2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1998.
7 * Copyright (C) Jeremy Allison 1999.
8 * Copyright (C) Andrew Bartlett 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_RPC_CLI
30 extern struct pipe_id_info pipe_names[];
32 static void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
36 if (pipe_auth_flags & AUTH_PIPE_SEAL) {
37 *auth_level = RPC_PIPE_AUTH_SEAL_LEVEL;
38 } else if (pipe_auth_flags & AUTH_PIPE_SIGN) {
39 *auth_level = RPC_PIPE_AUTH_SIGN_LEVEL;
42 if (pipe_auth_flags & AUTH_PIPE_NETSEC) {
43 *auth_type = NETSEC_AUTH_TYPE;
44 } else if (pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
45 *auth_type = NTLMSSP_AUTH_TYPE;
49 /********************************************************************
51 ********************************************************************/
53 static uint32 get_rpc_call_id(void)
55 static uint32 call_id = 0;
59 /*******************************************************************
60 Use SMBreadX to get rest of one fragment's worth of rpc data.
61 ********************************************************************/
63 static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
65 size_t size = (size_t)cli->max_recv_frag;
66 int stream_offset = 0;
69 int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
71 DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
72 (int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
75 * Grow the buffer if needed to accommodate the data to be read.
78 if (extra_data_size > 0) {
79 if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
80 DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
83 DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
86 pdata = prs_data_p(rdata) + *rdata_offset;
88 do /* read data using SMBreadX */
93 if (size > (size_t)data_to_read)
94 size = (size_t)data_to_read;
96 num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
98 DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
99 num_read, stream_offset, data_to_read));
101 if (cli_is_dos_error(cli)) {
102 cli_dos_error(cli, &eclass, &ecode);
103 if (eclass != ERRDOS && ecode != ERRmoredata) {
104 DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
105 eclass, (unsigned int)ecode));
110 data_to_read -= num_read;
111 stream_offset += num_read;
114 } while (num_read > 0 && data_to_read > 0);
115 /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
118 * Update the current offset into rdata by the amount read.
120 *rdata_offset += stream_offset;
125 /****************************************************************************
126 Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
127 ****************************************************************************/
129 static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
130 BOOL *first, BOOL *last, uint32 *len)
132 DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
134 /* Next call sets endian bit. */
136 if(!smb_io_rpc_hdr("rpc_hdr ", rhdr, rdata, 0)) {
137 DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
141 if (prs_offset(rdata) != RPC_HEADER_LEN) {
142 DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
146 (*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
147 (*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
148 (*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
150 return (rhdr->pkt_type != RPC_FAULT);
153 /****************************************************************************
154 Verify data on an rpc pipe.
155 The VERIFY & SEAL code is only executed on packets that look like this :
157 Request/Response PDU's look like the following...
159 |<------------------PDU len----------------------------------------------->|
160 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
162 +------------+-----------------+-------------+---------------+-------------+
163 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
164 +------------+-----------------+-------------+---------------+-------------+
166 Never on bind requests/responses.
167 ****************************************************************************/
169 static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
170 uint32 fragment_start, int len, int auth_len, uint8 pkt_type,
171 int *pauth_padding_len)
175 * The following is that length of the data we must sign or seal.
176 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
177 * preceeding the auth_data.
180 int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
183 * The start of the data to sign/seal is just after the RPC headers.
