2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Largely re-written : 2005
6 * Copyright (C) Jeremy Allison 1998 - 2005
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
26 #define DBGC_CLASS DBGC_RPC_SRV
28 static int pipes_open;
30 static pipes_struct *InternalPipes;
33 * the following prototypes are declared here to avoid
34 * code being moved about too much for a patch to be
35 * disrupted / less obvious.
37 * these functions, and associated functions that they
38 * call, should be moved behind a .so module-loading
39 * system _anyway_. so that's the next step...
42 static int close_internal_rpc_pipe_hnd(struct pipes_struct *p);
44 /****************************************************************************
45 Internal Pipe iterator functions.
46 ****************************************************************************/
48 pipes_struct *get_first_internal_pipe(void)
53 pipes_struct *get_next_internal_pipe(pipes_struct *p)
58 const char *get_pipe_name_tos(struct pipes_struct *p)
60 return get_pipe_name_from_syntax(talloc_tos(), &p->syntax);
63 /****************************************************************************
64 Initialise an outgoing packet.
65 ****************************************************************************/
67 static bool pipe_init_outgoing_data(pipes_struct *p)
69 output_data *o_data = &p->out_data;
71 /* Reset the offset counters. */
72 o_data->data_sent_length = 0;
73 o_data->current_pdu_sent = 0;
75 prs_mem_free(&o_data->frag);
77 /* Free any memory in the current return data buffer. */
78 prs_mem_free(&o_data->rdata);
81 * Initialize the outgoing RPC data buffer.
82 * we will use this as the raw data area for replying to rpc requests.
84 if(!prs_init(&o_data->rdata, 128, p->mem_ctx, MARSHALL)) {
85 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
92 /****************************************************************************
93 Make an internal namedpipes structure
94 ****************************************************************************/
96 static struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
97 const struct ndr_syntax_id *syntax,
98 const char *client_address,
99 struct auth_serversupplied_info *server_info)
103 DEBUG(4,("Create pipe requested %s\n",
104 get_pipe_name_from_syntax(talloc_tos(), syntax)));
106 p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
109 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
113 p->mem_ctx = talloc_init("pipe %s %p",
114 get_pipe_name_from_syntax(talloc_tos(),
116 if (p->mem_ctx == NULL) {
117 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
122 if (!init_pipe_handle_list(p, syntax)) {
123 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
124 talloc_destroy(p->mem_ctx);
130 * Initialize the incoming RPC data buffer with one PDU worth of memory.
131 * We cheat here and say we're marshalling, as we intend to add incoming
132 * data directly into the prs_struct and we want it to auto grow. We will
133 * change the type to UNMARSALLING before processing the stream.
136 if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
137 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
138 talloc_destroy(p->mem_ctx);
139 close_policy_by_pipe(p);
144 p->server_info = copy_serverinfo(p, server_info);
145 if (p->server_info == NULL) {
146 DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
147 talloc_destroy(p->mem_ctx);
148 close_policy_by_pipe(p);
153 DLIST_ADD(InternalPipes, p);
155 memcpy(p->client_address, client_address, sizeof(p->client_address));
157 p->endian = RPC_LITTLE_ENDIAN;
160 * Initialize the outgoing RPC data buffer with no memory.
162 prs_init_empty(&p->out_data.rdata, p->mem_ctx, MARSHALL);
166 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
167 get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
169 talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
174 /****************************************************************************
175 Sets the fault state on incoming packets.
176 ****************************************************************************/
178 static void set_incoming_fault(pipes_struct *p)
180 prs_mem_free(&p->in_data.data);
181 p->in_data.pdu_needed_len = 0;
182 p->in_data.pdu_received_len = 0;
183 p->fault_state = True;
184 DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
185 get_pipe_name_tos(p)));
188 /****************************************************************************
189 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
190 ****************************************************************************/
192 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
194 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
196 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
197 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
198 (unsigned int)p->in_data.pdu_received_len ));
200 if (p->in_data.current_in_pdu == NULL) {
201 p->in_data.current_in_pdu = talloc_array(p, uint8_t,
204 if (p->in_data.current_in_pdu == NULL) {
205 DEBUG(0, ("talloc failed\n"));
209 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
210 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
212 return (ssize_t)len_needed_to_complete_hdr;
215 /****************************************************************************
216 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
217 ****************************************************************************/
219 static ssize_t unmarshall_rpc_header(pipes_struct *p)
222 * Unmarshall the header to determine the needed length.
227 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
228 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
229 set_incoming_fault(p);
233 prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL);
234 prs_set_endian_data( &rpc_in, p->endian);
236 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
237 p->in_data.pdu_received_len, False);
240 * Unmarshall the header as this will tell us how much
241 * data we need to read to get the complete pdu.
242 * This also sets the endian flag in rpc_in.
245 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
246 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
247 set_incoming_fault(p);
248 prs_mem_free(&rpc_in);
253 * Validate the RPC header.
256 if(p->hdr.major != 5 && p->hdr.minor != 0) {
257 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
258 set_incoming_fault(p);
259 prs_mem_free(&rpc_in);
264 * If there's not data in the incoming buffer this should be the start of a new RPC.
267 if(prs_offset(&p->in_data.data) == 0) {
270 * AS/U doesn't set FIRST flag in a BIND packet it seems.
273 if ((p->hdr.pkt_type == DCERPC_PKT_REQUEST) && !(p->hdr.flags & DCERPC_PFC_FLAG_FIRST)) {
275 * Ensure that the FIRST flag is set. If not then we have
276 * a stream missmatch.
