search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
forgot the altered include file
[Samba.git] / source3 / rpc_client / cli_pipe.c
blobbbbf194fbd204f872ca05518735c8be7fcc7e8e2
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1998.
7 * Copyright (C) Jeremy Allison 1999.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_CLI
28
29 extern struct pipe_id_info pipe_names[];
30
31 /********************************************************************
32 Rpc pipe call id.
33 ********************************************************************/
34
35 static uint32 get_rpc_call_id(void)
36 {
37 static uint32 call_id = 0;
38 return ++call_id;
39 }
40
41 /*******************************************************************
42 Use SMBreadX to get rest of one fragment's worth of rpc data.
43 ********************************************************************/
44
45 static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
46 {
47 size_t size = (size_t)cli->max_recv_frag;
48 int stream_offset = 0;
49 int num_read;
50 char *pdata;
51 int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
52
53 DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
54 (int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
55
56 /*
57 * Grow the buffer if needed to accommodate the data to be read.
58 */
59
60 if (extra_data_size > 0) {
61 if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
62 DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
63 return False;
64 }
65 DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
66 }
67
68 pdata = prs_data_p(rdata) + *rdata_offset;
69
70 do /* read data using SMBreadX */
71 {
72 uint32 ecode;
73 uint8 eclass;
74
75 if (size > (size_t)data_to_read)
76 size = (size_t)data_to_read;
77
78 num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
79
80 DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
81 num_read, stream_offset, data_to_read));
82
83 if (cli_is_dos_error(cli)) {
84 cli_dos_error(cli, &eclass, &ecode);
85 if (eclass != ERRDOS && ecode != ERRmoredata) {
86 DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
87 eclass, (unsigned int)ecode));
88 return False;
89 }
90 }
91
92 data_to_read -= num_read;
93 stream_offset += num_read;
94 pdata += num_read;
95
96 } while (num_read > 0 && data_to_read > 0);
97 /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
98
99 /*
100 * Update the current offset into rdata by the amount read.
101 */
102 *rdata_offset += stream_offset;
103
104 return True;
105 }
106
107 /****************************************************************************
108 Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
109 ****************************************************************************/
110
111 static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
112 BOOL *first, BOOL *last, uint32 *len)
113 {
114 DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
115
116 /* Next call sets endian bit. */
117
118 if(!smb_io_rpc_hdr("rpc_hdr ", rhdr, rdata, 0)) {
119 DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
120 return False;
121 }
122
123 if (prs_offset(rdata) != RPC_HEADER_LEN) {
124 DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
125 return False;
126 }
127
128 (*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
129 (*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
130 (*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
131
132 return (rhdr->pkt_type != RPC_FAULT);
133 }
134
135 static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, uint32 len)
136 {
137 unsigned char *hash = cli->ntlmssp_hash;
138 unsigned char index_i = hash[256];
139 unsigned char index_j = hash[257];
140 int ind;
141
142 for( ind = 0; ind < len; ind++) {
143 unsigned char tc;
144 unsigned char t;
145
146 index_i++;
147 index_j += hash[index_i];
148
149 tc = hash[index_i];
150 hash[index_i] = hash[index_j];
151 hash[index_j] = tc;
152
153 t = hash[index_i] + hash[index_j];
154 data[ind] = data[ind] ^ hash[t];
155 }
156
157 hash[256] = index_i;
158 hash[257] = index_j;
159 }
160
161 /****************************************************************************
162 Verify data on an rpc pipe.
163 The VERIFY & SEAL code is only executed on packets that look like this :
164
165 Request/Response PDU's look like the following...
166
167 |<------------------PDU len----------------------------------------------->|
168 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
169
170 +------------+-----------------+-------------+---------------+-------------+
171 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
172 +------------+-----------------+-------------+---------------+-------------+
173
174 Never on bind requests/responses.
175 ****************************************************************************/
176
177 static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int auth_len)
178 {
179 /*
180 * The following is that length of the data we must sign or seal.
181 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
182 * preceeding the auth_data.
183 */
184
185 int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
186
187 /*
188 * The start of the data to sign/seal is just after the RPC headers.
189 */
190 char *reply_data = prs_data_p(rdata) + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
191
192 BOOL auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
193 BOOL auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
194
195 DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
196 len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
197
198 /*
199 * Unseal any sealed data in the PDU, not including the
200 * 8 byte auth_header or the auth_data.
