2
* Unix SMB/CIFS implementation.
3
* RPC Pipe client / server routines
4
* Copyright (C) Andrew Tridgell 1992-1998
5
* Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6
* Copyright (C) Paul Ashton 1997-1998,
7
* Copyright (C) Jeremy Allison 1999,
8
* Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003.
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License as published by
12
* the Free Software Foundation; either version 2 of the License, or
13
* (at your option) any later version.
15
* This program is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
* GNU General Public License for more details.
20
* You should have received a copy of the GNU General Public License
21
* along with this program; if not, write to the Free Software
22
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25
/* this module apparently provides an implementation of DCE/RPC over a
26
* named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27
* documentation are available (in on-line form) from the X-Open group.
29
* this module should provide a level of abstraction between SMB
30
* and DCE/RPC, while minimising the amount of mallocs, unnecessary
31
* data copies, and network traffic.
33
* in this version, which takes a "let's learn what's going on and
34
* get something running" approach, there is additional network
35
* traffic generated, but the code should be easier to understand...
37
* ... if you read the docs. or stare at packets for weeks on end.
44
#define DBGC_CLASS DBGC_RPC_SRV
46
/*************************************************************
48
We need to transfer the session key from one rpc bind to the
49
next. This is the way the netlogon schannel works.
50
**************************************************************/
51
struct dcinfo last_dcinfo;
53
static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
55
unsigned char *hash = p->ntlmssp_hash;
56
unsigned char index_i = hash[256];
57
unsigned char index_j = hash[257];
60
for( ind = 0; ind < len; ind++) {
65
index_j += hash[index_i];
68
hash[index_i] = hash[index_j];
71
t = hash[index_i] + hash[index_j];
72
data[ind] = data[ind] ^ hash[t];
79
/*******************************************************************
80
Generate the next PDU to be returned from the data in p->rdata.
81
We cheat here as this function doesn't handle the special auth
82
footers of the authenticated bind response reply.
83
********************************************************************/
85
BOOL create_next_pdu(pipes_struct *p)
87
RPC_HDR_RESP hdr_resp;
88
BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
89
BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
90
uint32 ss_padding_len = 0;
92
uint32 data_space_available;
94
prs_struct outgoing_pdu;
98
* If we're in the fault state, keep returning fault PDU's until
99
* the pipe gets closed. JRA.
103
setup_fault_pdu(p, NT_STATUS(0x1c010002));
107
memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
109
/* Change the incoming request header to a response. */
110
p->hdr.pkt_type = RPC_RESPONSE;
112
/* Set up rpc header flags. */
113
if (p->out_data.data_sent_length == 0) {
114
p->hdr.flags = RPC_FLG_FIRST;
120
* Work out how much we can fit in a single PDU.
123
data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
124
if(p->ntlmssp_auth_validated) {
125
data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
126
} else if(p->netsec_auth_validated) {
127
data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN);
131
* The amount we send is the minimum of the available
132
* space and the amount left to send.
135
data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
138
* Ensure there really is data left to send.
142
DEBUG(0,("create_next_pdu: no data left to send !\n"));
146
data_len = MIN(data_len_left, data_space_available);
149
* Set up the alloc hint. This should be the data left to
153
hdr_resp.alloc_hint = data_len_left;
156
* Work out if this PDU will be the last.
159
if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
160
p->hdr.flags |= RPC_FLG_LAST;
161
if ((auth_seal || auth_verify) && (data_len_left % 8)) {
162
ss_padding_len = 8 - (data_len_left % 8);
163
DEBUG(10,("create_next_pdu: adding sign/seal padding of %u\n",
169
* Set up the header lengths.
