search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r584: merge of fix for KB828741 -- pw chg -- from 3.0
[Samba.git] / source / rpc_server / srv_pipe.c
blobaa89441c00ec5b9507947ea0272f55ba48912f05
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Paul Ashton 1997-1998.
8 * Copyright (C) Jeremy Allison 1999.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
28 *
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
32 *
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
36 *
37 * ... if you read the docs. or stare at packets for weeks on end.
38 *
39 */
40
41 #include "includes.h"
42
43 static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
44 {
45 unsigned char *hash = p->ntlmssp_hash;
46 unsigned char index_i = hash[256];
47 unsigned char index_j = hash[257];
48 int ind;
49
50 for( ind = 0; ind < len; ind++) {
51 unsigned char tc;
52 unsigned char t;
53
54 index_i++;
55 index_j += hash[index_i];
56
57 tc = hash[index_i];
58 hash[index_i] = hash[index_j];
59 hash[index_j] = tc;
60
61 t = hash[index_i] + hash[index_j];
62 data[ind] = data[ind] ^ hash[t];
63 }
64
65 hash[256] = index_i;
66 hash[257] = index_j;
67 }
68
69 /*******************************************************************
70 Generate the next PDU to be returned from the data in p->rdata.
71 We cheat here as this function doesn't handle the special auth
72 footers of the authenticated bind response reply.
73 ********************************************************************/
74
75 BOOL create_next_pdu(pipes_struct *p)
76 {
77 RPC_HDR_RESP hdr_resp;
78 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
79 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
80 uint32 ss_padding_len = 0;
81 uint32 data_len;
82 uint32 data_space_available;
83 uint32 data_len_left;
84 prs_struct outgoing_pdu;
85 char *data;
86 char *data_from;
87 uint32 data_pos;
88
89 /*
90 * If we're in the fault state, keep returning fault PDU's until
91 * the pipe gets closed. JRA.
92 */
93
94 if(p->fault_state) {
95 setup_fault_pdu(p, NT_STATUS(0x1c010002));
96 return True;
97 }
98
99 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
100
101 /* Change the incoming request header to a response. */
102 p->hdr.pkt_type = RPC_RESPONSE;
103
104 /* Set up rpc header flags. */
105 if (p->out_data.data_sent_length == 0)
106 p->hdr.flags = RPC_FLG_FIRST;
107 else
108 p->hdr.flags = 0;
109
110 /*
111 * Work out how much we can fit in a single PDU.
112 */
113
114 data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
115 if(p->ntlmssp_auth_validated)
116 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
117
118 /*
119 * The amount we send is the minimum of the available
120 * space and the amount left to send.
121 */
122
123 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
124
125 /*
126 * Ensure there really is data left to send.
127 */
128
129 if(!data_len_left) {
130 DEBUG(0,("create_next_pdu: no data left to send !\n"));
131 return False;
132 }
133
134 data_len = MIN(data_len_left, data_space_available);
135
136 /*
137 * Set up the alloc hint. This should be the data left to
138 * send.
139 */
140
141 hdr_resp.alloc_hint = data_len_left;
142
143 /*
144 * Work out if this PDU will be the last.
145 */
146
147 if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
148 p->hdr.flags |= RPC_FLG_LAST;
149 if ((auth_seal || auth_verify) && (data_len_left % 8)) {
150 ss_padding_len = 8 - (data_len_left % 8);
151 DEBUG(10,("create_next_pdu: adding sign/seal padding of %u\n",
152 ss_padding_len ));
153 }
154 }
155
156 /*
157 * Set up the header lengths.
158 */
159
160 if (p->ntlmssp_auth_validated) {
161 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len + ss_padding_len +
162 RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
163 p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
164 } else {
165 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
166 p->hdr.auth_len = 0;
167 }
168
169 /*
170 * Init the parse struct to point at the outgoing
171 * data.