185 char *reply_data = prs_data_p(rdata) + fragment_start + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
187 RPC_HDR_AUTH rhdr_auth;
189 char *dp = prs_data_p(rdata) + fragment_start + len -
190 RPC_HDR_AUTH_LEN - auth_len;
191 prs_struct auth_verf;
193 *pauth_padding_len = 0;
196 if (cli->pipe_auth_flags == 0) {
197 /* move along, nothing to see here */
201 DEBUG(2, ("No authenticaton header recienved on reply, but this pipe is authenticated\n"));
205 DEBUG(5,("rpc_auth_pipe: pkt_type: %d len: %d auth_len: %d NTLMSSP %s schannel %s sign %s seal %s \n",
206 pkt_type, len, auth_len,
207 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP),
208 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_NETSEC),
209 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_SIGN),
210 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_SEAL)));
212 if (dp - prs_data_p(rdata) > prs_data_size(rdata)) {
213 DEBUG(0,("rpc_auth_pipe: schannel auth data > data size !\n"));
217 DEBUG(10,("rpc_auth_pipe: packet:\n"));
218 dump_data(100, dp, auth_len);
220 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
222 /* The endinness must be preserved. JRA. */
223 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
225 /* Point this new parse struct at the auth section of the main
226 parse struct - rather than copying it. Avoids needing to
227 free it on every error
229 prs_give_memory(&auth_verf, dp, RPC_HDR_AUTH_LEN + auth_len, False /* not dynamic */);
230 prs_set_offset(&auth_verf, 0);
235 if (!smb_io_rpc_hdr_auth("auth_hdr", &rhdr_auth, &auth_verf, 0)) {
236 DEBUG(0, ("rpc_auth_pipe: Could not parse auth header\n"));
240 /* Let the caller know how much padding at the end of the data */
241 *pauth_padding_len = rhdr_auth.padding;
243 /* Check it's the type of reply we were expecting to decode */
245 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
246 if (rhdr_auth.auth_type != auth_type) {
247 DEBUG(0, ("BAD auth type %d (should be %d)\n",
248 rhdr_auth.auth_type, auth_type));
252 if (rhdr_auth.auth_level != auth_level) {
253 DEBUG(0, ("BAD auth level %d (should be %d)\n",
254 rhdr_auth.auth_level, auth_level));
259 if (pkt_type == RPC_BINDACK) {
260 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
261 /* copy the next auth_len bytes into a buffer for
264 DATA_BLOB ntlmssp_verf = data_blob(NULL, auth_len);
266 /* save the reply away, for use a little later */
267 prs_copy_data_out(ntlmssp_verf.data, &auth_verf, auth_len);
270 return (NT_STATUS_IS_OK(ntlmssp_client_store_response(cli->ntlmssp_pipe_state,
273 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
274 /* nothing to do here - we don't seem to be able to
275 validate the bindack based on VL's comments */
280 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
283 if ((cli->pipe_auth_flags & AUTH_PIPE_SIGN) ||
284 (cli->pipe_auth_flags & AUTH_PIPE_SEAL)) {
285 if (auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) {
286 DEBUG(0,("rpc_auth_pipe: wrong ntlmssp auth len %d\n", auth_len));
289 sig = data_blob(NULL, auth_len);
290 prs_copy_data_out(sig.data, &auth_verf, auth_len);
294 * Unseal any sealed data in the PDU, not including the
295 * 8 byte auth_header or the auth_data.
299 * Now unseal and check the auth verifier in the auth_data at
300 * the end of the packet.
303 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
305 DEBUG(1, ("Can't unseal - data_len < 0!!\n"));
308 nt_status = ntlmssp_client_unseal_packet(cli->ntlmssp_pipe_state,
309 reply_data, data_len,
312 else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
313 nt_status = ntlmssp_client_check_packet(cli->ntlmssp_pipe_state,
314 reply_data, data_len,
318 data_blob_free(&sig);
320 if (!NT_STATUS_IS_OK(nt_status)) {
321 DEBUG(0, ("rpc_auth_pipe: could not validate "
322 "incoming NTLMSSP packet!\n"));
327 if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
328 RPC_AUTH_NETSEC_CHK chk;
330 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
331 DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
335 if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign",
336 &chk, &auth_verf, 0)) {
337 DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
338 "RPC_AUTH_NETSECK_CHK failed\n"));
342 if (!netsec_decode(&cli->auth_info,
343 cli->pipe_auth_flags,
345 &chk, reply_data, data_len)) {
346 DEBUG(0, ("rpc_auth_pipe: Could not decode schannel\n"));
350 cli->auth_info.seq_num++;
357 /****************************************************************************
358 Send data on an rpc pipe via trans, which *must* be the last fragment.
359 receive response data from an rpc pipe, which may be large...
361 Read the first fragment: unfortunately have to use SMBtrans for the first
362 bit, then SMBreadX for subsequent bits.
364 If first fragment received also wasn't the last fragment, continue
365 getting fragments until we _do_ receive the last fragment.
367 Request/Response PDU's look like the following...
369 |<------------------PDU len----------------------------------------------->|
370 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
372 +------------+-----------------+-------------+---------------+-------------+
373 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
374 +------------+-----------------+-------------+---------------+-------------+
376 Where the presence of the AUTH_HDR and AUTH are dependent on the
377 signing & sealing being negotiated.
