2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1998.
7 * Copyright (C) Jeremy Allison 1999.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 #define DBGC_CLASS DBGC_RPC_CLI
29 extern struct pipe_id_info pipe_names[];
31 /********************************************************************
33 ********************************************************************/
35 static uint32 get_rpc_call_id(void)
37 static uint32 call_id = 0;
41 /*******************************************************************
42 Use SMBreadX to get rest of one fragment's worth of rpc data.
43 ********************************************************************/
45 static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
47 size_t size = (size_t)cli->max_recv_frag;
48 int stream_offset = 0;
51 int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
53 DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
54 (int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
57 * Grow the buffer if needed to accommodate the data to be read.
60 if (extra_data_size > 0) {
61 if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
62 DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
65 DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
68 pdata = prs_data_p(rdata) + *rdata_offset;
70 do /* read data using SMBreadX */
75 if (size > (size_t)data_to_read)
76 size = (size_t)data_to_read;
78 num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
80 DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
81 num_read, stream_offset, data_to_read));
83 if (cli_is_dos_error(cli)) {
84 cli_dos_error(cli, &eclass, &ecode);
85 if (eclass != ERRDOS && ecode != ERRmoredata) {
86 DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
87 eclass, (unsigned int)ecode));
92 data_to_read -= num_read;
93 stream_offset += num_read;
96 } while (num_read > 0 && data_to_read > 0);
97 /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
100 * Update the current offset into rdata by the amount read.
102 *rdata_offset += stream_offset;
107 /****************************************************************************
108 Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
109 ****************************************************************************/
111 static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
112 BOOL *first, BOOL *last, uint32 *len)
114 DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
116 /* Next call sets endian bit. */
118 if(!smb_io_rpc_hdr("rpc_hdr ", rhdr, rdata, 0)) {
119 DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
123 if (prs_offset(rdata) != RPC_HEADER_LEN) {
124 DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
128 (*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
129 (*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
130 (*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
132 return (rhdr->pkt_type != RPC_FAULT);
135 static void NTLMSSPcalc_ap( struct cli_state *cli, unsigned char *data, uint32 len)
137 unsigned char *hash = cli->ntlmssp_hash;
138 unsigned char index_i = hash[256];
139 unsigned char index_j = hash[257];
142 for( ind = 0; ind < len; ind++) {
147 index_j += hash[index_i];
150 hash[index_i] = hash[index_j];
153 t = hash[index_i] + hash[index_j];
154 data[ind] = data[ind] ^ hash[t];
161 /****************************************************************************
162 Verify data on an rpc pipe.
163 The VERIFY & SEAL code is only executed on packets that look like this :
165 Request/Response PDU's look like the following...
167 |<------------------PDU len----------------------------------------------->|
168 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
170 +------------+-----------------+-------------+---------------+-------------+
171 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
172 +------------+-----------------+-------------+---------------+-------------+
174 Never on bind requests/responses.
175 ****************************************************************************/
177 static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int auth_len)
180 * The following is that length of the data we must sign or seal.
181 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
182 * preceeding the auth_data.
185 int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
188 * The start of the data to sign/seal is just after the RPC headers.
190 char *reply_data = prs_data_p(rdata) + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
192 BOOL auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
193 BOOL auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
194 BOOL auth_schannel = (cli->saved_netlogon_pipe_fnum != 0);
196 DEBUG(5,("rpc_auth_pipe: len: %d auth_len: %d verify %s seal %s\n",
197 len, auth_len, BOOLSTR(auth_verify), BOOLSTR(auth_seal)));
200 * Unseal any sealed data in the PDU, not including the
201 * 8 byte auth_header or the auth_data.
205 DEBUG(10,("rpc_auth_pipe: unseal\n"));
206 dump_data(100, reply_data, data_len);
207 NTLMSSPcalc_ap(cli, (uchar*)reply_data, data_len);
208 dump_data(100, reply_data, data_len);
211 if (auth_verify || auth_seal) {
212 RPC_HDR_AUTH rhdr_auth;
214 char data[RPC_HDR_AUTH_LEN];
216 * We set dp to be the end of the packet, minus the auth_len
217 * and the length of the header that preceeds the auth_data.
