diff options
author | Samuel Cabrero <scabrero@samba.org> | 2019-10-03 19:38:31 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-10-18 16:07:37 +0000 |
commit | 491102b5b2ca56375d5a58e98f1c037298aa89f3 (patch) | |
tree | 786c403e6c48ff51c8582024b37997cf2aff8980 /source4 | |
parent | 076ec9173efc2b666be36630e38beab4624638a8 (diff) | |
download | samba-491102b5b2ca56375d5a58e98f1c037298aa89f3.tar.gz |
s4:rpc_server: Move core functions to core library
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 2779 | ||||
-rw-r--r-- | source4/rpc_server/dcesrv_auth.c | 664 | ||||
-rw-r--r-- | source4/rpc_server/dcesrv_mgmt.c | 125 | ||||
-rw-r--r-- | source4/rpc_server/dcesrv_reply.c | 261 | ||||
-rw-r--r-- | source4/rpc_server/wscript_build | 2 |
5 files changed, 2 insertions, 3829 deletions
diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 77dc81aeabc..ffdf34f02f8 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -24,28 +24,16 @@ #include "auth/auth.h" #include "auth/gensec/gensec.h" #include "auth/credentials/credentials.h" -#include "lib/util/dlinklist.h" #include "rpc_server/dcerpc_server.h" #include "rpc_server/dcerpc_server_proto.h" -#include "system/filesys.h" -#include "libcli/security/security.h" #include "param/param.h" -#include "lib/tsocket/tsocket.h" -#include "libcli/named_pipe_auth/npa_tstream.h" #include "smbd/service_stream.h" #include "lib/tsocket/tsocket.h" #include "lib/socket/socket.h" #include "smbd/process_model.h" -#include "lib/messaging/irpc.h" -#include "librpc/rpc/rpc_common.h" #include "lib/util/samba_modules.h" -#include "librpc/gen_ndr/ndr_dcerpc.h" #include "lib/util/tevent_ntstatus.h" -static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call, - const struct dcerpc_bind *b, - struct dcerpc_ack_ctx *ack_ctx_list); - /* take a reference to an existing association group */ @@ -110,7 +98,7 @@ static struct dcesrv_assoc_group *dcesrv_assoc_group_new(struct dcesrv_connectio if (assoc_group == NULL) { return NULL; } - + id = idr_get_new_random(dce_ctx->assoc_groups_idr, assoc_group, UINT16_MAX); if (id == -1) { talloc_free(assoc_group); @@ -174,2354 +162,6 @@ NTSTATUS dcesrv_assoc_group_find(struct dcesrv_call_state *call) return NT_STATUS_OK; } -/* - see if two endpoints match -*/ -static bool endpoints_match(const struct dcerpc_binding *ep1, - const struct dcerpc_binding *ep2) -{ - enum dcerpc_transport_t t1; - enum dcerpc_transport_t t2; - const char *e1; - const char *e2; - - t1 = dcerpc_binding_get_transport(ep1); - t2 = dcerpc_binding_get_transport(ep2); - - e1 = dcerpc_binding_get_string_option(ep1, "endpoint"); - e2 = dcerpc_binding_get_string_option(ep2, "endpoint"); - - if (t1 != t2) { - return false; - } - - if (!e1 || !e2) { - return e1 == e2; - } - - if (strcasecmp(e1, e2) != 0) { - return false; - } - - return true; -} - -/* - find an endpoint in the dcesrv_context -*/ -static struct dcesrv_endpoint *find_endpoint(struct dcesrv_context *dce_ctx, - const struct dcerpc_binding *ep_description) -{ - struct dcesrv_endpoint *ep; - for (ep=dce_ctx->endpoint_list; ep; ep=ep->next) { - if (endpoints_match(ep->ep_description, ep_description)) { - return ep; - } - } - return NULL; -} - -/* - find a registered context_id from a bind or alter_context -*/ -static struct dcesrv_connection_context *dcesrv_find_context(struct dcesrv_connection *conn, - uint16_t context_id) -{ - struct dcesrv_connection_context *c; - for (c=conn->contexts;c;c=c->next) { - if (c->context_id == context_id) return c; - } - return NULL; -} - -/* - see if a uuid and if_version match to an interface -*/ -static bool interface_match(const struct dcesrv_interface *if1, - const struct dcesrv_interface *if2) -{ - return (if1->syntax_id.if_version == if2->syntax_id.if_version && - GUID_equal(&if1->syntax_id.uuid, &if2->syntax_id.uuid)); -} - -/* - find the interface operations on any endpoint with this binding -*/ -static const struct dcesrv_interface *find_interface_by_binding(struct dcesrv_context *dce_ctx, - struct dcerpc_binding *binding, - const struct dcesrv_interface *iface) -{ - struct dcesrv_endpoint *ep; - for (ep=dce_ctx->endpoint_list; ep; ep=ep->next) { - if (endpoints_match(ep->ep_description, binding)) { - struct dcesrv_if_list *ifl; - for (ifl=ep->interface_list; ifl; ifl=ifl->next) { - if (interface_match(&(ifl->iface), iface)) { - return &(ifl->iface); - } - } - } - } - return NULL; -} - -/* - see if a uuid and if_version match to an interface -*/ -static bool interface_match_by_uuid(const struct dcesrv_interface *iface, - const struct GUID *uuid, uint32_t if_version) -{ - return (iface->syntax_id.if_version == if_version && - GUID_equal(&iface->syntax_id.uuid, uuid)); -} - -/* - find the interface operations on an endpoint by uuid -*/ -const struct dcesrv_interface *find_interface_by_uuid(const struct dcesrv_endpoint *endpoint, - const struct GUID *uuid, uint32_t if_version) -{ - struct dcesrv_if_list *ifl; - for (ifl=endpoint->interface_list; ifl; ifl=ifl->next) { - if (interface_match_by_uuid(&(ifl->iface), uuid, if_version)) { - return &(ifl->iface); - } - } - return NULL; -} - -/* - find the earlier parts of a fragmented call awaiting reassembily -*/ -static struct dcesrv_call_state *dcesrv_find_fragmented_call(struct dcesrv_connection *dce_conn, uint32_t call_id) -{ - struct dcesrv_call_state *c; - for (c=dce_conn->incoming_fragmented_call_list;c;c=c->next) { - if (c->pkt.call_id == call_id) { - return c; - } - } - return NULL; -} - -/* - register an interface on an endpoint - - An endpoint is one unix domain socket (for ncalrpc), one TCP port - (for ncacn_ip_tcp) or one (forwarded) named pipe (for ncacn_np). - - Each endpoint can have many interfaces such as netlogon, lsa or - samr. Some have essentially the full set. - - This is driven from the set of interfaces listed in each IDL file - via the PIDL generated *__op_init_server() functions. -*/ -_PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx, - const char *ep_name, - const char *ncacn_np_secondary_endpoint, - const struct dcesrv_interface *iface, - const struct security_descriptor *sd) -{ - struct dcesrv_endpoint *ep; - struct dcesrv_if_list *ifl; - struct dcerpc_binding *binding; - struct dcerpc_binding *binding2 = NULL; - bool add_ep = false; - NTSTATUS status; - enum dcerpc_transport_t transport; - char *ep_string = NULL; - bool use_single_process = true; - const char *ep_process_string; - - /* - * If we are not using handles, there is no need for force - * this service into using a single process. - * - * However, due to the way we listen for RPC packets, we can - * only do this if we have a single service per pipe or TCP - * port, so we still force a single combined process for - * ncalrpc. - */ - if (iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) { - use_single_process = false; - } - - status = dcerpc_parse_binding(dce_ctx, ep_name, &binding); - - if (NT_STATUS_IS_ERR(status)) { - DEBUG(0, ("Trouble parsing binding string '%s'\n", ep_name)); - return status; - } - - transport = dcerpc_binding_get_transport(binding); - if (transport == NCACN_IP_TCP) { - int port; - char port_str[6]; - - /* - * First check if there is already a port specified, eg - * for epmapper on ncacn_ip_tcp:[135] - */ - const char *endpoint - = dcerpc_binding_get_string_option(binding, - "endpoint"); - if (endpoint == NULL) { - port = lpcfg_parm_int(dce_ctx->lp_ctx, NULL, - "rpc server port", iface->name, 0); - - /* - * For RPC services that are not set to use a single - * process, we do not default to using the 'rpc server - * port' because that would cause a double-bind on - * that port. - */ - if (port == 0 && !use_single_process) { - port = lpcfg_rpc_server_port(dce_ctx->lp_ctx); - } - if (port != 0) { - snprintf(port_str, sizeof(port_str), "%u", port); - status = dcerpc_binding_set_string_option(binding, - "endpoint", - port_str); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - } - } - } - - if (transport == NCACN_NP && ncacn_np_secondary_endpoint != NULL) { - enum dcerpc_transport_t transport2; - - status = dcerpc_parse_binding(dce_ctx, - ncacn_np_secondary_endpoint, - &binding2); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Trouble parsing 2nd binding string '%s'\n", - ncacn_np_secondary_endpoint)); - return status; - } - - transport2 = dcerpc_binding_get_transport(binding2); - SMB_ASSERT(transport2 == transport); - } - - /* see if the interface is already registered on the endpoint */ - if (find_interface_by_binding(dce_ctx, binding, iface)!=NULL) { - DEBUG(0,("dcesrv_interface_register: interface '%s' already registered on endpoint '%s'\n", - iface->name, ep_name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } - - /* check if this endpoint exists - */ - ep = find_endpoint(dce_ctx, binding); - - if (ep != NULL) { - /* - * We want a new port on ncacn_ip_tcp for NETLOGON, so - * it can be multi-process. Other processes can also - * listen on distinct ports, if they have one forced - * in the code above with eg 'rpc server port:drsuapi = 1027' - * - * If we have mulitiple endpoints on port 0, they each - * get an epemeral port (currently by walking up from - * 1024). - * - * Because one endpoint can only have one process - * model, we add a new IP_TCP endpoint for each model. - * - * This works in conjunction with the forced overwrite - * of ep->use_single_process below. - */ - if (ep->use_single_process != use_single_process - && transport == NCACN_IP_TCP) { - add_ep = true; - } - } - - if (ep == NULL || add_ep) { - ep = talloc_zero(dce_ctx, struct dcesrv_endpoint); - if (!ep) { - return NT_STATUS_NO_MEMORY; - } - ZERO_STRUCTP(ep); - ep->ep_description = talloc_move(ep, &binding); - ep->ep_2nd_description = talloc_move(ep, &binding2); - add_ep = true; - - /* add mgmt interface */ - ifl = talloc_zero(ep, struct dcesrv_if_list); - if (!ifl) { - return NT_STATUS_NO_MEMORY; - } - - ifl->iface = dcesrv_get_mgmt_interface(); - - DLIST_ADD(ep->interface_list, ifl); - } - - /* - * By default don't force into a single process, but if any - * interface on this endpoint on this service uses handles - * (most do), then we must force into single process mode - * - * By overwriting this each time a new interface is added to - * this endpoint, we end up with the most restrictive setting. - */ - if (use_single_process) { - ep->use_single_process = true; - } - - /* talloc a new interface list element */ - ifl = talloc_zero(ep, struct dcesrv_if_list); - if (!ifl) { - return NT_STATUS_NO_MEMORY; - } - - /* copy the given interface struct to the one on the endpoints interface list */ - memcpy(&(ifl->iface),iface, sizeof(struct dcesrv_interface)); - - /* if we have a security descriptor given, - * we should see if we can set it up on the endpoint - */ - if (sd != NULL) { - /* if there's currently no security descriptor given on the endpoint - * we try to set it - */ - if (ep->sd == NULL) { - ep->sd = security_descriptor_copy(ep, sd); - } - - /* if now there's no security descriptor given on the endpoint - * something goes wrong, either we failed to copy the security descriptor - * or there was already one on the endpoint - */ - if (ep->sd != NULL) { - DEBUG(0,("dcesrv_interface_register: interface '%s' failed to setup a security descriptor\n" - " on endpoint '%s'\n", - iface->name, ep_name)); - if (add_ep) free(ep); - free(ifl); - return NT_STATUS_OBJECT_NAME_COLLISION; - } - } - - /* finally add the interface on the endpoint */ - DLIST_ADD(ep->interface_list, ifl); - - /* if it's a new endpoint add it to the dcesrv_context */ - if (add_ep) { - DLIST_ADD(dce_ctx->endpoint_list, ep); - } - - /* Re-get the string as we may have set a port */ - ep_string = dcerpc_binding_string(dce_ctx, ep->ep_description); - - if (use_single_process) { - ep_process_string = "single process required"; - } else { - ep_process_string = "multi process compatible"; - } - - DBG_INFO("Interface '%s' registered on endpoint '%s' (%s)\n", - iface->name, ep_string, ep_process_string); - TALLOC_FREE(ep_string); - - return NT_STATUS_OK; -} - -static NTSTATUS dcesrv_session_info_session_key(struct dcesrv_auth *auth, - DATA_BLOB *session_key) -{ - if (auth->session_info == NULL) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - if (auth->session_info->session_key.length == 0) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - *session_key = auth->session_info->session_key; - return NT_STATUS_OK; -} - -static NTSTATUS dcesrv_remote_session_key(struct dcesrv_auth *auth, - DATA_BLOB *session_key) -{ - if (auth->auth_type != DCERPC_AUTH_TYPE_NONE) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - return dcesrv_session_info_session_key(auth, session_key); -} - -static NTSTATUS dcesrv_local_fixed_session_key(struct dcesrv_auth *auth, - DATA_BLOB *session_key) -{ - return dcerpc_generic_session_key(session_key); -} - -/* - * Fetch the authentication session key if available. - * - * This is the key generated by a gensec authentication. - * - */ -_PUBLIC_ NTSTATUS dcesrv_auth_session_key(struct dcesrv_call_state *call, - DATA_BLOB *session_key) -{ - struct dcesrv_auth *auth = call->auth_state; - SMB_ASSERT(auth->auth_finished); - return