A new DCERPC infrastructure for Samba

Similar documents
A new DCERPC infrastructure for Samba

Improving DCERPC Security Hardening

Improving DCERPC Security

SMB2 and SMB3 in Samba: Durable File Handles and Beyond. sambaxp 2012

Windows Authentication With Multiple Domains and Forests

DCERPC and Endpoint Mapper

Badlock. One Year In Security Hell. Stefan Metzmacher Samba Team / SerNet

Samba4 Status - April Andrew Tridgell Samba Team

Using samba base libraries SSSD as an example application

Windows Authentication With Multiple Domains and Forests

Windows Authentication With Multiple Domains and Forests

Samba. OpenLDAP Developer s Day. Volker Lendecke, Günther Deschner Samba Team

Windows Authentication With Multiple Domains and Forests

Implementing the Witness protocol in Samba

The Important Details Of Windows Authentication

Samba4 Progress - March Andrew Tridgell Samba Team

Samba 4 Status Report

FreeIPA Cross Forest Trusts

SMB3 Multi-Channel in Samba

SDC EMEA 2019 Tel Aviv

The State of Samba (June 2011) Jeremy Allison Samba Team/Google Open Source Programs Office

The workstation account, netlogon schannel and credentials. SambaXP Volker Lendecke Samba Team / SerNet

Communication in Distributed Systems

Implementing SMB2 in Samba. Opening Windows to a Wider. Jeremy Allison Samba Team/Google Open Source Programs Office

COMMUNICATION PROTOCOLS: REMOTE PROCEDURE CALL (RPC)

CHAPTER - 4 REMOTE COMMUNICATION

WINS Replication. Stefan Metzmacher SerNet Service Network GmbH Samba Team

Advances in the Samba Testsuite

Security Services for Samba4. Andrew Bartlett Samba Team

Development Using Samba 4

CSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files

CSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files. Compiler vs.

CSC209 Review. Yeah! We made it!

Remote Procedure Call Implementations

Chapter 4 Communication

Gerald Carter Samba Team/HP

SMB 2.1 & SMB 3 Protocol features, Status, Architecture, Implementation. Gordon Ross Nexenta Systems, Inc.

Assignment 2 Group 5 Simon Gerber Systems Group Dept. Computer Science ETH Zurich - Switzerland

C 1. Recap: Finger Table. CSE 486/586 Distributed Systems Remote Procedure Call. Chord: Node Joins and Leaves. Recall? Socket API

[MS-SWN]: Service Witness Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

The return of the vampires

Socket Programming for TCP and UDP

Chapter 4 Communication

Let s Rust in Samba. Trying to use Samba with Rust libraries. Kai Blin Samba Team. SambaXP

BEA TUXEDO System Messages. TxRPC Catalog

MIT KDC integration. Andreas Schneider Günther Deschner May 21th, Red Hat

SerNet. Async Programming in Samba. Linuxkongress Oktober Volker Lendecke SerNet Samba Team. Network Service in a Service Network

Network Implementation

MSRPC Auditing Tools and Techniques

[MS-OXCRPC]: Wire Format Protocol Specification

Systems software design NETWORK COMMUNICATIONS & RPC SYSTEMS

Distributed Systems 8. Remote Procedure Calls

Distributed Information Processing

Distributed Objects. Object-Oriented Application Development

Introduction and Overview Socket Programming Higher-level interfaces Final thoughts. Network Programming. Samuli Sorvakko/Nixu Oy

Middleware. Adapted from Alonso, Casati, Kuno, Machiraju Web Services Springer 2004

Robot Raconteur using C# Version 0.8 Beta

Secure RTP Library API Documentation. David A. McGrew Cisco Systems, Inc.

