search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix issue with password changes done via NTLMSSP
[Samba.git] / source / rpc_server / srv_pipe.c
blob7594ae58e4e5bf958102d68c44195c4129af542d
1 /*
2 * Unix SMB/Netbios implementation.
3 * Version 1.9.
4 * RPC Pipe client / server routines
5 * Copyright (C) Andrew Tridgell 1992-1998
6 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
7 * Copyright (C) Paul Ashton 1997-1998.
8 * Copyright (C) Jeremy Allison 1999.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 */
24
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
28 *
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
32 *
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
36 *
37 * ... if you read the docs. or stare at packets for weeks on end.
38 *
39 */
40
41 #include "includes.h"
42
43 static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
44 {
45 unsigned char *hash = p->ntlmssp_hash;
46 unsigned char index_i = hash[256];
47 unsigned char index_j = hash[257];
48 int ind;
49
50 for( ind = 0; ind < len; ind++) {
51 unsigned char tc;
52 unsigned char t;
53
54 index_i++;
55 index_j += hash[index_i];
56
57 tc = hash[index_i];
58 hash[index_i] = hash[index_j];
59 hash[index_j] = tc;
60
61 t = hash[index_i] + hash[index_j];
62 data[ind] = data[ind] ^ hash[t];
63 }
64
65 hash[256] = index_i;
66 hash[257] = index_j;
67 }
68
69 /*******************************************************************
70 Generate the next PDU to be returned from the data in p->rdata.
71 We cheat here as this function doesn't handle the special auth
72 footers of the authenticated bind response reply.
73 ********************************************************************/
74
75 BOOL create_next_pdu(pipes_struct *p)
76 {
77 RPC_HDR_RESP hdr_resp;
78 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
79 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
80 uint32 data_len;
81 uint32 data_space_available;
82 uint32 data_len_left;
83 prs_struct outgoing_pdu;
84 char *data;
85 char *data_from;
86 uint32 data_pos;
87
88 /*
89 * If we're in the fault state, keep returning fault PDU's until
90 * the pipe gets closed. JRA.
91 */
92
93 if(p->fault_state) {
94 setup_fault_pdu(p, NT_STATUS(0x1c010002));
95 return True;
96 }
97
98 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
99
100 /* Change the incoming request header to a response. */
101 p->hdr.pkt_type = RPC_RESPONSE;
102
103 /* Set up rpc header flags. */
104 if (p->out_data.data_sent_length == 0)
105 p->hdr.flags = RPC_FLG_FIRST;
106 else
107 p->hdr.flags = 0;
108
109 /*
110 * Work out how much we can fit in a single PDU.
111 */
112
113 data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
114 if(p->ntlmssp_auth_validated)
115 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
116
117 /*
118 * The amount we send is the minimum of the available
119 * space and the amount left to send.
120 */
121
122 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
123
124 /*
125 * Ensure there really is data left to send.
126 */
127
128 if(!data_len_left) {
129 DEBUG(0,("create_next_pdu: no data left to send !\n"));
130 return False;
131 }
132
133 data_len = MIN(data_len_left, data_space_available);
134
135 /*
136 * Set up the alloc hint. This should be the data left to
137 * send.
138 */
139
140 hdr_resp.alloc_hint = data_len_left;
141
142 /*
143 * Set up the header lengths.
144 */
145
146 if (p->ntlmssp_auth_validated) {
147 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
148 RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
149 p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
150 } else {
151 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
152 p->hdr.auth_len = 0;
153 }
154
155 /*
156 * Work out if this PDU will be the last.
157 */
158
159 if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata))
160 p->hdr.flags |= RPC_FLG_LAST;
161
162 /*
163 * Init the parse struct to point at the outgoing
164 * data.
