2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1998.
7 * Copyright (C) Jeremy Allison 1999.
8 * Copyright (C) Andrew Bartlett 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_RPC_CLI
30 extern struct pipe_id_info pipe_names[];
32 /* convert pipe auth flags into the RPC auth type and level */
34 void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
38 if (pipe_auth_flags & AUTH_PIPE_SEAL) {
39 *auth_level = RPC_PIPE_AUTH_SEAL_LEVEL;
40 } else if (pipe_auth_flags & AUTH_PIPE_SIGN) {
41 *auth_level = RPC_PIPE_AUTH_SIGN_LEVEL;
44 if (pipe_auth_flags & AUTH_PIPE_NETSEC) {
45 *auth_type = NETSEC_AUTH_TYPE;
46 } else if (pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
47 *auth_type = NTLMSSP_AUTH_TYPE;
51 /********************************************************************
53 ********************************************************************/
55 static uint32 get_rpc_call_id(void)
57 static uint32 call_id = 0;
61 /*******************************************************************
62 Use SMBreadX to get rest of one fragment's worth of rpc data.
63 ********************************************************************/
65 static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
67 size_t size = (size_t)cli->max_recv_frag;
68 int stream_offset = 0;
71 int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
73 DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
74 (int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
77 * Grow the buffer if needed to accommodate the data to be read.
80 if (extra_data_size > 0) {
81 if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
82 DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
85 DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
88 pdata = prs_data_p(rdata) + *rdata_offset;
90 do /* read data using SMBreadX */
95 if (size > (size_t)data_to_read)
96 size = (size_t)data_to_read;
98 num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
100 DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
101 num_read, stream_offset, data_to_read));
103 if (cli_is_dos_error(cli)) {
104 cli_dos_error(cli, &eclass, &ecode);
105 if (eclass != ERRDOS && ecode != ERRmoredata) {
106 DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
107 eclass, (unsigned int)ecode));
112 data_to_read -= num_read;
113 stream_offset += num_read;
116 } while (num_read > 0 && data_to_read > 0);
117 /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
120 * Update the current offset into rdata by the amount read.
122 *rdata_offset += stream_offset;
127 /****************************************************************************
128 Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
129 ****************************************************************************/
131 static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
132 BOOL *first, BOOL *last, uint32 *len)
134 DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
136 /* Next call sets endian bit. */
138 if(!smb_io_rpc_hdr("rpc_hdr ", rhdr, rdata, 0)) {
139 DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
143 if (prs_offset(rdata) != RPC_HEADER_LEN) {
144 DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
148 (*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
149 (*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
150 (*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
152 return (rhdr->pkt_type != RPC_FAULT);
155 /****************************************************************************
156 Verify data on an rpc pipe.
157 The VERIFY & SEAL code is only executed on packets that look like this :
159 Request/Response PDU's look like the following...
161 |<------------------PDU len----------------------------------------------->|
162 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
164 +------------+-----------------+-------------+---------------+-------------+
165 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
166 +------------+-----------------+-------------+---------------+-------------+
168 Never on bind requests/responses.
169 ****************************************************************************/
171 static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
172 uint32 fragment_start, int len, int auth_len, uint8 pkt_type,
173 int *pauth_padding_len)
177 * The following is that length of the data we must sign or seal.
178 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
179 * preceeding the auth_data.
182 int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
185 * The start of the data to sign/seal is just after the RPC headers.
