2004-10-24 19:48:19 +04:00
/*
Unix SMB / CIFS implementation .
2007-09-03 17:13:25 +04:00
smbd - specific dcerpc server code
2004-10-24 19:48:19 +04:00
2007-09-03 17:13:25 +04:00
Copyright ( C ) Andrew Tridgell 2003 - 2005
Copyright ( C ) Stefan ( metze ) Metzmacher 2004 - 2005
Copyright ( C ) Jelmer Vernooij < jelmer @ samba . org > 2004 , 2007
2004-10-24 19:48:19 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2004-10-24 19:48:19 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2004-10-24 19:48:19 +04:00
*/
# include "includes.h"
2007-09-03 17:13:25 +04:00
# include "librpc/gen_ndr/ndr_dcerpc.h"
# include "auth/auth.h"
# include "auth/gensec/gensec.h"
2008-10-11 23:31:42 +04:00
# include "../lib/util/dlinklist.h"
2004-11-02 10:42:47 +03:00
# include "rpc_server/dcerpc_server.h"
2008-11-23 13:24:29 +03:00
# include "rpc_server/dcerpc_server_proto.h"
2007-09-03 17:13:25 +04:00
# include "lib/events/events.h"
# include "smbd/service_task.h"
2005-01-30 03:54:57 +03:00
# include "smbd/service_stream.h"
2006-03-07 16:22:00 +03:00
# include "smbd/service.h"
2007-09-03 17:13:25 +04:00
# include "system/filesys.h"
# include "libcli/security/security.h"
# include "lib/socket/socket.h"
2005-07-19 13:44:11 +04:00
# include "lib/messaging/irpc.h"
2006-03-07 14:07:23 +03:00
# include "system/network.h"
2006-08-17 17:37:04 +04:00
# include "lib/socket/netif.h"
2007-09-08 16:42:09 +04:00
# include "param/param.h"
2004-10-24 19:48:19 +04:00
struct dcesrv_socket_context {
const struct dcesrv_endpoint * endpoint ;
2006-03-16 21:46:49 +03:00
struct dcesrv_context * dcesrv_ctx ;
2004-10-24 19:48:19 +04:00
} ;
/*
write_fn callback for dcesrv_output ( )
*/
2005-06-30 21:10:03 +04:00
static NTSTATUS dcerpc_write_fn ( void * private_data , DATA_BLOB * out , size_t * nwritten )
2004-10-24 19:48:19 +04:00
{
NTSTATUS status ;
2005-06-30 21:10:03 +04:00
struct socket_context * sock = talloc_get_type ( private_data , struct socket_context ) ;
2004-10-24 19:48:19 +04:00
size_t sendlen ;
2006-04-30 09:58:31 +04:00
status = socket_send ( sock , out , & sendlen ) ;
2005-06-30 21:10:03 +04:00
NT_STATUS_IS_ERR_RETURN ( status ) ;
2004-10-24 19:48:19 +04:00
2005-06-30 21:10:03 +04:00
* nwritten = sendlen ;
return status ;
2004-10-24 19:48:19 +04:00
}
2005-01-11 19:53:02 +03:00
static void dcesrv_terminate_connection ( struct dcesrv_connection * dce_conn , const char * reason )
2004-10-24 19:48:19 +04:00
{
2006-03-16 21:46:49 +03:00
struct stream_connection * srv_conn ;
srv_conn = talloc_get_type ( dce_conn - > transport . private_data ,
struct stream_connection ) ;
stream_terminate_connection ( srv_conn , reason ) ;
}
static void dcesrv_sock_report_output_data ( struct dcesrv_connection * dcesrv_conn )
{
struct stream_connection * srv_conn ;
srv_conn = talloc_get_type ( dcesrv_conn - > transport . private_data ,
struct stream_connection ) ;
if ( srv_conn & & srv_conn - > event . fde ) {
EVENT_FD_WRITEABLE ( srv_conn - > event . fde ) ;
}
