diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /source4/rpc_server/common | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source4/rpc_server/common')
-rw-r--r-- | source4/rpc_server/common/common.h | 44 | ||||
-rw-r--r-- | source4/rpc_server/common/forward.c | 134 | ||||
-rw-r--r-- | source4/rpc_server/common/loadparm.c | 45 | ||||
-rw-r--r-- | source4/rpc_server/common/server_info.c | 319 | ||||
-rw-r--r-- | source4/rpc_server/common/share_info.c | 123 |
5 files changed, 665 insertions, 0 deletions
diff --git a/source4/rpc_server/common/common.h b/source4/rpc_server/common/common.h new file mode 100644 index 0000000..b57ddf2 --- /dev/null +++ b/source4/rpc_server/common/common.h @@ -0,0 +1,44 @@ +/* + Unix SMB/CIFS implementation. + + common macros for the dcerpc server interfaces + + Copyright (C) Stefan (metze) Metzmacher 2004 + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _DCERPC_SERVER_COMMON_H_ +#define _DCERPC_SERVER_COMMON_H_ + +struct share_config; +struct dcesrv_connection; +struct dcesrv_context; +struct dcesrv_context; +struct dcesrv_call_state; +struct ndr_interface_table; +struct ncacn_packet; +struct auth_session_info; + +struct dcerpc_server_info { + const char *domain_name; + uint32_t version_major; + uint32_t version_minor; + uint32_t version_build; +}; + +#include "rpc_server/common/proto.h" + +#endif /* _DCERPC_SERVER_COMMON_H_ */ diff --git a/source4/rpc_server/common/forward.c b/source4/rpc_server/common/forward.c new file mode 100644 index 0000000..4ae8c1b --- /dev/null +++ b/source4/rpc_server/common/forward.c @@ -0,0 +1,134 @@ +/* + Unix SMB/CIFS implementation. + + forwarding of RPC calls to other tasks + + Copyright (C) Andrew Tridgell 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include <tevent.h> +#include "rpc_server/dcerpc_server.h" +#include "librpc/gen_ndr/dcerpc.h" +#include "rpc_server/common/common.h" +#include "messaging/irpc.h" +#include "auth/auth.h" + + +struct dcesrv_forward_state { + const char *opname; + struct dcesrv_call_state *dce_call; +}; + +/* + called when the forwarded rpc request is finished + */ +static void dcesrv_irpc_forward_callback(struct tevent_req *subreq) +{ + struct dcesrv_forward_state *st = + tevent_req_callback_data(subreq, + struct dcesrv_forward_state); + const char *opname = st->opname; + NTSTATUS status; + + status = dcerpc_binding_handle_call_recv(subreq); + TALLOC_FREE(subreq); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("IRPC callback failed for %s - %s\n", + opname, nt_errstr(status))); + st->dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM; + } + status = dcesrv_reply(st->dce_call); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("%s_handler: dcesrv_reply() failed - %s\n", + opname, nt_errstr(status))); + } +} + + + +/** + * Forward a RPC call using IRPC to another task + */ +void dcesrv_irpc_forward_rpc_call(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, + void *r, uint32_t callid, + const struct ndr_interface_table *ndr_table, + const char *dest_task, const char *opname, + uint32_t timeout) +{ + struct dcesrv_forward_state *st; + struct dcerpc_binding_handle *binding_handle; + struct tevent_req *subreq; + struct auth_session_info *session_info = + dcesrv_call_session_info(dce_call); + struct imessaging_context *imsg_ctx = + dcesrv_imessaging_context(dce_call->conn); + + st = talloc(mem_ctx, struct dcesrv_forward_state); + if (st == NULL) { + dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM; + return; + } + + st->dce_call = dce_call; + st->opname = opname; + + /* if the caller has said they can't support async calls + then fail the call */ + if (!(dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC)) { + /* we're not allowed to reply async */ + DEBUG(0,("%s: Not available synchronously\n", dest_task)); + dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM; + return; + } + + binding_handle = irpc_binding_handle_by_name(st, + imsg_ctx, + dest_task, + ndr_table); + if (binding_handle == NULL) { + DEBUG(0,("%s: Failed to forward request to %s task\n", + opname, dest_task)); + dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM; + return; + } + + /* reset timeout for the handle */ + dcerpc_binding_handle_set_timeout(binding_handle, timeout); + + /* add security token to the handle*/ + irpc_binding_handle_add_security_token(binding_handle, + session_info->security_token); + + /* forward