RPC Paradigm. Lenuta Alboaie Andrei Panu

ECE 650 Systems Programming & Engineering. Spring 2018

The CephFS Gateways Samba and NFS-Ganesha. David Disseldorp Supriti Singh

Distributed Objects and Remote Invocation. Programming Models for Distributed Applications

Operating Systems. 18. Remote Procedure Calls. Paul Krzyzanowski. Rutgers University. Spring /20/ Paul Krzyzanowski

Desarrollo de Aplicaciones en Red. El modelo de comunicación. General concepts. Models of communication. Message Passing

Distributed Programming and Remote Procedure Calls (RPC): Apache Thrift. George Porter CSE 124 February 19, 2015

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

Distributed Object-Based Systems The WWW Architecture Web Services Handout 11 Part(a) EECS 591 Farnam Jahanian University of Michigan.

CS 416: Operating Systems Design April 22, 2015

Lecture 8: February 19

RestFS. Fabrizio Manfredi Furuholmen" Beolink.org!

Communication. Distributed Systems Santa Clara University 2016

MTAT Enterprise System Integration. Lecture 2: Middleware & Web Services

Outline. COM overview. DCOM overview. Comparison DCOM and Corba

Distributed Systems. How do regular procedure calls work in programming languages? Problems with sockets RPC. Regular procedure calls

Introduction and Overview Socket Programming Lower-level stuff Higher-level interfaces Security. Network Programming. Samuli Sorvakko/Nixu Oy

CSci Introduction to Distributed Systems. Communication: RPC

CS321: Computer Networks FTP, TELNET, SSH

libnetfilter_log Reference Manual

ECE 435 Network Engineering Lecture 2

GNU Radio Technical Update

DS 2009: middleware. David Evans

REMOTE PROCEDURE CALLS EE324

Overview. Communication types and role of Middleware Remote Procedure Call (RPC) Message Oriented Communication Multicasting 2/36

Foundations of Python

[MS-RAA]: Remote Authorization API Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

Today: Distributed Objects. Distributed Objects

Signal Example 1. Signal Example 2

RTP library implementation. Design Specification v 1.0

Operating Systems Design Exam 3 Review: Spring 2011

Simo Sorce Samba Team.

JBoss Remoting. Version alpha. November 15, 2004

CSE 333 Lecture C++ final details, networks

Verteilte Systeme (Distributed Systems)

Introduction and Overview Socket Programming Higher-level interfaces Final thoughts. Network Programming. Samuli Sorvakko/Nixu Oy

Apache Thrift Introduction & Tutorial

Cross-realm trusts with FreeIPA v3

Outline. EEC-681/781 Distributed Computing Systems. The OSI Network Architecture. Inter-Process Communications (IPC) Lecture 4

Processes communicating. Network Communication. Sockets. Addressing processes 4/15/2013

[MS-CAPR]: Central Access Policy Identifier (ID) Retrieval Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

Robot Raconteur using MATLAB Version 0.8 Beta

Transcription:

A new DCERPC infrastructure for Samba https://wiki.samba.org/index.php/dcerpc Stefan Metzmacher <metze@samba.org> Samba Team / SerNet 2014-09-17

Stefan Metzmacher DCERPC in Samba (2/22) Topics What is DCERPC? Where is DCERPC used? Implementations in Samba Why do we need a new implementation? Samba3 vs. Samba4... Testing MS-SWN: witness AsyncNotify MS-FRS2: frstrans BytePipe Project Status Thanks! Questions?

Stefan Metzmacher DCERPC in Samba (3/22) What is DCE-RPC? Distributed Computing Environment / Remote Procedure Calls It is an infrastructure to call a function on a remote server remote is connected via some kind of socket (tcp/ip, named pipes,...) As development environment Function stubs are typically autogenerated from an Interface Definition Language (IDL) As network protocol defines how: marshalling of payloads work - transfer syntax (NDR/NDR64) marshalling of PDUs PDUs are ordered authentication and encryption works

Stefan Metzmacher DCERPC in Samba (4/22) Where is DCERPC used? DCERPC was designed with a reference implementation and documentation Most of it is available from www.opengroup.org Also see http://en.wikipedia.org/wiki/dce/rpc Adaption of DCERPC in Windows Windows has extended it, see [MS-RPCE], http://msdn.microsoft.com/en-us/library/cc243560.aspx The SDK is availabe to everyone to use it, see RPC Technical Reference, http://technet.microsoft.com/en-us/library/cc759499.aspx Typically used for: Remote administration: Authentication-, File-, DNS-,... -servers Printing (Spoolss) Replication protocols (WINS-REPL, Active Directory, SYSVOL) Distributed Component Object Model (DCOM), see https://en.wikipedia.org/wiki/distributed Component Object Model