172
if (p->ntlmssp_auth_validated) {
173
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
174
data_len + ss_padding_len +
175
RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
176
p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
177
} else if (p->netsec_auth_validated) {
178
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
179
data_len + ss_padding_len +
180
RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
181
p->hdr.auth_len = RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN;
183
p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
188
* Init the parse struct to point at the outgoing
192
prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
193
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
195
/* Store the header in the data stream. */
196
if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
197
DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
198
prs_mem_free(&outgoing_pdu);
202
if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
203
DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
204
prs_mem_free(&outgoing_pdu);
208
/* Store the current offset. */
209
data_pos = prs_offset(&outgoing_pdu);
211
/* Copy the data into the PDU. */
213
if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
214
DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
215
prs_mem_free(&outgoing_pdu);
219
/* Copy the sign/seal padding data. */
220
if (ss_padding_len) {
222
memset(pad, '\0', 8);
223
if (!prs_copy_data_in(&outgoing_pdu, pad, ss_padding_len)) {
224
DEBUG(0,("create_next_pdu: failed to add %u bytes of pad data.\n", (unsigned int)ss_padding_len));
225
prs_mem_free(&outgoing_pdu);
230
if (p->ntlmssp_auth_validated) {
232
* NTLMSSP processing. Mutually exclusive with Schannel.
237
DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
238
BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len + ss_padding_len, p->hdr.auth_len));
241
* Set data to point to where we copied the data into.
244
data = prs_data_p(&outgoing_pdu) + data_pos;
247
crc32 = crc32_calc_buffer(data, data_len + ss_padding_len);
248
NTLMSSPcalc_p(p, (uchar*)data, data_len + ss_padding_len);
251
if (auth_seal || auth_verify) {
252
RPC_HDR_AUTH auth_info;
254
init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE,
255
auth_seal ? RPC_PIPE_AUTH_SEAL_LEVEL : RPC_PIPE_AUTH_SIGN_LEVEL,
256
(auth_verify ? ss_padding_len : 0), (auth_verify ? 1 : 0));
257
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
258
DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
259
prs_mem_free(&outgoing_pdu);
265
RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
266
char *auth_data = prs_data_p(&outgoing_pdu);
268
p->ntlmssp_seq_num++;
269
init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
270
crc32, p->ntlmssp_seq_num++);
271
auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
272
if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
273
DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
274
prs_mem_free(&outgoing_pdu);
277
NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
279
} else if (p->netsec_auth_validated) {
281
* Schannel processing. Mutually exclusive with NTLMSSP.
283
int auth_type, auth_level;
285
RPC_HDR_AUTH auth_info;
287
RPC_AUTH_NETSEC_CHK verf;
291
data = prs_data_p(&outgoing_pdu) + data_pos;
292
/* Check it's the type of reply we were expecting to decode */
294
get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level);
295
init_rpc_hdr_auth(&auth_info, auth_type, auth_level,
298
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
299
DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
300
prs_mem_free(&outgoing_pdu);
304
prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
305
prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
307
netsec_encode(&p->netsec_auth,
308
p->netsec_auth.auth_flags,
310
&verf, data, data_len + ss_padding_len);
312
smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
313
&verf, &outgoing_pdu, 0);
315
p->netsec_auth.seq_num++;
319
* Setup the counts for this PDU.
322
p->out_data.data_sent_length += data_len;
323
p->out_data.current_pdu_len = p->hdr.frag_len;
324
p->out_data.current_pdu_sent = 0;
326
prs_mem_free(&outgoing_pdu);
330
/*******************************************************************
331
Process an NTLMSSP authentication response.
332
If this function succeeds, the user has been authenticated
333
and their domain, name and calling workstation stored in
335
The initial challenge is stored in p->challenge.
336
*******************************************************************/
338
static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
350
struct auth_context *auth_context = NULL;
351
auth_usersupplied_info *user_info = NULL;
352
auth_serversupplied_info *server_info = NULL;
354
DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
356
memset(p->user_name, '\0', sizeof(p->user_name));
357
memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
358
memset(p->domain, '\0', sizeof(p->domain));
359
memset(p->wks, '\0', sizeof(p->wks));
361
/* Set up for non-authenticated user. */
362
delete_nt_token(&p->pipe_user.nt_user_token);
363
p->pipe_user.ngroups = 0;
364
SAFE_FREE( p->pipe_user.groups);
367
* Setup an empty password for a guest user.
371
* We always negotiate UNICODE.
