diff options
-rw-r--r-- | librpc/rpc/dcerpc_util.c | 178 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 9 | ||||
-rw-r--r-- | source4/rpc_server/service_rpc.c | 174 |
3 files changed, 187 insertions, 174 deletions
diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c index 492d8ac939..1db43df34a 100644 --- a/librpc/rpc/dcerpc_util.c +++ b/librpc/rpc/dcerpc_util.c @@ -20,6 +20,10 @@ */ #include "includes.h" +#include "system/network.h" +#include <tevent.h> +#include "lib/tsocket/tsocket.h" +#include "lib/util/tevent_ntstatus.h" #include "librpc/rpc/dcerpc.h" #include "librpc/gen_ndr/ndr_dcerpc.h" @@ -139,3 +143,177 @@ NTSTATUS dcerpc_pull_auth_trailer(struct ncacn_packet *pkt, return NT_STATUS_OK; } + +struct dcerpc_read_ncacn_packet_state { +#if 0 + struct { + } caller; +#endif + DATA_BLOB buffer; + struct ncacn_packet *pkt; +}; + +static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream, + void *private_data, + TALLOC_CTX *mem_ctx, + struct iovec **_vector, + size_t *_count); +static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq); + +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream) +{ + struct tevent_req *req; + struct dcerpc_read_ncacn_packet_state *state; + struct tevent_req *subreq; + + req = tevent_req_create(mem_ctx, &state, + struct dcerpc_read_ncacn_packet_state); + if (req == NULL) { + return NULL; + } + + state->buffer = data_blob_const(NULL, 0); + state->pkt = talloc(state, struct ncacn_packet); + if (tevent_req_nomem(state->pkt, req)) { + goto post; + } + + subreq = tstream_readv_pdu_send(state, ev, + stream, + dcerpc_read_ncacn_packet_next_vector, + state); + if (tevent_req_nomem(subreq, req)) { + goto post; + } + tevent_req_set_callback(subreq, dcerpc_read_ncacn_packet_done, req); + + return req; + post: + tevent_req_post(req, ev); + return req; +} + +static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream, + void *private_data, + TALLOC_CTX *mem_ctx, + struct iovec **_vector, + size_t *_count) +{ + struct dcerpc_read_ncacn_packet_state *state = + talloc_get_type_abort(private_data, + struct dcerpc_read_ncacn_packet_state); + struct iovec *vector; + off_t ofs = 0; + + if (state->buffer.length == 0) { + /* first get enough to read the fragment length */ + ofs = 0; + state->buffer.length = DCERPC_FRAG_LEN_OFFSET + 2; + state->buffer.data = talloc_array(state, uint8_t, + state->buffer.length); + if (!state->buffer.data) { + return -1; + } + } else if (state->buffer.length == (DCERPC_FRAG_LEN_OFFSET + 2)) { + /* now read the fragment length and allocate the full buffer */ + size_t frag_len = dcerpc_get_frag_length(&state->buffer); + + ofs = state->buffer.length; + + state->buffer.data = talloc_realloc(state, + state->buffer.data, + uint8_t, frag_len); + if (!state->buffer.data) { + return -1; + } + state->buffer.length = frag_len; + } else { + /* if we reach this we have a full fragment */ + *_vector = NULL; + *_count = 0; + return 0; + } + + /* now create the vector that we want to be filled */ + vector = talloc_array(mem_ctx, struct iovec, 1); + if (!vector) { + return -1; + } + + vector[0].iov_base = (void *) (state->buffer.data + ofs); + vector[0].iov_len = state->buffer.length - ofs; + + *_vector = vector; + *_count = 1; + return 0; +} + +static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req, + struct dcerpc_read_ncacn_packet_state); + int ret; + int sys_errno; + struct ndr_pull *ndr; + enum ndr_err_code ndr_err; + NTSTATUS status; + + ret = tstream_readv_pdu_recv(subreq, &sys_errno); + TALLOC_FREE(subreq); + if (ret == -1) { + status = map_nt_error_from_unix(sys_errno); + tevent_req_nterror(req, status); + return; + } + + ndr = ndr_pull_init_blob(&state->buffer, state->pkt); + if (tevent_req_nomem(ndr, req)) { + return; + } + + if (!(CVAL(ndr->data, DCERPC_DREP_OFFSET) & DCERPC_DREP_LE)) { + ndr->flags |= LIBNDR_FLAG_BIGENDIAN; + } + + if (CVAL(ndr->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) { + ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + } + + ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, state->pkt); + TALLOC_FREE(ndr); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + tevent_req_nterror(req, status); + return; + } + + tevent_req_done(req); +} + +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer) +{ + struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req, + struct dcerpc_read_ncacn_packet_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + tevent_req_received(req); + return status; + } + + *pkt = talloc_move(mem_ctx, &state->pkt); + if (buffer) { + buffer->data = talloc_move(mem_ctx, &state->buffer.data); + buffer->length = state->buffer.length; + } + + tevent_req_received(req); + return NT_STATUS_OK; +} diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index 435fbf15a0..9ff2c1b022 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -34,6 +34,7 @@ struct tevent_context; struct tevent_req; struct dcerpc_binding_handle; +struct tstream_context; enum dcerpc_transport_t { NCA_UNKNOWN, NCACN_NP, NCACN_IP_TCP, NCACN_IP_UDP, NCACN_VNS_IPC, @@ -394,6 +395,14 @@ enum dcerpc_transport_t dcerpc_transport_by_endpoint_protocol(int prot); const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor); +struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct tstream_context *stream); +NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct ncacn_packet **pkt, + DATA_BLOB *buffer); + struct dcerpc_binding_handle_ops { const char *name; diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index 6be3fe9029..36e6a54cc8 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -133,180 +133,6 @@ static void dcesrv_sock_reply_done(struct tevent_req *subreq) } } -struct dcerpc_read_ncacn_packet_state { -#if 0 - struct { - } caller; -#endif - DATA_BLOB buffer; - struct ncacn_packet *pkt; -}; - -static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream, - void *private_data, - TALLOC_CTX *mem_ctx, - struct iovec **_vector, - size_t *_count); -static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq); - -static struct tevent_req *dcerpc_read_ncacn_packet_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct tstream_context *stream) -{ - struct tevent_req *req; - struct dcerpc_read_ncacn_packet_state *state; - struct tevent_req *subreq; - - req = tevent_req_create(mem_ctx, &state, - struct dcerpc_read_ncacn_packet_state); - if (req == NULL) { - return NULL; - } - - state->buffer = data_blob_const(NULL, 0); - state->pkt = talloc(state, struct ncacn_packet); - if (tevent_req_nomem(state->pkt, req)) { - goto post; - } - - subreq = tstream_readv_pdu_send(state, ev, - stream, - dcerpc_read_ncacn_packet_next_vector, - state); - if (tevent_req_nomem(subreq, req)) { - goto post; - } - tevent_req_set_callback(subreq, dcerpc_read_ncacn_packet_done, req); - - return req; - post: - tevent_req_post(req, ev); - return req; -} - -static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream, - void *private_data, - TALLOC_CTX *mem_ctx, - struct iovec **_vector, - size_t *_count) -{ - struct dcerpc_read_ncacn_packet_state *state = - talloc_get_type_abort(private_data, - struct dcerpc_read_ncacn_packet_state); - struct iovec *vector; - off_t ofs = 0; - - if (state->buffer.length == 0) { - /* first get enough to read the fragment length */ - ofs = 0; - state->buffer.length = DCERPC_FRAG_LEN_OFFSET + 2; - state->buffer.data = talloc_array(state, uint8_t, - state->buffer.length); - if (!state->buffer.data) { - return -1; - } - } else if (state->buffer.length == (DCERPC_FRAG_LEN_OFFSET + 2)) { - /* now read the fragment length and allocate the full buffer */ - size_t frag_len = dcerpc_get_frag_length(&state->buffer); - - ofs = state->buffer.length; - - state->buffer.data = talloc_realloc(state, - state->buffer.data, - uint8_t, frag_len); - if (!state->buffer.data) { - return -1; - } - state->buffer.length = frag_len; - } else { - /* if we reach this we have a full fragment */ - *_vector = NULL; - *_count = 0; - return 0; - } - - /* now create the vector that we want to be filled */ - vector = talloc_array(mem_ctx, struct iovec, 1); - if (!vector) { - return -1; - } - - vector[0].iov_base = (void *) (state->buffer.data + ofs); - vector[0].iov_len = state->buffer.length - ofs; - - *_vector = vector; - *_count = 1; - return 0; -} - -static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req, - struct dcerpc_read_ncacn_packet_state); - int ret; - int sys_errno; - struct ndr_pull *ndr; - enum ndr_err_code ndr_err; - NTSTATUS status; - - ret = tstream_readv_pdu_recv(subreq, &sys_errno); - TALLOC_FREE(subreq); - if (ret == -1) { - status = map_nt_error_from_unix(sys_errno); - tevent_req_nterror(req, status); - return; - } - - ndr = ndr_pull_init_blob(&state->buffer, state->pkt); - if (tevent_req_nomem(ndr, req)) { - return; - } - - if (!(CVAL(ndr->data, DCERPC_DREP_OFFSET) & DCERPC_DREP_LE)) { - ndr->flags |= LIBNDR_FLAG_BIGENDIAN; - } - - if (CVAL(ndr->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) { - ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; - } - - ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, state->pkt); - TALLOC_FREE(ndr); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - status = ndr_map_error2ntstatus(ndr_err); - tevent_req_nterror(req, status); - return; - } - - tevent_req_done(req); -} - -static NTSTATUS dcerpc_read_ncacn_packet_recv(struct tevent_req *req, - TALLOC_CTX *mem_ctx, - struct ncacn_packet **pkt, - DATA_BLOB *buffer) -{ - struct dcerpc_read_ncacn_packet_state *state = tevent_req_data(req, - struct dcerpc_read_ncacn_packet_state); - NTSTATUS status; - - if (tevent_req_is_nterror(req, &status)) { - tevent_req_received(req); - return status; - } - - *pkt = talloc_move(mem_ctx, &state->pkt); - if (buffer) { - buffer->data = talloc_move(mem_ctx, &state->buffer.data); - buffer->length = state->buffer.length; - } - - tevent_req_received(req); - return NT_STATUS_OK; -} - static void dcesrv_read_fragment_done(struct tevent_req *subreq); static void dcesrv_sock_accept(struct stream_connection *srv_conn) |