search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use ntvfs session close to close downstream session
[Samba/vfs_proxy.git] / source4 / smbd / service_named_pipe.c
blobb2b102c01fcb44c7c100aff35bbad43603a152bf
1 /*
2 Unix SMB/CIFS implementation.
3
4 helper functions for NAMED PIPE servers
5
6 Copyright (C) Stefan (metze) Metzmacher 2008
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "lib/socket/socket.h"
24 #include "smbd/service.h"
25 #include "param/param.h"
26 #include "auth/session.h"
27 #include "lib/stream/packet.h"
28 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
29 #include "system/passwd.h"
30
31 struct named_pipe_socket {
32 const char *pipe_name;
33 const char *pipe_path;
34 const struct stream_server_ops *ops;
35 void *private_data;
36 };
37
38 struct named_pipe_connection {
39 struct stream_connection *connection;
40 struct packet_context *packet;
41 const struct named_pipe_socket *pipe_sock;
42 NTSTATUS status;
43 };
44
45 static void named_pipe_handover_connection(void *private_data)
46 {
47 struct named_pipe_connection *pipe_conn = talloc_get_type(
48 private_data, struct named_pipe_connection);
49 struct stream_connection *conn = pipe_conn->connection;
50
51 EVENT_FD_NOT_WRITEABLE(conn->event.fde);
52
53 if (!NT_STATUS_IS_OK(pipe_conn->status)) {
54 stream_terminate_connection(conn, nt_errstr(pipe_conn->status));
55 return;
56 }
57
58 /*
59 * remove the named_pipe layer together with its packet layer
60 */
61 conn->ops = pipe_conn->pipe_sock->ops;
62 conn->private = pipe_conn->pipe_sock->private_data;
63 talloc_free(pipe_conn);
64
65 /* we're now ready to start receiving events on this stream */
66 EVENT_FD_READABLE(conn->event.fde);
67
68 /*
69 * hand over to the real pipe implementation,
70 * now that we have setup the transport session_info
71 */
72 conn->ops->accept_connection(conn);
73
74 DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n",
75 conn->ops->name));
76 }
77
78 static NTSTATUS named_pipe_recv_auth_request(void *private_data,
79 DATA_BLOB req_blob)
80 {
81 struct named_pipe_connection *pipe_conn = talloc_get_type(
82 private_data, struct named_pipe_connection);
83 struct stream_connection *conn = pipe_conn->connection;
84 enum ndr_err_code ndr_err;
85 struct named_pipe_auth_req req;
86 union netr_Validation val;
87 struct auth_serversupplied_info *server_info;
88 struct named_pipe_auth_rep rep;
89 DATA_BLOB rep_blob;
90 NTSTATUS status;
91
92 /*
93 * make sure nothing happens on the socket untill the
94 * real implemenation takes over
95 */
96 packet_recv_disable(pipe_conn->packet);
97
98 /*
99 * TODO: check it's a root (uid == 0) pipe
100 */
101
102 ZERO_STRUCT(rep);
103 rep.level = 0;
104 rep.status = NT_STATUS_INTERNAL_ERROR;
105
106 DEBUG(10,("named_pipe_auth: req_blob.length[%u]\n",
107 (unsigned int)req_blob.length));
108 dump_data(10, req_blob.data, req_blob.length);
109
110 /* parse the passed credentials */
111 ndr_err = ndr_pull_struct_blob_all(
112 &req_blob,
113 pipe_conn,
114 lp_iconv_convenience(conn->lp_ctx),
115 &req,
116 (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req);
117 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
118 rep.status = ndr_map_error2ntstatus(ndr_err);
119 DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n",
120 nt_errstr(rep.status)));
121 goto reply;
122 }
123
124 if (strcmp(NAMED_PIPE_AUTH_MAGIC, req.magic) != 0) {