374
if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
375
rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
376
rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
377
rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
379
pull_ascii_fstring(user_name, ntlmssp_resp->user);
380
pull_ascii_fstring(domain, ntlmssp_resp->domain);
381
pull_ascii_fstring(wks, ntlmssp_resp->wks);
384
DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
386
nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
387
lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
389
memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
390
memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
392
#ifdef DEBUG_PASSWORD
393
DEBUG(100,("lm, nt owfs, chal\n"));
394
dump_data(100, (char *)lm_owf, sizeof(lm_owf));
395
dump_data(100, (char *)nt_owf, nt_pw_len);
396
dump_data(100, (char *)p->challenge, 8);
400
* Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
406
* Do the length checking only if user is not NULL.
409
if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
411
if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
413
if (ntlmssp_resp->hdr_usr.str_str_len == 0)
415
if (ntlmssp_resp->hdr_domain.str_str_len == 0)
417
if (ntlmssp_resp->hdr_wks.str_str_len == 0)
422
make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
424
if (!make_user_info_netlogon_network(&user_info,
425
user_name, domain, wks,
427
nt_owf, nt_pw_len)) {
428
DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
432
nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
434
(auth_context->free)(&auth_context);
435
free_user_info(&user_info);
437
p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
439
if (!p->ntlmssp_auth_validated) {
440
DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
441
failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
442
free_server_info(&server_info);
447
* Set up the sign/seal data.
450
if (server_info->lm_session_key.length != 16) {
451
DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
452
succeeded authentication on named pipe %s, but session key was of incorrect length [%u].\n",
453
domain, user_name, wks, p->name, server_info->lm_session_key.length));
454
free_server_info(&server_info);
458
NTLMSSPOWFencrypt(server_info->lm_session_key.data, lm_owf, p24);
470
for (ind = 0; ind < 256; ind++)
471
p->ntlmssp_hash[ind] = (unsigned char)ind;
473
for( ind = 0; ind < 256; ind++) {
476
j += (p->ntlmssp_hash[ind] + k2[ind%8]);
478
tc = p->ntlmssp_hash[ind];
479
p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
480
p->ntlmssp_hash[j] = tc;
483
p->ntlmssp_hash[256] = 0;
484
p->ntlmssp_hash[257] = 0;
487
dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
488
sizeof(p->ntlmssp_hash));
490
/* NTLMSSPhash(p->ntlmssp_hash, p24); */
491
p->ntlmssp_seq_num = 0;
495
fstrcpy(p->user_name, user_name);
496
fstrcpy(p->pipe_user_name, server_info->unix_name);
497
fstrcpy(p->domain, domain);
498
fstrcpy(p->wks, wks);
501
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
504
if (p->session_key.data) {
505
data_blob_free(&p->session_key);
507
p->session_key = data_blob(server_info->lm_session_key.data, server_info->lm_session_key.length);
509
p->pipe_user.uid = server_info->uid;
510
p->pipe_user.gid = server_info->gid;
512
p->pipe_user.ngroups = server_info->n_groups;
513
if (p->pipe_user.ngroups) {
514
if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
515
DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
516
free_server_info(&server_info);
521
if (server_info->ptok)
522
p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
524
DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
525
p->pipe_user.nt_user_token = NULL;
526
free_server_info(&server_info);
530
p->ntlmssp_auth_validated = True;
532
free_server_info(&server_info);
536
/*******************************************************************
537
The switch table for the pipe names and the functions to handle them.
538
*******************************************************************/
547
struct api_struct *cmds;
551
static struct rpc_table *rpc_lookup;
552
static int rpc_lookup_size;
554
/*******************************************************************
555
This is the client reply to our challenge for an authenticated
556
bind request. The challenge we sent is in p->challenge.
557
*******************************************************************/
559
BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
561
RPC_HDR_AUTHA autha_info;
562
RPC_AUTH_VERIFIER auth_verifier;
563
RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
565
DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
567
if (p->hdr.auth_len == 0) {
568
DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
573
* Decode the authentication verifier response.
576
if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
577
DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
581
if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL) {
582
DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
583
(int)autha_info.auth_type, (int)autha_info.auth_level ));
587
if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
588
DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
593
* Ensure this is a NTLMSSP_AUTH packet type.
596
if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
597
DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
601
if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
602
DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
607
* The following call actually checks the challenge/response data.
608
* for correctness against the given DOMAIN\user name.
611
if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
619
/*******************************************************************
620
Marshall a bind_nak pdu.
