2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998,
7 * Copyright (C) Jeremy Allison 1999,
8 * Copyright (C) Anthony Liguori 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
37 * ... if you read the docs. or stare at packets for weeks on end.
44 #define DBGC_CLASS DBGC_RPC_SRV
46 /*************************************************************
48 We need to transfer the session key from one rpc bind to the
49 next. This is the way the netlogon schannel works.
50 **************************************************************/
51 struct dcinfo last_dcinfo
;
53 static void NTLMSSPcalc_p( pipes_struct
*p
, unsigned char *data
, int len
)
55 unsigned char *hash
= p
->ntlmssp_hash
;
56 unsigned char index_i
= hash
[256];
57 unsigned char index_j
= hash
[257];
60 for( ind
= 0; ind
< len
; ind
++) {
65 index_j
+= hash
[index_i
];
68 hash
[index_i
] = hash
[index_j
];
71 t
= hash
[index_i
] + hash
[index_j
];
72 data
[ind
] = data
[ind
] ^ hash
[t
];
79 /*******************************************************************
80 Generate the next PDU to be returned from the data in p->rdata.
81 We cheat here as this function doesn't handle the special auth
82 footers of the authenticated bind response reply.
83 ********************************************************************/
85 BOOL
create_next_pdu(pipes_struct
*p
)
87 RPC_HDR_RESP hdr_resp
;
88 BOOL auth_verify
= ((p
->ntlmssp_chal_flags
& NTLMSSP_NEGOTIATE_SIGN
) != 0);
89 BOOL auth_seal
= ((p
->ntlmssp_chal_flags
& NTLMSSP_NEGOTIATE_SEAL
) != 0);
91 uint32 data_space_available
;
93 prs_struct outgoing_pdu
;
97 * If we're in the fault state, keep returning fault PDU's until
98 * the pipe gets closed. JRA.
102 setup_fault_pdu(p
, NT_STATUS(0x1c010002));
106 memset((char *)&hdr_resp
, '\0', sizeof(hdr_resp
));
108 /* Change the incoming request header to a response. */
109 p
->hdr
.pkt_type
= RPC_RESPONSE
;
111 /* Set up rpc header flags. */
112 if (p
->out_data
.data_sent_length
== 0)
113 p
->hdr
.flags
= RPC_FLG_FIRST
;
118 * Work out how much we can fit in a single PDU.
121 data_space_available
= sizeof(p
->out_data
.current_pdu
) - RPC_HEADER_LEN
- RPC_HDR_RESP_LEN
;
122 if(p
->ntlmssp_auth_validated
)
123 data_space_available
-= (RPC_HDR_AUTH_LEN
+ RPC_AUTH_NTLMSSP_CHK_LEN
);
125 if(p
->netsec_auth_validated
)
126 data_space_available
-= (RPC_HDR_AUTH_LEN
+ RPC_AUTH_NETSEC_CHK_LEN
);
129 * The amount we send is the minimum of the available
130 * space and the amount left to send.
133 data_len_left
= prs_offset(&p
->out_data
.rdata
) - p
->out_data
.data_sent_length
;
136 * Ensure there really is data left to send.
140 DEBUG(0,("create_next_pdu: no data left to send !\n"));
144 data_len
= MIN(data_len_left
, data_space_available
);
147 * Set up the alloc hint. This should be the data left to
151 hdr_resp
.alloc_hint
= data_len_left
;
154 * Set up the header lengths.
157 if (p
->ntlmssp_auth_validated
) {
158 p
->hdr
.frag_len
= RPC_HEADER_LEN
+ RPC_HDR_RESP_LEN
+ data_len
+
159 RPC_HDR_AUTH_LEN
+ RPC_AUTH_NTLMSSP_CHK_LEN
;
160 p
->hdr
.auth_len
= RPC_AUTH_NTLMSSP_CHK_LEN
;
161 } else if (p
->netsec_auth_validated
) {
162 p
->hdr
.frag_len
= RPC_HEADER_LEN
+ RPC_HDR_RESP_LEN
+ data_len
+
163 RPC_HDR_AUTH_LEN
+ RPC_AUTH_NETSEC_CHK_LEN
;
164 p
->hdr
.auth_len
= RPC_AUTH_NETSEC_CHK_LEN
;
166 p
->hdr
.frag_len
= RPC_HEADER_LEN
+ RPC_HDR_RESP_LEN
+ data_len
;
171 * Work out if this PDU will be the last.
174 if(p
->out_data
.data_sent_length
+ data_len
>= prs_offset(&p
->out_data
.rdata
))
175 p
->hdr
.flags
|= RPC_FLG_LAST
;
178 * Init the parse struct to point at the outgoing
182 prs_init( &outgoing_pdu
, 0, p
->mem_ctx
, MARSHALL
);
183 prs_give_memory( &outgoing_pdu
, (char *)p
->out_data
.current_pdu
, sizeof(p
->out_data
.current_pdu
), False
);
185 /* Store the header in the data stream. */
186 if(!smb_io_rpc_hdr("hdr", &p
->hdr
, &outgoing_pdu
, 0)) {
187 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
188 prs_mem_free(&outgoing_pdu
);
192 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp
, &outgoing_pdu
, 0)) {
193 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
194 prs_mem_free(&outgoing_pdu
);
198 /* Store the current offset. */
199 data_pos
= prs_offset(&outgoing_pdu
);
201 /* Copy the data into the PDU. */
203 if(!prs_append_some_prs_data(&outgoing_pdu
, &p
->out_data
.rdata
, p
->out_data
.data_sent_length
, data_len
)) {
204 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len
));
205 prs_mem_free(&outgoing_pdu
);
209 if (p
->ntlmssp_auth_validated
) {
213 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
214 BOOLSTR(auth_verify
), BOOLSTR(auth_seal
), data_len
, p
->hdr
.auth_len
));
217 * Set data to point to where we copied the data into.