165 */
166
167 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
168 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
169
170 /* Store the header in the data stream. */
171 if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
172 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
173 prs_mem_free(&outgoing_pdu);
174 return False;
175 }
176
177 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
178 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
179 prs_mem_free(&outgoing_pdu);
180 return False;
181 }
182
183 /* Store the current offset. */
184 data_pos = prs_offset(&outgoing_pdu);
185
186 /* Copy the data into the PDU. */
187 data_from = prs_data_p(&p->out_data.rdata) + p->out_data.data_sent_length;
188
189 if(!prs_append_data(&outgoing_pdu, data_from, data_len)) {
190 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
191 prs_mem_free(&outgoing_pdu);
192 return False;
193 }
194
195 /*
196 * Set data to point to where we copied the data into.
197 */
198
199 data = prs_data_p(&outgoing_pdu) + data_pos;
200
201 if (p->hdr.auth_len > 0) {
202 uint32 crc32 = 0;
203
204 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
205 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
206
207 if (auth_seal) {
208 crc32 = crc32_calc_buffer(data, data_len);
209 NTLMSSPcalc_p(p, (uchar*)data, data_len);
210 }
211
212 if (auth_seal || auth_verify) {
213 RPC_HDR_AUTH auth_info;
214
215 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL,
216 (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0));
217 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
218 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
219 prs_mem_free(&outgoing_pdu);
220 return False;
221 }
222 }
223
224 if (auth_verify) {
225 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
226 char *auth_data = prs_data_p(&outgoing_pdu);
227
228 p->ntlmssp_seq_num++;
229 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
230 crc32, p->ntlmssp_seq_num++);
231 auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
232 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
233 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
234 prs_mem_free(&outgoing_pdu);
235 return False;
236 }
237 NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
238 }
239 }
240
241 /*
242 * Setup the counts for this PDU.
243 */
244
245 p->out_data.data_sent_length += data_len;
246 p->out_data.current_pdu_len = p->hdr.frag_len;
247 p->out_data.current_pdu_sent = 0;
248
249 prs_mem_free(&outgoing_pdu);
250 return True;
251 }
252
253 /*******************************************************************
254 Process an NTLMSSP authentication response.
255 If this function succeeds, the user has been authenticated
256 and their domain, name and calling workstation stored in
257 the pipe struct.
258 The initial challenge is stored in p->challenge.
259 *******************************************************************/
260
261 static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
262 {
263 uchar lm_owf[24];
264 uchar nt_owf[24];
265 fstring user_name;
266 fstring pipe_user_name;
267 fstring domain;
268 fstring wks;
269 BOOL guest_user = False;
270 SAM_ACCOUNT *sampass = NULL;
271 uchar null_smb_passwd[16];
272 uchar *smb_passwd_ptr = NULL;
273
274 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
275
276 memset(p->user_name, '\0', sizeof(p->user_name));
277 memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
278 memset(p->domain, '\0', sizeof(p->domain));
279 memset(p->wks, '\0', sizeof(p->wks));
280
281 /* Set up for non-authenticated user. */
282 delete_nt_token(&p->pipe_user.nt_user_token);
283 p->pipe_user.ngroups = 0;
284 safe_free( p->pipe_user.groups);
285
286 /*
287 * Setup an empty password for a guest user.
288 */
289
290 memset(null_smb_passwd,0,16);
291
292 /*
293 * We always negotiate UNICODE.
294 */
295
296 if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
297 fstrcpy(user_name, dos_unistrn2((uint16*)ntlmssp_resp->user, ntlmssp_resp->hdr_usr.str_str_len/2));
298 fstrcpy(domain, dos_unistrn2((uint16*)ntlmssp_resp->domain, ntlmssp_resp->hdr_domain.str_str_len/2));
299 fstrcpy(wks, dos_unistrn2((uint16*)ntlmssp_resp->wks, ntlmssp_resp->hdr_wks.str_str_len/2));
300 } else {
301 fstrcpy(user_name, ntlmssp_resp->user);
302 fstrcpy(domain, ntlmssp_resp->domain);
303 fstrcpy(wks, ntlmssp_resp->wks);
304 }
305
306 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
307
308 memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
309 memcpy(nt_owf, ntlmssp_resp->nt_resp, sizeof(nt_owf));
310
311 #ifdef DEBUG_PASSWORD
312 DEBUG(100,("lm, nt owfs, chal\n"));
313 dump_data(100, (char *)lm_owf, sizeof(lm_owf));
314 dump_data(100, (char *)nt_owf, sizeof(nt_owf));
315 dump_data(100, (char *)p->challenge, 8);
316 #endif
317
318 /*
319 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
320 */
321
322 if((strlen(user_name) == 0) &&
323 (ntlmssp_resp->hdr_nt_resp.str_str_len==0))
324 {
325 guest_user = True;
326
327 fstrcpy(pipe_user_name, lp_guestaccount(-1));
328 DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name));
329
330 smb_passwd_ptr = null_smb_passwd;
331
332 } else {
333
334 /*
335 * Pass the user through the NT -> unix user mapping
336 * function.
