search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
librpc: Shorten dcerpc_binding_handle_call a bit
[Samba/gebeck_regimport.git] / source4 / librpc / rpc / dcerpc_util.c
blob2a0c40566d7cdd5f80b9acca6f7092e0aec0ecf4
1 /*
2 Unix SMB/CIFS implementation.
3
4 dcerpc utility functions
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Jelmer Vernooij 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 Copyright (C) Rafal Szczesniak 2006
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/events/events.h"
27 #include "libcli/composite/composite.h"
28 #include "librpc/gen_ndr/ndr_epmapper_c.h"
29 #include "librpc/gen_ndr/ndr_dcerpc.h"
30 #include "librpc/gen_ndr/ndr_misc.h"
31 #include "librpc/rpc/dcerpc_proto.h"
32 #include "auth/credentials/credentials.h"
33 #include "auth/gensec/gensec.h"
34 #include "param/param.h"
35 #include "librpc/rpc/rpc_common.h"
36
37 /*
38 find a dcerpc call on an interface by name
39 */
40 const struct ndr_interface_call *dcerpc_iface_find_call(const struct ndr_interface_table *iface,
41 const char *name)
42 {
43 int i;
44 for (i=0;i<iface->num_calls;i++) {
45 if (strcmp(iface->calls[i].name, name) == 0) {
46 return &iface->calls[i];
47 }
48 }
49 return NULL;
50 }
51
52 /*
53 push a ncacn_packet into a blob, potentially with auth info
54 */
55 NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
56 struct ncacn_packet *pkt,
57 struct dcerpc_auth *auth_info)
58 {
59 struct ndr_push *ndr;
60 enum ndr_err_code ndr_err;
61
62 ndr = ndr_push_init_ctx(mem_ctx);
63 if (!ndr) {
64 return NT_STATUS_NO_MEMORY;
65 }
66
67 if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
68 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
69 }
70
71 if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
72 ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
73 }
74
75 if (auth_info) {
76 pkt->auth_length = auth_info->credentials.length;
77 } else {
78 pkt->auth_length = 0;
79 }
80
81 ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
82 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
83 return ndr_map_error2ntstatus(ndr_err);
84 }
85
86 if (auth_info) {
87 #if 0
88 /* the s3 rpc server doesn't handle auth padding in
89 bind requests. Use zero auth padding to keep us
90 working with old servers */
91 uint32_t offset = ndr->offset;
92 ndr_err = ndr_push_align(ndr, 16);
93 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
94 return ndr_map_error2ntstatus(ndr_err);
95 }
96 auth_info->auth_pad_length = ndr->offset - offset;
97 #else
98 auth_info->auth_pad_length = 0;
99 #endif
100 ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
101 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
102 return ndr_map_error2ntstatus(ndr_err);
103 }
104 }
105
106 *blob = ndr_push_blob(ndr);
107
108 /* fill in the frag length */
109 dcerpc_set_frag_length(blob, blob->length);
110
111 return NT_STATUS_OK;
112 }
113
114
115 struct epm_map_binding_state {
116 struct dcerpc_binding *binding;
117 const struct ndr_interface_table *table;
118 struct dcerpc_pipe *pipe;
119 struct policy_handle handle;
120 struct GUID guid;
121 struct epm_twr_t twr;
122 struct epm_twr_t *twr_r;
123 uint32_t num_towers;
124 struct epm_Map r;
125 };
126
127
128 static void continue_epm_recv_binding(struct composite_context *ctx);
129 static void continue_epm_map(struct tevent_req *subreq);
130
131
132 /*
133 Stage 2 of epm_map_binding: Receive connected rpc pipe and send endpoint
134 mapping rpc request
135 */
136 static void continue_epm_recv_binding(struct composite_context *ctx)
137 {
138 struct composite_context *c = talloc_get_type(ctx->async.private_data,
139 struct composite_context);
140 struct epm_map_binding_state *s = talloc_get_type(c->private_data,
141 struct epm_map_binding_state);
142 struct tevent_req *subreq;
143
144 /* receive result of rpc pipe connect request */
145 c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
146 if (!composite_is_ok(c)) return;
147
148 /* prepare requested binding parameters */
149 s->binding->object = s->table->syntax_id;
150
151 c->status = dcerpc_binding_build_tower(s->pipe, s->binding, &s->twr.tower);
152 if (!composite_is_ok(c)) return;