220 data
= prs_data_p(&outgoing_pdu
) + data_pos
;
223 crc32
= crc32_calc_buffer(data
, data_len
);
224 NTLMSSPcalc_p(p
, (uchar
*)data
, data_len
);
227 if (auth_seal
|| auth_verify
) {
228 RPC_HDR_AUTH auth_info
;
230 init_rpc_hdr_auth(&auth_info
, NTLMSSP_AUTH_TYPE
, NTLMSSP_AUTH_LEVEL
,
231 (auth_verify
? RPC_HDR_AUTH_LEN
: 0), (auth_verify
? 1 : 0));
232 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info
, &outgoing_pdu
, 0)) {
233 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
234 prs_mem_free(&outgoing_pdu
);
240 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk
;
241 char *auth_data
= prs_data_p(&outgoing_pdu
);
243 p
->ntlmssp_seq_num
++;
244 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk
, NTLMSSP_SIGN_VERSION
,
245 crc32
, p
->ntlmssp_seq_num
++);
246 auth_data
= prs_data_p(&outgoing_pdu
) + prs_offset(&outgoing_pdu
) + 4;
247 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk
, &outgoing_pdu
, 0)) {
248 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
249 prs_mem_free(&outgoing_pdu
);
252 NTLMSSPcalc_p(p
, (uchar
*)auth_data
, RPC_AUTH_NTLMSSP_CHK_LEN
- 4);
256 if (p
->netsec_auth_validated
) {
258 RPC_HDR_AUTH auth_info
;
259 static const uchar netsec_sig
[8] = NETSEC_SIGNATURE
;
260 static const uchar nullbytes
[8] = { 0,0,0,0,0,0,0,0 };
262 RPC_AUTH_NETSEC_CHK verf
;
268 data
= prs_data_p(&outgoing_pdu
) + data_pos
;
270 init_rpc_hdr_auth(&auth_info
, NETSEC_AUTH_TYPE
, NETSEC_AUTH_LEVEL
,
271 RPC_HDR_AUTH_LEN
, 1);
273 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info
, &outgoing_pdu
, 0)) {
274 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
275 prs_mem_free(&outgoing_pdu
);
279 prs_init(&rverf
, 0, p
->mem_ctx
, MARSHALL
);
280 prs_init(&rauth
, 0, p
->mem_ctx
, MARSHALL
);
282 if ((p
->netsec_auth
.seq_num
& 1) == 0) {
283 DEBUG(0,("SCHANNEL ERROR: seq_num must be odd in server! (seq_num=%d)\n",
284 p
->netsec_auth
.seq_num
));
287 RSIVAL(sign
, 0, p
->netsec_auth
.seq_num
);
290 init_rpc_auth_netsec_chk(&verf
, netsec_sig
, nullbytes
, sign
, nullbytes
);
292 netsec_encode(&p
->netsec_auth
, &verf
, data
, data_len
);
294 smb_io_rpc_auth_netsec_chk("", &verf
, &outgoing_pdu
, 0);
296 p
->netsec_auth
.seq_num
++;
300 * Setup the counts for this PDU.
303 p
->out_data
.data_sent_length
+= data_len
;
304 p
->out_data
.current_pdu_len
= p
->hdr
.frag_len
;
305 p
->out_data
.current_pdu_sent
= 0;
307 prs_mem_free(&outgoing_pdu
);
311 /*******************************************************************
312 Process an NTLMSSP authentication response.
313 If this function succeeds, the user has been authenticated
314 and their domain, name and calling workstation stored in
316 The initial challenge is stored in p->challenge.
317 *******************************************************************/
319 static BOOL
api_pipe_ntlmssp_verify(pipes_struct
*p
, RPC_AUTH_NTLMSSP_RESP
*ntlmssp_resp
)
331 struct auth_context
*auth_context
= NULL
;
332 auth_usersupplied_info
*user_info
= NULL
;
333 auth_serversupplied_info
*server_info
= NULL
;
335 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
337 memset(p
->user_name
, '\0', sizeof(p
->user_name
));
338 memset(p
->pipe_user_name
, '\0', sizeof(p
->pipe_user_name
));
339 memset(p
->domain
, '\0', sizeof(p
->domain
));
340 memset(p
->wks
, '\0', sizeof(p
->wks
));
342 /* Set up for non-authenticated user. */
343 delete_nt_token(&p
->pipe_user
.nt_user_token
);
344 p
->pipe_user
.ngroups
= 0;
345 SAFE_FREE( p
->pipe_user
.groups
);
348 * Setup an empty password for a guest user.
352 * We always negotiate UNICODE.
355 if (p
->ntlmssp_chal_flags
& NTLMSSP_NEGOTIATE_UNICODE
) {
356 rpcstr_pull(user_name
, ntlmssp_resp
->user
, sizeof(fstring
), ntlmssp_resp
->hdr_usr
.str_str_len
*2, 0 );
357 rpcstr_pull(domain
, ntlmssp_resp
->domain
, sizeof(fstring
), ntlmssp_resp
->hdr_domain
.str_str_len
*2, 0);
358 rpcstr_pull(wks
, ntlmssp_resp
->wks
, sizeof(fstring
), ntlmssp_resp
->hdr_wks
.str_str_len
*2, 0);
360 pull_ascii_fstring(user_name
, ntlmssp_resp
->user
);
361 pull_ascii_fstring(domain
, ntlmssp_resp
->domain
);
362 pull_ascii_fstring(wks
, ntlmssp_resp
->wks
);
365 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name
, domain
, wks
));
367 nt_pw_len
= MIN(sizeof(nt_owf
), ntlmssp_resp
->hdr_nt_resp
.str_str_len
);
368 lm_pw_len
= MIN(sizeof(lm_owf
), ntlmssp_resp
->hdr_lm_resp
.str_str_len
);
370 memcpy(lm_owf
, ntlmssp_resp
->lm_resp
, sizeof(lm_owf
));
371 memcpy(nt_owf
, ntlmssp_resp
->nt_resp
, nt_pw_len
);
373 #ifdef DEBUG_PASSWORD
374 DEBUG(100,("lm, nt owfs, chal\n"));
375 dump_data(100, (char *)lm_owf
, sizeof(lm_owf
));
376 dump_data(100, (char *)nt_owf
, nt_pw_len
);
377 dump_data(100, (char *)p
->challenge
, 8);
381 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
387 * Do the length checking only if user is not NULL.
390 if (ntlmssp_resp
->hdr_lm_resp
.str_str_len
== 0)
392 if (ntlmssp_resp
->hdr_nt_resp
.str_str_len
== 0)
394 if (ntlmssp_resp
->hdr_usr
.str_str_len
== 0)
396 if (ntlmssp_resp
->hdr_domain
.str_str_len
== 0)
398 if (ntlmssp_resp
->hdr_wks
.str_str_len
== 0)
403 make_auth_context_fixed(&auth_context
, (uchar
*)p
->challenge
);
405 if (!make_user_info_netlogon_network(&user_info
,
406 user_name
, domain
, wks
,
408 nt_owf
, nt_pw_len
)) {
409 DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
413 nt_status
= auth_context
->check_ntlm_password(auth_context
, user_info
, &server_info
);
415 (auth_context
->free
)(&auth_context
);
416 free_user_info(&user_info
);
418 p
->ntlmssp_auth_validated
= NT_STATUS_IS_OK(nt_status
);
420 if (!p
->ntlmssp_auth_validated
) {
421 DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
422 failed authentication on named pipe %s.\n", domain
, user_name
, wks
, p
->name
));
423 free_server_info(&server_info
);
428 * Set up the sign/seal data.
433 NTLMSSPOWFencrypt(server_info
->first_8_lm_hash
, lm_owf
, p24
);
445 for (ind
= 0; ind
< 256; ind
++)
446 p
->ntlmssp_hash
[ind
] = (unsigned char)ind
;
448 for( ind
= 0; ind
< 256; ind
++) {
451 j
+= (p
->ntlmssp_hash
[ind
] + k2
[ind
%8]);
453 tc
= p
->ntlmssp_hash
[ind
];
454 p
->ntlmssp_hash
[ind
] = p
->ntlmssp_hash
[j
];
455 p
->ntlmssp_hash
[j
] = tc
;
458 p
->ntlmssp_hash
[256] = 0;
459 p
->ntlmssp_hash
[257] = 0;
461 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
462 p
->ntlmssp_seq_num
= 0;
466 fstrcpy(p
->user_name
, user_name
);
467 fstrcpy(p
->pipe_user_name
, server_info
->unix_name
);
468 fstrcpy(p
->domain
, domain
);
469 fstrcpy(p
->wks
, wks
);
472 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
475 memcpy(p
->session_key
, server_info
->session_key
, sizeof(p
->session_key
));
477 p
->pipe_user
.uid
= server_info
->uid
;
478 p
->pipe_user
.gid
= server_info
->gid
;
480 p
->pipe_user
.ngroups
= server_info
->n_groups
;
481 if (p
->pipe_user
.ngroups
) {
482 if (!(p
->pipe_user
.groups
= memdup(server_info
->groups
, sizeof(gid_t
) * p
->pipe_user
.ngroups
))) {
483 DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
484 free_server_info(&server_info
);
489 if (server_info
->ptok
)
490 p
->pipe_user
.nt_user_token
= dup_nt_token(server_info
->ptok
);
492 DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
493 p
->pipe_user
.nt_user_token
= NULL
;
494 free_server_info(&server_info
);
498 p
->ntlmssp_auth_validated
= True
;
500 free_server_info(&server_info
);
504 /*******************************************************************
505 The switch table for the pipe names and the functions to handle them.
506 *******************************************************************/
515 struct api_struct
*cmds
;
519 static struct rpc_table
*rpc_lookup
;
520 static int rpc_lookup_size
;
522 /*******************************************************************
523 This is the client reply to our challenge for an authenticated
524 bind request. The challenge we sent is in p->challenge.
525 *******************************************************************/
527 BOOL
api_pipe_bind_auth_resp(pipes_struct
*p
, prs_struct
*rpc_in_p
)
529 RPC_HDR_AUTHA autha_info
;
530 RPC_AUTH_VERIFIER auth_verifier
;
531 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp
;
533 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__
));
535 if (p
->hdr
.auth_len
== 0) {
536 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
541 * Decode the authentication verifier response.
544 if(!smb_io_rpc_hdr_autha("", &autha_info
, rpc_in_p
, 0)) {
545 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
549 if (autha_info
.auth_type
!= NTLMSSP_AUTH_TYPE
|| autha_info
.auth_level
!= NTLMSSP_AUTH_LEVEL
) {
550 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
551 (int)autha_info
.auth_type
, (int)autha_info
.auth_level
));
555 if(!smb_io_rpc_auth_verifier("", &auth_verifier
, rpc_in_p
, 0)) {
556 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
561 * Ensure this is a NTLMSSP_AUTH packet type.
564 if (!rpc_auth_verifier_chk(&auth_verifier
, "NTLMSSP", NTLMSSP_AUTH
)) {
565 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
569 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp
, rpc_in_p
, 0)) {
570 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
575 * The following call actually checks the challenge/response data.
576 * for correctness against the given DOMAIN\user name.
579 if (!api_pipe_ntlmssp_verify(p
, &ntlmssp_resp
))
587 /*******************************************************************
588 Marshall a bind_nak pdu.
589 *******************************************************************/
591 static BOOL
setup_bind_nak(pipes_struct
*p
)
593 prs_struct outgoing_rpc
;
597 /* Free any memory in the current return data buffer. */
598 prs_mem_free(&p
->out_data
.rdata
);
601 * Marshall directly into the outgoing PDU space. We
602 * must do this as we need to set to the bind response
603 * header and are never sending more than one PDU here.
