/* Unix SMB/CIFS implementation. Copyright (C) Stefan Metzmacher 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include "includes.h" #include "system/network.h" #include "../util/tevent_unix.h" #include "../lib/tsocket/tsocket.h" #include "../lib/tsocket/tsocket_internal.h" #include "../librpc/gen_ndr/ndr_named_pipe_auth.h" #include "../libcli/named_pipe_auth/npa_tstream.h" #include "../libcli/named_pipe_auth/tstream_u32_read.h" #include "../libcli/smb/smb_constants.h" static const struct tstream_context_ops tstream_npa_ops; struct tstream_npa { struct tstream_context *unix_stream; uint16_t file_type; struct iovec pending; }; struct tstream_npa_connect_state { struct { struct tevent_context *ev; } caller; const char *unix_path; struct tsocket_address *unix_laddr; struct tsocket_address *unix_raddr; struct tstream_context *unix_stream; struct named_pipe_auth_req auth_req; DATA_BLOB auth_req_blob; struct iovec auth_req_iov; struct named_pipe_auth_rep auth_rep; }; static void tstream_npa_connect_unix_done(struct tevent_req *subreq); struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *directory, const char *npipe, enum dcerpc_transport_t transport, const struct tsocket_address *remote_client_addr, const char *remote_client_name_in, const struct tsocket_address *local_server_addr, const char *local_server_name_in, const struct auth_session_info_transport *session_info) { struct tevent_req *req; struct tstream_npa_connect_state *state; struct tevent_req *subreq; int ret; enum ndr_err_code ndr_err; char *lower_case_npipe; struct named_pipe_auth_req_info8 *info8; req = tevent_req_create(mem_ctx, &state, struct tstream_npa_connect_state); if (!req) { return NULL; } state->caller.ev = ev; lower_case_npipe = strlower_talloc(state, npipe); if (tevent_req_nomem(lower_case_npipe, req)) { goto post; } state->unix_path = talloc_asprintf(state, "%s/%s", directory, lower_case_npipe); talloc_free(lower_case_npipe); if (tevent_req_nomem(state->unix_path, req)) { goto post; } ret = tsocket_address_unix_from_path(state, "", &state->unix_laddr); if (ret == -1) { tevent_req_error(req, errno); goto post; } ret = tsocket_address_unix_from_path(state, state->unix_path, &state->unix_raddr); if (ret == -1) { tevent_req_error(req, errno); goto post; } ZERO_STRUCT(state->auth_req); if (!local_server_addr) { tevent_req_error(req, EINVAL); goto post; } state->auth_req.level = 8; info8 = &state->auth_req.info.info8; info8->transport = transport; SMB_ASSERT(info8->transport == transport); /* Assert no overflow */ info8->remote_client_name = remote_client_name_in; info8->remote_client_addr = tsocket_address_inet_addr_string(remote_client_addr, state); if (!info8->remote_client_addr) { /* errno might be EINVAL */ tevent_req_error(req, errno); goto post; } info8->remote_client_port = tsocket_address_inet_port(remote_client_addr); if (!info8->remote_client_name) { info8->remote_client_name = info8->remote_client_addr; } info8->local_server_name = local_server_name_in; info8->local_server_addr = tsocket_address_inet_addr_string(local_server_addr, state); if (!info8->local_server_addr) { /* errno might be EINVAL */ tevent_req_error(req, errno); goto post; } info8->local_server_port = tsocket_address_inet_port(local_server_addr); if (!info8->local_server_name) { info8->local_server_name = info8->local_server_addr; } info8->session_info = discard_const_p(struct auth_session_info_transport, session_info); if (DEBUGLVL(10)) { NDR_PRINT_DEBUG(named_pipe_auth_req, &state->auth_req); } ndr_err = ndr_push_struct_blob(&state->auth_req_blob, state, &state->auth_req, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { tevent_req_error(req, EINVAL); goto post; } state->auth_req_iov.iov_base = (char *) state->auth_req_blob.data; state->auth_req_iov.iov_len = state->auth_req_blob.length; subreq = tstream_unix_connect_send(state, state->caller.ev, state->unix_laddr, state->unix_raddr); if (tevent_req_nomem(subreq, req)) { goto post; } tevent_req_set_callback(subreq, tstream_npa_connect_unix_done, req); return req; post: tevent_req_post(req, ev); return req; } static void tstream_npa_connect_writev_done(struct tevent_req *subreq); static void tstream_npa_connect_unix_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_connect_state *state = tevent_req_data(req, struct tstream_npa_connect_state); int ret; int sys_errno; ret = tstream_unix_connect_recv(subreq, &sys_errno, state, &state->unix_stream); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } subreq = tstream_writev_send(state, state->caller.ev, state->unix_stream, &state->auth_req_iov, 1); if (tevent_req_nomem(subreq, req)) { return; } tevent_req_set_callback(subreq, tstream_npa_connect_writev_done, req); } static void tstream_npa_connect_readv_done(struct tevent_req *subreq); static void tstream_npa_connect_writev_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_connect_state *state = tevent_req_data(req, struct tstream_npa_connect_state); int ret; int sys_errno; ret = tstream_writev_recv(subreq, &sys_errno); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } subreq = tstream_u32_read_send( state, state->caller.ev, 0x00FFFFFF, state->unix_stream); if (tevent_req_nomem(subreq, req)) { return; } tevent_req_set_callback(subreq, tstream_npa_connect_readv_done, req); } static void tstream_npa_connect_readv_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_connect_state *state = tevent_req_data(req, struct tstream_npa_connect_state); DATA_BLOB in; int err; enum ndr_err_code ndr_err; err = tstream_u32_read_recv(subreq, state, &in.data, &in.length); TALLOC_FREE(subreq); if (tevent_req_error(req, err)) { return; } DBG_DEBUG("name_pipe_auth_rep(client)[%zu]\n", in.length); dump_data(11, in.data, in.length); ndr_err = ndr_pull_struct_blob_all( &in, state, &state->auth_rep, (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_rep); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(0, ("ndr_pull_named_pipe_auth_rep failed: %s\n", ndr_map_error2string(ndr_err))); tevent_req_error(req, EIO); return; } if (DEBUGLVL(10)) { NDR_PRINT_DEBUG(named_pipe_auth_rep, &state->auth_rep); } if (state->auth_rep.length < 16) { DEBUG(0, ("req invalid length: %u < 16\n", state->auth_rep.length)); tevent_req_error(req, EIO); return; } if (strcmp(NAMED_PIPE_AUTH_MAGIC, state->auth_rep.magic) != 0) { DEBUG(0, ("req invalid magic: %s != %s\n", state->auth_rep.magic, NAMED_PIPE_AUTH_MAGIC)); tevent_req_error(req, EIO); return; } if (!NT_STATUS_IS_OK(state->auth_rep.status)) { DEBUG(0, ("req failed: %s\n", nt_errstr(state->auth_rep.status))); tevent_req_error(req, EACCES); return; } if (state->auth_rep.level != state->auth_req.level) { DEBUG(0, ("req invalid level: %u != %u\n", state->auth_rep.level, state->auth_req.level)); tevent_req_error(req, EIO); return; } tevent_req_done(req); } int _tstream_npa_connect_recv(struct tevent_req *req, int *perrno, TALLOC_CTX *mem_ctx, struct tstream_context **_stream, uint16_t *_file_type, uint16_t *_device_state, uint64_t *_allocation_size, const char *location) { struct tstream_npa_connect_state *state = tevent_req_data(req, struct tstream_npa_connect_state); struct tstream_context *stream; struct tstream_npa *npas; uint16_t device_state = 0; uint64_t allocation_size = 0; if (tevent_req_is_unix_error(req, perrno)) { tevent_req_received(req); return -1; } stream = tstream_context_create(mem_ctx, &tstream_npa_ops, &npas, struct tstream_npa, location); if (!stream) { *perrno = ENOMEM; tevent_req_received(req); return -1; } ZERO_STRUCTP(npas); npas->unix_stream = talloc_move(stream, &state->unix_stream); switch (state->auth_rep.level) { case 8: npas->file_type = state->auth_rep.info.info8.file_type; device_state = state->auth_rep.info.info8.device_state; allocation_size = state->auth_rep.info.info8.allocation_size; break; } *_stream = stream; *_file_type = npas->file_type; *_device_state = device_state; *_allocation_size = allocation_size; tevent_req_received(req); return 0; } static ssize_t tstream_npa_pending_bytes(struct tstream_context *stream) { struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa); ssize_t ret; if (!npas->unix_stream) { errno = ENOTCONN; return -1; } switch (npas->file_type) { case FILE_TYPE_BYTE_MODE_PIPE: ret = tstream_pending_bytes(npas->unix_stream); break; case FILE_TYPE_MESSAGE_MODE_PIPE: ret = npas->pending.iov_len; break; default: ret = -1; } return ret; } struct tstream_npa_readv_state { struct tstream_context *stream; struct iovec *vector; size_t count; /* the header for message mode */ uint8_t hdr[2]; bool wait_for_hdr; int ret; }; static void tstream_npa_readv_byte_mode_handler(struct tevent_req *subreq); static int tstream_npa_readv_next_vector(struct tstream_context *stream, void *private_data, TALLOC_CTX *mem_ctx, struct iovec **_vector, size_t *_count); static void tstream_npa_readv_msg_mode_handler(struct tevent_req *subreq); static struct tevent_req *tstream_npa_readv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tstream_context *stream, struct iovec *vector, size_t count) { struct tevent_req *req; struct tstream_npa_readv_state *state; struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa); struct tevent_req *subreq; off_t ofs; size_t left; uint8_t *pbase; req = tevent_req_create(mem_ctx, &state, struct tstream_npa_readv_state); if (!req) { return NULL; } state->stream = stream; state->ret = 0; if (!npas->unix_stream) { tevent_req_error(req, ENOTCONN); goto post; } switch (npas->file_type) { case FILE_TYPE_BYTE_MODE_PIPE: state->vector = vector; state->count = count; subreq = tstream_readv_send(state, ev, npas->unix_stream, state->vector, state->count); if (tevent_req_nomem(subreq,req)) { goto post; } tevent_req_set_callback(subreq, tstream_npa_readv_byte_mode_handler, req); return req; case FILE_TYPE_MESSAGE_MODE_PIPE: /* * we make a copy of the vector and prepend a header * with the length */ state->vector = talloc_array(state, struct iovec, count); if (tevent_req_nomem(state->vector, req)) { goto post; } memcpy(state->vector, vector, sizeof(struct iovec)*count); state->count = count; /* * copy the pending buffer first */ ofs = 0; left = npas->pending.iov_len; pbase = (uint8_t *)npas->pending.iov_base; while (left > 0 && state->count > 0) { uint8_t *base; base = (uint8_t *)state->vector[0].iov_base; if (left < state->vector[0].iov_len) { memcpy(base, pbase + ofs, left); base += left; state->vector[0].iov_base = (char *) base; state->vector[0].iov_len -= left; ofs += left; left = 0; TALLOC_FREE(pbase); ZERO_STRUCT(npas->pending); break; } memcpy(base, pbase + ofs, state->vector[0].iov_len); ofs += state->vector[0].iov_len; left -= state->vector[0].iov_len; state->vector += 1; state->count -= 1; if (left == 0) { TALLOC_FREE(pbase); ZERO_STRUCT(npas->pending); break; } } if (left > 0) { memmove(pbase, pbase + ofs, left); npas->pending.iov_base = (char *) pbase; npas->pending.iov_len = left; /* * this cannot fail