187 char *reply_data = prs_data_p(rdata) + fragment_start + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
189 RPC_HDR_AUTH rhdr_auth;
191 char *dp = prs_data_p(rdata) + fragment_start + len -
192 RPC_HDR_AUTH_LEN - auth_len;
193 prs_struct auth_verf;
195 *pauth_padding_len = 0;
198 if (cli->pipe_auth_flags == 0) {
199 /* move along, nothing to see here */
203 DEBUG(2, ("No authenticaton header recienved on reply, but this pipe is authenticated\n"));
207 DEBUG(5,("rpc_auth_pipe: pkt_type: %d len: %d auth_len: %d NTLMSSP %s schannel %s sign %s seal %s \n",
208 pkt_type, len, auth_len,
209 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP),
210 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_NETSEC),
211 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_SIGN),
212 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_SEAL)));
214 if (dp - prs_data_p(rdata) > prs_data_size(rdata)) {
215 DEBUG(0,("rpc_auth_pipe: schannel auth data > data size !\n"));
219 DEBUG(10,("rpc_auth_pipe: packet:\n"));
220 dump_data(100, dp, auth_len);
222 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
224 /* The endinness must be preserved. JRA. */
225 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
227 /* Point this new parse struct at the auth section of the main
228 parse struct - rather than copying it. Avoids needing to
229 free it on every error
231 prs_give_memory(&auth_verf, dp, RPC_HDR_AUTH_LEN + auth_len, False /* not dynamic */);
232 prs_set_offset(&auth_verf, 0);
237 if (!smb_io_rpc_hdr_auth("auth_hdr", &rhdr_auth, &auth_verf, 0)) {
238 DEBUG(0, ("rpc_auth_pipe: Could not parse auth header\n"));
242 /* Let the caller know how much padding at the end of the data */
243 *pauth_padding_len = rhdr_auth.padding;
245 /* Check it's the type of reply we were expecting to decode */
247 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
248 if (rhdr_auth.auth_type != auth_type) {
249 DEBUG(0, ("BAD auth type %d (should be %d)\n",
250 rhdr_auth.auth_type, auth_type));
254 if (rhdr_auth.auth_level != auth_level) {
255 DEBUG(0, ("BAD auth level %d (should be %d)\n",
256 rhdr_auth.auth_level, auth_level));
261 if (pkt_type == RPC_BINDACK) {
262 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
263 /* copy the next auth_len bytes into a buffer for
266 DATA_BLOB ntlmssp_verf = data_blob(NULL, auth_len);
269 /* save the reply away, for use a little later */
270 prs_copy_data_out((char *)ntlmssp_verf.data, &auth_verf, auth_len);
272 store_ok = (NT_STATUS_IS_OK(ntlmssp_store_response(cli->ntlmssp_pipe_state,
275 data_blob_free(&ntlmssp_verf);
278 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
279 /* nothing to do here - we don't seem to be able to
280 validate the bindack based on VL's comments */
285 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
288 if ((cli->pipe_auth_flags & AUTH_PIPE_SIGN) ||
289 (cli->pipe_auth_flags & AUTH_PIPE_SEAL)) {
290 if (auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) {
291 DEBUG(0,("rpc_auth_pipe: wrong ntlmssp auth len %d\n", auth_len));
294 sig = data_blob(NULL, auth_len);
295 prs_copy_data_out((char *)sig.data, &auth_verf, auth_len);
299 * Unseal any sealed data in the PDU, not including the
300 * 8 byte auth_header or the auth_data.
304 * Now unseal and check the auth verifier in the auth_data at
305 * the end of the packet.
308 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
310 DEBUG(1, ("Can't unseal - data_len < 0!!\n"));
313 nt_status = ntlmssp_unseal_packet(cli->ntlmssp_pipe_state,
314 (unsigned char *)reply_data, data_len,
317 else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
318 nt_status = ntlmssp_check_packet(cli->ntlmssp_pipe_state,
319 (const unsigned char *)reply_data, data_len,
323 data_blob_free(&sig);
325 if (!NT_STATUS_IS_OK(nt_status)) {
326 DEBUG(0, ("rpc_auth_pipe: could not validate "
327 "incoming NTLMSSP packet!\n"));
332 if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
333 RPC_AUTH_NETSEC_CHK chk;
335 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
336 DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
340 if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign",
341 &chk, &auth_verf, 0)) {
342 DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
343 "RPC_AUTH_NETSECK_CHK failed\n"));
347 if (!netsec_decode(&cli->auth_info,
348 cli->pipe_auth_flags,
350 &chk, reply_data, data_len)) {
351 DEBUG(0, ("rpc_auth_pipe: Could not decode schannel\n"));
355 cli->auth_info.seq_num++;
362 /****************************************************************************
363 Send data on an rpc pipe via trans, which *must* be the last fragment.
364 receive response data from an rpc pipe, which may be large...
366 Read the first fragment: unfortunately have to use SMBtrans for the first
367 bit, then SMBreadX for subsequent bits.
369 If first fragment received also wasn't the last fragment, continue
370 getting fragments until we _do_ receive the last fragment.
372 Request/Response PDU's look like the following...
374 |<------------------PDU len----------------------------------------------->|
375 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
377 +------------+-----------------+-------------+---------------+-------------+
378 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
379 +------------+-----------------+-------------+---------------+-------------+
381 Where the presence of the AUTH_HDR and AUTH are dependent on the
382 signing & sealing being negotiated.