201 */
202
203 if (auth_seal) {
204 DEBUG(10,("rpc_auth_pipe: unseal\n"));
205 dump_data(100, reply_data, data_len);
206 NTLMSSPcalc_ap(cli, (uchar*)reply_data, data_len);
207 dump_data(100, reply_data, data_len);
208 }
209
210 if (auth_verify || auth_seal) {
211 RPC_HDR_AUTH rhdr_auth;
212 prs_struct auth_req;
213 char data[RPC_HDR_AUTH_LEN];
214 /*
215 * We set dp to be the end of the packet, minus the auth_len
216 * and the length of the header that preceeds the auth_data.
217 */
218 char *dp = prs_data_p(rdata) + len - auth_len - RPC_HDR_AUTH_LEN;
219
220 if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
221 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
222 return False;
223 }
224
225 memcpy(data, dp, sizeof(data));
226
227 prs_init(&auth_req , 0, cli->mem_ctx, UNMARSHALL);
228
229 /* The endianness must be preserved... JRA. */
230
231 prs_set_endian_data(&auth_req, rdata->bigendian_data);
232
233 prs_give_memory(&auth_req, data, RPC_HDR_AUTH_LEN, False);
234
235 /*
236 * Unmarshall the 8 byte auth_header that comes before the
237 * auth data.
238 */
239
240 if(!smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &auth_req, 0)) {
241 DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_HDR_AUTH failed.\n"));
242 return False;
243 }
244
245 if (!rpc_hdr_auth_chk(&rhdr_auth)) {
246 DEBUG(0,("rpc_auth_pipe: rpc_hdr_auth_chk failed.\n"));
247 return False;
248 }
249 }
250
251 /*
252 * Now unseal and check the auth verifier in the auth_data at
253 * then end of the packet. The 4 bytes skipped in the unseal
254 * seem to be a buffer pointer preceeding the sealed data.
255 */
256
257 if (auth_verify) {
258 RPC_AUTH_NTLMSSP_CHK chk;
259 uint32 crc32;
260 prs_struct auth_verf;
261 char data[RPC_AUTH_NTLMSSP_CHK_LEN];
262 char *dp = prs_data_p(rdata) + len - auth_len;
263
264 if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
265 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
266 return False;
267 }
268
269 DEBUG(10,("rpc_auth_pipe: verify\n"));
270 dump_data(100, dp, auth_len);
271 NTLMSSPcalc_ap(cli, (uchar*)(dp+4), auth_len - 4);
272
273 memcpy(data, dp, RPC_AUTH_NTLMSSP_CHK_LEN);
274 dump_data(100, data, auth_len);
275
276 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
277
278 /* The endinness must be preserved. JRA. */
279 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
280
281 prs_give_memory(&auth_verf, data, RPC_AUTH_NTLMSSP_CHK_LEN, False);
282
283 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0)) {
284 DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_AUTH_NTLMSSP_CHK failed.\n"));
285 return False;
286 }
287
288 crc32 = crc32_calc_buffer(reply_data, data_len);
289
290 if (!rpc_auth_ntlmssp_chk(&chk, crc32 , cli->ntlmssp_seq_num)) {
291 DEBUG(0,("rpc_auth_pipe: rpc_auth_ntlmssp_chk failed.\n"));
292 return False;
293 }
294 cli->ntlmssp_seq_num++;
295 }
296 return True;
297 }
298
299
300 /****************************************************************************
301 Send data on an rpc pipe via trans, which *must* be the last fragment.
302 receive response data from an rpc pipe, which may be large...
303
304 Read the first fragment: unfortunately have to use SMBtrans for the first
305 bit, then SMBreadX for subsequent bits.
306
307 If first fragment received also wasn't the last fragment, continue
308 getting fragments until we _do_ receive the last fragment.
309
310 Request/Response PDU's look like the following...
311
312 |<------------------PDU len----------------------------------------------->|
313 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
314
315 +------------+-----------------+-------------+---------------+-------------+
316 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
317 +------------+-----------------+-------------+---------------+-------------+
318
319 Where the presence of the AUTH_HDR and AUTH are dependent on the
320 signing & sealing being neogitated.