and even if it * fails we can handle it */ pbase = talloc_realloc(npas, pbase, uint8_t, left); if (pbase) { npas->pending.iov_base = (char *) pbase; } pbase = NULL; } state->ret += ofs; if (state->count == 0) { tevent_req_done(req); goto post; } ZERO_STRUCT(state->hdr); state->wait_for_hdr = false; subreq = tstream_readv_pdu_send(state, ev, npas->unix_stream, tstream_npa_readv_next_vector, state); if (tevent_req_nomem(subreq, req)) { goto post; } tevent_req_set_callback(subreq, tstream_npa_readv_msg_mode_handler, req); return req; } /* this can't happen */ tevent_req_error(req, EINVAL); goto post; post: tevent_req_post(req, ev); return req; } static void tstream_npa_readv_byte_mode_handler(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_readv_state *state = tevent_req_data(req, struct tstream_npa_readv_state); int ret; int sys_errno; ret = tstream_readv_recv(subreq, &sys_errno); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } state->ret = ret; tevent_req_done(req); } static int tstream_npa_readv_next_vector(struct tstream_context *unix_stream, void *private_data, TALLOC_CTX *mem_ctx, struct iovec **_vector, size_t *_count) { struct tstream_npa_readv_state *state = talloc_get_type_abort(private_data, struct tstream_npa_readv_state); struct tstream_npa *npas = tstream_context_data(state->stream, struct tstream_npa); struct iovec *vector; size_t count; uint16_t msg_len; size_t left; if (state->count == 0) { *_vector = NULL; *_count = 0; return 0; } if (!state->wait_for_hdr) { /* we need to get a message header */ vector = talloc_array(mem_ctx, struct iovec, 1); if (!vector) { return -1; } ZERO_STRUCT(state->hdr); vector[0].iov_base = (char *) state->hdr; vector[0].iov_len = sizeof(state->hdr); count = 1; state->wait_for_hdr = true; *_vector = vector; *_count = count; return 0; } /* and now fill the callers buffers and maybe the pending buffer */ state->wait_for_hdr = false; msg_len = SVAL(state->hdr, 0); if (msg_len == 0) { errno = EIO; return -1; } state->wait_for_hdr = false; /* +1 because we may need to fill the pending buffer */ vector = talloc_array(mem_ctx, struct iovec, state->count + 1); if (!vector) { return -1; } count = 0; left = msg_len; while (left > 0 && state->count > 0) { if (left < state->vector[0].iov_len) { uint8_t *base; base = (uint8_t *)state->vector[0].iov_base; vector[count].iov_base = (char *) base; vector[count].iov_len = left; count++; base += left; state->vector[0].iov_base = (char *) base; state->vector[0].iov_len -= left; break; } vector[count] = state->vector[0]; count++; left -= state->vector[0].iov_len; state->vector += 1; state->count -= 1; } if (left > 0) { /* * if the message is longer than the buffers the caller * requested, we need to consume the rest of the message * into the pending buffer, where the next readv can * be served from. */ npas->pending.iov_base = talloc_array(npas, char, left); if (!npas->pending.iov_base) { return -1; } npas->pending.iov_len = left; vector[count] = npas->pending; count++; } state->ret += (msg_len - left); *_vector = vector; *_count = count; return 0; } static void tstream_npa_readv_msg_mode_handler(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); int ret; int sys_errno; ret = tstream_readv_pdu_recv(subreq, &sys_errno); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } /* * we do not set state->ret here as ret includes the header size. * we set it in tstream_npa_readv_pdu_next_vector() */ tevent_req_done(req); } static int tstream_npa_readv_recv(struct tevent_req *req, int *perrno) { struct tstream_npa_readv_state *state = tevent_req_data(req, struct tstream_npa_readv_state); int