2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client routines
4 * Largely rewritten by Jeremy Allison 2005.
5 * Heavily modified by Simo Sorce 2010.
6 * Copyright Andrew Bartlett 2011.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include "../lib/util/tevent_ntstatus.h"
24 #include "librpc/gen_ndr/ndr_epmapper_c.h"
25 #include "../librpc/gen_ndr/ndr_schannel.h"
26 #include "../librpc/gen_ndr/ndr_dssetup.h"
27 #include "../libcli/auth/schannel.h"
28 #include "../libcli/auth/spnego.h"
29 #include "../auth/ntlmssp/ntlmssp.h"
30 #include "auth_generic.h"
31 #include "librpc/gen_ndr/ndr_dcerpc.h"
32 #include "librpc/rpc/dcerpc.h"
35 #include "libsmb/libsmb.h"
36 #include "auth/gensec/gensec.h"
37 #include "auth/credentials/credentials.h"
38 #include "../libcli/smb/smbXcli_base.h"
41 #define DBGC_CLASS DBGC_RPC_CLI
43 /********************************************************************
44 Pipe description for a DEBUG
45 ********************************************************************/
46 static const char *rpccli_pipe_txt(TALLOC_CTX *mem_ctx,
47 struct rpc_pipe_client *cli)
49 char *result = talloc_asprintf(mem_ctx, "host %s", cli->desthost);
56 /********************************************************************
58 ********************************************************************/
60 static uint32 get_rpc_call_id(void)
62 static uint32 call_id = 0;
66 /*******************************************************************
67 Use SMBreadX to get rest of one fragment's worth of rpc data.
68 Reads the whole size or give an error message
69 ********************************************************************/
71 struct rpc_read_state {
72 struct event_context *ev;
73 struct rpc_cli_transport *transport;
79 static void rpc_read_done(struct tevent_req *subreq);
81 static struct tevent_req *rpc_read_send(TALLOC_CTX *mem_ctx,
82 struct event_context *ev,
83 struct rpc_cli_transport *transport,
84 uint8_t *data, size_t size)
86 struct tevent_req *req, *subreq;
87 struct rpc_read_state *state;
89 req = tevent_req_create(mem_ctx, &state, struct rpc_read_state);
94 state->transport = transport;
99 DEBUG(5, ("rpc_read_send: data_to_read: %u\n", (unsigned int)size));
101 subreq = transport->read_send(state, ev, (uint8_t *)data, size,
103 if (subreq == NULL) {
106 tevent_req_set_callback(subreq, rpc_read_done, req);
114 static void rpc_read_done(struct tevent_req *subreq)
116 struct tevent_req *req = tevent_req_callback_data(
117 subreq, struct tevent_req);
118 struct rpc_read_state *state = tevent_req_data(
119 req, struct rpc_read_state);
123 status = state->transport->read_recv(subreq, &received);
125 if (!NT_STATUS_IS_OK(status)) {
126 tevent_req_nterror(req, status);
130 state->num_read += received;
131 if (state->num_read == state->size) {
132 tevent_req_done(req);
136 subreq = state->transport->read_send(state, state->ev,
137 state->data + state->num_read,
138 state->size - state->num_read,
139 state->transport->priv);
140 if (tevent_req_nomem(subreq, req)) {
143 tevent_req_set_callback(subreq, rpc_read_done, req);
146 static NTSTATUS rpc_read_recv(struct tevent_req *req)
148 return tevent_req_simple_recv_ntstatus(req);
151 struct rpc_write_state {
152 struct event_context *ev;
153 struct rpc_cli_transport *transport;
159 static void rpc_write_done(struct tevent_req *subreq);
161 static struct tevent_req *rpc_write_send(TALLOC_CTX *mem_ctx,
162 struct event_context *ev,
163 struct rpc_cli_transport *transport,
164 const uint8_t *data, size_t size)
166 struct tevent_req *req, *subreq;
167 struct rpc_write_state *state;
169 req = tevent_req_create(mem_ctx, &state, struct rpc_write_state);
174 state->transport = transport;
177 state->num_written = 0;
179 DEBUG(5, ("rpc_write_send: data_to_write: %u\n", (unsigned int)size));
181 subreq = transport->write_send(state, ev, data, size, transport->priv);
182 if (subreq == NULL) {
185 tevent_req_set_callback(subreq, rpc_write_done, req);
192 static void rpc_write_done(struct tevent_req *subreq)
194 struct tevent_req *req = tevent_req_callback_data(
195 subreq, struct tevent_req);
196 struct rpc_write_state *state = tevent_req_data(
197 req, struct rpc_write_state);
201 status = state->transport->write_recv(subreq, &written);
203 if (!NT_STATUS_IS_OK(status)) {
204 tevent_req_nterror(req, status);
208 state->num_written += written;
210 if (state->num_written == state->size) {
211 tevent_req_done(req);
215 subreq = state->transport->write_send(state, state->ev,
216 state->data + state->num_written,
217 state->size - state->num_written,
218 state->transport->priv);
219 if (tevent_req_nomem(subreq, req)) {
222 tevent_req_set_callback(subreq, rpc_write_done, req);
225 static NTSTATUS rpc_write_recv(struct tevent_req *req)
227 return tevent_req_simple_recv_ntstatus(req);
231 /****************************************************************************
232 Try and get a PDU's worth of data from current_pdu. If not, then read more
234 ****************************************************************************/
236 struct get_complete_frag_state {
237 struct event_context *ev;
238 struct rpc_pipe_client *cli;
243 static void get_complete_frag_got_header(struct tevent_req *subreq);
244 static void get_complete_frag_got_rest(struct tevent_req *subreq);
246 static struct tevent_req *get_complete_frag_send(TALLOC_CTX *mem_ctx,
247 struct event_context *ev,
248 struct rpc_pipe_client *cli,
251 struct tevent_req *req, *subreq;
252 struct get_complete_frag_state *state;
256 req = tevent_req_create(mem_ctx, &state,
257 struct get_complete_frag_state);
263 state->frag_len = RPC_HEADER_LEN;
266 received = pdu->length;
267 if (received < RPC_HEADER_LEN) {
268 if (!data_blob_realloc(mem_ctx, pdu, RPC_HEADER_LEN)) {
269 status = NT_STATUS_NO_MEMORY;
272 subreq = rpc_read_send(state, state->ev,
273 state->cli->transport,
274 pdu->data + received,
275 RPC_HEADER_LEN - received);
276 if (subreq == NULL) {
277 status = NT_STATUS_NO_MEMORY;
280 tevent_req_set_callback(subreq, get_complete_frag_got_header,
285 state->frag_len = dcerpc_get_frag_length(pdu);
288 * Ensure we have frag_len bytes of data.
