2
Unix SMB/CIFS implementation.
4
dcerpc connect functions
6
Copyright (C) Andrew Tridgell 2003
7
Copyright (C) Jelmer Vernooij 2004
8
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2007
9
Copyright (C) Rafal Szczesniak 2005
11
This program is free software; you can redistribute it and/or modify
12
it under the terms of the GNU General Public License as published by
13
the Free Software Foundation; either version 3 of the License, or
14
(at your option) any later version.
16
This program is distributed in the hope that it will be useful,
17
but WITHOUT ANY WARRANTY; without even the implied warranty of
18
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19
GNU General Public License for more details.
21
You should have received a copy of the GNU General Public License
22
along with this program. If not, see <http://www.gnu.org/licenses/>.
27
#include "libcli/composite/composite.h"
28
#include "lib/events/events.h"
29
#include "librpc/rpc/dcerpc.h"
30
#include "librpc/rpc/dcerpc_proto.h"
31
#include "auth/credentials/credentials.h"
32
#include "param/param.h"
33
#include "libcli/resolve/resolve.h"
34
#include "lib/socket/socket.h"
36
struct sec_conn_state {
37
struct dcerpc_pipe *pipe;
38
struct dcerpc_pipe *pipe2;
39
struct dcerpc_binding *binding;
40
struct smbcli_tree *tree;
41
struct socket_address *peer_addr;
45
static void continue_open_smb(struct composite_context *ctx);
46
static void continue_open_tcp(struct composite_context *ctx);
47
static void continue_open_pipe(struct composite_context *ctx);
48
static void continue_pipe_open(struct composite_context *c);
52
Send request to create a secondary dcerpc connection from a primary
55
_PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
56
struct dcerpc_binding *b)
58
struct composite_context *c;
59
struct sec_conn_state *s;
60
struct composite_context *pipe_smb_req;
61
struct composite_context *pipe_tcp_req;
62
struct composite_context *pipe_ncalrpc_req;
64
/* composite context allocation and setup */
65
c = composite_create(p, p->conn->event_ctx);
66
if (c == NULL) return NULL;
68
s = talloc_zero(c, struct sec_conn_state);
69
if (composite_nomem(s, c)) return c;
75
/* initialise second dcerpc pipe based on primary pipe's event context */
76
s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx, s->pipe->conn->iconv_convenience);
77
if (composite_nomem(s->pipe2, c)) return c;
80
s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir;
82
/* open second dcerpc pipe using the same transport as for primary pipe */
83
switch (s->pipe->conn->transport.transport) {
85
/* get smb tree of primary dcerpc pipe opened on smb */
86
s->tree = dcerpc_smb_tree(s->pipe->conn);
88
composite_error(c, NT_STATUS_INVALID_PARAMETER);
92
pipe_smb_req = dcerpc_pipe_open_smb_send(s->pipe2, s->tree,
93
s->binding->endpoint);
94
composite_continue(c, pipe_smb_req, continue_open_smb, c);
98
s->peer_addr = dcerpc_socket_peer_addr(s->pipe->conn, s);
100
composite_error(c, NT_STATUS_INVALID_PARAMETER);
104
pipe_tcp_req = dcerpc_pipe_open_tcp_send(s->pipe2->conn,
106
s->binding->target_hostname,
107
atoi(s->binding->endpoint),
108
resolve_context_init(s));
109
composite_continue(c, pipe_tcp_req, continue_open_tcp, c);
113
case NCACN_UNIX_STREAM:
114
pipe_ncalrpc_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn,
115
dcerpc_unix_socket_path(s->pipe->conn));
116
composite_continue(c, pipe_ncalrpc_req, continue_open_pipe, c);
120
/* looks like a transport we don't support */
121
composite_error(c, NT_STATUS_NOT_SUPPORTED);
129
Stage 2 of secondary_connection: Receive result of pipe open request on smb
131
static void continue_open_smb(struct composite_context *ctx)
133
struct composite_context *c = talloc_get_type(ctx->async.private_data,
134
struct composite_context);
136
c->status = dcerpc_pipe_open_smb_recv(ctx);
137
if (!composite_is_ok(c)) return;
139
continue_pipe_open(c);
144
Stage 2 of secondary_connection: Receive result of pipe open request on tcp/ip
146
static void continue_open_tcp(struct composite_context *ctx)
148
struct composite_context *c = talloc_get_type(ctx->async.private_data,
149
struct composite_context);
151
c->status = dcerpc_pipe_open_tcp_recv(ctx);
152
if (!composite_is_ok(c)) return;
154
continue_pipe_open(c);
159
Stage 2 of secondary_connection: Receive result of pipe open request on ncalrpc
161
static void continue_open_pipe(struct composite_context *ctx)
163
struct composite_context *c = talloc_get_type(ctx->async.private_data,
164
struct composite_context);
166
c->status = dcerpc_pipe_open_pipe_recv(ctx);
167
if (!composite_is_ok(c)) return;
169
continue_pipe_open(c);
174
Stage 3 of secondary_connection: Get binding data and flags from primary pipe
175
and say if we're done ok.