ret; ret = tsocket_simple_int_recv(req, perrno); if (ret == 0) { ret = state->ret; } tevent_req_received(req); return ret; } struct tstream_npa_writev_state { const struct iovec *vector; size_t count; /* the header for message mode */ bool hdr_used; uint8_t hdr[2]; int ret; }; static void tstream_npa_writev_handler(struct tevent_req *subreq); static struct tevent_req *tstream_npa_writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tstream_context *stream, const struct iovec *vector, size_t count) { struct tevent_req *req; struct tstream_npa_writev_state *state; struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa); struct tevent_req *subreq; size_t msg_len; size_t i; struct iovec *new_vector; req = tevent_req_create(mem_ctx, &state, struct tstream_npa_writev_state); if (!req) { return NULL; } state->ret = 0; if (!npas->unix_stream) { tevent_req_error(req, ENOTCONN); goto post; } switch (npas->file_type) { case FILE_TYPE_BYTE_MODE_PIPE: state->hdr_used = false; state->vector = vector; state->count = count; break; case FILE_TYPE_MESSAGE_MODE_PIPE: /* * we make a copy of the vector and prepend a header * with the length */ new_vector = talloc_array(state, struct iovec, count + 1); if (tevent_req_nomem(new_vector, req)) { goto post; } new_vector[0].iov_base = (char *) state->hdr; new_vector[0].iov_len = sizeof(state->hdr); memcpy(new_vector + 1, vector, sizeof(struct iovec)*count); state->hdr_used = true; state->vector = new_vector; state->count = count + 1; msg_len = 0; for (i=0; i < count; i++) { /* * overflow check already done in tstream_writev_send */ msg_len += vector[i].iov_len; } if (msg_len > UINT16_MAX) { tevent_req_error(req, EMSGSIZE); goto post; } SSVAL(state->hdr, 0, msg_len); break; } subreq = tstream_writev_send(state, ev, npas->unix_stream, state->vector, state->count); if (tevent_req_nomem(subreq, req)) { goto post; } tevent_req_set_callback(subreq, tstream_npa_writev_handler, req); return req; post: tevent_req_post(req, ev); return req; } static void tstream_npa_writev_handler(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_writev_state *state = tevent_req_data(req, struct tstream_npa_writev_state); int ret; int sys_errno; ret = tstream_writev_recv(subreq, &sys_errno); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } /* * in message mode we need to hide the length * of the hdr from the caller */ if (state->hdr_used) { ret -= sizeof(state->hdr); } state->ret = ret; tevent_req_done(req); } static int tstream_npa_writev_recv(struct tevent_req *req, int *perrno) { struct tstream_npa_writev_state *state = tevent_req_data(req, struct tstream_npa_writev_state); int ret; ret = tsocket_simple_int_recv(req, perrno); if (ret == 0) { ret = state->ret; } tevent_req_received(req); return ret; } struct tstream_npa_disconnect_state { struct tstream_context *stream; }; static void tstream_npa_disconnect_handler(struct tevent_req *subreq); static struct tevent_req *tstream_npa_disconnect_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tstream_context *stream) { struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa); struct tevent_req *req; struct tstream_npa_disconnect_state *state; struct tevent_req *subreq; req = tevent_req_create(mem_ctx, &state, struct tstream_npa_disconnect_state); if (req == NULL) { return NULL; } state->stream = stream; if (!npas->unix_stream) { tevent_req_error(req, ENOTCONN); goto post; } subreq = tstream_disconnect_send(state, ev, npas->unix_stream); if (tevent_req_nomem(subreq, req)) { goto post; } tevent_req_set_callback(subreq, tstream_npa_disconnect_handler, req); return req; post: tevent_req_post(req, ev); return