219 char *dp = prs_data_p(rdata) + len - auth_len - RPC_HDR_AUTH_LEN;
221 if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
222 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
226 memcpy(data, dp, sizeof(data));
228 prs_init(&auth_req , 0, cli->mem_ctx, UNMARSHALL);
230 /* The endianness must be preserved... JRA. */
232 prs_set_endian_data(&auth_req, rdata->bigendian_data);
234 prs_give_memory(&auth_req, data, RPC_HDR_AUTH_LEN, False);
237 * Unmarshall the 8 byte auth_header that comes before the
241 if(!smb_io_rpc_hdr_auth("hdr_auth", &rhdr_auth, &auth_req, 0)) {
242 DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_HDR_AUTH failed.\n"));
246 if (!rpc_hdr_auth_chk(&rhdr_auth)) {
247 DEBUG(0,("rpc_auth_pipe: rpc_hdr_auth_chk failed.\n"));
253 * Now unseal and check the auth verifier in the auth_data at
254 * then end of the packet. The 4 bytes skipped in the unseal
255 * seem to be a buffer pointer preceeding the sealed data.
259 RPC_AUTH_NTLMSSP_CHK chk;
261 prs_struct auth_verf;
262 char data[RPC_AUTH_NTLMSSP_CHK_LEN];
263 char *dp = prs_data_p(rdata) + len - auth_len;
265 if(dp - prs_data_p(rdata) > prs_data_size(rdata)) {
266 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
270 DEBUG(10,("rpc_auth_pipe: verify\n"));
271 dump_data(100, dp, auth_len);
272 NTLMSSPcalc_ap(cli, (uchar*)(dp+4), auth_len - 4);
274 memcpy(data, dp, RPC_AUTH_NTLMSSP_CHK_LEN);
275 dump_data(100, data, auth_len);
277 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
279 /* The endinness must be preserved. JRA. */
280 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
282 prs_give_memory(&auth_verf, data, RPC_AUTH_NTLMSSP_CHK_LEN, False);
284 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0)) {
285 DEBUG(0,("rpc_auth_pipe: unmarshalling RPC_AUTH_NTLMSSP_CHK failed.\n"));
289 crc32 = crc32_calc_buffer(reply_data, data_len);
291 if (!rpc_auth_ntlmssp_chk(&chk, crc32 , cli->ntlmssp_seq_num)) {
292 DEBUG(0,("rpc_auth_pipe: rpc_auth_ntlmssp_chk failed.\n"));
295 cli->ntlmssp_seq_num++;
299 RPC_AUTH_NETSEC_CHK chk;
300 char data[RPC_AUTH_NETSEC_CHK_LEN];
301 char *dp = prs_data_p(rdata) + len - auth_len;
302 prs_struct auth_verf;
304 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
305 DEBUG(0,("rpc_auth_pipe: wrong auth len %d\n", auth_len));
309 if (dp - prs_data_p(rdata) > prs_data_size(rdata)) {
310 DEBUG(0,("rpc_auth_pipe: auth data > data size !\n"));
314 DEBUG(10,("rpc_auth_pipe: verify netsec\n"));
315 dump_data(100, dp, auth_len);
317 memcpy(data, dp, sizeof(data));
318 dump_data(100, data, sizeof(data));
320 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
322 /* The endinness must be preserved. JRA. */
323 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
325 prs_give_memory(&auth_verf, data, RPC_AUTH_NETSEC_CHK_LEN, False);
327 if (!smb_io_rpc_auth_netsec_chk("auth_sign", &chk, &auth_verf, 0)) {
328 DEBUG(0, ("rpc_auth_pipe: unmarshalling "
329 "RPC_AUTH_NETSECK_CHK failed\n"));
333 if (!netsec_decode(&cli->auth_info, &chk, reply_data, data_len)) {
334 DEBUG(0, ("rpc_auth_pipe: Could not decode schannel\n"));
337 cli->auth_info.seq_num++;
343 /****************************************************************************
344 Send data on an rpc pipe via trans, which *must* be the last fragment.
345 receive response data from an rpc pipe, which may be large...
347 Read the first fragment: unfortunately have to use SMBtrans for the first
348 bit, then SMBreadX for subsequent bits.
350 If first fragment received also wasn't the last fragment, continue
351 getting fragments until we _do_ receive the last fragment.
353 Request/Response PDU's look like the following...
355 |<------------------PDU len----------------------------------------------->|
356 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
358 +------------+-----------------+-------------+---------------+-------------+
359 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
360 +------------+-----------------+-------------+---------------+-------------+
362 Where the presence of the AUTH_HDR and AUTH are dependent on the
363 signing & sealing being neogitated.