279 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
280 set_incoming_fault(p);
281 prs_mem_free(&rpc_in);
286 * If this is the first PDU then set the endianness
287 * flag in the pipe. We will need this when parsing all
291 p->endian = rpc_in.bigendian_data;
293 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
294 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
299 * If this is *NOT* the first PDU then check the endianness
300 * flag in the pipe is the same as that in the PDU.
303 if (p->endian != rpc_in.bigendian_data) {
304 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
305 set_incoming_fault(p);
306 prs_mem_free(&rpc_in);
312 * Ensure that the pdu length is sane.
315 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > RPC_MAX_PDU_FRAG_LEN)) {
316 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
317 set_incoming_fault(p);
318 prs_mem_free(&rpc_in);
322 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
323 (unsigned int)p->hdr.flags ));
325 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
327 prs_mem_free(&rpc_in);
329 p->in_data.current_in_pdu = TALLOC_REALLOC_ARRAY(
330 p, p->in_data.current_in_pdu, uint8_t, p->hdr.frag_len);
331 if (p->in_data.current_in_pdu == NULL) {
332 DEBUG(0, ("talloc failed\n"));
333 set_incoming_fault(p);
337 return 0; /* No extra data processed. */
340 /****************************************************************************
341 Call this to free any talloc'ed memory. Do this before and after processing
343 ****************************************************************************/
345 static void free_pipe_context(pipes_struct *p)
348 DEBUG(3,("free_pipe_context: destroying talloc pool of size "
349 "%lu\n", (unsigned long)talloc_total_size(p->mem_ctx) ));
350 talloc_free_children(p->mem_ctx);
352 p->mem_ctx = talloc_init("pipe %s %p", get_pipe_name_tos(p),
354 if (p->mem_ctx == NULL) {
355 p->fault_state = True;
360 /****************************************************************************
361 Processes a request pdu. This will do auth processing if needed, and
362 appends the data into the complete stream if the LAST flag is not set.
363 ****************************************************************************/
365 static bool process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
367 uint32 ss_padding_len = 0;
368 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
369 (p->hdr.auth_len ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
372 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
373 set_incoming_fault(p);
378 * Check if we need to do authentication processing.
379 * This is only done on requests, not binds.
383 * Read the RPC request header.
386 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
387 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
388 set_incoming_fault(p);
392 switch(p->auth.auth_type) {
393 case PIPE_AUTH_TYPE_NONE:
396 case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
397 case PIPE_AUTH_TYPE_NTLMSSP:
400 if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p, &ss_padding_len, &status)) {
401 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
402 DEBUG(0,("process_request_pdu: error was %s.\n", nt_errstr(status) ));
403 set_incoming_fault(p);
409 case PIPE_AUTH_TYPE_SCHANNEL:
410 if (!api_pipe_schannel_process(p, rpc_in_p, &ss_padding_len)) {
411 DEBUG(3,("process_request_pdu: failed to do schannel processing.\n"));
412 set_incoming_fault(p);
418 DEBUG(0,("process_request_pdu: unknown auth type %u set.\n", (unsigned int)p->auth.auth_type ));
419 set_incoming_fault(p);
423 /* Now we've done the sign/seal we can remove any padding data. */
424 if (data_len > ss_padding_len) {
425 data_len -= ss_padding_len;
429 * Check the data length doesn't go over the 15Mb limit.
430 * increased after observing a bug in the Windows NT 4.0 SP6a
431 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
432 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
435 if(prs_offset(&p->in_data.data) + data_len > MAX_RPC_DATA_SIZE) {
436 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
437 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
438 set_incoming_fault(p);
443 * Append the data portion into the buffer and return.
446 if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) {
447 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
448 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
449 set_incoming_fault(p);
453 if(p->hdr.flags & DCERPC_PFC_FLAG_LAST) {
456 * Ok - we finally have a complete RPC stream.
457 * Call the rpc command to process it.
461 * Ensure the internal prs buffer size is *exactly* the same
462 * size as the current offset.
465 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) {
466 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
467 set_incoming_fault(p);
472 * Set the parse offset to the start of the data and set the
473 * prs_struct to UNMARSHALL.
476 prs_set_offset(&p->in_data.data, 0);
477 prs_switch_type(&p->in_data.data, UNMARSHALL);
480 * Process the complete data stream here.
483 free_pipe_context(p);
485 if(pipe_init_outgoing_data(p)) {
486 ret = api_pipe_request(p);
489 free_pipe_context(p);
492 * We have consumed the whole data stream. Set back to
493 * marshalling and set the offset back to the start of
494 * the buffer to re-use it (we could also do a prs_mem_free()
495 * and then re_init on the next start of PDU. Not sure which
496 * is best here.... JRA.
499 prs_switch_type(&p->in_data.data, MARSHALL);
500 prs_set_offset(&p->in_data.data, 0);
507 /****************************************************************************
508 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
509 already been parsed and stored in p->hdr.
510 ****************************************************************************/
512 static void process_complete_pdu(pipes_struct *p)
515 size_t data_len = p->in_data.pdu_received_len - RPC_HEADER_LEN;
516 char *data_p = (char *)&p->in_data.current_in_pdu[RPC_HEADER_LEN];
520 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
521 get_pipe_name_tos(p)));
522 set_incoming_fault(p);
523 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
527 prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL);
530 * Ensure we're using the corrent endianness for both the
531 * RPC header flags and the raw data we will be reading from.