req; } static void tstream_npa_disconnect_handler(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_disconnect_state *state = tevent_req_data(req, struct tstream_npa_disconnect_state); struct tstream_context *stream = state->stream; struct tstream_npa *npas = tstream_context_data(stream, struct tstream_npa); int ret; int sys_errno; ret = tstream_disconnect_recv(subreq, &sys_errno); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } TALLOC_FREE(npas->unix_stream); tevent_req_done(req); } static int tstream_npa_disconnect_recv(struct tevent_req *req, int *perrno) { int ret; ret = tsocket_simple_int_recv(req, perrno); tevent_req_received(req); return ret; } static const struct tstream_context_ops tstream_npa_ops = { .name = "npa", .pending_bytes = tstream_npa_pending_bytes, .readv_send = tstream_npa_readv_send, .readv_recv = tstream_npa_readv_recv, .writev_send = tstream_npa_writev_send, .writev_recv = tstream_npa_writev_recv, .disconnect_send = tstream_npa_disconnect_send, .disconnect_recv = tstream_npa_disconnect_recv, }; int _tstream_npa_existing_stream(TALLOC_CTX *mem_ctx, struct tstream_context **transport, uint16_t file_type, struct tstream_context **_stream, const char *location) { struct tstream_context *stream; struct tstream_npa *npas; switch (file_type) { case FILE_TYPE_BYTE_MODE_PIPE: break; case FILE_TYPE_MESSAGE_MODE_PIPE: break; default: errno = EINVAL; return -1; } stream = tstream_context_create(mem_ctx, &tstream_npa_ops, &npas, struct tstream_npa, location); if (!stream) { return -1; } *npas = (struct tstream_npa) { .file_type = file_type, .unix_stream = talloc_move(npas, transport), }; *_stream = stream; return 0; } int _tstream_npa_existing_socket(TALLOC_CTX *mem_ctx, int fd, uint16_t file_type, struct tstream_context **_stream, const char *location) { struct tstream_context *transport = NULL; int ret; ret = _tstream_bsd_existing_socket( mem_ctx, fd, &transport, location); if (ret == -1) { return -1; } /* as server we want to fail early */ tstream_bsd_fail_readv_first_error(transport, true); return _tstream_npa_existing_stream( mem_ctx, &transport, file_type, _stream, location); } struct tstream_npa_accept_state { struct tevent_context *ev; struct tstream_context *plain; uint16_t file_type; uint16_t device_state; uint64_t alloc_size; struct named_pipe_auth_req *pipe_request; DATA_BLOB npa_blob; struct iovec out_iov; /* results */ NTSTATUS accept_status; struct tsocket_address *remote_client_addr; struct tsocket_address *local_server_addr; }; static void tstream_npa_accept_existing_reply(struct tevent_req *subreq); static void tstream_npa_accept_existing_done(struct tevent_req *subreq); struct tevent_req *tstream_npa_accept_existing_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tstream_context *plain, uint16_t file_type, uint16_t device_state, uint64_t allocation_size) { struct tstream_npa_accept_state *state; struct tevent_req *req, *subreq; req = tevent_req_create(mem_ctx, &state, struct tstream_npa_accept_state); if (req == NULL) { return NULL; } switch (file_type) { case FILE_TYPE_BYTE_MODE_PIPE: break; case FILE_TYPE_MESSAGE_MODE_PIPE: break; default: tevent_req_error(req, EINVAL); goto post; } state->ev = ev; state->plain = plain; state->file_type = file_type; state->device_state = device_state; state->alloc_size = allocation_size; subreq = tstream_u32_read_send(state, ev, 0x00FFFFFF, plain); if (tevent_req_nomem(subreq, req)) { goto post; } tevent_req_set_callback(subreq, tstream_npa_accept_existing_reply, req); return req; post: tevent_req_post(req, ev); return req; } static void tstream_npa_accept_existing_reply(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); struct