384 ****************************************************************************/
386 static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata,
387 uint8 expected_pkt_type)
391 uint32 rparam_len = 0;
396 char *pdata = data ? prs_data_p(data) : NULL;
397 uint32 data_len = data ? prs_offset(data) : 0;
399 uint32 rdata_len = 0;
400 uint32 current_offset = 0;
401 uint32 fragment_start = 0;
402 uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
403 int auth_padding_len = 0;
405 /* Create setup parameters - must be in native byte order. */
407 setup[0] = TRANSACT_DCERPCCMD;
408 setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
410 DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
412 /* Send the RPC request and receive a response. For short RPC
413 calls (about 1024 bytes or so) the RPC request and response
414 appears in a SMBtrans request and response. Larger RPC
415 responses are received further on. */
417 if (!cli_api_pipe(cli, "\\PIPE\\",
418 setup, 2, 0, /* Setup, length, max */
419 NULL, 0, 0, /* Params, length, max */
420 pdata, data_len, max_data, /* data, length, max */
421 &rparam, &rparam_len, /* return params, len */
422 &prdata, &rdata_len)) /* return data, len */
424 DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
428 /* Throw away returned params - we know we won't use them. */
432 if (prdata == NULL) {
433 DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
434 (int)cli->nt_pipe_fnum));
439 * Give this memory as dynamically allocated to the return parse
443 prs_give_memory(rdata, prdata, rdata_len, True);
444 current_offset = rdata_len;
446 /* This next call sets the endian bit correctly in rdata. */
448 if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
453 if (rhdr.pkt_type == RPC_BINDACK) {
454 if (!last && !first) {
455 DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
461 if (rhdr.pkt_type == RPC_BINDNACK) {
462 DEBUG(3, ("Bind NACK received on pipe %x!\n", (int)cli->nt_pipe_fnum));
467 if (rhdr.pkt_type == RPC_RESPONSE) {
468 RPC_HDR_RESP rhdr_resp;
469 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
470 DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
476 if (rhdr.pkt_type != expected_pkt_type) {
477 DEBUG(3, ("Connection to pipe %x got an unexpected RPC packet type - %d, not %d\n", (int)cli->nt_pipe_fnum, rhdr.pkt_type, expected_pkt_type));
482 DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
483 (unsigned int)len, (unsigned int)rdata_len ));
485 /* check if data to be sent back was too large for one SMBtrans */
486 /* err status is only informational: the _real_ check is on the
490 /* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
492 /* Read the remaining part of the first response fragment */
494 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
501 * Now we have a complete PDU, check the auth struct if any was sent.
504 if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
505 rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
510 if (rhdr.auth_len != 0) {
512 * Drop the auth footers from the current offset.
513 * We need this if there are more fragments.
514 * The auth footers consist of the auth_data and the
515 * preceeding 8 byte auth_header.
517 current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
521 * Only one rpc fragment, and it has been read.
525 DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
530 * Read more fragments using SMBreadX until we get one with the
535 RPC_HDR_RESP rhdr_resp;
537 char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
543 * First read the header of the next PDU.
546 prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
547 prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
549 num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
550 if (cli_is_dos_error(cli)) {
551 cli_dos_error(cli, &eclass, &ecode);
552 if (eclass != ERRDOS && ecode != ERRmoredata) {
553 DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
558 DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
560 if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
561 DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
562 RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
566 /* This call sets the endianness in hps. */
568 if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
571 /* Ensure the endianness in rdata is set correctly - must be same as hps. */
573 if (hps.bigendian_data != rdata->bigendian_data) {
574 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
575 rdata->bigendian_data ? "big" : "little",
576 hps.bigendian_data ? "big" : "little" ));
580 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
581 DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
586 DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
591 * Now read the rest of the PDU.
594 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
599 fragment_start = current_offset - len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
602 * Verify any authentication footer.
606 if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
607 rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
612 if (rhdr.auth_len != 0 ) {
615 * Drop the auth footers from the current offset.
616 * The auth footers consist of the auth_data and the
617 * preceeding 8 byte auth_header.
618 * We need this if there are more fragments.
620 current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
627 /*******************************************************************
628 creates a DCE/RPC bind request
630 - initialises the parse structure.
631 - dynamically allocates the header data structure
632 - caller is expected to free the header data structure once used.
634 ********************************************************************/
636 static NTSTATUS create_rpc_bind_req(struct cli_state *cli, prs_struct *rpc_out,
638 RPC_IFACE *abstract, RPC_IFACE *transfer,
639 const char *my_name, const char *domain)
643 RPC_HDR_AUTH hdr_auth;
645 int auth_type, auth_level;
646 size_t saved_hdr_offset = 0;
648 prs_struct auth_info;
649 prs_init(&auth_info, RPC_HDR_AUTH_LEN, /* we will need at least this much */
650 prs_get_mem_context(rpc_out), MARSHALL);
652 if (cli->pipe_auth_flags) {
653 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
656 * Create the auth structs we will marshall.
