search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
What is wrong with you, Jim? Check in the final version, not an interim one...
[Samba/gebeck_regimport.git] / source3 / rpc_client / cli_pipe.c
blobf685f38754ed67c5efdea56b47e0eefb021a69ea
1 /*
2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1998.
7 * Copyright (C) Jeremy Allison 1999.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_RPC_CLI
28
29 extern struct pipe_id_info pipe_names[];
30 extern fstring global_myworkgroup;
31 extern pstring global_myname;
32
33 /********************************************************************
34 Rpc pipe call id.
35 ********************************************************************/
36
37 static uint32 get_rpc_call_id(void)
38 {
39 static uint32 call_id = 0;
40 return ++call_id;
41 }
42
43 /*******************************************************************
44 Use SMBreadX to get rest of one fragment's worth of rpc data.
45 ********************************************************************/
46
47 static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
48 {
49 size_t size = (size_t)cli->max_recv_frag;
50 int stream_offset = 0;
51 int num_read;
52 char *pdata;
53 int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
54
55 DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
56 (int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
57
58 /*
59 * Grow the buffer if needed to accommodate the data to be read.
60 */
61
62 if (extra_data_size > 0) {
63 if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
64 DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
65 return False;
66 }
67 DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
68 }
69
70 pdata = prs_data_p(rdata) + *rdata_offset;
71
72 do /* read data using SMBreadX */
73 {
74 uint32 ecode;
75 uint8 eclass;
76
77 if (size > (size_t)data_to_read)
78 size = (size_t)data_to_read;
79
80 num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
81
82 DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
83 num_read, stream_offset, data_to_read));
84
85 if (cli_is_dos_error(cli)) {
86 cli_dos_error(cli, &eclass, &ecode);
87 if (eclass != ERRDOS && ecode != ERRmoredata) {
88 DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
89 eclass, (unsigned int)ecode));
90 return False;
91 }
92 }
93
94 data_to_read -= num_read;
95 stream_offset += num_read;
96 pdata += num_read;
97
98 } while (num_read > 0 && data_to_read > 0);
99 /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
100
101 /*
102 * Update the current offset into rdata by the amount read.
103 */
104 *rdata_offset += stream_offset;
105
106 return True;
107 }
108
109 /****************************************************************************
110 Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
111 ****************************************************************************/
112
113 static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
114 BOOL *first, BOOL *last, uint32 *len)
115 {
116 DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
117
118 /* Next call sets endian bit. */
119
120 if(!smb_io_rpc_hdr("rpc_hdr ", rhdr, rdata, 0)) {
121 DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
122 return False;
123 }
124
125 if (prs_offset(rdata) != RPC_HEADER_LEN) {
126 DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
127 return False;
128 }
129
130 (*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
131 (*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
132 (*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
133
134 return (rhdr->pkt_type != RPC_FAULT);
135 }
136
137 static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, uint32 len)
138 {
139 unsigned char *hash = cli->ntlmssp_hash;
140 unsigned char index_i = hash[256];
141 unsigned char index_j = hash[257];
142 int ind;
143
144 for( ind = 0; ind < len; ind++) {
145 unsigned char tc;
146 unsigned char t;
147
148 index_i++;
149 index_j += hash[index_i];
150
151 tc = hash[index_i];
152 hash[index_i] = hash[index_j];
153 hash[index_j] = tc;
154
155 t = hash[index_i] + hash[index_j];
156 data[ind] = data[ind] ^ hash[t];
157 }
158
159 hash[256] = index_i;
160 hash[257] = index_j;
161 }
162
163 /****************************************************************************
164 Verify data on an rpc pipe.
165 The VERIFY & SEAL code is only executed on packets that look like this :
166
167 Request/Response PDU's look like the following...
168
169 |<------------------PDU len----------------------------------------------->|
170 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
171
172 +------------+-----------------+-------------+---------------+-------------+
173 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
174 +------------+-----------------+-------------+---------------+-------------+
175
176 Never on bind requests/responses.
177 ****************************************************************************/
178
179 static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int auth_len)
180 {
181 /*
182 * The following is that length of the data we must sign or seal.
183 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
184 * preceeding the auth_data.
185 */
186
187 int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
188
189 /*
190 * The start of the data to sign/seal is just after the RPC headers.
191 */
192 char *reply_data = prs_data_p(rdata) + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
193
194 BOOL auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
195 BOOL auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
196
197 DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
198 len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
199
200 /*
201 * Unseal any sealed data in the PDU, not including the
202 * 8 byte auth_header or the auth_data.
