2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Largely re-written : 2005
6 * Copyright (C) Jeremy Allison 1998 - 2005
7 * Copyright (C) Simo Sorce 2010
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "rpc_client/cli_pipe.h"
25 #include "rpc_server/srv_pipe_internal.h"
27 #include "../libcli/named_pipe_auth/npa_tstream.h"
28 #include "rpc_server/rpc_ncacn_np.h"
29 #include "librpc/gen_ndr/netlogon.h"
30 #include "librpc/gen_ndr/auth.h"
31 #include "../auth/auth_sam_reply.h"
34 #include "../lib/tsocket/tsocket.h"
35 #include "../lib/util/tevent_ntstatus.h"
36 #include "rpc_contexts.h"
39 #define DBGC_CLASS DBGC_RPC_SRV
41 static int pipes_open;
43 static struct pipes_struct *InternalPipes;
46 * the following prototypes are declared here to avoid
47 * code being moved about too much for a patch to be
48 * disrupted / less obvious.
50 * these functions, and associated functions that they
51 * call, should be moved behind a .so module-loading
52 * system _anyway_. so that's the next step...
55 /****************************************************************************
56 Internal Pipe iterator functions.
57 ****************************************************************************/
59 struct pipes_struct *get_first_internal_pipe(void)
64 struct pipes_struct *get_next_internal_pipe(struct pipes_struct *p)
69 static void free_pipe_rpc_context_internal( PIPE_RPC_FNS *list )
71 PIPE_RPC_FNS *tmp = list;
83 bool check_open_pipes(void)
85 struct pipes_struct *p;
87 for (p = InternalPipes; p != NULL; p = p->next) {
88 if (num_pipe_handles(p) != 0) {
95 /****************************************************************************
97 ****************************************************************************/
99 int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
102 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
106 TALLOC_FREE(p->auth.auth_ctx);
108 free_pipe_rpc_context_internal( p->contexts );
110 /* Free the handles database. */
111 close_policy_by_pipe(p);
113 DLIST_REMOVE(InternalPipes, p);
120 /****************************************************************************
121 Make an internal namedpipes structure
122 ****************************************************************************/
124 struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
125 const struct ndr_syntax_id *syntax,
126 struct client_address *client_id,
127 const struct auth_serversupplied_info *session_info,
128 struct messaging_context *msg_ctx)
130 struct pipes_struct *p;
131 struct pipe_rpc_fns *context_fns;
133 DEBUG(4,("Create pipe requested %s\n",
134 get_pipe_name_from_syntax(talloc_tos(), syntax)));
136 p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
139 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
143 p->mem_ctx = talloc_named(p, 0, "pipe %s %p",
144 get_pipe_name_from_syntax(talloc_tos(),
146 if (p->mem_ctx == NULL) {
147 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
152 if (!init_pipe_handles(p, syntax)) {
153 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
158 p->session_info = copy_serverinfo(p, session_info);
159 if (p->session_info == NULL) {
160 DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
161 close_policy_by_pipe(p);
166 p->msg_ctx = msg_ctx;
168 DLIST_ADD(InternalPipes, p);
170 p->client_id = client_id;
172 p->endian = RPC_LITTLE_ENDIAN;
175 p->transport = NCALRPC;
177 context_fns = SMB_MALLOC_P(struct pipe_rpc_fns);
178 if (context_fns == NULL) {
179 DEBUG(0,("malloc() failed!\n"));
183 context_fns->next = context_fns->prev = NULL;
184 context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(syntax);
185 context_fns->cmds = rpc_srv_get_pipe_cmds(syntax);
186 context_fns->context_id = 0;
187 context_fns->syntax = *syntax;
189 /* add to the list of open contexts */
190 DLIST_ADD(p->contexts, context_fns);
