search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3-dcerpc: remove auth_data_free_func
[Samba/gebeck_regimport.git] / source3 / rpc_server / srv_pipe.c
blob1e369154af9c9434fdc75c4b9fa6602f64b8fef5
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Almost completely rewritten by (C) Jeremy Allison 2005 - 2010
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 /* this module apparently provides an implementation of DCE/RPC over a
21 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
22 * documentation are available (in on-line form) from the X-Open group.
23 *
24 * this module should provide a level of abstraction between SMB
25 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
26 * data copies, and network traffic.
27 *
28 */
29
30 #include "includes.h"
31 #include "srv_pipe_internal.h"
32 #include "../librpc/gen_ndr/ndr_schannel.h"
33 #include "../libcli/auth/schannel.h"
34 #include "../libcli/auth/spnego.h"
35 #include "dcesrv_ntlmssp.h"
36 #include "dcesrv_gssapi.h"
37 #include "dcesrv_spnego.h"
38 #include "rpc_server.h"
39 #include "rpc_dce.h"
40
41 #undef DBGC_CLASS
42 #define DBGC_CLASS DBGC_RPC_SRV
43
44 /**
45 * Dump everything from the start of the end up of the provided data
46 * into a file, but only at debug level >= 50
47 **/
48 static void dump_pdu_region(const char *name, int v,
49 DATA_BLOB *data, size_t start, size_t end)
50 {
51 int fd, i;
52 char *fname = NULL;
53 ssize_t sz;
54
55 if (DEBUGLEVEL < 50) return;
56
57 if (start > data->length || end > data->length || start > end) return;
58
59 for (i = 1; i < 100; i++) {
60 if (v != -1) {
61 fname = talloc_asprintf(talloc_tos(),
62 "/tmp/%s_%d.%d.prs",
63 name, v, i);
64 } else {
65 fname = talloc_asprintf(talloc_tos(),
66 "/tmp/%s_%d.prs",
67 name, i);
68 }
69 if (!fname) {
70 return;
71 }
72 fd = open(fname, O_WRONLY|O_CREAT|O_EXCL, 0644);
73 if (fd != -1 || errno != EEXIST) break;
74 }
75 if (fd != -1) {
76 sz = write(fd, data->data + start, end - start);
77 i = close(fd);
78 if ((sz != end - start) || (i != 0) ) {
79 DEBUG(0, ("Error writing/closing %s: %ld!=%ld %d\n",
80 fname, (unsigned long)sz,
81 (unsigned long)end - start, i));
82 } else {
83 DEBUG(0,("created %s\n", fname));
84 }
85 }
86 TALLOC_FREE(fname);
87 }
88
89 static DATA_BLOB generic_session_key(void)
90 {
91 return data_blob("SystemLibraryDTC", 16);
92 }
93
94 /*******************************************************************
95 Generate the next PDU to be returned from the data.
96 ********************************************************************/
97
98 static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx,
99 struct pipe_auth_data *auth,
100 uint32_t call_id,
101 DATA_BLOB *rdata,
102 size_t data_sent_length,
103 DATA_BLOB *frag,
104 size_t *pdu_size)
105 {
106 union dcerpc_payload u;
107 uint8_t pfc_flags;
108 size_t data_left;
109 size_t data_to_send;
110 size_t frag_len;
111 size_t pad_len = 0;
112 size_t auth_len = 0;
113 NTSTATUS status;
114
115 ZERO_STRUCT(u.response);
116
117 /* Set up rpc packet pfc flags. */
118 if (data_sent_length == 0) {
119 pfc_flags = DCERPC_PFC_FLAG_FIRST;
120 } else {
121 pfc_flags = 0;
122 }
123
124 /* Work out how much we can fit in a single PDU. */
125 data_left = rdata->length - data_sent_length;
126
127 /* Ensure there really is data left to send. */
128 if (!data_left) {
129 DEBUG(0, ("No data left to send !\n"));
130 return NT_STATUS_BUFFER_TOO_SMALL;
131 }
132
133 status = dcerpc_guess_sizes(auth,
134 DCERPC_RESPONSE_LENGTH,
135 data_left,
136 RPC_MAX_PDU_FRAG_LEN,
137 SERVER_NDR_PADDING_SIZE,
138 &data_to_send, &frag_len,
139 &auth_len, &pad_len);
140 if (!NT_STATUS_IS_OK(status)) {
141 return status;
142 }
143
144 /* Set up the alloc hint. This should be the data left to send. */
145 u.response.alloc_hint = data_left;
146
147 /* Work out if this PDU will be the last. */
148 if (data_sent_length + data_to_send >= rdata->length) {
149 pfc_flags |= DCERPC_PFC_FLAG_LAST;
150 }
151
152 /* Prepare data to be NDR encoded. */
153 u.response.stub_and_verifier =
154 data_blob_const(rdata->data + data_sent_length, data_to_send);
155
156 /* Store the packet in the data stream. */
157 status = dcerpc_push_ncacn_packet(mem_ctx, DCERPC_PKT_RESPONSE,
158 pfc_flags, auth_len, call_id,
159 &u, frag);
160 if (!NT_STATUS_IS_OK(status)) {
161 DEBUG(0, ("Failed to marshall RPC Packet.\n"));
162 return status;
163 }
164
165 if (auth_len) {
166 /* Set the proper length on the pdu, including padding.
167 * Only needed if an auth trailer will be appended. */
168 dcerpc_set_frag_length(frag, frag->length
169 + pad_len
170 + DCERPC_AUTH_TRAILER_LENGTH
171 + auth_len);
172 }
173
174 if (auth_len) {
175 status = dcerpc_add_auth_footer(auth, pad_len, frag);
176 if (!NT_STATUS_IS_OK(status)) {
177 data_blob_free(frag);
178 return status;
179 }
180 }
181
182 *pdu_size = data_to_send;
183 return NT_STATUS_OK;
184 }
185
186 /*******************************************************************
187 Generate the next PDU to be returned from the data in p->rdata.
188 ********************************************************************/
189
190 bool create_next_pdu(struct pipes_struct *p)
191 {
192 size_t pdu_size = 0;
193 NTSTATUS status;
194
195 /*
196 * If we're in the fault state, keep returning fault PDU's until
197 * the pipe gets closed. JRA.
198 */
199 if (p->fault_state) {
200 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
201 return true;
202 }
203
204 status = create_next_packet(p->mem_ctx, &p->auth,
205 p->call_id, &p->out_data.rdata,
206 p->out_data.data_sent_length,
207 &p->out_data.frag, &pdu_size);
208 if (!NT_STATUS_IS_OK(status)) {
209 DEBUG(0, ("Failed to create packet with error %s, "
210 "(auth level %u / type %u)\n",
211 nt_errstr(status),
212 (unsigned int)p->auth.auth_level,
213 (unsigned int)p->auth.auth_type));
214 return false;
215 }
216
217 /* Setup the counts for this PDU. */
218 p->out_data.data_sent_length += pdu_size;
219 p->out_data.current_pdu_sent = 0;
220 return true;
221 }
222
223
224 static bool pipe_init_outgoing_data(struct pipes_struct *p);
225
226 /*******************************************************************
227 Marshall a bind_nak pdu.
228 *******************************************************************/
229
230 static bool setup_bind_nak(struct pipes_struct *p, struct ncacn_packet *pkt)
231 {
232 NTSTATUS status;
233 union dcerpc_payload u;
234
235 /* Free any memory in the current return data buffer. */
236 pipe_init_outgoing_data(p);
237
238 /*
239 * Initialize a bind_nak header.
240 */
241
242 ZERO_STRUCT(u);
243
244 u.bind_nak.reject_reason = 0;
245
246 /*
247 * Marshall directly into the outgoing PDU space. We
248 * must do this as we need to set to the bind response
249 * header and are never sending more than one PDU here.
250 */
251
252 status = dcerpc_push_ncacn_packet(p->mem_ctx,
253 DCERPC_PKT_BIND_NAK,
254 DCERPC_PFC_FLAG_FIRST |
255 DCERPC_PFC_FLAG_LAST,
256 0,
257 pkt->call_id,
258 &u,
259 &p->out_data.frag);
260 if (!NT_STATUS_IS_OK(status)) {
261 return False;
262 }
263
264 p->out_data.data_sent_length = 0;
265 p->out_data.current_pdu_sent = 0;
266
267 TALLOC_FREE(p->auth.auth_ctx);
268 p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
269 p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
270 p->pipe_bound = False;
271
272 return True;
273 }
274
275 /*******************************************************************
276 Marshall a fault pdu.
277 *******************************************************************/
278
279 bool setup_fault_pdu(struct pipes_struct *p, NTSTATUS fault_status)
280 {
281 NTSTATUS status;
282 union dcerpc_payload u;
283
284 /* Free any memory in the current return data buffer. */
285 pipe_init_outgoing_data(p);
286
287 /*
288 * Initialize a fault header.