379 ****************************************************************************/
381 static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata,
382 uint8 expected_pkt_type)
386 uint32 rparam_len = 0;
391 char *pdata = data ? prs_data_p(data) : NULL;
392 uint32 data_len = data ? prs_offset(data) : 0;
394 uint32 rdata_len = 0;
395 uint32 current_offset = 0;
396 uint32 fragment_start = 0;
397 uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
398 int auth_padding_len = 0;
400 /* Create setup parameters - must be in native byte order. */
402 setup[0] = TRANSACT_DCERPCCMD;
403 setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
405 DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
407 /* Send the RPC request and receive a response. For short RPC
408 calls (about 1024 bytes or so) the RPC request and response
409 appears in a SMBtrans request and response. Larger RPC
410 responses are received further on. */
412 if (!cli_api_pipe(cli, "\\PIPE\\",
413 setup, 2, 0, /* Setup, length, max */
414 NULL, 0, 0, /* Params, length, max */
415 pdata, data_len, max_data, /* data, length, max */
416 &rparam, &rparam_len, /* return params, len */
417 &prdata, &rdata_len)) /* return data, len */
419 DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
423 /* Throw away returned params - we know we won't use them. */
427 if (prdata == NULL) {
428 DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
429 (int)cli->nt_pipe_fnum));
434 * Give this memory as dynamically allocated to the return parse
438 prs_give_memory(rdata, prdata, rdata_len, True);
439 current_offset = rdata_len;
441 /* This next call sets the endian bit correctly in rdata. */
443 if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
448 if (rhdr.pkt_type == RPC_BINDACK) {
449 if (!last && !first) {
450 DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
456 if (rhdr.pkt_type == RPC_BINDNACK) {
457 DEBUG(3, ("Bind NACK received on pipe %x!\n", (int)cli->nt_pipe_fnum));
462 if (rhdr.pkt_type == RPC_RESPONSE) {
463 RPC_HDR_RESP rhdr_resp;
464 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
465 DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
471 if (rhdr.pkt_type != expected_pkt_type) {
472 DEBUG(3, ("Connection to pipe %x got an unexpected RPC packet type - %d, not %d\n", (int)cli->nt_pipe_fnum, rhdr.pkt_type, expected_pkt_type));
477 DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
478 (unsigned int)len, (unsigned int)rdata_len ));
480 /* check if data to be sent back was too large for one SMBtrans */
481 /* err status is only informational: the _real_ check is on the
485 /* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
487 /* Read the remaining part of the first response fragment */
489 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
496 * Now we have a complete PDU, check the auth struct if any was sent.
499 if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
500 rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
505 if (rhdr.auth_len != 0) {
507 * Drop the auth footers from the current offset.
508 * We need this if there are more fragments.
509 * The auth footers consist of the auth_data and the
510 * preceeding 8 byte auth_header.
512 current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
516 * Only one rpc fragment, and it has been read.
520 DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
525 * Read more fragments using SMBreadX until we get one with the
530 RPC_HDR_RESP rhdr_resp;
532 char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
538 * First read the header of the next PDU.
541 prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
542 prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
544 num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
545 if (cli_is_dos_error(cli)) {
546 cli_dos_error(cli, &eclass, &ecode);
547 if (eclass != ERRDOS && ecode != ERRmoredata) {
548 DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
553 DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
555 if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
556 DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
557 RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
561 /* This call sets the endianness in hps. */
563 if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
566 /* Ensure the endianness in rdata is set correctly - must be same as hps. */
568 if (hps.bigendian_data != rdata->bigendian_data) {
569 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
570 rdata->bigendian_data ? "big" : "little",
571 hps.bigendian_data ? "big" : "little" ));
575 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
576 DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
581 DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
586 * Now read the rest of the PDU.
589 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
594 fragment_start = current_offset - len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
597 * Verify any authentication footer.
601 if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
602 rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
607 if (rhdr.auth_len != 0 ) {
610 * Drop the auth footers from the current offset.
611 * The auth footers consist of the auth_data and the
612 * preceeding 8 byte auth_header.
613 * We need this if there are more fragments.
615 current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
622 /*******************************************************************
623 creates a DCE/RPC bind request
625 - initialises the parse structure.
626 - dynamically allocates the header data structure
627 - caller is expected to free the header data structure once used.
629 ********************************************************************/
631 static NTSTATUS create_rpc_bind_req(struct cli_state *cli, prs_struct *rpc_out,
633 RPC_IFACE *abstract, RPC_IFACE *transfer,
634 const char *my_name, const char *domain)
638 RPC_HDR_AUTH hdr_auth;
640 int auth_type, auth_level;
641 size_t saved_hdr_offset;
643 prs_struct auth_info;
644 prs_init(&auth_info, RPC_HDR_AUTH_LEN, /* we will need at least this much */
645 prs_get_mem_context(rpc_out), MARSHALL);
647 if (cli->pipe_auth_flags) {
648 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
651 * Create the auth structs we will marshall.
654 init_rpc_hdr_auth(&hdr_auth, auth_type, auth_level, 0x00, 1);
657 * Now marshall the data into the temporary parse_struct.