621
*******************************************************************/
623
static BOOL setup_bind_nak(pipes_struct *p)
625
prs_struct outgoing_rpc;
629
/* Free any memory in the current return data buffer. */
630
prs_mem_free(&p->out_data.rdata);
633
* Marshall directly into the outgoing PDU space. We
634
* must do this as we need to set to the bind response
635
* header and are never sending more than one PDU here.
638
prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
639
prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
643
* Initialize a bind_nak header.
646
init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
647
p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
650
* Marshall the header into the outgoing PDU.
653
if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
654
DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
655
prs_mem_free(&outgoing_rpc);
660
* Now add the reject reason.
663
if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
664
prs_mem_free(&outgoing_rpc);
668
p->out_data.data_sent_length = 0;
669
p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
670
p->out_data.current_pdu_sent = 0;
672
p->pipe_bound = False;
677
/*******************************************************************
678
Marshall a fault pdu.
679
*******************************************************************/
681
BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
683
prs_struct outgoing_pdu;
685
RPC_HDR_RESP hdr_resp;
686
RPC_HDR_FAULT fault_resp;
688
/* Free any memory in the current return data buffer. */
689
prs_mem_free(&p->out_data.rdata);
692
* Marshall directly into the outgoing PDU space. We
693
* must do this as we need to set to the bind response
694
* header and are never sending more than one PDU here.
697
prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
698
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
701
* Initialize a fault header.
704
init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
705
p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
708
* Initialize the HDR_RESP and FAULT parts of the PDU.
711
memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
713
fault_resp.status = status;
714
fault_resp.reserved = 0;
717
* Marshall the header into the outgoing PDU.
720
if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
721
DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
722
prs_mem_free(&outgoing_pdu);
726
if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
727
DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
728
prs_mem_free(&outgoing_pdu);
732
if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
733
DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
734
prs_mem_free(&outgoing_pdu);
738
p->out_data.data_sent_length = 0;
739
p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
740
p->out_data.current_pdu_sent = 0;
742
prs_mem_free(&outgoing_pdu);
746
/*******************************************************************
747
Ensure a bind request has the correct abstract & transfer interface.
748
Used to reject unknown binds from Win2k.
749
*******************************************************************/
751
BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
752
RPC_IFACE* transfer, uint32 context_id)
754
extern struct pipe_id_info pipe_names[];
755
char *pipe_name = p->name;
759
fstrcpy(pname,"\\PIPE\\");
760
fstrcat(pname,pipe_name);
762
DEBUG(3,("check_bind_req for %s\n", pname));
764
/* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
766
for ( i=0; pipe_names[i].client_pipe; i++ )
768
if ( strequal(pipe_names[i].client_pipe, pname)
769
&& (abstract->version == pipe_names[i].abstr_syntax.version)
770
&& (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0)
771
&& (transfer->version == pipe_names[i].trans_syntax.version)
772
&& (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) )
774
struct api_struct *fns = NULL;
776
PIPE_RPC_FNS *context_fns;
778
if ( !(context_fns = malloc(sizeof(PIPE_RPC_FNS))) ) {
779
DEBUG(0,("check_bind_req: malloc() failed!\n"));
783
/* save the RPC function table associated with this bind */
785
get_pipe_fns(i, &fns, &n_fns);
787
context_fns->cmds = fns;
788
context_fns->n_cmds = n_fns;
789
context_fns->context_id = context_id;
791
/* add to the list of open contexts */
793
DLIST_ADD( p->contexts, context_fns );
799
if(pipe_names[i].client_pipe == NULL)
805
/*******************************************************************
806
Register commands to an RPC pipe
807
*******************************************************************/
808
NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *srv, const struct api_struct *cmds, int size)
810
struct rpc_table *rpc_entry;
812
if (!clnt || !srv || !cmds) {
813
return NT_STATUS_INVALID_PARAMETER;
816
if (version != SMB_RPC_INTERFACE_VERSION) {
817
DEBUG(0,("Can't register rpc commands!\n"
818
"You tried to register a rpc module with SMB_RPC_INTERFACE_VERSION %d"
819
", while this version of samba uses version %d!\n",
820
version,SMB_RPC_INTERFACE_VERSION));
821
return NT_STATUS_OBJECT_TYPE_MISMATCH;
826
* we still need to make sure that don't register the same commands twice!!!