606 prs_init( &outgoing_rpc
, 0, p
->mem_ctx
, MARSHALL
);
607 prs_give_memory( &outgoing_rpc
, (char *)p
->out_data
.current_pdu
, sizeof(p
->out_data
.current_pdu
), False
);
611 * Initialize a bind_nak header.
614 init_rpc_hdr(&nak_hdr
, RPC_BINDNACK
, RPC_FLG_FIRST
| RPC_FLG_LAST
,
615 p
->hdr
.call_id
, RPC_HEADER_LEN
+ sizeof(uint16
), 0);
618 * Marshall the header into the outgoing PDU.
621 if(!smb_io_rpc_hdr("", &nak_hdr
, &outgoing_rpc
, 0)) {
622 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
623 prs_mem_free(&outgoing_rpc
);
628 * Now add the reject reason.
631 if(!prs_uint16("reject code", &outgoing_rpc
, 0, &zero
)) {
632 prs_mem_free(&outgoing_rpc
);
636 p
->out_data
.data_sent_length
= 0;
637 p
->out_data
.current_pdu_len
= prs_offset(&outgoing_rpc
);
638 p
->out_data
.current_pdu_sent
= 0;
640 p
->pipe_bound
= False
;
645 /*******************************************************************
646 Marshall a fault pdu.
647 *******************************************************************/
649 BOOL
setup_fault_pdu(pipes_struct
*p
, NTSTATUS status
)
651 prs_struct outgoing_pdu
;
653 RPC_HDR_RESP hdr_resp
;
654 RPC_HDR_FAULT fault_resp
;
656 /* Free any memory in the current return data buffer. */
657 prs_mem_free(&p
->out_data
.rdata
);
660 * Marshall directly into the outgoing PDU space. We
661 * must do this as we need to set to the bind response
662 * header and are never sending more than one PDU here.
665 prs_init( &outgoing_pdu
, 0, p
->mem_ctx
, MARSHALL
);
666 prs_give_memory( &outgoing_pdu
, (char *)p
->out_data
.current_pdu
, sizeof(p
->out_data
.current_pdu
), False
);
669 * Initialize a fault header.
672 init_rpc_hdr(&fault_hdr
, RPC_FAULT
, RPC_FLG_FIRST
| RPC_FLG_LAST
| RPC_FLG_NOCALL
,
673 p
->hdr
.call_id
, RPC_HEADER_LEN
+ RPC_HDR_RESP_LEN
+ RPC_HDR_FAULT_LEN
, 0);
676 * Initialize the HDR_RESP and FAULT parts of the PDU.
679 memset((char *)&hdr_resp
, '\0', sizeof(hdr_resp
));
681 fault_resp
.status
= status
;
682 fault_resp
.reserved
= 0;
685 * Marshall the header into the outgoing PDU.
688 if(!smb_io_rpc_hdr("", &fault_hdr
, &outgoing_pdu
, 0)) {
689 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
690 prs_mem_free(&outgoing_pdu
);
694 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp
, &outgoing_pdu
, 0)) {
695 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
696 prs_mem_free(&outgoing_pdu
);
700 if(!smb_io_rpc_hdr_fault("fault", &fault_resp
, &outgoing_pdu
, 0)) {
701 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
702 prs_mem_free(&outgoing_pdu
);
706 p
->out_data
.data_sent_length
= 0;
707 p
->out_data
.current_pdu_len
= prs_offset(&outgoing_pdu
);
708 p
->out_data
.current_pdu_sent
= 0;
710 prs_mem_free(&outgoing_pdu
);
714 /*******************************************************************
715 Ensure a bind request has the correct abstract & transfer interface.
716 Used to reject unknown binds from Win2k.
717 *******************************************************************/
719 BOOL
check_bind_req(char* pipe_name
, RPC_IFACE
* abstract
,
722 extern struct pipe_id_info pipe_names
[];
725 fstrcpy(pname
,"\\PIPE\\");
726 fstrcat(pname
,pipe_name
);
728 DEBUG(3,("check_bind_req for %s\n", pname
));
730 #ifndef SUPPORT_NEW_LSARPC_UUID
732 /* check for the first pipe matching the name */
734 for ( i
=0; pipe_names
[i
].client_pipe
; i
++ ) {
735 if ( strequal(pipe_names
[i
].client_pipe
, pname
) )
739 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
741 for ( i
=0; pipe_names
[i
].client_pipe
; i
++ )
743 if ( strequal(pipe_names
[i
].client_pipe
, pname
)
744 && (abstract
->version
== pipe_names
[i
].abstr_syntax
.version
)
745 && (memcmp(&abstract
->uuid
, &pipe_names
[i
].abstr_syntax
.uuid
, sizeof(RPC_UUID
)) == 0)
746 && (transfer
->version
== pipe_names
[i
].trans_syntax
.version
)
747 && (memcmp(&transfer
->uuid
, &pipe_names
[i
].trans_syntax
.uuid
, sizeof(RPC_UUID
)) == 0) )
754 if(pipe_names
[i
].client_pipe
== NULL
)
757 #ifndef SUPPORT_NEW_LSARPC_UUID
758 /* check the abstract interface */
759 if ( (abstract
->version
!= pipe_names
[i
].abstr_syntax
.version
)
760 || (memcmp(&abstract
->uuid
, &pipe_names
[i
].abstr_syntax
.uuid
, sizeof(RPC_UUID
)) != 0) )
765 /* check the transfer interface */
766 if ( (transfer
->version
!= pipe_names
[i
].trans_syntax
.version
)
767 || (memcmp(&transfer
->uuid
, &pipe_names
[i
].trans_syntax
.uuid
, sizeof(RPC_UUID
)) != 0) )
775 /*******************************************************************
776 Register commands to an RPC pipe
777 *******************************************************************/
778 NTSTATUS
rpc_pipe_register_commands(int version
, const char *clnt
, const char *srv
, const struct api_struct
*cmds
, int size
)
780 struct rpc_table
*rpc_entry
;
782 if (!clnt
|| !srv
|| !cmds
) {
783 return NT_STATUS_INVALID_PARAMETER
;
786 if (version
!= SMB_RPC_INTERFACE_VERSION
) {
787 DEBUG(0,("Can't register rpc commands!\n"
788 "You tried to register a rpc module with SMB_RPC_INTERFACE_VERSION %d"
789 ", while this version of samba uses version %d!\n",
790 version
,SMB_RPC_INTERFACE_VERSION
));
791 return NT_STATUS_OBJECT_TYPE_MISMATCH
;
796 * we still need to make sure that don't register the same commands twice!!!