321
322 ****************************************************************************/
323
324 static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata)
325 {
326 uint32 len;
327 char *rparam = NULL;
328 uint32 rparam_len = 0;
329 uint16 setup[2];
330 BOOL first = True;
331 BOOL last = True;
332 RPC_HDR rhdr;
333 char *pdata = data ? prs_data_p(data) : NULL;
334 uint32 data_len = data ? prs_offset(data) : 0;
335 char *prdata = NULL;
336 uint32 rdata_len = 0;
337 uint32 current_offset = 0;
338 uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
339
340 /* Create setup parameters - must be in native byte order. */
341
342 setup[0] = TRANSACT_DCERPCCMD;
343 setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
344
345 DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
346
347 /* Send the RPC request and receive a response. For short RPC
348 calls (about 1024 bytes or so) the RPC request and response
349 appears in a SMBtrans request and response. Larger RPC
350 responses are received further on. */
351
352 if (!cli_api_pipe(cli, "\\PIPE\\",
353 setup, 2, 0, /* Setup, length, max */
354 NULL, 0, 0, /* Params, length, max */
355 pdata, data_len, max_data, /* data, length, max */
356 &rparam, &rparam_len, /* return params, len */
357 &prdata, &rdata_len)) /* return data, len */
358 {
359 DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
360 return False;
361 }
362
363 /* Throw away returned params - we know we won't use them. */
364
365 SAFE_FREE(rparam);
366
367 if (prdata == NULL) {
368 DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
369 (int)cli->nt_pipe_fnum));
370 return False;
371 }
372
373 /*
374 * Give this memory as dynamically allocated to the return parse
375 * struct.
376 */
377
378 prs_give_memory(rdata, prdata, rdata_len, True);
379 current_offset = rdata_len;
380
381 /* This next call sets the endian bit correctly in rdata. */
382
383 if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
384 prs_mem_free(rdata);
385 return False;
386 }
387
388 if (rhdr.pkt_type == RPC_BINDACK) {
389 if (!last && !first) {
390 DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
391 first = True;
392 last = True;
393 }
394 }
395
396 if (rhdr.pkt_type == RPC_RESPONSE) {
397 RPC_HDR_RESP rhdr_resp;
398 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
399 DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
400 prs_mem_free(rdata);
401 return False;
402 }
403 }
404
405 DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
406 (unsigned int)len, (unsigned int)rdata_len ));
407
408 /* check if data to be sent back was too large for one SMBtrans */
409 /* err status is only informational: the _real_ check is on the
410 length */
411
412 if (len > 0) {
413 /* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
414
415 /* Read the remaining part of the first response fragment */
416
417 if (!rpc_read(cli, rdata, len, &current_offset)) {
418 prs_mem_free(rdata);
419 return False;
420 }
421 }
422
423 /*
424 * Now we have a complete PDU, check the auth struct if any was sent.
425 */
426
427 if (rhdr.auth_len != 0) {
428 if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
429 return False;
430 /*
431 * Drop the auth footers from the current offset.
432 * We need this if there are more fragments.
433 * The auth footers consist of the auth_data and the
434 * preceeding 8 byte auth_header.
435 */
436 current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
437 }
438
439 /*
440 * Only one rpc fragment, and it has been read.
441 */
442
443 if (first && last) {
444 DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
445 return True;
446 }
447
448 /*
449 * Read more fragments using SMBreadX until we get one with the
450 * last bit set.
451 */
452
453 while (!last) {
454 RPC_HDR_RESP rhdr_resp;
455 int num_read;
456 char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
457 prs_struct hps;
458 uint8 eclass;
459 uint32 ecode;
460
461 /*
462 * First read the header of the next PDU.
463 */
464
465 prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
466 prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
467
468 num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
469 if (cli_is_dos_error(cli)) {
470 cli_dos_error(cli, &eclass, &ecode);
471 if (eclass != ERRDOS && ecode != ERRmoredata) {
472 DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
473 return False;
474 }
475 }
476
477 DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
478
479 if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
480 DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
481 RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
482 return False;
483 }
484
485 /* This call sets the endianness in hps. */
486
487 if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
488 return False;
489
490 /* Ensure the endianness in rdata is set correctly - must be same as hps. */
491
492 if (hps.bigendian_data != rdata->bigendian_data) {
493 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
494 rdata->bigendian_data ? "big" : "little",
495 hps.bigendian_data ? "big" : "little" ));
496 return False;
497 }
498
499 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
500 DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
501 return False;
502 }
503
504 if (first) {
505 DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
506 return False;
507 }
508
509 /*
510 * Now read the rest of the PDU.
511 */
512
513 if (!rpc_read(cli, rdata, len, &current_offset))
514 return False;
515
516 /*
517 * Verify any authentication footer.
518 */
519
520 if (rhdr.auth_len != 0 ) {
521 if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
522 return False;
523 /*
524 * Drop the auth footers from the current offset.
525 * The auth footers consist of the auth_data and the
526 * preceeding 8 byte auth_header.
527 * We need this if there are more fragments.
528 */
529 current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
530 }
531 }
532
533 return True;
534 }
535
536 /*******************************************************************
537 creates a DCE/RPC bind request
538
539 - initialises the parse structure.