dcesrv_session_info_session_key(auth, session_key); -} - -/* - * Fetch the transport session key if available. - * Typically this is the SMB session key - * or a fixed key for local transports. - * - * The key is always truncated to 16 bytes. -*/ -_PUBLIC_ NTSTATUS dcesrv_transport_session_key(struct dcesrv_call_state *call, - DATA_BLOB *session_key) -{ - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - SMB_ASSERT(auth->auth_finished); - - if (auth->session_key_fn == NULL) { - return NT_STATUS_NO_USER_SESSION_KEY; - } - - status = auth->session_key_fn(auth, session_key); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - session_key->length = MIN(session_key->length, 16); - - return NT_STATUS_OK; -} - -static struct dcesrv_auth *dcesrv_auth_create(struct dcesrv_connection *conn) -{ - const struct dcesrv_endpoint *ep = conn->endpoint; - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(ep->ep_description); - struct dcesrv_auth *auth = NULL; - - auth = talloc_zero(conn, struct dcesrv_auth); - if (auth == NULL) { - return NULL; - } - - switch (transport) { - case NCACN_NP: - auth->session_key_fn = dcesrv_remote_session_key; - break; - case NCALRPC: - case NCACN_UNIX_STREAM: - auth->session_key_fn = dcesrv_local_fixed_session_key; - break; - default: - /* - * All other's get a NULL pointer, which - * results in NT_STATUS_NO_USER_SESSION_KEY - */ - break; - } - - return auth; -} - -/* - connect to a dcerpc endpoint -*/ -_PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, - TALLOC_CTX *mem_ctx, - const struct dcesrv_endpoint *ep, - struct auth_session_info *session_info, - struct tevent_context *event_ctx, - uint32_t state_flags, - struct dcesrv_connection **_p) -{ - struct dcesrv_auth *auth = NULL; - struct dcesrv_connection *p; - - if (!session_info) { - return NT_STATUS_ACCESS_DENIED; - } - - p = talloc_zero(mem_ctx, struct dcesrv_connection); - NT_STATUS_HAVE_NO_MEMORY(p); - - p->dce_ctx = dce_ctx; - p->endpoint = ep; - p->packet_log_dir = lpcfg_lock_directory(dce_ctx->lp_ctx); - p->event_ctx = event_ctx; - p->state_flags = state_flags; - p->allow_bind = true; - p->max_recv_frag = 5840; - p->max_xmit_frag = 5840; - p->max_total_request_size = DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE; - - p->support_hdr_signing = lpcfg_parm_bool(dce_ctx->lp_ctx, - NULL, - "dcesrv", - "header signing", - true); - p->max_auth_states = lpcfg_parm_ulong(dce_ctx->lp_ctx, - NULL, - "dcesrv", - "max auth states", - 2049); - - auth = dcesrv_auth_create(p); - if (auth == NULL) { - talloc_free(p); - return NT_STATUS_NO_MEMORY; - } - - auth->session_info = talloc_reference(auth, session_info); - if (auth->session_info == NULL) { - talloc_free(p); - return NT_STATUS_NO_MEMORY; - } - - p->default_auth_state = auth; - - /* - * For now we only support NDR32. - */ - p->preferred_transfer = &ndr_transfer_syntax_ndr; - - *_p = p; - return NT_STATUS_OK; -} - -/* - move a call from an existing linked list to the specified list. This - prevents bugs where we forget to remove the call from a previous - list when moving it. - */ -static void dcesrv_call_set_list(struct dcesrv_call_state *call, - enum dcesrv_call_list list) -{ - switch (call->list) { - case DCESRV_LIST_NONE: - break; - case DCESRV_LIST_CALL_LIST: - DLIST_REMOVE(call->conn->call_list, call); - break; - case DCESRV_LIST_FRAGMENTED_CALL_LIST: - DLIST_REMOVE(call->conn->incoming_fragmented_call_list, call); - break; - case DCESRV_LIST_PENDING_CALL_LIST: - DLIST_REMOVE(call->conn->pending_call_list, call); - break; - } - call->list = list; - switch (list) { - case DCESRV_LIST_NONE: - break; - case DCESRV_LIST_CALL_LIST: - DLIST_ADD_END(call->conn->call_list, call); - break; - case DCESRV_LIST_FRAGMENTED_CALL_LIST: - DLIST_ADD_END(call->conn->incoming_fragmented_call_list, call); - break; - case DCESRV_LIST_PENDING_CALL_LIST: - DLIST_ADD_END(call->conn->pending_call_list, call); - break; - } -} - -static void dcesrv_call_disconnect_after(struct dcesrv_call_state *call, - const char *reason) -{ - struct dcesrv_auth *a = NULL; - - if (call->conn->terminate != NULL) { - return; - } - - call->conn->allow_bind = false; - call->conn->allow_alter = false; - - call->conn->default_auth_state->auth_invalid = true; - - for (a = call->conn->auth_states; a != NULL; a = a->next) { - a->auth_invalid = true; - } - - call->terminate_reason = talloc_strdup(call, reason); - if (call->terminate_reason == NULL) { - call->terminate_reason = __location__; - } -} - -/* - return a dcerpc bind_nak -*/ -static NTSTATUS dcesrv_bind_nak(struct dcesrv_call_state *call, uint32_t reason) -{ - struct ncacn_packet pkt; - struct dcerpc_bind_nak_version version; - struct data_blob_list_item *rep; - NTSTATUS status; - static const uint8_t _pad[3] = { 0, }; - - /* - * We add the call to the pending_call_list - * in order to defer the termination. - */ - dcesrv_call_disconnect_after(call, "dcesrv_bind_nak"); - - /* setup a bind_nak */ - dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); - pkt.auth_length = 0; - pkt.call_id = call->pkt.call_id; - pkt.ptype = DCERPC_PKT_BIND_NAK; - pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; - pkt.u.bind_nak.reject_reason = reason; - version.rpc_vers = 5; - version.rpc_vers_minor = 0; - pkt.u.bind_nak.num_versions = 1; - pkt.u.bind_nak.versions = &version; - pkt.u.bind_nak._pad = data_blob_const(_pad, sizeof(_pad)); - - rep = talloc_zero(call, struct data_blob_list_item); - if (!rep) { - return NT_STATUS_NO_MEMORY; - } - - status = dcerpc_ncacn_push_auth(&rep->blob, call, &pkt, NULL); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - dcerpc_set_frag_length(&rep->blob, rep->blob.length); - - DLIST_ADD_END(call->replies, rep); - dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST); - - if (call->conn->call_list && call->conn->call_list->replies) { - if (call->conn->transport.report_output_data) { - call->conn->transport.report_output_data(call->conn); - } - } - - return NT_STATUS_OK; -} - -static NTSTATUS dcesrv_fault_disconnect(struct dcesrv_call_state *call, - uint32_t fault_code) -{ - /* - * We add the call to the pending_call_list - * in order to defer the termination. - */ - dcesrv_call_disconnect_after(call, "dcesrv_fault_disconnect"); - - return dcesrv_fault_with_flags(call, fault_code, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); -} - -static int dcesrv_connection_context_destructor(struct dcesrv_connection_context *c) -{ - DLIST_REMOVE(c->conn->contexts, c); - - if (c->iface && c->iface->unbind) { - c->iface->unbind(c, c->iface); - c->iface = NULL; - } - - return 0; -} - -static void dcesrv_prepare_context_auth(struct dcesrv_call_state *dce_call) -{ - struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; - const struct dcesrv_endpoint *endpoint = dce_call->conn->endpoint; - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(endpoint->ep_description); - struct dcesrv_connection_context *context = dce_call->context; - const struct dcesrv_interface *iface = context->iface; - - context->min_auth_level = DCERPC_AUTH_LEVEL_NONE; - - if (transport == NCALRPC) { - context->allow_connect = true; - return; - } - - /* - * allow overwrite per interface - * allow dcerpc auth level connect:<interface> - */ - context->allow_connect = lpcfg_allow_dcerpc_auth_level_connect(lp_ctx); - context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL, - "allow dcerpc auth level connect", - iface->name, - context->allow_connect); -} - -NTSTATUS dcesrv_interface_bind_require_integrity(struct dcesrv_connection_context *context, - const struct dcesrv_interface *iface) -{ - /* - * For connection oriented DCERPC DCERPC_AUTH_LEVEL_PACKET (4) - * has the same behavior as DCERPC_AUTH_LEVEL_INTEGRITY (5). - */ - context->min_auth_level = DCERPC_AUTH_LEVEL_PACKET; - return NT_STATUS_OK; -} - -NTSTATUS dcesrv_interface_bind_require_privacy(struct dcesrv_connection_context *context, - const struct dcesrv_interface *iface) -{ - context->min_auth_level = DCERPC_AUTH_LEVEL_PRIVACY; - return NT_STATUS_OK; -} - -_PUBLIC_ NTSTATUS dcesrv_interface_bind_reject_connect(struct dcesrv_connection_context *context, - const struct dcesrv_interface *iface) -{ - struct loadparm_context *lp_ctx = context->conn->dce_ctx->lp_ctx; - const struct dcesrv_endpoint *endpoint = context->conn->endpoint; - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(endpoint->ep_description); - - if (transport == NCALRPC) { - context->allow_connect = true; - return NT_STATUS_OK; - } - - /* - * allow overwrite per interface - * allow dcerpc auth level connect:<interface> - */ - context->allow_connect = false; - context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL, - "allow dcerpc auth level connect", - iface->name, - context->allow_connect); - return NT_STATUS_OK; -} - -_PUBLIC_ NTSTATUS dcesrv_interface_bind_allow_connect(struct dcesrv_connection_context *context, - const struct dcesrv_interface *iface) -{ - struct loadparm_context *lp_ctx = context->conn->dce_ctx->lp_ctx; - const struct dcesrv_endpoint *endpoint = context->conn->endpoint; - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(endpoint->ep_description); - - if (transport == NCALRPC) { - context->allow_connect = true; - return NT_STATUS_OK; - } - - /* - * allow overwrite per interface - * allow dcerpc auth level connect:<interface> - */ - context->allow_connect = true; - context->allow_connect = lpcfg_parm_bool(lp_ctx, NULL, - "allow dcerpc auth level connect", - iface->name, - context->allow_connect); - return NT_STATUS_OK; -} - -struct dcesrv_conn_auth_wait_context { - struct tevent_req *req; - bool done; - NTSTATUS status; -}; - -struct dcesrv_conn_auth_wait_state { - uint8_t dummy; -}; - -static struct tevent_req *dcesrv_conn_auth_wait_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - void *private_data) -{ - struct dcesrv_conn_auth_wait_context *auth_wait = - talloc_get_type_abort(private_data, - struct dcesrv_conn_auth_wait_context); - struct tevent_req *req = NULL; - struct dcesrv_conn_auth_wait_state *state = NULL; - - req = tevent_req_create(mem_ctx, &state, - struct dcesrv_conn_auth_wait_state); - if (req == NULL) { - return NULL; - } - auth_wait->req = req; - - tevent_req_defer_callback(req, ev); - - if (!auth_wait->done) { - return req; - } - - if (tevent_req_nterror(req, auth_wait->status)) { - return tevent_req_post(req, ev); - } - - tevent_req_done(req); - return tevent_req_post(req, ev); -} - -static NTSTATUS dcesrv_conn_auth_wait_recv(struct tevent_req *req) -{ - return tevent_req_simple_recv_ntstatus(req); -} - -static NTSTATUS dcesrv_conn_auth_wait_setup(struct dcesrv_connection *conn) -{ - struct dcesrv_conn_auth_wait_context *auth_wait = NULL; - - if (conn->wait_send != NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - auth_wait = talloc_zero(conn, struct dcesrv_conn_auth_wait_context); - if (auth_wait == NULL) { - return NT_STATUS_NO_MEMORY; - } - - conn->wait_private = auth_wait; - conn->wait_send = dcesrv_conn_auth_wait_send; - conn->wait_recv = dcesrv_conn_auth_wait_recv; - return NT_STATUS_OK; -} - -static void dcesrv_conn_auth_wait_finished(struct dcesrv_connection *conn, - NTSTATUS status) -{ - struct dcesrv_conn_auth_wait_context *auth_wait = - talloc_get_type_abort(conn->wait_private, - struct dcesrv_conn_auth_wait_context); - - auth_wait->done = true; - auth_wait->status = status; - - if (auth_wait->req == NULL) { - return; - } - - if (tevent_req_nterror(auth_wait->req, status)) { - return; - } - - tevent_req_done(auth_wait->req); -} - -static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call); - -static void dcesrv_bind_done(struct tevent_req *subreq); - -/* - handle a bind request -*/ -static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) -{ - struct dcesrv_connection *conn = call->conn; - struct ncacn_packet *pkt = &call->ack_pkt; - NTSTATUS status; - uint32_t extra_flags = 0; - uint16_t max_req = 0; - uint16_t max_rep = 0; - struct dcerpc_binding *ep_2nd_description = NULL; - const char *endpoint = NULL; - struct dcesrv_auth *auth = call->auth_state; - struct dcerpc_ack_ctx *ack_ctx_list = NULL; - struct dcerpc_ack_ctx *ack_features = NULL; - struct tevent_req *subreq = NULL; - size_t i; - - status = dcerpc_verify_ncacn_packet_header(&call->pkt, - DCERPC_PKT_BIND, - call->pkt.u.bind.auth_info.length, - 0, /* required flags */ - DCERPC_PFC_FLAG_FIRST | - DCERPC_PFC_FLAG_LAST | - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | - 0x08 | /* this is not defined, but should be ignored */ - DCERPC_PFC_FLAG_CONC_MPX | - DCERPC_PFC_FLAG_DID_NOT_EXECUTE | - DCERPC_PFC_FLAG_MAYBE | - DCERPC_PFC_FLAG_OBJECT_UUID); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_bind_nak(call, - DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED); - } - - /* max_recv_frag and max_xmit_frag result always in the same value! */ - max_req = MIN(call->pkt.u.bind.max_xmit_frag, - call->pkt.u.bind.max_recv_frag); - /* - * The values are between 2048 and 5840 tested against Windows 2012R2 - * via ncacn_ip_tcp on port 135. - */ - max_req = MAX(2048, max_req); - max_rep = MIN(max_req, call->conn->max_recv_frag); - /* They