2004-10-24 19:48:19 +04:00
}
2006-03-16 21:46:49 +03:00
static struct socket_address * dcesrv_sock_get_my_addr ( struct dcesrv_connection * dcesrv_conn , TALLOC_CTX * mem_ctx )
{
struct stream_connection * srv_conn ;
srv_conn = talloc_get_type ( dcesrv_conn - > transport . private_data ,
struct stream_connection ) ;
return socket_get_my_addr ( srv_conn - > socket , mem_ctx ) ;
}
static struct socket_address * dcesrv_sock_get_peer_addr ( struct dcesrv_connection * dcesrv_conn , TALLOC_CTX * mem_ctx )
{
struct stream_connection * srv_conn ;
srv_conn = talloc_get_type ( dcesrv_conn - > transport . private_data ,
struct stream_connection ) ;
return socket_get_peer_addr ( srv_conn - > socket , mem_ctx ) ;
}
2005-01-30 03:54:57 +03:00
2005-05-16 00:16:26 +04:00
static void dcesrv_sock_accept ( struct stream_connection * srv_conn )
2004-10-24 19:48:19 +04:00
{
2005-01-30 03:54:57 +03:00
NTSTATUS status ;
struct dcesrv_socket_context * dcesrv_sock =
talloc_get_type ( srv_conn - > private , struct dcesrv_socket_context ) ;
struct dcesrv_connection * dcesrv_conn = NULL ;
2006-03-22 19:23:19 +03:00
2008-05-17 04:40:37 +04:00
if ( ! srv_conn - > session_info ) {
status = auth_anonymous_session_info ( srv_conn ,
srv_conn - > event . ctx ,
srv_conn - > lp_ctx ,
& srv_conn - > session_info ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " dcesrv_sock_accept: auth_anonymous_session_info failed: %s \n " ,
nt_errstr ( status ) ) ) ;
stream_terminate_connection ( srv_conn , nt_errstr ( status ) ) ;
return ;
}
2006-03-22 19:23:19 +03:00
}
2005-01-30 03:54:57 +03:00
status = dcesrv_endpoint_connect ( dcesrv_sock - > dcesrv_ctx ,
srv_conn ,
dcesrv_sock - > endpoint ,
2008-05-17 04:40:37 +04:00
srv_conn - > session_info ,
2006-03-16 21:46:49 +03:00
srv_conn - > event . ctx ,
2006-05-21 15:39:50 +04:00
srv_conn - > msg_ctx ,
srv_conn - > server_id ,
2006-03-07 14:02:47 +03:00
DCESRV_CALL_STATE_FLAG_MAY_ASYNC ,
2005-01-30 03:54:57 +03:00
& dcesrv_conn ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " dcesrv_sock_accept: dcesrv_endpoint_connect failed: %s \n " ,
nt_errstr ( status ) ) ) ;
2005-09-08 15:26:05 +04:00
stream_terminate_connection ( srv_conn , nt_errstr ( status ) ) ;
2005-01-30 03:54:57 +03:00
return ;
}
2006-03-16 21:46:49 +03:00
dcesrv_conn - > transport . private_data = srv_conn ;
dcesrv_conn - > transport . report_output_data = dcesrv_sock_report_output_data ;
dcesrv_conn - > transport . get_my_addr = dcesrv_sock_get_my_addr ;
dcesrv_conn - > transport . get_peer_addr = dcesrv_sock_get_peer_addr ;
2008-11-23 13:24:29 +03:00
if ( dcesrv_sock - > endpoint - > ep_description - > transport = = NCACN_NP ) {
dcesrv_conn - > auth_state . session_key = dcesrv_inherited_session_key ;
}
2005-01-30 03:54:57 +03:00
srv_conn - > private = dcesrv_conn ;
2005-07-19 13:44:11 +04:00
irpc_add_name ( srv_conn - > msg_ctx , " rpc_server " ) ;
2005-01-30 03:54:57 +03:00
return ;
}
2005-05-16 00:16:26 +04:00