290 if (received < state->frag_len) {
291 if (!data_blob_realloc(NULL, pdu, state->frag_len)) {
292 status = NT_STATUS_NO_MEMORY;
295 subreq = rpc_read_send(state, state->ev,
296 state->cli->transport,
297 pdu->data + received,
298 state->frag_len - received);
299 if (subreq == NULL) {
300 status = NT_STATUS_NO_MEMORY;
303 tevent_req_set_callback(subreq, get_complete_frag_got_rest,
308 status = NT_STATUS_OK;
310 if (NT_STATUS_IS_OK(status)) {
311 tevent_req_done(req);
313 tevent_req_nterror(req, status);
315 return tevent_req_post(req, ev);
318 static void get_complete_frag_got_header(struct tevent_req *subreq)
320 struct tevent_req *req = tevent_req_callback_data(
321 subreq, struct tevent_req);
322 struct get_complete_frag_state *state = tevent_req_data(
323 req, struct get_complete_frag_state);
326 status = rpc_read_recv(subreq);
328 if (!NT_STATUS_IS_OK(status)) {
329 tevent_req_nterror(req, status);
333 state->frag_len = dcerpc_get_frag_length(state->pdu);
335 if (!data_blob_realloc(NULL, state->pdu, state->frag_len)) {
336 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
341 * We're here in this piece of code because we've read exactly
342 * RPC_HEADER_LEN bytes into state->pdu.
345 subreq = rpc_read_send(state, state->ev, state->cli->transport,
346 state->pdu->data + RPC_HEADER_LEN,
347 state->frag_len - RPC_HEADER_LEN);
348 if (tevent_req_nomem(subreq, req)) {
351 tevent_req_set_callback(subreq, get_complete_frag_got_rest, req);
354 static void get_complete_frag_got_rest(struct tevent_req *subreq)
356 struct tevent_req *req = tevent_req_callback_data(
357 subreq, struct tevent_req);
360 status = rpc_read_recv(subreq);
362 if (!NT_STATUS_IS_OK(status)) {
363 tevent_req_nterror(req, status);
366 tevent_req_done(req);
369 static NTSTATUS get_complete_frag_recv(struct tevent_req *req)
371 return tevent_req_simple_recv_ntstatus(req);
374 /****************************************************************************
375 Do basic authentication checks on an incoming pdu.
376 ****************************************************************************/
378 static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
379 struct rpc_pipe_client *cli,
380 struct ncacn_packet *pkt,
382 uint8_t expected_pkt_type,
384 DATA_BLOB *reply_pdu)
386 struct dcerpc_response *r;
387 NTSTATUS ret = NT_STATUS_OK;
391 * Point the return values at the real data including the RPC
392 * header. Just in case the caller wants it.
396 /* Ensure we have the correct type. */
397 switch (pkt->ptype) {
398 case DCERPC_PKT_ALTER_RESP:
399 case DCERPC_PKT_BIND_ACK:
401 /* Client code never receives this kind of packets */
405 case DCERPC_PKT_RESPONSE:
407 r = &pkt->u.response;
409 /* Here's where we deal with incoming sign/seal. */
410 ret = dcerpc_check_auth(cli->auth, pkt,
411 &r->stub_and_verifier,
412 DCERPC_RESPONSE_LENGTH,
414 if (!NT_STATUS_IS_OK(ret)) {
418 if (pkt->frag_length < DCERPC_RESPONSE_LENGTH + pad_len) {
419 return NT_STATUS_BUFFER_TOO_SMALL;
422 /* Point the return values at the NDR data. */
423 rdata->data = r->stub_and_verifier.data;
425 if (pkt->auth_length) {
426 /* We've already done integer wrap tests in
427 * dcerpc_check_auth(). */
428 rdata->length = r->stub_and_verifier.length
430 - DCERPC_AUTH_TRAILER_LENGTH
433 rdata->length = r->stub_and_verifier.length;
436 DEBUG(10, ("Got pdu len %lu, data_len %lu, ss_len %u\n",
437 (long unsigned int)pdu->length,
438 (long unsigned int)rdata->length,
439 (unsigned int)pad_len));
442 * If this is the first reply, and the allocation hint is
443 * reasonable, try and set up the reply_pdu DATA_BLOB to the
447 if ((reply_pdu->length == 0) &&
448 r->alloc_hint && (r->alloc_hint < 15*1024*1024)) {
449 if (!data_blob_realloc(mem_ctx, reply_pdu,
451 DEBUG(0, ("reply alloc hint %d too "
452 "large to allocate\n",
453 (int)r->alloc_hint));
454 return NT_STATUS_NO_MEMORY;
460 case DCERPC_PKT_BIND_NAK:
461 DEBUG(1, (__location__ ": Bind NACK received from %s!\n",
462 rpccli_pipe_txt(talloc_tos(), cli)));
463 /* Use this for now... */
464 return NT_STATUS_NETWORK_ACCESS_DENIED;
466 case DCERPC_PKT_FAULT:
468 DEBUG(1, (__location__ ": RPC fault code %s received "
470 dcerpc_errstr(talloc_tos(),
471 pkt->u.fault.status),
472 rpccli_pipe_txt(talloc_tos(), cli)));
474 return dcerpc_fault_to_nt_status(pkt->u.fault.status);
477 DEBUG(0, (__location__ "Unknown packet type %u received "
479 (unsigned int)pkt->ptype,
480 rpccli_pipe_txt(talloc_tos(), cli)));
481 return NT_STATUS_INVALID_INFO_CLASS;
484 if (pkt->ptype != expected_pkt_type) {
485 DEBUG(3, (__location__ ": Connection to %s got an unexpected "
486 "RPC packet type - %u, not %u\n",
487 rpccli_pipe_txt(talloc_tos(), cli),
488 pkt->ptype, expected_pkt_type));
489 return NT_STATUS_INVALID_INFO_CLASS;
492 /* Do this just before return - we don't want to modify any rpc header
493 data before now as we may have needed to do cryptographic actions on
496 if ((pkt->ptype == DCERPC_PKT_BIND_ACK) &&
497 !(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
498 DEBUG(5, (__location__ ": bug in server (AS/U?), setting "
499 "fragment first/last ON.\n"));
500 pkt->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
506 /****************************************************************************