660 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
661 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
662 prs_mem_free(&auth_info);
663 return NT_STATUS_NO_MEMORY;
665 saved_hdr_offset = prs_offset(&auth_info);
668 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
671 DATA_BLOB null_blob = data_blob(NULL, 0);
674 DEBUG(5, ("Processing NTLMSSP Negotiate\n"));
675 nt_status = ntlmssp_client_update(cli->ntlmssp_pipe_state,
679 if (!NT_STATUS_EQUAL(nt_status,
680 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
681 prs_mem_free(&auth_info);
685 /* Auth len in the rpc header doesn't include auth_header. */
686 auth_len = request.length;
687 prs_copy_data_in(&auth_info, request.data, request.length);
689 DEBUG(5, ("NTLMSSP Negotiate:\n"));
690 dump_data(5, request.data, request.length);
692 data_blob_free(&request);
695 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
696 RPC_AUTH_NETSEC_NEG netsec_neg;
698 /* Use lp_workgroup() if domain not specified */
700 if (!domain || !domain[0])
701 domain = lp_workgroup();
703 init_rpc_auth_netsec_neg(&netsec_neg, domain, my_name);
706 * Now marshall the data into the temporary parse_struct.
709 if(!smb_io_rpc_auth_netsec_neg("netsec_neg",
710 &netsec_neg, &auth_info, 0)) {
711 DEBUG(0,("Failed to marshall RPC_AUTH_NETSEC_NEG.\n"));
712 prs_mem_free(&auth_info);
713 return NT_STATUS_NO_MEMORY;
716 /* Auth len in the rpc header doesn't include auth_header. */
717 auth_len = prs_offset(&auth_info) - saved_hdr_offset;
719 /* create the request RPC_HDR */
720 init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id,
721 RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
724 if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
725 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
726 prs_mem_free(&auth_info);
727 return NT_STATUS_NO_MEMORY;
730 /* create the bind request RPC_HDR_RB */
731 init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
732 0x1, 0x0, 0x1, abstract, transfer);
734 /* Marshall the bind request data */
735 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
736 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
737 prs_mem_free(&auth_info);
738 return NT_STATUS_NO_MEMORY;
742 * Grow the outgoing buffer to store any auth info.
746 if(!prs_append_prs_data( rpc_out, &auth_info)) {
747 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
748 prs_mem_free(&auth_info);
749 return NT_STATUS_NO_MEMORY;
755 /*******************************************************************
756 Creates a DCE/RPC bind authentication response.
757 This is the packet that is sent back to the server once we
758 have received a BIND-ACK, to finish the third leg of
759 the authentication handshake.
760 ********************************************************************/
762 static NTSTATUS create_rpc_bind_resp(struct cli_state *cli,
768 RPC_HDR_AUTHA hdr_autha;
769 DATA_BLOB ntlmssp_null_response = data_blob(NULL, 0);
770 DATA_BLOB ntlmssp_reply;
771 int auth_type, auth_level;
773 /* The response is picked up from the internal cache,
774 where it was placed by the rpc_auth_pipe() code */
775 nt_status = ntlmssp_client_update(cli->ntlmssp_pipe_state,
776 ntlmssp_null_response,
779 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
783 /* Create the request RPC_HDR */
784 init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
785 RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + ntlmssp_reply.length,
786 ntlmssp_reply.length );
789 if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
790 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
791 data_blob_free(&ntlmssp_reply);
792 return NT_STATUS_NO_MEMORY;
795 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
797 /* Create the request RPC_HDR_AUTHA */
798 init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
799 auth_type, auth_level, 0x00);
801 if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
802 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
803 data_blob_free(&ntlmssp_reply);
804 return NT_STATUS_NO_MEMORY;
808 * Append the auth data to the outgoing buffer.
811 if(!prs_copy_data_in(rpc_out, ntlmssp_reply.data, ntlmssp_reply.length)) {
812 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
813 data_blob_free(&ntlmssp_reply);
814 return NT_STATUS_NO_MEMORY;
817 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
818 nt_status = ntlmssp_client_sign_init(cli->ntlmssp_pipe_state);
820 if (!NT_STATUS_IS_OK(nt_status)) {
825 data_blob_free(&ntlmssp_reply);
830 /*******************************************************************
831 Creates a DCE/RPC request.
832 ********************************************************************/
834 static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
839 uint32 callid = oldid ? oldid : get_rpc_call_id();
841 DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
843 /* create the rpc header RPC_HDR */
844 init_rpc_hdr(&hdr, RPC_REQUEST, flags,
845 callid, data_len, auth_len);
848 * The alloc hint should be the amount of data, not including
849 * RPC headers & footers.