289 */
290
291 ZERO_STRUCT(u);
292
293 u.fault.status = NT_STATUS_V(fault_status);
294 u.fault._pad = data_blob_talloc_zero(p->mem_ctx, 4);
295
296 /*
297 * Marshall directly into the outgoing PDU space. We
298 * must do this as we need to set to the bind response
299 * header and are never sending more than one PDU here.
300 */
301
302 status = dcerpc_push_ncacn_packet(p->mem_ctx,
303 DCERPC_PKT_FAULT,
304 DCERPC_PFC_FLAG_FIRST |
305 DCERPC_PFC_FLAG_LAST |
306 DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
307 0,
308 p->call_id,
309 &u,
310 &p->out_data.frag);
311 if (!NT_STATUS_IS_OK(status)) {
312 return False;
313 }
314
315 p->out_data.data_sent_length = 0;
316 p->out_data.current_pdu_sent = 0;
317
318 return True;
319 }
320
321 /*******************************************************************
322 Ensure a bind request has the correct abstract & transfer interface.
323 Used to reject unknown binds from Win2k.
324 *******************************************************************/
325
326 static bool check_bind_req(struct pipes_struct *p,
327 struct ndr_syntax_id* abstract,
328 struct ndr_syntax_id* transfer,
329 uint32 context_id)
330 {
331 struct pipe_rpc_fns *context_fns;
332
333 DEBUG(3,("check_bind_req for %s\n",
334 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
335
336 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
337 if (rpc_srv_pipe_exists_by_id(abstract) &&
338 ndr_syntax_id_equal(transfer, &ndr_transfer_syntax)) {
339 DEBUG(3, ("check_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
340 rpc_srv_get_pipe_cli_name(abstract),
341 rpc_srv_get_pipe_srv_name(abstract)));
342 } else {
343 return false;
344 }
345
346 context_fns = SMB_MALLOC_P(struct pipe_rpc_fns);
347 if (context_fns == NULL) {
348 DEBUG(0,("check_bind_req: malloc() failed!\n"));
349 return False;
350 }
351
352 context_fns->next = context_fns->prev = NULL;
353 context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract);
354 context_fns->cmds = rpc_srv_get_pipe_cmds(abstract);
355 context_fns->context_id = context_id;
356
357 /* add to the list of open contexts */
358
359 DLIST_ADD( p->contexts, context_fns );
360
361 return True;
362 }
363
364 /**
365 * Is a named pipe known?
366 * @param[in] cli_filename The pipe name requested by the client
367 * @result Do we want to serve this?
368 */
369 bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
370 {
371 const char *pipename = cli_filename;
372 NTSTATUS status;
373
374 if (strnequal(pipename, "\\PIPE\\", 6)) {
375 pipename += 5;
376 }
377
378 if (*pipename == '\\') {
379 pipename += 1;
380 }
381
382 if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
383 DEBUG(10, ("refusing spoolss access\n"));
384 return false;
385 }
386
387 if (rpc_srv_get_pipe_interface_by_cli_name(pipename, syntax)) {
388 return true;
389 }
390
391 status = smb_probe_module("rpc", pipename);
392 if (!NT_STATUS_IS_OK(status)) {
393 DEBUG(10, ("is_known_pipename: %s unknown\n", cli_filename));
394 return false;
395 }
396 DEBUG(10, ("is_known_pipename: %s loaded dynamically\n", pipename));
397
398 /*
399 * Scan the list again for the interface id
400 */
401 if (rpc_srv_get_pipe_interface_by_cli_name(pipename, syntax)) {
402 return true;
403 }
404
405 DEBUG(10, ("is_known_pipename: pipe %s did not register itself!\n",
406 pipename));
407
408 return false;
409 }
410
411 /*******************************************************************
412 Handle the first part of a SPNEGO bind auth.
413 *******************************************************************/
414
415 static bool pipe_spnego_auth_bind(struct pipes_struct *p,
416 TALLOC_CTX *mem_ctx,
417 struct dcerpc_auth *auth_info,
418 DATA_BLOB *response)
419 {
420 struct spnego_context *spnego_ctx;
421 NTSTATUS status;
422
423 status = spnego_server_auth_start(p,
424 (auth_info->auth_level ==
425 DCERPC_AUTH_LEVEL_INTEGRITY),
426 (auth_info->auth_level ==
427 DCERPC_AUTH_LEVEL_PRIVACY),
428 true,
429 &auth_info->credentials,
430 response,
431 &spnego_ctx);
432 if (!NT_STATUS_IS_OK(status)) {
433 DEBUG(0, ("Failed SPNEGO negotiate (%s)\n",
434 nt_errstr(status)));
435 return false;
436 }
437
438 /* Make sure data is bound to the memctx, to be freed the caller */
439 talloc_steal(mem_ctx, response->data);
440
441 p->auth.auth_ctx = spnego_ctx;
442 p->auth.auth_type = DCERPC_AUTH_TYPE_SPNEGO;
443
444 DEBUG(10, ("SPNEGO auth started\n"));
445
446 return true;
447 }
448
449 /*******************************************************************
450 Handle an schannel bind auth.
451 *******************************************************************/
452
453 static bool pipe_schannel_auth_bind(struct pipes_struct *p,
454 TALLOC_CTX *mem_ctx,
455 struct dcerpc_auth *auth_info,
456 DATA_BLOB *response)
457 {
458 struct NL_AUTH_MESSAGE neg;
459 struct NL_AUTH_MESSAGE reply;
460 bool ret;
461 NTSTATUS status;
462 struct netlogon_creds_CredentialState *creds;
463 DATA_BLOB session_key;
464 enum ndr_err_code ndr_err;
465 struct schannel_state *schannel_auth;
466
467 ndr_err = ndr_pull_struct_blob(
468 &auth_info->credentials, mem_ctx, &neg,
469 (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
470 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
471 DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
472 return false;
473 }
474
475 if (DEBUGLEVEL >= 10) {
476 NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);
477 }
478
479 if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {
480 DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios computer name\n"));
481 return false;
482 }
483
484 /*
485 * The neg.oem_netbios_computer.a key here must match the remote computer name
486 * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
487 * operations that use credentials.
488 */
489
490 become_root();
491 status = schannel_get_creds_state(p, lp_private_dir(),
492 neg.oem_netbios_computer.a, &creds);
493 unbecome_root();
494
495 if (!NT_STATUS_IS_OK(status)) {
496 DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n"));
497 return False;
498 }
499
500 schannel_auth = talloc(p, struct schannel_state);
501 if (!schannel_auth) {
502 TALLOC_FREE(creds);
503 return False;
504 }
505
506 schannel_auth->state = SCHANNEL_STATE_START;
507 schannel_auth->seq_num = 0;
508 schannel_auth->initiator = false;
509 schannel_auth->creds = creds;
510
511 /*
512 * JRA. Should we also copy the schannel session key into the pipe session key p->session_key
513 * here ? We do that for NTLMSSP, but the session key is already set up from the vuser
514 * struct of the person who opened the pipe. I need to test this further. JRA.
515 *
516 * VL. As we are mapping this to guest set the generic key
517 * "SystemLibraryDTC" key here. It's a bit difficult to test against
518 * W2k3, as it does not allow schannel binds against SAMR and LSA
519 * anymore.