507 Call a remote api on an arbitrary pipe. takes param, data and setup buffers.
508 ****************************************************************************/
510 struct cli_api_pipe_state {
511 struct event_context *ev;
512 struct rpc_cli_transport *transport;
517 static void cli_api_pipe_trans_done(struct tevent_req *subreq);
518 static void cli_api_pipe_write_done(struct tevent_req *subreq);
519 static void cli_api_pipe_read_done(struct tevent_req *subreq);
521 static struct tevent_req *cli_api_pipe_send(TALLOC_CTX *mem_ctx,
522 struct event_context *ev,
523 struct rpc_cli_transport *transport,
524 uint8_t *data, size_t data_len,
525 uint32_t max_rdata_len)
527 struct tevent_req *req, *subreq;
528 struct cli_api_pipe_state *state;
531 req = tevent_req_create(mem_ctx, &state, struct cli_api_pipe_state);
536 state->transport = transport;
538 if (max_rdata_len < RPC_HEADER_LEN) {
540 * For a RPC reply we always need at least RPC_HEADER_LEN
541 * bytes. We check this here because we will receive
542 * RPC_HEADER_LEN bytes in cli_trans_sock_send_done.
544 status = NT_STATUS_INVALID_PARAMETER;
548 if (transport->trans_send != NULL) {
549 subreq = transport->trans_send(state, ev, data, data_len,
550 max_rdata_len, transport->priv);
551 if (subreq == NULL) {
554 tevent_req_set_callback(subreq, cli_api_pipe_trans_done, req);
559 * If the transport does not provide a "trans" routine, i.e. for
560 * example the ncacn_ip_tcp transport, do the write/read step here.
563 subreq = rpc_write_send(state, ev, transport, data, data_len);
564 if (subreq == NULL) {
567 tevent_req_set_callback(subreq, cli_api_pipe_write_done, req);
571 tevent_req_nterror(req, status);
572 return tevent_req_post(req, ev);
578 static void cli_api_pipe_trans_done(struct tevent_req *subreq)
580 struct tevent_req *req = tevent_req_callback_data(
581 subreq, struct tevent_req);
582 struct cli_api_pipe_state *state = tevent_req_data(
583 req, struct cli_api_pipe_state);
586 status = state->transport->trans_recv(subreq, state, &state->rdata,
589 if (!NT_STATUS_IS_OK(status)) {
590 tevent_req_nterror(req, status);
593 tevent_req_done(req);
596 static void cli_api_pipe_write_done(struct tevent_req *subreq)
598 struct tevent_req *req = tevent_req_callback_data(
599 subreq, struct tevent_req);
600 struct cli_api_pipe_state *state = tevent_req_data(
601 req, struct cli_api_pipe_state);
604 status = rpc_write_recv(subreq);
606 if (!NT_STATUS_IS_OK(status)) {
607 tevent_req_nterror(req, status);
611 state->rdata = talloc_array(state, uint8_t, RPC_HEADER_LEN);
612 if (tevent_req_nomem(state->rdata, req)) {
617 * We don't need to use rpc_read_send here, the upper layer will cope
618 * with a short read, transport->trans_send could also return less
619 * than state->max_rdata_len.
621 subreq = state->transport->read_send(state, state->ev, state->rdata,
623 state->transport->priv);
624 if (tevent_req_nomem(subreq, req)) {
627 tevent_req_set_callback(subreq, cli_api_pipe_read_done, req);
630 static void cli_api_pipe_read_done(struct tevent_req *subreq)
632 struct tevent_req *req = tevent_req_callback_data(
633 subreq, struct tevent_req);
634 struct cli_api_pipe_state *state = tevent_req_data(
635 req, struct cli_api_pipe_state);
639 status = state->transport->read_recv(subreq, &received);
641 if (!NT_STATUS_IS_OK(status)) {
642 tevent_req_nterror(req, status);
645 state->rdata_len = received;
646 tevent_req_done(req);
649 static NTSTATUS cli_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
650 uint8_t **prdata, uint32_t *prdata_len)
652 struct cli_api_pipe_state *state = tevent_req_data(
653 req, struct cli_api_pipe_state);
656 if (tevent_req_is_nterror(req, &status)) {
660 *prdata = talloc_move(mem_ctx, &state->rdata);
661 *prdata_len = state->rdata_len;
665 /****************************************************************************
666 Send data on an rpc pipe via trans. The data must be the last
667 pdu fragment of an NDR data stream.