337 */
338
339 fstrcpy(pipe_user_name, user_name);
340 (void)map_username(pipe_user_name);
341
342 /*
343 * Do the length checking only if user is not NULL.
344 */
345
346 if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
347 return False;
348 if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
349 return False;
350 if (ntlmssp_resp->hdr_usr.str_str_len == 0)
351 return False;
352 if (ntlmssp_resp->hdr_domain.str_str_len == 0)
353 return False;
354 if (ntlmssp_resp->hdr_wks.str_str_len == 0)
355 return False;
356
357 }
358
359 if(!guest_user) {
360
361 become_root();
362
363 if(!(p->ntlmssp_auth_validated = pass_check_smb(pipe_user_name, domain,
364 (uchar*)p->challenge, lm_owf, nt_owf, NULL))) {
365 DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \
366 failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name ));
367 unbecome_root();
368 return False;
369 }
370
371 pdb_init_sam(&sampass);
372
373 if(!pdb_getsampwnam(sampass, pipe_user_name)) {
374 DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
375 pipe_user_name));
376 pdb_free_sam(sampass);
377 unbecome_root();
378 return False;
379 }
380
381 unbecome_root();
382
383 /* Quit if the account was disabled. */
384 if((pdb_get_acct_ctrl(sampass) & ACB_DISABLED) || !pdb_get_lanman_passwd(sampass)) {
385 DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
386 pdb_free_sam(sampass);
387 return False;
388 }
389
390 if(!pdb_get_nt_passwd(sampass)) {
391 DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
392 pdb_free_sam(sampass);
393 return False;
394 }
395
396 smb_passwd_ptr = pdb_get_lanman_passwd(sampass);
397
398 /*
399 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
400 */
401
402 p->pipe_user.uid = pdb_get_uid(sampass);
403 p->pipe_user.gid = pdb_get_gid(sampass);
404 }
405 else {
406 struct passwd *pw;
407
408 /* setup the guest credentials; assuming that the guest
409 account does not have to exist in the smbpasswd file */
410
411 if ( (pw = sys_getpwnam(pipe_user_name)) == NULL ) {
412 DEBUG(0,("api_pipe_ntlmssp_verify: Invalid guest account [%s]. getpwnam() failed!\n",
413 pipe_user_name));
414 pdb_free_sam(sampass);
415 return False;
416 }
417
418 p->pipe_user.uid = pw->pw_uid;
419 p->pipe_user.gid = pw->pw_gid;
420
421 }
422
423 /*
424 * Set up the sign/seal data.