540 - dynamically allocates the header data structure
541 - caller is expected to free the header data structure once used.
542
543 ********************************************************************/
544
545 static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, uint32 rpc_call_id,
546 RPC_IFACE *abstract, RPC_IFACE *transfer,
547 const char *my_name, const char *domain, uint32 neg_flags)
548 {
549 RPC_HDR hdr;
550 RPC_HDR_RB hdr_rb;
551 char buffer[4096];
552 prs_struct auth_info;
553 int auth_len = 0;
554
555 prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
556
557 if (do_auth) {
558 RPC_HDR_AUTH hdr_auth;
559 RPC_AUTH_VERIFIER auth_verifier;
560 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
561
562 /*
563 * Create the auth structs we will marshall.
564 */
565
566 init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00, 1);
567 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_NEGOTIATE);
568 init_rpc_auth_ntlmssp_neg(&ntlmssp_neg, neg_flags, my_name, domain);
569
570 /*
571 * Use the 4k buffer to store the auth info.
572 */
573
574 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
575
576 /*
577 * Now marshall the data into the temporary parse_struct.
578 */
579
580 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
581 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
582 return False;
583 }
584
585 if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
586 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_VERIFIER.\n"));
587 return False;
588 }
589
590 if(!smb_io_rpc_auth_ntlmssp_neg("ntlmssp_neg", &ntlmssp_neg, &auth_info, 0)) {
591 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_NTLMSSP_NEG.\n"));
592 return False;
593 }
594
595 /* Auth len in the rpc header doesn't include auth_header. */
596 auth_len = prs_offset(&auth_info) - RPC_HDR_AUTH_LEN;
597 }
598
599 /* create the request RPC_HDR */
600 init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id,
601 RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
602 auth_len);
603
604 if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
605 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
606 return False;
607 }
608
609 /* create the bind request RPC_HDR_RB */
610 init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
611 0x1, 0x0, 0x1, abstract, transfer);
612
613 /* Marshall the bind request data */
614 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
615 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
616 return False;
617 }
618
619 /*
620 * Grow the outgoing buffer to store any auth info.
621 */
622
623 if(hdr.auth_len != 0) {
624 if(!prs_append_prs_data( rpc_out, &auth_info)) {
625 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
626 return False;
627 }
628 }
629
630 return True;
631 }
632
633 /*******************************************************************
634 Creates a DCE/RPC bind authentication response.
635 This is the packet that is sent back to the server once we
636 have received a BIND-ACK, to finish the third leg of
637 the authentication handshake.
638 ********************************************************************/
639
640 static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
641 const char *domain, const char *user_name, const char *my_name,
642 uint32 ntlmssp_cli_flgs,
643 uint32 rpc_call_id,
644 prs_struct *rpc_out)
645 {
646 unsigned char lm_owf[24];
647 unsigned char nt_owf[24];
648 RPC_HDR hdr;
649 RPC_HDR_AUTHA hdr_autha;
650 RPC_AUTH_VERIFIER auth_verifier;
651 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
652 char buffer[4096];
653 prs_struct auth_info;
654
655 /*
656 * Marshall the variable length data into a temporary parse
657 * struct, pointing into a 4k local buffer.
658 */
659 prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
660
661 /*
662 * Use the 4k buffer to store the auth info.
663 */
664
665 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
666
667 /*
668 * Create the variable length auth_data.
669 */
670
671 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH);
672
673 pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf);
674
675 init_rpc_auth_ntlmssp_resp(&ntlmssp_resp,
676 lm_owf, nt_owf,
677 domain, user_name, my_name,
678 ntlmssp_cli_flgs);
679
680 /*
681 * Marshall the variable length auth_data into a temp parse_struct.
682 */
683
684 if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
685 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_VERIFIER.\n"));
686 return False;
687 }
688
689 if(!smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, &auth_info, 0)) {
690 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_NTLMSSP_RESP.\n"));
691 return False;
692 }
693
694 /* Create the request RPC_HDR */
695 init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
696 RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + prs_offset(&auth_info),
697 prs_offset(&auth_info) );
698
699 /* Marshall it. */
700 if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
701 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
702 return False;
703 }
704
705 /* Create the request RPC_HDR_AUTHA */
706 init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
707 NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00);
708
709 if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
710 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
711 return False;
712 }
713
714 /*
715 * Append the auth data to the outgoing buffer.