520 */
521
522 session_key = generic_session_key();
523 if (session_key.data == NULL) {
524 DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
525 " key\n"));
526 return false;
527 }
528
529 ret = server_info_set_session_key(p->server_info, session_key);
530
531 data_blob_free(&session_key);
532
533 if (!ret) {
534 DEBUG(0, ("server_info_set_session_key failed\n"));
535 return false;
536 }
537
538 /*** SCHANNEL verifier ***/
539
540 reply.MessageType = NL_NEGOTIATE_RESPONSE;
541 reply.Flags = 0;
542 reply.Buffer.dummy = 5; /* ??? actually I don't think
543 * this has any meaning
544 * here - gd */
545
546 ndr_err = ndr_push_struct_blob(response, mem_ctx, &reply,
547 (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
548 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
549 DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
550 return false;
551 }
552
553 if (DEBUGLEVEL >= 10) {
554 NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply);
555 }
556
557 DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n",
558 neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
559
560 /* We're finished with this bind - no more packets. */
561 p->auth.auth_ctx = schannel_auth;
562 p->auth.auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
563
564 p->pipe_bound = True;
565
566 return True;
567 }
568
569 /*******************************************************************
570 Handle an NTLMSSP bind auth.
571 *******************************************************************/
572
573 static bool pipe_ntlmssp_auth_bind(struct pipes_struct *p,
574 TALLOC_CTX *mem_ctx,
575 struct dcerpc_auth *auth_info,
576 DATA_BLOB *response)
577 {
578 struct auth_ntlmssp_state *ntlmssp_state = NULL;
579 NTSTATUS status;
580
581 if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) {
582 DEBUG(0, ("Failed to read NTLMSSP in blob\n"));
583 return false;
584 }
585
586 /* We have an NTLMSSP blob. */
587 status = ntlmssp_server_auth_start(p,
588 (auth_info->auth_level ==
589 DCERPC_AUTH_LEVEL_INTEGRITY),
590 (auth_info->auth_level ==
591 DCERPC_AUTH_LEVEL_PRIVACY),
592 true,
593 &auth_info->credentials,
594 response,
595 &ntlmssp_state);
596 if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) {
597 DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n",
598 nt_errstr(status)));
599 return false;
600 }
601
602 /* Make sure data is bound to the memctx, to be freed the caller */
603 talloc_steal(mem_ctx, response->data);
604
605 p->auth.auth_ctx = ntlmssp_state;
606 p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
607
608 DEBUG(10, (__location__ ": NTLMSSP auth started\n"));
609
610 return true;
611 }
612
613 /*******************************************************************
614 Process an NTLMSSP authentication response.
615 If this function succeeds, the user has been authenticated
616 and their domain, name and calling workstation stored in
617 the pipe struct.
618 *******************************************************************/
619
620 static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
621 struct auth_ntlmssp_state *ntlmssp_ctx,
622 enum dcerpc_AuthLevel auth_level,
623 struct client_address *client_id,
624 struct ndr_syntax_id *syntax,
625 struct auth_serversupplied_info **server_info)
626 {
627 DATA_BLOB session_key;
628 NTSTATUS status;
629 bool ret;
630
631 DEBUG(5, (__location__ ": pipe %s checking user details\n",
632 get_pipe_name_from_syntax(talloc_tos(), syntax)));
633
634 /* Finally - if the pipe negotiated integrity (sign) or privacy (seal)
635 ensure the underlying NTLMSSP flags are also set. If not we should
636 refuse the bind. */
637
638 status = ntlmssp_server_check_flags(ntlmssp_ctx,
639 (auth_level ==
640 DCERPC_AUTH_LEVEL_INTEGRITY),
641 (auth_level ==
642 DCERPC_AUTH_LEVEL_PRIVACY));
643 if (!NT_STATUS_IS_OK(status)) {
644 DEBUG(0, (__location__ ": Client failed to negotatie proper "
645 "security for pipe %s\n",
646 get_pipe_name_from_syntax(talloc_tos(), syntax)));
647 return false;
648 }
649
650 TALLOC_FREE(*server_info);
651
652 status = ntlmssp_server_get_user_info(ntlmssp_ctx,
653 mem_ctx, server_info);
654 if (!NT_STATUS_IS_OK(status)) {
655 DEBUG(0, (__location__ ": failed to obtain the server info "
656 "for authenticated user: %s\n", nt_errstr(status)));
657 return false;
658 }
659
660 if ((*server_info)->ptok == NULL) {
661 DEBUG(1, ("Auth module failed to provide nt_user_token\n"));
662 return false;
663 }
664
665 /*
666 * We're an authenticated bind over smb, so the session key needs to
667 * be set to "SystemLibraryDTC". Weird, but this is what Windows
668 * does. See the RPC-SAMBA3SESSIONKEY.
669 */
670
671 session_key = generic_session_key();
672 if (session_key.data == NULL) {
673 return false;
674 }
675
676 ret = server_info_set_session_key((*server_info), session_key);
677 data_blob_free(&session_key);
678 if (!ret) {
679 DEBUG(0, ("Failed to set session key!\n"));
680 return false;
681 }
682
683 return true;
684 }
685
686 /*******************************************************************
687 Handle a GSSAPI bind auth.
688 *******************************************************************/
689
690 static bool pipe_gssapi_auth_bind(struct pipes_struct *p,
691 TALLOC_CTX *mem_ctx,
692 struct dcerpc_auth *auth_info,
693 DATA_BLOB *response)
694 {
695 NTSTATUS status;
696 struct gse_context *gse_ctx = NULL;
697
698 status = gssapi_server_auth_start(p,
699 (auth_info->auth_level ==
700 DCERPC_AUTH_LEVEL_INTEGRITY),
701 (auth_info->auth_level ==
702 DCERPC_AUTH_LEVEL_PRIVACY),
703 true,
704 &auth_info->credentials,
705 response,
706 &gse_ctx);
707 if (!NT_STATUS_IS_OK(status)) {
708 DEBUG(0, ("Failed to init dcerpc gssapi server (%s)\n",
709 nt_errstr(status)));
710 goto err;
711 }
712
713 /* Make sure data is bound to the memctx, to be freed the caller */
714 talloc_steal(mem_ctx, response->data);
715
716 p->auth.auth_ctx = gse_ctx;
717 p->auth.auth_type = DCERPC_AUTH_TYPE_KRB5;
718
719 DEBUG(10, ("KRB5 auth started\n"));
720
721 return true;
722
723 err:
724 TALLOC_FREE(gse_ctx);
725 return false;
726 }
727
728 static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
729 struct gse_context *gse_ctx,
730 struct client_address *client_id,
731 struct auth_serversupplied_info **server_info)
732 {
733 DATA_BLOB session_key;
734 NTSTATUS status;
735 bool bret;
736
737 /* Finally - if the pipe negotiated integrity (sign) or privacy (seal)
738 ensure the underlying flags are also set. If not we should
739 refuse the bind. */
740
741 status = gssapi_server_check_flags(gse_ctx);
742 if (!NT_STATUS_IS_OK(status)) {
743 DEBUG(0, ("Requested Security Layers not honored!\n"));
744 return status;
745 }
746
747 status = gssapi_server_get_user_info(gse_ctx, mem_ctx,
748 client_id, server_info);
749 if (!NT_STATUS_IS_OK(status)) {
750 DEBUG(0, (__location__ ": failed to obtain the server info "
751 "for authenticated user: %s\n", nt_errstr(status)));
752 return status;
753 }
754
755 if ((*server_info)->ptok == NULL) {
756 status = create_local_token(*server_info);
757 if (!NT_STATUS_IS_OK(status)) {
758 DEBUG(1, ("Failed to create local user token (%s)\n",
759 nt_errstr(status)));
760 status = NT_STATUS_ACCESS_DENIED;
761 return status;
762 }
763 }
764
765 /* TODO: this is what the ntlmssp code does with the session_key, check
766 * it is ok with gssapi too */
767 /*
768 * We're an authenticated bind over smb, so the session key needs to
769 * be set to "SystemLibraryDTC". Weird, but this is what Windows
770 * does. See the RPC-SAMBA3SESSIONKEY.