853 alloc_hint = data_len - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
855 alloc_hint = data_len - RPC_HEADER_LEN;
857 DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
858 data_len, auth_len, alloc_hint));
860 /* Create the rpc request RPC_HDR_REQ */
861 init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
864 if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
867 if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
870 if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
876 /*******************************************************************
877 Puts an auth header into an rpc request.
878 ********************************************************************/
880 static BOOL create_auth_hdr(prs_struct *outgoing_packet,
882 int auth_level, int padding)
884 RPC_HDR_AUTH hdr_auth;
886 init_rpc_hdr_auth(&hdr_auth, auth_type, auth_level,
888 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
889 outgoing_packet, 0)) {
890 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
897 * Send a request on an RPC pipe and get a response.
899 * @param data NDR contents of the request to be sent.
900 * @param rdata Unparsed NDR response data.
903 BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
904 prs_struct *data, prs_struct *rdata)
906 uint32 auth_len, real_auth_len, auth_hdr_len, max_data, data_left, data_sent;
916 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
917 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
918 auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
920 if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
921 auth_len = RPC_AUTH_NETSEC_CHK_LEN;
923 auth_hdr_len = RPC_HDR_AUTH_LEN;
927 * calc how much actual data we can send in a PDU fragment
929 max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
930 auth_hdr_len - auth_len - 8;
932 for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
933 prs_struct outgoing_packet;
935 uint32 data_len, send_size;
937 uint32 auth_padding = 0;
938 RPC_AUTH_NETSEC_CHK verf;
942 * how much will we send this time
944 send_size = MIN(data_left, max_data);
946 if (!prs_init(&sec_blob, send_size, /* will need at least this much */
947 cli->mem_ctx, MARSHALL)) {
948 DEBUG(0,("Could not malloc %u bytes",
949 send_size+auth_padding));
953 if(!prs_append_some_prs_data(&sec_blob, data,
954 data_sent, send_size)) {
955 DEBUG(0,("Failed to append data to netsec blob\n"));
956 prs_mem_free(&sec_blob);
961 * NT expects the data that is sealed to be 8-byte
962 * aligned. The padding must be encrypted as well and
963 * taken into account when generating the
964 * authentication verifier. The amount of padding must
965 * be stored in the auth header.
968 if (cli->pipe_auth_flags) {
969 size_t data_and_padding_size;
972 prs_align_uint64(&sec_blob);
974 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
976 data_and_padding_size = prs_offset(&sec_blob);
977 auth_padding = data_and_padding_size - send_size;
979 /* insert the auth header */
981 if(!create_auth_hdr(&sec_blob, auth_type, auth_level, auth_padding)) {
982 prs_mem_free(&sec_blob);
986 /* create an NTLMSSP signature */
987 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
989 * Seal the outgoing data if requested.
991 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
993 nt_status = ntlmssp_client_seal_packet(cli->ntlmssp_pipe_state,
994 (unsigned char*)prs_data_p(&sec_blob),
995 data_and_padding_size,
997 if (!NT_STATUS_IS_OK(nt_status)) {
998 prs_mem_free(&sec_blob);
1002 else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
1004 nt_status = ntlmssp_client_sign_packet(cli->ntlmssp_pipe_state,
1005 (unsigned char*)prs_data_p(&sec_blob),
1006 data_and_padding_size, &sign_blob);
1007 if (!NT_STATUS_IS_OK(nt_status)) {
1008 prs_mem_free(&sec_blob);
1014 /* write auth footer onto the packet */
1015 real_auth_len = sign_blob.length;
1017 prs_copy_data_in(&sec_blob, sign_blob.data, sign_blob.length);
1018 data_blob_free(&sign_blob);
1021 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
1022 static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
1023 static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
1024 size_t parse_offset_marker;
1025 DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
1027 init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes,
1028 nullbytes, nullbytes);
1030 netsec_encode(&cli->auth_info,
1031 cli->pipe_auth_flags,
1032 SENDER_IS_INITIATOR,
1034 prs_data_p(&sec_blob),
1035 data_and_padding_size);
1037 cli->auth_info.seq_num++;
1039 /* write auth footer onto the packet */
1041 parse_offset_marker = prs_offset(&sec_blob);
1042 if (!smb_io_rpc_auth_netsec_chk("", &verf,
1044 prs_mem_free(&sec_blob);
1047 real_auth_len = prs_offset(&sec_blob) - parse_offset_marker;
1051 data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + prs_offset(&sec_blob);
1054 * Malloc parse struct to hold it (and enough for alignments).
