/* Unix SMB/CIFS implementation. helper functions for NAMED PIPE servers Copyright (C) Stefan (metze) Metzmacher 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include #include "samba/service.h" #include "param/param.h" #include "auth/auth.h" #include "auth/session.h" #include "auth/auth_sam_reply.h" #include "lib/socket/socket.h" #include "lib/tsocket/tsocket.h" #include "libcli/util/tstream.h" #include "librpc/gen_ndr/ndr_named_pipe_auth.h" #include "system/passwd.h" #include "system/network.h" #include "libcli/raw/smb.h" #include "auth/session.h" #include "libcli/security/security.h" #include "libcli/named_pipe_auth/npa_tstream.h" struct named_pipe_socket { const char *pipe_name; const char *pipe_path; const struct stream_server_ops *ops; void *private_data; }; static void named_pipe_accept_done(struct tevent_req *subreq); static void named_pipe_accept(struct stream_connection *conn) { struct tstream_context *plain_tstream; int fd; struct tevent_req *subreq; int ret; /* Let tstream take over fd operations */ fd = socket_get_fd(conn->socket); socket_set_flags(conn->socket, SOCKET_FLAG_NOCLOSE); TALLOC_FREE(conn->event.fde); TALLOC_FREE(conn->socket); ret = tstream_bsd_existing_socket(conn, fd, &plain_tstream); if (ret != 0) { stream_terminate_connection(conn, "named_pipe_accept: out of memory"); return; } /* as server we want to fail early */ tstream_bsd_fail_readv_first_error(plain_tstream, true); subreq = tstream_npa_accept_existing_send(conn, conn->event.ctx, plain_tstream, FILE_TYPE_MESSAGE_MODE_PIPE, 0xff | 0x0400 | 0x0100, 4096); if (subreq == NULL) { stream_terminate_connection(conn, "named_pipe_accept: " "no memory for tstream_npa_accept_existing_send"); return; } tevent_req_set_callback(subreq, named_pipe_accept_done, conn); } static void named_pipe_accept_done(struct tevent_req *subreq) { struct stream_connection *conn = tevent_req_callback_data(subreq, struct stream_connection); struct named_pipe_socket *pipe_sock = talloc_get_type(conn->private_data, struct named_pipe_socket); enum dcerpc_transport_t transport; struct tsocket_address *remote_client_addr; char *remote_client_name; struct tsocket_address *local_server_addr; char *local_server_name; struct auth_session_info_transport *session_info_transport; const char *reason = NULL; TALLOC_CTX *tmp_ctx; int error; int ret; tmp_ctx = talloc_new(conn); if (!tmp_ctx) { reason = "Out of memory!\n"; goto out; } ret = tstream_npa_accept_existing_recv(subreq, &error, tmp_ctx, &conn->tstream, NULL, &transport, &remote_client_addr, &remote_client_name, &local_server_addr, &local_server_name, &session_info_transport); TALLOC_FREE(subreq); if (ret != 0) { reason = talloc_asprintf(conn, "tstream_npa_accept_existing_recv()" " failed: %s", strerror(error)); goto out; } conn->local_address = talloc_move(conn, &local_server_addr); conn->remote_address = talloc_move(conn, &remote_client_addr); DBG_DEBUG("Accepted npa connection from %s. " "Client: %s (%s). Server: %s (%s)\n", tsocket_address_string(conn->remote_address, tmp_ctx), local_server_name, tsocket_address_string(local_server_addr, tmp_ctx), remote_client_name, tsocket_address_string(remote_client_addr, tmp_ctx)); conn->session_info = auth_session_info_from_transport(conn, session_info_transport, conn->lp_ctx, &reason); if (!conn->session_info) { goto out; } if (transport == NCACN_NP) { if (security_token_is_system(conn->session_info->security_token)) { reason = talloc_asprintf( conn, "System token not allowed on transport %d\n", transport); goto out; } } else if (transport == NCALRPC) { /* * TODO: * we should somehow remember the given transport on * the connection, but that's a task for another day * as it's not trivial to do... */ } else { reason = talloc_asprintf( conn, "Only allow NCACN_NP or NCALRPC transport on named pipes, " "got %d\n", (int)transport); goto out; } /* * hand over to the real pipe implementation, * now that we have setup the transport session_info */ conn->ops = pipe_sock->ops; conn->private_data = pipe_sock->private_data; conn->ops->accept_connection(conn); DBG_DEBUG("named pipe connection [%s] established\n", conn->ops->name); talloc_free(tmp_ctx); return; out: talloc_free(tmp_ctx); if (!reason) { reason = "Internal error"; } stream_terminate_connection(conn, reason); } /* called when a pipe socket becomes readable */ static void named_pipe_recv(struct stream_connection *conn, uint16_t flags) { stream_terminate_connection(conn, "named_pipe_recv: called"); } /* called when a pipe socket becomes writable */ static void named_pipe_send(struct stream_connection *conn, uint16_t flags) { stream_terminate_connection(conn, "named_pipe_send: called"); } static const struct stream_server_ops named_pipe_stream_ops = { .name = "named_pipe", .accept_connection = named_pipe_accept, .recv_handler = named_pipe_recv, .send_handler = named_pipe_send, }; NTSTATUS tstream_setup_named_pipe(TALLOC_CTX *mem_ctx, struct tevent_context *event_context, struct loadparm_context *lp_ctx, const struct model_ops *model_ops, const struct stream_server_ops *stream_ops, const char *pipe_name, void *private_data, void *process_context) { char *dirname; struct named_pipe_socket *pipe_sock; NTSTATUS status = NT_STATUS_NO_MEMORY;; pipe_sock = talloc(mem_ctx, struct named_pipe_socket); if (pipe_sock == NULL) { goto fail; } /* remember the details about the pipe */ pipe_sock->pipe_name = strlower_talloc(pipe_sock, pipe_name); if (pipe_sock->pipe_name == NULL) { goto fail; } if (!directory_create_or_exist(lpcfg_ncalrpc_dir(lp_ctx), 0755)) { status = map_nt_error_from_unix_common(errno); DBG_ERR("Failed to create ncalrpc pipe directory '%s' - %s\n", lpcfg_ncalrpc_dir(lp_ctx), nt_errstr(status)); goto fail; } dirname = talloc_asprintf(pipe_sock, "%s/np", lpcfg_ncalrpc_dir(lp_ctx)); if (dirname == NULL) { goto fail; } if (!directory_create_or_exist_strict(dirname, geteuid(), 0700)) { status = map_nt_error_from_unix_common(errno); DBG_ERR("Failed to create stream pipe directory '%s' - %s\n", dirname, nt_errstr(status)); goto fail; } if (strncmp(pipe_name, "\\pipe\\", 6) == 0) { pipe_name += 6; } pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname, pipe_name); if (pipe_sock->pipe_path == NULL) { goto fail; } talloc_free(dirname); pipe_sock->ops = stream_ops; pipe_sock->private_data = private_data; status = stream_setup_socket(pipe_sock, event_context, lp_ctx, model_ops, &named_pipe_stream_ops, "unix", pipe_sock->pipe_path, NULL, NULL, pipe_sock, process_context); if (!NT_STATUS_IS_OK(status)) { goto fail; } return NT_STATUS_OK; fail: talloc_free(pipe_sock); return status; }