716 */
717
718 if(!prs_append_prs_data(rpc_out, &auth_info)) {
719 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
720 return False;
721 }
722
723 return True;
724 }
725
726
727 /*******************************************************************
728 Creates a DCE/RPC request.
729 ********************************************************************/
730
731 static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
732 {
733 uint32 alloc_hint;
734 RPC_HDR hdr;
735 RPC_HDR_REQ hdr_req;
736 uint32 callid = oldid ? oldid : get_rpc_call_id();
737
738 DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
739
740 /* create the rpc header RPC_HDR */
741 init_rpc_hdr(&hdr, RPC_REQUEST, flags,
742 callid, data_len, auth_len);
743
744 /*
745 * The alloc hint should be the amount of data, not including
746 * RPC headers & footers.
747 */
748
749 if (auth_len != 0)
750 alloc_hint = data_left - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
751 else
752 alloc_hint = data_left - RPC_HEADER_LEN;
753
754 DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
755 data_len, auth_len, alloc_hint));
756
757 /* Create the rpc request RPC_HDR_REQ */
758 init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
759
760 /* stream-time... */
761 if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
762 return 0;
763
764 if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
765 return 0;
766
767 if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
768 return 0;
769
770 return callid;
771 }
772
773 /*******************************************************************
774 Puts an auth header into an rpc request.
775 ********************************************************************/
776
777 static BOOL create_auth_hdr(prs_struct *outgoing_packet, BOOL auth_verify)
778 {
779 RPC_HDR_AUTH hdr_auth;
780
781 init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE,
782 NTLMSSP_AUTH_LEVEL, 0x08,
783 (auth_verify ? 1 : 0));
784 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
785 outgoing_packet, 0)) {
786 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
787 return False;
788 }
789 return True;
790 }
791
792 /*******************************************************************
793 Puts auth data into an rpc request.
794 ********************************************************************/
795
796 static BOOL create_auth_data(struct cli_state *cli, uint32 crc32,
797 prs_struct *outgoing_packet)
798 {
799 char *pdata_out = prs_data_p(outgoing_packet);
800 RPC_AUTH_NTLMSSP_CHK chk;
801 uint32 current_offset = prs_offset(outgoing_packet);
802
803 init_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION,
804 crc32, cli->ntlmssp_seq_num++);
805 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk,
806 outgoing_packet, 0)) {
807 DEBUG(0,("create_auth_data: Failed to marshal RPC_AUTH_NTLMSSP_CHK.\n"));
808 return False;
809 }
810 NTLMSSPcalc_ap(cli, (unsigned char*)
811 &pdata_out[current_offset+4],
812 RPC_AUTH_NTLMSSP_CHK_LEN - 4);
813 return True;
814 }
815
816 /**
817 * Send a request on an RPC pipe and get a response.
818 *
819 * @param data NDR contents of the request to be sent.
820 * @param rdata Unparsed NDR response data.
821 **/
822
823 BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
824 prs_struct *data, prs_struct *rdata)
825 {
826 uint32 auth_len, max_data, data_left, data_sent;
827 BOOL ret = False;
828 BOOL auth_verify, auth_seal;
829 fstring dump_name;
830
831 auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
832 auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
833
834 auth_len = (auth_verify ? RPC_AUTH_NTLMSSP_CHK_LEN : 0);
835
836 /*
837 * calc how much actual data we can send in a PDU fragment
838 */
839 max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
840 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
841
842 for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
843 prs_struct outgoing_packet;
844 uint32 data_len, send_size;
845 uint8 flags = 0;
846 uint32 crc32 = 0;
847 uint32 callid = 0;
848
849 /*
850 * how much will we send this time
851 */
852 send_size = MIN(data_left, max_data);
853 data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + send_size +
854 (auth_verify ? RPC_HDR_AUTH_LEN : 0) + auth_len;
855
856 /*
857 * Malloc parse struct to hold it (and enough for alignments).
858 */
859 if(!prs_init(&outgoing_packet, data_len + 8,
860 cli->mem_ctx, MARSHALL)) {
861 DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
862 return False;
863 }
864
865 if (data_left == prs_offset(data))
866 flags |= RPC_FLG_FIRST;
867
868 if (data_left < max_data)
869 flags |= RPC_FLG_LAST;
870 /*
871 * Write out the RPC header and the request header.
872 */
873 if(!(callid = create_rpc_request(&outgoing_packet, op_num,
874 data_len, auth_len, flags,
875 callid, data_left))) {
876 DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
877 prs_mem_free(&outgoing_packet);
878 return False;
879 }
880
881 /*
882 * Seal the outgoing data if requested.