801 /* We use a temporary variable because this call can fail and
802 rpc_lookup will still be valid afterwards. It could then succeed if
803 called again later */
804 rpc_entry
= realloc(rpc_lookup
,
805 ++rpc_lookup_size
*sizeof(struct rpc_table
));
806 if (NULL
== rpc_entry
) {
808 DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
809 return NT_STATUS_NO_MEMORY
;
811 rpc_lookup
= rpc_entry
;
814 rpc_entry
= rpc_lookup
+ (rpc_lookup_size
- 1);
815 ZERO_STRUCTP(rpc_entry
);
816 rpc_entry
->pipe
.clnt
= strdup(clnt
);
817 rpc_entry
->pipe
.srv
= strdup(srv
);
818 rpc_entry
->cmds
= realloc(rpc_entry
->cmds
,
819 (rpc_entry
->n_cmds
+ size
) *
820 sizeof(struct api_struct
));
821 memcpy(rpc_entry
->cmds
+ rpc_entry
->n_cmds
, cmds
,
822 size
* sizeof(struct api_struct
));
823 rpc_entry
->n_cmds
+= size
;
828 /*******************************************************************
829 Respond to a pipe bind request.
830 *******************************************************************/
832 BOOL
api_pipe_bind_req(pipes_struct
*p
, prs_struct
*rpc_in_p
)
836 RPC_HDR_AUTH auth_info
;
838 fstring ack_pipe_name
;
839 prs_struct out_hdr_ba
;
841 prs_struct outgoing_rpc
;
844 enum RPC_PKT_TYPE reply_pkt_type
;
846 p
->ntlmssp_auth_requested
= False
;
847 p
->netsec_auth_validated
= False
;
849 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__
));
852 * Try and find the correct pipe name to ensure
853 * that this is a pipe name we support.
857 for (i
= 0; i
< rpc_lookup_size
; i
++) {
858 if (strequal(rpc_lookup
[i
].pipe
.clnt
, p
->name
)) {
859 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
860 rpc_lookup
[i
].pipe
.clnt
, rpc_lookup
[i
].pipe
.srv
));
861 fstrcpy(p
->pipe_srv_name
, rpc_lookup
[i
].pipe
.srv
);
866 if (i
== rpc_lookup_size
) {
867 if (NT_STATUS_IS_ERR(smb_probe_module("rpc", p
->name
))) {
868 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
870 if(!setup_bind_nak(p
))
875 for (i
= 0; i
< rpc_lookup_size
; i
++) {
876 if (strequal(rpc_lookup
[i
].pipe
.clnt
, p
->name
)) {
877 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
878 rpc_lookup
[i
].pipe
.clnt
, rpc_lookup
[i
].pipe
.srv
));
879 fstrcpy(p
->pipe_srv_name
, rpc_lookup
[i
].pipe
.srv
);
884 if (i
== rpc_lookup_size
) {
885 DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p
->name
, p
->name
));
890 /* decode the bind request */
891 if(!smb_io_rpc_hdr_rb("", &hdr_rb
, rpc_in_p
, 0)) {
892 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
897 * Check if this is an authenticated request.
900 if (p
->hdr
.auth_len
!= 0) {
901 RPC_AUTH_VERIFIER auth_verifier
;
902 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg
;
905 * Decode the authentication verifier.
908 if(!smb_io_rpc_hdr_auth("", &auth_info
, rpc_in_p
, 0)) {
909 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
913 if(auth_info
.auth_type
== NTLMSSP_AUTH_TYPE
) {
915 if(!smb_io_rpc_auth_verifier("", &auth_verifier
, rpc_in_p
, 0)) {
916 DEBUG(0,("api_pipe_bind_req: unable to "
917 "unmarshall RPC_HDR_AUTH struct.\n"));
921 if(!strequal(auth_verifier
.signature
, "NTLMSSP")) {
922 DEBUG(0,("api_pipe_bind_req: "
923 "auth_verifier.signature != NTLMSSP\n"));
927 if(auth_verifier
.msg_type
!= NTLMSSP_NEGOTIATE
) {
928 DEBUG(0,("api_pipe_bind_req: "
929 "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
930 auth_verifier
.msg_type
));
934 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg
, rpc_in_p
, 0)) {
935 DEBUG(0,("api_pipe_bind_req: "
936 "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
940 p
->ntlmssp_chal_flags
= SMBD_NTLMSSP_NEG_FLAGS
;
941 p
->ntlmssp_auth_requested
= True
;
943 } else if (auth_info
.auth_type
== NETSEC_AUTH_TYPE
) {
945 RPC_AUTH_NETSEC_NEG neg
;
946 struct netsec_auth_struct
*a
= &(p
->netsec_auth
);
948 if (!smb_io_rpc_auth_netsec_neg("", &neg
, rpc_in_p
, 0)) {
949 DEBUG(0,("api_pipe_bind_req: "
950 "Could not unmarshal SCHANNEL auth neg\n"));
954 p
->netsec_auth_validated
= True
;
956 memset(a
->sess_key
, 0, sizeof(a
->sess_key
));
957 memcpy(a
->sess_key
, last_dcinfo
.sess_key
, sizeof(last_dcinfo
.sess_key
));
961 DEBUG(10,("schannel auth: domain [%s] myname [%s]\n",
962 neg
.domain
, neg
.myname
));
965 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
966 auth_info
.auth_type
));
971 switch(p
->hdr
.pkt_type
) {
973 /* name has to be \PIPE\xxxxx */
974 fstrcpy(ack_pipe_name
, "\\PIPE\\");
975 fstrcat(ack_pipe_name
, p
->pipe_srv_name
);
976 reply_pkt_type
= RPC_BINDACK
;
979 /* secondary address CAN be NULL
980 * as the specs say it's ignored.