are truncated to an 8 byte boundary. */ - max_rep &= 0xFFF8; - - /* max_recv_frag and max_xmit_frag result always in the same value! */ - call->conn->max_recv_frag = max_rep; - call->conn->max_xmit_frag = max_rep; - - status = call->conn->dce_ctx->callbacks.assoc_group.find(call); - if (!NT_STATUS_IS_OK(status)) { - DBG_NOTICE("Failed to find assoc_group 0x%08x: %s\n", - call->pkt.u.bind.assoc_group_id, nt_errstr(status)); - return dcesrv_bind_nak(call, 0); - } - - if (call->pkt.u.bind.num_contexts < 1) { - return dcesrv_bind_nak(call, 0); - } - - ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx, - call->pkt.u.bind.num_contexts); - if (ack_ctx_list == NULL) { - return dcesrv_bind_nak(call, 0); - } - - /* - * Set some sane defaults (required by dcesrv_negotiate_contexts()/ - * dcesrv_check_or_create_context()) and do some protocol validation - * and set sane defaults. - */ - for (i = 0; i < call->pkt.u.bind.num_contexts; i++) { - const struct dcerpc_ctx_list *c = &call->pkt.u.bind.ctx_list[i]; - struct dcerpc_ack_ctx *a = &ack_ctx_list[i]; - bool is_feature = false; - uint64_t features = 0; - - if (c->num_transfer_syntaxes == 0) { - return dcesrv_bind_nak(call, 0); - } - - a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION; - a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED; - - /* - * It's only treated as bind time feature request, if the first - * transfer_syntax matches, all others are ignored. - */ - is_feature = dcerpc_extract_bind_time_features(c->transfer_syntaxes[0], - &features); - if (!is_feature) { - continue; - } - - if (ack_features != NULL) { - /* - * Only one bind time feature context is allowed. - */ - return dcesrv_bind_nak(call, 0); - } - ack_features = a; - - a->result = DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK; - a->reason.negotiate = 0; - if (features & DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING) { - if (call->conn->max_auth_states != 0) { - a->reason.negotiate |= - DCERPC_BIND_TIME_SECURITY_CONTEXT_MULTIPLEXING; - } - } - if (features & DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN) { - a->reason.negotiate |= - DCERPC_BIND_TIME_KEEP_CONNECTION_ON_ORPHAN; - } - - call->conn->assoc_group->bind_time_features = a->reason.negotiate; - } - - /* - * Try to negotiate one new presentation context. - * - * Deep in here we locate the iface (by uuid) that the client - * requested, from the list of interfaces on the - * call->conn->endpoint, and call iface->bind() on that iface. - * - * call->conn was set up at the accept() of the socket, and - * call->conn->endpoint has a list of interfaces restricted to - * this port or pipe. - */ - status = dcesrv_negotiate_contexts(call, &call->pkt.u.bind, ack_ctx_list); - if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { - return dcesrv_bind_nak(call, 0); - } - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* - * At this point we still don't know which interface (eg - * netlogon, lsa, drsuapi) the caller requested in this bind! - * The most recently added context is available as the first - * element in the linked list at call->conn->contexts, that is - * call->conn->contexts->iface, but they may not have - * requested one at all! - */ - - if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) && - (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED; - extra_flags |= DCERPC_PFC_FLAG_CONC_MPX; - } - - if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) { - call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL; - } - - /* - * After finding the interface and setting up the NDR - * transport negotiation etc, handle any authentication that - * is being requested. - */ - if (!dcesrv_auth_bind(call)) { - - if (auth->auth_level == DCERPC_AUTH_LEVEL_NONE) { - /* - * With DCERPC_AUTH_LEVEL_NONE, we get the - * reject_reason in auth->auth_context_id. - */ - return dcesrv_bind_nak(call, auth->auth_context_id); - } - - /* - * This must a be a temporary failure e.g. talloc or invalid - * configuration, e.g. no machine account. - */ - return dcesrv_bind_nak(call, - DCERPC_BIND_NAK_REASON_TEMPORARY_CONGESTION); - } - - /* setup a bind_ack */ - dcesrv_init_hdr(pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); - pkt->auth_length = 0; - pkt->call_id = call->pkt.call_id; - pkt->ptype = DCERPC_PKT_BIND_ACK; - pkt->pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags; - pkt->u.bind_ack.max_xmit_frag = call->conn->max_xmit_frag; - pkt->u.bind_ack.max_recv_frag = call->conn->max_recv_frag; - pkt->u.bind_ack.assoc_group_id = call->conn->assoc_group->id; - - ep_2nd_description = call->conn->endpoint->ep_2nd_description; - if (ep_2nd_description == NULL) { - ep_2nd_description = call->conn->endpoint->ep_description; - } - - endpoint = dcerpc_binding_get_string_option( - ep_2nd_description, - "endpoint"); - if (endpoint == NULL) { - endpoint = ""; - } - - pkt->u.bind_ack.secondary_address = endpoint; - pkt->u.bind_ack.num_results = call->pkt.u.bind.num_contexts; - pkt->u.bind_ack.ctx_list = ack_ctx_list; - pkt->u.bind_ack.auth_info = data_blob_null; - - status = dcesrv_auth_prepare_bind_ack(call, pkt); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_bind_nak(call, 0); - } - - if (auth->auth_finished) { - return dcesrv_auth_reply(call); - } - - subreq = gensec_update_send(call, call->event_ctx, - auth->gensec_security, - call->in_auth_info.credentials); - if (subreq == NULL) { - return NT_STATUS_NO_MEMORY; - } - tevent_req_set_callback(subreq, dcesrv_bind_done, call); - - return dcesrv_conn_auth_wait_setup(conn); -} - -static void dcesrv_bind_done(struct tevent_req *subreq) -{ - struct dcesrv_call_state *call = - tevent_req_callback_data(subreq, - struct dcesrv_call_state); - struct dcesrv_connection *conn = call->conn; - NTSTATUS status; - - status = gensec_update_recv(subreq, call, - &call->out_auth_info->credentials); - TALLOC_FREE(subreq); - - status = dcesrv_auth_complete(call, status); - if (!NT_STATUS_IS_OK(status)) { - status = dcesrv_bind_nak(call, 0); - dcesrv_conn_auth_wait_finished(conn, status); - return; - } - - status = dcesrv_auth_reply(call); - dcesrv_conn_auth_wait_finished(conn, status); - return; -} - -static NTSTATUS dcesrv_auth_reply(struct dcesrv_call_state *call) -{ - struct ncacn_packet *pkt = &call->ack_pkt; - struct data_blob_list_item *rep = NULL; - NTSTATUS status; - - rep = talloc_zero(call, struct data_blob_list_item); - if (!rep) { - return NT_STATUS_NO_MEMORY; - } - - status = dcerpc_ncacn_push_auth(&rep->blob, - call, - pkt, - call->out_auth_info); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - dcerpc_set_frag_length(&rep->blob, rep->blob.length); - - DLIST_ADD_END(call->replies, rep); - dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST); - - if (call->conn->call_list && call->conn->call_list->replies) { - if (call->conn->transport.report_output_data) { - call->conn->transport.report_output_data(call->conn); - } - } - - return NT_STATUS_OK; -} - - -static void dcesrv_auth3_done(struct tevent_req *subreq); - -/* - handle a auth3 request -*/ -static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call) -{ - struct dcesrv_connection *conn = call->conn; - struct dcesrv_auth *auth = call->auth_state; - struct tevent_req *subreq = NULL; - NTSTATUS status; - - if (!auth->auth_started) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - if (auth->auth_finished) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - status = dcerpc_verify_ncacn_packet_header(&call->pkt, - DCERPC_PKT_AUTH3, - call->pkt.u.auth3.auth_info.length, - 0, /* required flags */ - DCERPC_PFC_FLAG_FIRST | - DCERPC_PFC_FLAG_LAST | - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | - 0x08 | /* this is not defined, but should be ignored */ - DCERPC_PFC_FLAG_CONC_MPX | - DCERPC_PFC_FLAG_DID_NOT_EXECUTE | - DCERPC_PFC_FLAG_MAYBE | - DCERPC_PFC_FLAG_OBJECT_UUID); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - /* handle the auth3 in the auth code */ - if (!dcesrv_auth_prepare_auth3(call)) { - /* - * we don't send a reply to a auth3 request, - * except by a fault. - * - * In anycase we mark the connection as - * invalid. - */ - auth->auth_invalid = true; - if (call->fault_code != 0) { - return dcesrv_fault_disconnect(call, call->fault_code); - } - TALLOC_FREE(call); - return NT_STATUS_OK; - } - - subreq = gensec_update_send(call, call->event_ctx, - auth->gensec_security, - call->in_auth_info.credentials); - if (subreq == NULL) { - return NT_STATUS_NO_MEMORY; - } - tevent_req_set_callback(subreq, dcesrv_auth3_done, call); - - return dcesrv_conn_auth_wait_setup(conn); -} - -static void dcesrv_auth3_done(struct tevent_req *subreq) -{ - struct dcesrv_call_state *call = - tevent_req_callback_data(subreq, - struct dcesrv_call_state); - struct dcesrv_connection *conn = call->conn; - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - status = gensec_update_recv(subreq, call, - &call->out_auth_info->credentials); - TALLOC_FREE(subreq); - - status = dcesrv_auth_complete(call, status); - if (!NT_STATUS_IS_OK(status)) { - /* - * we don't send a reply to a auth3 request, - * except by a fault. - * - * In anycase we mark the connection as - * invalid. - */ - auth->auth_invalid = true; - if (call->fault_code != 0) { - status = dcesrv_fault_disconnect(call, call->fault_code); - dcesrv_conn_auth_wait_finished(conn, status); - return; - } - TALLOC_FREE(call); - dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK); - return; - } - - /* - * we don't send a reply to a auth3 request. - */ - TALLOC_FREE(call); - dcesrv_conn_auth_wait_finished(conn, NT_STATUS_OK); - return; -} - - -static NTSTATUS dcesrv_check_or_create_context(struct dcesrv_call_state *call, - const struct dcerpc_bind *b, - const struct dcerpc_ctx_list *ctx, - struct dcerpc_ack_ctx *ack, - bool validate_only, - const struct ndr_syntax_id *supported_transfer) -{ - uint32_t if_version; - struct dcesrv_connection_context *context; - const struct dcesrv_interface *iface; - struct GUID uuid; - NTSTATUS status; - const struct ndr_syntax_id *selected_transfer = NULL; - size_t i; - bool ok; - - if (b == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - if (ctx == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - if (ctx->num_transfer_syntaxes < 1) { - return NT_STATUS_INTERNAL_ERROR; - } - if (ack == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - if (supported_transfer == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - switch (ack->result) { - case DCERPC_BIND_ACK_RESULT_ACCEPTANCE: - case DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK: - /* - * We is already completed. - */ - return NT_STATUS_OK; - default: - break; - } - - ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION; - ack->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED; - - if_version = ctx->abstract_syntax.if_version; - uuid = ctx->abstract_syntax.uuid; - - iface = find_interface_by_uuid(call->conn->endpoint, &uuid, if_version); - if (iface == NULL) { - char *uuid_str = GUID_string(call, &uuid); - DEBUG(2,("Request for unknown dcerpc interface %s/%d\n", uuid_str, if_version)); - talloc_free(uuid_str); - /* - * We report this only via ack->result - */ - return NT_STATUS_OK; - } - - ack->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION; - ack->reason.value = DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED; - - if (validate_only) { - /* - * We report this only via ack->result - */ - return NT_STATUS_OK; - } - - for (i = 0; i < ctx->num_transfer_syntaxes; i++) { - /* - * we only do NDR encoded dcerpc for now. - */ - ok = ndr_syntax_id_equal(&ctx->transfer_syntaxes[i], - supported_transfer); - if (ok) { - selected_transfer = supported_transfer; - break; - } - } - - context = dcesrv_find_context(call->conn, ctx->context_id); - if (context != NULL) { - ok = ndr_syntax_id_equal(&context->iface->syntax_id, - &ctx->abstract_syntax); - if (!ok) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - if (selected_transfer != NULL) { - ok = ndr_syntax_id_equal(&context->transfer_syntax, - selected_transfer); - if (!ok) { - return NT_STATUS_RPC_PROTOCOL_ERROR; - } - - ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE; - ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED; - ack->syntax = context->transfer_syntax; - } - - /* - * We report this only via ack->result - */ - return NT_STATUS_OK; - } - - if (selected_transfer == NULL) { - /* - * We report this only via ack->result - */ - return NT_STATUS_OK; - } - - ack->result = DCERPC_BIND_ACK_RESULT_USER_REJECTION; - ack->reason.value = DCERPC_BIND_ACK_REASON_LOCAL_LIMIT_EXCEEDED; - - /* add this context to the list of available context_ids */ - context = talloc_zero(call->conn, struct dcesrv_connection_context); - if (context == NULL) { - return NT_STATUS_NO_MEMORY; - } - context->conn = call->conn; - context->context_id = ctx->context_id; - context->iface = iface; - context->transfer_syntax = *selected_transfer; - DLIST_ADD(call->conn->contexts, context); - call->context = context; - talloc_set_destructor(context, dcesrv_connection_context_destructor); - - dcesrv_prepare_context_auth(call); - - /* - * Multiplex is supported