177
static void continue_pipe_open(struct composite_context *c)
179
struct sec_conn_state *s;
181
s = talloc_get_type(c->private_data, struct sec_conn_state);
183
s->pipe2->conn->flags = s->pipe->conn->flags;
184
s->pipe2->binding = s->binding;
185
if (!talloc_reference(s->pipe2, s->binding)) {
186
composite_error(c, NT_STATUS_NO_MEMORY);
195
Receive result of secondary rpc connection request and return
198
_PUBLIC_ NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
199
struct dcerpc_pipe **p2)
201
NTSTATUS status = composite_wait(c);
202
struct sec_conn_state *s;
204
s = talloc_get_type(c->private_data, struct sec_conn_state);
206
if (NT_STATUS_IS_OK(status)) {
207
*p2 = talloc_steal(s->pipe, s->pipe2);
215
Create a secondary dcerpc connection from a primary connection
218
If the primary is a SMB connection then the secondary connection
219
will be on the same SMB connection, but using a new fnum
221
_PUBLIC_ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p,
222
struct dcerpc_pipe **p2,
223
struct dcerpc_binding *b)
225
struct composite_context *c;
227
c = dcerpc_secondary_connection_send(p, b);
228
return dcerpc_secondary_connection_recv(c, p2);
232
Create a secondary DCERPC connection, then bind (and possibly
233
authenticate) using the supplied credentials.
235
This creates a second connection, to the same host (and on ncacn_np on the same connection) as the first
237
struct sec_auth_conn_state {
238
struct dcerpc_pipe *pipe2;
239
struct dcerpc_binding *binding;
240
const struct ndr_interface_table *table;
241
struct cli_credentials *credentials;
242
struct composite_context *ctx;
243
struct loadparm_context *lp_ctx;
246
static void dcerpc_secondary_auth_connection_bind(struct composite_context *ctx);
247
static void dcerpc_secondary_auth_connection_continue(struct composite_context *ctx);
249
_PUBLIC_ struct composite_context* dcerpc_secondary_auth_connection_send(struct dcerpc_pipe *p,
250
struct dcerpc_binding *binding,
251
const struct ndr_interface_table *table,
252
struct cli_credentials *credentials,
253
struct loadparm_context *lp_ctx)
256
struct composite_context *c, *secondary_conn_ctx;
257
struct sec_auth_conn_state *s;
259
/* composite context allocation and setup */
260
c = composite_create(p, p->conn->event_ctx);
261
if (c == NULL) return NULL;
263
s = talloc_zero(c, struct sec_auth_conn_state);
264
if (composite_nomem(s, c)) return c;
268
s->binding = binding;
270
s->credentials = credentials;
273
secondary_conn_ctx = dcerpc_secondary_connection_send(p, binding);
275
if (composite_nomem(secondary_conn_ctx, s->ctx)) {
280
composite_continue(s->ctx, secondary_conn_ctx, dcerpc_secondary_auth_connection_bind,
286
Stage 2 of secondary_auth_connection:
287
Having made the secondary connection, we will need to do an (authenticated) bind
289
static void dcerpc_secondary_auth_connection_bind(struct composite_context *ctx)
291
struct composite_context *secondary_auth_ctx;
292
struct sec_auth_conn_state *s = talloc_get_type(ctx->async.private_data,
293
struct sec_auth_conn_state);
295
s->ctx->status = dcerpc_secondary_connection_recv(ctx, &s->pipe2);
296
if (!composite_is_ok(s->ctx)) return;
298
secondary_auth_ctx = dcerpc_pipe_auth_send(s->pipe2, s->binding, s->table, s->credentials,
300
composite_continue(s->ctx, secondary_auth_ctx, dcerpc_secondary_auth_connection_continue, s);
305
Stage 3 of secondary_auth_connection: Receive result of authenticated bind request
307
static void dcerpc_secondary_auth_connection_continue(struct composite_context *ctx)
309
struct sec_auth_conn_state *s = talloc_get_type(ctx->async.private_data,
310
struct sec_auth_conn_state);
312
s->ctx->status = dcerpc_pipe_auth_recv(ctx, s, &s->pipe2);
313
if (!composite_is_ok(s->ctx)) return;
315
composite_done(s->ctx);
319
Receive an authenticated pipe, created as a secondary connection
321
_PUBLIC_ NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c,
323
struct dcerpc_pipe **p)
325
NTSTATUS status = composite_wait(c);
326
struct sec_auth_conn_state *s;
328
s = talloc_get_type(c->private_data, struct sec_auth_conn_state);
330
if (NT_STATUS_IS_OK(status)) {
331
*p = talloc_steal(mem_ctx, s->pipe2);