771 */
772
773 session_key = generic_session_key();
774 if (session_key.data == NULL) {
775 return NT_STATUS_ACCESS_DENIED;
776 }
777
778 bret = server_info_set_session_key((*server_info), session_key);
779 data_blob_free(&session_key);
780 if (!bret) {
781 return NT_STATUS_ACCESS_DENIED;
782 }
783
784 return NT_STATUS_OK;
785 }
786
787 static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
788 {
789 enum spnego_mech auth_type;
790 struct auth_ntlmssp_state *ntlmssp_ctx;
791 struct spnego_context *spnego_ctx;
792 struct gse_context *gse_ctx;
793 void *mech_ctx;
794 NTSTATUS status;
795
796 switch (p->auth.auth_type) {
797 case DCERPC_AUTH_TYPE_NTLMSSP:
798 ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
799 struct auth_ntlmssp_state);
800 if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx,
801 p->auth.auth_level,
802 p->client_id, &p->syntax,
803 &p->server_info)) {
804 return NT_STATUS_ACCESS_DENIED;
805 }
806 break;
807 case DCERPC_AUTH_TYPE_KRB5:
808 gse_ctx = talloc_get_type_abort(p->auth.auth_ctx,
809 struct gse_context);
810 status = pipe_gssapi_verify_final(p, gse_ctx,
811 p->client_id,
812 &p->server_info);
813 if (!NT_STATUS_IS_OK(status)) {
814 DEBUG(1, ("gssapi bind failed with: %s",
815 nt_errstr(status)));
816 return status;
817 }
818 break;
819 case DCERPC_AUTH_TYPE_SPNEGO:
820 spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx,
821 struct spnego_context);
822 status = spnego_get_negotiated_mech(spnego_ctx,
823 &auth_type, &mech_ctx);
824 if (!NT_STATUS_IS_OK(status)) {
825 DEBUG(0, ("Bad SPNEGO state (%s)\n",
826 nt_errstr(status)));
827 return status;
828 }
829 switch(auth_type) {
830 case SPNEGO_KRB5:
831 gse_ctx = talloc_get_type_abort(mech_ctx,
832 struct gse_context);
833 status = pipe_gssapi_verify_final(p, gse_ctx,
834 p->client_id,
835 &p->server_info);
836 if (!NT_STATUS_IS_OK(status)) {
837 DEBUG(1, ("gssapi bind failed with: %s",
838 nt_errstr(status)));
839 return status;
840 }
841 break;
842 case SPNEGO_NTLMSSP:
843 ntlmssp_ctx = talloc_get_type_abort(mech_ctx,
844 struct auth_ntlmssp_state);
845 if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx,
846 p->auth.auth_level,
847 p->client_id,
848 &p->syntax,
849 &p->server_info)) {
850 return NT_STATUS_ACCESS_DENIED;
851 }
852 break;
853 default:
854 DEBUG(0, (__location__ ": incorrect spnego type "
855 "(%d).\n", auth_type));
856 return NT_STATUS_ACCESS_DENIED;
857 }
858 break;
859 default:
860 DEBUG(0, (__location__ ": incorrect auth type (%u).\n",
861 (unsigned int)p->auth.auth_type));
862 return NT_STATUS_ACCESS_DENIED;
863 }
864
865 p->pipe_bound = true;
866
867 return NT_STATUS_OK;
868 }
869
870 /*******************************************************************
871 Respond to a pipe bind request.
872 *******************************************************************/
873
874 static bool api_pipe_bind_req(struct pipes_struct *p,
875 struct ncacn_packet *pkt)
876 {
877 struct dcerpc_auth auth_info;
878 uint16 assoc_gid;
879 unsigned int auth_type = DCERPC_AUTH_TYPE_NONE;
880 NTSTATUS status;
881 struct ndr_syntax_id id;
882 union dcerpc_payload u;
883 struct dcerpc_ack_ctx bind_ack_ctx;
884 DATA_BLOB auth_resp = data_blob_null;
885 DATA_BLOB auth_blob = data_blob_null;
886
887 /* No rebinds on a bound pipe - use alter context. */
888 if (p->pipe_bound) {
889 DEBUG(2,("api_pipe_bind_req: rejecting bind request on bound "
890 "pipe %s.\n",
891 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
892 return setup_bind_nak(p, pkt);
893 }
894
895 if (pkt->u.bind.num_contexts == 0) {
896 DEBUG(0, ("api_pipe_bind_req: no rpc contexts around\n"));
897 goto err_exit;
898 }
899
900 /*
901 * Try and find the correct pipe name to ensure
902 * that this is a pipe name we support.
903 */
904 id = pkt->u.bind.ctx_list[0].abstract_syntax;
905 if (rpc_srv_pipe_exists_by_id(&id)) {
906 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
907 rpc_srv_get_pipe_cli_name(&id),
908 rpc_srv_get_pipe_srv_name(&id)));
909 } else {
910 status = smb_probe_module(
911 "rpc", get_pipe_name_from_syntax(
912 talloc_tos(),
913 &pkt->u.bind.ctx_list[0].abstract_syntax));
914
915 if (NT_STATUS_IS_ERR(status)) {
916 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
917 get_pipe_name_from_syntax(
918 talloc_tos(),
919 &pkt->u.bind.ctx_list[0].abstract_syntax)));
920
921 return setup_bind_nak(p, pkt);
922 }
923
924 if (rpc_srv_get_pipe_interface_by_cli_name(
925 get_pipe_name_from_syntax(talloc_tos(),
926 &p->syntax),
927 &id)) {
928 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
929 rpc_srv_get_pipe_cli_name(&id),
930 rpc_srv_get_pipe_srv_name(&id)));
931 } else {
932 DEBUG(0, ("module %s doesn't provide functions for "
933 "pipe %s!\n",
934 get_pipe_name_from_syntax(talloc_tos(),
935 &p->syntax),
936 get_pipe_name_from_syntax(talloc_tos(),
937 &p->syntax)));
938 return setup_bind_nak(p, pkt);
939 }
940 }
941
942 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
943
944 if (pkt->u.bind.assoc_group_id != 0) {
945 assoc_gid = pkt->u.bind.assoc_group_id;
946 } else {
947 assoc_gid = 0x53f0;
948 }
949
950 /*
951 * Create the bind response struct.
952 */
953
954 /* If the requested abstract synt uuid doesn't match our client pipe,
955 reject the bind_ack & set the transfer interface synt to all 0's,
956 ver 0 (observed when NT5 attempts to bind to abstract interfaces
957 unknown to NT4)
958 Needed when adding entries to a DACL from NT5 - SK */
959
960 if (check_bind_req(p,
961 &pkt->u.bind.ctx_list[0].abstract_syntax,
962 &pkt->u.bind.ctx_list[0].transfer_syntaxes[0],
963 pkt->u.bind.ctx_list[0].context_id)) {
964
965 bind_ack_ctx.result = 0;
966 bind_ack_ctx.reason = 0;
967 bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0];
968 } else {
969 p->pipe_bound = False;
970 /* Rejection reason: abstract syntax not supported */
971 bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT;
972 bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX;
973 bind_ack_ctx.syntax = null_ndr_syntax_id;
974 }
975
976 /*
977 * Check if this is an authenticated bind request.
978 */
979 if (pkt->auth_length) {
980 /* Quick length check. Won't catch a bad auth footer,
981 * prevents overrun. */
982
983 if (pkt->frag_length < RPC_HEADER_LEN +
984 DCERPC_AUTH_TRAILER_LENGTH +
985 pkt->auth_length) {
986 DEBUG(0,("api_pipe_bind_req: auth_len (%u) "
987 "too long for fragment %u.\n",
988 (unsigned int)pkt->auth_length,
989 (unsigned int)pkt->frag_length));
990 goto err_exit;
991 }
992
993 /*
994 * Decode the authentication verifier.
995 */
996 status = dcerpc_pull_dcerpc_auth(pkt,
997 &pkt->u.bind.auth_info,
998 &auth_info, p->endian);
999 if (!NT_STATUS_IS_OK(status)) {
1000 DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n"));
1001 goto err_exit;
1002 }
1003
1004 auth_type = auth_info.auth_type;
1005
1006 /* Work out if we have to sign or seal etc. */
1007 switch (auth_info.auth_level) {
1008 case DCERPC_AUTH_LEVEL_INTEGRITY:
1009 p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
1010 break;
1011 case DCERPC_AUTH_LEVEL_PRIVACY:
1012 p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
1013 break;
1014 default:
1015 DEBUG(0, ("Unexpected auth level (%u).\n",
1016 (unsigned int)auth_info.auth_level ));
1017 goto err_exit;
1018 }
1019
1020 switch (auth_type) {
1021 case DCERPC_AUTH_TYPE_NTLMSSP:
1022 if (!pipe_ntlmssp_auth_bind(p, pkt,
1023 &auth_info, &auth_resp)) {
1024 goto err_exit;
1025 }
1026 assoc_gid = 0x7a77;
1027 break;
1028
1029 case DCERPC_AUTH_TYPE_SCHANNEL:
1030 if (!pipe_schannel_auth_bind(p, pkt,
1031 &auth_info, &auth_resp)) {
1032 goto err_exit;
1033 }
1034 break;
1035
1036 case DCERPC_AUTH_TYPE_SPNEGO:
1037 if (!pipe_spnego_auth_bind(p, pkt,
1038 &auth_info, &auth_resp)) {
1039 goto err_exit;
1040 }
1041 break;
1042
1043 case DCERPC_AUTH_TYPE_KRB5:
1044 if (!pipe_gssapi_auth_bind(p, pkt,
1045 &auth_info, &auth_resp)) {
1046 goto err_exit;
1047 }
1048 break;
1049
1050 case DCERPC_AUTH_TYPE_NONE:
1051 break;
1052
1053 default:
1054 DEBUG(0, ("Unknown auth type %x requested.\n", auth_type));
1055 goto err_exit;
1056 }
1057 }
1058
1059 if (auth_type == DCERPC_AUTH_TYPE_NONE) {
1060 /* Unauthenticated bind request. */
1061 /* We're finished - no more packets. */
1062 p->auth.auth_type = DCERPC_AUTH_TYPE_NONE;
1063 /* We must set the pipe auth_level here also. */
1064 p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
1065 p->pipe_bound = True;
1066 /* The session key was initialized from the SMB
1067 * session in make_internal_rpc_pipe_p */
1068 }
1069
1070 ZERO_STRUCT(u.bind_ack);
1071 u.bind_ack.max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
1072 u.bind_ack.max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
1073 u.bind_ack.assoc_group_id = assoc_gid;
1074
1075 /* name has to be \PIPE\xxxxx */
1076 u.bind_ack.secondary_address =
1077 talloc_asprintf(pkt, "\\PIPE\\%s",
1078 rpc_srv_get_pipe_srv_name(&id));
1079 if (!u.bind_ack.secondary_address) {
1080 DEBUG(0, ("Out of memory!\n"));
1081 goto err_exit;
1082 }
1083 u.bind_ack.secondary_address_size =
1084 strlen(u.bind_ack.secondary_address) + 1;
1085
1086 u.bind_ack.num_results = 1;
1087 u.bind_ack.ctx_list = &bind_ack_ctx;
1088
1089 /* NOTE: We leave the auth_info empty so we can calculate the padding
1090 * later and then append the auth_info --simo */
1091
1092 /*
1093 * Marshall directly into the outgoing PDU space. We
1094 * must do this as we need to set to the bind response
1095 * header and are never sending more than one PDU here.