203 */
204
205 if (auth_seal) {
206 DEBUG(10,("rpc_auth_pipe: unseal\n"));
207 dump_data(100, reply_data, data_len);
208 NTLMSSPcalc_ap(cli, (uchar*)reply_data, data_len);
209 dump_data(100, reply_data, data_len);
210 }
211
212 if (auth_verify || auth_seal) {
213 RPC_HDR_AUTH rhdr_auth;
214 prs_struct auth_req;
215 char data[RPC_HDR_AUTH_LEN];
216 /*
217 * We set dp to be the end of the packet, minus the auth_len
218 * and the length of the header that preceeds the auth_data.
219 */
220 char *dp = prs_data_p(rdata) + len - auth_len - RPC_HDR_AUTH_LEN;
221
222 if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
223 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
224 return False;
225 }
226
227 memcpy(data, dp, sizeof(data));
228
229 prs_init(&auth_req , 0, cli->mem_ctx, UNMARSHALL);
230
231 /* The endianness must be preserved... JRA. */
232
233 prs_set_endian_data(&auth_req, rdata->bigendian_data);
234
235 prs_give_memory(&auth_req, data, RPC_HDR_AUTH_LEN, False);
236
237 /*
238 * Unmarshall the 8 byte auth_header that comes before the
239 * auth data.
240 */
241
242 if(!smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &auth_req, 0)) {
243 DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_HDR_AUTH failed.\n"));
244 return False;
245 }
246
247 if (!rpc_hdr_auth_chk(&rhdr_auth)) {
248 DEBUG(0,("rpc_auth_pipe: rpc_hdr_auth_chk failed.\n"));
249 return False;
250 }
251 }
252
253 /*
254 * Now unseal and check the auth verifier in the auth_data at
255 * then end of the packet. The 4 bytes skipped in the unseal
256 * seem to be a buffer pointer preceeding the sealed data.
257 */
258
259 if (auth_verify) {
260 RPC_AUTH_NTLMSSP_CHK chk;
261 uint32 crc32;
262 prs_struct auth_verf;
263 char data[RPC_AUTH_NTLMSSP_CHK_LEN];
264 char *dp = prs_data_p(rdata) + len - auth_len;
265
266 if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
267 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
268 return False;
269 }
270
271 DEBUG(10,("rpc_auth_pipe: verify\n"));
272 dump_data(100, dp, auth_len);
273 NTLMSSPcalc_ap(cli, (uchar*)(dp+4), auth_len - 4);
274
275 memcpy(data, dp, RPC_AUTH_NTLMSSP_CHK_LEN);
276 dump_data(100, data, auth_len);
277
278 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
279
280 /* The endinness must be preserved. JRA. */
281 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
282
283 prs_give_memory(&auth_verf, data, RPC_AUTH_NTLMSSP_CHK_LEN, False);
284
285 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0)) {
286 DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_AUTH_NTLMSSP_CHK failed.\n"));
287 return False;
288 }
289
290 crc32 = crc32_calc_buffer(reply_data, data_len);
291
292 if (!rpc_auth_ntlmssp_chk(&chk, crc32 , cli->ntlmssp_seq_num)) {
293 DEBUG(0,("rpc_auth_pipe: rpc_auth_ntlmssp_chk failed.\n"));
294 return False;
295 }
296 cli->ntlmssp_seq_num++;
297 }
298 return True;
299 }
300
301
302 /****************************************************************************
303 Send data on an rpc pipe via trans, which *must* be the last fragment.
304 receive response data from an rpc pipe, which may be large...
305
306 Read the first fragment: unfortunately have to use SMBtrans for the first
307 bit, then SMBreadX for subsequent bits.
308
309 If first fragment received also wasn't the last fragment, continue
310 getting fragments until we _do_ receive the last fragment.
311
312 Request/Response PDU's look like the following...
313
314 |<------------------PDU len----------------------------------------------->|
315 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
316
317 +------------+-----------------+-------------+---------------+-------------+
318 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
319 +------------+-----------------+-------------+---------------+-------------+
320
321 Where the presence of the AUTH_HDR and AUTH are dependent on the
322 signing & sealing being neogitated.