669 Receive response data from an rpc pipe, which may be large...
671 Read the first fragment: unfortunately have to use SMBtrans for the first
672 bit, then SMBreadX for subsequent bits.
674 If first fragment received also wasn't the last fragment, continue
675 getting fragments until we _do_ receive the last fragment.
677 Request/Response PDU's look like the following...
679 |<------------------PDU len----------------------------------------------->|
680 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
682 +------------+-----------------+-------------+---------------+-------------+
683 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
684 +------------+-----------------+-------------+---------------+-------------+
686 Where the presence of the AUTH_HDR and AUTH DATA are dependent on the
687 signing & sealing being negotiated.
689 ****************************************************************************/
691 struct rpc_api_pipe_state {
692 struct event_context *ev;
693 struct rpc_pipe_client *cli;
694 uint8_t expected_pkt_type;
696 DATA_BLOB incoming_frag;
697 struct ncacn_packet *pkt;
701 size_t reply_pdu_offset;
705 static void rpc_api_pipe_trans_done(struct tevent_req *subreq);
706 static void rpc_api_pipe_got_pdu(struct tevent_req *subreq);
707 static void rpc_api_pipe_auth3_done(struct tevent_req *subreq);
709 static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
710 struct event_context *ev,
711 struct rpc_pipe_client *cli,
712 DATA_BLOB *data, /* Outgoing PDU */
713 uint8_t expected_pkt_type)
715 struct tevent_req *req, *subreq;
716 struct rpc_api_pipe_state *state;
717 uint16_t max_recv_frag;
720 req = tevent_req_create(mem_ctx, &state, struct rpc_api_pipe_state);
726 state->expected_pkt_type = expected_pkt_type;
727 state->incoming_frag = data_blob_null;
728 state->reply_pdu = data_blob_null;
729 state->reply_pdu_offset = 0;
730 state->endianess = DCERPC_DREP_LE;
733 * Ensure we're not sending too much.
735 if (data->length > cli->max_xmit_frag) {
736 status = NT_STATUS_INVALID_PARAMETER;
740 DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(talloc_tos(), cli)));
742 if (state->expected_pkt_type == DCERPC_PKT_AUTH3) {
743 subreq = rpc_write_send(state, ev, cli->transport,
744 data->data, data->length);
745 if (subreq == NULL) {
748 tevent_req_set_callback(subreq, rpc_api_pipe_auth3_done, req);
752 /* get the header first, then fetch the rest once we have
753 * the frag_length available */
754 max_recv_frag = RPC_HEADER_LEN;
756 subreq = cli_api_pipe_send(state, ev, cli->transport,
757 data->data, data->length, max_recv_frag);
758 if (subreq == NULL) {
761 tevent_req_set_callback(subreq, rpc_api_pipe_trans_done, req);
765 tevent_req_nterror(req, status);
766 return tevent_req_post(req, ev);
772 static void rpc_api_pipe_auth3_done(struct tevent_req *subreq)
774 struct tevent_req *req =
775 tevent_req_callback_data(subreq,
779 status = rpc_write_recv(subreq);
781 if (!NT_STATUS_IS_OK(status)) {
782 tevent_req_nterror(req, status);
786 tevent_req_done(req);
789 static void rpc_api_pipe_trans_done(struct tevent_req *subreq)
791 struct tevent_req *req = tevent_req_callback_data(
792 subreq, struct tevent_req);
793 struct rpc_api_pipe_state *state = tevent_req_data(
794 req, struct rpc_api_pipe_state);
796 uint8_t *rdata = NULL;
797 uint32_t rdata_len = 0;
799 status = cli_api_pipe_recv(subreq, state, &rdata, &rdata_len);
801 if (!NT_STATUS_IS_OK(status)) {
802 DEBUG(5, ("cli_api_pipe failed: %s\n", nt_errstr(status)));
803 tevent_req_nterror(req, status);
808 DEBUG(3,("rpc_api_pipe: %s failed to return data.\n",
809 rpccli_pipe_txt(talloc_tos(), state->cli)));
810 tevent_req_done(req);
815 * Move data on state->incoming_frag.
817 state->incoming_frag.data = talloc_move(state, &rdata);
818 state->incoming_frag.length = rdata_len;
819 if (!state->incoming_frag.data) {
820 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
824 /* Ensure we have enough data for a pdu. */
825 subreq = get_complete_frag_send(state, state->ev, state->cli,
826 &state->incoming_frag);
827 if (tevent_req_nomem(subreq, req)) {
830 tevent_req_set_callback(subreq, rpc_api_pipe_got_pdu, req);
833 static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
835 struct tevent_req *req = tevent_req_callback_data(
836 subreq, struct tevent_req);
837 struct rpc_api_pipe_state *state = tevent_req_data(
838 req, struct rpc_api_pipe_state);
840 DATA_BLOB rdata = data_blob_null;
842 status = get_complete_frag_recv(subreq);
844 if (!NT_STATUS_IS_OK(status)) {
845 DEBUG(5, ("get_complete_frag failed: %s\n",
847 tevent_req_nterror(req, status);
851 state->pkt = talloc(state, struct ncacn_packet);
853 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
857 status = dcerpc_pull_ncacn_packet(state->pkt,
858 &state->incoming_frag,
861 if (!NT_STATUS_IS_OK(status)) {
862 tevent_req_nterror(req, status);
866 if (state->incoming_frag.length != state->pkt->frag_length) {
867 DEBUG(5, ("Incorrect pdu length %u, expected %u\n",
868 (unsigned int)state->incoming_frag.length,
869 (unsigned int)state->pkt->frag_length));
870 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
874 status = cli_pipe_validate_current_pdu(state,
875 state->cli, state->pkt,
876 &state->incoming_frag,
877 state->expected_pkt_type,
881 DEBUG(10,("rpc_api_pipe: got frag len of %u at offset %u: %s\n",
882 (unsigned)state->incoming_frag.length,
883 (unsigned)state->reply_pdu_offset,
886 if (!NT_STATUS_IS_OK(status)) {
887 tevent_req_nterror(req, status);
891 if ((state->pkt->pfc_flags & DCERPC_PFC_FLAG_FIRST)
892 && (state->pkt->drep[0] != DCERPC_DREP_LE)) {
894 * Set the data type correctly for big-endian data on the
897 DEBUG(10,("rpc_api_pipe: On %s PDU data format is "
899 rpccli_pipe_txt(talloc_tos(), state->cli)));
900 state->endianess = 0x00; /* BIG ENDIAN */
903 * Check endianness on subsequent packets.