425 */
426
427 {
428 uchar p24[24];
429 NTLMSSPOWFencrypt(smb_passwd_ptr, lm_owf, p24);
430 {
431 unsigned char j = 0;
432 int ind;
433
434 unsigned char k2[8];
435
436 memcpy(k2, p24, 5);
437 k2[5] = 0xe5;
438 k2[6] = 0x38;
439 k2[7] = 0xb0;
440
441 for (ind = 0; ind < 256; ind++)
442 p->ntlmssp_hash[ind] = (unsigned char)ind;
443
444 for( ind = 0; ind < 256; ind++) {
445 unsigned char tc;
446
447 j += (p->ntlmssp_hash[ind] + k2[ind%8]);
448
449 tc = p->ntlmssp_hash[ind];
450 p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
451 p->ntlmssp_hash[j] = tc;
452 }
453
454 p->ntlmssp_hash[256] = 0;
455 p->ntlmssp_hash[257] = 0;
456 }
457 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
458 p->ntlmssp_seq_num = 0;
459
460 }
461
462 fstrcpy(p->user_name, user_name);
463 fstrcpy(p->pipe_user_name, pipe_user_name);
464 fstrcpy(p->domain, domain);
465 fstrcpy(p->wks, wks);
466
467 /* Set up pipe user group membership. */
468 initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
469 get_current_groups( p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups);
470
471 /* Create an NT_USER_TOKEN struct for this user. */
472 p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
473 p->pipe_user.ngroups, p->pipe_user.groups,
474 guest_user, NULL);
475
476 p->ntlmssp_auth_validated = True;
477 pdb_free_sam(sampass);
478 return True;
479 }
480
481 /*******************************************************************
482 The switch table for the pipe names and the functions to handle them.
483 *******************************************************************/
484
485 struct api_cmd
486 {
487 char * pipe_clnt_name;
488 char * pipe_srv_name;
489 BOOL (*fn) (pipes_struct *);
490 };
491
492 static struct api_cmd api_fd_commands[] =
493 {
494 { "lsarpc", "lsass", api_ntlsa_rpc },
495 { "samr", "lsass", api_samr_rpc },
496 { "srvsvc", "ntsvcs", api_srvsvc_rpc },
497 { "wkssvc", "ntsvcs", api_wkssvc_rpc },
498 { "NETLOGON", "lsass", api_netlog_rpc },
499 { "winreg", "winreg", api_reg_rpc },
500 { "spoolss", "spoolss", api_spoolss_rpc },
501 #ifdef WITH_MSDFS
502 { "netdfs", "netdfs" , api_netdfs_rpc },
503 #endif
504 { NULL, NULL, NULL }
505 };
506
507 /*******************************************************************
508 This is the client reply to our challenge for an authenticated
509 bind request. The challenge we sent is in p->challenge.
510 *******************************************************************/
511
512 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
513 {
514 RPC_HDR_AUTHA autha_info;
515 RPC_AUTH_VERIFIER auth_verifier;
516 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
517
518 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
519
520 if (p->hdr.auth_len == 0) {
521 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
522 return False;
523 }
524
525 /*
526 * Decode the authentication verifier response.
527 */
528
529 if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
530 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
531 return False;
532 }
533
534 if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) {
535 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
536 (int)autha_info.auth_type, (int)autha_info.auth_level ));
537 return False;
538 }
539
540 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
541 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
542 return False;
543 }
544
545 /*
546 * Ensure this is a NTLMSSP_AUTH packet type.
547 */
548
549 if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
550 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
551 return False;
552 }
553
554 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
555 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
556 return False;
557 }
558
559 /*
560 * The following call actually checks the challenge/response data.
561 * for correctness against the given DOMAIN\user name.
562 */
563
564 if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
565 return False;
566
567 p->pipe_bound = True
568 ;
569 return True;
570 }
571
572 /*******************************************************************
573 Marshall a bind_nak pdu.
574 *******************************************************************/
575
576 static BOOL setup_bind_nak(pipes_struct *p)
577 {
578 prs_struct outgoing_rpc;
579 RPC_HDR nak_hdr;
580 uint16 zero = 0;
581
582 /* Free any memory in the current return data buffer. */
583 prs_mem_free(&p->out_data.rdata);
584
585 /*
586 * Marshall directly into the outgoing PDU space. We
587 * must do this as we need to set to the bind response
588 * header and are never sending more than one PDU here.
589 */
590
591 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
592 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
593
594
595 /*
596 * Initialize a bind_nak header.
597 */
598
599 init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
600 p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
601
602 /*
603 * Marshall the header into the outgoing PDU.
604 */
605
606 if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
607 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
608 prs_mem_free(&outgoing_rpc);
609 return False;
610 }
611
612 /*
613 * Now add the reject reason.