192 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
193 get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
195 talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
200 static NTSTATUS rpcint_dispatch(struct pipes_struct *p,
203 const DATA_BLOB *in_data,
206 struct pipe_rpc_fns *fns = find_pipe_fns_by_context(p->contexts, 0);
207 uint32_t num_cmds = fns->n_cmds;
208 const struct api_struct *cmds = fns->cmds;
215 for (i = 0; i < num_cmds; i++) {
216 if (cmds[i].opnum == opnum && cmds[i].fn != NULL) {
222 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
225 p->in_data.data = *in_data;
226 p->out_data.rdata = data_blob_null;
229 p->in_data.data = data_blob_null;
231 data_blob_free(&p->out_data.rdata);
232 talloc_free_children(p->mem_ctx);
233 return NT_STATUS_RPC_CALL_FAILED;
236 if (p->fault_state) {
237 p->fault_state = false;
238 data_blob_free(&p->out_data.rdata);
239 talloc_free_children(p->mem_ctx);
240 return NT_STATUS_RPC_CALL_FAILED;
243 if (p->bad_handle_fault_state) {
244 p->bad_handle_fault_state = false;
245 data_blob_free(&p->out_data.rdata);
246 talloc_free_children(p->mem_ctx);
247 return NT_STATUS_RPC_SS_CONTEXT_MISMATCH;
250 if (p->rng_fault_state) {
251 p->rng_fault_state = false;
252 data_blob_free(&p->out_data.rdata);
253 talloc_free_children(p->mem_ctx);
254 return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
257 *out_data = p->out_data.rdata;
258 talloc_steal(mem_ctx, out_data->data);
259 p->out_data.rdata = data_blob_null;
261 talloc_free_children(p->mem_ctx);
265 struct rpcint_bh_state {
266 struct pipes_struct *p;
269 static bool rpcint_bh_is_connected(struct dcerpc_binding_handle *h)
271 struct rpcint_bh_state *hs = dcerpc_binding_handle_data(h,
272 struct rpcint_bh_state);
281 static uint32_t rpcint_bh_set_timeout(struct dcerpc_binding_handle *h,
284 /* TODO: implement timeouts */
288 struct rpcint_bh_raw_call_state {
294 static struct tevent_req *rpcint_bh_raw_call_send(TALLOC_CTX *mem_ctx,
295 struct tevent_context *ev,
296 struct dcerpc_binding_handle *h,
297 const struct GUID *object,
300 const uint8_t *in_data,
303 struct rpcint_bh_state *hs =
304 dcerpc_binding_handle_data(h,
305 struct rpcint_bh_state);
306 struct tevent_req *req;
307 struct rpcint_bh_raw_call_state *state;
311 req = tevent_req_create(mem_ctx, &state,
312 struct rpcint_bh_raw_call_state);
316 state->in_data.data = discard_const_p(uint8_t, in_data);
317 state->in_data.length = in_length;
319 ok = rpcint_bh_is_connected(h);
321 tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
322 return tevent_req_post(req, ev);
325 /* TODO: allow async */
326 status = rpcint_dispatch(hs->p, state, opnum,
329 if (!NT_STATUS_IS_OK(status)) {
330 tevent_req_nterror(req, status);
331 return tevent_req_post(req, ev);
334 tevent_req_done(req);
335 return tevent_req_post(req, ev);
338 static NTSTATUS rpcint_bh_raw_call_recv(struct tevent_req *req,
344 struct rpcint_bh_raw_call_state *state =
346 struct rpcint_bh_raw_call_state);
349 if (tevent_req_is_nterror(req, &status)) {
350 tevent_req_received(req);
354 *out_data = talloc_move(mem_ctx, &state->out_data.data);
355 *out_length = state->out_data.length;
357 tevent_req_received(req);
361 struct rpcint_bh_disconnect_state {
365 static struct tevent_req *rpcint_bh_disconnect_send(TALLOC_CTX *mem_ctx,
366 struct tevent_context *ev,
367 struct dcerpc_binding_handle *h)
369 struct rpcint_bh_state *hs = dcerpc_binding_handle_data(h,
370 struct rpcint_bh_state);
371 struct tevent_req *req;
372 struct rpcint_bh_disconnect_state *state;
375 req = tevent_req_create(mem_ctx, &state,
376 struct rpcint_bh_disconnect_state);
381 ok = rpcint_bh_is_connected(h);
383 tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
384 return tevent_req_post(req, ev);
388 * TODO: do a real async disconnect ...