534 prs_set_endian_data( &rpc_in, p->endian);
535 prs_set_endian_data( &p->in_data.data, p->endian);
537 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
539 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
540 (unsigned int)p->hdr.pkt_type ));
542 switch (p->hdr.pkt_type) {
543 case DCERPC_PKT_REQUEST:
544 reply = process_request_pdu(p, &rpc_in);
547 case DCERPC_PKT_PING: /* CL request - ignore... */
548 DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
549 (unsigned int)p->hdr.pkt_type,
550 get_pipe_name_tos(p)));
553 case DCERPC_PKT_RESPONSE: /* No responses here. */
554 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_RESPONSE received from client on pipe %s.\n",
555 get_pipe_name_tos(p)));
558 case DCERPC_PKT_FAULT:
559 case DCERPC_PKT_WORKING: /* CL request - reply to a ping when a call in process. */
560 case DCERPC_PKT_NOCALL: /* CL - server reply to a ping call. */
561 case DCERPC_PKT_REJECT:
563 case DCERPC_PKT_CL_CANCEL:
564 case DCERPC_PKT_FACK:
565 case DCERPC_PKT_CANCEL_ACK:
566 DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
567 (unsigned int)p->hdr.pkt_type,
568 get_pipe_name_tos(p)));
571 case DCERPC_PKT_BIND:
573 * We assume that a pipe bind is only in one pdu.
575 if(pipe_init_outgoing_data(p)) {
576 reply = api_pipe_bind_req(p, &rpc_in);
580 case DCERPC_PKT_BIND_ACK:
581 case DCERPC_PKT_BIND_NAK:
582 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK packet type %u received on pipe %s.\n",
583 (unsigned int)p->hdr.pkt_type,
584 get_pipe_name_tos(p)));
588 case DCERPC_PKT_ALTER:
590 * We assume that a pipe bind is only in one pdu.
592 if(pipe_init_outgoing_data(p)) {
593 reply = api_pipe_alter_context(p, &rpc_in);
597 case DCERPC_PKT_ALTER_RESP:
598 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_ALTER_RESP on pipe %s: Should only be server -> client.\n",
599 get_pipe_name_tos(p)));
602 case DCERPC_PKT_AUTH3:
604 * The third packet in an NTLMSSP auth exchange.
606 if(pipe_init_outgoing_data(p)) {
607 reply = api_pipe_bind_auth3(p, &rpc_in);
611 case DCERPC_PKT_SHUTDOWN:
612 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_SHUTDOWN on pipe %s: Should only be server -> client.\n",
613 get_pipe_name_tos(p)));
616 case DCERPC_PKT_CO_CANCEL:
617 /* For now just free all client data and continue processing. */
618 DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL. Abandoning rpc call.\n"));
619 /* As we never do asynchronous RPC serving, we can never cancel a
620 call (as far as I know). If we ever did we'd have to send a cancel_ack
621 reply. For now, just free all client data and continue processing. */
625 /* Enable this if we're doing async rpc. */
626 /* We must check the call-id matches the outstanding callid. */
627 if(pipe_init_outgoing_data(p)) {
628 /* Send a cancel_ack PDU reply. */
629 /* We should probably check the auth-verifier here. */
630 reply = setup_cancel_ack_reply(p, &rpc_in);
635 case DCERPC_PKT_ORPHANED:
636 /* We should probably check the auth-verifier here.
637 For now just free all client data and continue processing. */
638 DEBUG(3,("process_complete_pdu: DCERPC_PKT_ORPHANED. Abandoning rpc call.\n"));
643 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
647 /* Reset to little endian. Probably don't need this but it won't hurt. */
648 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
651 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
652 "pipe %s\n", get_pipe_name_tos(p)));
653 set_incoming_fault(p);
654 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
655 prs_mem_free(&rpc_in);
658 * Reset the lengths. We're ready for a new pdu.
660 TALLOC_FREE(p->in_data.current_in_pdu);
661 p->in_data.pdu_needed_len = 0;
662 p->in_data.pdu_received_len = 0;
665 prs_mem_free(&rpc_in);
668 /****************************************************************************
669 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
670 ****************************************************************************/
672 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
674 size_t data_to_copy = MIN(n, RPC_MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
676 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
677 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
680 if(data_to_copy == 0) {
682 * This is an error - data is being received and there is no
683 * space in the PDU. Free the received data and go into the fault state.
685 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
686 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
687 set_incoming_fault(p);
692 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
693 * number of bytes before we can do anything.
696 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
698 * Always return here. If we have more data then the RPC_HEADER
699 * will be processed the next time around the loop.
701 return fill_rpc_header(p, data, data_to_copy);
705 * At this point we know we have at least an RPC_HEADER_LEN amount of data
706 * stored in current_in_pdu.
710 * If pdu_needed_len is zero this is a new pdu.
711 * Unmarshall the header so we know how much more
712 * data we need, then loop again.
715 if(p->in_data.pdu_needed_len == 0) {
716 ssize_t rret = unmarshall_rpc_header(p);
717 if (rret == -1 || p->in_data.pdu_needed_len > 0) {
720 /* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists
721 of an RPC_HEADER only. This is a DCERPC_PKT_SHUTDOWN, DCERPC_PKT_CO_CANCEL or DCERPC_PKT_ORPHANED
722 pdu type. Deal with this in process_complete_pdu(). */
726 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
727 * Keep reading until we have a full pdu.