365 ****************************************************************************/
367 static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata)
371 uint32 rparam_len = 0;
376 char *pdata = data ? prs_data_p(data) : NULL;
377 uint32 data_len = data ? prs_offset(data) : 0;
379 uint32 rdata_len = 0;
380 uint32 current_offset = 0;
381 uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
383 /* Create setup parameters - must be in native byte order. */
385 setup[0] = TRANSACT_DCERPCCMD;
386 setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
388 DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
390 /* Send the RPC request and receive a response. For short RPC
391 calls (about 1024 bytes or so) the RPC request and response
392 appears in a SMBtrans request and response. Larger RPC
393 responses are received further on. */
395 if (!cli_api_pipe(cli, "\\PIPE\\",
396 setup, 2, 0, /* Setup, length, max */
397 NULL, 0, 0, /* Params, length, max */
398 pdata, data_len, max_data, /* data, length, max */
399 &rparam, &rparam_len, /* return params, len */
400 &prdata, &rdata_len)) /* return data, len */
402 DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
406 /* Throw away returned params - we know we won't use them. */
410 if (prdata == NULL) {
411 DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
412 (int)cli->nt_pipe_fnum));
417 * Give this memory as dynamically allocated to the return parse
421 prs_give_memory(rdata, prdata, rdata_len, True);
422 current_offset = rdata_len;
424 /* This next call sets the endian bit correctly in rdata. */
426 if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
431 if (rhdr.pkt_type == RPC_BINDACK) {
432 if (!last && !first) {
433 DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
439 if (rhdr.pkt_type == RPC_RESPONSE) {
440 RPC_HDR_RESP rhdr_resp;
441 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
442 DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
448 DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
449 (unsigned int)len, (unsigned int)rdata_len ));
451 /* check if data to be sent back was too large for one SMBtrans */
452 /* err status is only informational: the _real_ check is on the
456 /* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
458 /* Read the remaining part of the first response fragment */
460 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
467 * Now we have a complete PDU, check the auth struct if any was sent.
470 if (rhdr.auth_len != 0) {
471 if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
474 * Drop the auth footers from the current offset.
475 * We need this if there are more fragments.
476 * The auth footers consist of the auth_data and the
477 * preceeding 8 byte auth_header.
479 current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
483 * Only one rpc fragment, and it has been read.
487 DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
492 * Read more fragments using SMBreadX until we get one with the
497 RPC_HDR_RESP rhdr_resp;
499 char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
505 * First read the header of the next PDU.
508 prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
509 prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
511 num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
512 if (cli_is_dos_error(cli)) {
513 cli_dos_error(cli, &eclass, &ecode);
514 if (eclass != ERRDOS && ecode != ERRmoredata) {
515 DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
520 DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
522 if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
523 DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
524 RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
528 /* This call sets the endianness in hps. */
530 if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
533 /* Ensure the endianness in rdata is set correctly - must be same as hps. */
535 if (hps.bigendian_data != rdata->bigendian_data) {
536 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
537 rdata->bigendian_data ? "big" : "little",
538 hps.bigendian_data ? "big" : "little" ));
542 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
543 DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
548 DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
553 * Now read the rest of the PDU.
556 if (!rpc_read(cli, rdata, len, ¤t_offset))
560 * Verify any authentication footer.
563 if (rhdr.auth_len != 0 ) {
564 if(!rpc_auth_pipe(cli, rdata, rhdr.frag_len, rhdr.auth_len))
567 * Drop the auth footers from the current offset.
568 * The auth footers consist of the auth_data and the
569 * preceeding 8 byte auth_header.
570 * We need this if there are more fragments.
572 current_offset -= (rhdr.auth_len + RPC_HDR_AUTH_LEN);
579 /*******************************************************************
580 creates a DCE/RPC bind request
582 - initialises the parse structure.
583 - dynamically allocates the header data structure
584 - caller is expected to free the header data structure once used.
586 ********************************************************************/
588 static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, BOOL do_netsec, uint32 rpc_call_id,
589 RPC_IFACE *abstract, RPC_IFACE *transfer,
590 const char *my_name, const char *domain, uint32 neg_flags)
595 prs_struct auth_info;
598 prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
601 RPC_HDR_AUTH hdr_auth;
602 RPC_AUTH_VERIFIER auth_verifier;
603 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
606 * Create the auth structs we will marshall.
609 init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00, 1);
610 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_NEGOTIATE);
611 init_rpc_auth_ntlmssp_neg(&ntlmssp_neg, neg_flags, my_name, domain);
614 * Use the 4k buffer to store the auth info.
617 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
620 * Now marshall the data into the temporary parse_struct.
623 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
624 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
628 if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
629 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_VERIFIER.\n"));
633 if(!smb_io_rpc_auth_ntlmssp_neg("ntlmssp_neg", &ntlmssp_neg, &auth_info, 0)) {
634 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_AUTH_NTLMSSP_NEG.\n"));
638 /* Auth len in the rpc header doesn't include auth_header. */
639 auth_len = prs_offset(&auth_info) - RPC_HDR_AUTH_LEN;
643 RPC_HDR_AUTH hdr_auth;
644 RPC_AUTH_NETSEC_NEG netsec_neg;
647 * Create the auth structs we will marshall.