by default - */ - call->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED; - - status = iface->bind(context, iface); - call->context = NULL; - if (!NT_STATUS_IS_OK(status)) { - /* we don't want to trigger the iface->unbind() hook */ - context->iface = NULL; - talloc_free(context); - /* - * We report this only via ack->result - */ - return NT_STATUS_OK; - } - - ack->result = DCERPC_BIND_ACK_RESULT_ACCEPTANCE; - ack->reason.value = DCERPC_BIND_ACK_REASON_NOT_SPECIFIED; - ack->syntax = context->transfer_syntax; - return NT_STATUS_OK; -} - -static NTSTATUS dcesrv_negotiate_contexts(struct dcesrv_call_state *call, - const struct dcerpc_bind *b, - struct dcerpc_ack_ctx *ack_ctx_list) -{ - NTSTATUS status; - size_t i; - bool validate_only = false; - bool preferred_ndr32; - - /* - * Try to negotiate one new presentation context, - * using our preferred transfer syntax. - */ - for (i = 0; i < b->num_contexts; i++) { - const struct dcerpc_ctx_list *c = &b->ctx_list[i]; - struct dcerpc_ack_ctx *a = &ack_ctx_list[i]; - - status = dcesrv_check_or_create_context(call, b, c, a, - validate_only, - call->conn->preferred_transfer); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) { - /* - * We managed to negotiate one context. - * - * => we're done. - */ - validate_only = true; - } - } - - preferred_ndr32 = ndr_syntax_id_equal(&ndr_transfer_syntax_ndr, - call->conn->preferred_transfer); - if (preferred_ndr32) { - /* - * We're done. - */ - return NT_STATUS_OK; - } - - /* - * Try to negotiate one new presentation context, - * using NDR 32 as fallback. - */ - for (i = 0; i < b->num_contexts; i++) { - const struct dcerpc_ctx_list *c = &b->ctx_list[i]; - struct dcerpc_ack_ctx *a = &ack_ctx_list[i]; - - status = dcesrv_check_or_create_context(call, b, c, a, - validate_only, - &ndr_transfer_syntax_ndr); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (a->result == DCERPC_BIND_ACK_RESULT_ACCEPTANCE) { - /* - * We managed to negotiate one context. - * - * => we're done. - */ - validate_only = true; - } - } - - return NT_STATUS_OK; -} - -static void dcesrv_alter_done(struct tevent_req *subreq); - -/* - handle a alter context request -*/ -static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call) -{ - struct dcesrv_connection *conn = call->conn; - NTSTATUS status; - bool auth_ok = false; - struct ncacn_packet *pkt = &call->ack_pkt; - uint32_t extra_flags = 0; - struct dcesrv_auth *auth = call->auth_state; - struct dcerpc_ack_ctx *ack_ctx_list = NULL; - struct tevent_req *subreq = NULL; - size_t i; - - if (!call->conn->allow_alter) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - status = dcerpc_verify_ncacn_packet_header(&call->pkt, - DCERPC_PKT_ALTER, - call->pkt.u.alter.auth_info.length, - 0, /* required flags */ - DCERPC_PFC_FLAG_FIRST | - DCERPC_PFC_FLAG_LAST | - DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN | - 0x08 | /* this is not defined, but should be ignored */ - DCERPC_PFC_FLAG_CONC_MPX | - DCERPC_PFC_FLAG_DID_NOT_EXECUTE | - DCERPC_PFC_FLAG_MAYBE | - DCERPC_PFC_FLAG_OBJECT_UUID); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - auth_ok = dcesrv_auth_alter(call); - if (!auth_ok) { - if (call->fault_code != 0) { - return dcesrv_fault_disconnect(call, call->fault_code); - } - } - - if (call->pkt.u.alter.num_contexts < 1) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - ack_ctx_list = talloc_zero_array(call, struct dcerpc_ack_ctx, - call->pkt.u.alter.num_contexts); - if (ack_ctx_list == NULL) { - return NT_STATUS_NO_MEMORY; - } - - /* - * Set some sane defaults (required by dcesrv_negotiate_contexts()/ - * dcesrv_check_or_create_context()) and do some protocol validation - * and set sane defaults. - */ - for (i = 0; i < call->pkt.u.alter.num_contexts; i++) { - const struct dcerpc_ctx_list *c = &call->pkt.u.alter.ctx_list[i]; - struct dcerpc_ack_ctx *a = &ack_ctx_list[i]; - - if (c->num_transfer_syntaxes == 0) { - return dcesrv_fault_disconnect(call, - DCERPC_NCA_S_PROTO_ERROR); - } - - a->result = DCERPC_BIND_ACK_RESULT_PROVIDER_REJECTION; - a->reason.value = DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED; - } - - /* - * Try to negotiate one new presentation context. - */ - status = dcesrv_negotiate_contexts(call, &call->pkt.u.alter, ack_ctx_list); - if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if ((call->pkt.pfc_flags & DCERPC_PFC_FLAG_CONC_MPX) && - (call->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_MULTIPLEXED; - extra_flags |= DCERPC_PFC_FLAG_CONC_MPX; - } - - if (call->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) { - call->conn->state_flags |= DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL; - } - - /* handle any authentication that is being requested */ - if (!auth_ok) { - if (call->in_auth_info.auth_type != auth->auth_type) { - return dcesrv_fault_disconnect(call, - DCERPC_FAULT_SEC_PKG_ERROR); - } - return dcesrv_fault_disconnect(call, DCERPC_FAULT_ACCESS_DENIED); - } - - dcesrv_init_hdr(pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); - pkt->auth_length = 0; - pkt->call_id = call->pkt.call_id; - pkt->ptype = DCERPC_PKT_ALTER_RESP; - pkt->pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags; - pkt->u.alter_resp.max_xmit_frag = call->conn->max_xmit_frag; - pkt->u.alter_resp.max_recv_frag = call->conn->max_recv_frag; - pkt->u.alter_resp.assoc_group_id = call->conn->assoc_group->id; - pkt->u.alter_resp.secondary_address = ""; - pkt->u.alter_resp.num_results = call->pkt.u.alter.num_contexts; - pkt->u.alter_resp.ctx_list = ack_ctx_list; - pkt->u.alter_resp.auth_info = data_blob_null; - - status = dcesrv_auth_prepare_alter_ack(call, pkt); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR); - } - - if (auth->auth_finished) { - return dcesrv_auth_reply(call); - } - - subreq = gensec_update_send(call, call->event_ctx, - auth->gensec_security, - call->in_auth_info.credentials); - if (subreq == NULL) { - return NT_STATUS_NO_MEMORY; - } - tevent_req_set_callback(subreq, dcesrv_alter_done, call); - - return dcesrv_conn_auth_wait_setup(conn); -} - -static void dcesrv_alter_done(struct tevent_req *subreq) -{ - struct dcesrv_call_state *call = - tevent_req_callback_data(subreq, - struct dcesrv_call_state); - struct dcesrv_connection *conn = call->conn; - NTSTATUS status; - - status = gensec_update_recv(subreq, call, - &call->out_auth_info->credentials); - TALLOC_FREE(subreq); - - status = dcesrv_auth_complete(call, status); - if (!NT_STATUS_IS_OK(status)) { - status = dcesrv_fault_disconnect(call, DCERPC_FAULT_SEC_PKG_ERROR); - dcesrv_conn_auth_wait_finished(conn, status); - return; - } - - status = dcesrv_auth_reply(call); - dcesrv_conn_auth_wait_finished(conn, status); - return; -} - -/* - possibly save the call for inspection with ndrdump - */ -static void dcesrv_save_call(struct dcesrv_call_state *call, const char *why) -{ -#ifdef DEVELOPER - char *fname; - const char *dump_dir; - dump_dir = lpcfg_parm_string(call->conn->dce_ctx->lp_ctx, NULL, "dcesrv", "stubs directory"); - if (!dump_dir) { - return; - } - fname = talloc_asprintf(call, "%s/RPC-%s-%u-%s.dat", - dump_dir, - call->context->iface->name, - call->pkt.u.request.opnum, - why); - if (file_save(fname, call->pkt.u.request.stub_and_verifier.data, call->pkt.u.request.stub_and_verifier.length)) { - DEBUG(0,("RPC SAVED %s\n", fname)); - } - talloc_free(fname); -#endif -} - -static NTSTATUS dcesrv_check_verification_trailer(struct dcesrv_call_state *call) -{ - TALLOC_CTX *frame = talloc_stackframe(); - const uint32_t bitmask1 = call->conn->client_hdr_signing ? - DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING : 0; - const struct dcerpc_sec_vt_pcontext pcontext = { - .abstract_syntax = call->context->iface->syntax_id, - .transfer_syntax = call->context->transfer_syntax, - }; - const struct dcerpc_sec_vt_header2 header2 = - dcerpc_sec_vt_header2_from_ncacn_packet(&call->pkt); - enum ndr_err_code ndr_err; - struct dcerpc_sec_verification_trailer *vt = NULL; - NTSTATUS status = NT_STATUS_OK; - bool ok; - - SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_REQUEST); - - ndr_err = ndr_pop_dcerpc_sec_verification_trailer(call->ndr_pull, - frame, &vt); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - status = ndr_map_error2ntstatus(ndr_err); - goto done; - } - - ok = dcerpc_sec_verification_trailer_check(vt, &bitmask1, - &pcontext, &header2); - if (!ok) { - status = NT_STATUS_ACCESS_DENIED; - goto done; - } -done: - TALLOC_FREE(frame); - return status; -} - -/* - handle a dcerpc request packet -*/ -static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) -{ - const struct dcesrv_endpoint *endpoint = call->conn->endpoint; - struct dcesrv_auth *auth = call->auth_state; - enum dcerpc_transport_t transport = - dcerpc_binding_get_transport(endpoint->ep_description); - struct ndr_pull *pull; - NTSTATUS status; - - if (!auth->auth_finished) { - return dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - } - - /* if authenticated, and the mech we use can't do async replies, don't use them... */ - if (auth->gensec_security != NULL && - !gensec_have_feature(auth->gensec_security, GENSEC_FEATURE_ASYNC_REPLIES)) { - call->state_flags &= ~DCESRV_CALL_STATE_FLAG_MAY_ASYNC; - } - - if (call->context == NULL) { - return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); - } - - switch (auth->auth_level) { - case DCERPC_AUTH_LEVEL_NONE: - case DCERPC_AUTH_LEVEL_PACKET: - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PRIVACY: - break; - default: - if (!call->context->allow_connect) { - char *addr; - - addr = tsocket_address_string(call->conn->remote_address, - call); - - DEBUG(2, ("%s: restrict auth_level_connect access " - "to [%s] with auth[type=0x%x,level=0x%x] " - "on [%s] from [%s]\n", - __func__, call->context->iface->name, - auth->auth_type, - auth->auth_level, - derpc_transport_string_by_transport(transport), - addr)); - return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); - } - break; - } - - if (auth->auth_level < call->context->min_auth_level) { - char *addr; - - addr = tsocket_address_string(call->conn->remote_address, call); - - DEBUG(2, ("%s: restrict access by min_auth_level[0x%x] " - "to [%s] with auth[type=0x%x,level=0x%x] " - "on [%s] from [%s]\n", - __func__, - call->context->min_auth_level, - call->context->iface->name, - auth->auth_type, - auth->auth_level, - derpc_transport_string_by_transport(transport), - addr)); - return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); - } - - pull = ndr_pull_init_blob(&call->pkt.u.request.stub_and_verifier, call); - NT_STATUS_HAVE_NO_MEMORY(pull); - - pull->flags |= LIBNDR_FLAG_REF_ALLOC; - - call->ndr_pull = pull; - - if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) { - pull->flags |= LIBNDR_FLAG_BIGENDIAN; - } - - status = dcesrv_check_verification_trailer(call); - if (!NT_STATUS_IS_OK(status)) { - uint32_t faultcode = DCERPC_FAULT_OTHER; - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - faultcode = DCERPC_FAULT_ACCESS_DENIED; - } - DEBUG(10, ("dcesrv_check_verification_trailer failed: %s\n", - nt_errstr(status))); - return dcesrv_fault(call, faultcode); - } - - /* unravel the NDR for the packet */ - status = call->context->iface->ndr_pull(call, call, pull, &call->r); - if (!NT_STATUS_IS_OK(status)) { - uint8_t extra_flags = 0; - if (call->fault_code == DCERPC_FAULT_OP_RNG_ERROR) { - /* we got an unknown call */ - DEBUG(3,(__location__ ": Unknown RPC call %u on %s\n", - call->pkt.u.request.opnum, - call->context->iface->name)); - dcesrv_save_call(call, "unknown"); - extra_flags |= DCERPC_PFC_FLAG_DID_NOT_EXECUTE; - } else { - dcesrv_save_call(call, "pullfail"); - } - return dcesrv_fault_with_flags(call, call->fault_code, extra_flags); - } - - if (pull->offset != pull->data_size) { - dcesrv_save_call(call, "extrabytes"); - DEBUG(3,("Warning: %d extra bytes in incoming RPC request\n", - pull->data_size - pull->offset)); - } - - /* call the dispatch function */ - status = call->context->iface->dispatch(call, call, call->r); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5,("dcerpc fault in call %s:%02x - %s\n", - call->context->iface->name, - call->pkt.u.request.opnum, - dcerpc_errstr(pull, call->fault_code))); - return dcesrv_fault(call, call->fault_code); - } - - /* add the call to the pending list */ - dcesrv_call_set_list(call, DCESRV_LIST_PENDING_CALL_LIST); - - if (call->state_flags & DCESRV_CALL_STATE_FLAG_ASYNC) { - return NT_STATUS_OK; - } - - return dcesrv_reply(call); -} - - -/* - remove the call from the right list when freed - */ -static int dcesrv_call_dequeue(struct dcesrv_call_state *call) -{ - dcesrv_call_set_list(call, DCESRV_LIST_NONE); - return 0; -} - -_PUBLIC_ const struct tsocket_address *dcesrv_connection_get_local_address(struct dcesrv_connection *conn) -{ - return conn->local_address; -} - -_PUBLIC_ const struct tsocket_address *dcesrv_connection_get_remote_address(struct dcesrv_connection *conn) -{ - return conn->remote_address; -} - -/* - process some input to a dcerpc endpoint server. -*/ -static NTSTATUS dcesrv_process_ncacn_packet(struct dcesrv_connection *dce_conn, - struct ncacn_packet *pkt, - DATA_BLOB