659 init_rpc_hdr_auth(&hdr_auth, auth_type, auth_level, 0x00, 1);
662 * Now marshall the data into the temporary parse_struct.
665 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
666 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
667 prs_mem_free(&auth_info);
668 return NT_STATUS_NO_MEMORY;
670 saved_hdr_offset = prs_offset(&auth_info);
673 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
676 DATA_BLOB null_blob = data_blob(NULL, 0);
679 DEBUG(5, ("Processing NTLMSSP Negotiate\n"));
680 nt_status = ntlmssp_update(cli->ntlmssp_pipe_state,
684 if (!NT_STATUS_EQUAL(nt_status,
685 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
686 prs_mem_free(&auth_info);
690 /* Auth len in the rpc header doesn't include auth_header. */
691 auth_len = request.length;
692 prs_copy_data_in(&auth_info, (char *)request.data, request.length);
694 DEBUG(5, ("NTLMSSP Negotiate:\n"));
695 dump_data(5, (const char *)request.data, request.length);
697 data_blob_free(&request);
699 } else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
700 RPC_AUTH_NETSEC_NEG netsec_neg;
702 /* Use lp_workgroup() if domain not specified */
704 if (!domain || !domain[0]) {
705 DEBUG(10,("create_rpc_bind_req: no domain; assuming my own\n"));
706 domain = lp_workgroup();
709 init_rpc_auth_netsec_neg(&netsec_neg, domain, my_name);
712 * Now marshall the data into the temporary parse_struct.
715 if(!smb_io_rpc_auth_netsec_neg("netsec_neg",
716 &netsec_neg, &auth_info, 0)) {
717 DEBUG(0,("Failed to marshall RPC_AUTH_NETSEC_NEG.\n"));
718 prs_mem_free(&auth_info);
719 return NT_STATUS_NO_MEMORY;
722 /* Auth len in the rpc header doesn't include auth_header. */
723 auth_len = prs_offset(&auth_info) - saved_hdr_offset;
726 /* Create the request RPC_HDR */
727 init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id,
728 RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
731 if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
732 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
733 prs_mem_free(&auth_info);
734 return NT_STATUS_NO_MEMORY;
737 /* create the bind request RPC_HDR_RB */
738 init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
739 0x1, 0x0, 0x1, abstract, transfer);
741 /* Marshall the bind request data */
742 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
743 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
744 prs_mem_free(&auth_info);
745 return NT_STATUS_NO_MEMORY;
749 * Grow the outgoing buffer to store any auth info.
753 if(!prs_append_prs_data( rpc_out, &auth_info)) {
754 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
755 prs_mem_free(&auth_info);
756 return NT_STATUS_NO_MEMORY;
759 prs_mem_free(&auth_info);
763 /*******************************************************************
764 Creates a DCE/RPC bind authentication response.
765 This is the packet that is sent back to the server once we
766 have received a BIND-ACK, to finish the third leg of
767 the authentication handshake.
768 ********************************************************************/
770 static NTSTATUS create_rpc_bind_resp(struct cli_state *cli,
776 RPC_HDR_AUTHA hdr_autha;
777 DATA_BLOB ntlmssp_null_response = data_blob(NULL, 0);
778 DATA_BLOB ntlmssp_reply;
779 int auth_type, auth_level;
781 /* The response is picked up from the internal cache,
782 where it was placed by the rpc_auth_pipe() code */
783 nt_status = ntlmssp_update(cli->ntlmssp_pipe_state,
784 ntlmssp_null_response,
787 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
791 /* Create the request RPC_HDR */
792 init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
793 RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + ntlmssp_reply.length,
794 ntlmssp_reply.length );
797 if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
798 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
799 data_blob_free(&ntlmssp_reply);
800 return NT_STATUS_NO_MEMORY;
803 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
805 /* Create the request RPC_HDR_AUTHA */
806 init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
807 auth_type, auth_level, 0x00);
809 if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
810 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
811 data_blob_free(&ntlmssp_reply);
812 return NT_STATUS_NO_MEMORY;
816 * Append the auth data to the outgoing buffer.
819 if(!prs_copy_data_in(rpc_out, (char *)ntlmssp_reply.data, ntlmssp_reply.length)) {
820 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
821 data_blob_free(&ntlmssp_reply);
822 return NT_STATUS_NO_MEMORY;
825 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
826 nt_status = ntlmssp_sign_init(cli->ntlmssp_pipe_state);
828 if (!NT_STATUS_IS_OK(nt_status)) {
833 data_blob_free(&ntlmssp_reply);
838 /*******************************************************************
839 Creates a DCE/RPC request.
840 ********************************************************************/
842 static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
847 uint32 callid = oldid ? oldid : get_rpc_call_id();
849 DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
851 /* create the rpc header RPC_HDR */
852 init_rpc_hdr(&hdr, RPC_REQUEST, flags,
853 callid, data_len, auth_len);
856 * The alloc hint should be the amount of data, not including
857 * RPC headers & footers.