650 init_rpc_hdr_auth(&hdr_auth, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL,
652 init_rpc_auth_netsec_neg(&netsec_neg, my_name, domain);
655 * Use the 4k buffer to store the auth info.
658 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
661 * Now marshall the data into the temporary parse_struct.
664 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
665 DEBUG(0,("Failed to marshall RPC_HDR_AUTH.\n"));
669 if(!smb_io_rpc_auth_netsec_neg("netsec_neg",
670 &netsec_neg, &auth_info, 0)) {
671 DEBUG(0,("Failed to marshall RPC_AUTH_NETSEC_NEG.\n"));
675 /* Auth len in the rpc header doesn't include auth_header. */
676 auth_len = prs_offset(&auth_info) - RPC_HDR_AUTH_LEN;
679 /* create the request RPC_HDR */
680 init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id,
681 RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
684 if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
685 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
689 /* create the bind request RPC_HDR_RB */
690 init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
691 0x1, 0x0, 0x1, abstract, transfer);
693 /* Marshall the bind request data */
694 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
695 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
700 * Grow the outgoing buffer to store any auth info.
703 if(hdr.auth_len != 0) {
704 if(!prs_append_prs_data( rpc_out, &auth_info)) {
705 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
713 /*******************************************************************
714 Creates a DCE/RPC bind authentication response.
715 This is the packet that is sent back to the server once we
716 have received a BIND-ACK, to finish the third leg of
717 the authentication handshake.
718 ********************************************************************/
720 static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
721 const char *domain, const char *user_name, const char *my_name,
722 uint32 ntlmssp_cli_flgs,
726 unsigned char lm_owf[24];
727 unsigned char nt_owf[24];
729 RPC_HDR_AUTHA hdr_autha;
730 RPC_AUTH_VERIFIER auth_verifier;
731 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
733 prs_struct auth_info;
736 * Marshall the variable length data into a temporary parse
737 * struct, pointing into a 4k local buffer.
739 prs_init(&auth_info, 0, prs_get_mem_context(rpc_out), MARSHALL);
742 * Use the 4k buffer to store the auth info.
745 prs_give_memory( &auth_info, buffer, sizeof(buffer), False);
748 * Create the variable length auth_data.
751 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH);
753 pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf);
755 init_rpc_auth_ntlmssp_resp(&ntlmssp_resp,
757 domain, user_name, my_name,
761 * Marshall the variable length auth_data into a temp parse_struct.
764 if(!smb_io_rpc_auth_verifier("auth_verifier", &auth_verifier, &auth_info, 0)) {
765 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_VERIFIER.\n"));
769 if(!smb_io_rpc_auth_ntlmssp_resp("ntlmssp_resp", &ntlmssp_resp, &auth_info, 0)) {
770 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_AUTH_NTLMSSP_RESP.\n"));
774 /* Create the request RPC_HDR */
775 init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
776 RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + prs_offset(&auth_info),
777 prs_offset(&auth_info) );
780 if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
781 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
785 /* Create the request RPC_HDR_AUTHA */
786 init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
787 NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, 0x00);
789 if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
790 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
795 * Append the auth data to the outgoing buffer.
798 if(!prs_append_prs_data(rpc_out, &auth_info)) {
799 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
807 /*******************************************************************
808 Creates a DCE/RPC request.
809 ********************************************************************/
811 static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
816 uint32 callid = oldid ? oldid : get_rpc_call_id();
818 DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
820 /* create the rpc header RPC_HDR */
821 init_rpc_hdr(&hdr, RPC_REQUEST, flags,
822 callid, data_len, auth_len);
825 * The alloc hint should be the amount of data, not including
826 * RPC headers & footers.
830 alloc_hint = data_len - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
832 alloc_hint = data_len - RPC_HEADER_LEN;
834 DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
835 data_len, auth_len, alloc_hint));
837 /* Create the rpc request RPC_HDR_REQ */
838 init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
841 if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
844 if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
847 if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
853 /*******************************************************************
854 Puts an NTLMSSP auth header into an rpc request.
855 ********************************************************************/
857 static BOOL create_ntlmssp_auth_hdr(prs_struct *outgoing_packet, BOOL auth_verify)
859 RPC_HDR_AUTH hdr_auth;
861 init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE,
862 NTLMSSP_AUTH_LEVEL, 0x08,
863 (auth_verify ? 1 : 0));
