search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ctdb-tests: Update statd-callout tests to handle both modes
[samba4-gss.git] / librpc / rpc / dcesrv_handles.c
blobeff63970e16c10a12a58c1cf9d781847eb26ee2b
1 /*
2 Unix SMB/CIFS implementation.
3
4 server side dcerpc handle code
5
6 Copyright (C) Andrew Tridgell 2003
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "lib/util/dlinklist.h"
24 #include "rpc_server/dcerpc_server.h"
25 #include "libcli/security/security.h"
26 #include "librpc/gen_ndr/auth.h"
27
28 /*
29 destroy a rpc handle
30 */
31 static int dcesrv_handle_destructor(struct dcesrv_handle *h)
32 {
33 DLIST_REMOVE(h->assoc_group->handles, h);
34 return 0;
35 }
36
37
38 /*
39 allocate a new rpc handle
40 */
41 _PUBLIC_
42 struct dcesrv_handle *dcesrv_handle_create(struct dcesrv_call_state *call,
43 uint8_t handle_type)
44 {
45 struct dcesrv_connection_context *context = call->context;
46 struct auth_session_info *session_info =
47 dcesrv_call_session_info(call);
48 struct dcesrv_handle *h;
49 struct dom_sid *sid;
50
51 /*
52 * For simplicity, ensure we abort here for an interface that
53 * has no handles (programmer error)
54 */
55 SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
56
57 sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
58
59 h = talloc_zero(context->conn->assoc_group, struct dcesrv_handle);
60 if (!h) {
61 return NULL;
62 }
63 h->data = NULL;
64 sid_copy(&h->sid, sid);
65 h->min_auth_level = call->auth_state->auth_level;
66 h->assoc_group = context->conn->assoc_group;
67 h->iface = context->iface;
68 h->wire_handle.handle_type = handle_type;
69 h->wire_handle.uuid = GUID_random();
70
71 DLIST_ADD(context->conn->assoc_group->handles, h);
72
73 talloc_set_destructor(h, dcesrv_handle_destructor);
74
75 return h;
76 }
77
78 /**
79 find an internal handle given a wire handle. If the wire handle is NULL then
80 allocate a new handle
81 */
82
83 _PUBLIC_
84 struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
85 const struct policy_handle *p,
86 uint8_t handle_type)
87 {
88 struct dcesrv_connection_context *context = call->context;
89 struct auth_session_info *session_info =
90 dcesrv_call_session_info(call);
91 struct dcesrv_handle *h;
92 struct dom_sid *sid;
93
94 /*
95 * For simplicity, ensure we abort here for an interface that
96 * has no handles (programmer error)
97 */
98 SMB_ASSERT((context->iface->flags & DCESRV_INTERFACE_FLAGS_HANDLES_NOT_USED) == 0);
99
100 sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
101
102 if (ndr_policy_handle_empty(p)) {
103 /* TODO: we should probably return a NULL handle here */
104 return dcesrv_handle_create(call, handle_type);
105 }
106
107 if (handle_type != DCESRV_HANDLE_ANY &&
108 p->handle_type != handle_type) {
109 DBG_WARNING("client gave us the wrong handle type "
110 "(%"PRIu32" should be %"PRIu8")\n",
111 p->handle_type,
112 handle_type);
113 return NULL;
114 }
115
116 for (h=context->conn->assoc_group->handles; h; h=h->next) {
117 if (h->wire_handle.handle_type == p->handle_type &&
118 GUID_equal(&p->uuid, &h->wire_handle.uuid)) {
119 break;
120 }
121 }
122
123 if (h == NULL) {
124 /* not found */
125 return NULL;
126 }
127
128 if (!dom_sid_equal(&h->sid, sid)) {
129 struct dom_sid_buf buf1, buf2;
130 DBG_ERR("Attempt to use invalid sid %s - %s\n",
131 dom_sid_str_buf(&h->sid, &buf1),
132 dom_sid_str_buf(sid, &buf2));
133 return NULL;
134 }
135
136 if (call->auth_state->auth_level < h->min_auth_level) {
137 DBG_ERR("Attempt to use invalid auth_level %u < %u\n",
138 call->auth_state->auth_level,
139 h->min_auth_level);
140 return NULL;
141 }
142
143 if (h->iface != context->iface) {
144 DBG_ERR("Attempt to use invalid iface\n");
145 return NULL;
146 }
147
148 return h;
149 }
150
151 struct dcesrv_iface_state {
152 struct dcesrv_iface_state *prev, *next;
153 struct dcesrv_assoc_group *assoc;
154 const struct dcesrv_interface *iface;
155 struct dom_sid owner;
156 const struct dcesrv_connection *conn;
157 const struct dcesrv_auth *auth;
158 const struct dcesrv_connection_context *pres;
159 uint64_t magic;
160 void *ptr;
161 const char *location;
162 };
163
164 static int dcesrv_iface_state_destructor(struct dcesrv_iface_state *istate)
165 {
166 if (istate->assoc != NULL) {
167 DLIST_REMOVE(istate->assoc->iface_states, istate);
168 istate->assoc = NULL;
169 }
170 return 0;
171 }
172
173 void dcesrv_assoc_group_common_destructor(struct dcesrv_assoc_group *assoc_group)
174 {
175 struct dcesrv_iface_state *cur = NULL;
176 struct dcesrv_iface_state *next = NULL;
177
178 for (cur = assoc_group->iface_states; cur != NULL; cur = next) {
179 next = cur->next;
180 cur->assoc = NULL;
181 DLIST_REMOVE(assoc_group->iface_states, cur);
182 }
183 }
184
185 static void *dcesrv_iface_state_find(struct dcesrv_assoc_group *assoc,
186 const struct dcesrv_interface *iface,
187 const struct dom_sid *owner,
188 const struct dcesrv_connection *conn,
189 const struct dcesrv_auth *auth,
190 const struct dcesrv_connection_context *pres,
191 uint64_t magic,
192 const void *ptr)
193 {
194 struct dcesrv_iface_state *cur = NULL;
195
196 for (cur = assoc->iface_states; cur != NULL; cur = cur->next) {
197 bool match;
198
199 SMB_ASSERT(cur->assoc == assoc);
200
201 if (cur->ptr == ptr) {
202 return cur->ptr;
203 }
204
205 if (cur->iface != iface) {
206 continue;
207 }
208
209 match = dom_sid_equal(&cur->owner, owner);
210 if (!match) {
211 continue;
212 }
213
214 if (cur->conn != conn) {
215 continue;
216 }
217
218 if (cur->auth != auth) {
219 continue;
220 }
221
222 if (cur->pres != pres) {
223 continue;
224 }
225
226 if (cur->magic != magic) {
227 continue;
228 }
229
230 return cur->ptr;
231 }
232
233 return NULL;
234 }
235
236 static NTSTATUS dcesrv_iface_state_store(struct dcesrv_assoc_group *assoc,
237 const struct dcesrv_interface *iface,
238 const struct dom_sid *owner,
239 const struct dcesrv_connection *conn,
240 const struct dcesrv_auth *auth,
241 const struct dcesrv_connection_context *pres,
242 uint64_t magic,
243 TALLOC_CTX *mem_ctx,
244 void *ptr,
245 const char *location)
246 {
247 struct dcesrv_iface_state *istate = NULL;
248 void *optr = NULL;
249
250 optr = dcesrv_iface_state_find(assoc,
251 iface,
252 owner,
253 conn,
254 auth,
255 pres,
256 magic,
257 ptr);
258 if (optr != NULL) {
259 return NT_STATUS_OBJECTID_EXISTS;
260 }
261
262 istate = talloc_zero(ptr, struct dcesrv_iface_state);
263 if (istate == NULL) {
264 return NT_STATUS_NO_MEMORY;
265 }
266
267 *istate = (struct dcesrv_iface_state) {
268 .assoc = assoc,
269 .iface = iface,
270 .owner = *owner,
271 .conn = conn,
272 .auth = auth,
273 .pres = pres,
274 .magic = magic,
275 .location = location,
276 };
277
278 istate->ptr = talloc_steal(mem_ctx, ptr);
279
280 talloc_set_destructor(istate, dcesrv_iface_state_destructor);
281
282 DLIST_ADD_END(assoc->iface_states, istate);
283
284 return NT_STATUS_OK;
285 }
286
287 NTSTATUS _dcesrv_iface_state_store_assoc(struct dcesrv_call_state *call,
288 uint64_t magic,
289 void *ptr,
290 const char *location)
291 {
292 struct auth_session_info *session_info =
293 dcesrv_call_session_info(call);
294 const struct dom_sid *owner =
295 &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
296 NTSTATUS status;
297
298 status = dcesrv_iface_state_store(call->conn->assoc_group,
299 call->context->iface,
300 owner,
301 NULL, /* conn */
302 NULL, /* auth */
303 NULL, /* pres */
304 magic,
305 call->conn->assoc_group, /* mem_ctx */
306 ptr,
307 location);
308 if (!NT_STATUS_IS_OK(status)) {
309 return status;
310 }
311
312 return NT_STATUS_OK;
313 }
314
315 void *_dcesrv_iface_state_find_assoc(struct dcesrv_call_state *call, uint64_t magic)
316 {
317 struct auth_session_info *session_info =
318 dcesrv_call_session_info(call);
319 const struct dom_sid *owner =
320 &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
321 void *ptr = NULL;
322
323 ptr = dcesrv_iface_state_find(call->conn->assoc_group,
324 call->context->iface,
325 owner,
326 NULL, /* conn */
327 NULL, /* auth */
328 NULL, /* pres */
329 magic,
330 NULL); /* ptr */
331 if (ptr == NULL) {
332 return NULL;
333 }
334
335 return ptr;
336 }
337
338 NTSTATUS _dcesrv_iface_state_store_conn(struct dcesrv_call_state *call,
339 uint64_t magic,
340 void *ptr,
341 const char *location)
342 {
343 struct auth_session_info *session_info =
344 dcesrv_call_session_info(call);
345 const struct dom_sid *owner =
346 &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
347 NTSTATUS status;
348
349 status = dcesrv_iface_state_store(call->conn->assoc_group,
350 call->context->iface,
351 owner,
352 call->conn,
353 call->auth_state,
354 call->context,
355 magic,
356 call->conn, /* mem_ctx */
357 ptr,
358 location);
359 if (!NT_STATUS_IS_OK(status)) {
360 return status;
361 }
362
363 return NT_STATUS_OK;
364 }
365
366 void *_dcesrv_iface_state_find_conn(struct dcesrv_call_state *call, uint64_t magic)
367 {
368 struct auth_session_info *session_info =
369 dcesrv_call_session_info(call);
370 const struct dom_sid *owner =
371 &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
372 void *ptr = NULL;
373
374 ptr = dcesrv_iface_state_find(call->conn->assoc_group,
375 call->context->iface,
376 owner,
377 call->conn,
378 call->auth_state,
379 call->context,
380 magic,
381 NULL); /* ptr */
382 if (ptr == NULL) {
383 return NULL;
384 }
385
386 return ptr;
387 }
GSS-enabled samba4