614 */
615
616 if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
617 prs_mem_free(&outgoing_rpc);
618 return False;
619 }
620
621 p->out_data.data_sent_length = 0;
622 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
623 p->out_data.current_pdu_sent = 0;
624
625 p->pipe_bound = False;
626
627 return True;
628 }
629
630 /*******************************************************************
631 Marshall a fault pdu.
632 *******************************************************************/
633
634 BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
635 {
636 prs_struct outgoing_pdu;
637 RPC_HDR fault_hdr;
638 RPC_HDR_RESP hdr_resp;
639 RPC_HDR_FAULT fault_resp;
640
641 /* Free any memory in the current return data buffer. */
642 prs_mem_free(&p->out_data.rdata);
643
644 /*
645 * Marshall directly into the outgoing PDU space. We
646 * must do this as we need to set to the bind response
647 * header and are never sending more than one PDU here.
648 */
649
650 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
651 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
652
653 /*
654 * Initialize a fault header.
655 */
656
657 init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
658 p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
659
660 /*
661 * Initialize the HDR_RESP and FAULT parts of the PDU.
662 */
663
664 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
665
666 fault_resp.status = status;
667 fault_resp.reserved = 0;
668
669 /*
670 * Marshall the header into the outgoing PDU.
671 */
672
673 if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
674 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
675 prs_mem_free(&outgoing_pdu);
676 return False;
677 }
678
679 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
680 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
681 prs_mem_free(&outgoing_pdu);
682 return False;
683 }
684
685 if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
686 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
687 prs_mem_free(&outgoing_pdu);
688 return False;
689 }
690
691 p->out_data.data_sent_length = 0;
692 p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
693 p->out_data.current_pdu_sent = 0;
694
695 prs_mem_free(&outgoing_pdu);
696 return True;
697 }
698
699 /*******************************************************************
700 Ensure a bind request has the correct abstract & transfer interface.
701 Used to reject unknown binds from Win2k.
702 *******************************************************************/
703
704 BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract,
705 RPC_IFACE* transfer)
706 {
707 extern struct pipe_id_info pipe_names[];
708 int i=0;
709 fstring pname;
710 fstrcpy(pname,"\\PIPE\\");
711 fstrcat(pname,pipe_name);
712
713 for(i=0;pipe_names[i].client_pipe; i++) {
714 if(strequal(pipe_names[i].client_pipe, pname))
715 break;
716 }
717
718 if(pipe_names[i].client_pipe == NULL)
719 return False;
720
721 /* check the abstract interface */
722 if((abstract->version != pipe_names[i].abstr_syntax.version) ||
723 (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid,
724 sizeof(RPC_UUID)) != 0))
725 return False;
726
727 /* check the transfer interface */
728 if((transfer->version != pipe_names[i].trans_syntax.version) ||
729 (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid,
730 sizeof(RPC_UUID)) != 0))
731 return False;
732
733 return True;
734 }
735
736 /*******************************************************************
737 Respond to a pipe bind request.
738 *******************************************************************/
739
740 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
741 {
742 RPC_HDR_BA hdr_ba;
743 RPC_HDR_RB hdr_rb;
744 RPC_HDR_AUTH auth_info;
745 uint16 assoc_gid;
746 fstring ack_pipe_name;
747 prs_struct out_hdr_ba;
748 prs_struct out_auth;
749 prs_struct outgoing_rpc;
750 int i = 0;
751 int auth_len = 0;
752 enum RPC_PKT_TYPE reply_pkt_type;
753
754 p->ntlmssp_auth_requested = False;
755
756 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
757
758 /*
759 * Try and find the correct pipe name to ensure
760 * that this is a pipe name we support.
761 */
762
763 for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) {
764 if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
765 api_fd_commands[i].fn != NULL) {
766 DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
767 api_fd_commands[i].pipe_clnt_name,
768 api_fd_commands[i].pipe_srv_name));
769 fstrcpy(p->pipe_srv_name, api_fd_commands[i].pipe_srv_name);
770 break;
771 }
772 }
773
774 if (api_fd_commands[i].fn == NULL) {
775 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
776 p->name ));
777 if(!setup_bind_nak(p))
778 return False;
779 return True;
780 }
781
782 /* decode the bind request */
783 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
784 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
785 return False;
786 }
787
788 /*
789 * Check if this is an authenticated request.