864 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
865 outgoing_packet, 0)) {
866 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
872 /*******************************************************************
873 Puts a NETLOGON schannel auth header into an rpc request.
874 ********************************************************************/
876 static BOOL create_netsec_auth_hdr(prs_struct *outgoing_packet, int padding)
878 RPC_HDR_AUTH hdr_auth;
880 init_rpc_hdr_auth(&hdr_auth, NETSEC_AUTH_TYPE,
881 NETSEC_AUTH_LEVEL, padding, 1);
882 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
883 outgoing_packet, 0)) {
884 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
890 /*******************************************************************
891 Puts auth data into an rpc request.
892 ********************************************************************/
894 static BOOL create_auth_data(struct cli_state *cli, uint32 crc32,
895 prs_struct *outgoing_packet)
897 char *pdata_out = prs_data_p(outgoing_packet);
898 RPC_AUTH_NTLMSSP_CHK chk;
899 uint32 current_offset = prs_offset(outgoing_packet);
901 init_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION,
902 crc32, cli->ntlmssp_seq_num++);
903 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk,
904 outgoing_packet, 0)) {
905 DEBUG(0,("create_auth_data: Failed to marshal RPC_AUTH_NTLMSSP_CHK.\n"));
908 NTLMSSPcalc_ap(cli, (unsigned char*)
909 &pdata_out[current_offset+4],
910 RPC_AUTH_NTLMSSP_CHK_LEN - 4);
915 * Send a request on an RPC pipe and get a response.
917 * @param data NDR contents of the request to be sent.
918 * @param rdata Unparsed NDR response data.
921 BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
922 prs_struct *data, prs_struct *rdata)
924 uint32 auth_len, max_data, data_left, data_sent;
926 BOOL auth_verify, auth_seal, auth_schannel;
929 auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
930 auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
931 auth_schannel = (cli->saved_netlogon_pipe_fnum != 0);
936 auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
939 auth_len = RPC_AUTH_NETSEC_CHK_LEN;
942 * calc how much actual data we can send in a PDU fragment
944 max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
945 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len - 8;
947 for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
948 prs_struct outgoing_packet;
949 uint32 data_len, send_size;
953 uint32 auth_padding = 0;
954 RPC_AUTH_NETSEC_CHK verf;
957 * how much will we send this time
959 send_size = MIN(data_left, max_data);
962 * NT expects the data that is sealed to be 8-byte
963 * aligned. The padding must be encrypted as well and
964 * taken into account when generating the
965 * authentication verifier. The amount of padding must
966 * be stored in the auth header.
970 auth_padding = 8 - (send_size & 7);
972 data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + send_size +
973 ((auth_verify|auth_schannel) ? RPC_HDR_AUTH_LEN : 0) +
974 auth_len + auth_padding;
977 * Malloc parse struct to hold it (and enough for alignments).
979 if(!prs_init(&outgoing_packet, data_len + 8,
980 cli->mem_ctx, MARSHALL)) {
981 DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
985 if (data_left == prs_offset(data))
986 flags |= RPC_FLG_FIRST;
988 if (data_left < max_data)
989 flags |= RPC_FLG_LAST;
991 * Write out the RPC header and the request header.
993 if(!(callid = create_rpc_request(&outgoing_packet, op_num,
994 data_len, auth_len, flags,
995 callid, data_left))) {
996 DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
997 prs_mem_free(&outgoing_packet);
1002 * Seal the outgoing data if requested.
1005 crc32 = crc32_calc_buffer(prs_data_p(data) + data_sent,
1007 NTLMSSPcalc_ap(cli, (unsigned char*)prs_data_p(data) +
1008 data_sent, send_size);
1012 * Now copy the data into the outgoing packet.
1015 if (auth_schannel) {
1016 static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
1017 static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
1021 prs_struct netsec_blob;
1023 memset(sign, 0, sizeof(sign));
1026 if (!prs_init(&netsec_blob, send_size+auth_padding,
1027 cli->mem_ctx, MARSHALL)) {
1028 DEBUG(0,("Could not malloc %u bytes",
1029 send_size+auth_padding));
1030 prs_mem_free(&outgoing_packet);
1034 if(!prs_append_some_prs_data(&netsec_blob, data,
1035 data_sent, send_size)) {
1036 DEBUG(0,("Failed to append data to netsec blob\n"));
1037 prs_mem_free(&outgoing_packet);
1041 netsec_blob.align = 8;
1043 if (!prs_align(&netsec_blob)) {
1044 DEBUG(0,("Could not align netsec blob\n"));
1045 prs_mem_free(&outgoing_packet);
1049 init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes,
1052 netsec_encode(&(cli->auth_info), &verf,
1053 prs_data_p(&netsec_blob),
1054 prs_data_size(&netsec_blob));
1056 prs_append_prs_data(&outgoing_packet, &netsec_blob);
1057 prs_mem_free(&netsec_blob);
1059 if(!prs_append_some_prs_data(&outgoing_packet, data,
1060 data_sent, send_size)) {
1061 DEBUG(0,("rpc_api_pipe_req: Failed to append "
1062 "data to outgoing packet.\n"));
1063 prs_mem_free(&outgoing_packet);
1069 * Add a trailing auth_verifier if needed.
1071 if (auth_seal || auth_verify) {
1072 if(!create_ntlmssp_auth_hdr(&outgoing_packet, auth_verify)) {
1073 prs_mem_free(&outgoing_packet);
1079 * Finally the auth data itself.
1082 if (!create_auth_data(cli, crc32, &outgoing_packet)) {
1083 prs_mem_free(&outgoing_packet);
1088 if (auth_schannel) {
1090 if (!create_netsec_auth_hdr(&outgoing_packet,
1092 prs_mem_free(&outgoing_packet);
1096 if (!smb_io_rpc_auth_netsec_chk("", &verf,
1097 &outgoing_packet, 0)) {
1098 prs_mem_free(&outgoing_packet);
1103 DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
1104 prs_offset(&outgoing_packet)));
1106 if (flags & RPC_FLG_LAST)
1107 ret = rpc_api_pipe(cli, &outgoing_packet, rdata);
1109 cli_write(cli, cli->nt_pipe_fnum, 0x0008,
1110 prs_data_p(&outgoing_packet),
1111 data_sent, data_len);
1113 prs_mem_free(&outgoing_packet);
1114 data_sent += send_size;
1115 data_left -= send_size;
1117 /* Also capture received data */
1118 slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
1119 cli_pipe_get_name(cli));
1120 prs_dump(dump_name, op_num, rdata);
1125 /****************************************************************************
1126 Set the handle state.
1127 ****************************************************************************/
1129 static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
1131 BOOL state_set = False;
1133 uint16 setup[2]; /* only need 2 uint16 setup parameters */
1134 char *rparam = NULL;
1136 uint32 rparam_len, rdata_len;
1138 if (pipe_name == NULL)
1141 DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
1142 cli->nt_pipe_fnum, pipe_name, device_state));
1144 /* create parameters: device state */
1145 SSVAL(param, 0, device_state);
1147 /* create setup parameters. */
1149 setup[1] = cli->nt_pipe_fnum; /* pipe file handle. got this from an SMBOpenX. */
1151 /* send the data on \PIPE\ */
1152 if (cli_api_pipe(cli, "\\PIPE\\",
1153 setup, 2, 0, /* setup, length, max */
1154 param, 2, 0, /* param, length, max */
1155 NULL, 0, 1024, /* data, length, max */
1156 &rparam, &rparam_len, /* return param, length */
1157 &rdata, &rdata_len)) /* return data, length */
1159 DEBUG(5, ("Set Handle state: return OK\n"));
1169 /****************************************************************************
1170 check the rpc bind acknowledge response
1171 ****************************************************************************/
1173 int get_pipe_index( const char *pipe_name )
1177 while (pipe_names[pipe_idx].client_pipe != NULL) {
1178 if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
1187 /****************************************************************************
1188 check the rpc bind acknowledge response
1189 ****************************************************************************/
1191 const char* get_pipe_name_from_index( const int pipe_index )
1194 if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
1197 return pipe_names[pipe_index].client_pipe;
1200 /****************************************************************************
1201 Check to see if this pipe index points to one of
1202 the pipes only supported by Win2k
1203 ****************************************************************************/
1205 BOOL is_win2k_pipe( const int pipe_idx )
1216 /****************************************************************************
1217 check the rpc bind acknowledge response
1218 ****************************************************************************/
1220 static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
1222 if ( pipe_idx >= PI_MAX_PIPES ) {
1223 DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
1228 DEBUG(5,("Bind Abstract Syntax: "));
1229 dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
1230 sizeof(pipe_names[pipe_idx].abstr_syntax));
1231 DEBUG(5,("Bind Transfer Syntax: "));
1232 dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
1233 sizeof(pipe_names[pipe_idx].trans_syntax));
1235 /* copy the required syntaxes out so we can do the right bind */
1237 *transfer = pipe_names[pipe_idx].trans_syntax;
1238 *abstract = pipe_names[pipe_idx].abstr_syntax;
1243 /****************************************************************************
1244 check the rpc bind acknowledge response
1245 ****************************************************************************/
1247 static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
1251 if ( hdr_ba->addr.len <= 0)
1254 if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe ))
1256 DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
1257 pipe_names[i].server_pipe ,hdr_ba->addr.str));
1261 DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
1263 if (pipe_names[pipe_idx].server_pipe == NULL) {
1264 DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
1268 /* check the transfer syntax */
1269 if ((hdr_ba->transfer.version != transfer->version) ||
1270 (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1271 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1275 /* lkclXXXX only accept one result: check the result(s) */
1276 if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
1277 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1278 hdr_ba->res.num_results, hdr_ba->res.reason));
1281 DEBUG(5,("bind_rpc_pipe: accepted!\n"));
1285 /****************************************************************************
1286 Create and send the third packet in an RPC auth.
1287 ****************************************************************************/
1289 static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
1291 RPC_HDR_AUTH rhdr_auth;
1292 RPC_AUTH_VERIFIER rhdr_verf;
1293 RPC_AUTH_NTLMSSP_CHAL rhdr_chal;
1294 char buffer[MAX_PDU_FRAG_LEN];
1298 unsigned char p24[24];
1299 unsigned char lm_owf[24];
1300 unsigned char lm_hash[16];
1302 if(!smb_io_rpc_hdr_auth("", &rhdr_auth, rdata, 0)) {
1303 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_HDR_AUTH.\n"));
1306 if(!smb_io_rpc_auth_verifier("", &rhdr_verf, rdata, 0)) {
1307 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_VERIFIER.\n"));
1310 if(!smb_io_rpc_auth_ntlmssp_chal("", &rhdr_chal, rdata, 0)) {
1311 DEBUG(0,("rpc_send_auth_reply: Failed to unmarshall RPC_AUTH_NTLMSSP_CHAL.\n"));
1315 cli->ntlmssp_cli_flgs = rhdr_chal.neg_flags;
1317 pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge);
1319 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1321 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1323 create_rpc_bind_resp(&cli->pwd, cli->domain,
1324 cli->user_name, global_myname(),
1325 cli->ntlmssp_cli_flgs, rpc_call_id,
1328 pwd_get_lm_nt_owf(&cli->pwd, lm_owf, NULL);
1329 pwd_get_lm_nt_16(&cli->pwd, lm_hash, NULL);
1331 NTLMSSPOWFencrypt(lm_hash, lm_owf, p24);
1334 unsigned char j = 0;
1336 unsigned char k2[8];
1343 for (ind = 0; ind < 256; ind++)
1344 cli->ntlmssp_hash[ind] = (unsigned char)ind;
1346 for( ind = 0; ind < 256; ind++) {
1349 j += (cli->ntlmssp_hash[ind] + k2[ind%8]);
1351 tc = cli->ntlmssp_hash[ind];
1352 cli->ntlmssp_hash[ind] = cli->ntlmssp_hash[j];
1353 cli->ntlmssp_hash[j] = tc;
1356 cli->ntlmssp_hash[256] = 0;
1357 cli->ntlmssp_hash[257] = 0;
1360 memset((char *)lm_hash, '\0', sizeof(lm_hash));
1362 if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
1363 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
1364 DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
1368 cli->ntlmssp_srv_flgs = rhdr_chal.neg_flags;
1372 /****************************************************************************
1374 ****************************************************************************/
1376 static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_name,
1383 BOOL do_auth = (cli->ntlmssp_cli_flgs != 0);
1385 char buffer[MAX_PDU_FRAG_LEN];
1387 if ( (pipe_idx < 0) || (pipe_idx >= PI_MAX_PIPES) )
1390 DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
1392 if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
1395 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1398 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
1401 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1403 rpc_call_id = get_rpc_call_id();
1405 /* Marshall the outgoing data. */
1406 create_rpc_bind_req(&rpc_out, do_auth, do_netsec, rpc_call_id,
1407 &abstract, &transfer,
1408 global_myname(), cli->domain, cli->ntlmssp_cli_flgs);
1410 /* Initialize the incoming data struct. */
1411 prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
1413 /* send data on \PIPE\. receive a response */
1414 if (rpc_api_pipe(cli, &rpc_out, &rdata)) {
1417 DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
1419 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
1420 DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
1421 prs_mem_free(&rdata);
1425 if(!check_bind_response(&hdr_ba, pipe_idx, &transfer)) {
1426 DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
1427 prs_mem_free(&rdata);
1431 cli->max_xmit_frag = hdr_ba.bba.max_tsize;
1432 cli->max_recv_frag = hdr_ba.bba.max_rsize;
1435 * If we're doing NTLMSSP auth we need to send a reply to
1436 * the bind-ack to complete the 3-way challenge response
1440 if (do_auth && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
1441 DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
1442 prs_mem_free(&rdata);
1447 prs_mem_free(&rdata);
1451 /****************************************************************************
1453 ****************************************************************************/
1455 BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
1459 /* At the moment we can't have more than one pipe open over
1460 a cli connection. )-: */
1462 SMB_ASSERT(cli->nt_pipe_fnum == 0);
1464 /* The pipe index must fall within our array */
1466 SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
1468 if (cli->capabilities & CAP_NT_SMBS) {
1469 if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
1470 DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
1471 &pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
1475 cli->nt_pipe_fnum = (uint16)fnum;
1477 if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1478 DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
1479 pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
1483 cli->nt_pipe_fnum = (uint16)fnum;
1485 /**************** Set Named Pipe State ***************/
1486 if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
1487 DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
1489 cli_close(cli, cli->nt_pipe_fnum);
1494 /******************* bind request on pipe *****************/
1496 if (!rpc_pipe_bind(cli, pipe_idx, global_myname(), False)) {
1497 DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
1498 get_pipe_name_from_index(pipe_idx)));
1499 cli_close(cli, cli->nt_pipe_fnum);
1504 * Setup the remote server name prefixed by \ and the machine account name.