905 if (state->endianess != state->pkt->drep[0]) {
906 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to "
908 state->endianess?"little":"big",
909 state->pkt->drep[0]?"little":"big"));
910 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
914 /* Now copy the data portion out of the pdu into rbuf. */
915 if (state->reply_pdu.length < state->reply_pdu_offset + rdata.length) {
916 if (!data_blob_realloc(NULL, &state->reply_pdu,
917 state->reply_pdu_offset + rdata.length)) {
918 tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
923 memcpy(state->reply_pdu.data + state->reply_pdu_offset,
924 rdata.data, rdata.length);
925 state->reply_pdu_offset += rdata.length;
927 /* reset state->incoming_frag, there is no need to free it,
928 * it will be reallocated to the right size the next time
930 state->incoming_frag.length = 0;
932 if (state->pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
933 /* make sure the pdu length is right now that we
934 * have all the data available (alloc hint may
935 * have allocated more than was actually used) */
936 state->reply_pdu.length = state->reply_pdu_offset;
937 DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n",
938 rpccli_pipe_txt(talloc_tos(), state->cli),
939 (unsigned)state->reply_pdu.length));
940 tevent_req_done(req);
944 subreq = get_complete_frag_send(state, state->ev, state->cli,
945 &state->incoming_frag);
946 if (tevent_req_nomem(subreq, req)) {
949 tevent_req_set_callback(subreq, rpc_api_pipe_got_pdu, req);
952 static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
953 struct ncacn_packet **pkt,
954 DATA_BLOB *reply_pdu)
956 struct rpc_api_pipe_state *state = tevent_req_data(
957 req, struct rpc_api_pipe_state);
960 if (tevent_req_is_nterror(req, &status)) {
964 /* return data to caller and assign it ownership of memory */
966 reply_pdu->data = talloc_move(mem_ctx, &state->reply_pdu.data);
967 reply_pdu->length = state->reply_pdu.length;
968 state->reply_pdu.length = 0;
970 data_blob_free(&state->reply_pdu);
974 *pkt = talloc_steal(mem_ctx, state->pkt);
980 /*******************************************************************
981 Creates NTLMSSP auth bind.
982 ********************************************************************/
984 static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli,
986 DATA_BLOB *auth_token)
988 struct gensec_security *gensec_security;
989 DATA_BLOB null_blob = data_blob_null;
991 gensec_security = talloc_get_type_abort(cli->auth->auth_ctx,
992 struct gensec_security);
994 DEBUG(5, ("create_generic_auth_rpc_bind_req: generate first token\n"));
995 return gensec_update(gensec_security, mem_ctx, NULL, null_blob, auth_token);
998 /*******************************************************************
999 Creates schannel auth bind.
1000 ********************************************************************/
1002 static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
1003 DATA_BLOB *auth_token)
1006 struct NL_AUTH_MESSAGE r;
1008 /* Use lp_workgroup() if domain not specified */
1010 if (!cli->auth->domain || !cli->auth->domain[0]) {
1011 cli->auth->domain = talloc_strdup(cli, lp_workgroup());
1012 if (cli->auth->domain == NULL) {
1013 return NT_STATUS_NO_MEMORY;
1018 * Now marshall the data into the auth parse_struct.
1021 r.MessageType = NL_NEGOTIATE_REQUEST;
1022 r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
1023 NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
1024 r.oem_netbios_domain.a = cli->auth->domain;
1025 r.oem_netbios_computer.a = lp_netbios_name();
1027 status = dcerpc_push_schannel_bind(cli, &r, auth_token);
1028 if (!NT_STATUS_IS_OK(status)) {
1032 return NT_STATUS_OK;
1035 /*******************************************************************
1036 Creates the internals of a DCE/RPC bind request or alter context PDU.
1037 ********************************************************************/
1039 static NTSTATUS create_bind_or_alt_ctx_internal(TALLOC_CTX *mem_ctx,
1040 enum dcerpc_pkt_type ptype,
1042 const struct ndr_syntax_id *abstract,
1043 const struct ndr_syntax_id *transfer,
1044 const DATA_BLOB *auth_info,
1047 uint16 auth_len = auth_info->length;
1049 union dcerpc_payload u;
1050 struct dcerpc_ctx_list ctx_list;
1053 auth_len -= DCERPC_AUTH_TRAILER_LENGTH;
1056 ctx_list.context_id = 0;
1057 ctx_list.num_transfer_syntaxes = 1;
1058 ctx_list.abstract_syntax = *abstract;
1059 ctx_list.transfer_syntaxes = (struct ndr_syntax_id *)discard_const(transfer);
1061 u.bind.max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
1062 u.bind.max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
1063 u.bind.assoc_group_id = 0x0;
1064 u.bind.num_contexts = 1;
1065 u.bind.ctx_list = &ctx_list;
1066 u.bind.auth_info = *auth_info;
1068 status = dcerpc_push_ncacn_packet(mem_ctx,
1070 DCERPC_PFC_FLAG_FIRST |
1071 DCERPC_PFC_FLAG_LAST,
1076 if (!NT_STATUS_IS_OK(status)) {
1077 DEBUG(0, ("Failed to marshall bind/alter ncacn_packet.\n"));
1081 return NT_STATUS_OK;