1056 if(!prs_init(&outgoing_packet, data_len + 8,
1057 cli->mem_ctx, MARSHALL)) {
1058 DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
1062 if (data_left == prs_offset(data))
1063 flags |= RPC_FLG_FIRST;
1065 if (data_left <= max_data)
1066 flags |= RPC_FLG_LAST;
1068 * Write out the RPC header and the request header.
1070 if(!(callid = create_rpc_request(&outgoing_packet, op_num,
1071 data_len, real_auth_len, flags,
1072 callid, data_left))) {
1073 DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
1074 prs_mem_free(&outgoing_packet);
1075 prs_mem_free(&sec_blob);
1079 prs_append_prs_data(&outgoing_packet, &sec_blob);
1080 prs_mem_free(&sec_blob);
1082 DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
1083 prs_offset(&outgoing_packet)));
1085 if (flags & RPC_FLG_LAST)
1086 ret = rpc_api_pipe(cli, &outgoing_packet,
1087 rdata, RPC_RESPONSE);
1089 cli_write(cli, cli->nt_pipe_fnum, 0x0008,
1090 prs_data_p(&outgoing_packet),
1091 data_sent, data_len);
1093 prs_mem_free(&outgoing_packet);
1094 data_sent += send_size;
1095 data_left -= send_size;
1097 /* Also capture received data */
1098 slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
1099 cli_pipe_get_name(cli));
1100 prs_dump(dump_name, op_num, rdata);
1105 /****************************************************************************
1106 Set the handle state.
1107 ****************************************************************************/
1109 static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
1111 BOOL state_set = False;
1113 uint16 setup[2]; /* only need 2 uint16 setup parameters */
1114 char *rparam = NULL;
1116 uint32 rparam_len, rdata_len;
1118 if (pipe_name == NULL)
1121 DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
1122 cli->nt_pipe_fnum, pipe_name, device_state));
1124 /* create parameters: device state */
1125 SSVAL(param, 0, device_state);
1127 /* create setup parameters. */
1129 setup[1] = cli->nt_pipe_fnum; /* pipe file handle. got this from an SMBOpenX. */
1131 /* send the data on \PIPE\ */
1132 if (cli_api_pipe(cli, "\\PIPE\\",
1133 setup, 2, 0, /* setup, length, max */
1134 param, 2, 0, /* param, length, max */
1135 NULL, 0, 1024, /* data, length, max */
1136 &rparam, &rparam_len, /* return param, length */
1137 &rdata, &rdata_len)) /* return data, length */
1139 DEBUG(5, ("Set Handle state: return OK\n"));
1149 /****************************************************************************
1150 check the rpc bind acknowledge response
1151 ****************************************************************************/
1153 int get_pipe_index( const char *pipe_name )
1157 while (pipe_names[pipe_idx].client_pipe != NULL) {
1158 if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
1167 /****************************************************************************
1168 check the rpc bind acknowledge response
1169 ****************************************************************************/
1171 const char* get_pipe_name_from_index( const int pipe_index )
1174 if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
1177 return pipe_names[pipe_index].client_pipe;
1180 /****************************************************************************
1181 Check to see if this pipe index points to one of
1182 the pipes only supported by Win2k
1183 ****************************************************************************/
1185 BOOL is_win2k_pipe( const int pipe_idx )
1196 /****************************************************************************
1197 check the rpc bind acknowledge response
1198 ****************************************************************************/
1200 static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
1202 if ( pipe_idx >= PI_MAX_PIPES ) {
1203 DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
1208 DEBUG(5,("Bind Abstract Syntax: "));
1209 dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
1210 sizeof(pipe_names[pipe_idx].abstr_syntax));
1211 DEBUG(5,("Bind Transfer Syntax: "));
1212 dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
1213 sizeof(pipe_names[pipe_idx].trans_syntax));
1215 /* copy the required syntaxes out so we can do the right bind */
1217 *transfer = pipe_names[pipe_idx].trans_syntax;
1218 *abstract = pipe_names[pipe_idx].abstr_syntax;
1223 /****************************************************************************
1224 check the rpc bind acknowledge response
1225 ****************************************************************************/
1227 static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
1231 if ( hdr_ba->addr.len <= 0)
1234 if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe ))
1236 DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
1237 pipe_names[i].server_pipe ,hdr_ba->addr.str));
1241 DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
1243 if (pipe_names[pipe_idx].server_pipe == NULL) {
1244 DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
1248 /* check the transfer syntax */
1249 if ((hdr_ba->transfer.version != transfer->version) ||
1250 (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1251 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1255 /* lkclXXXX only accept one result: check the result(s) */
1256 if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
1257 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1258 hdr_ba->res.num_results, hdr_ba->res.reason));
1261 DEBUG(5,("bind_rpc_pipe: accepted!\n"));
1265 /****************************************************************************