the call */ + subreq = dcerpc_binding_handle_call_send(st, dce_call->event_ctx, + binding_handle, + NULL, ndr_table, + callid, + dce_call, r); + if (subreq == NULL) { + DEBUG(0,("%s: Failed to forward request to %s task\n", + opname, dest_task)); + dce_call->fault_code = DCERPC_FAULT_CANT_PERFORM; + return; + } + + /* mark the request as replied async */ + dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC; + + /* setup the callback */ + tevent_req_set_callback(subreq, dcesrv_irpc_forward_callback, st); +} diff --git a/source4/rpc_server/common/loadparm.c b/source4/rpc_server/common/loadparm.c new file mode 100644 index 0000000..174063e --- /dev/null +++ b/source4/rpc_server/common/loadparm.c @@ -0,0 +1,45 @@ +/* + Unix SMB/CIFS implementation. + DCERPC server info param function + Moved into rpc_server/common to break dependencies to rpc_server from param + Copyright (C) Karl Auer 1993-1998 + + Largely re-written by Andrew Tridgell, September 1994 + + Copyright (C) Simo Sorce 2001 + Copyright (C) Alexander Bokovoy 2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. + Copyright (C) James Myers 2003 <myersjj@samba.org> + Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "lib/param/param.h" +#include "rpc_server/common/common.h" + +_PUBLIC_ struct dcerpc_server_info *lpcfg_dcerpc_server_info(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) +{ + struct dcerpc_server_info *ret = talloc_zero(mem_ctx, struct dcerpc_server_info); + + ret->domain_name = talloc_reference(mem_ctx, lpcfg_workgroup(lp_ctx)); + ret->version_major = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_major", 5); + ret->version_minor = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_minor", 2); + ret->version_build = lpcfg_parm_int(lp_ctx, NULL, "server_info", "version_build", 3790); + + return ret; +} + diff --git a/source4/rpc_server/common/server_info.c b/source4/rpc_server/common/server_info.c new file mode 100644 index 0000000..34228c3 --- /dev/null +++ b/source4/rpc_server/common/server_info.c @@ -0,0 +1,319 @@ +/* + Unix SMB/CIFS implementation. + + common server info functions + + Copyright (C) Stefan (metze) Metzmacher 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "librpc/gen_ndr/srvsvc.h" +#include "rpc_server/dcerpc_server.h" +#include "dsdb/samdb/samdb.h" +#include "dsdb/common/util.h" +#include "auth/auth.h" +#include "param/param.h" +#include "rpc_server/common/common.h" +#include "libds/common/roles.h" +#include "auth/auth_util.h" +#include "lib/tsocket/tsocket.h" + +/* + Here are common server info functions used by some dcerpc server interfaces +*/ + +/* This hardcoded value should go into a ldb database! */ +enum srvsvc_PlatformId dcesrv_common_get_platform_id(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + enum srvsvc_PlatformId id; + + id = lpcfg_parm_int(dce_ctx->lp_ctx, NULL, "server_info", "platform_id", PLATFORM_ID_NT); + + return id; +} + +const char *dcesrv_common_get_server_name(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, const char *server_unc) +{ + const char *p = server_unc; + + /* if there's no string return our NETBIOS name */ + if (!p) { + return talloc_strdup(mem_ctx, lpcfg_netbios_name(dce_ctx->lp_ctx)); + } + + /* if there're '\\\\' in front remove them otherwise just pass the string */ + if (p[0] == '\\' && p[1] == '\\') { + p += 2; + } + + return talloc_strdup(mem_ctx, p); +} + + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_server_type(TALLOC_CTX *mem_ctx, struct tevent_context *event_ctx, struct dcesrv_context *dce_ctx) +{ + int default_server_announce = 0; + default_server_announce |= SV_TYPE_WORKSTATION; + default_server_announce |= SV_TYPE_SERVER; + default_server_announce |= SV_TYPE_SERVER_UNIX; + + default_server_announce |= SV_TYPE_SERVER_NT; + default_server_announce |= SV_TYPE_NT; + + switch (lpcfg_server_role(dce_ctx->lp_ctx)) { + case ROLE_DOMAIN_MEMBER: + default_server_announce |= SV_TYPE_DOMAIN_MEMBER; + break; + case ROLE_ACTIVE_DIRECTORY_DC: + { + struct ldb_context *samctx; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + break; + } + /* open main ldb */ + samctx = samdb_connect( + tmp_ctx, + event_ctx, + dce_ctx->lp_ctx, + anonymous_session(tmp_ctx, dce_ctx->lp_ctx), + NULL, + 0); + if (samctx == NULL) { + DEBUG(2,("Unable to open samdb in determining server announce