172 */
173
174 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
175 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
176
177 /* Store the header in the data stream. */
178 if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
179 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
180 prs_mem_free(&outgoing_pdu);
181 return False;
182 }
183
184 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
185 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
186 prs_mem_free(&outgoing_pdu);
187 return False;
188 }
189
190 /* Store the current offset. */
191 data_pos = prs_offset(&outgoing_pdu);
192
193 /* Copy the data into the PDU. */
194 data_from = prs_data_p(&p->out_data.rdata) + p->out_data.data_sent_length;
195
196 if(!prs_append_data(&outgoing_pdu, data_from, data_len)) {
197 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
198 prs_mem_free(&outgoing_pdu);
199 return False;
200 }
201
202 /* Copy the sign/seal padding data. */
203 if (ss_padding_len) {
204 char pad[8];
205 memset(pad, '\0', 8);
206 if (!prs_append_data(&outgoing_pdu, pad, ss_padding_len)) {
207 DEBUG(0,("create_next_pdu: failed to add %u bytes of pad data.\n", (unsigned int)ss_padding_len));
208 prs_mem_free(&outgoing_pdu);
209 return False;
210 }
211 }
212
213 /*
214 * Set data to point to where we copied the data into.
215 */
216
217 data = prs_data_p(&outgoing_pdu) + data_pos;
218
219 if (p->hdr.auth_len > 0) {
220 uint32 crc32 = 0;
221
222 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
223 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len + ss_padding_len, p->hdr.auth_len));
224
225 if (auth_seal) {
226 crc32 = crc32_calc_buffer(data, data_len + ss_padding_len);
227 NTLMSSPcalc_p(p, (uchar*)data, data_len + ss_padding_len);
228 }
229
230 if (auth_seal || auth_verify) {
231 RPC_HDR_AUTH auth_info;
232
233 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL,
234 (auth_verify ? ss_padding_len : 0), (auth_verify ? 1 : 0));
235 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
236 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
237 prs_mem_free(&outgoing_pdu);
238 return False;
239 }
240 }
241
242 if (auth_verify) {
243 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
244 char *auth_data = prs_data_p(&outgoing_pdu);
245
246 p->ntlmssp_seq_num++;
247 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
248 crc32, p->ntlmssp_seq_num++);
249 auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
250 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
251 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
252 prs_mem_free(&outgoing_pdu);
253 return False;
254 }
255 NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
256 }
257 }
258
259 /*
260 * Setup the counts for this PDU.
261 */
262
263 p->out_data.data_sent_length += data_len;
264 p->out_data.current_pdu_len = p->hdr.frag_len;
265 p->out_data.current_pdu_sent = 0;
266
267 prs_mem_free(&outgoing_pdu);
268 return True;
269 }
270
271 /*******************************************************************
272 Process an NTLMSSP authentication response.
273 If this function succeeds, the user has been authenticated
274 and their domain, name and calling workstation stored in
275 the pipe struct.
276 The initial challenge is stored in p->challenge.
277 *******************************************************************/
278
279 static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
280 {
281 uchar lm_owf[24];
282 uchar nt_owf[24];
283 fstring user_name;
284 fstring pipe_user_name;
285 fstring domain;
286 fstring wks;
287 BOOL guest_user = False;
288 SAM_ACCOUNT *sampass = NULL;
289 uchar null_smb_passwd[16];
290 uchar *smb_passwd_ptr = NULL;
291
292 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
293
294 memset(p->user_name, '\0', sizeof(p->user_name));
295 memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
296 memset(p->domain, '\0', sizeof(p->domain));
297 memset(p->wks, '\0', sizeof(p->wks));
298
299 /* Set up for non-authenticated user. */
300 delete_nt_token(&p->pipe_user.nt_user_token);
301 p->pipe_user.ngroups = 0;
302 safe_free( p->pipe_user.groups);
303
304 /*
305 * Setup an empty password for a guest user.
306 */
307
308 memset(null_smb_passwd,0,16);
309
310 /*
311 * We always negotiate UNICODE.