730 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
733 * Copy as much of the data as we need into the current_in_pdu buffer.
734 * pdu_needed_len becomes zero when we have a complete pdu.
737 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
738 p->in_data.pdu_received_len += data_to_copy;
739 p->in_data.pdu_needed_len -= data_to_copy;
742 * Do we have a complete PDU ?
743 * (return the number of bytes handled in the call)
746 if(p->in_data.pdu_needed_len == 0) {
747 process_complete_pdu(p);
751 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
752 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
754 return (ssize_t)data_to_copy;
757 /****************************************************************************
758 Accepts incoming data on an internal rpc pipe.
759 ****************************************************************************/
761 static ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n)
763 size_t data_left = n;
768 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
770 data_used = process_incoming_data(p, data, data_left);
772 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
778 data_left -= data_used;
785 /****************************************************************************
786 Replies to a request to read data from a pipe.
788 Headers are interspersed with the data at PDU intervals. By the time
789 this function is called, the start of the data could possibly have been
790 read by an SMBtrans (file_offset != 0).
792 Calling create_rpc_reply() here is a hack. The data should already
793 have been prepared into arrays of headers + data stream sections.
794 ****************************************************************************/
796 static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_t n,
797 bool *is_data_outstanding)
799 uint32 pdu_remaining = 0;
800 ssize_t data_returned = 0;
803 DEBUG(0,("read_from_pipe: pipe not open\n"));
807 DEBUG(6,(" name: %s len: %u\n", get_pipe_name_tos(p),
811 * We cannot return more than one PDU length per
816 * This condition should result in the connection being closed.
817 * Netapp filers seem to set it to 0xffff which results in domain
818 * authentications failing. Just ignore it so things work.
821 if(n > RPC_MAX_PDU_FRAG_LEN) {
822 DEBUG(5,("read_from_pipe: too large read (%u) requested on "
823 "pipe %s. We can only service %d sized reads.\n",
824 (unsigned int)n, get_pipe_name_tos(p),
825 RPC_MAX_PDU_FRAG_LEN ));
826 n = RPC_MAX_PDU_FRAG_LEN;
830 * Determine if there is still data to send in the
831 * pipe PDU buffer. Always send this first. Never
832 * send more than is left in the current PDU. The
833 * client should send a new read request for a new
837 pdu_remaining = prs_offset(&p->out_data.frag)
838 - p->out_data.current_pdu_sent;
840 if (pdu_remaining > 0) {
841 data_returned = (ssize_t)MIN(n, pdu_remaining);
843 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, "
844 "current_pdu_sent = %u returning %d bytes.\n",
845 get_pipe_name_tos(p),
846 (unsigned int)prs_offset(&p->out_data.frag),
847 (unsigned int)p->out_data.current_pdu_sent,
848 (int)data_returned));
851 prs_data_p(&p->out_data.frag)
852 + p->out_data.current_pdu_sent,
855 p->out_data.current_pdu_sent += (uint32)data_returned;
860 * At this point p->current_pdu_len == p->current_pdu_sent (which
861 * may of course be zero if this is the first return fragment.
864 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length "
865 "= %u, prs_offset(&p->out_data.rdata) = %u.\n",
866 get_pipe_name_tos(p), (int)p->fault_state,
867 (unsigned int)p->out_data.data_sent_length,
868 (unsigned int)prs_offset(&p->out_data.rdata) ));
870 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
872 * We have sent all possible data, return 0.
879 * We need to create a new PDU from the data left in p->rdata.
880 * Create the header/data/footers. This also sets up the fields
881 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
882 * and stores the outgoing PDU in p->current_pdu.
885 if(!create_next_pdu(p)) {
886 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n",
887 get_pipe_name_tos(p)));
891 data_returned = MIN(n, prs_offset(&p->out_data.frag));
893 memcpy( data, prs_data_p(&p->out_data.frag), (size_t)data_returned);
894 p->out_data.current_pdu_sent += (uint32)data_returned;
897 (*is_data_outstanding) = prs_offset(&p->out_data.frag) > n;
899 return data_returned;
902 /****************************************************************************
904 ****************************************************************************/
906 static int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
909 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
913 prs_mem_free(&p->out_data.frag);
914 prs_mem_free(&p->out_data.rdata);
915 prs_mem_free(&p->in_data.data);
917 if (p->auth.auth_data_free_func) {
918 (*p->auth.auth_data_free_func)(&p->auth);
921 TALLOC_FREE(p->mem_ctx);
923 free_pipe_rpc_context( p->contexts );
925 /* Free the handles database. */
926 close_policy_by_pipe(p);
928 DLIST_REMOVE(InternalPipes, p);
937 bool fsp_is_np(struct files_struct *fsp)
939 enum FAKE_FILE_TYPE type;
941 if ((fsp == NULL) || (fsp->fake_file_handle == NULL)) {
945 type = fsp->fake_file_handle->type;
947 return ((type == FAKE_FILE_TYPE_NAMED_PIPE)
948 || (type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY));