153
154 /* with some nice pretty paper around it of course */
155 s->r.in.object = &s->guid;
156 s->r.in.map_tower = &s->twr;
157 s->r.in.entry_handle = &s->handle;
158 s->r.in.max_towers = 1;
159 s->r.out.entry_handle = &s->handle;
160 s->r.out.num_towers = &s->num_towers;
161
162 /* send request for an endpoint mapping - a rpc request on connected pipe */
163 subreq = dcerpc_epm_Map_r_send(s, c->event_ctx,
164 s->pipe->binding_handle,
165 &s->r);
166 if (composite_nomem(subreq, c)) return;
167
168 tevent_req_set_callback(subreq, continue_epm_map, c);
169 }
170
171
172 /*
173 Stage 3 of epm_map_binding: Receive endpoint mapping and provide binding details
174 */
175 static void continue_epm_map(struct tevent_req *subreq)
176 {
177 struct composite_context *c = tevent_req_callback_data(subreq,
178 struct composite_context);
179 struct epm_map_binding_state *s = talloc_get_type(c->private_data,
180 struct epm_map_binding_state);
181
182 /* receive result of a rpc request */
183 c->status = dcerpc_epm_Map_r_recv(subreq, s);
184 TALLOC_FREE(subreq);
185 if (!composite_is_ok(c)) return;
186
187 /* check the details */
188 if (s->r.out.result != 0 || *s->r.out.num_towers != 1) {
189 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
190 return;
191 }
192
193 s->twr_r = s->r.out.towers[0].twr;
194 if (s->twr_r == NULL) {
195 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
196 return;
197 }
198
199 if (s->twr_r->tower.num_floors != s->twr.tower.num_floors ||
200 s->twr_r->tower.floors[3].lhs.protocol != s->twr.tower.floors[3].lhs.protocol) {
201 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
202 return;
203 }
204
205 /* get received endpoint */
206 s->binding->endpoint = talloc_reference(s->binding,
207 dcerpc_floor_get_rhs_data(c, &s->twr_r->tower.floors[3]));
208 if (composite_nomem(s->binding->endpoint, c)) return;
209
210 composite_done(c);
211 }
212
213
214 /*
215 Request for endpoint mapping of dcerpc binding - try to request for endpoint
216 unless there is default one.
217 */
218 struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
219 struct dcerpc_binding *binding,
220 const struct ndr_interface_table *table,
221 struct tevent_context *ev,
222 struct loadparm_context *lp_ctx)
223 {
224 struct composite_context *c;
225 struct epm_map_binding_state *s;
226 struct composite_context *pipe_connect_req;
227 struct cli_credentials *anon_creds;
228
229 NTSTATUS status;
230 struct dcerpc_binding *epmapper_binding;
231 int i;
232
233 if (ev == NULL) {
234 return NULL;
235 }
236
237 /* composite context allocation and setup */
238 c = composite_create(mem_ctx, ev);
239 if (c == NULL) {
240 return NULL;
241 }
242
243 s = talloc_zero(c, struct epm_map_binding_state);
244 if (composite_nomem(s, c)) return c;
245 c->private_data = s;
246
247 s->binding = binding;
248 s->table = table;
249
250 /* anonymous credentials for rpc connection used to get endpoint mapping */
251 anon_creds = cli_credentials_init(mem_ctx);
252 cli_credentials_set_anonymous(anon_creds);
253
254 /*
255 First, check if there is a default endpoint specified in the IDL
256 */
257 if (table != NULL) {
258 struct dcerpc_binding *default_binding;
259
260 /* Find one of the default pipes for this interface */
261 for (i = 0; i < table->endpoints->count; i++) {
262 status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
263
264 if (NT_STATUS_IS_OK(status)) {
265 if (binding->transport == NCA_UNKNOWN)
266 binding->transport = default_binding->transport;
267 if (default_binding->transport == binding->transport &&
268 default_binding->endpoint) {
269 binding->endpoint = talloc_reference(binding, default_binding->endpoint);
270 talloc_free(default_binding);
271
272 composite_done(c);
273 return c;
274
275 } else {
276 talloc_free(default_binding);
277 }
278 }
279 }
280 }
281
282 epmapper_binding = talloc_zero(c, struct dcerpc_binding);
283 if (composite_nomem(epmapper_binding, c)) return c;
284
285 /* basic endpoint mapping data */
286 epmapper_binding->transport = binding->transport;
287 epmapper_binding->host = talloc_reference(epmapper_binding, binding->host);