blob) -{ - NTSTATUS status; - struct dcesrv_call_state *call; - struct dcesrv_call_state *existing = NULL; - size_t num_auth_ctx = 0; - enum dcerpc_AuthType auth_type = 0; - enum dcerpc_AuthLevel auth_level = 0; - uint32_t auth_context_id = 0; - - call = talloc_zero(dce_conn, struct dcesrv_call_state); - if (!call) { - data_blob_free(&blob); - talloc_free(pkt); - return NT_STATUS_NO_MEMORY; - } - call->conn = dce_conn; - call->event_ctx = dce_conn->event_ctx; - call->state_flags = call->conn->state_flags; - call->time = timeval_current(); - call->list = DCESRV_LIST_NONE; - - talloc_steal(call, pkt); - talloc_steal(call, blob.data); - call->pkt = *pkt; - - if (dce_conn->max_auth_states == 0) { - call->auth_state = dce_conn->default_auth_state; - } else if (call->pkt.auth_length == 0) { - if (call->pkt.ptype == DCERPC_PKT_REQUEST && - dce_conn->default_auth_level_connect != NULL) - { - call->auth_state = dce_conn->default_auth_level_connect; - } else { - call->auth_state = dce_conn->default_auth_state; - } - } - - if (call->auth_state == NULL) { - struct dcesrv_auth *a = NULL; - - auth_type = dcerpc_get_auth_type(&blob); - auth_level = dcerpc_get_auth_level(&blob); - auth_context_id = dcerpc_get_auth_context_id(&blob); - - if (call->pkt.ptype == DCERPC_PKT_REQUEST) { - dce_conn->default_auth_level_connect = NULL; - if (auth_level == DCERPC_AUTH_LEVEL_CONNECT) { - dce_conn->got_explicit_auth_level_connect = true; - } - } - - for (a = dce_conn->auth_states; a != NULL; a = a->next) { - num_auth_ctx++; - - if (a->auth_type != auth_type) { - continue; - } - if (a->auth_finished && a->auth_level != auth_level) { - continue; - } - if (a->auth_context_id != auth_context_id) { - continue; - } - - DLIST_PROMOTE(dce_conn->auth_states, a); - call->auth_state = a; - break; - } - } - - if (call->auth_state == NULL) { - struct dcesrv_auth *a = NULL; - - if (num_auth_ctx >= dce_conn->max_auth_states) { - return dcesrv_fault_disconnect(call, - DCERPC_NCA_S_PROTO_ERROR); - } - - a = dcesrv_auth_create(dce_conn); - if (a == NULL) { - talloc_free(call); - return NT_STATUS_NO_MEMORY; - } - DLIST_ADD(dce_conn->auth_states, a); - if (call->pkt.ptype == DCERPC_PKT_REQUEST) { - /* - * This can never be valid. - */ - a->auth_invalid = true; - } - call->auth_state = a; - } - - talloc_set_destructor(call, dcesrv_call_dequeue); - - if (call->conn->allow_bind) { - /* - * Only one bind is possible per connection - */ - call->conn->allow_bind = false; - return dcesrv_bind(call); - } - - /* we have to check the signing here, before combining the - pdus */ - if (call->pkt.ptype == DCERPC_PKT_REQUEST) { - dcesrv_default_auth_state_prepare_request(call); - - if (call->auth_state->auth_started && - !call->auth_state->auth_finished) { - return dcesrv_fault_disconnect(call, - DCERPC_NCA_S_PROTO_ERROR); - } - - status = dcerpc_verify_ncacn_packet_header(&call->pkt, - DCERPC_PKT_REQUEST, - call->pkt.u.request.stub_and_verifier.length, - 0, /* required_flags */ - DCERPC_PFC_FLAG_FIRST | - DCERPC_PFC_FLAG_LAST | - DCERPC_PFC_FLAG_PENDING_CANCEL | - 0x08 | /* this is not defined, but should be ignored */ - DCERPC_PFC_FLAG_CONC_MPX | - DCERPC_PFC_FLAG_DID_NOT_EXECUTE | - DCERPC_PFC_FLAG_MAYBE | - DCERPC_PFC_FLAG_OBJECT_UUID); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_fault_disconnect(call, - DCERPC_NCA_S_PROTO_ERROR); - } - - if (call->pkt.frag_length > DCERPC_FRAG_MAX_SIZE) { - /* - * We don't use dcesrv_fault_disconnect() - * here, because we don't want to set - * DCERPC_PFC_FLAG_DID_NOT_EXECUTE - * - * Note that we don't check against the negotiated - * max_recv_frag, but a hard coded value. - */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - frag_length too large"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); - } - - if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_FIRST) { - if (dce_conn->pending_call_list != NULL) { - /* - * concurrent requests are only allowed - * if DCERPC_PFC_FLAG_CONC_MPX was negotiated. - */ - if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing pending call without CONN_MPX"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); - } - } - /* only one request is possible in the fragmented list */ - if (dce_conn->incoming_fragmented_call_list != NULL) { - if (!(dce_conn->state_flags & DCESRV_CALL_STATE_FLAG_MULTIPLEXED)) { - /* - * Without DCERPC_PFC_FLAG_CONC_MPX - * we need to return the FAULT on the - * already existing call. - * - * This is important to get the - * call_id and context_id right. - */ - TALLOC_FREE(call); - call = dce_conn->incoming_fragmented_call_list; - } - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "existing fragmented call"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); - } - if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_PENDING_CANCEL) { - return dcesrv_fault_disconnect(call, - DCERPC_FAULT_NO_CALL_ACTIVE); - } - call->context = dcesrv_find_context(call->conn, - call->pkt.u.request.context_id); - if (call->context == NULL) { - return dcesrv_fault_with_flags(call, DCERPC_NCA_S_UNKNOWN_IF, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); - } - } else { - const struct dcerpc_request *nr = &call->pkt.u.request; - const struct dcerpc_request *er = NULL; - int cmp; - - existing = dcesrv_find_fragmented_call(dce_conn, - call->pkt.call_id); - if (existing == NULL) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - " - "no existing fragmented call"); - return dcesrv_fault(call, - DCERPC_NCA_S_PROTO_ERROR); - } - er = &existing->pkt.u.request; - - if (call->pkt.ptype != existing->pkt.ptype) { - /* trying to play silly buggers are we? */ - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - cmp = memcmp(call->pkt.drep, existing->pkt.drep, - sizeof(pkt->drep)); - if (cmp != 0) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - if (nr->context_id != er->context_id) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - if (nr->opnum != er->opnum) { - return dcesrv_fault_disconnect(existing, - DCERPC_NCA_S_PROTO_ERROR); - } - } - } - - if (call->pkt.ptype == DCERPC_PKT_REQUEST) { - bool ok; - uint8_t payload_offset = DCERPC_REQUEST_LENGTH; - - if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { - payload_offset += 16; - } - - ok = dcesrv_auth_pkt_pull(call, &blob, - 0, /* required_flags */ - DCERPC_PFC_FLAG_FIRST | - DCERPC_PFC_FLAG_LAST | - DCERPC_PFC_FLAG_PENDING_CANCEL | - 0x08 | /* this is not defined, but should be ignored */ - DCERPC_PFC_FLAG_CONC_MPX | - DCERPC_PFC_FLAG_DID_NOT_EXECUTE | - DCERPC_PFC_FLAG_MAYBE | - DCERPC_PFC_FLAG_OBJECT_UUID, - payload_offset, - &call->pkt.u.request.stub_and_verifier); - if (!ok) { - /* - * We don't use dcesrv_fault_disconnect() - * here, because we don't want to set - * DCERPC_PFC_FLAG_DID_NOT_EXECUTE - */ - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - failed"); - if (call->fault_code == 0) { - call->fault_code = DCERPC_FAULT_ACCESS_DENIED; - } - return dcesrv_fault(call, call->fault_code); - } - } - - /* see if this is a continued packet */ - if (existing != NULL) { - struct dcerpc_request *er = &existing->pkt.u.request; - const struct dcerpc_request *nr = &call->pkt.u.request; - size_t available; - size_t alloc_size; - size_t alloc_hint; - - /* - * Up to 4 MByte are allowed by all fragments - */ - available = dce_conn->max_total_request_size; - if (er->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - existing payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); - } - available -= er->stub_and_verifier.length; - if (nr->alloc_hint > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - alloc hint too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); - } - if (nr->stub_and_verifier.length > available) { - dcesrv_call_disconnect_after(existing, - "dcesrv_auth_request - new payload too large"); - return dcesrv_fault(existing, DCERPC_FAULT_ACCESS_DENIED); - } - alloc_hint = er->stub_and_verifier.length + nr->alloc_hint; - /* allocate at least 1 byte */ - alloc_hint = MAX(alloc_hint, 1); - alloc_size = er->stub_and_verifier.length + - nr->stub_and_verifier.length; - alloc_size = MAX(alloc_size, alloc_hint); - - er->stub_and_verifier.data = - talloc_realloc(existing, - er->stub_and_verifier.data, - uint8_t, alloc_size); - if (er->stub_and_verifier.data == NULL) { - TALLOC_FREE(call); - return dcesrv_fault_with_flags(existing, - DCERPC_FAULT_OUT_OF_RESOURCES, - DCERPC_PFC_FLAG_DID_NOT_EXECUTE); - } - memcpy(er->stub_and_verifier.data + - er->stub_and_verifier.length, - nr->stub_and_verifier.data, - nr->stub_and_verifier.length); - er->stub_and_verifier.length += nr->stub_and_verifier.length; - - existing->pkt.pfc_flags |= (call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST); - - TALLOC_FREE(call); - call = existing; - } - - /* this may not be the last pdu in the chain - if its isn't then - just put it on the incoming_fragmented_call_list and wait for the rest */ - if (call->pkt.ptype == DCERPC_PKT_REQUEST && - !(call->pkt.pfc_flags & DCERPC_PFC_FLAG_LAST)) { - /* - * Up to 4 MByte are allowed by all fragments - */ - if (call->pkt.u.request.alloc_hint > dce_conn->max_total_request_size) { - dcesrv_call_disconnect_after(call, - "dcesrv_auth_request - initial alloc hint too large"); - return dcesrv_fault(call, DCERPC_FAULT_ACCESS_DENIED); - } - dcesrv_call_set_list(call, DCESRV_LIST_FRAGMENTED_CALL_LIST); - return NT_STATUS_OK; - } - - /* This removes any fragments we may have had stashed away */ - dcesrv_call_set_list(call, DCESRV_LIST_NONE); - - switch (call->pkt.ptype) { - case DCERPC_PKT_BIND: - status = dcesrv_bind_nak(call, - DCERPC_BIND_NAK_REASON_NOT_SPECIFIED); - break; - case DCERPC_PKT_AUTH3: - status = dcesrv_auth3(call); - break; - case DCERPC_PKT_ALTER: - status = dcesrv_alter(call); - break; - case DCERPC_PKT_REQUEST: - status = dcesrv_request(call); - break; - case DCERPC_PKT_CO_CANCEL: - case DCERPC_PKT_ORPHANED: - /* - * Window just ignores CO_CANCEL and ORPHANED, - * so we do... - */ - status = NT_STATUS_OK; - TALLOC_FREE(call); - break; - case DCERPC_PKT_BIND_ACK: - case DCERPC_PKT_BIND_NAK: - case DCERPC_PKT_ALTER_RESP: - case DCERPC_PKT_RESPONSE: - case DCERPC_PKT_FAULT: - case DCERPC_PKT_SHUTDOWN: - default: - status = dcesrv_fault_disconnect(call, DCERPC_NCA_S_PROTO_ERROR); - break; - } - - /* if we are going to be sending a reply then add - it to the list of pending calls. We add it to the end to keep the call - list in the order we will answer */ - if (!NT_STATUS_IS_OK(status)) { - talloc_free(call); - } - - return status; -} - -_PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, - struct loadparm_context *lp_ctx, - const char **endpoint_servers, - struct dcesrv_context_callbacks *cb, - struct dcesrv_context **_dce_ctx) -{ - NTSTATUS status; - struct dcesrv_context *dce_ctx; - int i; - - if (!endpoint_servers) { - DEBUG(0,("dcesrv_init_context: no endpoint servers configured\n")); - return NT_STATUS_INTERNAL_ERROR; - } - - dce_ctx = talloc_zero(mem_ctx, struct dcesrv_context); - NT_STATUS_HAVE_NO_MEMORY(dce_ctx); - - if (uid_wrapper_enabled()) { - setenv("UID_WRAPPER_MYUID", "1", 1); - } - dce_ctx->initial_euid = geteuid(); - if (uid_wrapper_enabled()) { - unsetenv("UID_WRAPPER_MYUID"); - } - - dce_ctx->endpoint_list = NULL; - dce_ctx->lp_ctx = lp_ctx; - dce_ctx->assoc_groups_idr = idr_init(dce_ctx); - NT_STATUS_HAVE_NO_MEMORY(dce_ctx->assoc_groups_idr); - dce_ctx->broken_connections = NULL; - if (cb != NULL) { - dce_ctx->callbacks = *cb; - } - - for (i=0;endpoint_servers[i];i++) { - const struct dcesrv_endpoint_server *ep_server; - - ep_server = dcesrv_ep_server_byname(endpoint_servers[i]); - if (!ep_server) { - DEBUG(0,("dcesrv_init_context: failed to find endpoint server = '%s'\n", endpoint_servers[i])); - return NT_STATUS_INTERNAL_ERROR; - } - - status = ep_server->init_server(dce_ctx, ep_server); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("dcesrv_init_context: failed to init endpoint server = '%s': %s\n", endpoint_servers[i], - nt_errstr(status))); - return status; - } - } - - *_dce_ctx = dce_ctx; - return NT_STATUS_OK; -} - -/* the list of currently registered DCERPC endpoint servers. - */ -static struct ep_server { - struct dcesrv_endpoint_server *ep_server; -} *ep_servers = NULL; -static int num_ep_servers; - -/* - register a DCERPC endpoint server. - - The 'name' can be later used by other backends to find the operations - structure for this backend. - -*/ -_PUBLIC_ NTSTATUS dcerpc_register_ep_server(const struct dcesrv_endpoint_server *ep_server) -{ - - if (dcesrv_ep_server_byname(ep_server->name) != NULL) { - /* its already registered! */ - DEBUG(0,("DCERPC endpoint server '%s' already registered\n", - ep_server->name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } - - ep_servers = realloc_p(ep_servers, struct ep_server, num_ep_servers+1); - if (!ep_servers) { - smb_panic("out of memory in dcerpc_register"); - } - - ep_servers[num_ep_servers].ep_server = smb_xmemdup(ep_server, sizeof(*ep_server)); - ep_servers[num_ep_servers].ep_server->name = smb_xstrdup(ep_server->name); - - num_ep_servers++; - - DEBUG(3,("DCERPC endpoint server '%s' registered\n", - ep_server->name)); - - return