/* * Unix SMB/CIFS implementation. * RPC client transport over named pipes to a child smbd * Copyright (C) Volker Lendecke 2009 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_CLI /** * struct rpc_cli_smbd_conn represents a forked smbd. This structure should * exist only once per process which does the rpc calls. * * RPC pipe handles can be attached to this smbd connection with * rpc_pipe_open_local(). * * For this to work right, we can not use rpc_transport_np directly, because * the child smbd wants to write its DEBUG output somewhere. We redirect the * child's output to rpc_cli_smbd_conn->stdout_fd. While the RPC calls are * active, we have an event context available and attach a fd event to the * stdout_df. */ struct rpc_cli_smbd_conn { /** * The smb connection to handle the named pipe traffic over */ struct cli_state *cli; /** * Attached to stdout in the forked smbd, this is where smbd will * print its DEBUG. */ int stdout_fd; /** * Custom callback provided by the owner of the * rpc_cli_smbd_conn. Here we send the smbd DEBUG output. Can be NULL. */ struct { void (*fn)(char *buf, size_t len, void *priv); void *priv; } stdout_callback ; }; /** * Event handler to be called whenever the forked smbd prints debugging * output. */ static void rpc_cli_smbd_stdout_reader(struct event_context *ev, struct fd_event *fde, uint16_t flags, void *priv) { struct rpc_cli_smbd_conn *conn = talloc_get_type_abort( priv, struct rpc_cli_smbd_conn); char buf[1024]; ssize_t nread; if ((flags & EVENT_FD_READ) == 0) { return; } nread = read(conn->stdout_fd, buf, sizeof(buf)-1); if (nread < 0) { DEBUG(0, ("Could not read from smbd stdout: %s\n", strerror(errno))); TALLOC_FREE(fde); return; } if (nread == 0) { DEBUG(0, ("EOF from smbd stdout\n")); TALLOC_FREE(fde); return; } if (conn->stdout_callback.fn != NULL) { conn->stdout_callback.fn(buf, nread, conn->stdout_callback.priv); } } /** * struct rpc_transport_smbd_state is the link from a struct rpc_pipe_client * to the rpc_cli_smbd_conn. We use a named pipe transport as a subtransport. */ struct rpc_transport_smbd_state { struct rpc_cli_smbd_conn *conn; struct rpc_cli_transport *sub_transp; }; static int rpc_cli_smbd_conn_destructor(struct rpc_cli_smbd_conn *conn) { if (conn->cli != NULL) { cli_shutdown(conn->cli); conn->cli = NULL; } if (conn->stdout_fd != -1) { close(conn->stdout_fd); conn->stdout_fd = -1; } return 0; } /* * Do the negprot/sesssetup/tcon to an anonymous ipc$ connection */ struct get_anon_ipc_state { struct event_context *ev; struct cli_state *cli; }; static void get_anon_ipc_negprot_done(struct async_req *subreq); static void get_anon_ipc_sesssetup_done(struct async_req *subreq); static void get_anon_ipc_tcon_done(struct async_req *subreq); static struct async_req *get_anon_ipc_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli) { struct async_req *result, *subreq; struct get_anon_ipc_state *state; if (!async_req_setup(mem_ctx, &result, &state, struct get_anon_ipc_state)) { return NULL; } state->ev = ev; state->cli = cli; subreq = cli_negprot_send(state, ev, cli); if (subreq == NULL) { goto fail; } subreq->async.fn = get_anon_ipc_negprot_done; subreq->async.priv = result; return result; fail: TALLOC_FREE(result); return NULL; } static void get_anon_ipc_negprot_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); struct get_anon_ipc_state *state = talloc_get_type_abort( req->private_data, struct get_anon_ipc_state); NTSTATUS status; status = cli_negprot_recv(subreq); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } subreq = cli_session_setup_guest_send(state, state->ev, state->cli); if (async_req_nomem(subreq, req)) { return; } subreq->async.fn = get_anon_ipc_sesssetup_done; subreq->async.priv = req; } static void get_anon_ipc_sesssetup_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); struct get_anon_ipc_state *state = talloc_get_type_abort( req->private_data, struct get_anon_ipc_state); NTSTATUS status; status = cli_session_setup_guest_recv(subreq); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } subreq = cli_tcon_andx_send(state, state->ev, state->cli, "IPC$", "IPC", NULL, 0); if (async_req_nomem(subreq, req)) { return; } subreq->async.fn = get_anon_ipc_tcon_done; subreq->async.priv = req; } static void get_anon_ipc_tcon_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); NTSTATUS status; status = cli_tcon_andx_recv(subreq); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } async_req_done(req); } static NTSTATUS get_anon_ipc_recv(struct async_req *req) { return async_req_simple_recv_ntstatus(req); } struct rpc_cli_smbd_conn_init_state { struct event_context *ev; struct rpc_cli_smbd_conn *conn; }; static void rpc_cli_smbd_conn_init_done(struct async_req *subreq); struct async_req *rpc_cli_smbd_conn_init_send(TALLOC_CTX *mem_ctx, struct event_context *ev, void (*stdout_callback)(char *buf, size_t len, void *priv), void *priv) { struct async_req *result, *subreq; struct rpc_cli_smbd_conn_init_state *state; int smb_sock[2]; int stdout_pipe[2]; NTSTATUS status; pid_t pid; int ret; smb_sock[0] = smb_sock[1] = stdout_pipe[0] = stdout_pipe[1] = -1; if (!async_req_setup(mem_ctx, &result, &state, struct rpc_cli_smbd_conn_init_state)) { return NULL; } state->ev = ev; state->conn = talloc(state, struct rpc_cli_smbd_conn); if (state->conn == NULL) { goto nomem; } state->conn->cli = cli_initialise(); if (state->conn->cli == NULL) { goto nomem; } state->conn->stdout_fd = -1; state->conn->stdout_callback.fn = stdout_callback; state->conn->stdout_callback.priv = priv; talloc_set_destructor(state->conn, rpc_cli_smbd_conn_destructor); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, smb_sock); if (ret == -1) { status = map_nt_error_from_unix(errno); goto post_status; } ret = pipe(stdout_pipe); if (ret == -1) { status = map_nt_error_from_unix(errno); goto post_status; } pid = sys_fork(); if (pid == -1) { status = map_nt_error_from_unix(errno); goto post_status; } if (pid == 0) { char *smbd_cmd; close(smb_sock[0]); close(stdout_pipe[0]); close(0); if (dup(smb_sock[1]) == -1) { exit(1); } close(smb_sock[1]); close(1); if (dup(stdout_pipe[1]) == -1) { exit(1); } close(stdout_pipe[1]); smbd_cmd = getenv("SMB_PATH"); if ((smbd_cmd == NULL) && (asprintf(&smbd_cmd, "%s/smbd", get_dyn_SBINDIR()) == -1)) { printf("no memory"); exit(1); } if (asprintf(&smbd_cmd, "%s -F -S", smbd_cmd) == -1) { printf("no memory"); exit(1); } exit(system(smbd_cmd)); } state->conn->cli->fd = smb_sock[0]; smb_sock[0] = -1; close(smb_sock[1]); smb_sock[1] = -1; state->conn->stdout_fd = stdout_pipe[0]; stdout_pipe[0] = -1; close(stdout_pipe[1]); stdout_pipe[1] = -1; subreq = get_anon_ipc_send(state, ev, state->conn->cli); if (subreq == NULL) { goto nomem; } if (event_add_fd(ev, subreq, state->conn->stdout_fd, EVENT_FD_READ, rpc_cli_smbd_stdout_reader, state->conn) == NULL) { goto nomem; } subreq->async.fn = rpc_cli_smbd_conn_init_done; subreq->async.priv = result; return result; nomem: status = NT_STATUS_NO_MEMORY; post_status: if (smb_sock[0] != -1) { close(smb_sock[0]); } if (smb_sock[1] != -1) { close(smb_sock[1]); } if (stdout_pipe[0] != -1) { close(stdout_pipe[0]); } if (stdout_pipe[1] != -1) { close(stdout_pipe[1]); } if (async_post_ntstatus(result, ev, status)) { return result; } TALLOC_FREE(result); return NULL; } static void rpc_cli_smbd_conn_init_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); NTSTATUS status; status = get_anon_ipc_recv(subreq); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } async_req_done(req); } NTSTATUS rpc_cli_smbd_conn_init_recv(struct async_req *req, TALLOC_CTX *mem_ctx, struct rpc_cli_smbd_conn **pconn) { struct rpc_cli_smbd_conn_init_state *state = talloc_get_type_abort( req->private_data, struct rpc_cli_smbd_conn_init_state); NTSTATUS status; if (async_req_is_nterror(req, &status)) { return status; } *pconn = talloc_move(mem_ctx, &state->conn); return NT_STATUS_OK; } NTSTATUS rpc_cli_smbd_conn_init(TALLOC_CTX *mem_ctx, struct rpc_cli_smbd_conn **pconn, void (*stdout_callback)(char *buf, size_t len, void *priv), void *priv) { TALLOC_CTX *frame = talloc_stackframe(); struct event_context *ev; struct async_req *req; NTSTATUS status; ev = event_context_init(frame); if (ev == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } req = rpc_cli_smbd_conn_init_send(frame, ev, stdout_callback, priv); if (req == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } while (req->state < ASYNC_REQ_DONE) { event_loop_once(ev); } status = rpc_cli_smbd_conn_init_recv(req, mem_ctx, pconn); fail: TALLOC_FREE(frame); return status; } struct rpc_smbd_write_state { struct rpc_cli_transport *sub_transp; ssize_t written; }; static void rpc_smbd_write_done(struct async_req *subreq); static struct async_req *rpc_smbd_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev, const uint8_t *data, size_t size, void *priv) { struct rpc_transport_smbd_state *transp = talloc_get_type_abort( priv, struct rpc_transport_smbd_state); struct async_req *result, *subreq; struct rpc_smbd_write_state *state; if (!async_req_setup(mem_ctx, &result, &state, struct rpc_smbd_write_state)) { return NULL; } state->sub_transp = transp->sub_transp; subreq = transp->sub_transp->write_send(state, ev, data, size, transp->sub_transp->priv); if (subreq == NULL) { goto fail; } if (event_add_fd(ev, subreq, transp->conn->stdout_fd, EVENT_FD_READ, rpc_cli_smbd_stdout_reader, transp->conn) == NULL) { goto fail; } subreq->async.fn = rpc_smbd_write_done; subreq->async.priv = result; return result; fail: TALLOC_FREE(result); return NULL; } static void rpc_smbd_write_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); struct rpc_smbd_write_state *state = talloc_get_type_abort( req->private_data, struct rpc_smbd_write_state); NTSTATUS status; status = state->sub_transp->write_recv(subreq, &state->written); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } async_req_done(req); } static NTSTATUS rpc_smbd_write_recv(struct async_req *req, ssize_t *pwritten) { struct rpc_smbd_write_state *state = talloc_get_type_abort( req->private_data, struct rpc_smbd_write_state); NTSTATUS status; if (async_req_is_nterror(req, &status)) { return status; } *pwritten = state->written; return NT_STATUS_OK; } struct rpc_smbd_read_state { struct rpc_cli_transport *sub_transp; ssize_t received; }; static void rpc_smbd_read_done(struct async_req *subreq); static struct async_req *rpc_smbd_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev, uint8_t *data, size_t size, void *priv) { struct rpc_transport_smbd_state *transp = talloc_get_type_abort( priv, struct rpc_transport_smbd_state); struct async_req *result, *subreq; struct rpc_smbd_read_state *state; if (!async_req_setup(mem_ctx, &result, &state, struct rpc_smbd_read_state)) { return NULL; } state->sub_transp = transp->sub_transp; subreq = transp->sub_transp->read_send(state, ev, data, size, transp->sub_transp->priv); if (subreq == NULL) { goto fail; } if (event_add_fd(ev, subreq, transp->conn->stdout_fd, EVENT_FD_READ, rpc_cli_smbd_stdout_reader, transp->conn) == NULL) { goto fail; } subreq->async.fn = rpc_smbd_read_done; subreq->async.priv = result; return result; fail: TALLOC_FREE(result); return NULL; } static void rpc_smbd_read_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); struct rpc_smbd_read_state *state = talloc_get_type_abort( req->private_data, struct rpc_smbd_read_state); NTSTATUS status; status = state->sub_transp->read_recv(subreq, &state->received); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } async_req_done(req); } static NTSTATUS rpc_smbd_read_recv(struct async_req *req, ssize_t *preceived) { struct rpc_smbd_read_state *state = talloc_get_type_abort( req->private_data, struct rpc_smbd_read_state); NTSTATUS status; if (async_req_is_nterror(req, &status)) { return status; } *preceived = state->received; return NT_STATUS_OK; } struct rpc_transport_smbd_init_state { struct rpc_cli_transport *transport; struct rpc_transport_smbd_state *transport_smbd; }; static void rpc_transport_smbd_init_done(struct async_req *subreq); struct async_req *rpc_transport_smbd_init_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct rpc_cli_smbd_conn *conn, const struct ndr_syntax_id *abstract_syntax) { struct async_req *result, *subreq; struct rpc_transport_smbd_init_state *state; if (!async_req_setup(mem_ctx, &result, &state, struct rpc_transport_smbd_init_state)) { return NULL; } state->transport = talloc(state, struct rpc_cli_transport); if (state->transport == NULL) { goto fail; } state->transport_smbd = talloc(state->transport, struct rpc_transport_smbd_state); if (state->transport_smbd == NULL) { goto fail; } state->transport_smbd->conn = conn; state->transport->priv = state->transport_smbd; subreq = rpc_transport_np_init_send(state, ev, conn->cli, abstract_syntax); if (subreq == NULL) { goto fail; } subreq->async.fn = rpc_transport_smbd_init_done; subreq->async.priv = result; return result; fail: TALLOC_FREE(result); return NULL; } static void rpc_transport_smbd_init_done(struct async_req *subreq) { struct async_req *req = talloc_get_type_abort( subreq->async.priv, struct async_req); struct rpc_transport_smbd_init_state *state = talloc_get_type_abort( req->private_data, struct rpc_transport_smbd_init_state); NTSTATUS status; status = rpc_transport_np_init_recv( subreq, state->transport_smbd, &state->transport_smbd->sub_transp); TALLOC_FREE(subreq); if (!NT_STATUS_IS_OK(status)) { async_req_nterror(req, status); return; } async_req_done(req); } NTSTATUS rpc_transport_smbd_init_recv(struct async_req *req, TALLOC_CTX *mem_ctx, struct rpc_cli_transport **presult) { struct rpc_transport_smbd_init_state *state = talloc_get_type_abort( req->private_data, struct rpc_transport_smbd_init_state); NTSTATUS status; if (async_req_is_nterror(req, &status)) { return status; } state->transport->write_send = rpc_smbd_write_send; state->transport->write_recv = rpc_smbd_write_recv; state->transport->read_send = rpc_smbd_read_send; state->transport->read_recv = rpc_smbd_read_recv; state->transport->trans_send = NULL; state->transport->trans_recv = NULL; *presult = talloc_move(mem_ctx, &state->transport); return NT_STATUS_OK; } NTSTATUS rpc_transport_smbd_init(TALLOC_CTX *mem_ctx, struct rpc_cli_smbd_conn *conn, const struct ndr_syntax_id *abstract_syntax, struct rpc_cli_transport **presult) { TALLOC_CTX *frame = talloc_stackframe(); struct event_context *ev; struct async_req *req; NTSTATUS status; ev = event_context_init(frame); if (ev == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } req = rpc_transport_smbd_init_send(frame, ev, conn, abstract_syntax); if (req == NULL) { status = NT_STATUS_NO_MEMORY; goto fail; } while (req->state < ASYNC_REQ_DONE) { event_loop_once(ev); } status = rpc_transport_smbd_init_recv(req, mem_ctx, presult); fail: TALLOC_FREE(frame); return status; }