1096 */
1097
1098 status = dcerpc_push_ncacn_packet(p->mem_ctx,
1099 DCERPC_PKT_BIND_ACK,
1100 DCERPC_PFC_FLAG_FIRST |
1101 DCERPC_PFC_FLAG_LAST,
1102 auth_resp.length,
1103 pkt->call_id,
1104 &u,
1105 &p->out_data.frag);
1106 if (!NT_STATUS_IS_OK(status)) {
1107 DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n",
1108 nt_errstr(status)));
1109 }
1110
1111 if (auth_resp.length) {
1112
1113 status = dcerpc_push_dcerpc_auth(pkt,
1114 auth_type,
1115 auth_info.auth_level,
1116 0,
1117 1, /* auth_context_id */
1118 &auth_resp,
1119 &auth_blob);
1120 if (!NT_STATUS_IS_OK(status)) {
1121 DEBUG(0, ("Marshalling of dcerpc_auth failed.\n"));
1122 goto err_exit;
1123 }
1124 }
1125
1126 /* Now that we have the auth len store it into the right place in
1127 * the dcerpc header */
1128 dcerpc_set_frag_length(&p->out_data.frag,
1129 p->out_data.frag.length + auth_blob.length);
1130
1131 if (auth_blob.length) {
1132
1133 if (!data_blob_append(p->mem_ctx, &p->out_data.frag,
1134 auth_blob.data, auth_blob.length)) {
1135 DEBUG(0, ("Append of auth info failed.\n"));
1136 goto err_exit;
1137 }
1138 }
1139
1140 /*
1141 * Setup the lengths for the initial reply.
1142 */
1143
1144 p->out_data.data_sent_length = 0;
1145 p->out_data.current_pdu_sent = 0;
1146
1147 TALLOC_FREE(auth_blob.data);
1148 return True;
1149
1150 err_exit:
1151
1152 data_blob_free(&p->out_data.frag);
1153 TALLOC_FREE(auth_blob.data);
1154 return setup_bind_nak(p, pkt);
1155 }
1156
1157 /*******************************************************************
1158 This is the "stage3" response after a bind request and reply.
1159 *******************************************************************/
1160
1161 bool api_pipe_bind_auth3(struct pipes_struct *p, struct ncacn_packet *pkt)
1162 {
1163 struct dcerpc_auth auth_info;
1164 DATA_BLOB response = data_blob_null;
1165 struct auth_ntlmssp_state *ntlmssp_ctx;
1166 struct spnego_context *spnego_ctx;
1167 struct gse_context *gse_ctx;
1168 NTSTATUS status;
1169
1170 DEBUG(5, ("api_pipe_bind_auth3: decode request. %d\n", __LINE__));
1171
1172 if (pkt->auth_length == 0) {
1173 DEBUG(0, ("No auth field sent for bind request!\n"));
1174 goto err;
1175 }
1176
1177 /* Ensure there's enough data for an authenticated request. */
1178 if (pkt->frag_length < RPC_HEADER_LEN
1179 + DCERPC_AUTH_TRAILER_LENGTH
1180 + pkt->auth_length) {
1181 DEBUG(0,("api_pipe_ntlmssp_auth_process: auth_len "
1182 "%u is too large.\n",
1183 (unsigned int)pkt->auth_length));
1184 goto err;
1185 }
1186
1187 /*
1188 * Decode the authentication verifier response.
1189 */
1190
1191 status = dcerpc_pull_dcerpc_auth(pkt,
1192 &pkt->u.auth3.auth_info,
1193 &auth_info, p->endian);
1194 if (!NT_STATUS_IS_OK(status)) {
1195 DEBUG(0, ("Failed to unmarshall dcerpc_auth.\n"));
1196 goto err;
1197 }
1198
1199 /* We must NEVER look at auth_info->auth_pad_len here,
1200 * as old Samba client code gets it wrong and sends it
1201 * as zero. JRA.
1202 */
1203
1204 switch (auth_info.auth_type) {
1205 case DCERPC_AUTH_TYPE_NTLMSSP:
1206 ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
1207 struct auth_ntlmssp_state);
1208 status = ntlmssp_server_step(ntlmssp_ctx,
1209 pkt, &auth_info.credentials,
1210 &response);
1211 break;
1212 case DCERPC_AUTH_TYPE_KRB5:
1213 gse_ctx = talloc_get_type_abort(p->auth.auth_ctx,
1214 struct gse_context);
1215 status = gssapi_server_step(gse_ctx,
1216 pkt, &auth_info.credentials,
1217 &response);
1218 break;
1219 case DCERPC_AUTH_TYPE_SPNEGO:
1220 spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx,
1221 struct spnego_context);
1222 status = spnego_server_step(spnego_ctx,
1223 pkt, &auth_info.credentials,
1224 &response);
1225 break;
1226 default:
1227 DEBUG(0, (__location__ ": incorrect auth type (%u).\n",
1228 (unsigned int)auth_info.auth_type));
1229 return false;
1230 }
1231
1232 if (NT_STATUS_EQUAL(status,
1233 NT_STATUS_MORE_PROCESSING_REQUIRED) ||
1234 response.length) {
1235 DEBUG(0, (__location__ ": This was supposed to be the final "
1236 "leg, but crypto machinery claims a response is "
1237 "needed, aborting auth!\n"));
1238 data_blob_free(&response);
1239 goto err;
1240 }
1241 if (!NT_STATUS_IS_OK(status)) {
1242 DEBUG(0, ("Auth failed (%s)\n", nt_errstr(status)));
1243 goto err;
1244 }
1245
1246 /* Now verify auth was indeed successful and extract server info */
1247 status = pipe_auth_verify_final(p);
1248 if (!NT_STATUS_IS_OK(status)) {
1249 DEBUG(0, ("Auth Verify failed (%s)\n", nt_errstr(status)));
1250 goto err;
1251 }
1252
1253 return true;
1254
1255 err:
1256
1257 TALLOC_FREE(p->auth.auth_ctx);
1258 return false;
1259 }
1260
1261 /****************************************************************************
1262 Deal with an alter context call. Can be third part of 3 leg auth request for
1263 SPNEGO calls.
1264 ****************************************************************************/
1265
1266 static bool api_pipe_alter_context(struct pipes_struct *p,
1267 struct ncacn_packet *pkt)
1268 {
1269 struct dcerpc_auth auth_info;
1270 uint16 assoc_gid;
1271 NTSTATUS status;
1272 union dcerpc_payload u;
1273 struct dcerpc_ack_ctx bind_ack_ctx;
1274 DATA_BLOB auth_resp = data_blob_null;
1275 DATA_BLOB auth_blob = data_blob_null;
1276 int pad_len = 0;
1277 struct auth_ntlmssp_state *ntlmssp_ctx;
1278 struct spnego_context *spnego_ctx;
1279 struct gse_context *gse_ctx;
1280
1281 DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__));
1282
1283 if (pkt->u.bind.assoc_group_id != 0) {
1284 assoc_gid = pkt->u.bind.assoc_group_id;
1285 } else {
1286 assoc_gid = 0x53f0;
1287 }
1288
1289 /*
1290 * Create the bind response struct.
