2 Unix SMB/CIFS implementation.
4 dcerpc utility functions
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Jelmer Vernooij 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 Copyright (C) Rafal Szczesniak 2006
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/events/events.h"
27 #include "libcli/composite/composite.h"
28 #include "librpc/gen_ndr/ndr_epmapper_c.h"
29 #include "librpc/gen_ndr/ndr_dcerpc.h"
30 #include "librpc/gen_ndr/ndr_misc.h"
31 #include "librpc/rpc/dcerpc_proto.h"
32 #include "auth/credentials/credentials.h"
33 #include "auth/gensec/gensec.h"
34 #include "param/param.h"
35 #include "librpc/rpc/rpc_common.h"
38 find a dcerpc call on an interface by name
40 const struct ndr_interface_call
*dcerpc_iface_find_call(const struct ndr_interface_table
*iface
,
44 for (i
=0;i
<iface
->num_calls
;i
++) {
45 if (strcmp(iface
->calls
[i
].name
, name
) == 0) {
46 return &iface
->calls
[i
];
53 push a ncacn_packet into a blob, potentially with auth info
55 NTSTATUS
ncacn_push_auth(DATA_BLOB
*blob
, TALLOC_CTX
*mem_ctx
,
56 struct ncacn_packet
*pkt
,
57 struct dcerpc_auth
*auth_info
)
60 enum ndr_err_code ndr_err
;
62 ndr
= ndr_push_init_ctx(mem_ctx
);
64 return NT_STATUS_NO_MEMORY
;
67 if (!(pkt
->drep
[0] & DCERPC_DREP_LE
)) {
68 ndr
->flags
|= LIBNDR_FLAG_BIGENDIAN
;
71 if (pkt
->pfc_flags
& DCERPC_PFC_FLAG_OBJECT_UUID
) {
72 ndr
->flags
|= LIBNDR_FLAG_OBJECT_PRESENT
;
76 pkt
->auth_length
= auth_info
->credentials
.length
;
81 ndr_err
= ndr_push_ncacn_packet(ndr
, NDR_SCALARS
|NDR_BUFFERS
, pkt
);
82 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
83 return ndr_map_error2ntstatus(ndr_err
);
88 /* the s3 rpc server doesn't handle auth padding in
89 bind requests. Use zero auth padding to keep us
90 working with old servers */
91 uint32_t offset
= ndr
->offset
;
92 ndr_err
= ndr_push_align(ndr
, 16);
93 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
94 return ndr_map_error2ntstatus(ndr_err
);
96 auth_info
->auth_pad_length
= ndr
->offset
- offset
;
98 auth_info
->auth_pad_length
= 0;
100 ndr_err
= ndr_push_dcerpc_auth(ndr
, NDR_SCALARS
|NDR_BUFFERS
, auth_info
);
101 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err
)) {
102 return ndr_map_error2ntstatus(ndr_err
);
106 *blob
= ndr_push_blob(ndr
);
108 /* fill in the frag length */
109 dcerpc_set_frag_length(blob
, blob
->length
);
115 struct epm_map_binding_state
{
116 struct dcerpc_binding
*binding
;
117 const struct ndr_interface_table
*table
;
118 struct dcerpc_pipe
*pipe
;
119 struct policy_handle handle
;
121 struct epm_twr_t twr
;
122 struct epm_twr_t
*twr_r
;
128 static void continue_epm_recv_binding(struct composite_context
*ctx
);
129 static void continue_epm_map(struct tevent_req