790 */
791
792 if (p->hdr.auth_len != 0) {
793 RPC_AUTH_VERIFIER auth_verifier;
794 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
795
796 /*
797 * Decode the authentication verifier.
798 */
799
800 if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
801 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
802 return False;
803 }
804
805 /*
806 * We only support NTLMSSP_AUTH_TYPE requests.
807 */
808
809 if(auth_info.auth_type != NTLMSSP_AUTH_TYPE) {
810 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
811 auth_info.auth_type ));
812 return False;
813 }
814
815 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
816 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
817 return False;
818 }
819
820 if(!strequal(auth_verifier.signature, "NTLMSSP")) {
821 DEBUG(0,("api_pipe_bind_req: auth_verifier.signature != NTLMSSP\n"));
822 return False;
823 }
824
825 if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
826 DEBUG(0,("api_pipe_bind_req: auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
827 auth_verifier.msg_type));
828 return False;
829 }
830
831 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
832 DEBUG(0,("api_pipe_bind_req: Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
833 return False;
834 }
835
836 p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
837 p->ntlmssp_auth_requested = True;
838 }
839
840 switch(p->hdr.pkt_type) {
841 case RPC_BIND:
842 /* name has to be \PIPE\xxxxx */
843 fstrcpy(ack_pipe_name, "\\PIPE\\");
844 fstrcat(ack_pipe_name, p->pipe_srv_name);
845 reply_pkt_type = RPC_BINDACK;
846 break;
847 case RPC_ALTCONT:
848 /* secondary address CAN be NULL
849 * as the specs say it's ignored.
850 * It MUST NULL to have the spoolss working.
851 */
852 fstrcpy(ack_pipe_name,"");
853 reply_pkt_type = RPC_ALTCONTRESP;
854 break;
855 default:
856 return False;
857 }
858
859 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
860
861 /*
862 * Marshall directly into the outgoing PDU space. We
863 * must do this as we need to set to the bind response
864 * header and are never sending more than one PDU here.
865 */
866
867 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
868 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
869
870 /*
871 * Setup the memory to marshall the ba header, and the
872 * auth footers.
873 */
874
875 if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
876 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
877 prs_mem_free(&outgoing_rpc);
878 return False;
879 }
880
881 if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
882 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
883 prs_mem_free(&outgoing_rpc);
884 prs_mem_free(&out_hdr_ba);
885 return False;
886 }
887
888 if (p->ntlmssp_auth_requested)
889 assoc_gid = 0x7a77;
890 else
891 assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
892
893 /*
894 * Create the bind response struct.
895 */
896
897 /* If the requested abstract synt uuid doesn't match our client pipe,
898 reject the bind_ack & set the transfer interface synt to all 0's,
899 ver 0 (observed when NT5 attempts to bind to abstract interfaces
900 unknown to NT4)
901 Needed when adding entries to a DACL from NT5 - SK */
902
903 if(check_bind_req(p->name, &hdr_rb.abstract, &hdr_rb.transfer)) {
904 init_rpc_hdr_ba(&hdr_ba,
905 MAX_PDU_FRAG_LEN,
906 MAX_PDU_FRAG_LEN,
907 assoc_gid,
908 ack_pipe_name,
909 0x1, 0x0, 0x0,
910 &hdr_rb.transfer);
911 } else {
912 RPC_IFACE null_interface;
913 ZERO_STRUCT(null_interface);
914 /* Rejection reason: abstract syntax not supported */
915 init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
916 MAX_PDU_FRAG_LEN, assoc_gid,
917 ack_pipe_name, 0x1, 0x2, 0x1,
918 &null_interface);
919 }
920
921 /*
922 * and marshall it.