981 * It MUST NULL to have the spoolss working.
983 fstrcpy(ack_pipe_name
,"");
984 reply_pkt_type
= RPC_ALTCONTRESP
;
990 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__
));
993 * Marshall directly into the outgoing PDU space. We
994 * must do this as we need to set to the bind response
995 * header and are never sending more than one PDU here.
998 prs_init( &outgoing_rpc
, 0, p
->mem_ctx
, MARSHALL
);
999 prs_give_memory( &outgoing_rpc
, (char *)p
->out_data
.current_pdu
, sizeof(p
->out_data
.current_pdu
), False
);
1002 * Setup the memory to marshall the ba header, and the
1006 if(!prs_init(&out_hdr_ba
, 1024, p
->mem_ctx
, MARSHALL
)) {
1007 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
1008 prs_mem_free(&outgoing_rpc
);
1012 if(!prs_init(&out_auth
, 1024, p
->mem_ctx
, MARSHALL
)) {
1013 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
1014 prs_mem_free(&outgoing_rpc
);
1015 prs_mem_free(&out_hdr_ba
);
1019 if (p
->ntlmssp_auth_requested
)
1022 assoc_gid
= hdr_rb
.bba
.assoc_gid
? hdr_rb
.bba
.assoc_gid
: 0x53f0;
1025 * Create the bind response struct.
1028 /* If the requested abstract synt uuid doesn't match our client pipe,
1029 reject the bind_ack & set the transfer interface synt to all 0's,
1030 ver 0 (observed when NT5 attempts to bind to abstract interfaces
1032 Needed when adding entries to a DACL from NT5 - SK */
1034 if(check_bind_req(p
->name
, &hdr_rb
.abstract
, &hdr_rb
.transfer
)) {
1035 init_rpc_hdr_ba(&hdr_ba
,
1043 RPC_IFACE null_interface
;
1044 ZERO_STRUCT(null_interface
);
1045 /* Rejection reason: abstract syntax not supported */
1046 init_rpc_hdr_ba(&hdr_ba
, MAX_PDU_FRAG_LEN
,
1047 MAX_PDU_FRAG_LEN
, assoc_gid
,
1048 ack_pipe_name
, 0x1, 0x2, 0x1,
1056 if(!smb_io_rpc_hdr_ba("", &hdr_ba
, &out_hdr_ba
, 0)) {
1057 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
1062 * Now the authentication.
1065 if (p
->ntlmssp_auth_requested
) {
1066 RPC_AUTH_VERIFIER auth_verifier
;
1067 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal
;
1069 generate_random_buffer(p
->challenge
, 8, False
);
1071 /*** Authentication info ***/
1073 init_rpc_hdr_auth(&auth_info
, NTLMSSP_AUTH_TYPE
, NTLMSSP_AUTH_LEVEL
, RPC_HDR_AUTH_LEN
, 1);
1074 if(!smb_io_rpc_hdr_auth("", &auth_info
, &out_auth
, 0)) {
1075 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1079 /*** NTLMSSP verifier ***/
1081 init_rpc_auth_verifier(&auth_verifier
, "NTLMSSP", NTLMSSP_CHALLENGE
);
1082 if(!smb_io_rpc_auth_verifier("", &auth_verifier
, &out_auth
, 0)) {
1083 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1087 /* NTLMSSP challenge ***/
1089 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal
, p
->ntlmssp_chal_flags
, p
->challenge
);
1090 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal
, &out_auth
, 0)) {
1091 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
1095 /* Auth len in the rpc header doesn't include auth_header. */
1096 auth_len
= prs_offset(&out_auth
) - RPC_HDR_AUTH_LEN
;
1099 if (p
->netsec_auth_validated
) {
1100 RPC_AUTH_VERIFIER auth_verifier
;
1103 /* The client opens a second RPC NETLOGON pipe without
1104 doing a auth2. The credentials for the schannel are
1105 re-used from the auth2 the client did before. */
1106 p
->dc
= last_dcinfo
;
1108 init_rpc_hdr_auth(&auth_info
, NETSEC_AUTH_TYPE
, NETSEC_AUTH_LEVEL
, RPC_HDR_AUTH_LEN
, 1);
1109 if(!smb_io_rpc_hdr_auth("", &auth_info
, &out_auth
, 0)) {
1110 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1114 /*** NETSEC verifier ***/
1116 init_rpc_auth_verifier(&auth_verifier
, "\001", 0x0);
1117 if(!smb_io_rpc_netsec_verifier("", &auth_verifier
, &out_auth
, 0)) {
1118 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1122 prs_align(&out_auth
);
1125 if(!prs_uint32("flags ", &out_auth
, 0, &flags
))
1128 auth_len
= prs_offset(&out_auth
) - RPC_HDR_AUTH_LEN
;
1132 * Create the header, now we know the length.
1135 init_rpc_hdr(&p
->hdr
, reply_pkt_type
, RPC_FLG_FIRST
| RPC_FLG_LAST
,
1137 RPC_HEADER_LEN
+ prs_offset(&out_hdr_ba
) + prs_offset(&out_auth
),
1141 * Marshall the header into the outgoing PDU.
1144 if(!smb_io_rpc_hdr("", &p
->hdr
, &outgoing_rpc
, 0)) {
1145 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1150 * Now add the RPC_HDR_BA and any auth needed.
1153 if(!prs_append_prs_data( &outgoing_rpc
, &out_hdr_ba
)) {
1154 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1158 if((p
->ntlmssp_auth_requested
|p
->netsec_auth_validated
) &&
1159 !prs_append_prs_data( &outgoing_rpc
, &out_auth
)) {
1160 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1164 if(!p
->ntlmssp_auth_requested
)
1165 p
->pipe_bound
= True
;
1168 * Setup the lengths for the initial reply.
1171 p
->out_data
.data_sent_length
= 0;
1172 p
->out_data
.current_pdu_len
= prs_offset(&outgoing_rpc
);
1173 p
->out_data
.current_pdu_sent
= 0;
1175 prs_mem_free(&out_hdr_ba
);
1176 prs_mem_free(&out_auth
);
1182 prs_mem_free(&outgoing_rpc
);
1183 prs_mem_free(&out_hdr_ba
);
1184 prs_mem_free(&out_auth
);
1188 /****************************************************************************
1189 Deal with sign & seal processing on an RPC request.
1190 ****************************************************************************/
1192 BOOL
api_pipe_auth_process(pipes_struct
*p
, prs_struct
*rpc_in
)
1195 * We always negotiate the following two bits....
1197 BOOL auth_verify
= ((p
->ntlmssp_chal_flags
& NTLMSSP_NEGOTIATE_SIGN
) != 0);
1198 BOOL auth_seal
= ((p
->ntlmssp_chal_flags
& NTLMSSP_NEGOTIATE_SEAL
) != 0);
1204 auth_len
= p
->hdr
.auth_len
;
1206 if ((auth_len
!= RPC_AUTH_NTLMSSP_CHK_LEN
) && auth_verify
) {
1207 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len
));
1212 * The following is that length of the data we must verify or unseal.
1213 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1214 * preceeding the auth_data.
1217 data_len
= p
->hdr
.frag_len
- RPC_HEADER_LEN
- RPC_HDR_REQ_LEN
-
1218 (auth_verify
? RPC_HDR_AUTH_LEN
: 0) - auth_len
;
1220 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1221 BOOLSTR(auth_verify
), BOOLSTR(auth_seal
), data_len
, auth_len
));
1225 * The data in rpc_in doesn't contain the RPC_HEADER as this
1226 * has already been consumed.
1228 char *data
= prs_data_p(rpc_in
) + RPC_HDR_REQ_LEN
;
1229 NTLMSSPcalc_p(p
, (uchar
*)data
, data_len
);
1230 crc32
= crc32_calc_buffer(data
, data_len
);
1233 old_offset
= prs_offset(rpc_in
);
1235 if (auth_seal
|| auth_verify
) {
1236 RPC_HDR_AUTH auth_info
;
1238 if(!prs_set_offset(rpc_in
, old_offset
+ data_len
)) {
1239 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1240 (unsigned int)old_offset
+ data_len
));
1244 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info
, rpc_in
, 0)) {
1245 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1251 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk
;
1252 char *req_data
= prs_data_p(rpc_in
) + prs_offset(rpc_in
) + 4;
1254 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in
) + 4));
1257 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1260 if(prs_mem_get(rpc_in
, RPC_AUTH_NTLMSSP_CHK_LEN
- 4) == NULL
) {
1261 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1262 RPC_AUTH_NTLMSSP_CHK_LEN
- 4 ));
1266 NTLMSSPcalc_p(p
, (uchar
*)req_data
, RPC_AUTH_NTLMSSP_CHK_LEN
- 4);
1267 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk
, rpc_in
, 0)) {
1268 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1272 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk
, crc32
, p
->ntlmssp_seq_num
)) {
1273 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1279 * Return the current pointer to the data offset.
1282 if(!prs_set_offset(rpc_in
, old_offset
)) {
1283 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1284 (unsigned int)old_offset
));
1291 /****************************************************************************
1292 Deal with schannel processing on an RPC request.
1293 ****************************************************************************/
1294 BOOL
api_pipe_netsec_process(pipes_struct
*p
, prs_struct
*rpc_in
)
1297 * We always negotiate the following two bits....
1302 RPC_HDR_AUTH auth_info
;
1303 RPC_AUTH_NETSEC_CHK netsec_chk
;
1306 auth_len
= p
->hdr
.auth_len
;
1308 if (auth_len
!= RPC_AUTH_NETSEC_CHK_LEN
) {
1309 DEBUG(0,("Incorrect auth_len %d.\n", auth_len
));
1314 * The following is that length of the data we must verify or unseal.
1315 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1316 * preceeding the auth_data.
1319 data_len
= p
->hdr
.frag_len
- RPC_HEADER_LEN
- RPC_HDR_REQ_LEN
-
1320 RPC_HDR_AUTH_LEN
- auth_len
;
1322 DEBUG(5,("data %d auth %d\n", data_len
, auth_len
));
1324 old_offset
= prs_offset(rpc_in
);
1326 if(!prs_set_offset(rpc_in
, old_offset
+ data_len
)) {
1327 DEBUG(0,("cannot move offset to %u.\n",
1328 (unsigned int)old_offset
+ data_len
));
1332 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info
, rpc_in
, 0)) {
1333 DEBUG(0,("failed to unmarshall RPC_HDR_AUTH.\n"));
1337 if ((auth_info
.auth_type
!= NETSEC_AUTH_TYPE
) ||
1338 (auth_info
.auth_level
!= NETSEC_AUTH_LEVEL
)) {
1339 DEBUG(0,("Invalid auth info %d or level %d on schannel\n",
1340 auth_info
.auth_type
, auth_info
.auth_level
));
1344 if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk
, rpc_in
, 0)) {
1345 DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
1349 if (!netsec_decode(&p
->netsec_auth
, &netsec_chk
,
1350 prs_data_p(rpc_in
)+old_offset
, data_len
)) {
1351 DEBUG(0,("failed to decode PDU\n"));
1356 * Return the current pointer to the data offset.
1359 if(!prs_set_offset(rpc_in
, old_offset
)) {
1360 DEBUG(0,("failed to set offset back to %u\n",
1361 (unsigned int)old_offset
));
1365 /* The sequence number gets incremented on both send and receive. */
1366 p
->netsec_auth
.seq_num
++;
1371 /****************************************************************************
1372 Return a user struct for a pipe user.
1373 ****************************************************************************/
1375 struct current_user
*get_current_user(struct current_user
*user
, pipes_struct
*p
)
1377 if (p
->ntlmssp_auth_validated
) {
1378 memcpy(user
, &p
->pipe_user
, sizeof(struct current_user
));
1380 extern struct current_user current_user
;
1381 memcpy(user
, ¤t_user
, sizeof(struct current_user
));
1387 /****************************************************************************
1388 Find the correct RPC function to call for this request.
1389 If the pipe is authenticated then become the correct UNIX user
1390 before doing the call.
1391 ****************************************************************************/
1393 BOOL
api_pipe_request(pipes_struct
*p
)
1398 if (p
->ntlmssp_auth_validated
) {
1400 if(!become_authenticated_pipe_user(p
)) {
1401 prs_mem_free(&p
->out_data
.rdata
);
1406 DEBUG(5, ("Requested \\PIPE\\%s\n", p
->name
));
1408 for (i
= 0; i
< rpc_lookup_size
; i
++) {
1409 if (strequal(rpc_lookup
[i
].pipe
.clnt
, p
->name
)) {
1410 DEBUG(3,("Doing \\PIPE\\%s\n",
1411 rpc_lookup
[i
].pipe
.clnt
));
1412 set_current_rpc_talloc(p
->mem_ctx
);
1413 ret
= api_rpcTNP(p
, rpc_lookup
[i
].pipe
.clnt
,
1415 rpc_lookup
[i
].n_cmds
);
1416 set_current_rpc_talloc(NULL
);
1422 if (i
== rpc_lookup_size
) {
1423 smb_probe_module("rpc", p
->name
);
1425 for (i
= 0; i
< rpc_lookup_size
; i
++) {
1426 if (strequal(rpc_lookup
[i
].pipe
.clnt
, p
->name
)) {
1427 DEBUG(3,("Doing \\PIPE\\%s\n",
1428 rpc_lookup
[i
].pipe
.clnt
));
1429 set_current_rpc_talloc(p
->mem_ctx
);
1430 ret
= api_rpcTNP(p
, rpc_lookup
[i
].pipe
.clnt
,
1432 rpc_lookup
[i
].n_cmds
);
1433 set_current_rpc_talloc(NULL
);
1439 if(p
->ntlmssp_auth_validated
)
1440 unbecome_authenticated_pipe_user();
1445 /*******************************************************************
1446 Calls the underlying RPC function for a named pipe.
1447 ********************************************************************/
1449 BOOL
api_rpcTNP(pipes_struct
*p
, const char *rpc_name
,
1450 const struct api_struct
*api_rpc_cmds
, int n_cmds
)
1454 uint32 offset1
, offset2
;
1456 /* interpret the command */
1457 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name
, p
->hdr_req
.opnum
));
1459 slprintf(name
, sizeof(name
)-1, "in_%s", rpc_name
);
1460 prs_dump(name
, p
->hdr_req
.opnum
, &p
->in_data
.data
);
1462 for (fn_num
= 0; fn_num
< n_cmds
; fn_num
++) {
1463 if (api_rpc_cmds
[fn_num
].opnum
== p
->hdr_req
.opnum
&& api_rpc_cmds
[fn_num
].fn
!= NULL
) {
1464 DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds
[fn_num
].name
));
1469 if (fn_num
== n_cmds
) {
1471 * For an unknown RPC just return a fault PDU but
1472 * return True to allow RPC's on the pipe to continue
1473 * and not put the pipe into fault state. JRA.
1475 DEBUG(4, ("unknown\n"));
1476 setup_fault_pdu(p
, NT_STATUS(0x1c010002));
1480 offset1
= prs_offset(&p
->out_data
.rdata
);
1482 DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1483 fn_num
, api_rpc_cmds
[fn_num
].fn
));
1484 /* do the actual command */
1485 if(!api_rpc_cmds
[fn_num
].fn(p
)) {
1486 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name
, api_rpc_cmds
[fn_num
].name
));
1487 prs_mem_free(&p
->out_data
.rdata
);
1491 if (p
->bad_handle_fault_state
) {
1492 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1493 p
->bad_handle_fault_state
= False
;
1494 setup_fault_pdu(p
, NT_STATUS(0x1C00001A));
1498 slprintf(name
, sizeof(name
)-1, "out_%s", rpc_name
);
1499 offset2
= prs_offset(&p
->out_data
.rdata
);
1500 prs_set_offset(&p
->out_data
.rdata
, offset1
);
1501 prs_dump(name
, p
->hdr_req
.opnum
, &p
->out_data
.rdata
);
1502 prs_set_offset(&p
->out_data
.rdata
, offset2
);
1504 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name
));
1506 /* Check for buffer underflow in rpc parsing */
1508 if ((DEBUGLEVEL
>= 10) &&
1509 (prs_offset(&p
->in_data
.data
) != prs_data_size(&p
->in_data
.data
))) {
1510 size_t data_len
= prs_data_size(&p
->in_data
.data
) - prs_offset(&p
->in_data
.data
);
1513 data
= malloc(data_len
);
1515 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1517 prs_uint8s(False
, "", &p
->in_data
.data
, 0, (unsigned char *)data
, (uint32
)data_len
);