323
324 ****************************************************************************/
325
326 static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata)
327 {
328 uint32 len;
329 char *rparam = NULL;
330 uint32 rparam_len = 0;
331 uint16 setup[2];
332 BOOL first = True;
333 BOOL last = True;
334 RPC_HDR rhdr;
335 char *pdata = data ? prs_data_p(data) : NULL;
336 uint32 data_len = data ? prs_offset(data) : 0;
337 char *prdata = NULL;
338 uint32 rdata_len = 0;
339 uint32 current_offset = 0;
340 uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
341
342 /* Create setup parameters - must be in native byte order. */
343
344 setup[0] = TRANSACT_DCERPCCMD;
345 setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
346
347 DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
348
349 /* Send the RPC request and receive a response. For short RPC
350 calls (about 1024 bytes or so) the RPC request and response
351 appears in a SMBtrans request and response. Larger RPC
352 responses are received further on. */
353
354 if (!cli_api_pipe(cli, "\\PIPE\\",
355 setup, 2, 0, /* Setup, length, max */
356 NULL, 0, 0, /* Params, length, max */
357 pdata, data_len, max_data, /* data, length, max */
358 &rparam, &rparam_len, /* return params, len */
359 &prdata, &rdata_len)) /* return data, len */
360 {
361 DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
362 return False;
363 }
364
365 /* Throw away returned params - we know we won't use them. */
366
367 SAFE_FREE(rparam);
368
369 if (prdata == NULL) {
370 DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
371 (int)cli->nt_pipe_fnum));
372 return False;
373 }
374
375 /*
376 * Give this memory as dynamically allocated to the return parse
377 * struct.
378 */
379
380 prs_give_memory(rdata, prdata, rdata_len, True);
381 current_offset = rdata_len;
382
383 /* This next call sets the endian bit correctly in rdata. */
384
385 if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
386 prs_mem_free(rdata);
387 return False;
388 }
389
390 if (rhdr.pkt_type == RPC_BINDACK) {
391 if (!last && !first) {
392 DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
393 first = True;
394 last = True;
395 }
396 }
397
398 if (rhdr.pkt_type == RPC_RESPONSE) {
399 RPC_HDR_RESP rhdr_resp;
400 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
401 DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
402 prs_mem_free(rdata);
403 return False;
404 }
405 }
406
407 DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
408 (unsigned int)len, (unsigned int)rdata_len ));
409
410 /* check if data to be sent back was too large for one SMBtrans */
411 /* err status is only informational: the _real_ check is on the
412 length */
413
414 if (len > 0) {
415 /* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
416
417 /* Read the remaining part of the first response fragment */
418
419 if (!rpc_read(cli, rdata, len, &current_offset)) {
420 prs_mem_free(rdata);
421 return False;
422 }
423 }
424
425 /*
426 * Now we have a complete PDU, check the auth struct if any was sent.
427 */
428
429 if (rhdr.auth_len != 0) {
430 if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
431 return False;
432 /*
433 * Drop the auth footers from the current offset.
434 * We need this if there are more fragments.
435 * The auth footers consist of the auth_data and the
436 * preceeding 8 byte auth_header.
437 */
438 current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
439 }
440
441 /*
442 * Only one rpc fragment, and it has been read.
443 */
444
445 if (first && last) {
446 DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
447 return True;
448 }
449
450 /*
451 * Read more fragments using SMBreadX until we get one with the
452 * last bit set.
453 */
454
455 while (!last) {
456 RPC_HDR_RESP rhdr_resp;
457 int num_read;
458 char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
459 prs_struct hps;
460 uint8 eclass;
461 uint32 ecode;
462
463 /*
464 * First read the header of the next PDU.
465 */
466
467 prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
468 prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
469
470 num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
471 if (cli_is_dos_error(cli)) {
472 cli_dos_error(cli, &eclass, &ecode);
473 if (eclass != ERRDOS && ecode != ERRmoredata) {
474 DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
475 return False;
476 }
477 }
478
479 DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
480
481 if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
482 DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
483 RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
484 return False;
485 }
486
487 /* This call sets the endianness in hps. */
488
489 if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
490 return False;
491
492 /* Ensure the endianness in rdata is set correctly - must be same as hps. */
493
494 if (hps.bigendian_data != rdata->bigendian_data) {
495 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
496 rdata->bigendian_data ? "big" : "little",
497 hps.bigendian_data ? "big" : "little" ));
498 return False;
499 }
500
501 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
502 DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
503 return False;
504 }
505
506 if (first) {
507 DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
508 return False;
509 }
510
511 /*
512 * Now read the rest of the PDU.
513 */
514
515 if (!rpc_read(cli, rdata, len, &current_offset))
516 return False;
517
518 /*
519 * Verify any authentication footer.
520 */
521
522 if (rhdr.auth_len != 0 ) {
523 if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
524 return False;
525 /*
526 * Drop the auth footers from the current offset.
527 * The auth footers consist of the auth_data and the
528 * preceeding 8 byte auth_header.
529 * We need this if there are more fragments.
530 */
531 current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
532 }
533 }
534
535 return True;
536 }
537
538 /*******************************************************************
539 creates a DCE/RPC bind request
540
541 - initialises the parse structure.