951 struct np_proxy_state {
952 struct tevent_queue *read_queue;
953 struct tevent_queue *write_queue;
960 static int np_proxy_state_destructor(struct np_proxy_state *state)
962 if (state->fd != -1) {
968 static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
969 const char *pipe_name,
970 struct auth_serversupplied_info *server_info)
972 struct np_proxy_state *result;
973 struct sockaddr_un addr;
975 const char *socket_dir;
978 struct netr_SamInfo3 *info3;
979 struct named_pipe_auth_req req;
982 struct named_pipe_auth_rep rep;
983 enum ndr_err_code ndr_err;
987 result = talloc(mem_ctx, struct np_proxy_state);
988 if (result == NULL) {
989 DEBUG(0, ("talloc failed\n"));
993 result->fd = socket(AF_UNIX, SOCK_STREAM, 0);
994 if (result->fd == -1) {
995 DEBUG(10, ("socket(2) failed: %s\n", strerror(errno)));
998 talloc_set_destructor(result, np_proxy_state_destructor);
1001 addr.sun_family = AF_UNIX;
1003 socket_dir = lp_parm_const_string(
1004 GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
1005 get_dyn_NCALRPCDIR());
1006 if (socket_dir == NULL) {
1007 DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n"));
1011 socket_path = talloc_asprintf(talloc_tos(), "%s/np/%s",
1012 socket_dir, pipe_name);
1013 if (socket_path == NULL) {
1014 DEBUG(0, ("talloc_asprintf failed\n"));
1017 strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
1018 TALLOC_FREE(socket_path);
1021 if (sys_connect(result->fd, (struct sockaddr *)&addr) == -1) {
1023 DEBUG(0, ("connect(%s) failed: %s\n", addr.sun_path,
1029 info3 = talloc(talloc_tos(), struct netr_SamInfo3);
1030 if (info3 == NULL) {
1031 DEBUG(0, ("talloc failed\n"));
1035 status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
1036 if (!NT_STATUS_IS_OK(status)) {
1038 DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
1039 nt_errstr(status)));
1044 req.info.info1 = *info3;
1046 ndr_err = ndr_push_struct_blob(
1047 &req_blob, talloc_tos(), NULL, &req,
1048 (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req);
1050 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1051 DEBUG(10, ("ndr_push_named_pipe_auth_req failed: %s\n",
1052 ndr_errstr(ndr_err)));
1056 DEBUG(10, ("named_pipe_auth_req(client)[%u]\n", (uint32_t)req_blob.length));
1057 dump_data(10, req_blob.data, req_blob.length);
1059 written = write_data(result->fd, (char *)req_blob.data,
1061 if (written == -1) {
1062 DEBUG(3, ("Could not write auth req data to RPC server\n"));
1066 status = read_data(result->fd, (char *)rep_buf, sizeof(rep_buf));
1067 if (!NT_STATUS_IS_OK(status)) {
1068 DEBUG(3, ("Could not read auth result\n"));
1072 rep_blob = data_blob_const(rep_buf, sizeof(rep_buf));
1074 DEBUG(10,("name_pipe_auth_rep(client)[%u]\n", (uint32_t)rep_blob.length));
1075 dump_data(10, rep_blob.data, rep_blob.length);
1077 ndr_err = ndr_pull_struct_blob(
1078 &rep_blob, talloc_tos(), NULL, &rep,
1079 (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_rep);
1081 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1082 DEBUG(0, ("ndr_pull_named_pipe_auth_rep failed: %s\n",
1083 ndr_errstr(ndr_err)));
1087 if (rep.length != 16) {
1088 DEBUG(0, ("req invalid length: %u != 16\n",
1093 if (strcmp(NAMED_PIPE_AUTH_MAGIC, rep.magic) != 0) {
1094 DEBUG(0, ("req invalid magic: %s != %s\n",
1095 rep.magic, NAMED_PIPE_AUTH_MAGIC));
1099 if (!NT_STATUS_IS_OK(rep.status)) {
1100 DEBUG(0, ("req failed: %s\n",
1101 nt_errstr(rep.status)));
1105 if (rep.level != 1) {
1106 DEBUG(0, ("req invalid level: %u != 1\n",
1113 result->read_queue = tevent_queue_create(result, "np_read");
1114 if (result->read_queue == NULL) {
1117 result->write_queue = tevent_queue_create(result, "np_write");
1118 if (result->write_queue == NULL) {
1125 TALLOC_FREE(result);
1129 NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
1130 const char *client_address,
1131 struct auth_serversupplied_info *server_info,
1132 struct fake_file_handle **phandle)
1134 const char **proxy_list;
1135 struct fake_file_handle *handle;
1137 proxy_list = lp_parm_string_list(-1, "np", "proxy", NULL);
1139 handle = talloc(mem_ctx, struct fake_file_handle);
1140 if (handle == NULL) {
1141 return NT_STATUS_NO_MEMORY;
1144 if ((proxy_list != NULL) && str_list_check_ci(proxy_list, name)) {
1145 struct np_proxy_state *p;
1147 p = make_external_rpc_pipe_p(handle, name, server_info);
1149 handle->type = FAKE_FILE_TYPE_NAMED_PIPE_PROXY;
1150 handle->private_data = p;
1152 struct pipes_struct *p;
1153 struct ndr_syntax_id syntax;
1155 if (!is_known_pipename(name, &syntax)) {
1156 TALLOC_FREE(handle);
1157 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1160 p = make_internal_rpc_pipe_p(handle, &syntax, client_address,
1163 handle->type = FAKE_FILE_TYPE_NAMED_PIPE;
1164 handle->private_data = p;
1167 if (handle->private_data == NULL) {
1168 TALLOC_FREE(handle);
1169 return NT_STATUS_PIPE_NOT_AVAILABLE;
1174 return NT_STATUS_OK;
1177 struct np_write_state {
1178 struct event_context *ev;
1179 struct np_proxy_state *p;
1184 static void np_write_done(struct tevent_req *subreq);
1186 struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
1187 struct fake_file_handle *handle,
1188 const uint8_t *data, size_t len)
1190 struct tevent_req *req;
1191 struct np_write_state *state;
1194 DEBUG(6, ("np_write_send: len: %d\n", (int)len));
1195 dump_data(50, data, len);