Stefan Metzmacher DCERPC in Samba (5/22) Implementations in Samba (Part 1) Samba 3.0 (and before) hand written marshalling code only implemented what was strictly required by Windows clients Samba pre 4.0 (development branch) Start from scratch after 3.0.0 was released First start of an async client library New server infratructure allows async execution Invention of an IDL compiler, pidl Marshalling, client and server code is now autogenerated The server is single threaded for all services together!

Stefan Metzmacher DCERPC in Samba (6/22) Implementations in Samba (Part 2) Samba 3.2 pidl merged back to the 3.X release stream generating bindings for the 3.X infrastructure Samba 3.4 Services can be moved to external processes This named pipe auth abstraction uses unix sockets to implement SMB named pipes Samba 3.6 pidl generates only one set of client stubs They re based on a struct dcerpc binding handles abstraction, with different implementations (s3, s4, irpc, wbint) Samba 4.0 The single threaded server also hosts the OpenChange services as an externally provided plugin

Stefan Metzmacher DCERPC in Samba (7/22) Why do we need a new implementation? (Part 1) A lot of newer services require async processing in the server Service Witness Protocol [MS-SWN] used for SMB3 fileserver clusters Print System Asynchronous Remote Protocol [MS-PAR] Distributed File System Replication Protocol [MS-FRS2] (for SYSVOL) Some services need support for association groups Multiple transport connections can be bound to an association Similar to SMB3 Multi-Channel Some services need support for DCERPC [pipe] A remote procedure call passes a pipe as argument to a function A pipe is a stream of chunks (arrays of fixed size elements) It s terminated by a zero length chunk. Order: [in] parameters, [in] pipes, [out] pipes, [out] parameters Used in [MS-FRS2] e.g. RdcGetFileDataAsync() with byte elements. DCERPC callbacks (optional for now) It s possible for the server to call a callback function to the client This implies a DCERPC infrastrature needs to be client and server at the same time

Stefan Metzmacher DCERPC in Samba (8/22) Why do we need a new implementation? (Part 2) Easier to maintain security The authentication implementations are abstracted by gensec now Header signing ready for Samba 4.2 in the old infrastructure depends on support in the gensec backend dcerpc sec verification trailer Header signing negotiation is protected via a hidden structure after the payload Bindtime feature negotiation SecurityContextMultiplexingSupported - like multiple session setups KeepConnectionOnOrphanSupported

Stefan Metzmacher DCERPC in Samba (9/22) Samba3 vs. Samba4... Goals for Samba: We have four separate (all incomplete) implementations of DCERPC (two servers and two clients). The aim is to merge the good parts of all implementations together and extend the result to be more feature complete. Base the whole infrastructure on talloc, tevent and tstream. All internals should be fully async. Flexible process models (single process, pre-fork) Implement everything we need within Samba Goals useful for others Make it easier for external projects e.g. OpenChange to use Try to provide a stable ABI for them struct dcerpc binding became a private structure recently We will include ncacn http support in 4.2 (contributes by the OpenChange developers)

Stefan Metzmacher DCERPC in Samba (10/22) Testing Low-level protocol testing python/samba/tests/dcerpc/raw protocol.py This uses our python bindings to marshall PDUs and use raw sockets Rely on our existing application level tests all smbtorture rpc tests additional python tests

Stefan Metzmacher DCERPC in Samba (11/22) MS-SWN: witness AsyncNotify (IDL) The IDL function definition: WERROR witness_asyncnotify ( [in] policy_handle context_handle, [out ] witness_notifyresponse ** response ); The generated C structure: struct witness_asyncnotify { struct { struct policy_handle context_handle ; } in; }; struct { struct witness_notifyresponse ** response ;/* [ref ] */ WERROR result ; } out ;