923 */
924
925 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
926 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
927 goto err_exit;
928 }
929
930 /*
931 * Now the authentication.
932 */
933
934 if (p->ntlmssp_auth_requested) {
935 RPC_AUTH_VERIFIER auth_verifier;
936 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
937
938 generate_random_buffer(p->challenge, 8, False);
939
940 /*** Authentication info ***/
941
942 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
943 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
944 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
945 goto err_exit;
946 }
947
948 /*** NTLMSSP verifier ***/
949
950 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
951 if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
952 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
953 goto err_exit;
954 }
955
956 /* NTLMSSP challenge ***/
957
958 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
959 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
960 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
961 goto err_exit;
962 }
963
964 /* Auth len in the rpc header doesn't include auth_header. */
965 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
966 }
967
968 /*
969 * Create the header, now we know the length.
970 */
971
972 init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
973 p->hdr.call_id,
974 RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
975 auth_len);
976
977 /*
978 * Marshall the header into the outgoing PDU.
979 */
980
981 if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
982 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
983 goto err_exit;
984 }
985
986 /*
987 * Now add the RPC_HDR_BA and any auth needed.
988 */
989
990 if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
991 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
992 goto err_exit;
993 }
994
995 if(p->ntlmssp_auth_requested && !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
996 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
997 goto err_exit;
998 }
999
1000 if(!p->ntlmssp_auth_requested)
1001 p->pipe_bound = True;
1002
1003 /*
1004 * Setup the lengths for the initial reply.
1005 */
1006
1007 p->out_data.data_sent_length = 0;
1008 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1009 p->out_data.current_pdu_sent = 0;
1010
1011 prs_mem_free(&out_hdr_ba);
1012 prs_mem_free(&out_auth);
1013
1014 return True;
1015
1016 err_exit:
1017
1018 prs_mem_free(&outgoing_rpc);
1019 prs_mem_free(&out_hdr_ba);
1020 prs_mem_free(&out_auth);
1021 return False;
1022 }
1023
1024 /****************************************************************************
1025 Deal with sign & seal processing on an RPC request.
1026 ****************************************************************************/
1027
1028 BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1029 {
1030 /*
1031 * We always negotiate the following two bits....
1032 */
1033 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1034 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1035 int data_len;
1036 int auth_len;
1037 uint32 old_offset;
1038 uint32 crc32 = 0;
1039
1040 auth_len = p->hdr.auth_len;
1041
1042 if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1043 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1044 return False;
1045 }
1046
1047 /*
1048 * The following is that length of the data we must verify or unseal.
1049 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1050 * preceeding the auth_data.
1051 */
1052
1053 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1054 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1055
1056 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1057 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1058
1059 if (auth_seal) {
1060 /*
1061 * The data in rpc_in doesn't contain the RPC_HEADER as this
1062 * has already been consumed.
1063 */
1064 char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1065 NTLMSSPcalc_p(p, (uchar*)data, data_len);
1066 crc32 = crc32_calc_buffer(data, data_len);
1067 }
1068
1069 old_offset = prs_offset(rpc_in);
1070
1071 if (auth_seal || auth_verify) {
1072 RPC_HDR_AUTH auth_info;
1073
1074 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1075 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1076 (unsigned int)old_offset + data_len ));
1077 return False;
1078 }
1079
1080 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1081 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1082 return False;
1083 }
1084 }
1085
1086 if (auth_verify) {
1087 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1088 char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1089
1090 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1091
1092 /*
1093 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1094 * incoming buffer.
1095 */
1096 if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1097 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1098 RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1099 return False;
1100 }
1101
1102 NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1103 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1104 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1105 return False;
1106 }
1107
1108 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1109 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1110 return False;
1111 }
1112 }
1113
1114 /*
1115 * Return the current pointer to the data offset.