1197 req = tevent_req_create(mem_ctx, &state, struct np_write_state);
1203 state->nwritten = 0;
1204 status = NT_STATUS_OK;
1208 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {
1209 struct pipes_struct *p = talloc_get_type_abort(
1210 handle->private_data, struct pipes_struct);
1212 state->nwritten = write_to_internal_pipe(p, (char *)data, len);
1214 status = (state->nwritten >= 0)
1215 ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
1219 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) {
1220 struct np_proxy_state *p = talloc_get_type_abort(
1221 handle->private_data, struct np_proxy_state);
1222 struct tevent_req *subreq;
1226 state->iov.iov_base = CONST_DISCARD(void *, data);
1227 state->iov.iov_len = len;
1229 subreq = writev_send(state, ev, p->write_queue, p->fd,
1230 false, &state->iov, 1);
1231 if (subreq == NULL) {
1234 tevent_req_set_callback(subreq, np_write_done, req);
1238 status = NT_STATUS_INVALID_HANDLE;
1240 if (NT_STATUS_IS_OK(status)) {
1241 tevent_req_done(req);
1243 tevent_req_nterror(req, status);
1245 return tevent_req_post(req, ev);
1251 static void np_write_done(struct tevent_req *subreq)
1253 struct tevent_req *req = tevent_req_callback_data(
1254 subreq, struct tevent_req);
1255 struct np_write_state *state = tevent_req_data(
1256 req, struct np_write_state);
1260 received = writev_recv(subreq, &err);
1262 tevent_req_nterror(req, map_nt_error_from_unix(err));
1265 state->nwritten = received;
1266 tevent_req_done(req);
1269 NTSTATUS np_write_recv(struct tevent_req *req, ssize_t *pnwritten)
1271 struct np_write_state *state = tevent_req_data(
1272 req, struct np_write_state);
1275 if (tevent_req_is_nterror(req, &status)) {
1278 *pnwritten = state->nwritten;
1279 return NT_STATUS_OK;
1282 static ssize_t rpc_frag_more_fn(uint8_t *buf, size_t buflen, void *priv)
1285 struct rpc_hdr_info hdr;
1288 if (buflen > RPC_HEADER_LEN) {
1291 prs_init_empty(&hdr_prs, talloc_tos(), UNMARSHALL);
1292 prs_give_memory(&hdr_prs, (char *)buf, RPC_HEADER_LEN, false);
1293 ret = smb_io_rpc_hdr("", &hdr, &hdr_prs, 0);
1294 prs_mem_free(&hdr_prs);
1300 return (hdr.frag_len - RPC_HEADER_LEN);
1303 struct np_read_state {
1304 struct event_context *ev;
1305 struct np_proxy_state *p;
1310 bool is_data_outstanding;
1313 static void np_read_trigger(struct tevent_req *req, void *private_data);
1314 static void np_read_done(struct tevent_req *subreq);
1316 struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
1317 struct fake_file_handle *handle,
1318 uint8_t *data, size_t len)
1320 struct tevent_req *req;
1321 struct np_read_state *state;
1324 req = tevent_req_create(mem_ctx, &state, struct np_read_state);
1329 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {
1330 struct pipes_struct *p = talloc_get_type_abort(
1331 handle->private_data, struct pipes_struct);
1333 state->nread = read_from_internal_pipe(
1334 p, (char *)data, len, &state->is_data_outstanding);
1336 status = (state->nread >= 0)
1337 ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
1341 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) {
1342 struct np_proxy_state *p = talloc_get_type_abort(
1343 handle->private_data, struct np_proxy_state);
1345 if (p->msg != NULL) {
1348 thistime = MIN(talloc_get_size(p->msg) - p->sent,
1351 memcpy(data, p->msg+p->sent, thistime);
1352 state->nread = thistime;
1353 p->sent += thistime;
1355 if (p->sent < talloc_get_size(p->msg)) {
1356 state->is_data_outstanding = true;
1358 state->is_data_outstanding = false;
1359 TALLOC_FREE(p->msg);
1361 status = NT_STATUS_OK;
1370 if (!tevent_queue_add(p->read_queue, ev, req, np_read_trigger,
1377 status = NT_STATUS_INVALID_HANDLE;
1379 if (NT_STATUS_IS_OK(status)) {
1380 tevent_req_done(req);
1382 tevent_req_nterror(req, status);
1384 return tevent_req_post(req, ev);
1390 static void np_read_trigger(struct tevent_req *req, void *private_data)
1392 struct np_read_state *state = tevent_req_data(
1393 req, struct np_read_state);
1394 struct tevent_req *subreq;
1396 subreq = read_packet_send(state, state->ev, state->p->fd,
1397 RPC_HEADER_LEN, rpc_frag_more_fn, NULL);
1398 if (tevent_req_nomem(subreq, req)) {
1401 tevent_req_set_callback(subreq, np_read_done, req);
1404 static void np_read_done(struct tevent_req *subreq)
1406 struct tevent_req *req = tevent_req_callback_data(
1407 subreq, struct tevent_req);
1408 struct np_read_state *state = tevent_req_data(
1409 req, struct np_read_state);
1414 received = read_packet_recv(subreq, state->p, &state->p->msg, &err);
1415 TALLOC_FREE(subreq);
1416 if (received == -1) {
1417 tevent_req_nterror(req, map_nt_error_from_unix(err));
1421 thistime = MIN(received, state->len);
1423 memcpy(state->data, state->p->msg, thistime);
1424 state->p->sent = thistime;
1425 state->nread = thistime;
1427 if (state->p->sent < received) {
1428 state->is_data_outstanding = true;
1430 TALLOC_FREE(state->p->msg);
1431 state->is_data_outstanding = false;
1434 tevent_req_done(req);
1438 NTSTATUS np_read_recv(struct tevent_req *req, ssize_t *nread,
1439 bool *is_data_outstanding)
1441 struct np_read_state *state = tevent_req_data(
1442 req, struct np_read_state);
1445 if (tevent_req_is_nterror(req, &status)) {
1448 *nread = state->nread;
1449 *is_data_outstanding = state->is_data_outstanding;
1450 return NT_STATUS_OK;
1454 * Create a new RPC client context which uses a local dispatch function.