1084 /*******************************************************************
1085 Creates a DCE/RPC bind request.
1086 ********************************************************************/
1088 static NTSTATUS create_rpc_bind_req(TALLOC_CTX *mem_ctx,
1089 struct rpc_pipe_client *cli,
1090 struct pipe_auth_data *auth,
1092 const struct ndr_syntax_id *abstract,
1093 const struct ndr_syntax_id *transfer,
1096 DATA_BLOB auth_token = data_blob_null;
1097 DATA_BLOB auth_info = data_blob_null;
1098 NTSTATUS ret = NT_STATUS_OK;
1100 switch (auth->auth_type) {
1101 case DCERPC_AUTH_TYPE_SCHANNEL:
1102 ret = create_schannel_auth_rpc_bind_req(cli, &auth_token);
1103 if (!NT_STATUS_IS_OK(ret)) {
1108 case DCERPC_AUTH_TYPE_NTLMSSP:
1109 case DCERPC_AUTH_TYPE_KRB5:
1110 case DCERPC_AUTH_TYPE_SPNEGO:
1111 ret = create_generic_auth_rpc_bind_req(cli, mem_ctx, &auth_token);
1113 if (!NT_STATUS_IS_OK(ret) &&
1114 !NT_STATUS_EQUAL(ret, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1119 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
1120 auth_token = data_blob_talloc(mem_ctx,
1121 "NCALRPC_AUTH_TOKEN",
1125 case DCERPC_AUTH_TYPE_NONE:
1129 /* "Can't" happen. */
1130 return NT_STATUS_INVALID_INFO_CLASS;
1133 if (auth_token.length != 0) {
1134 ret = dcerpc_push_dcerpc_auth(cli,
1137 0, /* auth_pad_length */
1138 1, /* auth_context_id */
1141 if (!NT_STATUS_IS_OK(ret)) {
1144 data_blob_free(&auth_token);
1147 ret = create_bind_or_alt_ctx_internal(mem_ctx,
1157 /*******************************************************************
1159 Does an rpc request on a pipe. Incoming data is NDR encoded in in_data.
1160 Reply is NDR encoded in out_data. Splits the data stream into RPC PDU's
1161 and deals with signing/sealing details.
1162 ********************************************************************/
1164 struct rpc_api_pipe_req_state {
1165 struct event_context *ev;
1166 struct rpc_pipe_client *cli;
1169 DATA_BLOB *req_data;
1170 uint32_t req_data_sent;
1172 DATA_BLOB reply_pdu;
1175 static void rpc_api_pipe_req_write_done(struct tevent_req *subreq);
1176 static void rpc_api_pipe_req_done(struct tevent_req *subreq);
1177 static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
1178 bool *is_last_frag);
1180 struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
1181 struct event_context *ev,
1182 struct rpc_pipe_client *cli,
1184 DATA_BLOB *req_data)
1186 struct tevent_req *req, *subreq;
1187 struct rpc_api_pipe_req_state *state;
1191 req = tevent_req_create(mem_ctx, &state,
1192 struct rpc_api_pipe_req_state);
1198 state->op_num = op_num;
1199 state->req_data = req_data;
1200 state->req_data_sent = 0;
1201 state->call_id = get_rpc_call_id();
1202 state->reply_pdu = data_blob_null;
1203 state->rpc_out = data_blob_null;
1205 if (cli->max_xmit_frag < DCERPC_REQUEST_LENGTH
1206 + RPC_MAX_SIGN_SIZE) {
1207 /* Server is screwed up ! */
1208 status = NT_STATUS_INVALID_PARAMETER;
1212 status = prepare_next_frag(state, &is_last_frag);
1213 if (!NT_STATUS_IS_OK(status)) {
1218 subreq = rpc_api_pipe_send(state, ev, state->cli,
1220 DCERPC_PKT_RESPONSE);
1221 if (subreq == NULL) {
1224 tevent_req_set_callback(subreq, rpc_api_pipe_req_done, req);
1226 subreq = rpc_write_send(state, ev, cli->transport,
1227 state->rpc_out.data,
1228 state->rpc_out.length);
1229 if (subreq == NULL) {
1232 tevent_req_set_callback(subreq, rpc_api_pipe_req_write_done,
1238 tevent_req_nterror(req, status);
1239 return tevent_req_post(req, ev);
1245 static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
1248 size_t data_sent_thistime;
1255 union dcerpc_payload u;
1257 data_left = state->req_data->length - state->req_data_sent;
1259 status = dcerpc_guess_sizes(state->cli->auth,
1260 DCERPC_REQUEST_LENGTH, data_left,
1261 state->cli->max_xmit_frag,
1262 CLIENT_NDR_PADDING_SIZE,
1263 &data_sent_thistime,
1264 &frag_len, &auth_len, &pad_len);
1265 if (!NT_STATUS_IS_OK(status)) {
1269 if (state->req_data_sent == 0) {
1270 flags = DCERPC_PFC_FLAG_FIRST;
1273 if (data_sent_thistime == data_left) {
1274 flags |= DCERPC_PFC_FLAG_LAST;
1277 data_blob_free(&state->rpc_out);
1279 ZERO_STRUCT(u.request);
1281 u.request.alloc_hint = state->req_data->length;
1282 u.request.context_id = 0;
1283 u.request.opnum = state->op_num;
1285 status = dcerpc_push_ncacn_packet(state,