1116 */
1117
1118 if(!prs_set_offset(rpc_in, old_offset)) {
1119 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1120 (unsigned int)old_offset ));
1121 return False;
1122 }
1123
1124 return True;
1125 }
1126
1127 /****************************************************************************
1128 Return a user struct for a pipe user.
1129 ****************************************************************************/
1130
1131 struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1132 {
1133 if (p->ntlmssp_auth_validated) {
1134 memcpy(user, &p->pipe_user, sizeof(struct current_user));
1135 } else {
1136 extern struct current_user current_user;
1137 memcpy(user, &current_user, sizeof(struct current_user));
1138 }
1139
1140 return user;
1141 }
1142
1143 /****************************************************************************
1144 Find the correct RPC function to call for this request.
1145 If the pipe is authenticated then become the correct UNIX user
1146 before doing the call.
1147 ****************************************************************************/
1148
1149 BOOL api_pipe_request(pipes_struct *p)
1150 {
1151 int i = 0;
1152 BOOL ret = False;
1153
1154 if (p->ntlmssp_auth_validated) {
1155
1156 if(!become_authenticated_pipe_user(p)) {
1157 prs_mem_free(&p->out_data.rdata);
1158 return False;
1159 }
1160 }
1161
1162 for (i = 0; api_fd_commands[i].pipe_clnt_name; i++) {
1163 if (strequal(api_fd_commands[i].pipe_clnt_name, p->name) &&
1164 api_fd_commands[i].fn != NULL) {
1165 DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i].pipe_clnt_name));
1166 set_current_rpc_talloc(p->mem_ctx);
1167 ret = api_fd_commands[i].fn(p);
1168 set_current_rpc_talloc(NULL);
1169 }
1170 }
1171
1172 if (p->ntlmssp_auth_validated)
1173 unbecome_authenticated_pipe_user();
1174
1175 return ret;
1176 }
1177
1178 /*******************************************************************
1179 Calls the underlying RPC function for a named pipe.
1180 ********************************************************************/
1181
1182 BOOL api_rpcTNP(pipes_struct *p, char *rpc_name,
1183 struct api_struct *api_rpc_cmds)
1184 {
1185 int fn_num;
1186 fstring name;
1187 uint32 offset1, offset2;
1188
1189 /* interpret the command */
1190 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1191
1192 slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1193 prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1194
1195 for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++) {
1196 if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1197 DEBUG(3,("api_rpcTNP: pipe %u rpc command: %s\n", (unsigned int)p->pnum, api_rpc_cmds[fn_num].name));
1198 break;
1199 }
1200 }
1201
1202 if (api_rpc_cmds[fn_num].name == NULL) {
1203 /*
1204 * For an unknown RPC just return a fault PDU but
1205 * return True to allow RPC's on the pipe to continue
1206 * and not put the pipe into fault state. JRA.
1207 */
1208 DEBUG(4, ("unknown\n"));
1209 setup_fault_pdu(p, NT_STATUS(0x1c010002));
1210 return True;
1211 }
1212
1213 offset1 = prs_offset(&p->out_data.rdata);
1214
1215 /* do the actual command */
1216 if(!api_rpc_cmds[fn_num].fn(p)) {
1217 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1218 prs_mem_free(&p->out_data.rdata);
1219 return False;
1220 }
1221
1222 if (p->bad_handle_fault_state) {
1223 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1224 p->bad_handle_fault_state = False;
1225 setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1226 return True;
1227 }
1228
1229 slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1230 offset2 = prs_offset(&p->out_data.rdata);
1231 prs_set_offset(&p->out_data.rdata, offset1);
1232 prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1233 prs_set_offset(&p->out_data.rdata, offset2);
1234
1235 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1236
1237 /* Check for buffer underflow in rpc parsing */
1238
1239 if ((DEBUGLEVEL >= 10) &&
1240 (p->in_data.data.data_offset != p->in_data.data.buffer_size)) {
1241 int data_len = p->in_data.data.buffer_size -
1242 p->in_data.data.data_offset;
1243 char *data;
1244
1245 data = malloc(data_len);
1246
1247 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1248 if (data) {
1249 prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data,
1250 data_len);
1251 SAFE_FREE(data);
1252 }
1253
1254 }
1255
1256 return True;
1257 }
Samba GIT mirror