542 - dynamically allocates the header data structure
543 - caller is expected to free the header data structure once used.
544
545 ********************************************************************/
546
547 static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, uint32 rpc_call_id,
548 RPC_IFACE *abstract, RPC_IFACE *transfer,
549 char *my_name, char *domain, uint32 neg_flags)
550 {
551 RPC_HDR hdr;
552 RPC_HDR_RB hdr_rb;
553 char buffer[4096];
554 prs_struct auth_info;
555 int auth_len = 0;
556
557 prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
558
559 if (do_auth) {
560 RPC_HDR_AUTH hdr_auth;
561 RPC_AUTH_VERIFIER auth_verifier;
562 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
563
564 /*
565 * Create the auth structs we will marshall.
566 */
567
568 init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00, 1);
569 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_NEGOTIATE);
570 init_rpc_auth_ntlmssp_neg(&ntlmssp_neg, neg_flags, my_name, domain);
571
572 /*
573 * Use the 4k buffer to store the auth info.
574 */
575
576 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
577
578 /*
579 * Now marshall the data into the temporary parse_struct.
580 */
581
582 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
583 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
584 return False;
585 }
586
587 if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
588 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_VERIFIER.\n"));
589 return False;
590 }
591
592 if(!smb_io_rpc_auth_ntlmssp_neg("ntlmssp_neg", &ntlmssp_neg, &auth_info, 0)) {
593 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_NTLMSSP_NEG.\n"));
594 return False;
595 }
596
597 /* Auth len in the rpc header doesn't include auth_header. */
598 auth_len = prs_offset(&auth_info) - RPC_HDR_AUTH_LEN;
599 }
600
601 /* create the request RPC_HDR */
602 init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id,
603 RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
604 auth_len);
605
606 if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
607 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
608 return False;
609 }
610
611 /* create the bind request RPC_HDR_RB */
612 init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
613 0x1, 0x0, 0x1, abstract, transfer);
614
615 /* Marshall the bind request data */
616 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
617 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
618 return False;
619 }
620
621 /*
622 * Grow the outgoing buffer to store any auth info.
623 */
624
625 if(hdr.auth_len != 0) {
626 if(!prs_append_prs_data( rpc_out, &auth_info)) {
627 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
628 return False;
629 }
630 }
631
632 return True;
633 }
634
635 /*******************************************************************
636 Creates a DCE/RPC bind authentication response.
637 This is the packet that is sent back to the server once we
638 have received a BIND-ACK, to finish the third leg of
639 the authentication handshake.
640 ********************************************************************/
641
642 static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
643 char *domain, char *user_name, char *my_name,
644 uint32 ntlmssp_cli_flgs,
645 uint32 rpc_call_id,
646 prs_struct *rpc_out)
647 {
648 unsigned char lm_owf[24];
649 unsigned char nt_owf[24];
650 RPC_HDR hdr;
651 RPC_HDR_AUTHA hdr_autha;
652 RPC_AUTH_VERIFIER auth_verifier;
653 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
654 char buffer[4096];
655 prs_struct auth_info;
656
657 /*
658 * Marshall the variable length data into a temporary parse
659 * struct, pointing into a 4k local buffer.
660 */
661 prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
662
663 /*
664 * Use the 4k buffer to store the auth info.
665 */
666
667 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
668
669 /*
670 * Create the variable length auth_data.
671 */
672
673 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH);
674
675 pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf);
676
677 init_rpc_auth_ntlmssp_resp(&ntlmssp_resp,
678 lm_owf, nt_owf,
679 domain, user_name, my_name,
680 ntlmssp_cli_flgs);
681
682 /*
683 * Marshall the variable length auth_data into a temp parse_struct.
684 */
685
686 if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
687 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_VERIFIER.\n"));
688 return False;
689 }
690
691 if(!smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, &auth_info, 0)) {
692 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_NTLMSSP_RESP.\n"));
693 return False;
694 }
695
696 /* Create the request RPC_HDR */
697 init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
698 RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + prs_offset(&auth_info),
699 prs_offset(&auth_info) );
700
701 /* Marshall it. */
702 if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
703 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
704 return False;
705 }
706
707 /* Create the request RPC_HDR_AUTHA */
708 init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
709 NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00);
710
711 if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
712 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
713 return False;
714 }
715
716 /*
717 * Append the auth data to the outgoing buffer.
