/* * Copyright (c) 2010 Apple Inc. All rights reserved. * * @APPLE_LICENSE_HEADER_START@ * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Inc. ("Apple") nor the names of its * contributors may be used to endorse or promote products derived from * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * Portions of this software have been released under the following terms: * * (c) Copyright 1989-1993 OPEN SOFTWARE FOUNDATION, INC. * (c) Copyright 1989-1993 HEWLETT-PACKARD COMPANY * (c) Copyright 1989-1993 DIGITAL EQUIPMENT CORPORATION * * To anyone who acknowledges that this file is provided "AS IS" * without any express or implied warranty: * permission to use, copy, modify, and distribute this file for any * purpose is hereby granted without fee, provided that the above * copyright notices and this notice appears in all source code copies, * and that none of the names of Open Software Foundation, Inc., Hewlett- * Packard Company or Digital Equipment Corporation be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. Neither Open Software * Foundation, Inc., Hewlett-Packard Company nor Digital * Equipment Corporation makes any representations about the suitability * of this software for any purpose. * * Copyright (c) 2007, Novell, Inc. All rights reserved. * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Novell Inc. nor the names of its contributors * may be used to endorse or promote products derived from this * this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @APPLE_LICENSE_HEADER_END@ */ /* ** ** NAME: ** ** rpcdep.c ** ** FACILITY: ** ** RPC Daemon ** ** ABSTRACT: ** ** The DCE 1.0 Endpoint Map (ep_) Manager. ** ** */ #include #include #include #include #include #ifdef RPC_LLB #include #include #endif #include /* ====================================================================== */ /* * DCE 1.0 ept_ manager routines. */ GLOBAL ept_v3_0_epv_t ept_v3_0_mgr_epv = { ept_insert, ept_delete, ept_lookup, ept_map, ept_lookup_handle_free, ept_inq_object, ept_mgmt_delete }; /* * If REMOTE_ENDPOINT_ACCESS is defined, this will preserve the * pre 1.0.3 semantics (and gaping security hole) which allows * an unauthenticated user to modify (or delete) the endpoint * map on a remote host. */ #ifndef REMOTE_ENDPOINT_ACCESS INTERNAL int is_unpriv_handle( handle_t h, error_status_t *st ) { error_status_t status,status1; rpc_binding_vector_p_t bv; handle_t binding; unsigned_char_p_t stb,our_netaddr,client_netaddr; unsigned32 i; static unsigned_char_p_t *local_netaddr = NULL; static unsigned32 addr_count = 0; unsigned32 prot_seq = 0; rpc_transport_info_handle_t info; unsigned32 uid = (unsigned32) -1; unsigned32 gid = (unsigned32) -1; rpc_binding_inq_prot_seq(h, &prot_seq, &status); if (! STATUS_OK(&status)) { *st = status; return(1); } if (prot_seq == rpc_c_protseq_id_ncalrpc) { rpc_binding_inq_transport_info(h, &info, &status); if (! STATUS_OK(&status)) { *st = status; return(1); } rpc_lrpc_transport_info_inq_peer_eid(info, &uid, &gid); *st = rpc_s_ok; return (uid != 0); } /* Get client network address from binding handle (client_netaddr) */ rpc_binding_server_from_client(h,&binding,&status); if (! STATUS_OK(&status)) { *st = status; return(1); } rpc_binding_to_string_binding(binding,&stb,&status); if (! STATUS_OK(&status)) { rpc_binding_free(&binding,&status1); *st = status; return(1); } rpc_binding_free(&binding,&status1); rpc_string_binding_parse(stb,NULL,NULL,&client_netaddr,NULL,NULL,&status); if (! STATUS_OK(&status)) { rpc_string_free(&stb,&status1); *st = status; return(1); } rpc_string_free(&stb,&status1); /* * Lookup all of the addresses which this node answers to. * Cache these in static storage so we only