2
Unix SMB/CIFS implementation.
3
remote dcerpc operations
5
Copyright (C) Stefan (metze) Metzmacher 2004
7
This program is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License as published by
9
the Free Software Foundation; either version 3 of the License, or
10
(at your option) any later version.
12
This program is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
GNU General Public License for more details.
17
You should have received a copy of the GNU General Public License
18
along with this program. If not, see <http://www.gnu.org/licenses/>.
22
#include "rpc_server/dcerpc_server.h"
23
#include "auth/auth.h"
24
#include "auth/credentials/credentials.h"
25
#include "librpc/ndr/ndr_table.h"
26
#include "param/param.h"
29
struct dcesrv_remote_private {
30
struct dcerpc_pipe *c_pipe;
33
static NTSTATUS remote_op_reply(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r)
38
static NTSTATUS remote_op_bind(struct dcesrv_call_state *dce_call, const struct dcesrv_interface *iface)
41
const struct ndr_interface_table *table;
42
struct dcesrv_remote_private *priv;
43
const char *binding = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "binding");
44
const char *user, *pass, *domain;
45
struct cli_credentials *credentials;
48
machine_account = lp_parm_bool(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "use_machine_account", false);
50
priv = talloc(dce_call->conn, struct dcesrv_remote_private);
52
return NT_STATUS_NO_MEMORY;
56
dce_call->context->private_data = priv;
59
DEBUG(0,("You must specify a DCE/RPC binding string\n"));
60
return NT_STATUS_INVALID_PARAMETER;
63
user = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "user");
64
pass = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dcerpc_remote", "password");
65
domain = lp_parm_string(dce_call->conn->dce_ctx->lp_ctx, NULL, "dceprc_remote", "domain");
67
table = ndr_table_by_uuid(&iface->syntax_id.uuid); /* FIXME: What about if_version ? */
69
dce_call->fault_code = DCERPC_FAULT_UNK_IF;
70
return NT_STATUS_NET_WRITE_FAULT;
74
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using specified account\n"));
75
credentials = cli_credentials_init(priv);
77
return NT_STATUS_NO_MEMORY;
79
cli_credentials_set_conf(credentials, dce_call->conn->dce_ctx->lp_ctx);
80
cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
82
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
84
cli_credentials_set_password(credentials, pass, CRED_SPECIFIED);
85
} else if (machine_account) {
86
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using machine account\n"));
87
credentials = cli_credentials_init(priv);
88
cli_credentials_set_conf(credentials, dce_call->conn->dce_ctx->lp_ctx);
90
cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
92
status = cli_credentials_set_machine_account(credentials, dce_call->conn->dce_ctx->lp_ctx);
93
if (!NT_STATUS_IS_OK(status)) {
96
} else if (dce_call->conn->auth_state.session_info->credentials) {
97
DEBUG(5, ("dcerpc_remote: RPC Proxy: Using delegated credentials\n"));
98
credentials = dce_call->conn->auth_state.session_info->credentials;
100
DEBUG(1,("dcerpc_remote: RPC Proxy: You must supply binding, user and password or have delegated credentials\n"));
101
return NT_STATUS_INVALID_PARAMETER;
104
status = dcerpc_pipe_connect(priv,
105
&(priv->c_pipe), binding, table,
106
credentials, dce_call->event_ctx,
107
dce_call->conn->dce_ctx->lp_ctx);
109
talloc_free(credentials);
110
if (!NT_STATUS_IS_OK(status)) {
117
static void remote_op_unbind(struct dcesrv_connection_context *context, const struct dcesrv_interface *iface)
119
struct dcesrv_remote_private *priv = (struct dcesrv_remote_private *)context->private_data;
121
talloc_free(priv->c_pipe);
126
static NTSTATUS remote_op_ndr_pull(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct ndr_pull *pull, void **r)
128
enum ndr_err_code ndr_err;
129
const struct ndr_interface_table *table = (const struct ndr_interface_table *)dce_call->context->iface->private_data;
130
uint16_t opnum = dce_call->pkt.u.request.opnum;
132
dce_call->fault_code = 0;
134
if (opnum >= table->num_calls) {
135
dce_call->fault_code = DCERPC_FAULT_OP_RNG_ERROR;
136
return NT_STATUS_NET_WRITE_FAULT;
139
*r = talloc_size(mem_ctx, table->calls[opnum].struct_size);
141
return NT_STATUS_NO_MEMORY;
144
/* unravel the NDR for the packet */
145
ndr_err = table->calls[opnum].ndr_pull(pull, NDR_IN, *r);
146
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
147
dcerpc_log_packet(dce_call->conn->packet_log_dir,
148
table, opnum, NDR_IN,
149
&dce_call->pkt.u.request.stub_and_verifier);
150
dce_call->fault_code = DCERPC_FAULT_NDR;
151
return NT_STATUS_NET_WRITE_FAULT;