312 */
313
314 if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
315 fstrcpy(user_name, dos_unistrn2((uint16*)ntlmssp_resp->user, ntlmssp_resp->hdr_usr.str_str_len/2));
316 fstrcpy(domain, dos_unistrn2((uint16*)ntlmssp_resp->domain, ntlmssp_resp->hdr_domain.str_str_len/2));
317 fstrcpy(wks, dos_unistrn2((uint16*)ntlmssp_resp->wks, ntlmssp_resp->hdr_wks.str_str_len/2));
318 } else {
319 fstrcpy(user_name, ntlmssp_resp->user);
320 fstrcpy(domain, ntlmssp_resp->domain);
321 fstrcpy(wks, ntlmssp_resp->wks);
322 }
323
324 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
325
326 memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
327 memcpy(nt_owf, ntlmssp_resp->nt_resp, sizeof(nt_owf));
328
329 #ifdef DEBUG_PASSWORD
330 DEBUG(100,("lm, nt owfs, chal\n"));
331 dump_data(100, (char *)lm_owf, sizeof(lm_owf));
332 dump_data(100, (char *)nt_owf, sizeof(nt_owf));
333 dump_data(100, (char *)p->challenge, 8);
334 #endif
335
336 /*
337 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
338 */
339
340 if((strlen(user_name) == 0) &&
341 (ntlmssp_resp->hdr_nt_resp.str_str_len==0))
342 {
343 guest_user = True;
344
345 fstrcpy(pipe_user_name, lp_guestaccount(-1));
346 DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name));
347
348 smb_passwd_ptr = null_smb_passwd;
349
350 } else {
351
352 /*
353 * Pass the user through the NT -> unix user mapping
354 * function.
355 */
356
357 fstrcpy(pipe_user_name, user_name);
358 (void)map_username(pipe_user_name);
359
360 /*
361 * Do the length checking only if user is not NULL.
362 */
363
364 if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
365 return False;
366 if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
367 return False;
368 if (ntlmssp_resp->hdr_usr.str_str_len == 0)
369 return False;
370 if (ntlmssp_resp->hdr_domain.str_str_len == 0)
371 return False;
372 if (ntlmssp_resp->hdr_wks.str_str_len == 0)
373 return False;
374
375 }
376
377 if(!guest_user) {
378
379 become_root();
380
381 if(!(p->ntlmssp_auth_validated = pass_check_smb(pipe_user_name, domain,
382 (uchar*)p->challenge, lm_owf, nt_owf, NULL))) {
383 DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \
384 failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name ));
385 unbecome_root();
386 return False;
387 }
388
389 pdb_init_sam(&sampass);
390
391 if(!pdb_getsampwnam(sampass, pipe_user_name)) {
392 DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
393 pipe_user_name));
394 pdb_free_sam(sampass);
395 unbecome_root();
396 return False;
397 }
398
399 unbecome_root();
400
401 /* Quit if the account was disabled. */
402 if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) {
403 DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
404 pdb_free_sam(sampass);
405 return False;
406 }
407
408 if(!pdb_get_nt_passwd(sampass)) {
409 DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
410 pdb_free_sam(sampass);
411 return False;
412 }
413
414 smb_passwd_ptr = pdb_get_lanman_passwd(sampass);
415
416 /*
417 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
418 */
419
420 p->pipe_user.uid = pdb_get_uid(sampass);
421 p->pipe_user.gid = pdb_get_gid(sampass);
422 }
423 else {
424 struct passwd *pw;
425
426 /* setup the guest credentials; assuming that the guest
427 account does not have to exist in the smbpasswd file */
428
429 if ( (pw = sys_getpwnam(pipe_user_name)) == NULL ) {
430 DEBUG(0,("api_pipe_ntlmssp_verify: Invalid guest account [%s]. getpwnam() failed!\n",
431 pipe_user_name));
432 pdb_free_sam(sampass);
433 return False;
434 }
435
436 p->pipe_user.uid = pw->pw_uid;
437 p->pipe_user.gid = pw->pw_gid;
438
439 }
440
441 /*
442 * Set up the sign/seal data.