*subreq
);
133 Stage 2 of epm_map_binding: Receive connected rpc pipe and send endpoint
136 static void continue_epm_recv_binding(struct composite_context
*ctx
)
138 struct composite_context
*c
= talloc_get_type(ctx
->async
.private_data
,
139 struct composite_context
);
140 struct epm_map_binding_state
*s
= talloc_get_type(c
->private_data
,
141 struct epm_map_binding_state
);
142 struct tevent_req
*subreq
;
144 /* receive result of rpc pipe connect request */
145 c
->status
= dcerpc_pipe_connect_b_recv(ctx
, c
, &s
->pipe
);
146 if (!composite_is_ok(c
)) return;
148 /* prepare requested binding parameters */
149 s
->binding
->object
= s
->table
->syntax_id
;
151 c
->status
= dcerpc_binding_build_tower(s
->pipe
, s
->binding
, &s
->twr
.tower
);
152 if (!composite_is_ok(c
)) return;
154 /* with some nice pretty paper around it of course */
155 s
->r
.in
.object
= &s
->guid
;
156 s
->r
.in
.map_tower
= &s
->twr
;
157 s
->r
.in
.entry_handle
= &s
->handle
;
158 s
->r
.in
.max_towers
= 1;
159 s
->r
.out
.entry_handle
= &s
->handle
;
160 s
->r
.out
.num_towers
= &s
->num_towers
;
162 /* send request for an endpoint mapping - a rpc request on connected pipe */
163 subreq
= dcerpc_epm_Map_r_send(s
, c
->event_ctx
,
164 s
->pipe
->binding_handle
,
166 if (composite_nomem(subreq
, c
)) return;
168 tevent_req_set_callback(subreq
, continue_epm_map
, c
);
173 Stage 3 of epm_map_binding: Receive endpoint mapping and provide binding details
175 static void continue_epm_map(struct tevent_req
*subreq
)
177 struct composite_context
*c
= tevent_req_callback_data(subreq
,
178 struct composite_context
);
179 struct epm_map_binding_state
*s
= talloc_get_type(c
->private_data
,
180 struct epm_map_binding_state
);
182 /* receive result of a rpc request */
183 c
->status
= dcerpc_epm_Map_r_recv(subreq
, s
);
185 if (!composite_is_ok(c
)) return;
187 /* check the details */
188 if (s
->r
.out
.result
!= 0 || *s
->r
.out
.num_towers
!= 1) {
189 composite_error(c
, NT_STATUS_PORT_UNREACHABLE
);
193 s
->twr_r
= s
->r
.out
.towers
[0].twr
;
194 if (s
->twr_r
== NULL
) {
195 composite_error(c
, NT_STATUS_PORT_UNREACHABLE
);
199 if (s
->twr_r
->tower
.num_floors
!= s
->twr
.tower
.num_floors
||
200 s
->twr_r
->tower
.floors
[3].lhs
.protocol
!= s
->twr
.tower
.floors
[3].lhs
.protocol
) {
201 composite_error(c
, NT_STATUS_PORT_UNREACHABLE
);
205 /* get received endpoint */
206 s
->binding
->endpoint
= talloc_reference(s
->binding
,
207 dcerpc_floor_get_rhs_data(c
, &s
->twr_r
->tower
.floors
[3]));
208 if (composite_nomem(s
->binding
->endpoint
, c
)) return;
215 Request for endpoint mapping of dcerpc binding - try to request for endpoint
216 unless there is default one.