831
/* We use a temporary variable because this call can fail and
832
rpc_lookup will still be valid afterwards. It could then succeed if
833
called again later */
834
rpc_entry = realloc(rpc_lookup,
835
++rpc_lookup_size*sizeof(struct rpc_table));
836
if (NULL == rpc_entry) {
838
DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
839
return NT_STATUS_NO_MEMORY;
841
rpc_lookup = rpc_entry;
844
rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
845
ZERO_STRUCTP(rpc_entry);
846
rpc_entry->pipe.clnt = strdup(clnt);
847
rpc_entry->pipe.srv = strdup(srv);
848
rpc_entry->cmds = realloc(rpc_entry->cmds,
849
(rpc_entry->n_cmds + size) *
850
sizeof(struct api_struct));
851
memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds,
852
size * sizeof(struct api_struct));
853
rpc_entry->n_cmds += size;
858
/*******************************************************************
859
Respond to a pipe bind request.
860
*******************************************************************/
862
BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
866
RPC_HDR_AUTH auth_info;
868
fstring ack_pipe_name;
869
prs_struct out_hdr_ba;
871
prs_struct outgoing_rpc;
874
enum RPC_PKT_TYPE reply_pkt_type;
876
p->ntlmssp_auth_requested = False;
877
p->netsec_auth_validated = False;
879
DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
882
* Try and find the correct pipe name to ensure
883
* that this is a pipe name we support.
887
for (i = 0; i < rpc_lookup_size; i++) {
888
if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
889
DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
890
rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
891
fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
896
if (i == rpc_lookup_size) {
897
if (NT_STATUS_IS_ERR(smb_probe_module("rpc", p->name))) {
898
DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
900
if(!setup_bind_nak(p))
905
for (i = 0; i < rpc_lookup_size; i++) {
906
if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
907
DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
908
rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
909
fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
914
if (i == rpc_lookup_size) {
915
DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p->name, p->name));
920
/* decode the bind request */
921
if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
922
DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
927
* Check if this is an authenticated request.
930
if (p->hdr.auth_len != 0) {
931
RPC_AUTH_VERIFIER auth_verifier;
932
RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
935
* Decode the authentication verifier.
938
if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
939
DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
943
if(auth_info.auth_type == NTLMSSP_AUTH_TYPE) {
945
if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
946
DEBUG(0,("api_pipe_bind_req: unable to "
947
"unmarshall RPC_HDR_AUTH struct.\n"));
951
if(!strequal(auth_verifier.signature, "NTLMSSP")) {
952
DEBUG(0,("api_pipe_bind_req: "
953
"auth_verifier.signature != NTLMSSP\n"));
957
if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
958
DEBUG(0,("api_pipe_bind_req: "
959
"auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
960
auth_verifier.msg_type));
964
if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
965
DEBUG(0,("api_pipe_bind_req: "
966
"Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
970
p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
971
p->ntlmssp_auth_requested = True;
973
} else if (auth_info.auth_type == NETSEC_AUTH_TYPE) {
975
RPC_AUTH_NETSEC_NEG neg;
976
struct netsec_auth_struct *a = &(p->netsec_auth);
978
if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) {
979
DEBUG(0,("api_pipe_bind_req: "
980
"Could not unmarshal SCHANNEL auth neg\n"));
984
p->netsec_auth_validated = True;
986
memset(a->sess_key, 0, sizeof(a->sess_key));
987
memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key));
991
DEBUG(10,("schannel auth: domain [%s] myname [%s]\n",
992
neg.domain, neg.myname));
995
DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
996
auth_info.auth_type ));
1001
switch(p->hdr.pkt_type) {
1003
/* name has to be \PIPE\xxxxx */
1004
fstrcpy(ack_pipe_name, "\\PIPE\\");
1005
fstrcat(ack_pipe_name, p->pipe_srv_name);
1006
reply_pkt_type = RPC_BINDACK;
1009
/* secondary address CAN be NULL
1010
* as the specs say it's ignored.
1011
* It MUST NULL to have the spoolss working.