443 */
444
445 {
446 uchar p24[24];
447 NTLMSSPOWFencrypt(smb_passwd_ptr, lm_owf, p24);
448 {
449 unsigned char j = 0;
450 int ind;
451
452 unsigned char k2[8];
453
454 memcpy(k2, p24, 5);
455 k2[5] = 0xe5;
456 k2[6] = 0x38;
457 k2[7] = 0xb0;
458
459 for (ind = 0; ind < 256; ind++)
460 p->ntlmssp_hash[ind] = (unsigned char)ind;
461
462 for( ind = 0; ind < 256; ind++) {
463 unsigned char tc;
464
465 j += (p->ntlmssp_hash[ind] + k2[ind%8]);
466
467 tc = p->ntlmssp_hash[ind];
468 p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
469 p->ntlmssp_hash[j] = tc;
470 }
471
472 p->ntlmssp_hash[256] = 0;
473 p->ntlmssp_hash[257] = 0;
474 }
475 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
476 p->ntlmssp_seq_num = 0;
477
478 }
479
480 fstrcpy(p->user_name, user_name);
481 fstrcpy(p->pipe_user_name, pipe_user_name);
482 fstrcpy(p->domain, domain);
483 fstrcpy(p->wks, wks);
484
485 /* Set up pipe user group membership. */
486 initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
487 get_current_groups( p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups);
488
489 /* Create an NT_USER_TOKEN struct for this user. */
490 p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
491 p->pipe_user.ngroups, p->pipe_user.groups,
492 guest_user, NULL);
493
494 p->ntlmssp_auth_validated = True;
495 pdb_free_sam(sampass);
496 return True;
497 }
498
499 /*******************************************************************
500 The switch table for the pipe names and the functions to handle them.
501 *******************************************************************/
502
503 struct api_cmd
504 {
505 const char * pipe_clnt_name;
506 const char * pipe_srv_name;
507 BOOL (*fn) (pipes_struct *);
508 };
509
510 static struct api_cmd api_fd_commands[] =
511 {
512 { "lsarpc", "lsass", api_ntlsa_rpc },
513 { "samr", "lsass", api_samr_rpc },
514 { "srvsvc", "ntsvcs", api_srvsvc_rpc },
515 { "wkssvc", "ntsvcs", api_wkssvc_rpc },
516 { "NETLOGON", "lsass", api_netlog_rpc },
517 { "winreg", "winreg", api_reg_rpc },
518 { "spoolss", "spoolss", api_spoolss_rpc },
519 #ifdef WITH_MSDFS
520 { "netdfs", "netdfs" , api_netdfs_rpc },
521 #endif
522 { NULL, NULL, NULL }
523 };
524
525 /*******************************************************************
526 This is the client reply to our challenge for an authenticated
527 bind request. The challenge we sent is in p->challenge.
528 *******************************************************************/
529
530 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
531 {
532 RPC_HDR_AUTHA autha_info;
533 RPC_AUTH_VERIFIER auth_verifier;
534 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
535
536 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
537
538 if (p->hdr.auth_len == 0) {
539 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
540 return False;
541 }
542
543 /*
544 * Decode the authentication verifier response.
545 */
546
547 if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
548 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
549 return False;
550 }
551
552 if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) {
553 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
554 (int)autha_info.auth_type, (int)autha_info.auth_level ));
555 return False;
556 }
557
558 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
559 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
560 return False;
561 }
562
563 /*
564 * Ensure this is a NTLMSSP_AUTH packet type.
565 */
566
567 if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
568 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
569 return False;
570 }
571
572 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
573 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
574 return False;
575 }
576
577 /*
578 * The following call actually checks the challenge/response data.
579 * for correctness against the given DOMAIN\user name.
580 */
581
582 if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
583 return False;
584
585 p->pipe_bound = True
586 ;
587 return True;
588 }
589
590 /*******************************************************************
591 Marshall a bind_nak pdu.
592 *******************************************************************/
593
594 static BOOL setup_bind_nak(pipes_struct *p)
595 {
596 prs_struct outgoing_rpc;
597 RPC_HDR nak_hdr;
598 uint16 zero = 0;
599
600 /* Free any memory in the current return data buffer. */
601 prs_mem_free(&p->out_data.rdata);
602
603 /*
604 * Marshall directly into the outgoing PDU space. We
605 * must do this as we need to set to the bind response
606 * header and are never sending more than one PDU here.
