From 7e6cf43756b7643e2f0ee7ada5076f36f3a24bb7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 8 Jan 2004 22:55:27 +0000 Subject: This patch adds a better dcerpc server infastructure. 1.) We now register endpoint servers add startup via register_backend() and later use the smb.conf 'dcerpc endpoint servers' parameter to setup the dcesrv_context 2.) each endpoint server can register at context creation time as much interfaces as it wants (multiple interfaces on one endpoint are supported!) (NOTE: there's a difference between 'endpoint server' and 'endpoint'! for details look at rpc_server/dcesrv_server.h) 3.) one endpoint can have a security descriptor registered to it self this will be checked in the future when a client wants to connect to an smb pipe endpoint. 4.) we now have a 'remote' endpoint server, which works like the ntvfs_cifs module it takes this options in the [globals] section: dcerpc remote:interfaces = srvsvc, winreg, w32time, epmapper dcerpc remote:binding = ... dcerpc remote:user = ... dcerpc remote:password = ... 5.) we currently have tree endpoint servers: epmapper, rpcecho and remote the default for the 'dcerpc endpiont servers = epmapper, rpcecho' for testing you can also do dcerpc endpoint servers = rpcecho, remote, epmapper dcerpc remote:interfaces = srvsvc, samr, netlogon 6,) please notice the the epmapper now only returns NO_ENTRIES (but I think we'll find a solution for this too:-) 7.) also there're some other stuff left, but step by step :-) This patch also includes updates for the register_subsystem() , ntvfs_init(), and some other funtions to check for duplicate subsystem registration metze (hmmm, my first large commit...I hope it works as supposed :-) (This used to be commit 917e45dafd5be4c2cd90ff425b8d6f8403122349) --- source4/rpc_server/dcesrv_auth.c | 98 ++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 49 deletions(-) (limited to 'source4/rpc_server/dcesrv_auth.c') diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 776d394e99..a117f08445 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -4,7 +4,7 @@ server side dcerpc authentication code Copyright (C) Andrew Tridgell 2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -31,40 +31,40 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call) { struct dcerpc_packet *pkt = &call->pkt; - struct dcesrv_state *dce = call->dce; + struct dcesrv_connection *dce_conn = call->conn; NTSTATUS status; if (pkt->u.bind.auth_info.length == 0) { - dce->auth_state.auth_info = NULL; + dce_conn->auth_state.auth_info = NULL; return True; } - dce->auth_state.auth_info = talloc_p(dce->mem_ctx, struct dcerpc_auth); - if (!dce->auth_state.auth_info) { + dce_conn->auth_state.auth_info = talloc_p(dce_conn->mem_ctx, struct dcerpc_auth); + if (!dce_conn->auth_state.auth_info) { return False; } status = ndr_pull_struct_blob(&pkt->u.bind.auth_info, call->mem_ctx, - dce->auth_state.auth_info, + dce_conn->auth_state.auth_info, (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); if (!NT_STATUS_IS_OK(status)) { return False; } - if (dce->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { + if (dce_conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { /* only do NTLMSSP for now */ - DEBUG(2,("auth_type %d not supported\n", dce->auth_state.auth_info->auth_type)); + DEBUG(2,("auth_type %d not supported\n", dce_conn->auth_state.auth_info->auth_type)); return False; } - if (dce->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY && - dce->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { - DEBUG(2,("auth_level %d not supported\n", dce->auth_state.auth_info->auth_level)); + if (dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY && + dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { + DEBUG(2,("auth_level %d not supported\n", dce_conn->auth_state.auth_info->auth_level)); return False; } - status = auth_ntlmssp_start(&dce->auth_state.ntlmssp_state); + status = auth_ntlmssp_start(&dce_conn->auth_state.ntlmssp_state); if (!NT_STATUS_IS_OK(status)) { return False; } @@ -77,23 +77,23 @@ BOOL dcesrv_auth_bind(struct dcesrv_call_state *call) */ BOOL dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct dcerpc_packet *pkt) { - struct dcesrv_state *dce = call->dce; + struct dcesrv_connection *dce_conn = call->conn; NTSTATUS status; - if (!call->dce->auth_state.ntlmssp_state) { + if (!call->conn->auth_state.ntlmssp_state) { return True; } - status = auth_ntlmssp_update(dce->auth_state.ntlmssp_state, - dce->auth_state.auth_info->credentials, - &dce->auth_state.auth_info->credentials); + status = auth_ntlmssp_update(dce_conn->auth_state.ntlmssp_state, + dce_conn->auth_state.auth_info->credentials, + &dce_conn->auth_state.auth_info->credentials); if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { return False; } - dce->auth_state.auth_info->auth_pad_length = 0; - dce->auth_state.auth_info->auth_reserved = 0; + dce_conn->auth_state.auth_info->auth_pad_length = 0; + dce_conn->auth_state.auth_info->auth_reserved = 0; return True; } @@ -105,43 +105,43 @@ BOOL dcesrv_auth_bind_ack(struct dcesrv_call_state *call, struct dcerpc_packet * BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call) { struct dcerpc_packet *pkt = &call->pkt; - struct dcesrv_state *dce = call->dce; + struct dcesrv_connection *dce_conn = call->conn; NTSTATUS status; - if (!dce->auth_state.auth_info || - !dce->auth_state.ntlmssp_state || + if (!dce_conn->auth_state.auth_info || + !dce_conn->auth_state.ntlmssp_state || pkt->u.auth.auth_info.length == 