flags\n")); + } else { + /* Determine if we are the pdc */ + bool is_pdc = samdb_is_pdc(samctx); + if (is_pdc) { + default_server_announce |= SV_TYPE_DOMAIN_CTRL; + } else { + default_server_announce |= SV_TYPE_DOMAIN_BAKCTRL; + } + } + /* Close it */ + talloc_free(tmp_ctx); + break; + } + case ROLE_STANDALONE: + default: + break; + } + if (lpcfg_time_server(dce_ctx->lp_ctx)) + default_server_announce |= SV_TYPE_TIME_SOURCE; + + if (lpcfg_host_msdfs(dce_ctx->lp_ctx)) + default_server_announce |= SV_TYPE_DFS_SERVER; + + +#if 0 + { + /* TODO: announce us as print server when we are a print server */ + bool is_print_server = false; + if (is_print_server) { + default_server_announce |= SV_TYPE_PRINTQ_SERVER; + } + } +#endif + return default_server_announce; +} + +/* This hardcoded value should go into a ldb database! */ +const char *dcesrv_common_get_lan_root(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return talloc_strdup(mem_ctx, ""); +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_users(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return -1; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_disc(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return 15; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_hidden(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return 0; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_announce(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return 240; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_anndelta(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return 3000; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_licenses(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return 0; +} + +/* This hardcoded value should go into a ldb database! */ +const char *dcesrv_common_get_userpath(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx) +{ + return talloc_strdup(mem_ctx, "c:\\"); +} + +#define INVALID_SHARE_NAME_CHARS " \"*+,./:;<=>?[\\]|" + +bool dcesrv_common_validate_share_name(TALLOC_CTX *mem_ctx, const char *share_name) +{ + if (strpbrk(share_name, INVALID_SHARE_NAME_CHARS)) { + return false; + } + + return true; +} + +/* + * call_session_info is session info for samdb. call_audit_session_info is for + * auditing and may be NULL. + */ +struct ldb_context *dcesrv_samdb_connect_session_info( + TALLOC_CTX *mem_ctx, + struct dcesrv_call_state *dce_call, + const struct auth_session_info *call_session_info, + const struct auth_session_info *call_audit_session_info) +{ + struct ldb_context *samdb = NULL; + struct auth_session_info *user_session_info = NULL; + struct auth_session_info *audit_session_info = NULL; + struct tsocket_address *remote_address = NULL; + + user_session_info = copy_session_info(mem_ctx, call_session_info); + if (user_session_info == NULL) { + return NULL; + } + + if (call_audit_session_info != NULL) { + audit_session_info = copy_session_info(mem_ctx, call_audit_session_info); + if (audit_session_info == NULL) { + talloc_free(user_session_info); + return NULL; + } + } + + if (dce_call->conn->remote_address != NULL) { + remote_address = tsocket_address_copy(dce_call->conn->remote_address, + user_session_info); + if (remote_address == NULL) { + TALLOC_FREE(audit_session_info); + talloc_free(user_session_info); + return NULL; + } + } + + /* + * We need to make sure every argument + * stays arround for the lifetime of 'samdb', + * typically it is allocated on the scope of + * an assoc group, so we can't reference dce_call->conn, + * as the assoc group may stay when the current connection + * gets disconnected. + * + * The following are global per process: + * - dce_call->conn->dce_ctx->lp_ctx + * - dce_call->event_ctx + * - system_session + * + * We make a copy of: + * - dce_call->conn->remote_address + * - dce_call->auth_state->session_info + */ + samdb = samdb_connect( + mem_ctx, + dce_call->event_ctx, + dce_call->conn->dce_ctx->lp_ctx, + user_session_info, + remote_address, + 0); + if (samdb == NULL) { + TALLOC_FREE(audit_session_info); + talloc_free(user_session_info); + return NULL; + } + talloc_move(samdb, &user_session_info); + + if (audit_session_info != NULL) { + int ret; + + talloc_steal(samdb, audit_session_info); + + ret = ldb_set_opaque(samdb, + DSDB_NETWORK_SESSION_INFO, + audit_session_info); + if (ret != LDB_SUCCESS) { + talloc_free(samdb); + return