1456 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
1457 const struct ndr_syntax_id *abstract_syntax,
1458 NTSTATUS (*dispatch) (struct rpc_pipe_client *cli,
1459 TALLOC_CTX *mem_ctx,
1460 const char *interface,
1461 uint32_t interface_version,
1462 uint32_t opnum, void *r),
1463 struct auth_serversupplied_info *serversupplied_info,
1464 struct rpc_pipe_client **presult)
1466 struct rpc_pipe_client *result;
1468 result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
1469 if (result == NULL) {
1470 return NT_STATUS_NO_MEMORY;
1473 result->abstract_syntax = *abstract_syntax;
1474 result->transfer_syntax = ndr_transfer_syntax;
1475 result->dispatch = dispatch;
1477 result->pipes_struct = make_internal_rpc_pipe_p(
1478 result, abstract_syntax, "", serversupplied_info);
1479 if (result->pipes_struct == NULL) {
1480 TALLOC_FREE(result);
1481 return NT_STATUS_NO_MEMORY;
1484 result->max_xmit_frag = -1;
1485 result->max_recv_frag = -1;
1488 return NT_STATUS_OK;
1491 /*******************************************************************
1492 gets a domain user's groups from their already-calculated NT_USER_TOKEN
1493 ********************************************************************/
1495 static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
1496 const DOM_SID *domain_sid,
1498 const DOM_SID *sids,
1500 struct samr_RidWithAttribute **pgids)
1507 for (i=0; i<num_sids; i++) {
1508 struct samr_RidWithAttribute gid;
1509 if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.rid)) {
1512 gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
1514 ADD_TO_ARRAY(mem_ctx, struct samr_RidWithAttribute,
1515 gid, pgids, numgroups);
1516 if (*pgids == NULL) {
1517 return NT_STATUS_NO_MEMORY;
1520 return NT_STATUS_OK;
1523 /****************************************************************************
1524 inits a netr_SamBaseInfo structure from an auth_serversupplied_info.
1525 *****************************************************************************/
1527 static NTSTATUS serverinfo_to_SamInfo_base(TALLOC_CTX *mem_ctx,
1528 struct auth_serversupplied_info *server_info,
1529 uint8_t *pipe_session_key,
1530 size_t pipe_session_key_len,
1531 struct netr_SamBaseInfo *base)
1534 struct samr_RidWithAttribute *gids = NULL;
1535 const DOM_SID *user_sid = NULL;
1536 const DOM_SID *group_sid = NULL;
1538 uint32 user_rid, group_rid;
1542 const char *my_name;
1544 struct netr_UserSessionKey user_session_key;
1545 struct netr_LMSessionKey lm_session_key;
1547 NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
1548 NTTIME allow_password_change, force_password_change;
1549 struct samr_RidWithAttributeArray groups;
1551 struct dom_sid2 *sid = NULL;
1553 ZERO_STRUCT(user_session_key);
1554 ZERO_STRUCT(lm_session_key);
1556 sampw = server_info->sam_account;
1558 user_sid = pdb_get_user_sid(sampw);
1559 group_sid = pdb_get_group_sid(sampw);
1561 if (pipe_session_key && pipe_session_key_len != 16) {
1562 DEBUG(0,("serverinfo_to_SamInfo3: invalid "
1563 "pipe_session_key_len[%zu] != 16\n",
1564 pipe_session_key_len));
1565 return NT_STATUS_INTERNAL_ERROR;
1568 if ((user_sid == NULL) || (group_sid == NULL)) {
1569 DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
1570 return NT_STATUS_UNSUCCESSFUL;
1573 sid_copy(&domain_sid, user_sid);
1574 sid_split_rid(&domain_sid, &user_rid);
1576 sid = sid_dup_talloc(mem_ctx, &domain_sid);
1578 return NT_STATUS_NO_MEMORY;
1581 if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
1582 DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
1583 "%s\n but group sid %s.\n"
1584 "The conflicting domain portions are not "
1585 "supported for NETLOGON calls\n",
1586 pdb_get_domain(sampw),
1587 pdb_get_username(sampw),
1588 sid_string_dbg(user_sid),
1589 sid_string_dbg(group_sid)));
1590 return NT_STATUS_UNSUCCESSFUL;
1593 if(server_info->login_server) {
1594 my_name = server_info->login_server;
1596 my_name = global_myname();
1599 status = nt_token_to_group_list(mem_ctx, &domain_sid,
1600 server_info->num_sids,
1604 if (!NT_STATUS_IS_OK(status)) {
1608 if (server_info->user_session_key.length) {
1609 memcpy(user_session_key.key,
1610 server_info->user_session_key.data,
1611 MIN(sizeof(user_session_key.key),
1612 server_info->user_session_key.length));
1613 if (pipe_session_key) {
1614 arcfour_crypt(user_session_key.key, pipe_session_key, 16);
1617 if (server_info->lm_session_key.length) {
1618 memcpy(lm_session_key.key,
1619 server_info->lm_session_key.data,
1620 MIN(sizeof(lm_session_key.key),
1621 server_info->lm_session_key.length));
1622 if (pipe_session_key) {