883 */
884 if (auth_seal) {
885 crc32 = crc32_calc_buffer(prs_data_p(data) + data_sent,
886 send_size);
887 NTLMSSPcalc_ap(cli, (unsigned char*)prs_data_p(data) +
888 data_sent, send_size);
889 }
890
891 /*
892 * Now copy the data into the outgoing packet.
893 */
894 if(!prs_append_some_prs_data(&outgoing_packet, data,
895 data_sent, send_size)) {
896 DEBUG(0,("rpc_api_pipe_req: Failed to append data to outgoing packet.\n"));
897 prs_mem_free(&outgoing_packet);
898 return False;
899 }
900
901 /*
902 * Add a trailing auth_verifier if needed.
903 */
904 if (auth_seal || auth_verify) {
905 if(!create_auth_hdr(&outgoing_packet, auth_verify)) {
906 prs_mem_free(&outgoing_packet);
907 return False;
908 }
909 }
910
911 /*
912 * Finally the auth data itself.
913 */
914 if (auth_verify) {
915 if (!create_auth_data(cli, crc32, &outgoing_packet)) {
916 prs_mem_free(&outgoing_packet);
917 return False;
918 }
919 }
920
921 DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
922 prs_offset(&outgoing_packet)));
923
924 if (flags & RPC_FLG_LAST)
925 ret = rpc_api_pipe(cli, &outgoing_packet, rdata);
926 else {
927 cli_write(cli, cli->nt_pipe_fnum, 0x0008,
928 prs_data_p(&outgoing_packet),
929 data_sent, data_len);
930 }
931 prs_mem_free(&outgoing_packet);
932 data_sent += send_size;
933 data_left -= send_size;
934 }
935 /* Also capture received data */
936 slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
937 cli_pipe_get_name(cli));
938 prs_dump(dump_name, op_num, rdata);
939
940 return ret;
941 }
942
943 /****************************************************************************
944 Set the handle state.
945 ****************************************************************************/
946
947 static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
948 {
949 BOOL state_set = False;
950 char param[2];
951 uint16 setup[2]; /* only need 2 uint16 setup parameters */
952 char *rparam = NULL;
953 char *rdata = NULL;
954 uint32 rparam_len, rdata_len;
955
956 if (pipe_name == NULL)
957 return False;
958
959 DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
960 cli->nt_pipe_fnum, pipe_name, device_state));
961
962 /* create parameters: device state */
963 SSVAL(param, 0, device_state);
964
965 /* create setup parameters. */
966 setup[0] = 0x0001;
967 setup[1] = cli->nt_pipe_fnum; /* pipe file handle. got this from an SMBOpenX. */
968
969 /* send the data on \PIPE\ */
970 if (cli_api_pipe(cli, "\\PIPE\\",
971 setup, 2, 0, /* setup, length, max */
972 param, 2, 0, /* param, length, max */
973 NULL, 0, 1024, /* data, length, max */
974 &rparam, &rparam_len, /* return param, length */
975 &rdata, &rdata_len)) /* return data, length */
976 {
977 DEBUG(5, ("Set Handle state: return OK\n"));
978 state_set = True;
979 }
980
981 SAFE_FREE(rparam);
982 SAFE_FREE(rdata);
983
984 return state_set;
985 }
986
987 /****************************************************************************
988 check the rpc bind acknowledge response
989 ****************************************************************************/
990
991 int get_pipe_index( const char *pipe_name )
992 {
993 int pipe_idx = 0;
994
995 while (pipe_names[pipe_idx].client_pipe != NULL) {
996 if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
997 return pipe_idx;
998 pipe_idx++;
999 };
1000
1001 return -1;
1002 }
1003
1004
1005 /****************************************************************************
1006 check the rpc bind acknowledge response
1007 ****************************************************************************/
1008
1009 const char* get_pipe_name_from_index( const int pipe_index )
1010 {
1011
1012 if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
1013 return NULL;
1014
1015 return pipe_names[pipe_index].client_pipe;
1016 }
1017
1018 /****************************************************************************
1019 Check to see if this pipe index points to one of
1020 the pipes only supported by Win2k
1021 ****************************************************************************/
1022
1023 BOOL is_win2k_pipe( const int pipe_idx )
1024 {
1025 switch ( pipe_idx )
1026 {
1027 case PI_LSARPC_DS:
1028 return True;
1029 }
1030
1031 return False;
1032 }
1033
1034 /****************************************************************************
1035 check the rpc bind acknowledge response
1036 ****************************************************************************/
1037
1038 static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
1039 {
1040 if ( pipe_idx >= PI_MAX_PIPES ) {
1041 DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
1042 pipe_idx));
1043 return False;