607 */
608
609 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
610 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
611
612
613 /*
614 * Initialize a bind_nak header.
615 */
616
617 init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
618 p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
619
620 /*
621 * Marshall the header into the outgoing PDU.
622 */
623
624 if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
625 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
626 prs_mem_free(&outgoing_rpc);
627 return False;
628 }
629
630 /*
631 * Now add the reject reason.
632 */
633
634 if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
635 prs_mem_free(&outgoing_rpc);
636 return False;
637 }
638
639 p->out_data.data_sent_length = 0;
640 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
641 p->out_data.current_pdu_sent = 0;
642
643 p->pipe_bound = False;
644
645 return True;
646 }
647
648 /*******************************************************************
649 Marshall a fault pdu.
650 *******************************************************************/
651
652 BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
653 {
654 prs_struct outgoing_pdu;
655 RPC_HDR fault_hdr;
656 RPC_HDR_RESP hdr_resp;
657 RPC_HDR_FAULT fault_resp;
658
659 /* Free any memory in the current return data buffer. */
660 prs_mem_free(&p->out_data.rdata);
661
662 /*
663 * Marshall directly into the outgoing PDU space. We
664 * must do this as we need to set to the bind response
665 * header and are never sending more than one PDU here.
666 */
667
668 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
669 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
670
671 /*
672 * Initialize a fault header.
673 */
674
675 init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
676 p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
677
678 /*
679 * Initialize the HDR_RESP and FAULT parts of the PDU.
680 */
681
682 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
683
684 fault_resp.status = status;
685 fault_resp.reserved = 0;
686
687 /*
688 * Marshall the header into the outgoing PDU.
689 */
690
691 if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
692 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
693 prs_mem_free(&outgoing_pdu);
694 return False;
695 }
696
697 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
698 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
699 prs_mem_free(&outgoing_pdu);
700 return False;
701 }
702
703 if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
704 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
705 prs_mem_free(&outgoing_pdu);
706 return False;
707 }
708
709 p->out_data.data_sent_length = 0;
710 p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
711 p->out_data.current_pdu_sent = 0;
712
713 prs_mem_free(&outgoing_pdu);
714 return True;
715 }
716
717 /*******************************************************************
718 Ensure a bind request has the correct abstract & transfer interface.
719 Used to reject unknown binds from Win2k.
720 *******************************************************************/
721
722 BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract,
723 RPC_IFACE* transfer)
724 {
725 extern struct pipe_id_info pipe_names[];
726 int i=0;
727 fstring pname;
728 fstrcpy(pname,"\\PIPE\\");
729 fstrcat(pname,pipe_name);
730
731 for(i=0;pipe_names[i].client_pipe; i++) {
732 if(strequal(pipe_names[i].client_pipe, pname))
733 break;
734 }
735
736 if(pipe_names[i].client_pipe == NULL)
737 return False;
738
739 /* check the abstract interface */
740 if((abstract->version != pipe_names[i].abstr_syntax.version) ||
741 (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid,
742 sizeof(RPC_UUID)) != 0))
743 return False;
744
745 /* check the transfer interface */
746 if((transfer->version != pipe_names[i].trans_syntax.version) ||
747 (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid,
748 sizeof(RPC_UUID)) != 0))
749 return False;
750
751 return True;
752 }
753
754 /*******************************************************************
755 Respond to a pipe bind request.
756 *******************************************************************/
757
758 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
759 {
760 RPC_HDR_BA hdr_ba;
761 RPC_HDR_RB hdr_rb;
762 RPC_HDR_AUTH auth_info;
763 uint16 assoc_gid;
764 fstring ack_pipe_name;
765 prs_struct out_hdr_ba;
766 prs_struct out_auth;
767 prs_struct outgoing_rpc;
768 int i = 0;
769 int auth_len = 0;
770 enum RPC_PKT_TYPE reply_pkt_type;
771
772 p->ntlmssp_auth_requested = False;
773
774 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
775
776 /*
777 * Try and find the correct pipe name to ensure
778 * that this is a pipe name we support.
779 */
780
781 for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) {
782 if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
783 api_fd_commands[i].fn != NULL) {
784 DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
785 api_fd_commands[i].pipe_clnt_name,
786 api_fd_commands[i].pipe_srv_name));
787 fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
788 break;
789 }
790 }
791
792 if (api_fd_commands[i].fn == NULL) {
793 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
794 p->name ));
795 if(!setup_bind_nak(p))
796 return False;
797 return True;
798 }
799
800 /* decode the bind request */
801 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
802 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
803 return False;
804 }
805
806 /*
807 * Check if this is an authenticated request.
808 */
809
810 if (p->hdr.auth_len != 0) {
811 RPC_AUTH_VERIFIER auth_verifier;
812 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
813
814 /*
815 * Decode the authentication verifier.
816 */
817
818 if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
819 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
820 return False;
821 }
822
823 /*
824 * We only support NTLMSSP_AUTH_TYPE requests.
825 */
826
827 if(auth_info.auth_type != NTLMSSP_AUTH_TYPE) {
828 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
829 auth_info.auth_type ));
830 return False;
831 }
832
833 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
834 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
835 return False;
836 }
837
838 if(!strequal(auth_verifier.signature, "NTLMSSP")) {
839 DEBUG(0,("api_pipe_bind_req: auth_verifier.signature != NTLMSSP\n"));
840 return False;
841 }
842
843 if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
844 DEBUG(0,("api_pipe_bind_req: auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
845 auth_verifier.msg_type));
846 return False;
847 }
848
849 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
850 DEBUG(0,("api_pipe_bind_req: Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
851 return False;
852 }
853
854 p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
855 p->ntlmssp_auth_requested = True;
856 }
857
858 switch(p->hdr.pkt_type) {
859 case RPC_BIND:
860 /* name has to be \PIPE\xxxxx */
861 fstrcpy(ack_pipe_name, "\\PIPE\\");
862 fstrcat(ack_pipe_name, p->pipe_srv_name);
863 reply_pkt_type = RPC_BINDACK;
864 break;
865 case RPC_ALTCONT:
866 /* secondary address CAN be NULL
867 * as the specs say it's ignored.
868 * It MUST NULL to have the spoolss working.
869 */
870 fstrcpy(ack_pipe_name,"");
871 reply_pkt_type = RPC_ALTCONTRESP;
872 break;
873 default:
874 return False;
875 }
876
877 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
878
879 /*
880 * Marshall directly into the outgoing PDU space. We
881 * must do this as we need to set to the bind response
882 * header and are never sending more than one PDU here.
883 */
884
885 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
886 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
887
888 /*
889 * Setup the memory to marshall the ba header, and the
890 * auth footers.
891 */
892
893 if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
894 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
895 prs_mem_free(&outgoing_rpc);
896 return False;
897 }
898
899 if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
900 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
901 prs_mem_free(&outgoing_rpc);
902 prs_mem_free(&out_hdr_ba);
903 return False;
904 }
905
906 if (p->ntlmssp_auth_requested)
907 assoc_gid = 0x7a77;
908 else
909 assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
910
911 /*
912 * Create the bind response struct.
913 */
914
915 /* If the requested abstract synt uuid doesn't match our client pipe,
916 reject the bind_ack & set the transfer interface synt to all 0's,
917 ver 0 (observed when NT5 attempts to bind to abstract interfaces
918 unknown to NT4)
919 Needed when adding entries to a DACL from NT5 - SK */
920
921 if(check_bind_req(p->name, &hdr_rb.abstract, &hdr_rb.transfer)) {
922 init_rpc_hdr_ba(&hdr_ba,
923 MAX_PDU_FRAG_LEN,
924 MAX_PDU_FRAG_LEN,
925 assoc_gid,
926 ack_pipe_name,
927 0x1, 0x0, 0x0,
928 &hdr_rb.transfer);
929 } else {
930 RPC_IFACE null_interface;
931 ZERO_STRUCT(null_interface);
932 /* Rejection reason: abstract syntax not supported */
933 init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
934 MAX_PDU_FRAG_LEN, assoc_gid,
935 ack_pipe_name, 0x1, 0x2, 0x1,
936 &null_interface);
937 }
938
939 /*
940 * and marshall it.