861 alloc_hint = data_len - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
863 alloc_hint = data_len - RPC_HEADER_LEN;
865 DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
866 data_len, auth_len, alloc_hint));
868 /* Create the rpc request RPC_HDR_REQ */
869 init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
872 if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
875 if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
878 if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
884 /*******************************************************************
885 Puts an auth header into an rpc request.
886 ********************************************************************/
888 static BOOL create_auth_hdr(prs_struct *outgoing_packet,
890 int auth_level, int padding)
892 RPC_HDR_AUTH hdr_auth;
894 init_rpc_hdr_auth(&hdr_auth, auth_type, auth_level,
896 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
897 outgoing_packet, 0)) {
898 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
905 * Send a request on an RPC pipe and get a response.
907 * @param data NDR contents of the request to be sent.
908 * @param rdata Unparsed NDR response data.
911 BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
912 prs_struct *data, prs_struct *rdata)
914 uint32 auth_len, real_auth_len, auth_hdr_len, max_data, data_left, data_sent;
924 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
925 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
926 auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
928 if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
929 auth_len = RPC_AUTH_NETSEC_CHK_LEN;
931 auth_hdr_len = RPC_HDR_AUTH_LEN;
935 * calc how much actual data we can send in a PDU fragment
937 max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
938 auth_hdr_len - auth_len - 8;
940 for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
941 prs_struct outgoing_packet;
943 uint32 data_len, send_size;
945 uint32 auth_padding = 0;
949 * how much will we send this time
951 send_size = MIN(data_left, max_data);
953 if (!prs_init(&sec_blob, send_size, /* will need at least this much */
954 cli->mem_ctx, MARSHALL)) {
955 DEBUG(0,("Could not malloc %u bytes",
956 send_size+auth_padding));
960 if(!prs_append_some_prs_data(&sec_blob, data,
961 data_sent, send_size)) {
962 DEBUG(0,("Failed to append data to netsec blob\n"));
963 prs_mem_free(&sec_blob);
968 * NT expects the data that is sealed to be 8-byte
969 * aligned. The padding must be encrypted as well and
970 * taken into account when generating the
971 * authentication verifier. The amount of padding must
972 * be stored in the auth header.
975 if (cli->pipe_auth_flags) {
976 size_t data_and_padding_size;
979 prs_align_uint64(&sec_blob);
981 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
983 data_and_padding_size = prs_offset(&sec_blob);
984 auth_padding = data_and_padding_size - send_size;
986 /* insert the auth header */
988 if(!create_auth_hdr(&sec_blob, auth_type, auth_level, auth_padding)) {
989 prs_mem_free(&sec_blob);
993 /* create an NTLMSSP signature */
994 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
996 * Seal the outgoing data if requested.
998 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
1000 nt_status = ntlmssp_seal_packet(cli->ntlmssp_pipe_state,
1001 (unsigned char*)prs_data_p(&sec_blob),
1002 data_and_padding_size,
1004 if (!NT_STATUS_IS_OK(nt_status)) {
1005 prs_mem_free(&sec_blob);
1009 else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
1011 nt_status = ntlmssp_sign_packet(cli->ntlmssp_pipe_state,
1012 (unsigned char*)prs_data_p(&sec_blob),
1013 data_and_padding_size, &sign_blob);
1014 if (!NT_STATUS_IS_OK(nt_status)) {
1015 prs_mem_free(&sec_blob);
1021 /* write auth footer onto the packet */
1022 real_auth_len = sign_blob.length;
1024 prs_copy_data_in(&sec_blob, (char *)sign_blob.data, sign_blob.length);
1025 data_blob_free(&sign_blob);
1028 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
1029 size_t parse_offset_marker;
1030 RPC_AUTH_NETSEC_CHK verf;
1031 DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
1033 netsec_encode(&cli->auth_info,
1034 cli->pipe_auth_flags,
1035 SENDER_IS_INITIATOR,
1037 prs_data_p(&sec_blob),
1038 data_and_padding_size);
1040 cli->auth_info.seq_num++;
1042 /* write auth footer onto the packet */
1044 parse_offset_marker = prs_offset(&sec_blob);
1045 if (!smb_io_rpc_auth_netsec_chk("", &verf,
1047 prs_mem_free(&sec_blob);
1050 real_auth_len = prs_offset(&sec_blob) - parse_offset_marker;
1054 data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + prs_offset(&sec_blob);
1057 * Malloc parse struct to hold it (and enough for alignments).