1292 if (!NT_STATUS_IS_OK(status)) {
1296 /* explicitly set frag_len here as dcerpc_push_ncacn_packet() can't
1297 * compute it right for requests because the auth trailer is missing
1299 dcerpc_set_frag_length(&state->rpc_out, frag_len);
1301 /* Copy in the data. */
1302 if (!data_blob_append(NULL, &state->rpc_out,
1303 state->req_data->data + state->req_data_sent,
1304 data_sent_thistime)) {
1305 return NT_STATUS_NO_MEMORY;
1308 switch (state->cli->auth->auth_level) {
1309 case DCERPC_AUTH_LEVEL_NONE:
1310 case DCERPC_AUTH_LEVEL_CONNECT:
1311 case DCERPC_AUTH_LEVEL_PACKET:
1313 case DCERPC_AUTH_LEVEL_INTEGRITY:
1314 case DCERPC_AUTH_LEVEL_PRIVACY:
1315 status = dcerpc_add_auth_footer(state->cli->auth, pad_len,
1317 if (!NT_STATUS_IS_OK(status)) {
1322 return NT_STATUS_INVALID_PARAMETER;
1325 state->req_data_sent += data_sent_thistime;
1326 *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0);
1331 static void rpc_api_pipe_req_write_done(struct tevent_req *subreq)
1333 struct tevent_req *req = tevent_req_callback_data(
1334 subreq, struct tevent_req);
1335 struct rpc_api_pipe_req_state *state = tevent_req_data(
1336 req, struct rpc_api_pipe_req_state);
1340 status = rpc_write_recv(subreq);
1341 TALLOC_FREE(subreq);
1342 if (!NT_STATUS_IS_OK(status)) {
1343 tevent_req_nterror(req, status);
1347 status = prepare_next_frag(state, &is_last_frag);
1348 if (!NT_STATUS_IS_OK(status)) {
1349 tevent_req_nterror(req, status);
1354 subreq = rpc_api_pipe_send(state, state->ev, state->cli,
1356 DCERPC_PKT_RESPONSE);
1357 if (tevent_req_nomem(subreq, req)) {
1360 tevent_req_set_callback(subreq, rpc_api_pipe_req_done, req);
1362 subreq = rpc_write_send(state, state->ev,
1363 state->cli->transport,
1364 state->rpc_out.data,
1365 state->rpc_out.length);
1366 if (tevent_req_nomem(subreq, req)) {
1369 tevent_req_set_callback(subreq, rpc_api_pipe_req_write_done,
1374 static void rpc_api_pipe_req_done(struct tevent_req *subreq)
1376 struct tevent_req *req = tevent_req_callback_data(
1377 subreq, struct tevent_req);
1378 struct rpc_api_pipe_req_state *state = tevent_req_data(
1379 req, struct rpc_api_pipe_req_state);
1382 status = rpc_api_pipe_recv(subreq, state, NULL, &state->reply_pdu);
1383 TALLOC_FREE(subreq);
1384 if (!NT_STATUS_IS_OK(status)) {
1385 tevent_req_nterror(req, status);
1388 tevent_req_done(req);
1391 NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1392 DATA_BLOB *reply_pdu)
1394 struct rpc_api_pipe_req_state *state = tevent_req_data(
1395 req, struct rpc_api_pipe_req_state);
1398 if (tevent_req_is_nterror(req, &status)) {
1400 * We always have to initialize to reply pdu, even if there is
1401 * none. The rpccli_* caller routines expect this.
1403 *reply_pdu = data_blob_null;
1407 /* return data to caller and assign it ownership of memory */
1408 reply_pdu->data = talloc_move(mem_ctx, &state->reply_pdu.data);
1409 reply_pdu->length = state->reply_pdu.length;
1410 state->reply_pdu.length = 0;
1412 return NT_STATUS_OK;
1415 /****************************************************************************
1416 Check the rpc bind acknowledge response.
1417 ****************************************************************************/
1419 static bool check_bind_response(const struct dcerpc_bind_ack *r,
1420 const struct ndr_syntax_id *transfer)
1422 struct dcerpc_ack_ctx ctx;
1424 if (r->secondary_address_size == 0) {
1425 DEBUG(4,("Ignoring length check -- ASU bug (server didn't fill in the pipe name correctly)"));
1428 if (r->num_results < 1 || !r->ctx_list) {
1432 ctx = r->ctx_list[0];
1434 /* check the transfer syntax */
1435 if ((ctx.syntax.if_version != transfer->if_version) ||
1436 (memcmp(&ctx.syntax.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1437 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1441 if (r->num_results != 0x1 || ctx.result != 0) {
1442 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1443 r->num_results, ctx.reason));
1446 DEBUG(5,("check_bind_response: accepted!\n"));
1450 /*******************************************************************
1451 Creates a DCE/RPC bind authentication response.
1452 This is the packet that is sent back to the server once we
1453 have received a BIND-ACK, to finish the third leg of
1454 the authentication handshake.