390 * For now the caller needs to free pipes_struct
394 tevent_req_done(req);
395 return tevent_req_post(req, ev);
398 static NTSTATUS rpcint_bh_disconnect_recv(struct tevent_req *req)
402 if (tevent_req_is_nterror(req, &status)) {
403 tevent_req_received(req);
407 tevent_req_received(req);
411 static bool rpcint_bh_ref_alloc(struct dcerpc_binding_handle *h)
416 static void rpcint_bh_do_ndr_print(struct dcerpc_binding_handle *h,
418 const void *_struct_ptr,
419 const struct ndr_interface_call *call)
421 void *struct_ptr = discard_const(_struct_ptr);
423 if (DEBUGLEVEL < 11) {
427 if (ndr_flags & NDR_IN) {
428 ndr_print_function_debug(call->ndr_print,
433 if (ndr_flags & NDR_OUT) {
434 ndr_print_function_debug(call->ndr_print,
441 static const struct dcerpc_binding_handle_ops rpcint_bh_ops = {
443 .is_connected = rpcint_bh_is_connected,
444 .set_timeout = rpcint_bh_set_timeout,
445 .raw_call_send = rpcint_bh_raw_call_send,
446 .raw_call_recv = rpcint_bh_raw_call_recv,
447 .disconnect_send = rpcint_bh_disconnect_send,
448 .disconnect_recv = rpcint_bh_disconnect_recv,
450 .ref_alloc = rpcint_bh_ref_alloc,
451 .do_ndr_print = rpcint_bh_do_ndr_print,
454 static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx,
455 const struct ndr_syntax_id *abstract_syntax,
456 const struct ndr_interface_table *ndr_table,
457 struct client_address *client_id,
458 const struct auth_serversupplied_info *session_info,
459 struct messaging_context *msg_ctx,
460 struct dcerpc_binding_handle **binding_handle)
462 struct dcerpc_binding_handle *h;
463 struct rpcint_bh_state *hs;
466 abstract_syntax = &ndr_table->syntax_id;
469 h = dcerpc_binding_handle_create(mem_ctx,
474 struct rpcint_bh_state,
477 return NT_STATUS_NO_MEMORY;
479 hs->p = make_internal_rpc_pipe_p(hs,
486 return NT_STATUS_NO_MEMORY;
493 * @brief Create a new DCERPC Binding Handle which uses a local dispatch function.
495 * @param[in] mem_ctx The memory context to use.
497 * @param[in] ndr_table Normally the ndr_table_<name>.
499 * @param[in] client_id The info about the connected client.
501 * @param[in] serversupplied_info The server supplied authentication function.
503 * @param[in] msg_ctx The messaging context that can be used by the server
505 * @param[out] binding_handle A pointer to store the connected
506 * dcerpc_binding_handle
508 * @return NT_STATUS_OK on success, a corresponding NT status if an
512 * struct dcerpc_binding_handle *winreg_binding;
515 * status = rpcint_binding_handle(tmp_ctx,
523 NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx,
524 const struct ndr_interface_table *ndr_table,
525 struct client_address *client_id,
526 const struct auth_serversupplied_info *session_info,
527 struct messaging_context *msg_ctx,
528 struct dcerpc_binding_handle **binding_handle)
530 return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, client_id,
531 session_info, msg_ctx, binding_handle);
537 * @brief Create a new RPC client context which uses a local transport.
539 * This creates a local transport. It is a shortcut to directly call the server
540 * functions and avoid marshalling.
541 * NOTE: this function should be used only by rpc_pipe_open_interface()
543 * @param[in] mem_ctx The memory context to use.
545 * @param[in] abstract_syntax Normally the syntax_id of the autogenerated
548 * @param[in] serversupplied_info The server supplied authentication function.
550 * @param[in] client_id The client address information.
552 * @param[in] msg_ctx The messaging context to use.
554 * @param[out] presult A pointer to store the connected rpc client pipe.