NT_STATUS_OK; -} - -/* - return the operations structure for a named backend of the specified type -*/ -_PUBLIC_ const struct dcesrv_endpoint_server *dcesrv_ep_server_byname(const char *name) -{ - int i; - - for (i=0;i<num_ep_servers;i++) { - if (strcmp(ep_servers[i].ep_server->name, name) == 0) { - return ep_servers[i].ep_server; - } - } - - return NULL; -} - void dcerpc_server_init(struct loadparm_context *lp_ctx) { static bool initialized; @@ -2543,245 +183,6 @@ void dcerpc_server_init(struct loadparm_context *lp_ctx) talloc_free(shared_init); } -/* - return the DCERPC module version, and the size of some critical types - This can be used by endpoint server modules to either detect compilation errors, or provide - multiple implementations for different smbd compilation options in one module -*/ -const struct dcesrv_critical_sizes *dcerpc_module_version(void) -{ - static const struct dcesrv_critical_sizes critical_sizes = { - DCERPC_MODULE_VERSION, - sizeof(struct dcesrv_context), - sizeof(struct dcesrv_endpoint), - sizeof(struct dcesrv_endpoint_server), - sizeof(struct dcesrv_interface), - sizeof(struct dcesrv_if_list), - sizeof(struct dcesrv_connection), - sizeof(struct dcesrv_call_state), - sizeof(struct dcesrv_auth), - sizeof(struct dcesrv_handle) - }; - - return &critical_sizes; -} - -_PUBLIC_ void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, const char *reason) -{ - struct dcesrv_context *dce_ctx = dce_conn->dce_ctx; - struct dcesrv_auth *a = NULL; - - dce_conn->wait_send = NULL; - dce_conn->wait_recv = NULL; - dce_conn->wait_private = NULL; - - dce_conn->allow_bind = false; - dce_conn->allow_alter = false; - - dce_conn->default_auth_state->auth_invalid = true; - - for (a = dce_conn->auth_states; a != NULL; a = a->next) { - a->auth_invalid = true; - } - - if (dce_conn->pending_call_list == NULL) { - char *full_reason = talloc_asprintf(dce_conn, "dcesrv: %s", reason); - - DLIST_REMOVE(dce_ctx->broken_connections, dce_conn); - dce_conn->transport.terminate_connection(dce_conn, - full_reason ? full_reason : reason); - return; - } - - if (dce_conn->terminate != NULL) { - return; - } - - DEBUG(3,("dcesrv: terminating connection due to '%s' deferred due to pending calls\n", - reason)); - dce_conn->terminate = talloc_strdup(dce_conn, reason); - if (dce_conn->terminate == NULL) { - dce_conn->terminate = "dcesrv: deferred terminating connection - no memory"; - } - DLIST_ADD_END(dce_ctx->broken_connections, dce_conn); -} - -_PUBLIC_ void dcesrv_cleanup_broken_connections(struct dcesrv_context *dce_ctx) -{ - struct dcesrv_connection *cur, *next; - - next = dce_ctx->broken_connections; - while (next != NULL) { - cur = next; - next = cur->next; - - if (cur->state_flags & DCESRV_CALL_STATE_FLAG_PROCESS_PENDING_CALL) { - struct dcesrv_connection_context *context_cur, *context_next; - - context_next = cur->contexts; - while (context_next != NULL) { - context_cur = context_next; - context_next = context_cur->next; - - dcesrv_connection_context_destructor(context_cur); - } - } - - dcesrv_terminate_connection(cur, cur->terminate); - } -} - -/* We need this include to be able to compile on some plateforms - * (ie. freebsd 7.2) as it seems that <sys/uio.h> is not included - * correctly. - * It has to be that deep because otherwise we have a conflict on - * const struct dcesrv_interface declaration. - * This is mostly due to socket_wrapper defining #define bind swrap_bind - * which conflict with the bind used before. - */ -#include "system/network.h" - -struct dcesrv_sock_reply_state { - struct dcesrv_connection *dce_conn; - struct dcesrv_call_state *call; - struct iovec iov; -}; - -static void dcesrv_sock_reply_done(struct tevent_req *subreq); -static void dcesrv_call_terminate_step1(struct tevent_req *subreq); - -_PUBLIC_ void dcesrv_sock_report_output_data(struct dcesrv_connection *dce_conn) -{ - struct dcesrv_call_state *call; - - call = dce_conn->call_list; - if (!call || !call->replies) { - return; - } - - while (call->replies) { - struct data_blob_list_item *rep = call->replies; - struct dcesrv_sock_reply_state *substate; - struct tevent_req *subreq; - - substate = talloc_zero(call, struct dcesrv_sock_reply_state); - if (!substate) { - dcesrv_terminate_connection(dce_conn, "no memory"); - return; - } - - substate->dce_conn = dce_conn; - substate->call = NULL; - - DLIST_REMOVE(call->replies, rep); - - if (call->replies == NULL && call->terminate_reason == NULL) { - substate->call = call; - } - - substate->iov.iov_base = (void *) rep->blob.data; - substate->iov.iov_len = rep->blob.length; - - subreq = tstream_writev_queue_send(substate, - dce_conn->event_ctx, - dce_conn->stream, - dce_conn->send_queue, - &substate->iov, 1); - if (!subreq) { - dcesrv_terminate_connection(dce_conn, "no memory"); - return; - } - tevent_req_set_callback(subreq, dcesrv_sock_reply_done, - substate); - } - - if (call->terminate_reason != NULL) { - struct tevent_req *subreq; - - subreq = tevent_queue_wait_send(call, - dce_conn->event_ctx, - dce_conn->send_queue); - if (!subreq) { - dcesrv_terminate_connection(dce_conn, __location__); - return; - } - tevent_req_set_callback(subreq, dcesrv_call_terminate_step1, - call); - } - - DLIST_REMOVE(call->conn->call_list, call); - call->list = DCESRV_LIST_NONE; -} - -static void dcesrv_sock_reply_done(struct tevent_req *subreq) -{ - struct dcesrv_sock_reply_state *substate = tevent_req_callback_data(subreq, - struct dcesrv_sock_reply_state); - int ret; - int sys_errno; - NTSTATUS status; - struct dcesrv_call_state *call = substate->call; - - ret = tstream_writev_queue_recv(subreq, &sys_errno); - TALLOC_FREE(subreq); - if (ret == -1) { - status = map_nt_error_from_unix_common(sys_errno); - dcesrv_terminate_connection(substate->dce_conn, nt_errstr(status)); - return; - } - - talloc_free(substate); - if (call) { - talloc_free(call); - } -} - -static void dcesrv_call_terminate_step2(struct tevent_req *subreq); - -static void dcesrv_call_terminate_step1(struct tevent_req *subreq) -{ - struct dcesrv_call_state *call = tevent_req_callback_data(subreq, - struct dcesrv_call_state); - bool ok; - struct timeval tv; - - /* make sure we stop send queue before removing subreq */ - tevent_queue_stop(call->conn->send_queue); - - ok = tevent_queue_wait_recv(subreq); - TALLOC_FREE(subreq); - if (!ok) { - dcesrv_terminate_connection(call->conn, __location__); - return; - } - - /* disconnect after 200 usecs */ - tv = timeval_current_ofs_usec(200); - subreq = tevent_wakeup_send(call, call->conn->event_ctx, tv); - if (subreq == NULL) { - dcesrv_terminate_connection(call->conn, __location__); - return; - } - tevent_req_set_callback(subreq, dcesrv_call_terminate_step2, - call); -} - -static void dcesrv_call_terminate_step2(struct tevent_req *subreq) -{ - struct dcesrv_call_state *call = tevent_req_callback_data(subreq, - struct dcesrv_call_state); - bool ok; - - ok = tevent_wakeup_recv(subreq); - TALLOC_FREE(subreq); - if (!ok) { - dcesrv_terminate_connection(call->conn, __location__); - return; - } - - dcesrv_terminate_connection(call->conn, call->terminate_reason); -} - struct dcesrv_socket_context { const struct dcesrv_endpoint *endpoint; struct dcesrv_context *dcesrv_ctx; @@ -2921,107 +322,6 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn) return; } -static void dcesrv_conn_wait_done(struct tevent_req *subreq); - -static void dcesrv_read_fragment_done(struct tevent_req *subreq) -{ - struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq, - struct dcesrv_connection); - struct dcesrv_context *dce_ctx = dce_conn->dce_ctx; - struct ncacn_packet *pkt; - DATA_BLOB buffer; - NTSTATUS status; - - if (dce_conn->terminate) { - /* - * if the current connection is broken - * we need to clean it up before any other connection - */ - dcesrv_terminate_connection(dce_conn, dce_conn->terminate); - dcesrv_cleanup_broken_connections(dce_ctx); - return; - } - - dcesrv_cleanup_broken_connections(dce_ctx); - - status = dcerpc_read_ncacn_packet_recv(subreq, dce_conn, - &pkt, &buffer); - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - dcesrv_terminate_connection(dce_conn, nt_errstr(status)); - return; - } - - status = dcesrv_process_ncacn_packet(dce_conn, pkt, buffer); - if (!NT_STATUS_IS_OK(status)) { - dcesrv_terminate_connection(dce_conn, nt_errstr(status)); - return; - } - - /* - * This is used to block the connection during - * pending authentication. - */ - if (dce_conn->wait_send != NULL) { - subreq = dce_conn->wait_send(dce_conn, - dce_conn->event_ctx, - dce_conn->wait_private); - if (!subreq) { - status = NT_STATUS_NO_MEMORY; - dcesrv_terminate_connection(dce_conn, nt_errstr(status)); - return; - } - tevent_req_set_callback(subreq, dcesrv_conn_wait_done, dce_conn); - return; - } - - subreq = dcerpc_read_ncacn_packet_send(dce_conn, - dce_conn->event_ctx, - dce_conn->stream); - if (!subreq) { - status = NT_STATUS_NO_MEMORY; - dcesrv_terminate_connection(dce_conn, nt_errstr(status)); - return; - } - tevent_req_set_callback(subreq, dcesrv_read_fragment_done, dce_conn); -} - -static void dcesrv_conn_wait_done(struct tevent_req *subreq) -{ - struct dcesrv_connection *dce_conn = tevent_req_callback_data(subreq, - struct dcesrv_connection); - struct dcesrv_context *dce_ctx = dce_conn->dce_ctx; - NTSTATUS status; - - if (dce_conn->terminate) { - /* - * if the current connection is broken - * we need to clean it up before any other connection - */ - dcesrv_terminate_connection(dce_conn, dce_conn->terminate); - dcesrv_cleanup_broken_connections(dce_ctx); - return; - } - - dcesrv_cleanup_broken_connections(dce_ctx); - - status = dce_conn->wait_recv(subreq); - dce_conn->wait_send = NULL; - dce_conn->wait_recv = NULL; - dce_conn->wait_private = NULL; - TALLOC_FREE(subreq); - if (!NT_STATUS_IS_OK(status)) { - dcesrv_terminate_connection(dce_conn, nt_errstr(status)); - return; - } - - status = dcesrv_connection_loop_start(dce_conn); - if (!NT_STATUS_IS_OK(status)) { - dcesrv_terminate_connection(dce_conn, nt_errstr(status)); - return; - } -} - static void dcesrv_sock_recv(struct stream_connection *conn, uint16_t flags) { struct dcesrv_connection *dce_conn = talloc_get_type(conn->private_data, @@ -3318,68 +618,6 @@ NTSTATUS dcesrv_add_ep(struct dcesrv_context *dce_ctx, } } - -/** - * retrieve credentials from a dce_call - */ -_PUBLIC_ struct cli_credentials *dcesrv_call_credentials(struct dcesrv_call_state *dce_call) -{ - struct dcesrv_auth *auth = dce_call->auth_state; - SMB_ASSERT(auth->auth_finished); - return auth->session_info->credentials; -} - -/** - * returns true if this is an authenticated call - */ -_PUBLIC_ bool dcesrv_call_authenticated(struct dcesrv_call_state *dce_call) -{ - struct dcesrv_auth *auth = dce_call->auth_state; - enum security_user_level level; - SMB_ASSERT(auth->auth_finished); - level = security_session_user_level(auth->session_info, NULL); - return level >= SECURITY_USER; -} - -/** - * retrieve account_name for a dce_call - */ -_PUBLIC_ const char *dcesrv_call_account_name(struct dcesrv_call_state *dce_call) -{ - struct dcesrv_auth *auth = dce_call->auth_state; - SMB_ASSERT(auth->auth_finished); - return auth->session_info->info->account_name; -} - -/** - * retrieve session_info from a dce_call - */ -_PUBLIC_ struct auth_session_info *dcesrv_call_session_info(struct dcesrv_call_state *dce_call) -{ - struct dcesrv_auth *auth = dce_call->auth_state; - SMB_ASSERT(auth->auth_finished); - return auth->session_info; -} - -/** - * retrieve auth type/level from a dce_call - */ -_PUBLIC_ void dcesrv_call_auth_info(struct dcesrv_call_state *dce_call, - enum dcerpc_AuthType *auth_type, - enum dcerpc_AuthLevel *auth_level) -{ - struct dcesrv_auth *auth = dce_call->auth_state; - - SMB_ASSERT(auth->auth_finished); - - if (auth_type != NULL) { - *auth_type = auth->auth_type; - } - if (auth_level != NULL) { - *auth_level = auth->auth_level; - } -} - _PUBLIC_ struct imessaging_context *dcesrv_imessaging_context( struct dcesrv_connection *conn) { @@ -3471,18 +709,3 @@ void dcesrv_transport_terminate_connection(struct dcesrv_connection *dce_conn, struct stream_connection); stream_terminate_connection(srv_conn, reason); } - -_PUBLIC_ NTSTATUS dcesrv_connection_loop_start(struct dcesrv_connection *conn) -{ - struct tevent_req *subreq; - - subreq = dcerpc_read_ncacn_packet_send(conn, - conn->event_ctx, - conn->stream); - if (subreq == NULL) { - return NT_STATUS_NO_MEMORY; - } - tevent_req_set_callback(subreq, dcesrv_read_fragment_done, conn); - - return NT_STATUS_OK; -} diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c deleted file mode 100644 index 87bc76d2780..00000000000 --- a/source4/rpc_server/dcesrv_auth.c +++ /dev/null @@ -1,664 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - server side dcerpc authentication code - - Copyright (C) Andrew Tridgell 2003 - Copyright (C) Stefan (metze) Metzmacher 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "rpc_server/dcerpc_server.h" -#include "rpc_server/dcerpc_server_proto.h" -#include "librpc/gen_ndr/ndr_dcerpc.h" -#include "auth/credentials/credentials.h" -#include "auth/gensec/gensec.h" -#include "auth/auth.h" -#include "param/param.h" -#include "librpc/rpc/rpc_common.h" - -static NTSTATUS dcesrv_auth_negotiate_hdr_signing(struct dcesrv_call_state *call, - struct ncacn_packet *pkt) -{ - struct dcesrv_connection *dce_conn = call->conn; - struct dcesrv_auth *a = NULL; - - if (!