288 epmapper_binding->target_hostname = epmapper_binding->host;
289 epmapper_binding->options = NULL;
290 epmapper_binding->localaddress = talloc_reference(epmapper_binding, binding->localaddress);
291 epmapper_binding->flags = 0;
292 epmapper_binding->assoc_group_id = 0;
293 epmapper_binding->endpoint = NULL;
294
295 /* initiate rpc pipe connection */
296 pipe_connect_req = dcerpc_pipe_connect_b_send(c, epmapper_binding,
297 &ndr_table_epmapper,
298 anon_creds, c->event_ctx,
299 lp_ctx);
300 if (composite_nomem(pipe_connect_req, c)) return c;
301
302 composite_continue(c, pipe_connect_req, continue_epm_recv_binding, c);
303 return c;
304 }
305
306
307 /*
308 Receive result of endpoint mapping request
309 */
310 NTSTATUS dcerpc_epm_map_binding_recv(struct composite_context *c)
311 {
312 NTSTATUS status = composite_wait(c);
313
314 talloc_free(c);
315 return status;
316 }
317
318
319 /*
320 Get endpoint mapping for rpc connection
321 */
322 _PUBLIC_ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding,
323 const struct ndr_interface_table *table, struct tevent_context *ev,
324 struct loadparm_context *lp_ctx)
325 {
326 struct composite_context *c;
327
328 c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, ev, lp_ctx);
329 return dcerpc_epm_map_binding_recv(c);
330 }
331
332
333 struct pipe_auth_state {
334 struct dcerpc_pipe *pipe;
335 struct dcerpc_binding *binding;
336 const struct ndr_interface_table *table;
337 struct loadparm_context *lp_ctx;
338 struct cli_credentials *credentials;
339 unsigned int logon_retries;
340 };
341
342
343 static void continue_auth_schannel(struct composite_context *ctx);
344 static void continue_auth(struct composite_context *ctx);
345 static void continue_auth_none(struct composite_context *ctx);
346 static void continue_ntlmssp_connection(struct composite_context *ctx);
347 static void continue_spnego_after_wrong_pass(struct composite_context *ctx);
348
349
350 /*
351 Stage 2 of pipe_auth: Receive result of schannel bind request
352 */
353 static void continue_auth_schannel(struct composite_context *ctx)
354 {
355 struct composite_context *c = talloc_get_type(ctx->async.private_data,
356 struct composite_context);
357
358 c->status = dcerpc_bind_auth_schannel_recv(ctx);
359 if (!composite_is_ok(c)) return;
360
361 composite_done(c);
362 }
363
364
365 /*
366 Stage 2 of pipe_auth: Receive result of authenticated bind request
367 */
368 static void continue_auth(struct composite_context *ctx)
369 {
370 struct composite_context *c = talloc_get_type(ctx->async.private_data,
371 struct composite_context);
372
373 c->status = dcerpc_bind_auth_recv(ctx);
374 if (!composite_is_ok(c)) return;
375
376 composite_done(c);
377 }
378 /*
379 Stage 2 of pipe_auth: Receive result of authenticated bind request, but handle fallbacks:
380 SPNEGO -> NTLMSSP
381 */
382 static void continue_auth_auto(struct composite_context *ctx)
383 {
384 struct composite_context *c = talloc_get_type(ctx->async.private_data,
385 struct composite_context);
386 struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state);
387 struct composite_context *sec_conn_req;
388
389 c->status = dcerpc_bind_auth_recv(ctx);
390 if (NT_STATUS_EQUAL(c->status, NT_STATUS_INVALID_PARAMETER)) {
391 /*
392 * Retry with NTLMSSP auth as fallback
393 * send a request for secondary rpc connection
394 */
395 sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
396 s->binding);
397 composite_continue(c, sec_conn_req, continue_ntlmssp_connection, c);
398 return;
399 } else if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE) ||
400 NT_STATUS_EQUAL(c->status, NT_STATUS_UNSUCCESSFUL)) {
401 /*
402 try a second time on any error. We don't just do it
403 on LOGON_FAILURE as some servers will give a
404 NT_STATUS_UNSUCCESSFUL on a authentication error on RPC
405 */
406 const char *principal;
407
408 principal = gensec_get_target_principal(s->pipe->conn->security_state.generic_state);
409 if (principal == NULL) {
410 const char *hostname = gensec_get_target_hostname(s->pipe->conn->security_state.generic_state);
411 const char *service = gensec_get_target_service(s->pipe->conn->security_state.generic_state);