157
static NTSTATUS remote_op_dispatch(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, void *r)
159
struct dcesrv_remote_private *priv = dce_call->context->private_data;
160
uint16_t opnum = dce_call->pkt.u.request.opnum;
161
const struct ndr_interface_table *table = dce_call->context->iface->private_data;
162
const struct ndr_interface_call *call;
165
name = table->calls[opnum].name;
166
call = &table->calls[opnum];
168
if (priv->c_pipe->conn->flags & DCERPC_DEBUG_PRINT_IN) {
169
ndr_print_function_debug(call->ndr_print, name, NDR_IN | NDR_SET_VALUES, r);
172
priv->c_pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
174
/* we didn't use the return code of this function as we only check the last_fault_code */
175
dcerpc_ndr_request(priv->c_pipe, NULL, table, opnum, mem_ctx,r);
177
dce_call->fault_code = priv->c_pipe->last_fault_code;
178
if (dce_call->fault_code != 0) {
179
DEBUG(0,("dcesrv_remote: call[%s] failed with: %s!\n",name, dcerpc_errstr(mem_ctx, dce_call->fault_code)));
180
return NT_STATUS_NET_WRITE_FAULT;
183
if ((dce_call->fault_code == 0) &&
184
(priv->c_pipe->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
185
ndr_print_function_debug(call->ndr_print, name, NDR_OUT, r);
191
static NTSTATUS remote_op_ndr_push(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct ndr_push *push, const void *r)
193
enum ndr_err_code ndr_err;
194
const struct ndr_interface_table *table = dce_call->context->iface->private_data;
195
uint16_t opnum = dce_call->pkt.u.request.opnum;
197
/* unravel the NDR for the packet */
198
ndr_err = table->calls[opnum].ndr_push(push, NDR_OUT, r);
199
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
200
dce_call->fault_code = DCERPC_FAULT_NDR;
201
return NT_STATUS_NET_WRITE_FAULT;
207
static NTSTATUS remote_register_one_iface(struct dcesrv_context *dce_ctx, const struct dcesrv_interface *iface)
210
const struct ndr_interface_table *table = iface->private_data;
212
for (i=0;i<table->endpoints->count;i++) {
214
const char *name = table->endpoints->names[i];
216
ret = dcesrv_interface_register(dce_ctx, name, iface, NULL);
217
if (!NT_STATUS_IS_OK(ret)) {
218
DEBUG(1,("remote_op_init_server: failed to register endpoint '%s'\n",name));
226
static NTSTATUS remote_op_init_server(struct dcesrv_context *dce_ctx, const struct dcesrv_endpoint_server *ep_server)
229
const char **ifaces = (const char **)str_list_make(dce_ctx, lp_parm_string(dce_ctx->lp_ctx, NULL, "dcerpc_remote", "interfaces"),NULL);
232
DEBUG(3,("remote_op_init_server: no interfaces configured\n"));
236
for (i=0;ifaces[i];i++) {
238
struct dcesrv_interface iface;
240
if (!ep_server->interface_by_name(&iface, ifaces[i])) {
241
DEBUG(0,("remote_op_init_server: failed to find interface = '%s'\n", ifaces[i]));
243
return NT_STATUS_UNSUCCESSFUL;
246
ret = remote_register_one_iface(dce_ctx, &iface);
247
if (!NT_STATUS_IS_OK(ret)) {
248
DEBUG(0,("remote_op_init_server: failed to register interface = '%s'\n", ifaces[i]));
258
static bool remote_fill_interface(struct dcesrv_interface *iface, const struct ndr_interface_table *if_tabl)
260
iface->name = if_tabl->name;
261
iface->syntax_id = if_tabl->syntax_id;
263
iface->bind = remote_op_bind;
264
iface->unbind = remote_op_unbind;
266
iface->ndr_pull = remote_op_ndr_pull;
267
iface->dispatch = remote_op_dispatch;
268
iface->reply = remote_op_reply;
269
iface->ndr_push = remote_op_ndr_push;
271
iface->private_data = if_tabl;
276
static bool remote_op_interface_by_uuid(struct dcesrv_interface *iface, const struct GUID *uuid, uint32_t if_version)
278
const struct ndr_interface_list *l;
280
for (l=ndr_table_list();l;l=l->next) {
281
if (l->table->syntax_id.if_version == if_version &&
282
GUID_equal(&l->table->syntax_id.uuid, uuid)==0) {
283
return remote_fill_interface(iface, l->table);
290
static bool remote_op_interface_by_name(struct dcesrv_interface *iface, const char *name)
292
const struct ndr_interface_table *tbl = ndr_table_by_name(name);
295
return remote_fill_interface(iface, tbl);
300
NTSTATUS dcerpc_server_remote_init(void)
303
struct dcesrv_endpoint_server ep_server;
305
ZERO_STRUCT(ep_server);
307
/* fill in our name */
308
ep_server.name = "remote";
310
/* fill in all the operations */
311
ep_server.init_server = remote_op_init_server;
313
ep_server.interface_by_uuid = remote_op_interface_by_uuid;
314
ep_server.interface_by_name = remote_op_interface_by_name;
316
/* register ourselves with the DCERPC subsystem. */
317
ret = dcerpc_register_ep_server(&ep_server);
318
if (!NT_STATUS_IS_OK(ret)) {
319
DEBUG(0,("Failed to register 'remote' endpoint server!\n"));
323
/* We need the full DCE/RPC interface table */