NULL; + } + } + + return samdb; +} + +/* + * Open an ldb connection under the system session and save the remote users + * session details in a ldb_opaque. This will allow the audit logging to + * log the original session for operations performed in the system session. + * + * Access checks are required by the caller! + */ +struct ldb_context *dcesrv_samdb_connect_as_system( + TALLOC_CTX *mem_ctx, + struct dcesrv_call_state *dce_call) +{ + const struct auth_session_info *system_session_info = NULL; + const struct auth_session_info *call_session_info = NULL; + + system_session_info = system_session(dce_call->conn->dce_ctx->lp_ctx); + if (system_session_info == NULL) { + return NULL; + } + + call_session_info = dcesrv_call_session_info(dce_call); + + return dcesrv_samdb_connect_session_info(mem_ctx, dce_call, + system_session_info, call_session_info); +} + +/* + * Open an ldb connection under the remote users session details. + * + * Access checks are done at the ldb level. + */ +struct ldb_context *dcesrv_samdb_connect_as_user( + TALLOC_CTX *mem_ctx, + struct dcesrv_call_state *dce_call) +{ + const struct auth_session_info *call_session_info = NULL; + + call_session_info = dcesrv_call_session_info(dce_call); + + return dcesrv_samdb_connect_session_info(mem_ctx, dce_call, + call_session_info, NULL); +} diff --git a/source4/rpc_server/common/share_info.c b/source4/rpc_server/common/share_info.c new file mode 100644 index 0000000..d7ed5ee --- /dev/null +++ b/source4/rpc_server/common/share_info.c @@ -0,0 +1,123 @@ +/* + Unix SMB/CIFS implementation. + + common share info functions + + Copyright (C) Stefan (metze) Metzmacher 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "param/share.h" +#include "librpc/gen_ndr/srvsvc.h" +#include "rpc_server/dcerpc_server.h" +#include "rpc_server/common/share.h" + +#undef strcasecmp + +/* + Here are common server info functions used by some dcerpc server interfaces +*/ + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_share_permissions(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg) +{ + return 0; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_share_current_users(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg) +{ + return 1; +} + +/* This hardcoded value should go into a ldb database! */ +enum srvsvc_ShareType dcesrv_common_get_share_type(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg) +{ + /* for disk share 0x00000000 + * for print share 0x00000001 + * for IPC$ share 0x00000003 + * + * administrative shares: + * ADMIN$, IPC$, C$, D$, E$ ... are type |= 0x80000000 + * this ones are hidden in NetShareEnum, but shown in NetShareEnumAll + */ + enum srvsvc_ShareType share_type = 0; + char *sharetype; + + if (!share_bool_option(scfg, SHARE_BROWSEABLE, SHARE_BROWSEABLE_DEFAULT)) { + share_type |= STYPE_HIDDEN; + } + + sharetype = share_string_option(mem_ctx, scfg, SHARE_TYPE, SHARE_TYPE_DEFAULT); + if (sharetype && strcasecmp(sharetype, "IPC") == 0) { + share_type |= STYPE_IPC; + TALLOC_FREE(sharetype); + return share_type; + } + + if (sharetype && strcasecmp(sharetype, "PRINTER") == 0) { + share_type |= STYPE_PRINTQ; + TALLOC_FREE(sharetype); + return share_type; + } + + TALLOC_FREE(sharetype); + share_type |= STYPE_DISKTREE; + + return share_type; +} + +/* This hardcoded value should go into a ldb database! */ +const char *dcesrv_common_get_share_path(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg) +{ + char *sharetype; + char *p; + char *path; + + sharetype = share_string_option(mem_ctx, scfg, SHARE_TYPE, SHARE_TYPE_DEFAULT); + + if (sharetype && strcasecmp(sharetype, "IPC") == 0) { + TALLOC_FREE(sharetype); + return talloc_strdup(mem_ctx, ""); + } + + TALLOC_FREE(sharetype); + + p = share_string_option(mem_ctx, scfg, SHARE_PATH, ""); + if (!p) { + return NULL; + } + if (p[0] == '\0') { + return p; + } + all_string_sub(p, "/", "\\", 0); + + path = talloc_asprintf(mem_ctx, "C:%s", p); + TALLOC_FREE(p); + return path; +} + +/* This hardcoded value should go into a ldb database! */ +uint32_t dcesrv_common_get_share_dfs_flags(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg) +{ + return 0; +} + +/* This hardcoded value should go into a ldb database! */ +struct security_descriptor *dcesrv_common_get_security_descriptor(TALLOC_CTX *mem_ctx, struct dcesrv_context *dce_ctx, struct share_config *scfg) +{ + return NULL; +} |