1266 Create and send the third packet in an RPC auth.
1267 ****************************************************************************/
1269 static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
1274 prs_init(&rpc_out, RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN, /* need at least this much */
1275 cli->mem_ctx, MARSHALL);
1277 create_rpc_bind_resp(cli, rpc_call_id,
1280 if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
1281 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
1282 DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
1283 prs_mem_free(&rpc_out);
1287 prs_mem_free(&rpc_out);
1291 /****************************************************************************
1293 ****************************************************************************/
1295 static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_name)
1302 char buffer[MAX_PDU_FRAG_LEN];
1304 if ( (pipe_idx < 0) || (pipe_idx >= PI_MAX_PIPES) )
1307 DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
1309 if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
1312 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1315 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
1318 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1320 rpc_call_id = get_rpc_call_id();
1322 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
1326 DEBUG(5, ("NTLMSSP authenticated pipe selected\n"));
1328 nt_status = ntlmssp_client_start(&cli->ntlmssp_pipe_state);
1330 if (!NT_STATUS_IS_OK(nt_status))
1333 nt_status = ntlmssp_set_username(cli->ntlmssp_pipe_state,
1335 if (!NT_STATUS_IS_OK(nt_status))
1338 nt_status = ntlmssp_set_domain(cli->ntlmssp_pipe_state,
1340 if (!NT_STATUS_IS_OK(nt_status))
1343 pwd_get_cleartext(&cli->pwd, password);
1344 nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state,
1346 if (!NT_STATUS_IS_OK(nt_status))
1349 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
1350 cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1353 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
1354 cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
1356 } else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
1357 cli->auth_info.seq_num = 0;
1360 /* Marshall the outgoing data. */
1361 create_rpc_bind_req(cli, &rpc_out, rpc_call_id,
1362 &abstract, &transfer,
1363 global_myname(), cli->domain);
1365 /* Initialize the incoming data struct. */
1366 prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
1368 /* send data on \PIPE\. receive a response */
1369 if (rpc_api_pipe(cli, &rpc_out, &rdata, RPC_BINDACK)) {
1372 DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
1374 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
1375 DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
1376 prs_mem_free(&rdata);
1380 if(!check_bind_response(&hdr_ba, pipe_idx, &transfer)) {
1381 DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
1382 prs_mem_free(&rdata);
1386 cli->max_xmit_frag = hdr_ba.bba.max_tsize;
1387 cli->max_recv_frag = hdr_ba.bba.max_rsize;
1390 * If we're doing NTLMSSP auth we need to send a reply to
1391 * the bind-ack to complete the 3-way challenge response
1395 if ((cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP)
1396 && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
1397 DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
1398 prs_mem_free(&rdata);
1401 prs_mem_free(&rdata);
1408 /****************************************************************************
1410 ****************************************************************************/
1412 BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
1416 /* At the moment we can't have more than one pipe open over
1417 a cli connection. )-: */
1419 SMB_ASSERT(cli->nt_pipe_fnum == 0);
1421 /* The pipe index must fall within our array */
1423 SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
1425 if (cli->capabilities & CAP_NT_SMBS) {
1426 if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
1427 DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
1428 &pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
1432 cli->nt_pipe_fnum = (uint16)fnum;
1434 if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1435 DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
1436 pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
1440 cli->nt_pipe_fnum = (uint16)fnum;
1442 /**************** Set Named Pipe State ***************/
1443 if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
1444 DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
1446 cli_close(cli, cli->nt_pipe_fnum);
1451 /******************* bind request on pipe *****************/
1453 if (!rpc_pipe_bind(cli, pipe_idx, global_myname())) {
1454 DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
1455 get_pipe_name_from_index(pipe_idx)));
1456 cli_close(cli, cli->nt_pipe_fnum);
1461 * Setup the remote server name prefixed by \ and the machine account name.