412 if (hostname != NULL && service != NULL) {
413 principal = talloc_asprintf(c, "%s/%s", service, hostname);
414 }
415 }
416
417 if ((cli_credentials_failed_kerberos_login(s->credentials, principal, &s->logon_retries) ||
418 cli_credentials_wrong_password(s->credentials)) &&
419 s->binding->endpoint != NULL) {
420 /*
421 * Retry SPNEGO with a better password
422 * send a request for secondary rpc connection
423 */
424 sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
425 s->binding);
426 composite_continue(c, sec_conn_req, continue_spnego_after_wrong_pass, c);
427 return;
428 }
429 }
430
431 if (!composite_is_ok(c)) return;
432
433 composite_done(c);
434 }
435
436 /*
437 Stage 3 of pipe_auth (fallback to NTLMSSP case): Receive secondary
438 rpc connection (the first one can't be used any more, due to the
439 bind nak) and perform authenticated bind request
440 */
441 static void continue_ntlmssp_connection(struct composite_context *ctx)
442 {
443 struct composite_context *c;
444 struct pipe_auth_state *s;
445 struct composite_context *auth_req;
446 struct dcerpc_pipe *p2;
447 void *pp;
448
449 c = talloc_get_type(ctx->async.private_data, struct composite_context);
450 s = talloc_get_type(c->private_data, struct pipe_auth_state);
451
452 /* receive secondary rpc connection */
453 c->status = dcerpc_secondary_connection_recv(ctx, &p2);
454 if (!composite_is_ok(c)) return;
455
456
457 /* this is a rather strange situation. When
458 we come into the routine, s is a child of s->pipe, and
459 when we created p2 above, it also became a child of
460 s->pipe.
461
462 Now we want p2 to be a parent of s->pipe, and we want s to
463 be a parent of both of them! If we don't do this very
464 carefully we end up creating a talloc loop
465 */
466
467 /* we need the new contexts to hang off the same context
468 that s->pipe is on, but the only way to get that is
469 via talloc_parent() */
470 pp = talloc_parent(s->pipe);
471
472 /* promote s to be at the top */
473 talloc_steal(pp, s);
474
475 /* and put p2 under s */
476 talloc_steal(s, p2);
477
478 /* now put s->pipe under p2 */
479 talloc_steal(p2, s->pipe);
480
481 s->pipe = p2;
482
483 /* initiate a authenticated bind */
484 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
485 s->credentials,
486 lpcfg_gensec_settings(c, s->lp_ctx),
487 DCERPC_AUTH_TYPE_NTLMSSP,
488 dcerpc_auth_level(s->pipe->conn),
489 s->table->authservices->names[0]);
490 composite_continue(c, auth_req, continue_auth, c);
491 }
492
493 /*
494 Stage 3 of pipe_auth (retry on wrong password): Receive secondary
495 rpc connection (the first one can't be used any more, due to the
496 bind nak) and perform authenticated bind request
497 */
498 static void continue_spnego_after_wrong_pass(struct composite_context *ctx)
499 {
500 struct composite_context *c;
501 struct pipe_auth_state *s;
502 struct composite_context *auth_req;
503 struct dcerpc_pipe *p2;
504
505 c = talloc_get_type(ctx->async.private_data, struct composite_context);
506 s = talloc_get_type(c->private_data, struct pipe_auth_state);
507
508 /* receive secondary rpc connection */
509 c->status = dcerpc_secondary_connection_recv(ctx, &p2);
510 if (!composite_is_ok(c)) return;
511
512 talloc_steal(s, p2);
513 talloc_steal(p2, s->pipe);
514 s->pipe = p2;
515
516 /* initiate a authenticated bind */
517 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
518 s->credentials,
519 lpcfg_gensec_settings(c, s->lp_ctx),
520 DCERPC_AUTH_TYPE_SPNEGO,
521 dcerpc_auth_level(s->pipe->conn),
522 s->table->authservices->names[0]);
523 composite_continue(c, auth_req, continue_auth, c);
524 }
525
526
527 /*
528 Stage 2 of pipe_auth: Receive result of non-authenticated bind request
529 */
530 static void continue_auth_none(struct composite_context *ctx)
531 {
532 struct composite_context *c = talloc_get_type(ctx->async.private_data,
533 struct composite_context);
534
535 c->status = dcerpc_bind_auth_none_recv(ctx);
536 if (!composite_is_ok(c)) return;
537
538 composite_done(c);
539 }
540
541
542 /*
543 Request to perform an authenticated bind if required. Authentication
544 is determined using credentials passed and binding flags.