1623 arcfour_crypt(lm_session_key.key, pipe_session_key, 8);
1627 groups.count = num_gids;
1628 groups.rids = TALLOC_ARRAY(mem_ctx, struct samr_RidWithAttribute, groups.count);
1630 return NT_STATUS_NO_MEMORY;
1633 for (i=0; i < groups.count; i++) {
1634 groups.rids[i].rid = gids[i].rid;
1635 groups.rids[i].attributes = gids[i].attributes;
1638 unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
1639 unix_to_nt_time(&last_logoff, get_time_t_max());
1640 unix_to_nt_time(&acct_expiry, get_time_t_max());
1641 unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
1642 unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
1643 unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
1645 base->last_logon = last_logon;
1646 base->last_logoff = last_logoff;
1647 base->acct_expiry = acct_expiry;
1648 base->last_password_change = last_password_change;
1649 base->allow_password_change = allow_password_change;
1650 base->force_password_change = force_password_change;
1651 base->account_name.string = talloc_strdup(mem_ctx, pdb_get_username(sampw));
1652 base->full_name.string = talloc_strdup(mem_ctx, pdb_get_fullname(sampw));
1653 base->logon_script.string = talloc_strdup(mem_ctx, pdb_get_logon_script(sampw));
1654 base->profile_path.string = talloc_strdup(mem_ctx, pdb_get_profile_path(sampw));
1655 base->home_directory.string = talloc_strdup(mem_ctx, pdb_get_homedir(sampw));
1656 base->home_drive.string = talloc_strdup(mem_ctx, pdb_get_dir_drive(sampw));
1657 base->logon_count = 0; /* ?? */
1658 base->bad_password_count = 0; /* ?? */
1659 base->rid = user_rid;
1660 base->primary_gid = group_rid;
1661 base->groups = groups;
1662 base->user_flags = NETLOGON_EXTRA_SIDS;
1663 base->key = user_session_key;
1664 base->logon_server.string = talloc_strdup(mem_ctx, my_name);
1665 base->domain.string = talloc_strdup(mem_ctx, pdb_get_domain(sampw));
1666 base->domain_sid = sid;
1667 base->LMSessKey = lm_session_key;
1668 base->acct_flags = pdb_get_acct_ctrl(sampw);
1670 ZERO_STRUCT(user_session_key);
1671 ZERO_STRUCT(lm_session_key);
1673 return NT_STATUS_OK;
1676 /****************************************************************************
1677 inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
1678 already be initialized and is used as the talloc parent for its members.
1679 *****************************************************************************/
1681 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
1682 uint8_t *pipe_session_key,
1683 size_t pipe_session_key_len,
1684 struct netr_SamInfo2 *sam2)
1688 status = serverinfo_to_SamInfo_base(sam2,
1691 pipe_session_key_len,
1693 if (!NT_STATUS_IS_OK(status)) {
1697 return NT_STATUS_OK;
1700 /****************************************************************************
1701 inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
1702 already be initialized and is used as the talloc parent for its members.
1703 *****************************************************************************/
1705 NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
1706 uint8_t *pipe_session_key,
1707 size_t pipe_session_key_len,
1708 struct netr_SamInfo3 *sam3)
1712 status = serverinfo_to_SamInfo_base(sam3,
1715 pipe_session_key_len,
1717 if (!NT_STATUS_IS_OK(status)) {
1724 return NT_STATUS_OK;
1727 /****************************************************************************
1728 inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
1729 already be initialized and is used as the talloc parent for its members.
1730 *****************************************************************************/
1732 NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
1733 uint8_t *pipe_session_key,
1734 size_t pipe_session_key_len,
1735 struct netr_SamInfo6 *sam6)
1738 struct pdb_domain_info *dominfo;
1740 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
1741 DEBUG(10,("Not adding validation info level 6 "
1742 "without ADS passdb backend\n"));
1743 return NT_STATUS_INVALID_INFO_CLASS;
1746 dominfo = pdb_get_domain_info(sam6);
1747 if (dominfo == NULL) {
1748 return NT_STATUS_NO_MEMORY;
1751 status = serverinfo_to_SamInfo_base(sam6,
1754 pipe_session_key_len,
1756 if (!NT_STATUS_IS_OK(status)) {
1763 sam6->forest.string = talloc_strdup(sam6, dominfo->dns_forest);
1764 if (sam6->forest.string == NULL) {
1765 return NT_STATUS_NO_MEMORY;
1768 sam6->principle.string = talloc_asprintf(sam6, "%s@%s",
1769 pdb_get_username(server_info->sam_account),
1770 dominfo->dns_domain);
1771 if (sam6->principle.string == NULL) {
1772 return NT_STATUS_NO_MEMORY;
1775 return NT_STATUS_OK;