218 struct composite_context
*dcerpc_epm_map_binding_send(TALLOC_CTX
*mem_ctx
,
219 struct dcerpc_binding
*binding
,
220 const struct ndr_interface_table
*table
,
221 struct tevent_context
*ev
,
222 struct loadparm_context
*lp_ctx
)
224 struct composite_context
*c
;
225 struct epm_map_binding_state
*s
;
226 struct composite_context
*pipe_connect_req
;
227 struct cli_credentials
*anon_creds
;
230 struct dcerpc_binding
*epmapper_binding
;
237 /* composite context allocation and setup */
238 c
= composite_create(mem_ctx
, ev
);
243 s
= talloc_zero(c
, struct epm_map_binding_state
);
244 if (composite_nomem(s
, c
)) return c
;
247 s
->binding
= binding
;
250 /* anonymous credentials for rpc connection used to get endpoint mapping */
251 anon_creds
= cli_credentials_init(mem_ctx
);
252 cli_credentials_set_anonymous(anon_creds
);
255 First, check if there is a default endpoint specified in the IDL
258 struct dcerpc_binding
*default_binding
;
260 /* Find one of the default pipes for this interface */
261 for (i
= 0; i
< table
->endpoints
->count
; i
++) {
262 status
= dcerpc_parse_binding(mem_ctx
, table
->endpoints
->names
[i
], &default_binding
);
264 if (NT_STATUS_IS_OK(status
)) {
265 if (binding
->transport
== NCA_UNKNOWN
)
266 binding
->transport
= default_binding
->transport
;
267 if (default_binding
->transport
== binding
->transport
&&
268 default_binding
->endpoint
) {
269 binding
->endpoint
= talloc_reference(binding
, default_binding
->endpoint
);
270 talloc_free(default_binding
);
276 talloc_free(default_binding
);
282 epmapper_binding
= talloc_zero(c
, struct dcerpc_binding
);
283 if (composite_nomem(epmapper_binding
, c
)) return c
;
285 /* basic endpoint mapping data */
286 epmapper_binding
->transport
= binding
->transport
;
287 epmapper_binding
->host
= talloc_reference(epmapper_binding
, binding
->host
);
288 epmapper_binding
->target_hostname
= epmapper_binding
->host
;
289 epmapper_binding
->options
= NULL
;
290 epmapper_binding
->localaddress
= talloc_reference(epmapper_binding
, binding
->localaddress
);
291 epmapper_binding
->flags
= 0;
292 epmapper_binding
->assoc_group_id
= 0;
293 epmapper_binding
->endpoint
= NULL
;
295 /* initiate rpc pipe connection */
296 pipe_connect_req
= dcerpc_pipe_connect_b_send(c
, epmapper_binding
,
298 anon_creds
, c
->event_ctx
,
300 if (composite_nomem(pipe_connect_req
, c
)) return c
;
302 composite_continue(c
, pipe_connect_req
, continue_epm_recv_binding
, c
);
308 Receive result of endpoint mapping request
310 NTSTATUS
dcerpc_epm_map_binding_recv(struct composite_context
*c
)
312 NTSTATUS status
= composite_wait(c
);
320 Get endpoint mapping for rpc connection
322 _PUBLIC_ NTSTATUS
dcerpc_epm_map_binding(TALLOC_CTX
*mem_ctx
, struct dcerpc_binding
*binding
,
323 const struct ndr_interface_table
*table
, struct tevent_context
*ev
,
324 struct loadparm_context
*lp_ctx
)
326 struct composite_context
*c
;
328 c
= dcerpc_epm_map_binding_send(mem_ctx
, binding
, table
, ev
, lp_ctx
);
329 return dcerpc_epm_map_binding_recv(c
);
333 struct pipe_auth_state
{
334 struct dcerpc_pipe
*pipe
;
335 struct dcerpc_binding
*binding
;
336 const struct ndr_interface_table
*table
;
337 struct loadparm_context
*lp_ctx
;
338 struct cli_credentials
*credentials
;
339 unsigned int logon_retries
;