125 DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n",
126 req.magic, NAMED_PIPE_AUTH_MAGIC));
127 rep.status = NT_STATUS_INVALID_PARAMETER;
128 goto reply;
129 }
130
131 switch (req.level) {
132 case 0:
133 /*
134 * anon connection, we don't create a session info
135 * and leave it NULL
136 */
137 rep.level = 0;
138 rep.status = NT_STATUS_OK;
139 break;
140 case 1:
141 val.sam3 = &req.info.info1;
142
143 rep.level = 1;
144 rep.status = make_server_info_netlogon_validation(pipe_conn,
145 "TODO",
146 3, &val,
147 &server_info);
148 if (!NT_STATUS_IS_OK(rep.status)) {
149 DEBUG(2, ("make_server_info_netlogon_validation returned "
150 "%s\n", nt_errstr(rep.status)));
151 goto reply;
152 }
153
154 /* setup the session_info on the connection */
155 rep.status = auth_generate_session_info(conn,
156 conn->event.ctx,
157 conn->lp_ctx,
158 server_info,
159 &conn->session_info);
160 if (!NT_STATUS_IS_OK(rep.status)) {
161 DEBUG(2, ("auth_generate_session_info failed: %s\n",
162 nt_errstr(rep.status)));
163 goto reply;
164 }
165
166 break;
167 default:
168 DEBUG(2, ("named_pipe_auth_req: unknown level %u\n",
169 req.level));
170 rep.level = 0;
171 rep.status = NT_STATUS_INVALID_LEVEL;
172 goto reply;
173 }
174
175 reply:
176 /* create the output */
177 ndr_err = ndr_push_struct_blob(&rep_blob, pipe_conn,
178 lp_iconv_convenience(conn->lp_ctx),
179 &rep,
180 (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep);
181 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
182 status = ndr_map_error2ntstatus(ndr_err);
183 DEBUG(2, ("Could not marshall named_pipe_auth_rep: %s\n",
184 nt_errstr(status)));
185 return status;
186 }
187
188 pipe_conn->status = rep.status;
189
190 DEBUG(10,("named_pipe_auth reply[%u]\n", rep_blob.length));
191 dump_data(10, rep_blob.data, rep_blob.length);
192 status = packet_send_callback(pipe_conn->packet, rep_blob,
193 named_pipe_handover_connection,
194 pipe_conn);
195 if (!NT_STATUS_IS_OK(status)) {
196 DEBUG(0, ("packet_send_callback returned %s\n",
197 nt_errstr(status)));
198 return status;
199 }
200
201 return NT_STATUS_OK;
202 }
203
204 /*
205 called when a pipe socket becomes readable
206 */
207 static void named_pipe_recv(struct stream_connection *conn, uint16_t flags)
208 {
209 struct named_pipe_connection *pipe_conn = talloc_get_type(
210 conn->private, struct named_pipe_connection);
211
212 DEBUG(10,("named_pipe_recv\n"));
213
214 packet_recv(pipe_conn->packet);
215 }
216
217 /*
218 called when a pipe socket becomes writable
219 */
220 static void named_pipe_send(struct stream_connection *conn, uint16_t flags)
221 {
222 struct named_pipe_connection *pipe_conn = talloc_get_type(
223 conn->private, struct named_pipe_connection);
224
225 packet_queue_run(pipe_conn->packet);
226 }
227
228 /*
229 handle socket recv errors
230 */
231 static void named_pipe_recv_error(void *private_data, NTSTATUS status)
232 {
233 struct named_pipe_connection *pipe_conn = talloc_get_type(
234 private_data, struct named_pipe_connection);
235
236 stream_terminate_connection(pipe_conn->connection, nt_errstr(status));
237 }
238
239 static NTSTATUS named_pipe_full_request(void *private, DATA_BLOB blob, size_t *size)
240 {
241 if (blob.length < 8) {
242 return STATUS_MORE_ENTRIES;
243 }
244
245 if (memcmp(NAMED_PIPE_AUTH_MAGIC, &blob.data[4], 4) != 0) {
246 DEBUG(0,("named_pipe_full_request: wrong protocol\n"));
247 *size = blob.length;
248 /* the error will be handled in named_pipe_recv_auth_request */
249 return NT_STATUS_OK;
250 }
251
252 *size = 4 + RIVAL(blob.data, 0);
253 if (*size > blob.length) {
254 return STATUS_MORE_ENTRIES;
255 }
256
257 return NT_STATUS_OK;
258 }
259
260 static void named_pipe_accept(struct stream_connection *conn)
261 {
262 struct named_pipe_socket *pipe_sock = talloc_get_type(
263 conn->private, struct named_pipe_socket);
264 struct named_pipe_connection *pipe_conn;
265
266 DEBUG(5,("named_pipe_accept\n"));
267
268 pipe_conn = talloc_zero(conn, struct named_pipe_connection);
269 if (!pipe_conn) {
270 stream_terminate_connection(conn, "out of memory");
271 return;
272 }
273
274 pipe_conn->packet = packet_init(pipe_conn);
275 if (!pipe_conn->packet) {
276 stream_terminate_connection(conn, "out of memory");
277 return;
278 }
279 packet_set_private(pipe_conn->packet, pipe_conn);
280 packet_set_socket(pipe_conn->packet, conn->socket);
281 packet_set_callback(pipe_conn->packet, named_pipe_recv_auth_request);
282 packet_set_full_request(pipe_conn->packet, named_pipe_full_request);
283 packet_set_error_handler(pipe_conn->packet, named_pipe_recv_error);
284 packet_set_event_context(pipe_conn->packet, conn->event.ctx);
285 packet_set_fde(pipe_conn->packet, conn->event.fde);
286 packet_set_serialise(pipe_conn->packet);
287 packet_set_initial_read(pipe_conn->packet, 8);
288
289 pipe_conn->pipe_sock = pipe_sock;
290
291 pipe_conn->connection = conn;
292 conn->private = pipe_conn;
293 }
294
295 static const struct stream_server_ops named_pipe_stream_ops = {
296 .name = "named_pipe",
297 .accept_connection = named_pipe_accept,
298 .recv_handler = named_pipe_recv,
299 .send_handler = named_pipe_send,
300 };
301
302 NTSTATUS stream_setup_named_pipe(struct event_context *event_context,
303 struct loadparm_context *lp_ctx,
304 const struct model_ops *model_ops,
305 const struct stream_server_ops *stream_ops,
306 const char *pipe_name,
307 void *private_data)
308 {
309 char *dirname;
310 struct named_pipe_socket *pipe_sock;
311 NTSTATUS status = NT_STATUS_NO_MEMORY;;
312
313 pipe_sock = talloc(event_context, struct named_pipe_socket);
314 if (pipe_sock == NULL) {
315 goto fail;
316 }
317
318 /* remember the details about the pipe */
319 pipe_sock->pipe_name = talloc_strdup(pipe_sock, pipe_name);
320 if (pipe_sock->pipe_name == NULL) {
321 goto fail;
322 }
323
324 dirname = talloc_asprintf(pipe_sock, "%s/np", lp_ncalrpc_dir(lp_ctx));
325 if (dirname == NULL) {
326 goto fail;
327 }
328
329 if (!directory_create_or_exist(dirname, geteuid(), 0700)) {
330 status = map_nt_error_from_unix(errno);
331 goto fail;
332 }
333
334 if (strncmp(pipe_name, "\\pipe\\", 6) == 0) {
335 pipe_name += 6;
336 }
337
338 pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname,
339 pipe_name);
340 if (pipe_sock->pipe_path == NULL) {
341 goto fail;
342 }
343
344 talloc_free(dirname);
345
346 pipe_sock->ops = stream_ops;
347 pipe_sock->private_data = talloc_reference(pipe_sock, private_data);
348
349 status = stream_setup_socket(event_context,
350 lp_ctx,
351 model_ops,
352 &named_pipe_stream_ops,
353 "unix",
354 pipe_sock->pipe_path,
355 NULL,
356 NULL,
357 pipe_sock);
358 if (!NT_STATUS_IS_OK(status)) {
359 goto fail;
360 }
361 return NT_STATUS_OK;
362
363 fail:
364 talloc_free(pipe_sock);
365 return status;
366 }
Proof-of-concept samba4 based caching proxy