1013
fstrcpy(ack_pipe_name,"");
1014
reply_pkt_type = RPC_ALTCONTRESP;
1020
DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
1023
* Marshall directly into the outgoing PDU space. We
1024
* must do this as we need to set to the bind response
1025
* header and are never sending more than one PDU here.
1028
prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
1029
prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
1032
* Setup the memory to marshall the ba header, and the
1036
if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
1037
DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
1038
prs_mem_free(&outgoing_rpc);
1042
if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
1043
DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
1044
prs_mem_free(&outgoing_rpc);
1045
prs_mem_free(&out_hdr_ba);
1049
if (p->ntlmssp_auth_requested)
1052
assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
1055
* Create the bind response struct.
1058
/* If the requested abstract synt uuid doesn't match our client pipe,
1059
reject the bind_ack & set the transfer interface synt to all 0's,
1060
ver 0 (observed when NT5 attempts to bind to abstract interfaces
1062
Needed when adding entries to a DACL from NT5 - SK */
1064
if(check_bind_req(p, &hdr_rb.abstract, &hdr_rb.transfer, hdr_rb.context_id ))
1066
init_rpc_hdr_ba(&hdr_ba,
1074
RPC_IFACE null_interface;
1075
ZERO_STRUCT(null_interface);
1076
/* Rejection reason: abstract syntax not supported */
1077
init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
1078
MAX_PDU_FRAG_LEN, assoc_gid,
1079
ack_pipe_name, 0x1, 0x2, 0x1,
1087
if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
1088
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
1093
* Now the authentication.
1096
if (p->ntlmssp_auth_requested) {
1097
RPC_AUTH_VERIFIER auth_verifier;
1098
RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
1100
generate_random_buffer(p->challenge, 8);
1102
/*** Authentication info ***/
1104
init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, RPC_HDR_AUTH_LEN, 1);
1105
if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1106
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1110
/*** NTLMSSP verifier ***/
1112
init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
1113
if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
1114
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1118
/* NTLMSSP challenge ***/
1120
init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
1121
if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
1122
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
1126
/* Auth len in the rpc header doesn't include auth_header. */
1127
auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1130
if (p->netsec_auth_validated) {
1131
RPC_AUTH_VERIFIER auth_verifier;
1134
/* The client opens a second RPC NETLOGON pipe without
1135
doing a auth2. The credentials for the schannel are
1136
re-used from the auth2 the client did before. */
1137
p->dc = last_dcinfo;
1139
init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, auth_info.auth_level, RPC_HDR_AUTH_LEN, 1);
1140
if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1141
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1145
/*** NETSEC verifier ***/
1147
init_rpc_auth_verifier(&auth_verifier, "\001", 0x0);
1148
if(!smb_io_rpc_netsec_verifier("", &auth_verifier, &out_auth, 0)) {
1149
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1153
prs_align(&out_auth);
1156
if(!prs_uint32("flags ", &out_auth, 0, &flags))
1159
auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1163
* Create the header, now we know the length.
1166
init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
1168
RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
1172
* Marshall the header into the outgoing PDU.
1175
if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
1176
DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1181
* Now add the RPC_HDR_BA and any auth needed.
1184
if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
1185
DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1189
if((p->ntlmssp_auth_requested|p->netsec_auth_validated) &&
1190
!prs_append_prs_data( &outgoing_rpc, &out_auth)) {
1191
DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1195
if(!p->ntlmssp_auth_requested)
1196
p->pipe_bound = True;
1199
* Setup the lengths for the initial reply.
1202
p->out_data.data_sent_length = 0;
1203
p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1204
p->out_data.current_pdu_sent = 0;
1206
prs_mem_free(&out_hdr_ba);
1207
prs_mem_free(&out_auth);
1213
prs_mem_free(&outgoing_rpc);
1214
prs_mem_free(&out_hdr_ba);
1215
prs_mem_free(&out_auth);
1219
/****************************************************************************
1220
Deal with sign & seal processing on an RPC request.
1221
****************************************************************************/
1223
BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1226
* We always negotiate the following two bits....
1228
BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1229
BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1235
auth_len = p->hdr.auth_len;
1237
if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1238
DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1243
* The following is that length of the data we must verify or unseal.