343 static void continue_auth_schannel(struct composite_context
*ctx
);
344 static void continue_auth(struct composite_context
*ctx
);
345 static void continue_auth_none(struct composite_context
*ctx
);
346 static void continue_ntlmssp_connection(struct composite_context
*ctx
);
347 static void continue_spnego_after_wrong_pass(struct composite_context
*ctx
);
351 Stage 2 of pipe_auth: Receive result of schannel bind request
353 static void continue_auth_schannel(struct composite_context
*ctx
)
355 struct composite_context
*c
= talloc_get_type(ctx
->async
.private_data
,
356 struct composite_context
);
358 c
->status
= dcerpc_bind_auth_schannel_recv(ctx
);
359 if (!composite_is_ok(c
)) return;
366 Stage 2 of pipe_auth: Receive result of authenticated bind request
368 static void continue_auth(struct composite_context
*ctx
)
370 struct composite_context
*c
= talloc_get_type(ctx
->async
.private_data
,
371 struct composite_context
);
373 c
->status
= dcerpc_bind_auth_recv(ctx
);
374 if (!composite_is_ok(c
)) return;
379 Stage 2 of pipe_auth: Receive result of authenticated bind request, but handle fallbacks:
382 static void continue_auth_auto(struct composite_context
*ctx
)
384 struct composite_context
*c
= talloc_get_type(ctx
->async
.private_data
,
385 struct composite_context
);
386 struct pipe_auth_state
*s
= talloc_get_type(c
->private_data
, struct pipe_auth_state
);
387 struct composite_context
*sec_conn_req
;
389 c
->status
= dcerpc_bind_auth_recv(ctx
);
390 if (NT_STATUS_EQUAL(c
->status
, NT_STATUS_INVALID_PARAMETER
)) {
392 * Retry with NTLMSSP auth as fallback
393 * send a request for secondary rpc connection
395 sec_conn_req
= dcerpc_secondary_connection_send(s
->pipe
,
397 composite_continue(c
, sec_conn_req
, continue_ntlmssp_connection
, c
);
399 } else if (NT_STATUS_EQUAL(c
->status
, NT_STATUS_LOGON_FAILURE
) ||
400 NT_STATUS_EQUAL(c
->status
, NT_STATUS_UNSUCCESSFUL
)) {
402 try a second time on any error. We don't just do it
403 on LOGON_FAILURE as some servers will give a
404 NT_STATUS_UNSUCCESSFUL on a authentication error on RPC
406 const char *principal
;
408 principal
= gensec_get_target_principal(s
->pipe
->conn
->security_state
.generic_state
);
409 if (principal
== NULL
) {
410 const char *hostname
= gensec_get_target_hostname(s
->pipe
->conn
->security_state
.generic_state
);
411 const char *service
= gensec_get_target_service(s
->pipe
->conn
->security_state
.generic_state
);
412 if (hostname
!= NULL
&& service
!= NULL
) {
413 principal
= talloc_asprintf(c
, "%s/%s", service
, hostname
);
417 if ((cli_credentials_failed_kerberos_login(s
->credentials
, principal
, &s
->logon_retries
) ||
418 cli_credentials_wrong_password(s
->credentials
)) &&
419 s
->binding
->endpoint
!= NULL
) {
421 * Retry SPNEGO with a better password
422 * send a request for secondary rpc connection
424 sec_conn_req
= dcerpc_secondary_connection_send(s
->pipe
,
426 composite_continue(c
, sec_conn_req
, continue_spnego_after_wrong_pass
, c
);
431 if (!composite_is_ok(c
)) return;
437 Stage 3 of pipe_auth (fallback to NTLMSSP case): Receive secondary
438 rpc connection (the first one can't be used any more, due to the
439 bind nak) and perform authenticated bind request
441 static void continue_ntlmssp_connection(struct composite_context
*ctx
)
443 struct composite_context