941 */
942
943 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
944 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
945 goto err_exit;
946 }
947
948 /*
949 * Now the authentication.
950 */
951
952 if (p->ntlmssp_auth_requested) {
953 RPC_AUTH_VERIFIER auth_verifier;
954 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
955
956 generate_random_buffer(p->challenge, 8, False);
957
958 /*** Authentication info ***/
959
960 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
961 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
962 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
963 goto err_exit;
964 }
965
966 /*** NTLMSSP verifier ***/
967
968 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
969 if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
970 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
971 goto err_exit;
972 }
973
974 /* NTLMSSP challenge ***/
975
976 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
977 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
978 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
979 goto err_exit;
980 }
981
982 /* Auth len in the rpc header doesn't include auth_header. */
983 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
984 }
985
986 /*
987 * Create the header, now we know the length.
988 */
989
990 init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
991 p->hdr.call_id,
992 RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
993 auth_len);
994
995 /*
996 * Marshall the header into the outgoing PDU.
997 */
998
999 if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
1000 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1001 goto err_exit;
1002 }
1003
1004 /*
1005 * Now add the RPC_HDR_BA and any auth needed.
1006 */
1007
1008 if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
1009 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1010 goto err_exit;
1011 }
1012
1013 if(p->ntlmssp_auth_requested && !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
1014 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1015 goto err_exit;
1016 }
1017
1018 if(!p->ntlmssp_auth_requested)
1019 p->pipe_bound = True;
1020
1021 /*
1022 * Setup the lengths for the initial reply.
1023 */
1024
1025 p->out_data.data_sent_length = 0;
1026 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1027 p->out_data.current_pdu_sent = 0;
1028
1029 prs_mem_free(&out_hdr_ba);
1030 prs_mem_free(&out_auth);
1031
1032 return True;
1033
1034 err_exit:
1035
1036 prs_mem_free(&outgoing_rpc);
1037 prs_mem_free(&out_hdr_ba);
1038 prs_mem_free(&out_auth);
1039 return False;
1040 }
1041
1042 /****************************************************************************
1043 Deal with sign & seal processing on an RPC request.
1044 ****************************************************************************/
1045
1046 BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1047 {
1048 /*
1049 * We always negotiate the following two bits....
1050 */
1051 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1052 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1053 int data_len;
1054 int auth_len;
1055 uint32 old_offset;
1056 uint32 crc32 = 0;
1057
1058 auth_len = p->hdr.auth_len;
1059
1060 if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1061 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1062 return False;
1063 }
1064
1065 /*
1066 * The following is that length of the data we must verify or unseal.
1067 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1068 * preceeding the auth_data.
1069 */
1070
1071 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1072 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1073
1074 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1075 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1076
1077 if (auth_seal) {
1078 /*
1079 * The data in rpc_in doesn't contain the RPC_HEADER as this
1080 * has already been consumed.
1081 */
1082 char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1083 NTLMSSPcalc_p(p, (uchar*)data, data_len);
1084 crc32 = crc32_calc_buffer(data, data_len);
1085 }
1086
1087 old_offset = prs_offset(rpc_in);
1088
1089 if (auth_seal || auth_verify) {
1090 RPC_HDR_AUTH auth_info;
1091
1092 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1093 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1094 (unsigned int)old_offset + data_len ));
1095 return False;
1096 }
1097
1098 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1099 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1100 return False;
1101 }
1102 }
1103
1104 if (auth_verify) {
1105 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1106 char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1107
1108 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1109
1110 /*
1111 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1112 * incoming buffer.
1113 */
1114 if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1115 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1116 RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1117 return False;
1118 }
1119
1120 NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1121 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1122 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1123 return False;
1124 }
1125
1126 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1127 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1128 return False;
1129 }
1130 }
1131
1132 /*
1133 * Return the current pointer to the data offset.