static void dcesrv_sock_recv ( struct stream_connection * conn , uint16_t flags )
2005-01-30 03:54:57 +03:00
{
NTSTATUS status ;
struct dcesrv_connection * dce_conn = talloc_get_type ( conn - > private , struct dcesrv_connection ) ;
DATA_BLOB tmp_blob ;
size_t nread ;
2005-06-21 10:03:11 +04:00
if ( dce_conn - > processing ) {
EVENT_FD_NOT_READABLE ( conn - > event . fde ) ;
return ;
}
2005-01-30 03:54:57 +03:00
tmp_blob = data_blob_talloc ( conn - > socket , NULL , 0x1000 ) ;
if ( tmp_blob . data = = NULL ) {
dcesrv_terminate_connection ( dce_conn , " out of memory " ) ;
return ;
}
2006-04-30 09:58:31 +04:00
status = socket_recv ( conn - > socket , tmp_blob . data , tmp_blob . length , & nread ) ;
2005-01-30 03:54:57 +03:00
if ( NT_STATUS_IS_ERR ( status ) ) {
dcesrv_terminate_connection ( dce_conn , nt_errstr ( status ) ) ;
return ;
}
if ( nread = = 0 ) {
talloc_free ( tmp_blob . data ) ;
return ;
}
tmp_blob . length = nread ;
2007-10-07 02:25:41 +04:00
dce_conn - > processing = true ;
2005-01-30 03:54:57 +03:00
status = dcesrv_input ( dce_conn , & tmp_blob ) ;
2007-10-07 02:25:41 +04:00
dce_conn - > processing = false ;
2005-01-30 03:54:57 +03:00
talloc_free ( tmp_blob . data ) ;
2004-10-24 19:48:19 +04:00
2005-06-21 10:03:11 +04:00
EVENT_FD_READABLE ( conn - > event . fde ) ;
2005-01-30 03:54:57 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
dcesrv_terminate_connection ( dce_conn , nt_errstr ( status ) ) ;
2004-10-24 19:48:19 +04:00
return ;
}
2005-01-30 03:54:57 +03:00
if ( dce_conn - > call_list & & dce_conn - > call_list - > replies ) {
2005-02-03 05:35:52 +03:00
EVENT_FD_WRITEABLE ( conn - > event . fde ) ;
2005-01-30 03:54:57 +03:00
}
}
2005-05-16 00:16:26 +04:00
static void dcesrv_sock_send ( struct stream_connection * conn , uint16_t flags )
2005-01-30 03:54:57 +03:00
{
struct dcesrv_connection * dce_conn = talloc_get_type ( conn - > private , struct dcesrv_connection ) ;
NTSTATUS status ;
status = dcesrv_output ( dce_conn , conn - > socket , dcerpc_write_fn ) ;
2005-06-26 11:31:45 +04:00
if ( NT_STATUS_IS_ERR ( status ) ) {
2005-01-30 03:54:57 +03:00
dcesrv_terminate_connection ( dce_conn , " eof on socket " ) ;
2004-10-24 19:48:19 +04:00
return ;
}
2005-01-30 03:54:57 +03:00
if ( ! dce_conn - > call_list | | ! dce_conn - > call_list - > replies ) {
2005-02-03 05:35:52 +03:00
EVENT_FD_NOT_WRITEABLE ( conn - > event . fde ) ;
2005-01-30 03:54:57 +03:00
}
}
static const struct stream_server_ops dcesrv_stream_ops = {
. name = " rpc " ,
. accept_connection = dcesrv_sock_accept ,
. recv_handler = dcesrv_sock_recv ,
. send_handler = dcesrv_sock_send ,
} ;
2007-12-03 20:47:42 +03:00
static NTSTATUS dcesrv_add_ep_unix ( struct dcesrv_context * dce_ctx ,
struct loadparm_context * lp_ctx ,
struct dcesrv_endpoint * e ,
2007-09-03 17:13:25 +04:00
struct event_context * event_ctx , const struct model_ops * model_ops )
2005-01-30 03:54:57 +03:00
{
struct dcesrv_socket_context * dcesrv_sock ;
uint16_t port = 1 ;
NTSTATUS status ;
2005-05-03 19:15:34 +04:00
dcesrv_sock = talloc ( event_ctx , struct dcesrv_socket_context ) ;
2005-01-30 03:54:57 +03:00
NT_STATUS_HAVE_NO_MEMORY ( dcesrv_sock ) ;
2004-10-24 19:48:19 +04:00
/* remember the endpoint of this socket */
dcesrv_sock - > endpoint = e ;
2005-01-30 03:54:57 +03:00
dcesrv_sock - > dcesrv_ctx = talloc_reference ( dcesrv_sock , dce_ctx ) ;
2008-01-06 04:03:43 +03:00
status = stream_setup_socket ( event_ctx , lp_ctx ,
model_ops , & dcesrv_stream_ops ,
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
" unix " , e - > ep_description - > endpoint , & port ,
2007-12-06 18:54:34 +03:00
lp_socket_options ( lp_ctx ) ,
2005-01-30 03:54:57 +03:00
dcesrv_sock ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " service_setup_stream_socket(path=%s) failed - %s \n " ,
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
e - > ep_description - > endpoint , nt_errstr ( status ) ) ) ;
2005-01-30 03:54:57 +03:00
}
2004-10-24 19:48:19 +04:00
2005-01-30 03:54:57 +03:00
return status ;
2004-10-24 19:48:19 +04:00
}
2007-12-03 20:47:42 +03:00
static NTSTATUS dcesrv_add_ep_ncalrpc ( struct dcesrv_context * dce_ctx ,
struct loadparm_context * lp_ctx ,
struct dcesrv_endpoint * e ,
struct event_context * event_ctx , const struct model_ops * model_ops )
2004-10-24 19:48:19 +04:00
{
struct dcesrv_socket_context * dcesrv_sock ;
uint16_t port = 1 ;
char * full_path ;
2005-01-30 03:54:57 +03:00
NTSTATUS status ;
2004-10-24 19:48:19 +04:00
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
if ( ! e - > ep_description - > endpoint ) {
2004-10-25 14:21:41 +04:00
/* No identifier specified: use DEFAULT.
* DO NOT hardcode this value anywhere else . Rather , specify
* no endpoint and let the epmapper worry about it . */
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
e - > ep_description - > endpoint = talloc_strdup ( dce_ctx , " DEFAULT " ) ;
2004-10-24 19:48:19 +04:00
}
2007-12-03 20:47:42 +03:00
full_path = talloc_asprintf ( dce_ctx , " %s/%s " , lp_ncalrpc_dir ( lp_ctx ) ,
2007-09-28 05:17:46 +04:00
e - > ep_description - > endpoint ) ;
2004-10-24 19:48:19 +04:00
2005-05-03 19:15:34 +04:00
dcesrv_sock = talloc ( event_ctx , struct dcesrv_socket_context ) ;
2005-01-30 03:54:57 +03:00
NT_STATUS_HAVE_NO_MEMORY ( dcesrv_sock ) ;
2004-10-24 19:48:19 +04:00
/* remember the endpoint of this socket */
dcesrv_sock - > endpoint = e ;
2005-05-03 19:15:34 +04:00
dcesrv_sock - > dcesrv_ctx = talloc_reference ( dcesrv_sock , dce_ctx ) ;
2004-10-24 19:48:19 +04:00
2008-01-06 04:03:43 +03:00
status = stream_setup_socket ( event_ctx , lp_ctx ,
model_ops , & dcesrv_stream_ops ,
2007-12-06 18:54:34 +03:00
" unix " , full_path , & port ,
lp_socket_options ( lp_ctx ) ,
dcesrv_sock ) ;
2005-01-30 03:54:57 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " service_setup_stream_socket(identifier=%s,path=%s) failed - %s \n " ,
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
e - > ep_description - > endpoint , full_path , nt_errstr ( status ) ) ) ;