1044 }
1045
1046 DEBUG(5,("Bind Abstract Syntax: "));
1047 dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
1048 sizeof(pipe_names[pipe_idx].abstr_syntax));
1049 DEBUG(5,("Bind Transfer Syntax: "));
1050 dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
1051 sizeof(pipe_names[pipe_idx].trans_syntax));
1052
1053 /* copy the required syntaxes out so we can do the right bind */
1054
1055 *transfer = pipe_names[pipe_idx].trans_syntax;
1056 *abstract = pipe_names[pipe_idx].abstr_syntax;
1057
1058 return True;
1059 }
1060
1061 /****************************************************************************
1062 check the rpc bind acknowledge response
1063 ****************************************************************************/
1064
1065 static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
1066 {
1067 int i = 0;
1068
1069 if ( hdr_ba->addr.len <= 0)
1070 return False;
1071
1072 if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe ))
1073 {
1074 DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
1075 pipe_names[i].server_pipe ,hdr_ba->addr.str));
1076 return False;
1077 }
1078
1079 DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
1080
1081 if (pipe_names[pipe_idx].server_pipe == NULL) {
1082 DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
1083 return False;
1084 }
1085
1086 /* check the transfer syntax */
1087 if ((hdr_ba->transfer.version != transfer->version) ||
1088 (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1089 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1090 return False;
1091 }
1092
1093 /* lkclXXXX only accept one result: check the result(s) */
1094 if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
1095 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1096 hdr_ba->res.num_results, hdr_ba->res.reason));
1097 }
1098
1099 DEBUG(5,("bind_rpc_pipe: accepted!\n"));
1100 return True;
1101 }
1102
1103 /****************************************************************************
1104 Create and send the third packet in an RPC auth.
1105 ****************************************************************************/
1106
1107 static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
1108 {
1109 RPC_HDR_AUTH rhdr_auth;
1110 RPC_AUTH_VERIFIER rhdr_verf;
1111 RPC_AUTH_NTLMSSP_CHAL rhdr_chal;
1112 char buffer[MAX_PDU_FRAG_LEN];
1113 prs_struct rpc_out;
1114 ssize_t ret;
1115
1116 unsigned char p24[24];
1117 unsigned char lm_owf[24];
1118 unsigned char lm_hash[16];
1119
1120 if(!smb_io_rpc_hdr_auth("", &rhdr_auth, rdata, 0)) {
1121 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_HDR_AUTH.\n"));
1122 return False;
1123 }
1124 if(!smb_io_rpc_auth_verifier("", &rhdr_verf, rdata, 0)) {
1125 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_VERIFIER.\n"));
1126 return False;
1127 }
1128 if(!smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, rdata, 0)) {
1129 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_NTLMSSP_CHAL.\n"));
1130 return False;
1131 }
1132
1133 cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags;
1134
1135 pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
1136
1137 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1138
1139 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1140
1141 create_rpc_bind_resp(&cli->pwd, cli->domain,
1142 cli->user_name, global_myname(),
1143 cli->ntlmssp_cli_flgs, rpc_call_id,
1144 &rpc_out);
1145
1146 pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
1147 pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
1148
1149 NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
1150
1151 {
1152 unsigned char j = 0;
1153 int ind;
1154 unsigned char k2[8];
1155
1156 memcpy(k2, p24, 5);
1157 k2[5] = 0xe5;
1158 k2[6] = 0x38;
1159 k2[7] = 0xb0;
1160
1161 for (ind = 0; ind < 256; ind++)
1162 cli->ntlmssp_hash[ind] = (unsigned char)ind;
1163
1164 for( ind = 0; ind < 256; ind++) {
1165 unsigned char tc;
1166
1167 j += (cli->ntlmssp_hash[ind] + k2[ind%8]);
1168
1169 tc = cli->ntlmssp_hash[ind];
1170 cli->ntlmssp_hash[ind] = cli->ntlmssp_hash[j];
1171 cli->ntlmssp_hash[j] = tc;
1172 }
1173
1174 cli->ntlmssp_hash[256] = 0;
1175 cli->ntlmssp_hash[257] = 0;
1176 }
1177
1178 memset((char *)lm_hash, '\0', sizeof(lm_hash));
1179
1180 if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
1181 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
1182 DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
1183 return False;
1184 }
1185
1186 cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags;
1187 return True;
1188 }
1189
1190 /****************************************************************************