Stefan Metzmacher DCERPC in Samba (12/22) MS-SWN: witness AsyncNotify (Client) The structure based client stubs: struct tevent_req * dcerpc_witness_asyncnotify_r_send ( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct dcerpc_binding_handle *h, struct witness_asyncnotify *r); NTSTATUS dcerpc_witness_asyncnotify_r_recv ( struct tevent_req *req, TALLOC_CTX * mem_ctx ); NTSTATUS dcerpc_witness_asyncnotify_r ( struct dcerpc_binding_handle *h, TALLOC_CTX * mem_ctx, struct witness_asyncnotify *r); The argument based client stubs: struct tevent_req * dcerpc_witness_asyncnotify_send ( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct dcerpc_binding_handle *h, struct policy_handle context_handle /*[in]*/, struct witness_notifyresponse ** response /*[out,ref ]*/); NTSTATUS dcerpc_witness_asyncnotify_recv ( struct tevent_req *req, TALLOC_CTX * mem_ctx, WERROR * result ); NTSTATUS dcerpc_witness_asyncnotify ( struct dcerpc_binding_handle *h, TALLOC_CTX * mem_ctx, struct policy_handle context_handle /*[in]*/, struct witness_notifyresponse ** response /*[out,ref ]*/, WERROR * result );

Stefan Metzmacher DCERPC in Samba (13/22) MS-SWN: witness AsyncNotify (Server Part 1) The state structure: struct _witness_asyncnotify_state { struct _witness_asyncnotify_state *prev, * next ; struct tevent_context *ev; struct dcerpc_call_handle * call ; struct witness_asyncnotify *r; struct tevent_req * req ; }; The send function: static struct tevent_req * _witness_asyncnotify_send ( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct dcerpc_call_handle *call, struct witness_asyncnotify *r) { struct tevent_req * req ; struct _witness_asyncnotify_state * state ; struct witness_service * service = witness_get_service (call ); /* TODO :... */ } DLIST_ADD_END ( service ->pending, state ); tevent_req_deferr_callback (req, ev); return req ;

Stefan Metzmacher DCERPC in Samba (14/22) MS-SWN: witness AsyncNotify (Server Part 2) The service structure: struct witness_service { /* list of pending requests */ struct _witness_asyncnotify_state * pending ; }; The service monitor function: static void witness_service_ipchange_handler ( struct witness_service *service, /* TODO :... */) { while ( service ->pending!= NULL ) { /* TODO :... */ tevent_req_done ( service ->pending ->req ); /* TODO :... */ } } The recv function: static NTSTATUS _witness_asyncnotify_recv ( struct tevent_req *req ) { return tevent_req_simple_recv_ntstatus ( req ); }

Stefan Metzmacher DCERPC in Samba (15/22) DCERPC server glue The entry point (dispatch) functions pointers (an async function pair): typedef struct tevent_req *(* dcerpc_call_entry_point_send_fn_t )( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct dcerpc_call_handle *call, void *r); typedef NTSTATUS (* dcerpc_call_entry_point_recv_fn_t )( struct tevent_req *req ); struct dcerpc_call_entry_point_fns { dcerpc_call_entry_point_send_fn_t fn_send ; dcerpc_call_entry_point_recv_fn_t fn_recv ; }; The entry point vector which represent a logic behind a manager : struct dcerpc_call_entry_point_vector { const char * name ; const struct ndr_interface_table * table ; uint32_t num_fns ; const struct dcerpc_call_entry_point_fns * fns ; }; Some structures available on dcerpc call handle: struct dcerpc_server_context ; /* top level abstract context for a server instance */ struct dcerpc_server_auth_type ; /* an auth_type including the server credentials state */ struct dcerpc_server_endpoint ; /* endpoints for the server to listen on */ struct dcerpc_server_manager ; /* registered interface with the entry point vector */ struct dcerpc_server_object ; /* object to allow multiple managers per interface */