2005-01-30 03:54:57 +03:00
}
return status ;
2004-10-24 19:48:19 +04:00
}
2008-05-17 04:39:57 +04:00
static NTSTATUS dcesrv_add_ep_np ( struct dcesrv_context * dce_ctx ,
struct loadparm_context * lp_ctx ,
struct dcesrv_endpoint * e ,
struct event_context * event_ctx , const struct model_ops * model_ops )
2007-03-21 20:05:39 +03:00
{
struct dcesrv_socket_context * dcesrv_sock ;
NTSTATUS status ;
if ( e - > ep_description - > endpoint = = NULL ) {
DEBUG ( 0 , ( " Endpoint mandatory for named pipes \n " ) ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
dcesrv_sock = talloc ( event_ctx , struct dcesrv_socket_context ) ;
NT_STATUS_HAVE_NO_MEMORY ( dcesrv_sock ) ;
/* remember the endpoint of this socket */
dcesrv_sock - > endpoint = e ;
dcesrv_sock - > dcesrv_ctx = talloc_reference ( dcesrv_sock , dce_ctx ) ;
2008-05-17 04:39:57 +04:00
status = stream_setup_named_pipe ( event_ctx , lp_ctx ,
model_ops , & dcesrv_stream_ops ,
e - > ep_description - > endpoint , dcesrv_sock ) ;
2007-03-21 20:05:39 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2008-05-17 04:39:57 +04:00
DEBUG ( 0 , ( " stream_setup_named_pipe(pipe=%s) failed - %s \n " ,
2007-03-21 20:05:39 +03:00
e - > ep_description - > endpoint , nt_errstr ( status ) ) ) ;
2008-05-17 04:39:57 +04:00
return status ;
2007-03-21 20:05:39 +03:00
}
2008-05-17 04:39:57 +04:00
return NT_STATUS_OK ;
2007-03-21 20:05:39 +03:00
}
2004-10-24 19:48:19 +04:00
/*
add a socket address to the list of events , one event per dcerpc endpoint
*/
2005-01-30 03:54:57 +03:00
static NTSTATUS add_socket_rpc_tcp_iface ( struct dcesrv_context * dce_ctx , struct dcesrv_endpoint * e ,
struct event_context * event_ctx , const struct model_ops * model_ops ,
const char * address )
2004-10-24 19:48:19 +04:00
{
struct dcesrv_socket_context * dcesrv_sock ;
uint16_t port = 0 ;
2005-01-30 03:54:57 +03:00
NTSTATUS status ;
2004-10-24 19:48:19 +04:00
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
if ( e - > ep_description - > endpoint ) {
port = atoi ( e - > ep_description - > endpoint ) ;
2004-10-24 19:48:19 +04:00
}
2005-05-03 19:15:34 +04:00
dcesrv_sock = talloc ( event_ctx , struct dcesrv_socket_context ) ;
2005-01-30 03:54:57 +03:00
NT_STATUS_HAVE_NO_MEMORY ( dcesrv_sock ) ;
2004-10-24 19:48:19 +04:00
/* remember the endpoint of this socket */
dcesrv_sock - > endpoint = e ;
2005-05-03 19:15:34 +04:00
dcesrv_sock - > dcesrv_ctx = talloc_reference ( dcesrv_sock , dce_ctx ) ;
2004-10-24 19:48:19 +04:00
2008-01-06 04:03:43 +03:00
status = stream_setup_socket ( event_ctx , dce_ctx - > lp_ctx ,
model_ops , & dcesrv_stream_ops ,
2007-12-06 18:54:34 +03:00
" ipv4 " , address , & port ,
lp_socket_options ( dce_ctx - > lp_ctx ) ,
dcesrv_sock ) ;
2005-01-30 03:54:57 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " service_setup_stream_socket(address=%s,port=%u) failed - %s \n " ,
address , port , nt_errstr ( status ) ) ) ;
}
2004-10-24 19:48:19 +04:00
r5902: A rather large change...