1507 fstrcpy(cli->srv_name_slash, "\\\\");
1508 fstrcat(cli->srv_name_slash, cli->desthost);
1509 strupper(cli->srv_name_slash);
1511 fstrcpy(cli->clnt_name_slash, "\\\\");
1512 fstrcat(cli->clnt_name_slash, global_myname());
1513 strupper(cli->clnt_name_slash);
1515 fstrcpy(cli->mach_acct, global_myname());
1516 fstrcat(cli->mach_acct, "$");
1517 strupper(cli->mach_acct);
1519 /* Remember which pipe we're talking to */
1520 fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
1526 /****************************************************************************
1527 Open a session to the NETLOGON pipe using schannel.
1528 ****************************************************************************/
1530 BOOL cli_nt_open_netlogon(struct cli_state *cli, const char *trust_password,
1534 uint32 neg_flags = 0x000001ff;
1537 if (lp_client_schannel() != False)
1538 neg_flags |= NETLOGON_NEG_SCHANNEL;
1541 if (!cli_nt_session_open(cli, PI_NETLOGON)) {
1545 if (!secrets_init()) {
1546 DEBUG(3,("Failed to init secrets.tdb\n"));
1550 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1553 if (!NT_STATUS_IS_OK(result)) {
1554 cli_nt_session_close(cli);
1558 if ((lp_client_schannel() == True) &&
1559 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1561 DEBUG(3, ("Server did not offer schannel\n"));
1562 cli_nt_session_close(cli);
1566 if ((lp_client_schannel() == False) ||
1567 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1571 /* Server offered schannel, so try it. */
1573 cli->auth_info.seq_num = 0;
1574 memcpy(cli->auth_info.sess_key, cli->sess_key,
1575 sizeof(cli->auth_info.sess_key));
1577 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1579 if (cli->capabilities & CAP_NT_SMBS) {
1581 /* If we open \\PIPE\NETLOGON here, NT4SP6
1582 gives us an ACCESS_DENIED. Do I have to
1585 if ((fnum = cli_nt_create(cli, PIPE_NETLOGON_PLAIN,
1586 DESIRED_ACCESS_PIPE)) == -1) {
1587 DEBUG(0,("cli_nt_create failed to %s machine %s. "
1589 PIPE_NETLOGON, cli->desthost,
1594 cli->nt_pipe_fnum = (uint16)fnum;
1596 if ((fnum = cli_open(cli, PIPE_NETLOGON,
1597 O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1598 DEBUG(0,("cli_open failed on pipe %s to machine %s. "
1600 PIPE_NETLOGON, cli->desthost,
1605 cli->nt_pipe_fnum = (uint16)fnum;
1607 /**************** Set Named Pipe State ***************/
1608 if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, 0x4300)) {
1609 DEBUG(0,("Pipe hnd state failed. Error was %s\n",
1611 cli_close(cli, cli->nt_pipe_fnum);
1616 if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname(), True)) {
1617 DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
1618 cli_close(cli, cli->nt_pipe_fnum);
1626 const char *cli_pipe_get_name(struct cli_state *cli)
1628 return cli->pipe_name;
1632 /****************************************************************************
1634 ****************************************************************************/
1636 void cli_nt_session_close(struct cli_state *cli)
1638 if (cli->saved_netlogon_pipe_fnum != 0) {
1639 cli_close(cli, cli->saved_netlogon_pipe_fnum);
1640 cli->saved_netlogon_pipe_fnum = 0;
1642 cli_close(cli, cli->nt_pipe_fnum);
1643 cli->nt_pipe_fnum = 0;