718 */
719
720 if(!prs_append_prs_data(rpc_out, &auth_info)) {
721 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
722 return False;
723 }
724
725 return True;
726 }
727
728
729 /*******************************************************************
730 Creates a DCE/RPC request.
731 ********************************************************************/
732
733 static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
734 {
735 uint32 alloc_hint;
736 RPC_HDR hdr;
737 RPC_HDR_REQ hdr_req;
738 uint32 callid = oldid ? oldid : get_rpc_call_id();
739
740 DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
741
742 /* create the rpc header RPC_HDR */
743 init_rpc_hdr(&hdr, RPC_REQUEST, flags,
744 callid, data_len, auth_len);
745
746 /*
747 * The alloc hint should be the amount of data, not including
748 * RPC headers & footers.
749 */
750
751 if (auth_len != 0)
752 alloc_hint = data_left - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
753 else
754 alloc_hint = data_left - RPC_HEADER_LEN;
755
756 DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
757 data_len, auth_len, alloc_hint));
758
759 /* Create the rpc request RPC_HDR_REQ */
760 init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
761
762 /* stream-time... */
763 if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
764 return 0;
765
766 if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
767 return 0;
768
769 if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
770 return 0;
771
772 return callid;
773 }
774
775 /*******************************************************************
776 Puts an auth header into an rpc request.
777 ********************************************************************/
778
779 static BOOL create_auth_hdr(prs_struct *outgoing_packet, BOOL auth_verify)
780 {
781 RPC_HDR_AUTH hdr_auth;
782
783 init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE,
784 NTLMSSP_AUTH_LEVEL, 0x08,
785 (auth_verify ? 1 : 0));
786 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
787 outgoing_packet, 0)) {
788 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
789 return False;
790 }
791 return True;
792 }
793
794 /*******************************************************************
795 Puts auth data into an rpc request.
796 ********************************************************************/
797
798 static BOOL create_auth_data(struct cli_state *cli, uint32 crc32,
799 prs_struct *outgoing_packet)
800 {
801 char *pdata_out = prs_data_p(outgoing_packet);
802 RPC_AUTH_NTLMSSP_CHK chk;
803 uint32 current_offset = prs_offset(outgoing_packet);
804
805 init_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION,
806 crc32, cli->ntlmssp_seq_num++);
807 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk,
808 outgoing_packet, 0)) {
809 DEBUG(0,("create_auth_data: Failed to marshal RPC_AUTH_NTLMSSP_CHK.\n"));
810 return False;
811 }
812 NTLMSSPcalc_ap(cli, (unsigned char*)
813 &pdata_out[current_offset+4],
814 RPC_AUTH_NTLMSSP_CHK_LEN - 4);
815 return True;
816 }
817
818 /**
819 * Send a request on an RPC pipe and get a response.
820 *
821 * @param data NDR contents of the request to be sent.
822 * @param rdata Unparsed NDR response data.
823 **/
824
825 BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
826 prs_struct *data, prs_struct *rdata)
827 {
828 uint32 auth_len, max_data, data_left, data_sent;
829 BOOL ret = False;
830 BOOL auth_verify, auth_seal;
831 fstring dump_name;
832
833 auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
834 auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
835
836 auth_len = (auth_verify ? RPC_AUTH_NTLMSSP_CHK_LEN : 0);
837
838 /*
839 * calc how much actual data we can send in a PDU fragment
840 */
841 max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
842 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
843
844 for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
845 prs_struct outgoing_packet;
846 uint32 data_len, send_size;
847 uint8 flags = 0;
848 uint32 crc32 = 0;
849 uint32 callid;
850
851 /*
852 * how much will we send this time
853 */
854 send_size = MIN(data_left, max_data);
855 data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + send_size +
856 (auth_verify ? RPC_HDR_AUTH_LEN : 0) + auth_len;
857
858 /*
859 * Malloc parse struct to hold it (and enough for alignments).
860 */
861 if(!prs_init(&outgoing_packet, data_len + 8,
862 cli->mem_ctx, MARSHALL)) {
863 DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
864 return False;
865 }
866
867 if (data_left == prs_offset(data)) {
868 flags |= RPC_FLG_FIRST;
869 callid = 0;
870 }
871 if (data_left < max_data)
872 flags |= RPC_FLG_LAST;
873 /*
874 * Write out the RPC header and the request header.
875 */
876 if(!(callid = create_rpc_request(&outgoing_packet, op_num,
877 data_len, auth_len, flags,
878 callid, data_left))) {
879 DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
880 prs_mem_free(&outgoing_packet);
881 return False;
882 }
883
884 /*
885 * Seal the outgoing data if requested.
886 */
887 if (auth_seal) {
888 crc32 = crc32_calc_buffer(prs_data_p(data) + data_sent,
889 send_size);
890 NTLMSSPcalc_ap(cli, (unsigned char*)prs_data_p(data) +
891 data_sent, send_size);
892 }
893
894 /*
895 * Now copy the data into the outgoing packet.
896 */
897 if(!prs_append_some_prs_data(&outgoing_packet, data,
898 data_sent, send_size)) {
899 DEBUG(0,("rpc_api_pipe_req: Failed to append data to outgoing packet.\n"));
900 prs_mem_free(&outgoing_packet);
901 return False;
902 }
903
904 /*
905 * Add a trailing auth_verifier if needed.
906 */
907 if (auth_seal || auth_verify) {
908 if(!create_auth_hdr(&outgoing_packet, auth_verify)) {
909 prs_mem_free(&outgoing_packet);
910 return False;
911 }
912 }
913
914 /*
915 * Finally the auth data itself.
916 */
917 if (auth_verify) {
918 if (!create_auth_data(cli, crc32, &outgoing_packet)) {
919 prs_mem_free(&outgoing_packet);
920 return False;
921 }
922 }
923
924 DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
925 prs_offset(&outgoing_packet)));
926
927 if (flags & RPC_FLG_LAST)
928 ret = rpc_api_pipe(cli, &outgoing_packet, rdata);
929 else {
930 cli_write(cli, cli->nt_pipe_fnum, 0x0008,
931 prs_data_p(&outgoing_packet),
932 data_sent, data_len);
933 }
934 prs_mem_free(&outgoing_packet);
935 data_sent += send_size;
936 data_left -= send_size;
937 }
938 /* Also capture received data */
939 slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
940 cli_pipe_get_name(cli));
941 prs_dump(dump_name, op_num, rdata);
942
943 return ret;
944 }
945
946 /****************************************************************************
947 Set the handle state.
948 ****************************************************************************/
949
950 static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
951 {
952 BOOL state_set = False;
953 char param[2];
954 uint16 setup[2]; /* only need 2 uint16 setup parameters */
955 char *rparam = NULL;
956 char *rdata = NULL;
957 uint32 rparam_len, rdata_len;
958
959 if (pipe_name == NULL)
960 return False;
961
962 DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
963 cli->nt_pipe_fnum, pipe_name, device_state));
964
965 /* create parameters: device state */
966 SSVAL(param, 0, device_state);
967
968 /* create setup parameters. */
969 setup[0] = 0x0001;
970 setup[1] = cli->nt_pipe_fnum; /* pipe file handle. got this from an SMBOpenX. */
971
972 /* send the data on \PIPE\ */
973 if (cli_api_pipe(cli, "\\PIPE\\",
974 setup, 2, 0, /* setup, length, max */
975 param, 2, 0, /* param, length, max */
976 NULL, 0, 1024, /* data, length, max */
977 &rparam, &rparam_len, /* return param, length */
978 &rdata, &rdata_len)) /* return data, length */
979 {
980 DEBUG(5, ("Set Handle state: return OK\n"));
981 state_set = True;
982 }
983
984 SAFE_FREE(rparam);
985 SAFE_FREE(rdata);
986
987 return state_set;
988 }
989
990 /****************************************************************************
991 check the rpc bind acknowledge response
992 ****************************************************************************/
993
994 int get_pipe_index( const char *pipe_name )
995 {
996 int pipe_idx = 0;
997
998 while (pipe_names[pipe_idx].client_pipe != NULL) {
999 if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
1000 return pipe_idx;
1001 pipe_idx++;
1002 };
1003
1004 return -1;
1005 }
1006
1007
1008 /****************************************************************************
1009 check the rpc bind acknowledge response
1010 ****************************************************************************/
1011
1012 char* get_pipe_name_from_index( const int pipe_index )
1013 {
1014
1015 if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
1016 return NULL;
1017
1018 return pipe_names[pipe_index].client_pipe;
1019 }
1020
1021 /****************************************************************************
1022 Check to see if this pipe index points to one of
1023 the pipes only supported by Win2k
1024 ****************************************************************************/
1025
1026 BOOL is_win2k_pipe( const int pipe_idx )
1027 {
1028 switch ( pipe_idx )
1029 {
1030 case PI_LSARPC_DS:
1031 return True;
1032 }
1033
1034 return False;
1035 }
1036
1037 /****************************************************************************
1038 check the rpc bind acknowledge response
1039 ****************************************************************************/
1040
1041 static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
1042 {
1043 if ( pipe_idx >= PI_MAX_PIPES ) {
1044 DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
1045 pipe_idx));
1046 return False;
1047 }
1048
1049 DEBUG(5,("Bind Abstract Syntax: "));
1050 dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