(call->pkt.pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) { - return NT_STATUS_OK; - } - - if (dce_conn->client_hdr_signing) { - if (dce_conn->negotiated_hdr_signing && pkt != NULL) { - pkt->pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; - } - return NT_STATUS_OK; - } - - dce_conn->client_hdr_signing = true; - dce_conn->negotiated_hdr_signing = dce_conn->support_hdr_signing; - - if (!dce_conn->negotiated_hdr_signing) { - return NT_STATUS_OK; - } - - if (pkt != NULL) { - pkt->pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; - } - - a = call->conn->default_auth_state; - if (a->gensec_security != NULL) { - gensec_want_feature(a->gensec_security, - GENSEC_FEATURE_SIGN_PKT_HEADER); - } - - for (a = call->conn->auth_states; a != NULL; a = a->next) { - if (a->gensec_security == NULL) { - continue; - } - - gensec_want_feature(a->gensec_security, - GENSEC_FEATURE_SIGN_PKT_HEADER); - } - - return NT_STATUS_OK; -} - -static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call) -{ - struct dcesrv_connection *dce_conn = call->conn; - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - if (auth->auth_started) { - return false; - } - - auth->auth_started = true; - - if (auth->auth_invalid) { - return false; - } - - if (auth->auth_finished) { - return false; - } - - if (auth->gensec_security != NULL) { - return false; - } - - switch (call->in_auth_info.auth_level) { - case DCERPC_AUTH_LEVEL_CONNECT: - case DCERPC_AUTH_LEVEL_CALL: - case DCERPC_AUTH_LEVEL_PACKET: - case DCERPC_AUTH_LEVEL_INTEGRITY: - case DCERPC_AUTH_LEVEL_PRIVACY: - /* - * We evaluate auth_type only if auth_level was valid - */ - break; - default: - /* - * Setting DCERPC_AUTH_LEVEL_NONE, - * gives the caller the reject_reason - * as auth_context_id. - * - * Note: DCERPC_AUTH_LEVEL_NONE == 1 - */ - auth->auth_type = DCERPC_AUTH_TYPE_NONE; - auth->auth_level = DCERPC_AUTH_LEVEL_NONE; - auth->auth_context_id = DCERPC_BIND_NAK_REASON_NOT_SPECIFIED; - return false; - } - - auth->auth_type = call->in_auth_info.auth_type; - auth->auth_level = call->in_auth_info.auth_level; - auth->auth_context_id = call->in_auth_info.auth_context_id; - - status = call->conn->dce_ctx->callbacks.auth.gensec_prepare(auth, - call, - &auth->gensec_security); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to call samba_server_gensec_start %s\n", - nt_errstr(status))); - return false; - } - - /* - * We have to call this because we set the target_service for - * Kerberos to NULL above, and in any case we wish to log a - * more specific service target. - * - */ - status = gensec_set_target_service_description(auth->gensec_security, - "DCE/RPC"); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to call gensec_set_target_service_description %s\n", - nt_errstr(status))); - return false; - } - - if (call->conn->remote_address != NULL) { - status = gensec_set_remote_address(auth->gensec_security, - call->conn->remote_address); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to call gensec_set_remote_address() %s\n", - nt_errstr(status))); - return false; - } - } - - if (call->conn->local_address != NULL) { - status = gensec_set_local_address(auth->gensec_security, - call->conn->local_address); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to call gensec_set_local_address() %s\n", - nt_errstr(status))); - return false; - } - } - - status = gensec_start_mech_by_authtype(auth->gensec_security, auth->auth_type, - auth->auth_level); - if (!NT_STATUS_IS_OK(status)) { - const char *backend_name = - gensec_get_name_by_authtype(auth->gensec_security, - auth->auth_type); - - DEBUG(3, ("Failed to start GENSEC mechanism for DCERPC server: " - "auth_type=%d (%s), auth_level=%d: %s\n", - (int)auth->auth_type, backend_name, - (int)auth->auth_level, - nt_errstr(status))); - - /* - * Setting DCERPC_AUTH_LEVEL_NONE, - * gives the caller the reject_reason - * as auth_context_id. - * - * Note: DCERPC_AUTH_LEVEL_NONE == 1 - */ - auth->auth_type = DCERPC_AUTH_TYPE_NONE; - auth->auth_level = DCERPC_AUTH_LEVEL_NONE; - if (backend_name != NULL) { - auth->auth_context_id = - DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM; - } else { - auth->auth_context_id = - DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE; - } - return false; - } - - if (dce_conn->negotiated_hdr_signing) { - gensec_want_feature(auth->gensec_security, - GENSEC_FEATURE_SIGN_PKT_HEADER); - } - - return true; -} - -static void dcesrv_default_auth_state_finish_bind(struct dcesrv_call_state *call) -{ - SMB_ASSERT(call->pkt.ptype == DCERPC_PKT_BIND); - - if (call->auth_state == call->conn->default_auth_state) { - return; - } - - if (call->conn->default_auth_state->auth_started) { - return; - } - - if (call->conn->default_auth_state->auth_invalid) { - return; - } - - call->conn->default_auth_state->auth_type = DCERPC_AUTH_TYPE_NONE; - call->conn->default_auth_state->auth_level = DCERPC_AUTH_LEVEL_NONE; - call->conn->default_auth_state->auth_context_id = 0; - call->conn->default_auth_state->auth_started = true; - call->conn->default_auth_state->auth_finished = true; - - /* - * - * We defer log_successful_dcesrv_authz_event() - * to dcesrv_default_auth_state_prepare_request() - * - * As we don't want to trigger authz_events - * just for alter_context requests without authentication - */ -} - -void dcesrv_default_auth_state_prepare_request(struct dcesrv_call_state *call) -{ - struct dcesrv_connection *dce_conn = call->conn; - struct dcesrv_auth *auth = call->auth_state; - - if (auth->auth_audited) { - return; - } - - if (call->pkt.ptype != DCERPC_PKT_REQUEST) { - return; - } - - if (auth != dce_conn->default_auth_state) { - return; - } - - if (auth->auth_invalid) { - return; - } - - if (!auth->auth_finished) { - return; - } - - if (!call->conn->dce_ctx->callbacks.log.successful_authz) { - return; - } - - call->conn->dce_ctx->callbacks.log.successful_authz(call); -} - -/* - parse any auth information from a dcerpc bind request - return false if we can't handle the auth request for some - reason (in which case we send a bind_nak) -*/ -bool dcesrv_auth_bind(struct dcesrv_call_state *call) -{ - struct ncacn_packet *pkt = &call->pkt; - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - if (pkt->auth_length == 0) { - auth->auth_type = DCERPC_AUTH_TYPE_NONE; - auth->auth_level = DCERPC_AUTH_LEVEL_NONE; - auth->auth_context_id = 0; - auth->auth_started = true; - - if (call->conn->dce_ctx->callbacks.log.successful_authz) { - call->conn->dce_ctx->callbacks.log.successful_authz(call); - } - - return true; - } - - status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.bind.auth_info, - &call->in_auth_info, - NULL, true); - if (!NT_STATUS_IS_OK(status)) { - /* - * Setting DCERPC_AUTH_LEVEL_NONE, - * gives the caller the reject_reason - * as auth_context_id. - * - * Note: DCERPC_AUTH_LEVEL_NONE == 1 - */ - auth->auth_type = DCERPC_AUTH_TYPE_NONE; - auth->auth_level = DCERPC_AUTH_LEVEL_NONE; - auth->auth_context_id = - DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED; - return false; - } - - return dcesrv_auth_prepare_gensec(call); -} - -NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status) -{ - struct dcesrv_auth *auth = call->auth_state; - const char *pdu = "<unknown>"; - - switch (call->pkt.ptype) { - case DCERPC_PKT_BIND: - pdu = "BIND"; - break; - case DCERPC_PKT_ALTER: - pdu = "ALTER"; - break; - case DCERPC_PKT_AUTH3: - pdu = "AUTH3"; - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - DEBUG(4, ("GENSEC not finished at at %s\n", pdu)); - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - break; - default: - return NT_STATUS_INTERNAL_ERROR; - } - - if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - return NT_STATUS_OK; - } - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(4, ("GENSEC mech rejected the incoming authentication " - "at %s: %s\n", pdu, nt_errstr(status))); - return status; - } - - status = gensec_session_info(auth->gensec_security, - auth, - &auth->session_info); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Failed to establish session_info: %s\n", - nt_errstr(status))); - return status; - } - auth->auth_finished = true; - - if (auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT && - !call->conn->got_explicit_auth_level_connect) - { - call->conn->default_auth_level_connect = auth; - } - - if (call->pkt.ptype != DCERPC_PKT_AUTH3) { - return NT_STATUS_OK; - } - - if (call->out_auth_info->credentials.length != 0) { - DEBUG(4, ("GENSEC produced output token (len=%zu) at %s\n", - call->out_auth_info->credentials.length, pdu)); - return NT_STATUS_RPC_SEC_PKG_ERROR; - } - - return NT_STATUS_OK; -} - -/* - add any auth information needed in a bind ack, and process the authentication - information found in the bind. -*/ -NTSTATUS dcesrv_auth_prepare_bind_ack(struct dcesrv_call_state *call, struct ncacn_packet *pkt) -{ - struct dcesrv_connection *dce_conn = call->conn; - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - status = dcesrv_auth_negotiate_hdr_signing(call, pkt); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - dce_conn->allow_alter = true; - dcesrv_default_auth_state_finish_bind(call); - - if (call->pkt.auth_length == 0) { - auth->auth_finished = true; - return NT_STATUS_OK; - } - - /* We can't work without an existing gensec state */ - if (auth->gensec_security == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - call->_out_auth_info = (struct dcerpc_auth) { - .auth_type = auth->auth_type, - .auth_level = auth->auth_level, - .auth_context_id = auth->auth_context_id, - }; - call->out_auth_info = &call->_out_auth_info; - - return NT_STATUS_OK; -} - -/* - process the final stage of a auth request -*/ -bool dcesrv_auth_prepare_auth3(struct dcesrv_call_state *call) -{ - struct ncacn_packet *pkt = &call->pkt; - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - if (pkt->auth_length == 0) { - return false; - } - - if (auth->auth_finished) { - return false; - } - - /* We can't work without an existing gensec state */ - if (auth->gensec_security == NULL) { - return false; - } - - status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.auth3.auth_info, - &call->in_auth_info, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - /* - * Windows returns DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY - * instead of DCERPC_NCA_S_PROTO_ERROR. - */ - call->fault_code = DCERPC_NCA_S_FAULT_REMOTE_NO_MEMORY; - return false; - } - - if (call->in_auth_info.auth_type != auth->auth_type) { - return false; - } - - if (call->in_auth_info.auth_level != auth->auth_level) { - return false; - } - - if (call->in_auth_info.auth_context_id != auth->auth_context_id) { - return false; - } - - call->_out_auth_info = (struct dcerpc_auth) { - .auth_type = auth->auth_type, - .auth_level = auth->auth_level, - .auth_context_id = auth->auth_context_id, - }; - call->out_auth_info = &call->_out_auth_info; - - return true; -} - -/* - parse any auth information from a dcerpc alter request - return false if we can't handle the auth request for some - reason (in which case we send a bind_nak (is this true for here?)) -*/ -bool dcesrv_auth_alter(struct dcesrv_call_state *call) -{ - struct ncacn_packet *pkt = &call->pkt; - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - /* on a pure interface change there is no auth blob */ - if (pkt->auth_length == 0) { - if (!auth->auth_finished) { - return false; - } - return true; - } - - if (auth->auth_finished) { - call->fault_code = DCERPC_FAULT_ACCESS_DENIED; - return false; - } - - status = dcerpc_pull_auth_trailer(pkt, call, &pkt->u.alter.auth_info, - &call->in_auth_info, NULL, true); - if (!NT_STATUS_IS_OK(status)) { - call->fault_code = DCERPC_NCA_S_PROTO_ERROR; - return false; - } - - if (!auth->auth_started) { - bool ok; - - ok = dcesrv_auth_prepare_gensec(call); - if (!ok) { - call->fault_code = DCERPC_FAULT_ACCESS_DENIED; - return false; - } - - return true; - } - - if (call->in_auth_info.auth_type == DCERPC_AUTH_TYPE_NONE) { - call->fault_code = DCERPC_FAULT_ACCESS_DENIED; - return false; - } - - if (call->in_auth_info.auth_type != auth->auth_type) { - return false; - } - - if (call->in_auth_info.auth_level != auth->auth_level) { - return false; - } - - if (call->in_auth_info.auth_context_id != auth->auth_context_id) { - return false; - } - - return true; -} - -/* - add any auth information needed in a alter ack, and process the authentication - information found in the alter. -*/ -NTSTATUS dcesrv_auth_prepare_alter_ack(struct dcesrv_call_state *call, struct ncacn_packet *pkt) -{ - struct dcesrv_auth *auth = call->auth_state; - NTSTATUS status; - - status = dcesrv_auth_negotiate_hdr_signing(call, pkt); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* on a pure interface change there is no auth_info structure - setup */ - if (call->pkt.auth_length == 0) { - return NT_STATUS_OK; - } - - if (auth->gensec_security == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - - call->_out_auth_info = (struct dcerpc_auth) { - .auth_type = auth->auth_type, - .auth_level = auth->auth_level, - .auth_context_id = auth->auth_context_id, - }; - call->out_auth_info = &call->_out_auth_info; - - return NT_STATUS_OK; -} - -/* - check credentials on a packet -*/ -bool dcesrv_auth_pkt_pull(struct dcesrv_call_state *call, - DATA_BLOB *full_packet, - uint8_t required_flags, - uint8_t optional_flags, - uint8_t payload_offset, - DATA_BLOB *payload_and_verifier) -{ - struct ncacn_packet *pkt = &call->pkt; - struct dcesrv_auth *auth = call->auth_state; - const struct dcerpc_auth tmp_auth = { - .auth_type = auth->auth_type, - .auth_level = auth->auth_level, - .auth_context_id = auth->auth_context_id, - }; - NTSTATUS status; - - if (!auth->auth_started) { - return false; - } - - if (!auth->auth_finished) { - call->fault_code = DCERPC_NCA_S_PROTO_ERROR; - return false; - } - - if (auth->auth_invalid) { - return false; - } - - status = dcerpc_ncacn_pull_pkt_auth(&tmp_auth, - auth->gensec_security, - call, - pkt->ptype, - required_flags, - optional_flags, - payload_offset, - payload_and_verifier, - full_packet, - pkt); - if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { - call->fault_code = DCERPC_NCA_S_PROTO_ERROR; - return false; - } - if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_UNSUPPORTED_AUTHN_LEVEL)) { - call->fault_code = DCERPC_NCA_S_UNSUPPORTED_AUTHN_LEVEL; - return false; - } - if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) { - call->fault_code = DCERPC_FAULT_SEC_PKG_ERROR; - return false; - } - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - call->fault_code = DCERPC_FAULT_ACCESS_DENIED; - return false; - } - if (!NT_STATUS_IS_OK(status)) { - return false; - } - - return true; -} - -/* - push a signed or sealed dcerpc request packet into a blob -*/ -bool dcesrv_auth_pkt_push(struct dcesrv_call_state *call, - DATA_BLOB *blob, size_t sig_size, - uint8_t payload_offset, - const DATA_BLOB *payload, - const struct ncacn_packet *pkt) -{ - struct dcesrv_auth *auth = call->auth_state; - const struct dcerpc_auth tmp_auth = { - .auth_type = auth->auth_type, - .auth_level = auth->auth_level, - .auth_context_id = auth->auth_context_id, - }; - NTSTATUS status; - - status = dcerpc_ncacn_push_pkt_auth(&tmp_auth, - auth->gensec_security, - call, blob, sig_size, - payload_offset, - payload, - pkt); - return NT_STATUS_IS_OK(status); -} diff --git a/source4/rpc_server/dcesrv_mgmt.c b/source4/rpc_server/dcesrv_mgmt.c deleted file mode 100644 index e520a34f0bd..00000000000 --- a/source4/rpc_server/dcesrv_mgmt.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - endpoint server for the mgmt pipe - - Copyright (C) Jelmer Vernooij 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "rpc_server/dcerpc_server.h" -#include "rpc_server/dcerpc_server_proto.h" -#include "librpc/gen_ndr/ndr_mgmt.h" - -#define DCESRV_INTERFACE_MGMT_BIND(context, iface) \ - dcesrv_interface_mgmt_bind(context, iface) -/* - * This #define allows the mgmt interface to accept invalid - * association groups, because association groups are to coordinate - * handles, and handles are not used in mgmt. This in turn avoids - * the need to coordinate these across multiple possible NETLOGON - * processes, as an mgmt interface is added to each - */ - -#define DCESRV_INTERFACE_MGMT_FLAGS DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED - -static NTSTATUS dcesrv_interface_mgmt_bind(struct dcesrv_connection_context *context, - const struct dcesrv_interface *iface) -{ - return dcesrv_interface_bind_allow_connect(context, iface); -} - -/* - mgmt_inq_if_ids -*/ -static WERROR dcesrv_mgmt_inq_if_ids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct mgmt_inq_if_ids *r) -{ - const struct dcesrv_endpoint *ep = dce_call->conn->endpoint; - struct dcesrv_if_list *l; - struct rpc_if_id_vector_t *vector; - - vector = *r->out.if_id_vector = talloc(mem_ctx, struct rpc_if_id_vector_t); - vector->count = 0; - vector->if_id = NULL; - for (l = ep->interface_list; l; l = l->next) { - vector->count++; - vector->if_id = talloc_realloc(mem_ctx, vector->if_id, struct ndr_syntax_id_p, vector->count); - vector->if_id[vector->count-1].id = &l->iface.syntax_id; - } - return WERR_OK; -} - - -/* - mgmt_inq_stats -*/ -static WERROR dcesrv_mgmt_inq_stats(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct mgmt_inq_stats *r) -{ - if (r->in.max_count != MGMT_STATS_ARRAY_MAX_SIZE) - return WERR_NOT_SUPPORTED; - - r->out.statistics->count = r->in.max_count; - r->out.statistics->statistics = talloc_array(mem_ctx, uint32_t, r->in.max_count); - /* FIXME */ - r->out.statistics->statistics[MGMT_STATS_CALLS_IN] = 0; - r->out.statistics->statistics[MGMT_STATS_CALLS_OUT] = 0; - r->out.statistics->statistics[MGMT_STATS_PKTS_IN] = 0; - r->out.statistics->statistics[MGMT_STATS_PKTS_OUT] = 0; - - return WERR_OK; -} - - -/* - mgmt_is_server_listening -*/ -static uint32_t dcesrv_mgmt_is_server_listening(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct mgmt_is_server_listening *r) -{ - *r->out.status = 0; - return 1; -} - - -/* - mgmt_stop_server_listening -*/ -static WERROR dcesrv_mgmt_stop_server_listening(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct mgmt_stop_server_listening *r) -{ - return WERR_ACCESS_DENIED; -} - - -/* - mgmt_inq_princ_name -*/ -static WERROR dcesrv_mgmt_inq_princ_name(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct mgmt_inq_princ_name *r) -{ - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); -} - - -/* include the generated boilerplate */ -#include "librpc/gen_ndr/ndr_mgmt_s.c" - -const struct dcesrv_interface dcesrv_get_mgmt_interface(void) -{ - return dcesrv_mgmt_interface; -} diff --git a/source4/rpc_server/dcesrv_reply.c b/source4/rpc_server/dcesrv_reply.c deleted file mode 100644 index b1abd9d87ab..00000000000 --- a/source4/rpc_server/dcesrv_reply.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - server side dcerpc common code - - Copyright (C) Andrew Tridgell 2003-2010 - Copyright (C) Stefan (metze) Metzmacher 2004-2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "includes.h" -#include "auth/gensec/gensec.h" -#include "lib/util/dlinklist.h" -#include "rpc_server/dcerpc_server.h" -#include "rpc_server/dcerpc_server_proto.h" -#include "param/param.h" -#include "librpc/rpc/rpc_common.h" - -/* - move a call from an existing linked list to the specified list. This - prevents bugs where we forget to remove the call from a previous - list when moving it. - */ -static void dcesrv_call_set_list(struct dcesrv_call_state *call, - enum dcesrv_call_list list) -{ - switch (call->list) { - case DCESRV_LIST_NONE: - break; - case DCESRV_LIST_CALL_LIST: - DLIST_REMOVE(call->conn->call_list, call); - break; - case DCESRV_LIST_FRAGMENTED_CALL_LIST: - DLIST_REMOVE(call->conn->incoming_fragmented_call_list, call); - break; - case DCESRV_LIST_PENDING_CALL_LIST: - DLIST_REMOVE(call->conn->pending_call_list, call); - break; - } - call->list = list; - switch (list) { - case DCESRV_LIST_NONE: - break; - case DCESRV_LIST_CALL_LIST: - DLIST_ADD_END(call->conn->call_list, call); - break; - case DCESRV_LIST_FRAGMENTED_CALL_LIST: - DLIST_ADD_END(call->conn->incoming_fragmented_call_list, call); - break; - case DCESRV_LIST_PENDING_CALL_LIST: - DLIST_ADD_END(call->conn->pending_call_list, call); - break; - } -} - - -void dcesrv_init_hdr(struct ncacn_packet *pkt, bool bigendian) -{ - pkt->rpc_vers = 5; - pkt->rpc_vers_minor = 0; - if (bigendian) { - pkt->drep[0] = 0; - } else { - pkt->drep[0] = DCERPC_DREP_LE; - } - pkt->drep[1] = 0; - pkt->drep[2] = 0; - pkt->drep[3] = 0; -} - - -/* - return a dcerpc fault -*/ -NTSTATUS dcesrv_fault_with_flags(struct dcesrv_call_state *call, - uint32_t fault_code, - uint8_t extra_flags) -{ - struct ncacn_packet pkt; - struct data_blob_list_item *rep; - NTSTATUS status; - - /* setup a fault */ - dcesrv_init_hdr(&pkt, lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); - pkt.auth_length = 0; - pkt.call_id = call->pkt.call_id; - pkt.ptype = DCERPC_PKT_FAULT; - pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | extra_flags; - pkt.u.fault.alloc_hint = 24; - if (call->context != NULL) { - pkt.u.fault.context_id = call->context->context_id; - } else { - pkt.u.fault.context_id = 0; - } - pkt.u.fault.cancel_count = 0; - pkt.u.fault.flags = 0; - pkt.u.fault.status = fault_code; - pkt.u.fault.reserved = 0; - pkt.u.fault.error_and_verifier = data_blob_null; - - rep = talloc_zero(call, struct data_blob_list_item); - if (!rep) { - return NT_STATUS_NO_MEMORY; - } - - status = dcerpc_ncacn_push_auth(&rep->blob, call, &pkt, NULL); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - dcerpc_set_frag_length(&rep->blob, rep->blob.length); - - DLIST_ADD_END(call->replies, rep); - dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST); - - if (call->conn->call_list && call->conn->call_list->replies) { - if (call->conn->transport.report_output_data) { - call->conn->transport.report_output_data(call->conn); - } - } - - return NT_STATUS_OK; -} - -NTSTATUS dcesrv_fault(struct dcesrv_call_state *call, uint32_t fault_code) -{ - return dcesrv_fault_with_flags(call, fault_code, 0); -} - -_PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call) -{ - struct ndr_push *push; - NTSTATUS status; - DATA_BLOB stub; - uint32_t total_length, chunk_size; - struct dcesrv_connection_context *context = call->context; - struct dcesrv_auth *auth = call->auth_state; - size_t sig_size = 0; - - /* call the reply function */ - status = context->iface->reply(call, call, call->r); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_fault(call, call->fault_code); - } - - /* form the reply NDR */ - push = ndr_push_init_ctx(call); - NT_STATUS_HAVE_NO_MEMORY(push); - - /* carry over the pointer count to the reply in case we are - using full pointer. See NDR specification for full - pointers */ - push->ptr_count = call->ndr_pull->ptr_count; - - if (lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)) { - push->flags |= LIBNDR_FLAG_BIGENDIAN; - } - - status = context->iface->ndr_push(call, call, push, call->r); - if (!NT_STATUS_IS_OK(status)) { - return dcesrv_fault(call, call->fault_code); - } - - stub = ndr_push_blob(push); - - total_length = stub.length; - - /* we can write a full max_recv_frag size, minus the dcerpc - request header size */ - chunk_size = call->conn->max_xmit_frag; - chunk_size -= DCERPC_REQUEST_LENGTH; - if (auth->auth_finished && auth->gensec_security != NULL) { - size_t max_payload = chunk_size; - - max_payload -= DCERPC_AUTH_TRAILER_LENGTH; - max_payload -= (max_payload % DCERPC_AUTH_PAD_ALIGNMENT); - - sig_size = gensec_sig_size(auth->gensec_security, - max_payload); - if (sig_size) { - chunk_size -= DCERPC_AUTH_TRAILER_LENGTH; - chunk_size -= sig_size; - } - } - chunk_size -= (chunk_size % DCERPC_AUTH_PAD_ALIGNMENT); - - do { - uint32_t length; - struct data_blob_list_item *rep; - struct ncacn_packet pkt; - bool ok; - - rep = talloc_zero(call, struct data_blob_list_item); - NT_STATUS_HAVE_NO_MEMORY(rep); - - length = MIN(chunk_size, stub.length); - - /* form the dcerpc response packet */ - dcesrv_init_hdr(&pkt, - lpcfg_rpc_big_endian(call->conn->dce_ctx->lp_ctx)); - pkt.auth_length = 0; - pkt.call_id = call->pkt.call_id; - pkt.ptype = DCERPC_PKT_RESPONSE; - pkt.pfc_flags = 0; - if (stub.length == total_length) { - pkt.pfc_flags |= DCERPC_PFC_FLAG_FIRST; - } - if (length == stub.length) { - pkt.pfc_flags |= DCERPC_PFC_FLAG_LAST; - } - pkt.u.response.alloc_hint = stub.length; - /* - * bug for bug, feature for feature... - * - * Windows truncates the context_id with & 0xFF, - * so we do. - */ - pkt.u.response.context_id = context->context_id & 0xFF; - pkt.u.response.cancel_count = 0; - pkt.u.response.stub_and_verifier.data = stub.data; - pkt.u.response.stub_and_verifier.length = length; - - ok = dcesrv_auth_pkt_push(call, &rep->blob, sig_size, - DCERPC_RESPONSE_LENGTH, - &pkt.u.response.stub_and_verifier, - &pkt); - if (!ok) { - return dcesrv_fault(call, DCERPC_FAULT_OTHER); - } - - dcerpc_set_frag_length(&rep->blob, rep->blob.length); - - DLIST_ADD_END(call->replies, rep); - - stub.data += length; - stub.length -= length; - } while (stub.length != 0); - - /* move the call from the pending to the finished calls list */ - dcesrv_call_set_list(call, DCESRV_LIST_CALL_LIST); - - if (call->conn->call_list && call->conn->call_list->replies) { - if (call->conn->transport.report_output_data) { - call->conn->transport.report_output_data(call->conn); - } - } - - return NT_STATUS_OK; -} diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build index 66cea942087..8d896c1722f 100644 --- a/source4/rpc_server/wscript_build +++ b/source4/rpc_server/wscript_build @@ -22,7 +22,7 @@ bld.SAMBA_SUBSYSTEM('DCERPC_COMMON', ) bld.SAMBA_LIBRARY('dcerpc_server', - source='dcerpc_server.c dcesrv_auth.c dcesrv_mgmt.c handles.c dcesrv_reply.c', + source='dcerpc_server.c handles.c', pc_files='dcerpc_server.pc', deps='LIBCLI_AUTH ndr samba_server_gensec service auth', public_deps='dcerpc dcerpc-server-core', |