do this work once. */ if (addr_count == 0) { rpc_server_inq_bindings(&bv,&status); if (! STATUS_OK(&status)) { rpc_string_free(&client_netaddr,&status1); *st = status; return(1); } addr_count = bv->count; local_netaddr = (unsigned_char_p_t *) malloc( (size_t) (addr_count * sizeof(unsigned_char_p_t))); if (local_netaddr == NULL) { rpc_string_free(&client_netaddr,&status1); rpc_binding_vector_free(&bv,&status1); *st = ept_s_no_memory; return(1); } for ( i=0; i < bv->count; i++ ) { rpc_binding_to_string_binding(bv->binding_h[i],&stb,&status); if (! STATUS_OK(&status)) { rpc_binding_vector_free(&bv,&status1); rpc_string_free(&client_netaddr,&status1); *st = status; return(1); } rpc_string_binding_parse(stb,NULL,NULL, &our_netaddr,NULL,NULL,&status); if (! STATUS_OK(&status)) { rpc_binding_vector_free(&bv,&status1); rpc_string_free(&stb,&status1); rpc_string_free(&client_netaddr,&status1); *st = status; return(1); } local_netaddr[i] = our_netaddr; rpc_string_free(&stb,&status1); } rpc_binding_vector_free(&bv,&status1); } /* * Compare the addresses with the client address */ *st = rpc_s_ok; for ( i=0; i < addr_count; i++ ) { if(strcmp((char*) client_netaddr, (char*) local_netaddr[i]) == 0) { rpc_string_free(&client_netaddr,&status1); return(0); } } rpc_string_free(&client_netaddr,&status1); return(1); } #endif /* notdef REMOTE_ENDPOINT_ACCESS */ /* * Check whether endpoint is a named pipe */ PRIVATE boolean ept__is_ncacn_np( ept_entry_p_t entry) { unsigned16 floor_count, count; byte_p_t tower = entry->tower->tower_octet_string; if (entry->tower->tower_length < TWR_C_TOWER_FLR_COUNT_SIZE) { return false; /* hopefully someone else will pick this up */ } memcpy((char *)&floor_count, tower, TWR_C_TOWER_FLR_COUNT_SIZE); RPC_RESOLVE_ENDIAN_INT16 (floor_count); tower += TWR_C_TOWER_FLR_COUNT_SIZE; for ( count = 0; count < floor_count; count++ ) { unsigned16 id_size, addr_size; unsigned8 id; if (TWR_C_TOWER_FLR_LHS_COUNT_SIZE > entry->tower->tower_length - (tower - entry->tower->tower_octet_string)) { return false; } memcpy ((char *)&id_size, tower, TWR_C_TOWER_FLR_LHS_COUNT_SIZE); RPC_RESOLVE_ENDIAN_INT16 (id_size); if (id_size == TWR_C_TOWER_PROT_ID_SIZE) { if ((unsigned) (TWR_C_TOWER_FLR_LHS_COUNT_SIZE + TWR_C_TOWER_PROT_ID_SIZE) > entry->tower->tower_length - (tower - entry->tower->tower_octet_string)) { return false; } memcpy ((char *)&id, (char *)(tower + TWR_C_TOWER_FLR_LHS_COUNT_SIZE), TWR_C_TOWER_PROT_ID_SIZE); if (id == TWR_C_FLR_PROT_ID_NP) { return true; } } /* skip this floor */ if ((unsigned) (TWR_C_TOWER_FLR_LHS_COUNT_SIZE + id_size + TWR_C_TOWER_FLR_RHS_COUNT_SIZE) > entry->tower->tower_length - (tower - entry->tower->tower_octet_string)) { return false; } memcpy ((char *)&addr_size, (char *)(tower + TWR_C_TOWER_FLR_LHS_COUNT_SIZE + id_size), TWR_C_TOWER_FLR_RHS_COUNT_SIZE); RPC_RESOLVE_ENDIAN_INT16 (addr_size); if ((unsigned) ((TWR_C_TOWER_FLR_LHS_COUNT_SIZE + id_size + TWR_C_TOWER_FLR_RHS_COUNT_SIZE + addr_size)) > (entry->tower->tower_length - (tower - entry->tower->tower_octet_string))) { return false; } tower += TWR_C_TOWER_FLR_LHS_COUNT_SIZE + id_size + TWR_C_TOWER_FLR_RHS_COUNT_SIZE + addr_size; } return false; } PRIVATE void ept_insert( handle_t h, unsigned32 num_ents, ept_entry_t entries[], boolean32 replace, error_status_t *status) { epdb_handle_t epdb; ept_entry_t *entp; unsigned32 i; error_status_t tmp_st; epdb_handle_from_ohandle(h, &epdb, status); if (! STATUS_OK(status)) return; #ifndef REMOTE_ENDPOINT_ACCESS if ( is_unpriv_handle(h,&tmp_st) ) { assert(status != NULL); *status = ept_s_cant_perform_op; return; } #endif /* notdef REMOTE_ENDPOINT_ACCESS */ for (i = 0, entp = &entries[0]; i < num_ents; i++, entp++) { /* * Don't insert named pipe endpoints for the moment - there is * no client side code to support them. */ if (ept__is_ncacn_np(entp)) { /* skip */ continue; } epdb_insert(epdb, entp, replace, status); if (! STATUS_OK(status)) { if (dflag) show_st("ept_insert Unable to update endpoint database", status); ept_delete(h, i, entries, &tmp_st); return; } } } PRIVATE void ept_delete( handle_t h, unsigned32 num_ents, ept_entry_t entries[], error_status_t *status) { epdb_handle_t epdb; ept_entry_t *entp; unsigned32 i; error_status_t tmp_st; epdb_handle_from_ohandle(h, &epdb, status); if (! STATUS_OK(status)) return; #ifndef REMOTE_ENDPOINT_ACCESS if ( is_unpriv_handle(h,&tmp_st) ) { assert(status != NULL); *status = ept_s_cant_perform_op; return; } #endif /* notdef REMOTE_ENDPOINT_ACCESS */ for (i = 0, entp = &entries[0]; i < num_ents; i++, entp++) { epdb_delete(epdb, entp, status); if (! STATUS_OK(status)) { if (dflag) show_st("ept_delete Unable to update endpoint database", status); return; } } } PRIVATE void ept_lookup( handle_t h, unsigned32 inquiry_type, uuid_p_t object, rpc_if_id_p_t interface, unsigned32 vers_option, ept_lookup_handle_t *entry_handle, unsigned32 max_ents, unsigned32 *num_ents, ept_entry_t entries[], error_status_t *status) { epdb_handle_t epdb; *num_ents = 0; epdb_handle_from_ohandle(h, &epdb, status); if (! STATUS_OK(status)) return; epdb_lookup(epdb, inquiry_type, object, interface, vers_option, entry_handle, max_ents, num_ents, entries, status); if (dflag) printf("ept_lookup entry_handle %p *entry_handle %p *num_ents %lu\n", entry_handle, *entry_handle, (unsigned long) *num_ents); } PRIVATE void ept_map( handle_t h, uuid_p_t object, twr_p_t map_tower, ept_lookup_handle_t *entry_handle, unsigned32 max_towers, unsigned32 *num_towers, twr_t *towers[], error_status_t *status) { epdb_handle_t epdb; *num_towers = 0; epdb_handle_from_ohandle(h, &epdb, status); if (! STATUS_OK(status)) return; epdb_map(epdb, object, map_tower, entry_handle, max_towers, num_towers, towers, status); #ifdef RPC_LLB if ((*status == ept_s_not_registered) || (*status == ept_s_invalid_context) || /* * If finished with ept dbase, search llb dbase */ ((*status == rpc_s_ok) && ((*num_towers < max_towers) || ((entry_handle != NULL) && (*entry_handle == NULL)) )) ) { h = lbdb_inq_handle(); lbdb_map(h, object, map_tower, entry_handle, max_towers, num_towers, towers, status); } #endif if (dflag) printf("ept_map entry_handle %p *entry_handle %p *num_towers %lu\n", entry_handle, *entry_handle, (unsigned long) *num_towers); } PRIVATE void ept_lookup_handle_free( handle_t h ATTRIBUTE_UNUSED, ept_lookup_handle_t *entry_handle, error_status_t *status) { epdb_handle_t epdb; epdb = epdb_inq_handle(); epdb_delete_lookup_handle(epdb, entry_handle); SET_STATUS_OK(status); } PRIVATE void ept_inq_object( handle_t h, idl_uuid_t *object, error_status_t *status) { epdb_handle_t epdb; epdb_handle_from_ohandle(h, &epdb, status); if (! STATUS_OK(status)) return; epdb_inq_object(epdb, object, status); } PRIVATE void ept_mgmt_delete( handle_t h, boolean32 object_speced, uuid_p_t object, twr_p_t tower, error_status_t *status) { epdb_handle_t epdb; error_status_t tmp_st; epdb_handle_from_ohandle(h, &epdb, status); if (! STATUS_OK(status)) return; #ifndef REMOTE_ENDPOINT_ACCESS if ( is_unpriv_handle(h,&tmp_st) ) { assert(status != NULL); *status = ept_s_cant_perform_op; return; } #endif /* notdef REMOTE_ENDPOINT_ACCESS */ epdb_mgmt_delete(epdb, object_speced, object, tower, status); } PRIVATE void ept_lookup_handle_t_rundown( ept_lookup_handle_t entry_handle) { epdb_handle_t epdb; epdb = epdb_inq_handle(); epdb_delete_lookup_handle(epdb, &entry_handle); }