1051 sizeof(pipe_names[pipe_idx].abstr_syntax));
1052 DEBUG(5,("Bind Transfer Syntax: "));
1053 dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
1054 sizeof(pipe_names[pipe_idx].trans_syntax));
1055
1056 /* copy the required syntaxes out so we can do the right bind */
1057
1058 *transfer = pipe_names[pipe_idx].trans_syntax;
1059 *abstract = pipe_names[pipe_idx].abstr_syntax;
1060
1061 return True;
1062 }
1063
1064 /****************************************************************************
1065 check the rpc bind acknowledge response
1066 ****************************************************************************/
1067
1068 static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
1069 {
1070 int i = 0;
1071
1072 if ( hdr_ba->addr.len <= 0)
1073 return False;
1074
1075 if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe ))
1076 {
1077 DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
1078 pipe_names[i].server_pipe ,hdr_ba->addr.str));
1079 return False;
1080 }
1081
1082 DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
1083
1084 if (pipe_names[pipe_idx].server_pipe == NULL) {
1085 DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
1086 return False;
1087 }
1088
1089 /* check the transfer syntax */
1090 if ((hdr_ba->transfer.version != transfer->version) ||
1091 (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1092 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1093 return False;
1094 }
1095
1096 /* lkclXXXX only accept one result: check the result(s) */
1097 if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
1098 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1099 hdr_ba->res.num_results, hdr_ba->res.reason));
1100 }
1101
1102 DEBUG(5,("bind_rpc_pipe: accepted!\n"));
1103 return True;
1104 }
1105
1106 /****************************************************************************
1107 Create and send the third packet in an RPC auth.
1108 ****************************************************************************/
1109
1110 static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
1111 {
1112 RPC_HDR_AUTH rhdr_auth;
1113 RPC_AUTH_VERIFIER rhdr_verf;
1114 RPC_AUTH_NTLMSSP_CHAL rhdr_chal;
1115 char buffer[MAX_PDU_FRAG_LEN];
1116 prs_struct rpc_out;
1117 ssize_t ret;
1118
1119 unsigned char p24[24];
1120 unsigned char lm_owf[24];
1121 unsigned char lm_hash[16];
1122
1123 if(!smb_io_rpc_hdr_auth("", &rhdr_auth, rdata, 0)) {
1124 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_HDR_AUTH.\n"));
1125 return False;
1126 }
1127 if(!smb_io_rpc_auth_verifier("", &rhdr_verf, rdata, 0)) {
1128 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_VERIFIER.\n"));
1129 return False;
1130 }
1131 if(!smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, rdata, 0)) {
1132 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_NTLMSSP_CHAL.\n"));
1133 return False;
1134 }
1135
1136 cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags;
1137
1138 pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
1139
1140 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1141
1142 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1143
1144 create_rpc_bind_resp(&cli->pwd, cli->domain,
1145 cli->user_name, global_myname,
1146 cli->ntlmssp_cli_flgs, rpc_call_id,
1147 &rpc_out);
1148
1149 pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
1150 pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
1151
1152 NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
1153
1154 {
1155 unsigned char j = 0;
1156 int ind;
1157 unsigned char k2[8];
1158
1159 memcpy(k2, p24, 5);
1160 k2[5] = 0xe5;
1161 k2[6] = 0x38;
1162 k2[7] = 0xb0;
1163
1164 for (ind = 0; ind < 256; ind++)
1165 cli->ntlmssp_hash[ind] = (unsigned char)ind;
1166
1167 for( ind = 0; ind < 256; ind++) {
1168 unsigned char tc;
1169
1170 j += (cli->ntlmssp_hash[ind] + k2[ind%8]);
1171
1172 tc = cli->ntlmssp_hash[ind];
1173 cli->ntlmssp_hash[ind] = cli->ntlmssp_hash[j];
1174 cli->ntlmssp_hash[j] = tc;
1175 }
1176
1177 cli->ntlmssp_hash[256] = 0;
1178 cli->ntlmssp_hash[257] = 0;
1179 }
1180
1181 memset((char *)lm_hash, '\0', sizeof(lm_hash));
1182
1183 if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
1184 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
1185 DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
1186 return False;
1187 }
1188
1189 cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags;
1190 return True;
1191 }
1192
1193 /****************************************************************************