1191 Do an rpc bind.
1192 ****************************************************************************/
1193
1194 BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_name)
1195 {
1196 RPC_IFACE abstract;
1197 RPC_IFACE transfer;
1198 prs_struct rpc_out;
1199 prs_struct rdata;
1200 BOOL do_auth = (cli->ntlmssp_cli_flgs != 0);
1201 uint32 rpc_call_id;
1202 char buffer[MAX_PDU_FRAG_LEN];
1203
1204 if ( (pipe_idx < 0) || (pipe_idx >= PI_MAX_PIPES) )
1205 return False;
1206
1207 DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
1208
1209 if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
1210 return False;
1211
1212 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1213
1214 /*
1215 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
1216 */
1217
1218 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1219
1220 rpc_call_id = get_rpc_call_id();
1221
1222 /* Marshall the outgoing data. */
1223 create_rpc_bind_req(&rpc_out, do_auth, rpc_call_id,
1224 &abstract, &transfer,
1225 global_myname(), cli->domain, cli->ntlmssp_cli_flgs);
1226
1227 /* Initialize the incoming data struct. */
1228 prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
1229
1230 /* send data on \PIPE\. receive a response */
1231 if (rpc_api_pipe(cli, &rpc_out, &rdata)) {
1232 RPC_HDR_BA hdr_ba;
1233
1234 DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
1235
1236 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
1237 DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
1238 prs_mem_free(&rdata);
1239 return False;
1240 }
1241
1242 if(!check_bind_response(&hdr_ba, pipe_idx, &transfer)) {
1243 DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
1244 prs_mem_free(&rdata);
1245 return False;
1246 }
1247
1248 cli->max_xmit_frag = hdr_ba.bba.max_tsize;
1249 cli->max_recv_frag = hdr_ba.bba.max_rsize;
1250
1251 /*
1252 * If we're doing NTLMSSP auth we need to send a reply to
1253 * the bind-ack to complete the 3-way challenge response
1254 * handshake.
1255 */
1256
1257 if (do_auth && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
1258 DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
1259 prs_mem_free(&rdata);
1260 return False;
1261 }
1262 }
1263
1264 prs_mem_free(&rdata);
1265 return True;
1266 }
1267
1268 /****************************************************************************
1269 Open a session.
1270 ****************************************************************************/
1271
1272 BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
1273 {
1274 int fnum;
1275
1276 /* At the moment we can't have more than one pipe open over
1277 a cli connection. )-: */
1278
1279 SMB_ASSERT(cli->nt_pipe_fnum == 0);
1280
1281 /* The pipe index must fall within our array */
1282
1283 SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
1284
1285 if (cli->capabilities & CAP_NT_SMBS) {
1286 if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
1287 DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
1288 &pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
1289 return False;
1290 }
1291
1292 cli->nt_pipe_fnum = (uint16)fnum;
1293 } else {
1294 if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1295 DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
1296 pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
1297 return False;
1298 }
1299
1300 cli->nt_pipe_fnum = (uint16)fnum;
1301
1302 /**************** Set Named Pipe State ***************/
1303 if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
1304 DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
1305 cli_errstr(cli)));
1306 cli_close(cli, cli->nt_pipe_fnum);
1307 return False;
1308 }
1309 }
1310
1311 /******************* bind request on pipe *****************/
1312
1313 if (!rpc_pipe_bind(cli, pipe_idx, global_myname())) {
1314 DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
1315 get_pipe_name_from_index(pipe_idx)));
1316 cli_close(cli, cli->nt_pipe_fnum);
1317 return False;
1318 }
1319
1320 /*
1321 * Setup the remote server name prefixed by \ and the machine account name.
1322 */
1323
1324 fstrcpy(cli->srv_name_slash, "\\\\");
1325 fstrcat(cli->srv_name_slash, cli->desthost);
1326 strupper(cli->srv_name_slash);
1327
1328 fstrcpy(cli->clnt_name_slash, "\\\\");
1329 fstrcat(cli->clnt_name_slash, global_myname());
1330 strupper(cli->clnt_name_slash);
1331
1332 fstrcpy(cli->mach_acct, global_myname());
1333 fstrcat(cli->mach_acct, "$");
1334 strupper(cli->mach_acct);
1335
1336 /* Remember which pipe we're talking to */
1337 fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
1338
1339 return True;
1340 }
1341
1342
1343 const char *cli_pipe_get_name(struct cli_state *cli)
1344 {
1345 return cli->pipe_name;
1346 }
1347
1348
1349 /****************************************************************************
1350 close the session
1351 ****************************************************************************/
1352
1353 void cli_nt_session_close(struct cli_state *cli)
1354 {
1355 cli_close(cli, cli->nt_pipe_fnum);
1356 cli->nt_pipe_fnum = 0;
1357 }
Samba GIT mirror