1291 */
1292
1293 /* If the requested abstract synt uuid doesn't match our client pipe,
1294 reject the bind_ack & set the transfer interface synt to all 0's,
1295 ver 0 (observed when NT5 attempts to bind to abstract interfaces
1296 unknown to NT4)
1297 Needed when adding entries to a DACL from NT5 - SK */
1298
1299 if (check_bind_req(p,
1300 &pkt->u.bind.ctx_list[0].abstract_syntax,
1301 &pkt->u.bind.ctx_list[0].transfer_syntaxes[0],
1302 pkt->u.bind.ctx_list[0].context_id)) {
1303
1304 bind_ack_ctx.result = 0;
1305 bind_ack_ctx.reason = 0;
1306 bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0];
1307 } else {
1308 p->pipe_bound = False;
1309 /* Rejection reason: abstract syntax not supported */
1310 bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT;
1311 bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX;
1312 bind_ack_ctx.syntax = null_ndr_syntax_id;
1313 }
1314
1315 /*
1316 * Check if this is an authenticated alter context request.
1317 */
1318 if (pkt->auth_length) {
1319 /* Quick length check. Won't catch a bad auth footer,
1320 * prevents overrun. */
1321
1322 if (pkt->frag_length < RPC_HEADER_LEN +
1323 DCERPC_AUTH_TRAILER_LENGTH +
1324 pkt->auth_length) {
1325 DEBUG(0,("api_pipe_alter_context: auth_len (%u) "
1326 "too long for fragment %u.\n",
1327 (unsigned int)pkt->auth_length,
1328 (unsigned int)pkt->frag_length ));
1329 goto err_exit;
1330 }
1331
1332 status = dcerpc_pull_dcerpc_auth(pkt,
1333 &pkt->u.bind.auth_info,
1334 &auth_info, p->endian);
1335 if (!NT_STATUS_IS_OK(status)) {
1336 DEBUG(0, ("Unable to unmarshall dcerpc_auth.\n"));
1337 goto err_exit;
1338 }
1339
1340 /* We can only finish if the pipe is unbound for now */
1341 if (p->pipe_bound) {
1342 DEBUG(0, (__location__ ": Pipe already bound, "
1343 "Altering Context not yet supported!\n"));
1344 goto err_exit;
1345 }
1346
1347 switch (auth_info.auth_type) {
1348 case DCERPC_AUTH_TYPE_SPNEGO:
1349 spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx,
1350 struct spnego_context);
1351 status = spnego_server_step(spnego_ctx,
1352 pkt,
1353 &auth_info.credentials,
1354 &auth_resp);
1355 break;
1356
1357 case DCERPC_AUTH_TYPE_KRB5:
1358 gse_ctx = talloc_get_type_abort(p->auth.auth_ctx,
1359 struct gse_context);
1360 status = gssapi_server_step(gse_ctx,
1361 pkt,
1362 &auth_info.credentials,
1363 &auth_resp);
1364 break;
1365 case DCERPC_AUTH_TYPE_NTLMSSP:
1366 ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx,
1367 struct auth_ntlmssp_state);
1368 status = ntlmssp_server_step(ntlmssp_ctx,
1369 pkt,
1370 &auth_info.credentials,
1371 &auth_resp);
1372 break;
1373
1374 default:
1375 DEBUG(3, (__location__ ": Usupported auth type (%d) "
1376 "in alter-context call\n",
1377 auth_info.auth_type));
1378 goto err_exit;
1379 }
1380
1381 if (NT_STATUS_IS_OK(status)) {
1382 /* third leg of auth, verify auth info */
1383 status = pipe_auth_verify_final(p);
1384 if (!NT_STATUS_IS_OK(status)) {
1385 DEBUG(0, ("Auth Verify failed (%s)\n",
1386 nt_errstr(status)));
1387 goto err_exit;
1388 }
1389 } else if (NT_STATUS_EQUAL(status,
1390 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1391 DEBUG(10, ("More auth legs required.\n"));
1392 } else {
1393 DEBUG(0, ("Auth step returned an error (%s)\n",
1394 nt_errstr(status)));
1395 goto err_exit;
1396 }
1397 }
1398
1399 ZERO_STRUCT(u.alter_resp);
1400 u.alter_resp.max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
1401 u.alter_resp.max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
1402 u.alter_resp.assoc_group_id = assoc_gid;
1403
1404 /* secondary address CAN be NULL
1405 * as the specs say it's ignored.
1406 * It MUST be NULL to have the spoolss working.
1407 */
1408 u.alter_resp.secondary_address = "";
1409 u.alter_resp.secondary_address_size = 1;
1410
1411 u.alter_resp.num_results = 1;
1412 u.alter_resp.ctx_list = &bind_ack_ctx;
1413
1414 /* NOTE: We leave the auth_info empty so we can calculate the padding
1415 * later and then append the auth_info --simo */
1416
1417 /*
1418 * Marshall directly into the outgoing PDU space. We
1419 * must do this as we need to set to the bind response
1420 * header and are never sending more than one PDU here.
1421 */
1422
1423 status = dcerpc_push_ncacn_packet(p->mem_ctx,
1424 DCERPC_PKT_ALTER_RESP,
1425 DCERPC_PFC_FLAG_FIRST |
1426 DCERPC_PFC_FLAG_LAST,
1427 auth_resp.length,
1428 pkt->call_id,
1429 &u,
1430 &p->out_data.frag);
1431 if (!NT_STATUS_IS_OK(status)) {
1432 DEBUG(0, ("Failed to marshall bind_ack packet. (%s)\n",
1433 nt_errstr(status)));
1434 }
1435
1436 if (auth_resp.length) {
1437
1438 /* Work out any padding needed before the auth footer. */
1439 pad_len = p->out_data.frag.length % SERVER_NDR_PADDING_SIZE;
1440 if (pad_len) {
1441 pad_len = SERVER_NDR_PADDING_SIZE - pad_len;
1442 DEBUG(10, ("auth pad_len = %u\n",
1443 (unsigned int)pad_len));
1444 }
1445
1446 status = dcerpc_push_dcerpc_auth(pkt,
1447 auth_info.auth_type,
1448 auth_info.auth_level,
1449 pad_len,
1450 1, /* auth_context_id */
1451 &auth_resp,
1452 &auth_blob);
1453 if (!NT_STATUS_IS_OK(status)) {
1454 DEBUG(0, ("Marshalling of dcerpc_auth failed.\n"));
1455 goto err_exit;
1456 }
1457 }
1458
1459 /* Now that we have the auth len store it into the right place in
1460 * the dcerpc header */
1461 dcerpc_set_frag_length(&p->out_data.frag,
1462 p->out_data.frag.length +
1463 pad_len + auth_blob.length);
1464
1465 if (auth_resp.length) {
1466 if (pad_len) {
1467 char pad[SERVER_NDR_PADDING_SIZE];
1468 memset(pad, '\0', SERVER_NDR_PADDING_SIZE);
1469 if (!data_blob_append(p->mem_ctx,
1470 &p->out_data.frag,
1471 pad, pad_len)) {
1472 DEBUG(0, ("api_pipe_bind_req: failed to add "
1473 "%u bytes of pad data.\n",
1474 (unsigned int)pad_len));
1475 goto err_exit;
1476 }
1477 }
1478
1479 if (!data_blob_append(p->mem_ctx, &p->out_data.frag,
1480 auth_blob.data, auth_blob.length)) {
1481 DEBUG(0, ("Append of auth info failed.\n"));
1482 goto err_exit;
1483 }
1484 }
1485
1486 /*
1487 * Setup the lengths for the initial reply.
1488 */
1489
1490 p->out_data.data_sent_length = 0;
1491 p->out_data.current_pdu_sent = 0;
1492
1493 TALLOC_FREE(auth_blob.data);
1494 return True;
1495
1496 err_exit:
1497
1498 data_blob_free(&p->out_data.frag);
1499 TALLOC_FREE(auth_blob.data);
1500 return setup_bind_nak(p, pkt);
1501 }
1502
1503 /****************************************************************************
1504 Find the set of RPC functions associated with this context_id
1505 ****************************************************************************/
1506
1507 static PIPE_RPC_FNS* find_pipe_fns_by_context( PIPE_RPC_FNS *list, uint32 context_id )
1508 {
1509 PIPE_RPC_FNS *fns = NULL;
1510
1511 if ( !list ) {
1512 DEBUG(0,("find_pipe_fns_by_context: ERROR! No context list for pipe!\n"));
1513 return NULL;
1514 }
1515
1516 for (fns=list; fns; fns=fns->next ) {
1517 if ( fns->context_id == context_id )
1518 return fns;
1519 }
1520 return NULL;
1521 }
1522
1523 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
1524 const struct api_struct *api_rpc_cmds, int n_cmds);
1525
1526 /****************************************************************************
1527 Find the correct RPC function to call for this request.
1528 If the pipe is authenticated then become the correct UNIX user
1529 before doing the call.