545 */
546 struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
547 struct dcerpc_binding *binding,
548 const struct ndr_interface_table *table,
549 struct cli_credentials *credentials,
550 struct loadparm_context *lp_ctx)
551 {
552 struct composite_context *c;
553 struct pipe_auth_state *s;
554 struct composite_context *auth_schannel_req;
555 struct composite_context *auth_req;
556 struct composite_context *auth_none_req;
557 struct dcecli_connection *conn;
558 uint8_t auth_type;
559
560 /* composite context allocation and setup */
561 c = composite_create(p, p->conn->event_ctx);
562 if (c == NULL) return NULL;
563
564 s = talloc_zero(c, struct pipe_auth_state);
565 if (composite_nomem(s, c)) return c;
566 c->private_data = s;
567
568 /* store parameters in state structure */
569 s->binding = binding;
570 s->table = table;
571 s->credentials = credentials;
572 s->pipe = p;
573 s->lp_ctx = lp_ctx;
574
575 conn = s->pipe->conn;
576 conn->flags = binding->flags;
577
578 if (DEBUGLVL(100)) {
579 conn->flags |= DCERPC_DEBUG_PRINT_BOTH;
580 }
581
582 /* remember the binding string for possible secondary connections */
583 conn->binding_string = dcerpc_binding_string(p, binding);
584
585 if (cli_credentials_is_anonymous(s->credentials)) {
586 auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
587 composite_continue(c, auth_none_req, continue_auth_none, c);
588 return c;
589 }
590
591 if ((binding->flags & DCERPC_SCHANNEL) &&
592 !cli_credentials_get_netlogon_creds(s->credentials)) {
593 /* If we don't already have netlogon credentials for
594 * the schannel bind, then we have to get these
595 * first */
596 auth_schannel_req = dcerpc_bind_auth_schannel_send(c, s->pipe, s->table,
597 s->credentials, s->lp_ctx,
598 dcerpc_auth_level(conn));
599 composite_continue(c, auth_schannel_req, continue_auth_schannel, c);
600 return c;
601 }
602
603 /*
604 * we rely on the already authenticated CIFS connection
605 * if not doing sign or seal
606 */
607 if (conn->transport.transport == NCACN_NP &&
608 !(s->binding->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
609 auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
610 composite_continue(c, auth_none_req, continue_auth_none, c);
611 return c;
612 }
613
614
615 /* Perform an authenticated DCE-RPC bind
616 */
617 if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
618 /*
619 we are doing an authenticated connection,
620 but not using sign or seal. We must force
621 the CONNECT dcerpc auth type as a NONE auth
622 type doesn't allow authentication
623 information to be passed.
624 */
625 conn->flags |= DCERPC_CONNECT;
626 }
627
628 if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
629 auth_type = DCERPC_AUTH_TYPE_SPNEGO;
630
631 } else if (s->binding->flags & DCERPC_AUTH_KRB5) {
632 auth_type = DCERPC_AUTH_TYPE_KRB5;
633
634 } else if (s->binding->flags & DCERPC_SCHANNEL) {
635 auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
636
637 } else if (s->binding->flags & DCERPC_AUTH_NTLM) {
638 auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
639
640 } else {
641 /* try SPNEGO with fallback to NTLMSSP */
642 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
643 s->credentials,
644 lpcfg_gensec_settings(c, s->lp_ctx),
645 DCERPC_AUTH_TYPE_SPNEGO,
646 dcerpc_auth_level(conn),
647 s->table->authservices->names[0]);
648 composite_continue(c, auth_req, continue_auth_auto, c);
649 return c;
650 }
651
652 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
653 s->credentials,
654 lpcfg_gensec_settings(c, s->lp_ctx),
655 auth_type,
656 dcerpc_auth_level(conn),
657 s->table->authservices->names[0]);
658 composite_continue(c, auth_req, continue_auth, c);
659 return c;
660 }
661
662
663 /*
664 Receive result of authenticated bind request on dcerpc pipe
665
666 This returns *p, which may be different to the one originally
667 supllied, as it rebinds to a new pipe due to authentication fallback
668
669 */
670 NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