1134 */
1135
1136 if(!prs_set_offset(rpc_in, old_offset)) {
1137 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1138 (unsigned int)old_offset ));
1139 return False;
1140 }
1141
1142 return True;
1143 }
1144
1145 /****************************************************************************
1146 Return a user struct for a pipe user.
1147 ****************************************************************************/
1148
1149 struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1150 {
1151 if (p->ntlmssp_auth_validated) {
1152 memcpy(user, &p->pipe_user, sizeof(struct current_user));
1153 } else {
1154 extern struct current_user current_user;
1155 memcpy(user, &current_user, sizeof(struct current_user));
1156 }
1157
1158 return user;
1159 }
1160
1161 /****************************************************************************
1162 Find the correct RPC function to call for this request.
1163 If the pipe is authenticated then become the correct UNIX user
1164 before doing the call.
1165 ****************************************************************************/
1166
1167 BOOL api_pipe_request(pipes_struct *p)
1168 {
1169 int i = 0;
1170 BOOL ret = False;
1171
1172 if (p->ntlmssp_auth_validated) {
1173
1174 if(!become_authenticated_pipe_user(p)) {
1175 prs_mem_free(&p->out_data.rdata);
1176 return False;
1177 }
1178 }
1179
1180 for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) {
1181 if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
1182 api_fd_commands[i].fn != NULL) {
1183 DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
1184 set_current_rpc_talloc(p->mem_ctx);
1185 ret = api_fd_commands[i].fn(p);
1186 set_current_rpc_talloc(NULL);
1187 }
1188 }
1189
1190 if (p->ntlmssp_auth_validated)
1191 unbecome_authenticated_pipe_user();
1192
1193 return ret;
1194 }
1195
1196 /*******************************************************************
1197 Calls the underlying RPC function for a named pipe.
1198 ********************************************************************/
1199
1200 BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
1201 struct api_struct *api_rpc_cmds)
1202 {
1203 int fn_num;
1204 fstring name;
1205 uint32 offset1, offset2;
1206
1207 /* interpret the command */
1208 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1209
1210 slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1211 prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1212
1213 for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++) {
1214 if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1215 DEBUG(3,("api_rpcTNP: pipe %u rpc command: %s\n", (unsigned int)p->pnum, api_rpc_cmds[fn_num].name));
1216 break;
1217 }
1218 }
1219
1220 if (api_rpc_cmds[fn_num].name == NULL) {
1221 /*
1222 * For an unknown RPC just return a fault PDU but
1223 * return True to allow RPC's on the pipe to continue
1224 * and not put the pipe into fault state. JRA.
1225 */
1226 DEBUG(4, ("unknown\n"));
1227 setup_fault_pdu(p, NT_STATUS(0x1c010002));
1228 return True;
1229 }
1230
1231 offset1 = prs_offset(&p->out_data.rdata);
1232
1233 /* do the actual command */
1234 if(!api_rpc_cmds[fn_num].fn(p)) {
1235 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1236 prs_mem_free(&p->out_data.rdata);
1237 return False;
1238 }
1239
1240 if (p->bad_handle_fault_state) {
1241 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1242 p->bad_handle_fault_state = False;
1243 setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1244 return True;
1245 }
1246
1247 slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1248 offset2 = prs_offset(&p->out_data.rdata);
1249 prs_set_offset(&p->out_data.rdata, offset1);
1250 prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1251 prs_set_offset(&p->out_data.rdata, offset2);
1252
1253 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1254
1255 /* Check for buffer underflow in rpc parsing */
1256
1257 if ((DEBUGLEVEL >= 10) &&
1258 (p->in_data.data.data_offset != p->in_data.data.buffer_size)) {
1259 int data_len = p->in_data.data.buffer_size -
1260 p->in_data.data.data_offset;
1261 char *data;
1262
1263 data = malloc(data_len);
1264
1265 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1266 if (data) {
1267 prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data,
1268 data_len);
1269 SAFE_FREE(data);
1270 }
1271
1272 }
1273
1274 return True;
1275 }
Samba GIT mirror