Stefan Metzmacher DCERPC in Samba (16/22) MS-FRS2: frstrans BytePipe The IDL function definition: typedef [flag ( NDR_PAHEX )] pipe uint8 frstrans_bytepipe ; The generated pipe push/pull functions: struct frstrans_bytepipe_chunk { uint32_t count ; uint8_t * array ; }/* [ flag ( LIBNDR_PRINT_ARRAY_HEX )] */; struct frstrans_bytepipe * dcerpc_frstrans_bytepipe_create ( TALLOC_CTX * mem_ctx ); struct tevent_req * dcerpc_frstrans_bytepipe_chunk_push_send ( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct frstrans_bytepipe *p, const struct frstrans_bytepipe_chunk * chunk ); NTSTATUS dcerpc_frstrans_bytepipe_chunk_push_recv ( struct tevent_req *req ); struct tevent_req * dcerpc_frstrans_bytepipe_chunk_pull_send ( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct frstrans_bytepipe *p); NTSTATUS dcerpc_frstrans_bytepipe_chunk_pull_recv ( struct tevent_req *req, TALLOC_CTX * mem_ctx, struct frstrans_bytepipe_chunk ** chunk ); };

Stefan Metzmacher DCERPC in Samba (17/22) MS-FRS2: frstrans RawGetFileDataAsync The IDL function definition: WERROR frstrans_rawgetfiledataasync ( [in, ref ] policy_handle * server_context, [out,ref ] frstrans_bytepipe * byte_pipe ); The generated client stub: struct tevent_req * dcerpc_frstrans_rdcgetfiledataasync_send ( TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct dcerpc_binding_handle *h, struct policy_handle * _server_context /*[in,ref ]*/, struct frstrans_bytepipe * _byte_pipe /*[out,ref ]*/); NTSTATUS dcerpc_frstrans_rdcgetfiledataasync_recv ( struct tevent_req *req, TALLOC_CTX * mem_ctx, WERROR * result );

Stefan Metzmacher DCERPC in Samba (18/22) MS-FRS2: pull service (Part 1) The pull service code: state ->byte_pipe = dcerpc_frstrans_bytepipe_create ( state ); if ( state ->byte_pipe == NULL ) { return ; } subreq = dcerpc_frstrans_rawgetfiledataasync_send ( state, session ->service ->task ->event_ctx, session ->conn ->dcerpc_pipe -> binding_handle, & state -> server_context, state ->byte_pipe ); if ( subreq == NULL ) { return ; } tevent_req_set_callback ( subreq, dfsrsrv_download_loop_read_done, state ); subreq2 = dcerpc_frstrans_bytepipe_chunk_pull_send ( state, session ->service ->task ->event_ctx, state ->byte_pipe ); if ( subreq2 == NULL ) { return ; } tevent_req_set_callback ( subreq2, dfsrsrv_download_loop_chunk_done, state );

Stefan Metzmacher DCERPC in Samba (19/22) MS-FRS2: pull service (Part 2) The pull service code: /* TODO :... */ error = dcerpc_frstrans_bytepipe_chunk_pull_recv (subreq2, state, & chunk ); TALLOC_FREE ( subreq2 ); if (! NT_STATUS_IS_OK ( error )) { return ; } /* TODO :... */ if ( chunk ->count == 0) { TALLOC_FREE ( chunk ); return ; } TALLOC_FREE ( chunk ); subreq2 = dcerpc_frstrans_bytepipe_chunk_pull_send ( state, session ->service ->task ->event_ctx, state ->byte_pipe ); if ( subreq2 == NULL ) { return ; } tevent_req_set_callback ( subreq2, dfsrsrv_download_loop_chunk_done, state );

Stefan Metzmacher DCERPC in Samba (20/22) Project Status See https://wiki.samba.org/index.php/dcerpc Some code is already upstream A lot more in work in progress branches Sadly not much progress since my talk at the SambaXP Conference This is currently a sparetime project Hopefully more progress in the next months

Stefan Metzmacher DCERPC in Samba (21/22) Thanks! People who assist: Gregor Beck Andreas Schneider Günther Deschner David Disseldorp Others

Stefan Metzmacher DCERPC in Samba (22/22) Questions? Stefan Metzmacher, metze@samba.org, sm@sernet.de http://www.sernet.com SerNet sponsor booth

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback