpc_tcp_iface(struct dcesrv_context
*dce_ctx
, struct dcesrv_endpoint
*e
,
566 struct tevent_context
*event_ctx
, const struct model_ops
*model_ops
,
569 struct dcesrv_socket_context
*dcesrv_sock
;
573 if (e
->ep_description
->endpoint
) {
574 port
= atoi(e
->ep_description
->endpoint
);
577 dcesrv_sock
= talloc(event_ctx
, struct dcesrv_socket_context
);
578 NT_STATUS_HAVE_NO_MEMORY(dcesrv_sock
);
580 /* remember the endpoint of this socket */
581 dcesrv_sock
->endpoint
= e
;
582 dcesrv_sock
->dcesrv_ctx
= talloc_reference(dcesrv_sock
, dce_ctx
);
584 status
= stream_setup_socket(event_ctx
, dce_ctx
->lp_ctx
,
585 model_ops
, &dcesrv_stream_ops
,
586 "ipv4", address
, &port
,
587 lpcfg_socket_options(dce_ctx
->lp_ctx
),
589 if (!NT_STATUS_IS_OK(status
)) {
590 DEBUG(0,("service_setup_stream_socket(address=%s,port=%u) failed - %s\n",
591 address
, port
, nt_errstr(status
)));
594 if (e
->ep_description
->endpoint
== NULL
) {
595 e
->ep_description
->endpoint
= talloc_asprintf(dce_ctx
, "%d", port
);
601 static NTSTATUS
dcesrv_add_ep_tcp(struct dcesrv_context
*dce_ctx
,
602 struct loadparm_context
*lp_ctx
,
603 struct dcesrv_endpoint
*e
,
604 struct tevent_context
*event_ctx
, const struct model_ops
*model_ops
)
608 /* Add TCP/IP sockets */
609 if (lpcfg_interfaces(lp_ctx
) && lpcfg_bind_interfaces_only(lp_ctx
)) {
612 struct interface
*ifaces
;
614 load_interfaces(dce_ctx
, lpcfg_interfaces(lp_ctx
), &ifaces
);
616 num_interfaces
= iface_count(ifaces
);
617 for(i
= 0; i
< num_interfaces
; i
++) {
618 const char *address
= iface_n_ip(ifaces
, i
);
619 status
= add_socket_rpc_tcp_iface(dce_ctx
, e
, event_ctx
, model_ops
, address
);
620 NT_STATUS_NOT_OK_RETURN(status
);
623 status
= add_socket_rpc_tcp_iface(dce_ctx
, e
, event_ctx
, model_ops
,
624 lpcfg_socket_address(lp_ctx
));
625 NT_STATUS_NOT_OK_RETURN(status
);
631 NTSTATUS
dcesrv_add_ep(struct dcesrv_context
*dce_ctx
,
632 struct loadparm_context
*lp_ctx
,
633 struct dcesrv_endpoint
*e
,
634 struct tevent_context
*event_ctx
,
635 const struct model_ops
*model_ops
)
637 switch (e
->ep_description
->transport
) {
638 case NCACN_UNIX_STREAM
:
639 return dcesrv_add_ep_unix(dce_ctx
, lp_ctx
, e
, event_ctx
, model_ops
);
642 return dcesrv_add_ep_ncalrpc(dce_ctx
, lp_ctx
, e
, event_ctx
, model_ops
);
645 return dcesrv_add_ep_tcp(dce_ctx
, lp_ctx
, e
, event_ctx
, model_ops
);
648 return dcesrv_add_ep_np(dce_ctx
, lp_ctx
, e
, event_ctx
, model_ops
);
651 return NT_STATUS_NOT_SUPPORTED
;
656 open the dcerpc server sockets
658 static void dcesrv_task_init(struct task_server
*task
)
661 struct dcesrv_context
*dce_ctx
;
662 struct dcesrv_endpoint
*e
;
663 const struct model_ops
*model_ops
;
665 dcerpc_server_init(task
->lp_ctx
);
667 task_server_set_title(task
, "task[dcesrv]");
669 /* run the rpc server as a single process to allow for shard
670 * handles, and sharing of ldb contexts */
671 model_ops
= process_model_startup(task
->event_ctx
, "single");
672 if (!model_ops
) goto failed
;
674 status
= dcesrv_init_context(task
->event_ctx
,
676 lpcfg_dcerpc_endpoint_servers(task
->lp_ctx
),
678 if (!NT_STATUS_IS_OK(status
)) goto failed
;
680 /* Make sure the directory for NCALRPC exists */
681 if (!directory_exist(lpcfg_ncalrpc_dir(task
->lp_ctx
))) {
682 mkdir(lpcfg_ncalrpc_dir(task
->lp_ctx
), 0755);
685 for (e
=dce_ctx
->endpoint_list
;e
;e
=e
->next
) {
686 status
= dcesrv_add_ep(dce_ctx
, task
->lp_ctx
, e
, task
->event_ctx
, model_ops
);
687 if (!NT_STATUS_IS_OK(status
)) goto failed
;
692 task_server_terminate(task
, "Failed to startup dcerpc server task", true);
695 NTSTATUS
server_service_rpc_init(void)
698 return register_server_service("rpc", dcesrv_task_init
);