1244
* This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1245
* preceeding the auth_data.
1248
data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1249
(auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1251
DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1252
BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1256
* The data in rpc_in doesn't contain the RPC_HEADER as this
1257
* has already been consumed.
1259
char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1260
dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
1261
sizeof(p->ntlmssp_hash));
1263
dump_data_pw("Incoming RPC PDU (NTLMSSP sealed)\n",
1264
(const unsigned char *)data, data_len);
1265
NTLMSSPcalc_p(p, (uchar*)data, data_len);
1266
dump_data_pw("Incoming RPC PDU (NTLMSSP unsealed)\n",
1267
(const unsigned char *)data, data_len);
1268
crc32 = crc32_calc_buffer(data, data_len);
1271
old_offset = prs_offset(rpc_in);
1273
if (auth_seal || auth_verify) {
1274
RPC_HDR_AUTH auth_info;
1276
if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1277
DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1278
(unsigned int)old_offset + data_len ));
1282
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1283
DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1289
RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1290
char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1292
DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1295
* Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1298
if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1299
DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1300
RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1304
NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1305
if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1306
DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1310
if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1311
DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1317
* Return the current pointer to the data offset.
1320
if(!prs_set_offset(rpc_in, old_offset)) {
1321
DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1322
(unsigned int)old_offset ));
1329
/****************************************************************************
1330
Deal with schannel processing on an RPC request.
1331
****************************************************************************/
1332
BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
1335
* We always negotiate the following two bits....
1340
RPC_HDR_AUTH auth_info;
1341
RPC_AUTH_NETSEC_CHK netsec_chk;
1344
auth_len = p->hdr.auth_len;
1346
if (auth_len != RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN) {
1347
DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
1352
* The following is that length of the data we must verify or unseal.
1353
* This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1354
* preceeding the auth_data.
1357
data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1358
RPC_HDR_AUTH_LEN - auth_len;
1360
DEBUG(5,("data %d auth %d\n", data_len, auth_len));
1362
old_offset = prs_offset(rpc_in);
1364
if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1365
DEBUG(0,("cannot move offset to %u.\n",
1366
(unsigned int)old_offset + data_len ));
1370
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1371
DEBUG(0,("failed to unmarshall RPC_HDR_AUTH.\n"));
1375
if (auth_info.auth_type != NETSEC_AUTH_TYPE) {
1376
DEBUG(0,("Invalid auth info %d on schannel\n",
1377
auth_info.auth_type));
1381
if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) {
1382
p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
1383
} else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) {
1384
p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN;
1386
DEBUG(0,("Invalid auth level %d on schannel\n",
1387
auth_info.auth_level));
1391
if(!smb_io_rpc_auth_netsec_chk("", RPC_AUTH_NETSEC_SIGN_OR_SEAL_CHK_LEN,
1392
&netsec_chk, rpc_in, 0))
1394
DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
1398
if (!netsec_decode(&p->netsec_auth,
1399
p->netsec_auth.auth_flags,
1400
SENDER_IS_INITIATOR,
1402
prs_data_p(rpc_in)+old_offset, data_len)) {
1403
DEBUG(3,("failed to decode PDU\n"));
1408
* Return the current pointer to the data offset.
1411
if(!prs_set_offset(rpc_in, old_offset)) {
1412
DEBUG(0,("failed to set offset back to %u\n",
1413
(unsigned int)old_offset ));
1417
/* The sequence number gets incremented on both send and receive. */
1418
p->netsec_auth.seq_num++;
1423
/****************************************************************************
1424
Return a user struct for a pipe user.
1425
****************************************************************************/
1427
struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1429
if (p->ntlmssp_auth_validated) {
1430
memcpy(user, &p->pipe_user, sizeof(struct current_user));
1432
extern struct current_user current_user;
1433
memcpy(user, ¤t_user, sizeof(struct current_user));
1439
/****************************************************************************
1440
Find the set of RPC functions associated with this context_id
1441
****************************************************************************/
1443
static PIPE_RPC_FNS* find_pipe_fns_by_context( PIPE_RPC_FNS *list, uint32 context_id )
1445
PIPE_RPC_FNS *fns = NULL;
1446
PIPE_RPC_FNS *tmp = NULL;
1449
DEBUG(0,("find_pipe_fns_by_context: ERROR! No context list for pipe!\n"));
1453
for (tmp=list; tmp; tmp=tmp->next ) {
1454
if ( tmp->context_id == context_id )
1463
/****************************************************************************
1465
****************************************************************************/
1467
void free_pipe_rpc_context( PIPE_RPC_FNS *list )
1469
PIPE_RPC_FNS *tmp = list;
1481
/****************************************************************************
1482
Find the correct RPC function to call for this request.