tstream_npa_accept_state *state = tevent_req_data(req, struct tstream_npa_accept_state); struct named_pipe_auth_req *pipe_request; struct named_pipe_auth_rep pipe_reply; struct named_pipe_auth_req_info8 i8; enum ndr_err_code ndr_err; DATA_BLOB in, out; int err; int ret; err = tstream_u32_read_recv(subreq, state, &in.data, &in.length); if (err != 0) { tevent_req_error(req, err); return; } if (in.length < 8) { tevent_req_error(req, EMSGSIZE); return; } if (memcmp(&in.data[4], NAMED_PIPE_AUTH_MAGIC, 4) != 0) { DBG_ERR("Wrong protocol\n"); #if defined(EPROTONOSUPPORT) err = EPROTONOSUPPORT; #elif defined(EPROTO) err = EPROTO; #else err = EINVAL; #endif tevent_req_error(req, err); return; } DBG_DEBUG("Received packet of length %zu\n", in.length); dump_data(11, in.data, in.length); ZERO_STRUCT(pipe_reply); pipe_reply.level = 0; pipe_reply.status = NT_STATUS_INTERNAL_ERROR; /* * TODO: check it's a root (uid == 0) pipe */ pipe_request = talloc(state, struct named_pipe_auth_req); if (!pipe_request) { DEBUG(0, ("Out of memory!\n")); goto reply; } state->pipe_request = pipe_request; /* parse the passed credentials */ ndr_err = ndr_pull_struct_blob_all( &in, pipe_request, pipe_request, (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { pipe_reply.status = ndr_map_error2ntstatus(ndr_err); DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n", nt_errstr(pipe_reply.status))); goto reply; } if (DEBUGLVL(10)) { NDR_PRINT_DEBUG(named_pipe_auth_req, pipe_request); } ZERO_STRUCT(i8); if (pipe_request->level != 8) { DEBUG(0, ("Unknown level %u\n", pipe_request->level)); pipe_reply.level = 0; pipe_reply.status = NT_STATUS_INVALID_LEVEL; goto reply; } pipe_reply.level = 8; pipe_reply.status = NT_STATUS_OK; pipe_reply.info.info8.file_type = state->file_type; pipe_reply.info.info8.device_state = state->device_state; pipe_reply.info.info8.allocation_size = state->alloc_size; i8 = pipe_request->info.info8; if (i8.local_server_addr == NULL) { pipe_reply.status = NT_STATUS_INVALID_ADDRESS; DEBUG(2, ("Missing local server address\n")); goto reply; } if (i8.remote_client_addr == NULL) { pipe_reply.status = NT_STATUS_INVALID_ADDRESS; DEBUG(2, ("Missing remote client address\n")); goto reply; } ret = tsocket_address_inet_from_strings(state, "ip", i8.local_server_addr, i8.local_server_port, &state->local_server_addr); if (ret != 0) { DEBUG(2, ("Invalid local server address[%s:%u] - %s\n", i8.local_server_addr, i8.local_server_port, strerror(errno))); pipe_reply.status = NT_STATUS_INVALID_ADDRESS; goto reply; } ret = tsocket_address_inet_from_strings(state, "ip", i8.remote_client_addr, i8.remote_client_port, &state->remote_client_addr); if (ret != 0) { DEBUG(2, ("Invalid remote client address[%s:%u] - %s\n", i8.remote_client_addr, i8.remote_client_port, strerror(errno))); pipe_reply.status = NT_STATUS_INVALID_ADDRESS; goto reply; } reply: /* create the output */ ndr_err = ndr_push_struct_blob(&out, state, &pipe_reply, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DEBUG(2, ("Error encoding structure: %s\n", ndr_map_error2string(ndr_err))); tevent_req_error(req, EIO); return; } DEBUG(10, ("named_pipe_auth reply[%u]\n", (unsigned)out.length)); dump_data(11, out.data, out.length); if (DEBUGLVL(10)) { NDR_PRINT_DEBUG(named_pipe_auth_rep, &pipe_reply); } state->accept_status = pipe_reply.status; state->out_iov.iov_base = (char *) out.data; state->out_iov.iov_len = out.length; subreq = tstream_writev_send(state, state->ev, state->plain, &state->out_iov, 1); if (tevent_req_nomem(subreq, req)) { DEBUG(0, ("no memory for