671 struct dcerpc_pipe **p)
672 {
673 NTSTATUS status;
674
675 struct pipe_auth_state *s = talloc_get_type(c->private_data,
676 struct pipe_auth_state);
677 status = composite_wait(c);
678 if (!NT_STATUS_IS_OK(status)) {
679 char *uuid_str = GUID_string(s->pipe, &s->table->syntax_id.uuid);
680 DEBUG(0, ("Failed to bind to uuid %s for %s %s\n", uuid_str,
681 dcerpc_binding_string(uuid_str, s->binding), nt_errstr(status)));
682 talloc_free(uuid_str);
683 } else {
684 talloc_steal(mem_ctx, s->pipe);
685 *p = s->pipe;
686 }
687
688 talloc_free(c);
689 return status;
690 }
691
692
693 /*
694 Perform an authenticated bind if needed - sync version
695
696 This may change *p, as it rebinds to a new pipe due to authentication fallback
697 */
698 _PUBLIC_ NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
699 struct dcerpc_pipe **p,
700 struct dcerpc_binding *binding,
701 const struct ndr_interface_table *table,
702 struct cli_credentials *credentials,
703 struct loadparm_context *lp_ctx)
704 {
705 struct composite_context *c;
706
707 c = dcerpc_pipe_auth_send(*p, binding, table, credentials, lp_ctx);
708 return dcerpc_pipe_auth_recv(c, mem_ctx, p);
709 }
710
711
712 NTSTATUS dcerpc_generic_session_key(struct dcecli_connection *c,
713 DATA_BLOB *session_key)
714 {
715 /* this took quite a few CPU cycles to find ... */
716 session_key->data = discard_const_p(unsigned char, "SystemLibraryDTC");
717 session_key->length = 16;
718 return NT_STATUS_OK;
719 }
720
721 /*
722 fetch the user session key - may be default (above) or the SMB session key
723
724 The key is always truncated to 16 bytes
725 */
726 _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
727 DATA_BLOB *session_key)
728 {
729 NTSTATUS status;
730 status = p->conn->security_state.session_key(p->conn, session_key);
731 if (!NT_STATUS_IS_OK(status)) {
732 return status;
733 }
734
735 session_key->length = MIN(session_key->length, 16);
736
737 return NT_STATUS_OK;
738 }
739
740
741 /*
742 log a rpc packet in a format suitable for ndrdump. This is especially useful
743 for sealed packets, where ethereal cannot easily see the contents
744
745 this triggers on a debug level of >= 10
746 */
747 _PUBLIC_ void dcerpc_log_packet(const char *lockdir,
748 const struct ndr_interface_table *ndr,
749 uint32_t opnum, uint32_t flags,
750 const DATA_BLOB *pkt)
751 {
752 const int num_examples = 20;
753 int i;
754
755 if (lockdir == NULL) return;
756
757 for (i=0;i<num_examples;i++) {
758 char *name=NULL;
759 asprintf(&name, "%s/rpclog/%s-%u.%d.%s",
760 lockdir, ndr->name, opnum, i,
761 (flags&NDR_IN)?"in":"out");
762 if (name == NULL) {
763 return;
764 }
765 if (!file_exist(name)) {
766 if (file_save(name, pkt->data, pkt->length)) {
767 DEBUG(10,("Logged rpc packet to %s\n", name));
768 }
769 free(name);
770 break;
771 }
772 free(name);
773 }
774 }
775
776
777
778 /*
779 create a secondary context from a primary connection
780
781 this uses dcerpc_alter_context() to create a new dcerpc context_id
782 */
783 _PUBLIC_ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p,
784 struct dcerpc_pipe **pp2,
785 const struct ndr_interface_table *table)
786 {
787 NTSTATUS status;
788 struct dcerpc_pipe *p2;
789
790 p2 = talloc_zero(p, struct dcerpc_pipe);
791 if (p2 == NULL) {
792 return NT_STATUS_NO_MEMORY;
793 }
794 p2->conn = talloc_reference(p2, p->conn);
795 p2->request_timeout = p->request_timeout;
796
797 p2->context_id = ++p->conn->next_context_id;
798
799 p2->syntax = table->syntax_id;
800
801 p2->transfer_syntax = p->transfer_syntax;
802
803 p2->binding = talloc_reference(p2, p->binding);
804
805 p2->binding_handle = dcerpc_pipe_binding_handle(p2);
806 if (p2->binding_handle == NULL) {
807 talloc_free(p2);
808 return NT_STATUS_NO_MEMORY;
809 }
810
811 status = dcerpc_alter_context(p2, p2, &p2->syntax, &p2->transfer_syntax);
812 if (!NT_STATUS_IS_OK(status)) {
813 talloc_free(p2);
814 return status;
815 }
816
817 *pp2 = p2;
818
819 return NT_STATUS_OK;
820 }
reg import