*c
;
444 struct pipe_auth_state
*s
;
445 struct composite_context
*auth_req
;
446 struct dcerpc_pipe
*p2
;
449 c
= talloc_get_type(ctx
->async
.private_data
, struct composite_context
);
450 s
= talloc_get_type(c
->private_data
, struct pipe_auth_state
);
452 /* receive secondary rpc connection */
453 c
->status
= dcerpc_secondary_connection_recv(ctx
, &p2
);
454 if (!composite_is_ok(c
)) return;
457 /* this is a rather strange situation. When
458 we come into the routine, s is a child of s->pipe, and
459 when we created p2 above, it also became a child of
462 Now we want p2 to be a parent of s->pipe, and we want s to
463 be a parent of both of them! If we don't do this very
464 carefully we end up creating a talloc loop
467 /* we need the new contexts to hang off the same context
468 that s->pipe is on, but the only way to get that is
469 via talloc_parent() */
470 pp
= talloc_parent(s
->pipe
);
472 /* promote s to be at the top */
475 /* and put p2 under s */
478 /* now put s->pipe under p2 */
479 talloc_steal(p2
, s
->pipe
);
483 /* initiate a authenticated bind */
484 auth_req
= dcerpc_bind_auth_send(c
, s
->pipe
, s
->table
,
486 lpcfg_gensec_settings(c
, s
->lp_ctx
),
487 DCERPC_AUTH_TYPE_NTLMSSP
,
488 dcerpc_auth_level(s
->pipe
->conn
),
489 s
->table
->authservices
->names
[0]);
490 composite_continue(c
, auth_req
, continue_auth
, c
);
494 Stage 3 of pipe_auth (retry on wrong password): Receive secondary
495 rpc connection (the first one can't be used any more, due to the
496 bind nak) and perform authenticated bind request
498 static void continue_spnego_after_wrong_pass(struct composite_context
*ctx
)
500 struct composite_context
*c
;
501 struct pipe_auth_state
*s
;
502 struct composite_context
*auth_req
;
503 struct dcerpc_pipe
*p2
;
505 c
= talloc_get_type(ctx
->async
.private_data
, struct composite_context
);
506 s
= talloc_get_type(c
->private_data
, struct pipe_auth_state
);
508 /* receive secondary rpc connection */
509 c
->status
= dcerpc_secondary_connection_recv(ctx
, &p2
);
510 if (!composite_is_ok(c
)) return;
513 talloc_steal(p2
, s
->pipe
);
516 /* initiate a authenticated bind */
517 auth_req
= dcerpc_bind_auth_send(c
, s
->pipe
, s
->table
,
519 lpcfg_gensec_settings(c
, s
->lp_ctx
),
520 DCERPC_AUTH_TYPE_SPNEGO
,
521 dcerpc_auth_level(s
->pipe
->conn
),
522 s
->table
->authservices
->names
[0]);
523 composite_continue(c
, auth_req
, continue_auth
, c
);
528 Stage 2 of pipe_auth: Receive result of non-authenticated bind request
530 static void continue_auth_none(struct composite_context
*ctx
)
532 struct composite_context
*c
= talloc_get_type(ctx
->async
.private_data
,
533 struct composite_context
);
535 c
->status
= dcerpc_bind_auth_none_recv(ctx
);
536 if (!composite_is_ok(c
)) return;
543 Request to perform an authenticated bind if required. Authentication
544 is determined using credentials passed and binding flags.
546 struct composite_context
*dcerpc_pipe_auth_send(struct dcerpc_pipe
*p
,
547 struct dcerpc_binding
*binding
,
548 const struct ndr_interface_table
*table
,
549 struct cli_credentials
*credentials
,
550 struct loadparm_context
*lp_ctx
)
552 struct composite_context
*c
;
553 struct pipe_auth_state
*s
;
554 struct composite_context
*auth_schannel_req
;
555 struct composite_context
*auth_req
;