1483
If the pipe is authenticated then become the correct UNIX user
1484
before doing the call.
1485
****************************************************************************/
1487
BOOL api_pipe_request(pipes_struct *p)
1490
PIPE_RPC_FNS *pipe_fns;
1492
if (p->ntlmssp_auth_validated) {
1494
if(!become_authenticated_pipe_user(p)) {
1495
prs_mem_free(&p->out_data.rdata);
1500
DEBUG(5, ("Requested \\PIPE\\%s\n", p->name));
1502
/* get the set of RPC functions for this context */
1504
pipe_fns = find_pipe_fns_by_context(p->contexts, p->hdr_req.context_id);
1507
set_current_rpc_talloc(p->mem_ctx);
1508
ret = api_rpcTNP(p, p->name, pipe_fns->cmds, pipe_fns->n_cmds);
1509
set_current_rpc_talloc(NULL);
1512
DEBUG(0,("api_pipe_request: No rpc function table associated with context [%d] on pipe [%s]\n",
1513
p->hdr_req.context_id, p->name));
1516
if(p->ntlmssp_auth_validated)
1517
unbecome_authenticated_pipe_user();
1522
/*******************************************************************
1523
Calls the underlying RPC function for a named pipe.
1524
********************************************************************/
1526
BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
1527
const struct api_struct *api_rpc_cmds, int n_cmds)
1531
uint32 offset1, offset2;
1533
/* interpret the command */
1534
DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1536
slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1537
prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1539
for (fn_num = 0; fn_num < n_cmds; fn_num++) {
1540
if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1541
DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
1546
if (fn_num == n_cmds) {
1548
* For an unknown RPC just return a fault PDU but
1549
* return True to allow RPC's on the pipe to continue
1550
* and not put the pipe into fault state. JRA.
1552
DEBUG(4, ("unknown\n"));
1553
setup_fault_pdu(p, NT_STATUS(0x1c010002));
1557
offset1 = prs_offset(&p->out_data.rdata);
1559
DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1560
fn_num, api_rpc_cmds[fn_num].fn));
1561
/* do the actual command */
1562
if(!api_rpc_cmds[fn_num].fn(p)) {
1563
DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1564
prs_mem_free(&p->out_data.rdata);
1568
if (p->bad_handle_fault_state) {
1569
DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1570
p->bad_handle_fault_state = False;
1571
setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1575
slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1576
offset2 = prs_offset(&p->out_data.rdata);
1577
prs_set_offset(&p->out_data.rdata, offset1);
1578
prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1579
prs_set_offset(&p->out_data.rdata, offset2);
1581
DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1583
/* Check for buffer underflow in rpc parsing */
1585
if ((DEBUGLEVEL >= 10) &&
1586
(prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1587
size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1590
data = malloc(data_len);
1592
DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1594
prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);
1603
/*******************************************************************
1604
*******************************************************************/
1606
void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
1608
struct api_struct *cmds = NULL;
1613
lsa_get_pipe_fns( &cmds, &n_cmds );
1616
lsa_ds_get_pipe_fns( &cmds, &n_cmds );
1619
samr_get_pipe_fns( &cmds, &n_cmds );
1622
netlog_get_pipe_fns( &cmds, &n_cmds );
1625
srvsvc_get_pipe_fns( &cmds, &n_cmds );
1628
wkssvc_get_pipe_fns( &cmds, &n_cmds );
1631
reg_get_pipe_fns( &cmds, &n_cmds );
1634
spoolss_get_pipe_fns( &cmds, &n_cmds );
1637
netdfs_get_pipe_fns( &cmds, &n_cmds );
1641
echo_get_pipe_fns( &cmds, &n_cmds );
1645
DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx));