diff options
author | Luke Leighton <lkcl@samba.org> | 2000-02-08 03:43:58 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 2000-02-08 03:43:58 +0000 |
commit | eaa278b2db7126cae0403af43b47696bfc5084f7 (patch) | |
tree | 6c5f0e4dc9e741a95bde253171570146059047de | |
parent | 9db4e7cf98f2ed8152430bcd302824c9fab8da19 (diff) | |
download | samba-eaa278b2db7126cae0403af43b47696bfc5084f7.tar.gz samba-eaa278b2db7126cae0403af43b47696bfc5084f7.tar.xz samba-eaa278b2db7126cae0403af43b47696bfc5084f7.zip |
first stage of making some sort of "thread" context ... er, thing :) in
the msrpc code. it's not really threads, it's just a thread context,
so that if different thread-contexts are requested, then the msrpc daemon
will at least be able to switch user-security-context.
eventually, i will have to go so far as to be able to reconstruct PDUs
depending on the user context, but that will require one socket per
thread-context, and some means to set that up *inside* the Bind/Bind-Request
processing code [argh!], because that's what triggers a "new" user-context,
really.
i hope.
-rw-r--r-- | source/include/ntdomain.h | 19 | ||||
-rw-r--r-- | source/include/proto.h | 25 | ||||
-rw-r--r-- | source/include/rpc_client_proto.h | 3 | ||||
-rw-r--r-- | source/include/rpc_parse_proto.h | 6 | ||||
-rw-r--r-- | source/include/smb.h | 18 | ||||
-rw-r--r-- | source/lib/msrpc-agent.c | 11 | ||||
-rw-r--r-- | source/lib/msrpc-client.c | 41 | ||||
-rw-r--r-- | source/lib/msrpc_use.c | 84 | ||||
-rw-r--r-- | source/lib/util_array.c | 1 | ||||
-rw-r--r-- | source/lib/vuser.c | 17 | ||||
-rw-r--r-- | source/lib/vuser_db.c | 11 | ||||
-rw-r--r-- | source/msrpc/msrpcd.c | 6 | ||||
-rw-r--r-- | source/msrpc/msrpcd_process.c | 54 | ||||
-rw-r--r-- | source/rpc_client/cli_connect.c | 30 | ||||
-rw-r--r-- | source/rpc_client/cli_use.c | 1 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe.c | 8 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe_hnd.c | 122 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe_srv.c | 2 | ||||
-rw-r--r-- | source/rpcclient/rpcclient.c | 3 | ||||
-rw-r--r-- | source/smbd/nttrans.c | 5 | ||||
-rw-r--r-- | source/smbd/pipes.c | 7 |
21 files changed, 191 insertions, 283 deletions
diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h index a36aba06490..1156c762e77 100644 --- a/source/include/ntdomain.h +++ b/source/include/ntdomain.h @@ -137,6 +137,8 @@ typedef struct rpcsrv_struct vuser_key key; + int c; /* socket */ + } rpcsrv_struct; struct cli_connection; @@ -174,23 +176,11 @@ typedef struct srv_auth_fns } srv_auth_fns; -typedef struct msrpc_pipes_struct -{ - fstring name; - fstring pipe_srv_name; - - /* local, server-side rpc state processing */ - rpcsrv_struct *l; - -} msrpc_pipes_struct; - typedef struct pipes_struct { struct pipes_struct *next, *prev; int pnum; - connection_struct *conn; - uint16 vuid; - BOOL open; /* open connection */ + vuser_key key; uint16 device_state; uint16 priority; fstring name; @@ -199,6 +189,9 @@ typedef struct pipes_struct /* remote, server-side rpc redirection */ struct msrpc_state *m; + /* local, server-side rpc state processing */ + rpcsrv_struct *l; + } pipes_struct; typedef struct msrpc_service_fns diff --git a/source/include/proto.h b/source/include/proto.h index ca26b39f8a7..49d25f1be9f 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -294,13 +294,11 @@ BOOL receive_msrpc(int fd, prs_struct *data, unsigned int timeout); BOOL msrpc_send(int fd, prs_struct *ps); BOOL msrpc_receive(int fd, prs_struct *ps); BOOL msrpc_connect(struct msrpc_state *msrpc, const char *pipe_name); -void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_creds *usr); void msrpc_close_socket(struct msrpc_state *msrpc); void msrpc_sockopt(struct msrpc_state *msrpc, char *options); BOOL msrpc_connect_auth(struct msrpc_state *msrpc, const vuser_key *key, - const char* pipename, - const struct user_creds *usr); + const char* pipename); struct msrpc_state *msrpc_initialise(struct msrpc_state *msrpc, const vuser_key *key); void msrpc_shutdown(struct msrpc_state *msrpc); @@ -314,10 +312,8 @@ void init_msrpc_use(void); void free_msrpc_use(void); struct msrpc_state *msrpc_use_add(const char* pipe_name, const vuser_key *key, - const struct user_creds *usr_creds, BOOL redir); BOOL msrpc_use_del(const char* pipe_name, - const struct user_creds *usr_creds, BOOL force_close, BOOL *connection_closed); void msrpc_net_use_enum(uint32 *num_cons, struct use_info ***use); @@ -795,6 +791,7 @@ void start_agent(struct vagent_ops *va); /*The following definitions come from lib/vuser.c */ +BOOL is_valid_user_struct(const vuser_key *key); user_struct *get_valid_user_struct(const vuser_key *key); void invalidate_vuid(vuser_key *key); BOOL validated_username(vuser_key *key, char *name, size_t len); @@ -1149,11 +1146,11 @@ void exit_server(char *reason); /*The following definitions come from msrpc/msrpcd_process.c */ -BOOL get_user_creds(int c, struct user_creds *usr, vuser_key *uk); +BOOL get_user_creds(int c, vuser_key *uk); void close_srv_auth_array(rpcsrv_struct *l); void add_srv_auth_fn(rpcsrv_struct *l, srv_auth_fns *fn); -BOOL msrpcd_init(int c, msrpc_pipes_struct *p); -void msrpcd_process(msrpc_service_fns *fn, int c, msrpc_pipes_struct *p); +BOOL msrpcd_init(int c, rpcsrv_struct **l); +void msrpcd_process(msrpc_service_fns *fn, rpcsrv_struct *l, const char* name); /*The following definitions come from netlogond/creds_db.c */ @@ -2097,8 +2094,7 @@ struct cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con); void *cli_conn_get_auth_creds(struct cli_connection *con); void *cli_conn_get_auth_info(struct cli_connection *con); BOOL cli_conn_set_auth_info(struct cli_connection *con, void *auth_info); -struct ntuser_creds *cli_conn_get_usercreds(struct cli_connection *con); -struct ntdom_info * cli_conn_get_ntinfo(struct cli_connection *con); +struct ntdom_info *cli_conn_get_ntinfo(struct cli_connection *con); BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]); BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name); BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]); @@ -3214,12 +3210,13 @@ int read_pipe(pipes_struct *p, char *data, int n); void set_pipe_handle_offset(int max_open_files); void reset_chain_p(void); void init_rpc_pipe_hnd(void); -pipes_struct *open_rpc_pipe_p(char *pipe_name, - connection_struct *conn, uint16 vuid); +pipes_struct *open_rpc_pipe_p(char *pipe_name, const vuser_key *key, + rpcsrv_struct *l); BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority); BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state); -BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn); +BOOL close_rpc_pipe_hnd(pipes_struct *p); pipes_struct *get_rpc_pipe_p(char *buf, int where); +pipes_struct *get_rpc_vuser(const vuser_key *key); pipes_struct *get_rpc_pipe(int pnum); /*The following definitions come from rpc_server/srv_pipe_netsec.c */ @@ -3239,7 +3236,7 @@ void add_msrpc_command_processor(char* pipe_name, BOOL (*fn) (rpcsrv_struct *)); BOOL api_rpcTNP(rpcsrv_struct *l, const char *rpc_name, const struct api_struct *api_rpc_cmds); -BOOL rpc_local(rpcsrv_struct *l, char *data, int len, char *name); +BOOL rpc_local(rpcsrv_struct *l, char *data, int len, const char *name); /*The following definitions come from rpc_server/srv_reg.c */ diff --git a/source/include/rpc_client_proto.h b/source/include/rpc_client_proto.h index 79d430968d1..68ce0096d38 100644 --- a/source/include/rpc_client_proto.h +++ b/source/include/rpc_client_proto.h @@ -43,8 +43,7 @@ struct cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con); void *cli_conn_get_auth_creds(struct cli_connection *con); void *cli_conn_get_auth_info(struct cli_connection *con); BOOL cli_conn_set_auth_info(struct cli_connection *con, void *auth_info); -struct ntuser_creds *cli_conn_get_usercreds(struct cli_connection *con); -struct ntdom_info * cli_conn_get_ntinfo(struct cli_connection *con); +struct ntdom_info *cli_conn_get_ntinfo(struct cli_connection *con); BOOL cli_get_con_sesskey(struct cli_connection *con, uchar sess_key[16]); BOOL cli_con_get_srvname(struct cli_connection *con, char *srv_name); BOOL cli_get_sesskey(const POLICY_HND *pol, uchar sess_key[16]); diff --git a/source/include/rpc_parse_proto.h b/source/include/rpc_parse_proto.h index 5c80dc51aba..74143ad3fde 100644 --- a/source/include/rpc_parse_proto.h +++ b/source/include/rpc_parse_proto.h @@ -13,13 +13,11 @@ BOOL receive_msrpc(int fd, prs_struct *data, unsigned int timeout); BOOL msrpc_send(int fd, prs_struct *ps); BOOL msrpc_receive(int fd, prs_struct *ps); BOOL msrpc_connect(struct msrpc_state *msrpc, const char *pipe_name); -void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_creds *usr); void msrpc_close_socket(struct msrpc_state *msrpc); void msrpc_sockopt(struct msrpc_state *msrpc, char *options); BOOL msrpc_connect_auth(struct msrpc_state *msrpc, const vuser_key *key, - const char* pipename, - const struct user_creds *usr); + const char* pipename); struct msrpc_state *msrpc_initialise(struct msrpc_state *msrpc, const vuser_key *key); void msrpc_shutdown(struct msrpc_state *msrpc); @@ -33,10 +31,8 @@ void init_msrpc_use(void); void free_msrpc_use(void); struct msrpc_state *msrpc_use_add(const char* pipe_name, const vuser_key *key, - const struct user_creds *usr_creds, BOOL redir); BOOL msrpc_use_del(const char* pipe_name, - const struct user_creds *usr_creds, BOOL force_close, BOOL *connection_closed); void msrpc_net_use_enum(uint32 *num_cons, struct use_info ***use); diff --git a/source/include/smb.h b/source/include/smb.h index b2b4a57cb1d..d847cc52a99 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -352,14 +352,6 @@ struct sam_disp_info char *full_name; /* user's full name string */ }; -struct use_info -{ - BOOL connected; - char *srv_name; - char *user_name; - char *domain; -}; - #define MAXSUBAUTHS 15 /* max sub authorities in a SID */ /* DOM_SID - security id */ @@ -1681,6 +1673,15 @@ typedef struct } vuser_key; +struct use_info +{ + BOOL connected; + char *srv_name; + vuser_key key; + char *user_name; + char *domain; +}; + #include "ntdomain.h" typedef struct @@ -1826,7 +1827,6 @@ struct ntdom_info struct msrpc_state { fstring pipe_name; - struct user_creds usr; struct ntdom_info nt; cli_auth_fns *auth; void *auth_info; diff --git a/source/lib/msrpc-agent.c b/source/lib/msrpc-agent.c index 4d2e5b3abeb..573c943d957 100644 --- a/source/lib/msrpc-agent.c +++ b/source/lib/msrpc-agent.c @@ -35,7 +35,7 @@ static void free_sock(void *sock) if (sock != NULL) { struct msrpc_state *n = (struct msrpc_state*)sock; - msrpc_use_del(n->pipe_name, &n->usr, False, NULL); + msrpc_use_del(n->pipe_name, False, NULL); } } @@ -43,7 +43,6 @@ static struct msrpc_state *init_client_connection(int c) { pstring buf; fstring pipe_name; - struct user_creds usr; int rl; uint32 len; BOOL new_con = False; @@ -52,9 +51,7 @@ static struct msrpc_state *init_client_connection(int c) CREDS_CMD cmd; prs_struct ps; - ZERO_STRUCT(usr); ZERO_STRUCT(cmd); - cmd.cred = &usr; DEBUG(10,("init_client_connection: first request\n")); @@ -128,7 +125,7 @@ static struct msrpc_state *init_client_connection(int c) if (new_con) { uint32 status = 0; - n = msrpc_use_add(pipe_name, &cmd.key, &usr, False); + n = msrpc_use_add(pipe_name, &cmd.key, False); if (n == NULL) { @@ -138,7 +135,6 @@ static struct msrpc_state *init_client_connection(int c) else { fstrcpy(n->pipe_name, pipe_name); - copy_user_creds(&n->usr, &usr); } if (write(c, &status, sizeof(status)) != sizeof(status)) @@ -146,12 +142,11 @@ static struct msrpc_state *init_client_connection(int c) DEBUG(0,("Could not write connection down pipe.\n")); if (n != NULL) { - msrpc_use_del(pipe_name, &usr, False, NULL); + msrpc_use_del(pipe_name, False, NULL); n = NULL; } } } - free_user_creds(&usr); return n; } diff --git a/source/lib/msrpc-client.c b/source/lib/msrpc-client.c index e47de6e7664..f62ca99893e 100644 --- a/source/lib/msrpc-client.c +++ b/source/lib/msrpc-client.c @@ -169,17 +169,6 @@ BOOL msrpc_connect(struct msrpc_state *msrpc, const char *pipe_name) /**************************************************************************** -initialise a msrpcent structure -****************************************************************************/ -void msrpc_init_creds(struct msrpc_state *msrpc, const struct user_creds *usr) -{ - copy_user_creds(&msrpc->usr, usr); -#if 0 - msrpc->nt.ntlmssp_cli_flgs = usr->ntc.ntlmssp_flags; -#endif -} - -/**************************************************************************** close the socket descriptor ****************************************************************************/ void msrpc_close_socket(struct msrpc_state *msrpc) @@ -202,8 +191,7 @@ void msrpc_sockopt(struct msrpc_state *msrpc, char *options) static BOOL msrpc_authenticate(struct msrpc_state *msrpc, - const vuser_key *key, - const struct user_creds *usr) + const vuser_key *key) { int sock = msrpc->fd; uint32 len; @@ -217,10 +205,10 @@ static BOOL msrpc_authenticate(struct msrpc_state *msrpc, msrpc->nt.key = *key; - command = usr != NULL ? AGENT_CMD_CON : AGENT_CMD_CON_ANON; + command = AGENT_CMD_CON; if (!create_user_creds(&ps, msrpc->pipe_name, 0x0, command, - key, usr)) + key, NULL)) { DEBUG(0,("could not parse credentials\n")); close(sock); @@ -257,7 +245,6 @@ static BOOL msrpc_authenticate(struct msrpc_state *msrpc, msrpc->inbuf = in; msrpc->outbuf = out; msrpc->fd = sock; - msrpc->usr.reuse = False; } else { @@ -271,8 +258,7 @@ static BOOL msrpc_authenticate(struct msrpc_state *msrpc, static BOOL msrpc_init_redirect(struct msrpc_state *msrpc, const vuser_key *key, - const char* pipe_name, - const struct user_creds *usr) + const char* pipe_name) { int sock; fstring path; @@ -288,7 +274,7 @@ static BOOL msrpc_init_redirect(struct msrpc_state *msrpc, msrpc->fd = sock; - if (!msrpc_authenticate(msrpc, key, NULL)) + if (!msrpc_authenticate(msrpc, key)) { DEBUG(0,("authenticate failed\n")); close(msrpc->fd); @@ -301,8 +287,7 @@ static BOOL msrpc_init_redirect(struct msrpc_state *msrpc, BOOL msrpc_connect_auth(struct msrpc_state *msrpc, const vuser_key *key, - const char* pipename, - const struct user_creds *usr) + const char* pipename) { ZERO_STRUCTP(msrpc); if (!msrpc_initialise(msrpc, key)) @@ -311,8 +296,6 @@ BOOL msrpc_connect_auth(struct msrpc_state *msrpc, return False; } - msrpc_init_creds(msrpc, usr); - if (!msrpc_establish_connection(msrpc, key, pipename)) { msrpc_shutdown(msrpc); @@ -350,7 +333,6 @@ struct msrpc_state *msrpc_initialise(struct msrpc_state *msrpc, } msrpc->initialised = 1; - msrpc_init_creds(msrpc, NULL); msrpc->nt.key.vuid = UID_FIELD_INVALID; return msrpc; @@ -382,20 +364,19 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc, const vuser_key *key, const char *pipe_name) { - DEBUG(5,("msrpc_establish_connection: connecting to %s (%s) - %s\n", - pipe_name, - msrpc->usr.ntc.user_name, msrpc->usr.ntc.domain)); + DEBUG(5,("msrpc_establish_connection: connecting to %s\n", + pipe_name)); /* establish connection */ - if ((!msrpc->initialised)) + if (!msrpc->initialised) { return False; } if (msrpc->fd == -1 && msrpc->redirect) { - if (msrpc_init_redirect(msrpc, key, pipe_name, &msrpc->usr)) + if (msrpc_init_redirect(msrpc, key, pipe_name)) { DEBUG(10,("msrpc_establish_connection: redirected OK\n")); return True; @@ -417,7 +398,7 @@ BOOL msrpc_establish_connection(struct msrpc_state *msrpc, } } - if (!msrpc_authenticate(msrpc, key, NULL)) + if (!msrpc_authenticate(msrpc, key)) { DEBUG(0,("authenticate failed\n")); close(msrpc->fd); diff --git a/source/lib/msrpc_use.c b/source/lib/msrpc_use.c index c2bd20478a4..0dce2afa339 100644 --- a/source/lib/msrpc_use.c +++ b/source/lib/msrpc_use.c @@ -109,22 +109,11 @@ void free_msrpc_use(void) find client state. server name, user name, domain name and password must all match. ****************************************************************************/ -static struct msrpc_use *msrpc_find(const char* pipe_name, - const struct user_creds *usr_creds) +static struct msrpc_use *msrpc_find(const char* pipe_name) { int i; - struct user_creds null_usr; - if (usr_creds == NULL) - { - copy_user_creds(&null_usr, usr_creds); - usr_creds = &null_usr; - } - - DEBUG(10,("msrpc_find: %s %s %s\n", - pipe_name, - usr_creds != NULL ? usr_creds->ntc.user_name : "null", - usr_creds != NULL ? usr_creds->ntc.domain : "null")); + DEBUG(10,("msrpc_find: %s\n", pipe_name)); for (i = 0; i < num_msrpcs; i++) { @@ -135,30 +124,9 @@ static struct msrpc_use *msrpc_find(const char* pipe_name, msrpc_name = c->cli->pipe_name; - DEBUG(10,("msrpc_find[%d]: %s %s %s\n", - i, msrpc_name, - c->cli->usr.ntc.user_name, - c->cli->usr.ntc.domain)); + DEBUG(10,("msrpc_find[%d]: %s\n", i, msrpc_name)); - if (!strequal(msrpc_name, pipe_name)) - { - continue; - } - if (!strequal(usr_creds->ntc.user_name, c->cli->usr.ntc.user_name)) - { - continue; - } - if (!usr_creds->reuse && - !pwd_compare(&usr_creds->ntc.pwd, &c->cli->usr.ntc.pwd)) - { - DEBUG(100,("password doesn't match\n")); - continue; - } - if (usr_creds->ntc.domain[0] == 0) - { - return c; - } - if (strequal(usr_creds->ntc.domain, c->cli->usr.ntc.domain)) + if (strequal(msrpc_name, pipe_name)) { return c; } @@ -171,8 +139,7 @@ static struct msrpc_use *msrpc_find(const char* pipe_name, create a new client state from user credentials ****************************************************************************/ static struct msrpc_use *msrpc_use_get(const char* pipe_name, - const vuser_key *key, - const struct user_creds *usr_creds) + const vuser_key *key) { struct msrpc_use *cli = (struct msrpc_use*)malloc(sizeof(*cli)); @@ -190,8 +157,6 @@ static struct msrpc_use *msrpc_use_get(const char* pipe_name, return NULL; } - msrpc_init_creds(cli->cli, usr_creds); - return cli; } @@ -200,13 +165,12 @@ init client state ****************************************************************************/ struct msrpc_state *msrpc_use_add(const char* pipe_name, const vuser_key *key, - const struct user_creds *usr_creds, BOOL redir) { struct msrpc_use *cli; DEBUG(10,("msrpc_use_add: %s redir: %s\n", pipe_name, BOOLSTR(redir))); - cli = msrpc_find(pipe_name, usr_creds); + cli = msrpc_find(pipe_name); if (cli != NULL) { @@ -215,7 +179,7 @@ struct msrpc_state *msrpc_use_add(const char* pipe_name, } /* reuse an existing connection requested, and one was not found */ - if (usr_creds != NULL && usr_creds->reuse && !redir) + if (redir) { DEBUG(0,("msrpc_use_add: reuse requested, but one not found\n")); return False; @@ -225,7 +189,7 @@ struct msrpc_state *msrpc_use_add(const char* pipe_name, * allocate */ - cli = msrpc_use_get(pipe_name, key, usr_creds); + cli = msrpc_use_get(pipe_name, key); cli->cli->redirect = redir; if (!msrpc_establish_connection(cli->cli, key, pipe_name)) @@ -246,7 +210,6 @@ struct msrpc_state *msrpc_use_add(const char* pipe_name, delete a client state ****************************************************************************/ BOOL msrpc_use_del(const char* pipe_name, - const struct user_creds *usr_creds, BOOL force_close, BOOL *connection_closed) { @@ -271,28 +234,22 @@ BOOL msrpc_use_del(const char* pipe_name, if (!strequal(msrpc_name, pipe_name)) continue; - if (strequal(usr_creds->ntc.user_name, - msrpcs[i]->cli->usr.ntc.user_name) && - strequal(usr_creds->ntc.domain, - msrpcs[i]->cli->usr.ntc.domain)) - { - /* decrement number of users */ - msrpcs[i]->num_users--; + /* decrement number of users */ + msrpcs[i]->num_users--; - DEBUG(10,("idx: %i num_users now: %d\n", - i, msrpcs[i]->num_users)); + DEBUG(10,("idx: %i num_users now: %d\n", + i, msrpcs[i]->num_users)); - if (force_close || msrpcs[i]->num_users == 0) + if (force_close || msrpcs[i]->num_users == 0) + { + msrpc_use_free(msrpcs[i]); + msrpcs[i] = NULL; + if (connection_closed != NULL) { - msrpc_use_free(msrpcs[i]); - msrpcs[i] = NULL; - if (connection_closed != NULL) - { - *connection_closed = True; - } + *connection_closed = True; } - return True; } + return True; } return False; @@ -321,8 +278,7 @@ void msrpc_net_use_enum(uint32 *num_cons, struct use_info ***use) if (item.connected) { item.srv_name = msrpcs[i]->cli->pipe_name; - item.user_name = msrpcs[i]->cli->usr.ntc.user_name; - item.domain = msrpcs[i]->cli->usr.ntc.domain; + item.key = msrpcs[i]->cli->nt.key; } add_use_info_to_array(num_cons, use, &item); diff --git a/source/lib/util_array.c b/source/lib/util_array.c index 3b3cc4fca07..fe59e6af81a 100644 --- a/source/lib/util_array.c +++ b/source/lib/util_array.c @@ -107,6 +107,7 @@ static struct use_info *use_info_dup(const struct use_info *from) { ZERO_STRUCTP(copy); copy->connected = from->connected; + copy->key = from->key; if (from->srv_name != NULL) { copy->srv_name = strdup(from->srv_name ); diff --git a/source/lib/vuser.c b/source/lib/vuser.c index c86d8a3bad6..9a5a01a3d27 100644 --- a/source/lib/vuser.c +++ b/source/lib/vuser.c @@ -27,6 +27,23 @@ extern int DEBUGLEVEL; static int num_validated_users = 0; /**************************************************************************** +check if a uid has been validated. +****************************************************************************/ +BOOL is_valid_user_struct(const vuser_key *key) +{ + if (key == NULL) + { + return False; + } + + if (key->vuid == UID_FIELD_INVALID) + { + return False; + } + return tdb_lookup_vuid(key, NULL); +} + +/**************************************************************************** check if a uid has been validated, and return an pointer to the user_struct if it has. NULL if not. vuid is biased by an offset. This allows us to tell random client vuid's (normally zero) from valid vuids. diff --git a/source/lib/vuser_db.c b/source/lib/vuser_db.c index 4f7f7074be1..fe038520f81 100644 --- a/source/lib/vuser_db.c +++ b/source/lib/vuser_db.c @@ -91,11 +91,14 @@ BOOL tdb_lookup_vuid( const vuser_key *uk, user_struct *usr) prs_tdb_fetch(tdb, &key, &data); - if (!vuid_io_user_struct("usr", usr, &data, 0)) + if (usr != NULL) { - prs_free_data(&key); - prs_free_data(&data); - return False; + if (!vuid_io_user_struct("usr", usr, &data, 0)) + { + prs_free_data(&key); + prs_free_data(&data); + return False; + } } prs_free_data(&key); diff --git a/source/msrpc/msrpcd.c b/source/msrpc/msrpcd.c index d7a63d4ccd0..0e32e345acf 100644 --- a/source/msrpc/msrpcd.c +++ b/source/msrpc/msrpcd.c @@ -359,7 +359,7 @@ static void usage(char *pname) int opt; extern char *optarg; int ClientMSRPC = -1; - msrpc_pipes_struct p; + pipes_struct p; fstring service_name; if (fn == NULL) @@ -560,11 +560,11 @@ static void usage(char *pname) ZERO_STRUCT(p); fstrcpy(p.name, pipe_name); - if (msrpcd_init(ClientMSRPC, &p)) + if (msrpcd_init(ClientMSRPC, &p.l)) { fn->auth_init(p.l); fn->reload_services(True); - msrpcd_process(fn, ClientMSRPC, &p); + msrpcd_process(fn, p.l, p.name); } if (ClientMSRPC != -1) { diff --git a/source/msrpc/msrpcd_process.c b/source/msrpc/msrpcd_process.c index afb4cd1e394..f6f3909340a 100644 --- a/source/msrpc/msrpcd_process.c +++ b/source/msrpc/msrpcd_process.c @@ -143,7 +143,7 @@ static prs_struct pdu; process an smb from the client - split out from the process() code so it can be used by the oplock break code. ****************************************************************************/ -static void process_msrpc(msrpc_pipes_struct *p, int c) +static void process_msrpc(rpcsrv_struct *l, const char* name) { static int trans_num; int32 len = prs_buf_len(&pdu); @@ -160,12 +160,12 @@ static void process_msrpc(msrpc_pipes_struct *p, int c) } #endif - if (rpc_local(p->l, pdu.data, len, p->name) && - msrpc_send(c, &p->l->rsmb_pdu)) + if (rpc_local(l, pdu.data, len, name) && + msrpc_send(l->c, &l->rsmb_pdu)) { - prs_free_data(&p->l->rsmb_pdu); + prs_free_data(&l->rsmb_pdu); - while (rpc_local(p->l, NULL, 0, p->name)) + while (rpc_local(l, NULL, 0, name)) { fd_set fds; int selrtn; @@ -176,13 +176,13 @@ static void process_msrpc(msrpc_pipes_struct *p, int c) smb_read_error = 0; FD_ZERO(&fds); - FD_SET(c,&fds); + FD_SET(l->c,&fds); maxfd = 0; to.tv_sec = timeout / 1000; to.tv_usec = (timeout % 1000) * 1000; - selrtn = sys_select(MAX(maxfd,c)+1,NULL,&fds, timeout>0?&to:NULL); + selrtn = sys_select(MAX(maxfd,l->c)+1,NULL,&fds, timeout>0?&to:NULL); /* Check if error */ if(selrtn == -1) { @@ -196,13 +196,13 @@ static void process_msrpc(msrpc_pipes_struct *p, int c) return; } - if (FD_ISSET(c,&fds)) + if (FD_ISSET(l->c,&fds)) { - if (!msrpc_send(c, &p->l->rsmb_pdu)) - prs_free_data(&p->l->rsmb_pdu); + if (!msrpc_send(l->c, &l->rsmb_pdu)) + prs_free_data(&l->rsmb_pdu); break; } - prs_free_data(&p->l->rsmb_pdu); + prs_free_data(&l->rsmb_pdu); } } trans_num++; @@ -211,7 +211,7 @@ static void process_msrpc(msrpc_pipes_struct *p, int c) /**************************************************************************** reads user credentials from the socket ****************************************************************************/ -BOOL get_user_creds(int c, struct user_creds *usr, vuser_key *uk) +BOOL get_user_creds(int c, vuser_key *uk) { pstring buf; int rl; @@ -222,9 +222,7 @@ BOOL get_user_creds(int c, struct user_creds *usr, vuser_key *uk) CREDS_CMD cmd; prs_struct ps; - ZERO_STRUCTP(usr); ZERO_STRUCT(cmd); - cmd.cred = usr; DEBUG(10,("get_user_creds: first request\n")); @@ -332,27 +330,22 @@ void add_srv_auth_fn(rpcsrv_struct *l, srv_auth_fns *fn) /**************************************************************************** initialise from pipe ****************************************************************************/ -BOOL msrpcd_init(int c, msrpc_pipes_struct *p) +BOOL msrpcd_init(int c, rpcsrv_struct **l) { - struct user_creds usr; vuser_key uk; user_struct *vuser; - if (!get_user_creds(c, &usr, &uk)) + if (!get_user_creds(c, &uk)) { DEBUG(0,("authentication failed\n")); - free_user_creds(&usr); return False; } if (uk.vuid == UID_FIELD_INVALID) { - free_user_creds(&usr); return False; } - free_user_creds(&usr); - if (!become_vuser(&uk)) { return False; @@ -364,17 +357,18 @@ BOOL msrpcd_init(int c, msrpc_pipes_struct *p) return False; } - p->l = malloc(sizeof(*p->l)); - if (p->l == NULL) + (*l) = malloc(sizeof(*(*l))); + if ((*l) == NULL) { vuid_free_user_struct(vuser); safe_free(vuser); return False; } - ZERO_STRUCTP(p->l); + ZERO_STRUCTP((*l)); - p->l->key = uk; + (*l)->key = uk; + (*l)->c = c; if (!vuser->guest) { @@ -402,7 +396,7 @@ BOOL msrpcd_init(int c, msrpc_pipes_struct *p) /**************************************************************************** process commands from the client ****************************************************************************/ -void msrpcd_process(msrpc_service_fns *fn, int c, msrpc_pipes_struct *p) +void msrpcd_process(msrpc_service_fns *fn, rpcsrv_struct *l, const char* name) { extern fstring remote_machine; extern fstring local_machine; @@ -413,7 +407,7 @@ void msrpcd_process(msrpc_service_fns *fn, int c, msrpc_pipes_struct *p) /* re-initialise the timezone */ TimeInit(); - fstrcpy(remote_machine, p->name); + fstrcpy(remote_machine, name); fstrcpy(local_machine, global_myname); local_machine[15] = 0; strlower(local_machine); @@ -433,7 +427,7 @@ void msrpcd_process(msrpc_service_fns *fn, int c, msrpc_pipes_struct *p) errno = 0; for (counter=SMBD_SELECT_LOOP; - !receive_message_or_msrpc(c, &pdu, + !receive_message_or_msrpc(l->c, &pdu, SMBD_SELECT_LOOP*1000,&got_msrpc); counter += SMBD_SELECT_LOOP) { @@ -494,6 +488,8 @@ void msrpcd_process(msrpc_service_fns *fn, int c, msrpc_pipes_struct *p) } if(got_msrpc) - process_msrpc(p, c); + { + process_msrpc(l, name); + } } } diff --git a/source/rpc_client/cli_connect.c b/source/rpc_client/cli_connect.c index 0524ca98811..359e984cfc8 100644 --- a/source/rpc_client/cli_connect.c +++ b/source/rpc_client/cli_connect.c @@ -165,7 +165,6 @@ static struct cli_connection *cli_con_get(const char* srv_name, con->type = MSRPC_LOCAL; con->usr_creds.reuse = False; con->msrpc.local = msrpc_use_add(&pipe_name[6], &con_key, - &con->usr_creds, False); unbecome_root(False); } @@ -242,7 +241,7 @@ void cli_connection_free(struct cli_connection *con) case MSRPC_LOCAL: { DEBUG(10,("msrpc local connection\n")); - msrpc_use_del(con->srv_name, NULL, False, &closed); + msrpc_use_del(con->srv_name, False, &closed); oldcli = con->msrpc.local; con->msrpc.local = NULL; break; @@ -543,34 +542,9 @@ BOOL cli_conn_set_auth_info(struct cli_connection *con, void *auth_info) } /**************************************************************************** - get nt creds associated with an msrpc session. -****************************************************************************/ -struct ntuser_creds *cli_conn_get_usercreds(struct cli_connection *con) -{ - if (con->msrpc.cli == NULL) - { - DEBUG(1,("cli_conn_get_usercreds: NULL msrpc (closed)\n")); - return NULL; - } - - switch (con->type) - { - case MSRPC_LOCAL: - { - return &con->msrpc.local->usr.ntc; - } - case MSRPC_SMB: - { - return &con->msrpc.smb->cli->usr; - } - } - return NULL; -} - -/**************************************************************************** get nt creds (HACK ALERT!) associated with an msrpc session. ****************************************************************************/ -struct ntdom_info * cli_conn_get_ntinfo(struct cli_connection *con) +struct ntdom_info *cli_conn_get_ntinfo(struct cli_connection *con) { if (con == NULL) { diff --git a/source/rpc_client/cli_use.c b/source/rpc_client/cli_use.c index 7165d1390f7..ebf1de84710 100644 --- a/source/rpc_client/cli_use.c +++ b/source/rpc_client/cli_use.c @@ -374,6 +374,7 @@ void cli_net_use_enum(uint32 *num_cons, struct use_info ***use) { item.srv_name = clis[i]->cli->desthost; item.user_name = clis[i]->cli->usr.user_name; + item.key = clis[i]->cli->nt.key; item.domain = clis[i]->cli->usr.domain; } diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index deceacf89f9..58367660f25 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -105,8 +105,7 @@ writes data to a pipe. ssize_t write_pipe(pipes_struct *p, char *data, size_t n) { DEBUG(6,("write_pipe: %x", p->pnum)); - DEBUG(6,("name: %s open: %s len: %d", - p->name, BOOLSTR(p->open), n)); + DEBUG(6,("name: %s len: %d", p->name, n)); dump_data(50, data, n); @@ -124,10 +123,9 @@ ssize_t write_pipe(pipes_struct *p, char *data, size_t n) ****************************************************************************/ int read_pipe(pipes_struct *p, char *data, int n) { - DEBUG(6,("read_pipe: %x name: %s open: %s len: %d", - p->pnum, p->name, BOOLSTR(p->open), n)); + DEBUG(6,("read_pipe: %x name: %s len: %d", p->pnum, p->name, n)); - if (!p || !p->open) + if (!p) { DEBUG(6,("pipe not open\n")); return -1; diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 1eb7595d70f..7e49a7717b3 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -78,50 +78,29 @@ void init_rpc_pipe_hnd(void) /**************************************************************************** find first available file slot ****************************************************************************/ -pipes_struct *open_rpc_pipe_p(char *pipe_name, - connection_struct *conn, uint16 vuid) +pipes_struct *open_rpc_pipe_p(char *pipe_name, const vuser_key *key, + rpcsrv_struct *l) { int i; pipes_struct *p; static int next_pipe; struct msrpc_state *m = NULL; - vuser_key key = { conn->smbd_pid, vuid }; - user_struct *vuser = get_valid_user_struct(&key); - struct user_creds usr; - ZERO_STRUCT(usr); - - DEBUG(4,("Open pipe requested %s by vuid %d (pipes_open=%d)\n", - pipe_name, vuid, pipes_open)); + DEBUG(4,("Open pipe requested %s by [%x,%d] (pipes_open=%d)\n", + pipe_name, key->pid, key->vuid, pipes_open)); - if (vuser == NULL) + if (!is_valid_user_struct(key)) { - DEBUG(4,("invalid vuid %d\n", vuid)); + DEBUG(4,("invalid vuid\n")); return NULL; } - /* set up unix credentials from the smb side, to feed over the pipe */ - usr.ptr_uxc = 1; - make_creds_unix(&usr.uxc, vuser->name, vuser->requested_name, - vuser->real_name, vuser->guest); - usr.ptr_uxs = 1; - make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); - usr.ptr_nts = 1; - memcpy(&usr.nts, &vuser->usr, sizeof(usr.nts)); - - /* set up nt credentials from the smb side, to feed over the pipe */ - /* lkclXXXX todo! - make_creds_nt(&usr.ntc); - make_creds_nt_sec(&usr.nts); - */ - /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ if (next_pipe == 0) { - next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES; + next_pipe = (key->pid ^ time(NULL)) % MAX_OPEN_PIPES; } i = bitmap_find(bmap, next_pipe); @@ -139,14 +118,17 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); } - become_root(False); /* to make pipe connection */ - m = msrpc_use_add(pipe_name, &key, &usr, False); - unbecome_root(False); - - if (m == NULL) + if (l == NULL) { - DEBUG(5,("open pipes: msrpc redirect failed\n")); - return NULL; + become_root(False); /* to make pipe connection */ + m = msrpc_use_add(pipe_name, key, False); + unbecome_root(False); + + if (m == NULL) + { + DEBUG(5,("open pipes: msrpc redirect failed\n")); + return NULL; + } } p = (pipes_struct *)malloc(sizeof(*p)); @@ -162,12 +144,11 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, p->pnum = i; p->m = m; + p->l = l; - p->open = True; p->device_state = 0; p->priority = 0; - p->conn = conn; - p->vuid = vuid; + p->key = *key; fstrcpy(p->name, pipe_name); @@ -194,19 +175,11 @@ BOOL wait_rpc_pipe_hnd_state(pipes_struct *p, uint16 priority) { if (p == NULL) return False; - if (p->open) - { - DEBUG(3,("%s Setting pipe wait state priority=%x on pipe (name=%s)\n", - timestring(), priority, p->name)); - - p->priority = priority; - - return True; - } + DEBUG(3,("%s Setting pipe wait state priority=%x on pipe (name=%s)\n", + timestring(), priority, p->name)); - DEBUG(3,("%s Error setting pipe wait state priority=%x (name=%s)\n", - timestring(), priority, p->name)); - return False; + p->priority = priority; + return True; } @@ -217,24 +190,17 @@ BOOL set_rpc_pipe_hnd_state(pipes_struct *p, uint16 device_state) { if (p == NULL) return False; - if (p->open) { - DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s)\n", + DEBUG(3,("%s Setting pipe device state=%x on pipe (name=%s)\n", timestring(), device_state, p->name)); - p->device_state = device_state; - - return True; - } - - DEBUG(3,("%s Error setting pipe device state=%x (name=%s)\n", - timestring(), device_state, p->name)); - return False; + p->device_state = device_state; + return True; } /**************************************************************************** close an rpc pipe ****************************************************************************/ -BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) +BOOL close_rpc_pipe_hnd(pipes_struct *p) { if (!p) { DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); @@ -253,7 +219,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) if (p->m != NULL) { DEBUG(4,("closed msrpc redirect: ")); - if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) + if (msrpc_use_del(p->m->pipe_name, False, NULL)) { DEBUG(4,("OK\n")); } @@ -270,7 +236,7 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) } /**************************************************************************** - close an rpc pipe + get an rpc pipe ****************************************************************************/ pipes_struct *get_rpc_pipe_p(char *buf, int where) { @@ -282,6 +248,32 @@ pipes_struct *get_rpc_pipe_p(char *buf, int where) } /**************************************************************************** + get an rpc pipe +****************************************************************************/ +pipes_struct *get_rpc_vuser(const vuser_key *key) +{ + pipes_struct *p; + + DEBUG(4,("search for pipe vuser [%d,%x]\n", key->pid, key->vuid)); + + for (p=Pipes;p;p=p->next) + { + DEBUG(5,("pipe name %s [%d,%x] (pipes_open=%d)\n", + p->name, p->key.pid, p->key.vuid, pipes_open)); + } + + for (p=Pipes;p;p=p->next) + { + if (p->key.pid == key->pid && p->key.vuid == key->vuid) + { + return p; + } + } + + return NULL; +} + +/**************************************************************************** close an rpc pipe ****************************************************************************/ pipes_struct *get_rpc_pipe(int pnum) @@ -292,8 +284,8 @@ pipes_struct *get_rpc_pipe(int pnum) for (p=Pipes;p;p=p->next) { - DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d) (open=%s)\n", - p->name, p->pnum, pipes_open, BOOLSTR(p->open))); + DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", + p->name, p->pnum, pipes_open)); } for (p=Pipes;p;p=p->next) diff --git a/source/rpc_server/srv_pipe_srv.c b/source/rpc_server/srv_pipe_srv.c index 78b45983609..51efb9dd204 100644 --- a/source/rpc_server/srv_pipe_srv.c +++ b/source/rpc_server/srv_pipe_srv.c @@ -640,7 +640,7 @@ BOOL api_rpcTNP(rpcsrv_struct *l, const char *rpc_name, pdu; hands pdu off to msrpc, which gets a pdu back (except in the case of the RPC_BINDCONT pdu). ********************************************************************/ -BOOL rpc_local(rpcsrv_struct *l, char *data, int len, char *name) +BOOL rpc_local(rpcsrv_struct *l, char *data, int len, const char *name) { BOOL reply = False; diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 4a2887655f1..85333b6b999 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -1492,6 +1492,9 @@ static void cmd_net(struct client_info *info, int argc, char *argv[]) { report(out_hnd, "Server:\t%s\t", use[i]->srv_name); + report(out_hnd, "Key:\t[%d,%x]\t", + use[i]->key.pid, + use[i]->key.vuid); report(out_hnd, "User:\t%s\t", use[i]->user_name); report(out_hnd, "Domain:\t%s\n", diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 70023e24076..b72507d4883 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -475,6 +475,7 @@ void fail_next_srvsvc_open(void) static int nt_open_pipe(char *fname, connection_struct *conn, char *inbuf, char *outbuf, int *ppnum) { + vuser_key key; pipes_struct *p = NULL; uint16 vuid = SVAL(inbuf, smb_uid); @@ -515,7 +516,9 @@ static int nt_open_pipe(char *fname, connection_struct *conn, DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname)); - p = open_rpc_pipe_p(fname, conn, vuid); + key.pid = getpid(); + key.vuid = vuid; + p = open_rpc_pipe_p(fname, &key, NULL); if (!p) return(ERROR(ERRSRV,ERRnofids)); diff --git a/source/smbd/pipes.c b/source/smbd/pipes.c index fa0bd3d9af9..b4e3e3a0d17 100644 --- a/source/smbd/pipes.c +++ b/source/smbd/pipes.c @@ -51,6 +51,7 @@ int reply_open_pipe_and_X(connection_struct *conn, int smb_ofun = SVAL(inbuf,smb_vwv8); int size=0,fmode=0,mtime=0,rmode=0; int i; + vuser_key key; /* XXXX we need to handle passed times, sattr and flags */ pstrcpy(fname,smb_buf(inbuf)); @@ -79,7 +80,9 @@ int reply_open_pipe_and_X(connection_struct *conn, DEBUG(3,("Known pipe %s opening.\n",fname)); smb_ofun |= 0x10; /* Add Create it not exists flag */ - p = open_rpc_pipe_p(fname, conn, vuid); + key.pid = getpid(); + key.vuid = vuid; + p = open_rpc_pipe_p(fname, &key, NULL); if (!p) return(ERROR(ERRSRV,ERRnofids)); /* Prepare the reply */ @@ -248,7 +251,7 @@ int reply_pipe_close(connection_struct *conn, char *inbuf,char *outbuf) DEBUG(5,("reply_pipe_close: pnum:%x\n", p->pnum)); - if (!close_rpc_pipe_hnd(p, conn)) return(ERROR(ERRDOS,ERRbadfid)); + if (!close_rpc_pipe_hnd(p)) return(ERROR(ERRDOS,ERRbadfid)); return(outsize); } |