556 * @return NT_STATUS_OK on success, a corresponding NT status if an
559 static NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
560 const struct ndr_syntax_id *abstract_syntax,
561 const struct auth_serversupplied_info *serversupplied_info,
562 struct client_address *client_id,
563 struct messaging_context *msg_ctx,
564 struct rpc_pipe_client **presult)
566 struct rpc_pipe_client *result;
569 result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
570 if (result == NULL) {
571 return NT_STATUS_NO_MEMORY;
574 result->abstract_syntax = *abstract_syntax;
575 result->transfer_syntax = ndr_transfer_syntax;
577 if (client_id == NULL) {
578 static struct client_address unknown;
579 strlcpy(unknown.addr, "<UNKNOWN>", sizeof(unknown.addr));
580 unknown.name = "<UNKNOWN>";
581 client_id = &unknown;
584 result->max_xmit_frag = -1;
585 result->max_recv_frag = -1;
587 status = rpcint_binding_handle_ex(result,
593 &result->binding_handle);
594 if (!NT_STATUS_IS_OK(status)) {
603 /****************************************************************************
604 * External pipes functions
605 ***************************************************************************/
608 struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
609 const char *pipe_name,
610 const struct tsocket_address *local_address,
611 const struct tsocket_address *remote_address,
612 const struct auth_serversupplied_info *session_info)
614 struct np_proxy_state *result;
616 const char *socket_dir;
617 struct tevent_context *ev;
618 struct tevent_req *subreq;
619 struct auth_session_info_transport *session_info_t;
620 struct auth_session_info *session_info_npa;
621 struct auth_user_info_dc *user_info_dc;
622 union netr_Validation val;
628 result = talloc(mem_ctx, struct np_proxy_state);
629 if (result == NULL) {
630 DEBUG(0, ("talloc failed\n"));
634 result->read_queue = tevent_queue_create(result, "np_read");
635 if (result->read_queue == NULL) {
636 DEBUG(0, ("tevent_queue_create failed\n"));
640 result->write_queue = tevent_queue_create(result, "np_write");
641 if (result->write_queue == NULL) {
642 DEBUG(0, ("tevent_queue_create failed\n"));
646 ev = s3_tevent_context_init(talloc_tos());
648 DEBUG(0, ("s3_tevent_context_init failed\n"));
652 socket_dir = lp_parm_const_string(
653 GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
655 if (socket_dir == NULL) {
656 DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n"));
659 socket_np_dir = talloc_asprintf(talloc_tos(), "%s/np", socket_dir);
660 if (socket_np_dir == NULL) {
661 DEBUG(0, ("talloc_asprintf failed\n"));
665 session_info_npa = talloc_zero(talloc_tos(), struct auth_session_info);
666 if (session_info_npa == NULL) {
667 DEBUG(0, ("talloc failed\n"));
671 /* Send the named_pipe_auth server the user's full token */
672 session_info_npa->security_token = session_info->security_token;
673 session_info_npa->session_key = session_info->session_key;
675 val.sam3 = session_info->info3;
677 /* Convert into something we can build a struct
678 * auth_session_info from. Most of the work here
679 * will be to convert the SIDS, which we will then ignore, but
680 * this is the easier way to handle it */
681 status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
682 if (!NT_STATUS_IS_OK(status)) {
683 DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
687 session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);
688 talloc_free(user_info_dc);
690 session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
691 if (session_info_npa == NULL) {
692 DEBUG(0, ("talloc failed\n"));
696 session_info_t->session_info = talloc_steal(session_info_t, session_info_npa);
699 subreq = tstream_npa_connect_send(talloc_tos(), ev,
702 remote_address, /* client_addr */
703 NULL, /* client_name */
704 local_address, /* server_addr */
705 NULL, /* server_name */
707 if (subreq == NULL) {
709 DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and "
710 "user %s\\%s failed\n",
711 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
712 session_info_t->session_info->info->account_name));
715 ok = tevent_req_poll(subreq, ev);
718 DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s "
719 "failed for tstream_npa_connect: %s\n",
720 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
721 session_info_t->session_info->info->account_name,
726 ret = tstream_npa_connect_recv(subreq, &sys_errno,
730 &result->device_state,
731 &result->allocation_size);
734 DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and "
735 "user %s\\%s failed: %s\n",
736 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name,