1530 ****************************************************************************/
1531
1532 static bool api_pipe_request(struct pipes_struct *p,
1533 struct ncacn_packet *pkt)
1534 {
1535 bool ret = False;
1536 bool changed_user = False;
1537 PIPE_RPC_FNS *pipe_fns;
1538
1539 if (p->pipe_bound &&
1540 ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
1541 (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
1542 (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
1543 if(!become_authenticated_pipe_user(p)) {
1544 data_blob_free(&p->out_data.rdata);
1545 return False;
1546 }
1547 changed_user = True;
1548 }
1549
1550 DEBUG(5, ("Requested \\PIPE\\%s\n",
1551 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
1552
1553 /* get the set of RPC functions for this context */
1554
1555 pipe_fns = find_pipe_fns_by_context(p->contexts,
1556 pkt->u.request.context_id);
1557
1558 if ( pipe_fns ) {
1559 TALLOC_CTX *frame = talloc_stackframe();
1560 ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds);
1561 TALLOC_FREE(frame);
1562 }
1563 else {
1564 DEBUG(0, ("No rpc function table associated with context "
1565 "[%d] on pipe [%s]\n",
1566 pkt->u.request.context_id,
1567 get_pipe_name_from_syntax(talloc_tos(),
1568 &p->syntax)));
1569 }
1570
1571 if (changed_user) {
1572 unbecome_authenticated_pipe_user();
1573 }
1574
1575 return ret;
1576 }
1577
1578 /*******************************************************************
1579 Calls the underlying RPC function for a named pipe.
1580 ********************************************************************/
1581
1582 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
1583 const struct api_struct *api_rpc_cmds, int n_cmds)
1584 {
1585 int fn_num;
1586 uint32_t offset1;
1587
1588 /* interpret the command */
1589 DEBUG(4,("api_rpcTNP: %s op 0x%x - ",
1590 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
1591 pkt->u.request.opnum));
1592
1593 if (DEBUGLEVEL >= 50) {
1594 fstring name;
1595 slprintf(name, sizeof(name)-1, "in_%s",
1596 get_pipe_name_from_syntax(talloc_tos(), &p->syntax));
1597 dump_pdu_region(name, pkt->u.request.opnum,
1598 &p->in_data.data, 0,
1599 p->in_data.data.length);
1600 }
1601
1602 for (fn_num = 0; fn_num < n_cmds; fn_num++) {
1603 if (api_rpc_cmds[fn_num].opnum == pkt->u.request.opnum &&
1604 api_rpc_cmds[fn_num].fn != NULL) {
1605 DEBUG(3, ("api_rpcTNP: rpc command: %s\n",
1606 api_rpc_cmds[fn_num].name));
1607 break;
1608 }
1609 }
1610
1611 if (fn_num == n_cmds) {
1612 /*
1613 * For an unknown RPC just return a fault PDU but
1614 * return True to allow RPC's on the pipe to continue
1615 * and not put the pipe into fault state. JRA.
1616 */
1617 DEBUG(4, ("unknown\n"));
1618 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
1619 return True;
1620 }
1621
1622 offset1 = p->out_data.rdata.length;
1623
1624 DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1625 fn_num, api_rpc_cmds[fn_num].fn));
1626 /* do the actual command */
1627 if(!api_rpc_cmds[fn_num].fn(p)) {
1628 DEBUG(0,("api_rpcTNP: %s: %s failed.\n",
1629 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
1630 api_rpc_cmds[fn_num].name));
1631 data_blob_free(&p->out_data.rdata);
1632 return False;
1633 }
1634
1635 if (p->bad_handle_fault_state) {
1636 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1637 p->bad_handle_fault_state = False;
1638 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_CONTEXT_MISMATCH));
1639 return True;
1640 }
1641
1642 if (p->rng_fault_state) {
1643 DEBUG(4, ("api_rpcTNP: rng fault return\n"));
1644 p->rng_fault_state = False;
1645 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
1646 return True;
1647 }
1648
1649 if (DEBUGLEVEL >= 50) {
1650 fstring name;
1651 slprintf(name, sizeof(name)-1, "out_%s",
1652 get_pipe_name_from_syntax(talloc_tos(), &p->syntax));
1653 dump_pdu_region(name, pkt->u.request.opnum,
1654 &p->out_data.rdata, offset1,
1655 p->out_data.rdata.length);
1656 }
1657
1658 DEBUG(5,("api_rpcTNP: called %s successfully\n",
1659 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
1660
1661 /* Check for buffer underflow in rpc parsing */
1662 if ((DEBUGLEVEL >= 10) &&
1663 (pkt->frag_length < p->in_data.data.length)) {
1664 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1665 dump_data(10, p->in_data.data.data + pkt->frag_length,
1666 p->in_data.data.length - pkt->frag_length);
1667 }
1668
1669 return True;
1670 }
1671
1672 /****************************************************************************
1673 Initialise an outgoing packet.
1674 ****************************************************************************/
1675
1676 static bool pipe_init_outgoing_data(struct pipes_struct *p)
1677 {
1678 output_data *o_data = &p->out_data;
1679
1680 /* Reset the offset counters. */
1681 o_data->data_sent_length = 0;
1682 o_data->current_pdu_sent = 0;
1683
1684 data_blob_free(&o_data->frag);
1685
1686 /* Free any memory in the current return data buffer. */
1687 data_blob_free(&o_data->rdata);
1688
1689 return True;
1690 }
1691
1692 /****************************************************************************
1693 Sets the fault state on incoming packets.
1694 ****************************************************************************/
1695
1696 void set_incoming_fault(struct pipes_struct *p)
1697 {
1698 data_blob_free(&p->in_data.data);
1699 p->in_data.pdu_needed_len = 0;
1700 p->in_data.pdu.length = 0;
1701 p->fault_state = True;
1702 DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
1703 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
1704 }
1705
1706 static NTSTATUS dcesrv_auth_request(struct pipe_auth_data *auth,
1707 struct ncacn_packet *pkt,
1708 DATA_BLOB *raw_pkt)
1709 {
1710 NTSTATUS status;
1711 size_t hdr_size = DCERPC_REQUEST_LENGTH;
1712 size_t pad_len;
1713
1714 DEBUG(10, ("Checking request auth.\n"));
1715
1716 if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
1717 hdr_size += 16;
1718 }
1719
1720 /* in case of sealing this function will unseal the data in place */
1721 status = dcerpc_check_auth(auth, pkt,
1722 &pkt->u.request.stub_and_verifier,
1723 hdr_size, raw_pkt,
1724 &pad_len);
1725 if (!NT_STATUS_IS_OK(status)) {
1726 return status;
1727 }
1728
1729
1730 /* remove padding and auth trailer,
1731 * this way the caller will get just the data */
1732 if (pkt->auth_length) {
1733 size_t trail_len = pad_len
1734 + DCERPC_AUTH_TRAILER_LENGTH
1735 + pkt->auth_length;
1736 if (pkt->u.request.stub_and_verifier.length < trail_len) {
1737 return NT_STATUS_INFO_LENGTH_MISMATCH;
1738 }
1739 pkt->u.request.stub_and_verifier.length -= trail_len;
1740 }
1741
1742 return NT_STATUS_OK;
1743 }
1744
1745 /****************************************************************************
1746 Processes a request pdu. This will do auth processing if needed, and
1747 appends the data into the complete stream if the LAST flag is not set.
1748 ****************************************************************************/
1749
1750 static bool process_request_pdu(struct pipes_struct *p, struct ncacn_packet *pkt)
1751 {
1752 NTSTATUS status;
1753 DATA_BLOB data;
1754
1755 if (!p->pipe_bound) {
1756 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
1757 set_incoming_fault(p);
1758 return False;
1759 }
1760
1761 /* Store the opnum */
1762 p->opnum = pkt->u.request.opnum;
1763
1764 status = dcesrv_auth_request(&p->auth, pkt, &p->in_data.pdu);
1765 if (!NT_STATUS_IS_OK(status)) {
1766 DEBUG(0, ("Failed to check packet auth. (%s)\n",
1767 nt_errstr(status)));
1768 set_incoming_fault(p);
1769 return false;
1770 }
1771
1772 data = pkt->u.request.stub_and_verifier;
1773
1774 /*
1775 * Check the data length doesn't go over the 15Mb limit.