0) { return False; } status = ndr_pull_struct_blob(&pkt->u.auth.auth_info, call->mem_ctx, - dce->auth_state.auth_info, + dce_conn->auth_state.auth_info, (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth); if (!NT_STATUS_IS_OK(status)) { return False; } - if (dce->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { + if (dce_conn->auth_state.auth_info->auth_type != DCERPC_AUTH_TYPE_NTLMSSP) { return False; } - if (dce->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY && - dce->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { + if (dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_INTEGRITY && + dce_conn->auth_state.auth_info->auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { return False; } - status = auth_ntlmssp_update(dce->auth_state.ntlmssp_state, - dce->auth_state.auth_info->credentials, - &dce->auth_state.auth_info->credentials); + status = auth_ntlmssp_update(dce_conn->auth_state.ntlmssp_state, + dce_conn->auth_state.auth_info->credentials, + &dce_conn->auth_state.auth_info->credentials); if (!NT_STATUS_IS_OK(status)) { return False; } - switch (dce->auth_state.auth_info->auth_level) { + switch (dce_conn->auth_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: case DCERPC_AUTH_LEVEL_INTEGRITY: /* setup for signing */ - status = ntlmssp_sign_init(dce->auth_state.ntlmssp_state->ntlmssp_state); + status = ntlmssp_sign_init(dce_conn->auth_state.ntlmssp_state->ntlmssp_state); break; } @@ -155,14 +155,14 @@ BOOL dcesrv_auth_auth3(struct dcesrv_call_state *call) BOOL dcesrv_auth_request(struct dcesrv_call_state *call) { struct dcerpc_packet *pkt = &call->pkt; - struct dcesrv_state *dce = call->dce; + struct dcesrv_connection *dce_conn = call->conn; DATA_BLOB auth_blob; struct dcerpc_auth auth; struct ndr_pull *ndr; NTSTATUS status; - if (!dce->auth_state.auth_info || - !dce->auth_state.ntlmssp_state) { + if (!dce_conn->auth_state.auth_info || + !dce_conn->auth_state.ntlmssp_state) { return True; } @@ -194,16 +194,16 @@ BOOL dcesrv_auth_request(struct dcesrv_call_state *call) } /* check signature or unseal the packet */ - switch (dce->auth_state.auth_info->auth_level) { + switch (dce_conn->auth_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = ntlmssp_unseal_packet(dce->auth_state.ntlmssp_state->ntlmssp_state, + status = ntlmssp_unseal_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state, pkt->u.request.stub_and_verifier.data, pkt->u.request.stub_and_verifier.length, &auth.credentials); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = ntlmssp_check_packet(dce->auth_state.ntlmssp_state->ntlmssp_state, + status = ntlmssp_check_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state, pkt->u.request.stub_and_verifier.data, pkt->u.request.stub_and_verifier.length, &auth.credentials); @@ -230,12 +230,12 @@ BOOL dcesrv_auth_request(struct dcesrv_call_state *call) BOOL dcesrv_auth_response(struct dcesrv_call_state *call, DATA_BLOB *blob, struct dcerpc_packet *pkt) { - struct dcesrv_state *dce = call->dce; + struct dcesrv_connection *dce_conn = call->conn; NTSTATUS status; struct ndr_push *ndr; /* non-signed packets are simple */ - if (!dce->auth_state.auth_info || !dce->auth_state.ntlmssp_state) { + if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.ntlmssp_state) { status = dcerpc_push_auth(blob, call->mem_ctx, pkt, NULL); return NT_STATUS_IS_OK(status); } @@ -255,23 +255,23 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, } /* pad to 8 byte multiple */ - dce->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 8); - ndr_push_zero(ndr, dce->auth_state.auth_info->auth_pad_length); + dce_conn->auth_state.auth_info->auth_pad_length = NDR_ALIGN(ndr, 8); + ndr_push_zero(ndr, dce_conn->auth_state.auth_info->auth_pad_length); /* sign or seal the packet */ - switch (dce->auth_state.auth_info->auth_level) { + switch (dce_conn->auth_state.auth_info->auth_level) { case DCERPC_AUTH_LEVEL_PRIVACY: - status = ntlmssp_seal_packet(dce->auth_state.ntlmssp_state->ntlmssp_state, + status = ntlmssp_seal_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state, ndr->data + DCERPC_REQUEST_LENGTH, ndr->offset - DCERPC_REQUEST_LENGTH, - &dce->auth_state.auth_info->credentials); + &dce_conn->auth_state.auth_info->credentials); break; case DCERPC_AUTH_LEVEL_INTEGRITY: - status = ntlmssp_sign_packet(dce->auth_state.ntlmssp_state->ntlmssp_state, + status = ntlmssp_sign_packet(dce_conn->auth_state.ntlmssp_state->ntlmssp_state, ndr->data + DCERPC_REQUEST_LENGTH, ndr->offset - DCERPC_REQUEST_LENGTH, - &dce->auth_state.auth_info->credentials); + &dce_conn->auth_state.auth_info->credentials); break; default: status = NT_STATUS_INVALID_LEVEL; @@ -283,7 +283,7 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, } /* add the auth verifier */ - status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, dce->auth_state.auth_info); + status = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, dce_conn->auth_state.auth_info); if (!NT_STATUS_IS_OK(status)) { return False; } @@ -295,9 +295,9 @@ BOOL dcesrv_auth_response(struct dcesrv_call_state *call, in these earlier as we don't know the signature length (it could be variable length) */ dcerpc_set_frag_length(blob, blob->length); - dcerpc_set_auth_length(blob, dce->auth_state.auth_info->credentials.length); + dcerpc_set_auth_length(blob, dce_conn->auth_state.auth_info->credentials.length); - data_blob_free(&dce->auth_state.auth_info->credentials); + data_blob_free(&dce_conn->auth_state.auth_info->credentials); return True; } -- cgit