737 session_info_t->session_info->info->account_name,
738 strerror(sys_errno)));
749 static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx,
750 const char *pipe_name,
751 const struct ndr_syntax_id *abstract_syntax,
752 const struct auth_serversupplied_info *session_info,
753 struct rpc_pipe_client **_result)
755 struct tsocket_address *local, *remote;
756 struct rpc_pipe_client *result = NULL;
757 struct np_proxy_state *proxy_state = NULL;
758 struct pipe_auth_data *auth;
762 /* this is an internal connection, fake up ip addresses */
763 ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
766 return NT_STATUS_NO_MEMORY;
768 ret = tsocket_address_inet_from_strings(talloc_tos(), "ip",
771 return NT_STATUS_NO_MEMORY;
774 proxy_state = make_external_rpc_pipe_p(mem_ctx, pipe_name,
775 local, remote, session_info);
777 return NT_STATUS_UNSUCCESSFUL;
780 result = talloc_zero(mem_ctx, struct rpc_pipe_client);
781 if (result == NULL) {
782 status = NT_STATUS_NO_MEMORY;
786 result->abstract_syntax = *abstract_syntax;
787 result->transfer_syntax = ndr_transfer_syntax;
789 result->desthost = get_myname(result);
790 result->srv_name_slash = talloc_asprintf_strupper_m(
791 result, "\\\\%s", result->desthost);
792 if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
793 status = NT_STATUS_NO_MEMORY;
797 result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
798 result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
800 status = rpc_transport_tstream_init(result,
803 if (!NT_STATUS_IS_OK(status)) {
807 result->binding_handle = rpccli_bh_create(result);
808 if (result->binding_handle == NULL) {
809 status = NT_STATUS_NO_MEMORY;
810 DEBUG(0, ("Failed to create binding handle.\n"));
814 result->auth = talloc_zero(result, struct pipe_auth_data);
816 status = NT_STATUS_NO_MEMORY;
819 result->auth->auth_type = DCERPC_AUTH_TYPE_NONE;
820 result->auth->auth_level = DCERPC_AUTH_LEVEL_NONE;
822 status = rpccli_anon_bind_data(result, &auth);
823 if (!NT_STATUS_IS_OK(status)) {
824 DEBUG(0, ("Failed to initialize anonymous bind.\n"));
828 status = rpc_pipe_bind(result, auth);
829 if (!NT_STATUS_IS_OK(status)) {
830 DEBUG(0, ("Failed to bind external pipe.\n"));
835 if (!NT_STATUS_IS_OK(status)) {
838 TALLOC_FREE(proxy_state);
844 * @brief Create a new RPC client context which uses a local dispatch function
845 * or a remote transport, depending on rpc_server configuration for the
848 * @param[in] mem_ctx The memory context to use.
850 * @param[in] abstract_syntax Normally the syntax_id of the autogenerated
853 * @param[in] serversupplied_info The server supplied authentication function.
855 * @param[in] client_id The client address information.
857 * @param[in] msg_ctx The messaging context to use.
859 * @param[out] presult A pointer to store the connected rpc client pipe.
861 * @return NT_STATUS_OK on success, a corresponding NT status if an
865 * struct rpc_pipe_client *winreg_pipe;
868 * status = rpc_pipe_open_interface(tmp_ctx,
869 * &ndr_table_winreg.syntax_id,
876 NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx,
877 const struct ndr_syntax_id *syntax,
878 const struct auth_serversupplied_info *session_info,
879 struct client_address *client_id,
880 struct messaging_context *msg_ctx,
881 struct rpc_pipe_client **cli_pipe)
883 struct rpc_pipe_client *cli = NULL;
884 const char *server_type;
885 const char *pipe_name;
889 if (cli_pipe && rpccli_is_connected(*cli_pipe)) {
892 TALLOC_FREE(*cli_pipe);
895 tmp_ctx = talloc_stackframe();
896 if (tmp_ctx == NULL) {
897 return NT_STATUS_NO_MEMORY;
900 pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax);
901 if (pipe_name == NULL) {
902 status = NT_STATUS_INVALID_PARAMETER;
906 while (pipe_name[0] == '\\') {
910 DEBUG(5, ("Connecting to %s pipe.\n", pipe_name));
912 server_type = lp_parm_const_string(GLOBAL_SECTION_SNUM,
913 "rpc_server", pipe_name,
916 if (strcasecmp_m(server_type, "embedded") == 0) {
917 status = rpc_pipe_open_internal(tmp_ctx,
918 syntax, session_info,
921 if (!NT_STATUS_IS_OK(status)) {
924 } else if (strcasecmp_m(server_type, "daemon") == 0 ||
925 strcasecmp_m(server_type, "external") == 0) {
926 /* It would be nice to just use rpc_pipe_open_ncalrpc() but
927 * for now we need to use the special proxy setup to connect
930 status = rpc_pipe_open_external(tmp_ctx,
934 if (!NT_STATUS_IS_OK(status)) {
938 status = NT_STATUS_NOT_IMPLEMENTED;
939 DEBUG(0, ("Wrong servertype specified in config file: %s",
944 status = NT_STATUS_OK;
946 if (NT_STATUS_IS_OK(status)) {
947 *cli_pipe = talloc_move(mem_ctx, &cli);
949 TALLOC_FREE(tmp_ctx);