I wanted to add a simple 'workstation' argument to the DCERPC
authenticated binding calls, but this patch kind of grew from there.
With SCHANNEL, the 'workstation' name (the netbios name of the client)
matters, as this is what ties the session between the NETLOGON ops and
the SCHANNEL bind. This changes a lot of files, and these will again
be changed when jelmer does the credentials work.
I also correct some schannel IDL to distinguish between workstation
names and account names. The distinction matters for domain trust
accounts.
Issues in handling this (issues with lifetime of talloc pointers)
caused me to change the 'creds_CredentialsState' and 'struct
dcerpc_binding' pointers to always be talloc()ed pointers.
In the schannel DB, we now store both the domain and computername, and
query on both. This should ensure we fault correctly when the domain
is specified incorrectly in the SCHANNEL bind.
In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out,
where the comment claimed we re-used a connection, but in fact we made
a new connection.
This was achived by breaking apart some of the
dcerpc_secondary_connection() logic.
The addition of workstation handling was also propogated to NTLMSSP
and GENSEC, for completeness.
The RPC-SAMSYNC test has been cleaned up a little, using a loop over
usernames/passwords rather than manually expanded tests. This will be
expanded further (the code in #if 0 in this patch) to use a newly
created user account for testing.
In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO
server, caused by the removal of [ref] and the assoicated pointer from
the IDL. This has been re-added, until the underlying pidl issues are
solved.
(This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2005-03-19 11:34:43 +03:00
if ( e - > ep_description - > endpoint = = NULL ) {
e - > ep_description - > endpoint = talloc_asprintf ( dce_ctx , " %d " , port ) ;
2005-01-30 03:54:57 +03:00
}
2004-10-24 19:48:19 +04:00
2005-01-30 03:54:57 +03:00
return status ;
2004-10-24 19:48:19 +04:00
}
2007-12-03 20:47:42 +03:00
static NTSTATUS dcesrv_add_ep_tcp ( struct dcesrv_context * dce_ctx ,
struct loadparm_context * lp_ctx ,
struct dcesrv_endpoint * e ,
struct event_context * event_ctx , const struct model_ops * model_ops )
2004-10-24 19:48:19 +04:00
{
2005-01-30 03:54:57 +03:00
NTSTATUS status ;
2004-10-24 19:48:19 +04:00
/* Add TCP/IP sockets */
2007-12-03 20:47:42 +03:00
if ( lp_interfaces ( lp_ctx ) & & lp_bind_interfaces_only ( lp_ctx ) ) {
2007-12-12 00:23:20 +03:00
int num_interfaces ;
2004-10-24 19:48:19 +04:00
int i ;
2007-12-12 00:23:20 +03:00
struct interface * ifaces ;
load_interfaces ( dce_ctx , lp_interfaces ( lp_ctx ) , & ifaces ) ;
num_interfaces = iface_count ( ifaces ) ;
2004-10-24 19:48:19 +04:00
for ( i = 0 ; i < num_interfaces ; i + + ) {
2007-12-12 00:23:14 +03:00
const char * address = iface_n_ip ( ifaces , i ) ;