1776 * increased after observing a bug in the Windows NT 4.0 SP6a
1777 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
1778 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
1779 */
1780
1781 if (p->in_data.data.length + data.length > MAX_RPC_DATA_SIZE) {
1782 DEBUG(0, ("process_request_pdu: "
1783 "rpc data buffer too large (%u) + (%u)\n",
1784 (unsigned int)p->in_data.data.length,
1785 (unsigned int)data.length));
1786 set_incoming_fault(p);
1787 return False;
1788 }
1789
1790 /*
1791 * Append the data portion into the buffer and return.
1792 */
1793
1794 if (data.length) {
1795 if (!data_blob_append(p->mem_ctx, &p->in_data.data,
1796 data.data, data.length)) {
1797 DEBUG(0, ("Unable to append data size %u "
1798 "to parse buffer of size %u.\n",
1799 (unsigned int)data.length,
1800 (unsigned int)p->in_data.data.length));
1801 set_incoming_fault(p);
1802 return False;
1803 }
1804 }
1805
1806 if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
1807 bool ret = False;
1808 /*
1809 * Ok - we finally have a complete RPC stream.
1810 * Call the rpc command to process it.
1811 */
1812
1813 /*
1814 * Process the complete data stream here.
1815 */
1816 if (pipe_init_outgoing_data(p)) {
1817 ret = api_pipe_request(p, pkt);
1818 }
1819
1820 return ret;
1821 }
1822
1823 return True;
1824 }
1825
1826 /****************************************************************************
1827 Processes a finished PDU stored in p->in_data.pdu.
1828 ****************************************************************************/
1829
1830 void process_complete_pdu(struct pipes_struct *p)
1831 {
1832 struct ncacn_packet *pkt = NULL;
1833 NTSTATUS status;
1834 bool reply = False;
1835
1836 if(p->fault_state) {
1837 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
1838 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
1839 goto done;
1840 }
1841
1842 pkt = talloc(p->mem_ctx, struct ncacn_packet);
1843 if (!pkt) {
1844 DEBUG(0, ("Out of memory!\n"));
1845 goto done;
1846 }
1847
1848 /*
1849 * Ensure we're using the corrent endianness for both the
1850 * RPC header flags and the raw data we will be reading from.
1851 */
1852 if (dcerpc_get_endian_flag(&p->in_data.pdu) & DCERPC_DREP_LE) {
1853 p->endian = RPC_LITTLE_ENDIAN;
1854 } else {
1855 p->endian = RPC_BIG_ENDIAN;
1856 }
1857 DEBUG(10, ("PDU is in %s Endian format!\n", p->endian?"Big":"Little"));
1858
1859 status = dcerpc_pull_ncacn_packet(pkt, &p->in_data.pdu,
1860 pkt, p->endian);
1861 if (!NT_STATUS_IS_OK(status)) {
1862 DEBUG(0, ("Failed to unmarshal rpc packet: %s!\n",
1863 nt_errstr(status)));
1864 goto done;
1865 }
1866
1867 /* Store the call_id */
1868 p->call_id = pkt->call_id;
1869
1870 DEBUG(10, ("Processing packet type %d\n", (int)pkt->ptype));
1871
1872 switch (pkt->ptype) {
1873 case DCERPC_PKT_REQUEST:
1874 reply = process_request_pdu(p, pkt);
1875 break;
1876
1877 case DCERPC_PKT_PING: /* CL request - ignore... */
1878 DEBUG(0, ("process_complete_pdu: Error. "
1879 "Connectionless packet type %d received on "
1880 "pipe %s.\n", (int)pkt->ptype,
1881 get_pipe_name_from_syntax(talloc_tos(),
1882 &p->syntax)));
1883 break;
1884
1885 case DCERPC_PKT_RESPONSE: /* No responses here. */
1886 DEBUG(0, ("process_complete_pdu: Error. "
1887 "DCERPC_PKT_RESPONSE received from client "
1888 "on pipe %s.\n",
1889 get_pipe_name_from_syntax(talloc_tos(),
1890 &p->syntax)));
1891 break;
1892
1893 case DCERPC_PKT_FAULT:
1894 case DCERPC_PKT_WORKING:
1895 /* CL request - reply to a ping when a call in process. */
1896 case DCERPC_PKT_NOCALL:
1897 /* CL - server reply to a ping call. */
1898 case DCERPC_PKT_REJECT:
1899 case DCERPC_PKT_ACK:
1900 case DCERPC_PKT_CL_CANCEL:
1901 case DCERPC_PKT_FACK:
1902 case DCERPC_PKT_CANCEL_ACK:
1903 DEBUG(0, ("process_complete_pdu: Error. "
1904 "Connectionless packet type %u received on "
1905 "pipe %s.\n", (unsigned int)pkt->ptype,
1906 get_pipe_name_from_syntax(talloc_tos(),
1907 &p->syntax)));
1908 break;
1909
1910 case DCERPC_PKT_BIND:
1911 /*
1912 * We assume that a pipe bind is only in one pdu.
1913 */
1914 if (pipe_init_outgoing_data(p)) {
1915 reply = api_pipe_bind_req(p, pkt);
1916 }
1917 break;
1918
1919 case DCERPC_PKT_BIND_ACK:
1920 case DCERPC_PKT_BIND_NAK:
1921 DEBUG(0, ("process_complete_pdu: Error. "
1922 "DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK "
1923 "packet type %u received on pipe %s.\n",
1924 (unsigned int)pkt->ptype,
1925 get_pipe_name_from_syntax(talloc_tos(),
1926 &p->syntax)));
1927 break;
1928
1929
1930 case DCERPC_PKT_ALTER:
1931 /*
1932 * We assume that a pipe bind is only in one pdu.
1933 */
1934 if (pipe_init_outgoing_data(p)) {
1935 reply = api_pipe_alter_context(p, pkt);
1936 }
1937 break;
1938
1939 case DCERPC_PKT_ALTER_RESP:
1940 DEBUG(0, ("process_complete_pdu: Error. "
1941 "DCERPC_PKT_ALTER_RESP on pipe %s: "
1942 "Should only be server -> client.\n",
1943 get_pipe_name_from_syntax(talloc_tos(),
1944 &p->syntax)));
1945 break;
1946
1947 case DCERPC_PKT_AUTH3:
1948 /*
1949 * The third packet in an auth exchange.
1950 */
1951 if (pipe_init_outgoing_data(p)) {
1952 reply = api_pipe_bind_auth3(p, pkt);
1953 }
1954 break;
1955
1956 case DCERPC_PKT_SHUTDOWN:
1957 DEBUG(0, ("process_complete_pdu: Error. "
1958 "DCERPC_PKT_SHUTDOWN on pipe %s: "
1959 "Should only be server -> client.\n",
1960 get_pipe_name_from_syntax(talloc_tos(),
1961 &p->syntax)));
1962 break;
1963
1964 case DCERPC_PKT_CO_CANCEL:
1965 /* For now just free all client data and continue
1966 * processing. */
1967 DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL."
1968 " Abandoning rpc call.\n"));
1969 /* As we never do asynchronous RPC serving, we can
1970 * never cancel a call (as far as I know).
1971 * If we ever did we'd have to send a cancel_ack reply.
1972 * For now, just free all client data and continue
1973 * processing. */
1974 reply = True;
1975 break;
1976
1977 #if 0
1978 /* Enable this if we're doing async rpc. */
1979 /* We must check the outstanding callid matches. */
1980 if (pipe_init_outgoing_data(p)) {
1981 /* Send a cancel_ack PDU reply. */
1982 /* We should probably check the auth-verifier here. */
1983 reply = setup_cancel_ack_reply(p, pkt);
1984 }
1985 break;
1986 #endif
1987
1988 case DCERPC_PKT_ORPHANED:
1989 /* We should probably check the auth-verifier here.
1990 * For now just free all client data and continue
1991 * processing. */
1992 DEBUG(3, ("process_complete_pdu: DCERPC_PKT_ORPHANED."
1993 " Abandoning rpc call.\n"));
1994 reply = True;
1995 break;
1996
1997 default:
1998 DEBUG(0, ("process_complete_pdu: "
1999 "Unknown rpc type = %u received.\n",
2000 (unsigned int)pkt->ptype));
2001 break;
2002 }
2003
2004 done:
2005 if (!reply) {
2006 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
2007 "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(),
2008 &p->syntax)));
2009 set_incoming_fault(p);
2010 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
2011 TALLOC_FREE(pkt);
2012 } else {
2013 /*
2014 * Reset the lengths. We're ready for a new pdu.
2015 */
2016 TALLOC_FREE(p->in_data.pdu.data);
2017 p->in_data.pdu_needed_len = 0;
2018 p->in_data.pdu.length = 0;
2019 }
2020
2021 TALLOC_FREE(pkt);
2022 }
2023
reg import