1194 Do an rpc bind.
1195 ****************************************************************************/
1196
1197 BOOL rpc_pipe_bind(struct cli_state *cli, const int pipe_idx, char *my_name)
1198 {
1199 RPC_IFACE abstract;
1200 RPC_IFACE transfer;
1201 prs_struct rpc_out;
1202 prs_struct rdata;
1203 BOOL do_auth = (cli->ntlmssp_cli_flgs != 0);
1204 uint32 rpc_call_id;
1205 char buffer[MAX_PDU_FRAG_LEN];
1206
1207 if ( (pipe_idx < 0) || (pipe_idx >= PI_MAX_PIPES) )
1208 return False;
1209
1210 DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
1211
1212 if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
1213 return False;
1214
1215 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1216
1217 /*
1218 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
1219 */
1220
1221 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1222
1223 rpc_call_id = get_rpc_call_id();
1224
1225 /* Marshall the outgoing data. */
1226 create_rpc_bind_req(&rpc_out, do_auth, rpc_call_id,
1227 &abstract, &transfer,
1228 global_myname, cli->domain, cli->ntlmssp_cli_flgs);
1229
1230 /* Initialize the incoming data struct. */
1231 prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
1232
1233 /* send data on \PIPE\. receive a response */
1234 if (rpc_api_pipe(cli, &rpc_out, &rdata)) {
1235 RPC_HDR_BA hdr_ba;
1236
1237 DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
1238
1239 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
1240 DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
1241 prs_mem_free(&rdata);
1242 return False;
1243 }
1244
1245 if(!check_bind_response(&hdr_ba, pipe_idx, &transfer)) {
1246 DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
1247 prs_mem_free(&rdata);
1248 return False;
1249 }
1250
1251 cli->max_xmit_frag = hdr_ba.bba.max_tsize;
1252 cli->max_recv_frag = hdr_ba.bba.max_rsize;
1253
1254 /*
1255 * If we're doing NTLMSSP auth we need to send a reply to
1256 * the bind-ack to complete the 3-way challenge response
1257 * handshake.
1258 */
1259
1260 if (do_auth && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
1261 DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
1262 prs_mem_free(&rdata);
1263 return False;
1264 }
1265 }
1266
1267 prs_mem_free(&rdata);
1268 return True;
1269 }
1270
1271 /****************************************************************************
1272 Set ntlmssp negotiation flags.
1273 ****************************************************************************/
1274
1275 void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs)
1276 {
1277 cli->ntlmssp_cli_flgs = ntlmssp_flgs;
1278 }
1279
1280
1281 /****************************************************************************
1282 Open a session.
1283 ****************************************************************************/
1284
1285 BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
1286 {
1287 int fnum;
1288
1289 SMB_ASSERT(cli->nt_pipe_fnum == 0);
1290
1291 /* The pipe index must fall within our array */
1292
1293 SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
1294
1295 if (cli->capabilities & CAP_NT_SMBS) {
1296 if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
1297 DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
1298 &pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
1299 return False;
1300 }
1301
1302 cli->nt_pipe_fnum = (uint16)fnum;
1303 } else {
1304 if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1305 DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
1306 pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
1307 return False;
1308 }
1309
1310 cli->nt_pipe_fnum = (uint16)fnum;
1311
1312 /**************** Set Named Pipe State ***************/
1313 if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
1314 DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
1315 cli_errstr(cli)));
1316 cli_close(cli, cli->nt_pipe_fnum);
1317 return False;
1318 }
1319 }
1320
1321 /******************* bind request on pipe *****************/
1322
1323 if (!rpc_pipe_bind(cli, pipe_idx, global_myname)) {
1324 DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
1325 get_pipe_name_from_index(pipe_idx)));
1326 cli_close(cli, cli->nt_pipe_fnum);
1327 return False;
1328 }
1329
1330 /*
1331 * Setup the remote server name prefixed by \ and the machine account name.
1332 */
1333
1334 fstrcpy(cli->srv_name_slash, "\\\\");
1335 fstrcat(cli->srv_name_slash, cli->desthost);
1336 strupper(cli->srv_name_slash);
1337
1338 fstrcpy(cli->clnt_name_slash, "\\\\");
1339 fstrcat(cli->clnt_name_slash, global_myname);
1340 strupper(cli->clnt_name_slash);
1341
1342 fstrcpy(cli->mach_acct, global_myname);
1343 fstrcat(cli->mach_acct, "$");
1344 strupper(cli->mach_acct);
1345
1346 /* Remember which pipe we're talking to */
1347 fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
1348
1349 return True;
1350 }
1351
1352
1353 const char *cli_pipe_get_name(struct cli_state *cli)
1354 {
1355 return cli->pipe_name;
1356 }
1357
1358
1359 /****************************************************************************
1360 close the session
1361 ****************************************************************************/
1362
1363 void cli_nt_session_close(struct cli_state *cli)
1364 {
1365 cli_close(cli, cli->nt_pipe_fnum);
1366 cli->nt_pipe_fnum = 0;
1367 }
reg import