2005-01-30 03:54:57 +03:00
status = add_socket_rpc_tcp_iface ( dce_ctx , e , event_ctx , model_ops , address ) ;
NT_STATUS_NOT_OK_RETURN ( status ) ;
2004-10-24 19:48:19 +04:00
}
} else {
2007-09-28 05:17:46 +04:00
status = add_socket_rpc_tcp_iface ( dce_ctx , e , event_ctx , model_ops ,
2007-12-03 20:47:42 +03:00
lp_socket_address ( lp_ctx ) ) ;
2005-01-30 03:54:57 +03:00
NT_STATUS_NOT_OK_RETURN ( status ) ;
2004-10-24 19:48:19 +04:00
}
2005-01-30 03:54:57 +03:00
return NT_STATUS_OK ;
2004-10-24 19:48:19 +04:00
}
2007-09-03 17:13:25 +04:00
2007-12-03 20:47:42 +03:00
static NTSTATUS dcesrv_add_ep ( struct dcesrv_context * dce_ctx ,
struct loadparm_context * lp_ctx ,
struct dcesrv_endpoint * e ,
2007-09-03 17:13:25 +04:00
struct event_context * event_ctx , const struct model_ops * model_ops )
{
switch ( e - > ep_description - > transport ) {
case NCACN_UNIX_STREAM :
2007-12-03 20:47:42 +03:00
return dcesrv_add_ep_unix ( dce_ctx , lp_ctx , e , event_ctx , model_ops ) ;
2007-09-03 17:13:25 +04:00
case NCALRPC :
2007-12-03 20:47:42 +03:00
return dcesrv_add_ep_ncalrpc ( dce_ctx , lp_ctx , e , event_ctx , model_ops ) ;
2007-09-03 17:13:25 +04:00
case NCACN_IP_TCP :
2007-12-03 20:47:42 +03:00
return dcesrv_add_ep_tcp ( dce_ctx , lp_ctx , e , event_ctx , model_ops ) ;
2007-09-03 17:13:25 +04:00
case NCACN_NP :
2007-12-03 20:47:42 +03:00
return dcesrv_add_ep_np ( dce_ctx , lp_ctx , e , event_ctx , model_ops ) ;
2007-09-03 17:13:25 +04:00
default :
return NT_STATUS_NOT_SUPPORTED ;
}
}
/*
open the dcerpc server sockets
*/
static void dcesrv_task_init ( struct task_server * task )
{
NTSTATUS status ;
struct dcesrv_context * dce_ctx ;
struct dcesrv_endpoint * e ;
2008-12-09 11:22:31 +03:00
dcerpc_server_init ( task - > lp_ctx ) ;
2007-09-03 17:13:25 +04:00
task_server_set_title ( task , " task[dcesrv] " ) ;
status = dcesrv_init_context ( task - > event_ctx ,
2007-12-04 22:05:00 +03:00
task - > lp_ctx ,
2007-12-03 17:53:17 +03:00
lp_dcerpc_endpoint_servers ( task - > lp_ctx ) ,
2007-09-03 17:13:25 +04:00
& dce_ctx ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) goto failed ;
/* Make sure the directory for NCALRPC exists */
2007-12-03 17:53:17 +03:00
if ( ! directory_exist ( lp_ncalrpc_dir ( task - > lp_ctx ) ) ) {
mkdir ( lp_ncalrpc_dir ( task - > lp_ctx ) , 0755 ) ;
2007-09-03 17:13:25 +04:00
}
for ( e = dce_ctx - > endpoint_list ; e ; e = e - > next ) {
2007-12-03 20:47:42 +03:00
status = dcesrv_add_ep ( dce_ctx , task - > lp_ctx , e , task - > event_ctx , task - > model_ops ) ;
2007-09-03 17:13:25 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) goto failed ;
}
return ;
failed :
task_server_terminate ( task , " Failed to startup dcerpc server task " ) ;
}
NTSTATUS server_service_rpc_init ( void )
{
2008-02-04 13:58:29 +03:00
return register_server_service ( " rpc " , dcesrv_task_init ) ;
2007-09-03 17:13:25 +04:00
}