tstream_writev_send\n")); return; } tevent_req_set_callback(subreq, tstream_npa_accept_existing_done, req); } static void tstream_npa_accept_existing_done(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, struct tevent_req); int sys_errno; int ret; ret = tstream_writev_recv(subreq, &sys_errno); TALLOC_FREE(subreq); if (ret == -1) { tevent_req_error(req, sys_errno); return; } tevent_req_done(req); } static struct named_pipe_auth_req_info8 * copy_npa_info8(TALLOC_CTX *mem_ctx, const struct named_pipe_auth_req_info8 *src) { struct named_pipe_auth_req_info8 *dst = NULL; DATA_BLOB blob; enum ndr_err_code ndr_err; dst = talloc_zero(mem_ctx, struct named_pipe_auth_req_info8); if (dst == NULL) { return NULL; } ndr_err = ndr_push_struct_blob( &blob, dst, src, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req_info8); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DBG_WARNING("ndr_push_named_pipe_auth_req_info8 failed: %s\n", ndr_errstr(ndr_err)); TALLOC_FREE(dst); return NULL; } ndr_err = ndr_pull_struct_blob_all( &blob, dst, dst, (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req_info8); TALLOC_FREE(blob.data); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DBG_WARNING("ndr_push_named_pipe_auth_req_info8 failed: %s\n", ndr_errstr(ndr_err)); TALLOC_FREE(dst); return NULL; } return dst; } int _tstream_npa_accept_existing_recv( struct tevent_req *req, int *perrno, TALLOC_CTX *mem_ctx, struct tstream_context **stream, struct named_pipe_auth_req_info8 **info8, enum dcerpc_transport_t *transport, struct tsocket_address **remote_client_addr, char **_remote_client_name, struct tsocket_address **local_server_addr, char **local_server_name, struct auth_session_info_transport **session_info, const char *location) { struct tstream_npa_accept_state *state = tevent_req_data(req, struct tstream_npa_accept_state); struct named_pipe_auth_req_info8 *i8 = &state->pipe_request->info.info8; struct tstream_npa *npas; int ret; ret = tsocket_simple_int_recv(req, perrno); if (ret != 0) { DEBUG(2, ("Failed to accept named pipe connection: %s\n", strerror(*perrno))); tevent_req_received(req); return -1; } if (!NT_STATUS_IS_OK(state->accept_status)) { #if defined(EPROTONOSUPPORT) *perrno = EPROTONOSUPPORT; #elif defined(EPROTO) *perrno = EPROTO; #else *perrno = EINVAL; #endif DEBUG(2, ("Failed to accept named pipe connection: %s => %s\n", nt_errstr(state->accept_status), strerror(*perrno))); tevent_req_received(req); return -1; } *stream = tstream_context_create(mem_ctx, &tstream_npa_ops, &npas, struct tstream_npa, location); if (!*stream) { *perrno = ENOMEM; tevent_req_received(req); return -1; } ZERO_STRUCTP(npas); npas->unix_stream = state->plain; npas->file_type = state->file_type; if (info8 != NULL) { /* * Make a full copy of "info8" because further down we * talloc_move() away substructures from * state->pipe_request. */ struct named_pipe_auth_req_info8 *dst = copy_npa_info8(mem_ctx, i8); if (dst == NULL) { *perrno = ENOMEM; tevent_req_received(req); return -1; } *info8 = dst; } if (transport != NULL) { *transport = i8->transport; } if (remote_client_addr != NULL) { *remote_client_addr = talloc_move( mem_ctx, &state->remote_client_addr); } if (_remote_client_name != NULL) { *_remote_client_name = discard_const_p( char, talloc_move(mem_ctx, &i8->remote_client_name)); } if (local_server_addr != NULL) { *local_server_addr = talloc_move( mem_ctx, &state->local_server_addr); } if (local_server_name != NULL) { *local_server_name = discard_const_p( char, talloc_move(mem_ctx, &i8->local_server_name)); } if (session_info != NULL) { *session_info = talloc_move(mem_ctx, &i8->session_info); } tevent_req_received(req); return 0; }