1059 if(!prs_init(&outgoing_packet, data_len + 8,
1060 cli->mem_ctx, MARSHALL)) {
1061 DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
1065 if (data_left == prs_offset(data))
1066 flags |= RPC_FLG_FIRST;
1068 if (data_left <= max_data)
1069 flags |= RPC_FLG_LAST;
1071 * Write out the RPC header and the request header.
1073 if(!(callid = create_rpc_request(&outgoing_packet, op_num,
1074 data_len, real_auth_len, flags,
1075 callid, data_left))) {
1076 DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
1077 prs_mem_free(&outgoing_packet);
1078 prs_mem_free(&sec_blob);
1082 prs_append_prs_data(&outgoing_packet, &sec_blob);
1083 prs_mem_free(&sec_blob);
1085 DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
1086 prs_offset(&outgoing_packet)));
1088 if (flags & RPC_FLG_LAST)
1089 ret = rpc_api_pipe(cli, &outgoing_packet,
1090 rdata, RPC_RESPONSE);
1092 cli_write(cli, cli->nt_pipe_fnum, 0x0008,
1093 prs_data_p(&outgoing_packet),
1094 data_sent, data_len);
1096 prs_mem_free(&outgoing_packet);
1097 data_sent += send_size;
1098 data_left -= send_size;
1100 /* Also capture received data */
1101 slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
1102 cli_pipe_get_name(cli));
1103 prs_dump(dump_name, op_num, rdata);
1108 /****************************************************************************
1109 Set the handle state.
1110 ****************************************************************************/
1112 static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
1114 BOOL state_set = False;
1116 uint16 setup[2]; /* only need 2 uint16 setup parameters */
1117 char *rparam = NULL;
1119 uint32 rparam_len, rdata_len;
1121 if (pipe_name == NULL)
1124 DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
1125 cli->nt_pipe_fnum, pipe_name, device_state));
1127 /* create parameters: device state */
1128 SSVAL(param, 0, device_state);
1130 /* create setup parameters. */
1132 setup[1] = cli->nt_pipe_fnum; /* pipe file handle. got this from an SMBOpenX. */
1134 /* send the data on \PIPE\ */
1135 if (cli_api_pipe(cli, "\\PIPE\\",
1136 setup, 2, 0, /* setup, length, max */
1137 param, 2, 0, /* param, length, max */
1138 NULL, 0, 1024, /* data, length, max */
1139 &rparam, &rparam_len, /* return param, length */
1140 &rdata, &rdata_len)) /* return data, length */
1142 DEBUG(5, ("Set Handle state: return OK\n"));
1152 /****************************************************************************
1153 check the rpc bind acknowledge response
1154 ****************************************************************************/
1156 int get_pipe_index( const char *pipe_name )
1160 while (pipe_names[pipe_idx].client_pipe != NULL) {
1161 if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
1170 /****************************************************************************
1171 check the rpc bind acknowledge response
1172 ****************************************************************************/
1174 const char* get_pipe_name_from_index( const int pipe_index )
1177 if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
1180 return pipe_names[pipe_index].client_pipe;
1183 /****************************************************************************
1184 Check to see if this pipe index points to one of
1185 the pipes only supported by Win2k
1186 ****************************************************************************/
1188 BOOL is_win2k_pipe( const int pipe_idx )
1199 /****************************************************************************
1200 check the rpc bind acknowledge response
1201 ****************************************************************************/
1203 static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
1205 if ( pipe_idx >= PI_MAX_PIPES ) {
1206 DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
1211 DEBUG(5,("Bind Abstract Syntax: "));
1212 dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
1213 sizeof(pipe_names[pipe_idx].abstr_syntax));
1214 DEBUG(5,("Bind Transfer Syntax: "));
1215 dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
1216 sizeof(pipe_names[pipe_idx].trans_syntax));
1218 /* copy the required syntaxes out so we can do the right bind */
1220 *transfer = pipe_names[pipe_idx].trans_syntax;
1221 *abstract = pipe_names[pipe_idx].abstr_syntax;
1226 /****************************************************************************
1227 check the rpc bind acknowledge response
1228 ****************************************************************************/
1230 static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
1234 if ( hdr_ba->addr.len <= 0)
1237 if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].client_pipe) &&
1238 !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe) )
1240 DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
1241 pipe_names[i].server_pipe ,hdr_ba->addr.str));
1245 DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
1247 if (pipe_names[pipe_idx].server_pipe == NULL) {
1248 DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
1252 /* check the transfer syntax */
1253 if ((hdr_ba->transfer.version != transfer->version) ||
1254 (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1255 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1259 /* lkclXXXX only accept one result: check the result(s) */
1260 if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
1261 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1262 hdr_ba->res.num_results, hdr_ba->res.reason));
1265 DEBUG(5,("bind_rpc_pipe: accepted!\n"));
1269 /****************************************************************************