556 struct composite_context
*auth_none_req
;
557 struct dcecli_connection
*conn
;
560 /* composite context allocation and setup */
561 c
= composite_create(p
, p
->conn
->event_ctx
);
562 if (c
== NULL
) return NULL
;
564 s
= talloc_zero(c
, struct pipe_auth_state
);
565 if (composite_nomem(s
, c
)) return c
;
568 /* store parameters in state structure */
569 s
->binding
= binding
;
571 s
->credentials
= credentials
;
575 conn
= s
->pipe
->conn
;
576 conn
->flags
= binding
->flags
;
579 conn
->flags
|= DCERPC_DEBUG_PRINT_BOTH
;
582 /* remember the binding string for possible secondary connections */
583 conn
->binding_string
= dcerpc_binding_string(p
, binding
);
585 if (cli_credentials_is_anonymous(s
->credentials
)) {
586 auth_none_req
= dcerpc_bind_auth_none_send(c
, s
->pipe
, s
->table
);
587 composite_continue(c
, auth_none_req
, continue_auth_none
, c
);
591 if ((binding
->flags
& DCERPC_SCHANNEL
) &&
592 !cli_credentials_get_netlogon_creds(s
->credentials
)) {
593 /* If we don't already have netlogon credentials for
594 * the schannel bind, then we have to get these
596 auth_schannel_req
= dcerpc_bind_auth_schannel_send(c
, s
->pipe
, s
->table
,
597 s
->credentials
, s
->lp_ctx
,
598 dcerpc_auth_level(conn
));
599 composite_continue(c
, auth_schannel_req
, continue_auth_schannel
, c
);
604 * we rely on the already authenticated CIFS connection
605 * if not doing sign or seal
607 if (conn
->transport
.transport
== NCACN_NP
&&
608 !(s
->binding
->flags
& (DCERPC_SIGN
|DCERPC_SEAL
))) {
609 auth_none_req
= dcerpc_bind_auth_none_send(c
, s
->pipe
, s
->table
);
610 composite_continue(c
, auth_none_req
, continue_auth_none
, c
);
615 /* Perform an authenticated DCE-RPC bind
617 if (!(conn
->flags
& (DCERPC_SIGN
|DCERPC_SEAL
))) {
619 we are doing an authenticated connection,
620 but not using sign or seal. We must force
621 the CONNECT dcerpc auth type as a NONE auth
622 type doesn't allow authentication
623 information to be passed.
625 conn
->flags
|= DCERPC_CONNECT
;
628 if (s
->binding
->flags
& DCERPC_AUTH_SPNEGO
) {
629 auth_type
= DCERPC_AUTH_TYPE_SPNEGO
;
631 } else if (s
->binding
->flags
& DCERPC_AUTH_KRB5
) {
632 auth_type
= DCERPC_AUTH_TYPE_KRB5
;
634 } else if (s
->binding
->flags
& DCERPC_SCHANNEL
) {
635 auth_type
= DCERPC_AUTH_TYPE_SCHANNEL
;
637 } else if (s
->binding
->flags
& DCERPC_AUTH_NTLM
) {
638 auth_type
= DCERPC_AUTH_TYPE_NTLMSSP
;
641 /* try SPNEGO with fallback to NTLMSSP */
642 auth_req
= dcerpc_bind_auth_send(c
, s
->pipe
, s
->table
,
644 lpcfg_gensec_settings(c
, s
->lp_ctx
),
645 DCERPC_AUTH_TYPE_SPNEGO
,
646 dcerpc_auth_level(conn
),
647 s
->table
->authservices
->names
[0]);
648 composite_continue(c
, auth_req
, continue_auth_auto
, c
);
652 auth_req
= dcerpc_bind_auth_send(c
, s
->pipe
, s
->table
,
654 lpcfg_gensec_settings(c
, s
->lp_ctx
),
656 dcerpc_auth_level(conn
),
657 s
->table
->authservices
->names
[0]);
658 composite_continue(c
, auth_req
, continue_auth
, c
);
664 Receive result of authenticated bind request on dcerpc pipe
666 This returns *p, which may be different to the one originally
667 supllied, as it rebinds to a new pipe due to authentication fallback
670 NTSTATUS
dcerpc_pipe_auth_recv(struct composite_context
*c
, TALLOC_CTX
*mem_ctx
,
671 struct dcerpc_pipe
**p
)
675 struct pipe_auth_state