1464 fstrcpy(cli->srv_name_slash, "\\\\");
1465 fstrcat(cli->srv_name_slash, cli->desthost);
1466 strupper_m(cli->srv_name_slash);
1468 fstrcpy(cli->clnt_name_slash, "\\\\");
1469 fstrcat(cli->clnt_name_slash, global_myname());
1470 strupper_m(cli->clnt_name_slash);
1472 fstrcpy(cli->mach_acct, global_myname());
1473 fstrcat(cli->mach_acct, "$");
1474 strupper_m(cli->mach_acct);
1476 /* Remember which pipe we're talking to */
1477 fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
1483 /****************************************************************************
1484 Open a session to the NETLOGON pipe using schannel.
1486 (Assumes that the netlogon pipe is already open)
1487 ****************************************************************************/
1489 NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
1490 const uchar trust_password[16])
1493 uint32 neg_flags = 0x000001ff;
1496 cli_nt_netlogon_netsec_session_close(cli);
1498 if (lp_client_schannel() != False)
1499 neg_flags |= NETLOGON_NEG_SCHANNEL;
1501 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1504 if (!NT_STATUS_IS_OK(result)) {
1505 cli_nt_session_close(cli);
1509 if ((lp_client_schannel() == True) &&
1510 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1512 DEBUG(3, ("Server did not offer schannel\n"));
1513 cli_nt_session_close(cli);
1514 return NT_STATUS_UNSUCCESSFUL;
1517 if ((lp_client_schannel() == False) ||
1518 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1519 return NT_STATUS_OK;
1521 /* keep the existing connection to NETLOGON open */
1525 /* Server offered schannel, so try it. */
1527 memcpy(cli->auth_info.sess_key, cli->sess_key,
1528 sizeof(cli->auth_info.sess_key));
1530 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1532 cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
1533 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
1534 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
1536 if (cli->capabilities & CAP_NT_SMBS) {
1538 /* The secure channel connection must be opened on the same
1539 session (TCP connection) as the one the challenge was
1541 if ((fnum = cli_nt_create(cli, PIPE_NETLOGON_PLAIN,
1542 DESIRED_ACCESS_PIPE)) == -1) {
1543 DEBUG(0,("cli_nt_create failed to %s machine %s. "
1545 PIPE_NETLOGON, cli->desthost,
1547 return NT_STATUS_UNSUCCESSFUL;
1550 cli->nt_pipe_fnum = (uint16)fnum;
1552 if ((fnum = cli_open(cli, PIPE_NETLOGON,
1553 O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1554 DEBUG(0,("cli_open failed on pipe %s to machine %s. "
1556 PIPE_NETLOGON, cli->desthost,
1558 return NT_STATUS_UNSUCCESSFUL;
1561 cli->nt_pipe_fnum = (uint16)fnum;
1563 /**************** Set Named Pipe State ***************/
1564 if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, 0x4300)) {
1565 DEBUG(0,("Pipe hnd state failed. Error was %s\n",
1567 cli_close(cli, cli->nt_pipe_fnum);
1568 return NT_STATUS_UNSUCCESSFUL;
1572 if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname())) {
1573 DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
1574 cli_close(cli, cli->nt_pipe_fnum);
1575 return NT_STATUS_UNSUCCESSFUL;
1578 return NT_STATUS_OK;
1582 NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan,
1583 const uchar trust_password[16])
1586 uint32 neg_flags = 0x000001ff;
1587 cli->pipe_auth_flags = 0;
1589 if (lp_client_schannel() == False) {
1590 return NT_STATUS_OK;
1593 if (!cli_nt_session_open(cli, PI_NETLOGON)) {
1594 DEBUG(0, ("Could not initialise %s\n",
1595 get_pipe_name_from_index(PI_NETLOGON)));
1596 return NT_STATUS_UNSUCCESSFUL;
1599 if (lp_client_schannel() != False)
1600 neg_flags |= NETLOGON_NEG_SCHANNEL;
1602 neg_flags |= NETLOGON_NEG_SCHANNEL;
1604 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1607 if (!(neg_flags & NETLOGON_NEG_SCHANNEL)
1608 && lp_client_schannel() == True) {
1609 DEBUG(1, ("Could not negotiate SCHANNEL with the DC!\n"));
1610 result = NT_STATUS_UNSUCCESSFUL;
1613 if (!NT_STATUS_IS_OK(result)) {
1614 ZERO_STRUCT(cli->auth_info.sess_key);
1615 ZERO_STRUCT(cli->sess_key);
1616 cli->pipe_auth_flags = 0;
1617 cli_nt_session_close(cli);
1621 memcpy(cli->auth_info.sess_key, cli->sess_key,
1622 sizeof(cli->auth_info.sess_key));
1624 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1625 cli->nt_pipe_fnum = 0;
1627 /* doing schannel, not per-user auth */
1628 cli->pipe_auth_flags = AUTH_PIPE_NETSEC | AUTH_PIPE_SIGN | AUTH_PIPE_SEAL;
1630 return NT_STATUS_OK;
1633 const char *cli_pipe_get_name(struct cli_state *cli)
1635 return cli->pipe_name;