1270 Create and send the third packet in an RPC auth.
1271 ****************************************************************************/
1273 static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
1278 prs_init(&rpc_out, RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN, /* need at least this much */
1279 cli->mem_ctx, MARSHALL);
1281 if (!NT_STATUS_IS_OK(create_rpc_bind_resp(cli, rpc_call_id,
1286 if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
1287 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
1288 DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
1289 prs_mem_free(&rpc_out);
1293 prs_mem_free(&rpc_out);
1297 /****************************************************************************
1299 ****************************************************************************/
1301 static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_name)
1308 char buffer[MAX_PDU_FRAG_LEN];
1310 if ( (pipe_idx < 0) || (pipe_idx >= PI_MAX_PIPES) )
1313 DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
1315 if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
1318 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1321 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
1324 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1326 rpc_call_id = get_rpc_call_id();
1328 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
1332 DEBUG(5, ("NTLMSSP authenticated pipe selected\n"));
1334 nt_status = ntlmssp_client_start(&cli->ntlmssp_pipe_state);
1336 if (!NT_STATUS_IS_OK(nt_status))
1339 nt_status = ntlmssp_set_username(cli->ntlmssp_pipe_state,
1341 if (!NT_STATUS_IS_OK(nt_status))
1344 nt_status = ntlmssp_set_domain(cli->ntlmssp_pipe_state,
1346 if (!NT_STATUS_IS_OK(nt_status))
1349 pwd_get_cleartext(&cli->pwd, password);
1350 nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state,
1352 if (!NT_STATUS_IS_OK(nt_status))
1355 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
1356 cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1359 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
1360 cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
1362 } else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
1363 cli->auth_info.seq_num = 0;
1366 /* Marshall the outgoing data. */
1367 create_rpc_bind_req(cli, &rpc_out, rpc_call_id,
1368 &abstract, &transfer,
1369 global_myname(), cli->domain);
1371 /* Initialize the incoming data struct. */
1372 prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
1374 /* send data on \PIPE\. receive a response */
1375 if (rpc_api_pipe(cli, &rpc_out, &rdata, RPC_BINDACK)) {
1378 DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
1380 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
1381 DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
1382 prs_mem_free(&rdata);
1386 if(!check_bind_response(&hdr_ba, pipe_idx, &transfer)) {
1387 DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
1388 prs_mem_free(&rdata);
1392 cli->max_xmit_frag = hdr_ba.bba.max_tsize;
1393 cli->max_recv_frag = hdr_ba.bba.max_rsize;
1396 * If we're doing NTLMSSP auth we need to send a reply to
1397 * the bind-ack to complete the 3-way challenge response
1401 if ((cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP)
1402 && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
1403 DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
1404 prs_mem_free(&rdata);
1407 prs_mem_free(&rdata);
1414 /****************************************************************************
1416 ****************************************************************************/
1418 BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
1422 /* At the moment we can't have more than one pipe open over
1423 a cli connection. )-: */
1425 SMB_ASSERT(cli->nt_pipe_fnum == 0);
1427 /* The pipe index must fall within our array */
1429 SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
1431 if (cli->capabilities & CAP_NT_SMBS) {
1432 if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
1433 DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
1434 &pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
1438 cli->nt_pipe_fnum = (uint16)fnum;
1440 if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1441 DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
1442 pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
1446 cli->nt_pipe_fnum = (uint16)fnum;
1448 /**************** Set Named Pipe State ***************/
1449 if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
1450 DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
1452 cli_close(cli, cli->nt_pipe_fnum);
1457 /******************* bind request on pipe *****************/
1459 if (!rpc_pipe_bind(cli, pipe_idx, global_myname())) {
1460 DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
1461 get_pipe_name_from_index(pipe_idx)));
1462 cli_close(cli, cli->nt_pipe_fnum);
1467 * Setup the remote server name prefixed by \ and the machine account name.
1470 fstrcpy(cli->srv_name_slash, "\\\\");
1471 fstrcat(cli->srv_name_slash, cli->desthost);
1472 strupper_m(cli->srv_name_slash);
1474 fstrcpy(cli->clnt_name_slash, "\\\\");
1475 fstrcat(cli->clnt_name_slash, global_myname());
1476 strupper_m(cli->clnt_name_slash);
1478 fstrcpy(cli->mach_acct, global_myname());
1479 fstrcat(cli->mach_acct, "$");
1480 strupper_m(cli->mach_acct);
1482 /* Remember which pipe we're talking to */
1483 fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
1489 /****************************************************************************
1490 Open a session to the NETLOGON pipe using schannel.
1492 (Assumes that the netlogon pipe is already open)
1493 ****************************************************************************/
1495 NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
1496 const uchar trust_password[16])
1499 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
1502 cli_nt_netlogon_netsec_session_close(cli);
1504 if (lp_client_schannel() != False)
1505 neg_flags |= NETLOGON_NEG_SCHANNEL;
1507 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1510 if (!NT_STATUS_IS_OK(result)) {
1511 cli_nt_session_close(cli);
1515 if ((lp_client_schannel() == True) &&
1516 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1518 DEBUG(3, ("Server did not offer schannel\n"));
1519 cli_nt_session_close(cli);
1520 return NT_STATUS_UNSUCCESSFUL;
1523 if ((lp_client_schannel() == False) ||
1524 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1525 return NT_STATUS_OK;
1527 /* keep the existing connection to NETLOGON open */
1531 /* Server offered schannel, so try it. */
1533 memcpy(cli->auth_info.sess_key, cli->sess_key,
1534 sizeof(cli->auth_info.sess_key));
1536 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1538 cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
1539 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
1540 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
1542 if (cli->capabilities & CAP_NT_SMBS) {
1544 /* The secure channel connection must be opened on the same
1545 session (TCP connection) as the one the challenge was
1547 if ((fnum = cli_nt_create(cli, PIPE_NETLOGON_PLAIN,
1548 DESIRED_ACCESS_PIPE)) == -1) {
1549 DEBUG(0,("cli_nt_create failed to %s machine %s. "
1551 PIPE_NETLOGON, cli->desthost,
1553 return NT_STATUS_UNSUCCESSFUL;
1556 cli->nt_pipe_fnum = (uint16)fnum;
1558 if ((fnum = cli_open(cli, PIPE_NETLOGON,
1559 O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1560 DEBUG(0,("cli_open failed on pipe %s to machine %s. "
1562 PIPE_NETLOGON, cli->desthost,
1564 return NT_STATUS_UNSUCCESSFUL;
1567 cli->nt_pipe_fnum = (uint16)fnum;
1569 /**************** Set Named Pipe State ***************/
1570 if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, 0x4300)) {
1571 DEBUG(0,("Pipe hnd state failed. Error was %s\n",
1573 cli_close(cli, cli->nt_pipe_fnum);
1574 return NT_STATUS_UNSUCCESSFUL;
1578 if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname())) {
1579 DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
1580 cli_close(cli, cli->nt_pipe_fnum);
1581 return NT_STATUS_UNSUCCESSFUL;
1584 return NT_STATUS_OK;
1588 NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags,
1589 const uchar trust_password[16])
1592 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
1593 cli->pipe_auth_flags = 0;
1595 if (lp_client_schannel() == False) {
1596 return NT_STATUS_OK;
1599 if (!cli_nt_session_open(cli, PI_NETLOGON)) {
1600 DEBUG(0, ("Could not initialise %s\n",
1601 get_pipe_name_from_index(PI_NETLOGON)));
1602 return NT_STATUS_UNSUCCESSFUL;
1605 if (lp_client_schannel() != False)
1606 neg_flags |= NETLOGON_NEG_SCHANNEL;
1608 neg_flags |= NETLOGON_NEG_SCHANNEL;
1610 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1613 if (!(neg_flags & NETLOGON_NEG_SCHANNEL)
1614 && lp_client_schannel() == True) {
1615 DEBUG(1, ("Could not negotiate SCHANNEL with the DC!\n"));
1616 result = NT_STATUS_UNSUCCESSFUL;
1619 if (!NT_STATUS_IS_OK(result)) {
1620 ZERO_STRUCT(cli->auth_info.sess_key);
1621 ZERO_STRUCT(cli->sess_key);
1622 cli->pipe_auth_flags = 0;
1623 cli_nt_session_close(cli);
1627 memcpy(cli->auth_info.sess_key, cli->sess_key,
1628 sizeof(cli->auth_info.sess_key));
1630 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1631 cli->nt_pipe_fnum = 0;
1633 /* doing schannel, not per-user auth */
1634 cli->pipe_auth_flags = auth_flags;
1636 return NT_STATUS_OK;
1639 const char *cli_pipe_get_name(struct cli_state *cli)
1641 return cli->pipe_name;