*s
= talloc_get_type(c
->private_data
,
676 struct pipe_auth_state
);
677 status
= composite_wait(c
);
678 if (!NT_STATUS_IS_OK(status
)) {
679 char *uuid_str
= GUID_string(s
->pipe
, &s
->table
->syntax_id
.uuid
);
680 DEBUG(0, ("Failed to bind to uuid %s for %s %s\n", uuid_str
,
681 dcerpc_binding_string(uuid_str
, s
->binding
), nt_errstr(status
)));
682 talloc_free(uuid_str
);
684 talloc_steal(mem_ctx
, s
->pipe
);
694 Perform an authenticated bind if needed - sync version
696 This may change *p, as it rebinds to a new pipe due to authentication fallback
698 _PUBLIC_ NTSTATUS
dcerpc_pipe_auth(TALLOC_CTX
*mem_ctx
,
699 struct dcerpc_pipe
**p
,
700 struct dcerpc_binding
*binding
,
701 const struct ndr_interface_table
*table
,
702 struct cli_credentials
*credentials
,
703 struct loadparm_context
*lp_ctx
)
705 struct composite_context
*c
;
707 c
= dcerpc_pipe_auth_send(*p
, binding
, table
, credentials
, lp_ctx
);
708 return dcerpc_pipe_auth_recv(c
, mem_ctx
, p
);
712 NTSTATUS
dcerpc_generic_session_key(struct dcecli_connection
*c
,
713 DATA_BLOB
*session_key
)
715 /* this took quite a few CPU cycles to find ... */
716 session_key
->data
= discard_const_p(unsigned char, "SystemLibraryDTC");
717 session_key
->length
= 16;
722 fetch the user session key - may be default (above) or the SMB session key
724 The key is always truncated to 16 bytes
726 _PUBLIC_ NTSTATUS
dcerpc_fetch_session_key(struct dcerpc_pipe
*p
,
727 DATA_BLOB
*session_key
)
730 status
= p
->conn
->security_state
.session_key(p
->conn
, session_key
);
731 if (!NT_STATUS_IS_OK(status
)) {
735 session_key
->length
= MIN(session_key
->length
, 16);
742 log a rpc packet in a format suitable for ndrdump. This is especially useful
743 for sealed packets, where ethereal cannot easily see the contents
745 this triggers on a debug level of >= 10
747 _PUBLIC_
void dcerpc_log_packet(const char *lockdir
,
748 const struct ndr_interface_table
*ndr
,
749 uint32_t opnum
, uint32_t flags
,
750 const DATA_BLOB
*pkt
)
752 const int num_examples
= 20;
755 if (lockdir
== NULL
) return;
757 for (i
=0;i
<num_examples
;i
++) {
759 asprintf(&name
, "%s/rpclog/%s-%u.%d.%s",
760 lockdir
, ndr
->name
, opnum
, i
,
761 (flags
&NDR_IN
)?"in":"out");
765 if (!file_exist(name
)) {
766 if (file_save(name
, pkt
->data
, pkt
->length
)) {
767 DEBUG(10,("Logged rpc packet to %s\n", name
));
779 create a secondary context from a primary connection
781 this uses dcerpc_alter_context() to create a new dcerpc context_id
783 _PUBLIC_ NTSTATUS
dcerpc_secondary_context(struct dcerpc_pipe
*p
,
784 struct dcerpc_pipe
**pp2
,
785 const struct ndr_interface_table
*table
)
788 struct dcerpc_pipe
*p2
;
790 p2
= talloc_zero(p
, struct dcerpc_pipe
);
792 return NT_STATUS_NO_MEMORY
;
794 p2
->conn
= talloc_reference(p2
, p
->conn
);
795 p2
->request_timeout
= p
->request_timeout
;
797 p2
->context_id
= ++p
->conn
->next_context_id
;
799 p2
->syntax
= table
->syntax_id
;
801 p2
->transfer_syntax
= p
->transfer_syntax
;
803 p2
->binding
= talloc_reference(p2
, p
->binding
);
805 p2
->binding_handle
= dcerpc_pipe_binding_handle(p2
);
806 if (p2
->binding_handle
== NULL
) {
808 return NT_STATUS_NO_MEMORY
;
811 status
= dcerpc_alter_context(p2
, p2
, &p2
->syntax
, &p2
->transfer_syntax
);
812 if (!NT_STATUS_IS_OK(status
)) {