1455 ********************************************************************/
1457 static NTSTATUS create_rpc_bind_auth3(TALLOC_CTX *mem_ctx,
1458 struct rpc_pipe_client *cli,
1460 enum dcerpc_AuthType auth_type,
1461 enum dcerpc_AuthLevel auth_level,
1462 DATA_BLOB *pauth_blob,
1466 union dcerpc_payload u;
1470 status = dcerpc_push_dcerpc_auth(mem_ctx,
1473 0, /* auth_pad_length */
1474 1, /* auth_context_id */
1476 &u.auth3.auth_info);
1477 if (!NT_STATUS_IS_OK(status)) {
1481 status = dcerpc_push_ncacn_packet(mem_ctx,
1483 DCERPC_PFC_FLAG_FIRST |
1484 DCERPC_PFC_FLAG_LAST,
1489 data_blob_free(&u.auth3.auth_info);
1490 if (!NT_STATUS_IS_OK(status)) {
1491 DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR_RB.\n"));
1495 return NT_STATUS_OK;
1498 /*******************************************************************
1499 Creates a DCE/RPC bind alter context authentication request which
1500 may contain a spnego auth blobl
1501 ********************************************************************/
1503 static NTSTATUS create_rpc_alter_context(TALLOC_CTX *mem_ctx,
1504 enum dcerpc_AuthType auth_type,
1505 enum dcerpc_AuthLevel auth_level,
1507 const struct ndr_syntax_id *abstract,
1508 const struct ndr_syntax_id *transfer,
1509 const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
1512 DATA_BLOB auth_info;
1515 status = dcerpc_push_dcerpc_auth(mem_ctx,
1518 0, /* auth_pad_length */
1519 1, /* auth_context_id */
1522 if (!NT_STATUS_IS_OK(status)) {
1526 status = create_bind_or_alt_ctx_internal(mem_ctx,
1533 data_blob_free(&auth_info);
1537 /****************************************************************************
1539 ****************************************************************************/
1541 struct rpc_pipe_bind_state {
1542 struct event_context *ev;
1543 struct rpc_pipe_client *cli;
1546 uint32_t rpc_call_id;
1549 static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
1550 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
1551 struct rpc_pipe_bind_state *state,
1552 DATA_BLOB *credentials);
1553 static NTSTATUS rpc_bind_finish_send(struct tevent_req *req,
1554 struct rpc_pipe_bind_state *state,
1555 DATA_BLOB *credentials);
1557 struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
1558 struct event_context *ev,
1559 struct rpc_pipe_client *cli,
1560 struct pipe_auth_data *auth)
1562 struct tevent_req *req, *subreq;
1563 struct rpc_pipe_bind_state *state;
1566 req = tevent_req_create(mem_ctx, &state, struct rpc_pipe_bind_state);
1571 DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
1572 rpccli_pipe_txt(talloc_tos(), cli),
1573 (unsigned int)auth->auth_type,
1574 (unsigned int)auth->auth_level ));
1578 state->rpc_call_id = get_rpc_call_id();
1580 cli->auth = talloc_move(cli, &auth);
1582 /* Marshall the outgoing data. */
1583 status = create_rpc_bind_req(state, cli,
1586 &cli->abstract_syntax,
1587 &cli->transfer_syntax,
1590 if (!NT_STATUS_IS_OK(status) &&
1591 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1595 subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out,
1596 DCERPC_PKT_BIND_ACK);
1597 if (subreq == NULL) {
1600 tevent_req_set_callback(subreq, rpc_pipe_bind_step_one_done, req);
1604 tevent_req_nterror(req, status);
1605 return tevent_req_post(req, ev);
1611 static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
1613 struct tevent_req *req = tevent_req_callback_data(
1614 subreq, struct tevent_req);
1615 struct rpc_pipe_bind_state *state = tevent_req_data(
1616 req, struct rpc_pipe_bind_state);
1617 struct pipe_auth_data *pauth = state->cli->auth;
1618 struct gensec_security *gensec_security;
1619 struct ncacn_packet *pkt = NULL;
1620 struct dcerpc_auth auth;
1621 DATA_BLOB auth_token = data_blob_null;
1624 status = rpc_api_pipe_recv(subreq, talloc_tos(), &pkt, NULL);
1625 TALLOC_FREE(subreq);
1626 if (!NT_STATUS_IS_OK(status)) {
1627 DEBUG(3, ("rpc_pipe_bind: %s bind request returned %s\n",
1628 rpccli_pipe_txt(talloc_tos(), state->cli),
1629 nt_errstr(status)));
1630 tevent_req_nterror(req, status);
1635 tevent_req_done(req);
1639 if (!check_bind_response(&pkt->u.bind_ack, &state->cli->transfer_syntax)) {
1640 DEBUG(2, ("rpc_pipe_bind: check_bind_response failed.\n"));
1641 tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
1645 state->cli->max_xmit_frag = pkt->u.bind_ack.max_xmit_frag;
1646 state->cli->max_recv_frag = pkt->u.bind_ack.max_recv_frag;
1648 switch(pauth->auth_type) {
1650 case DCERPC_AUTH_TYPE_NONE:
1651 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
1652 case DCERPC_AUTH_TYPE_SCHANNEL:
1653 /* Bind complete. */
1654 tevent_req_done(req);
1657 case DCERPC_AUTH_TYPE_NTLMSSP:
1658 case DCERPC_AUTH_TYPE_SPNEGO:
1659 case DCERPC_AUTH_TYPE_KRB5:
1660 /* Paranoid lenght checks */
1661 if (pkt->frag_length < DCERPC_AUTH_TRAILER_LENGTH
1662 + pkt->auth_length) {
1663 tevent_req_nterror(req,
1664 NT_STATUS_INFO_LENGTH_MISMATCH);
1667 /* get auth credentials */
1668 status = dcerpc_pull_dcerpc_auth(talloc_tos(),
1669 &pkt->u.bind_ack.auth_info,
1671 if (!NT_STATUS_IS_OK(status)) {
1672 DEBUG(0, ("Failed to pull dcerpc auth: %s.\n",
1673 nt_errstr(status)));
1674 tevent_req_nterror(req, status);
1684 * For authenticated binds we may need to do 3 or 4 leg binds.
1687 switch(pauth->auth_type) {
1689 case DCERPC_AUTH_TYPE_NONE:
1690 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
1691 case DCERPC_AUTH_TYPE_SCHANNEL:
1692 /* Bind complete. */
1693 tevent_req_done(req);
1696 case DCERPC_AUTH_TYPE_NTLMSSP:
1697 case DCERPC_AUTH_TYPE_KRB5:
1698 case DCERPC_AUTH_TYPE_SPNEGO:
1699 gensec_security = talloc_get_type_abort(pauth->auth_ctx,
1700 struct gensec_security);
1701 status = gensec_update(gensec_security, state, NULL,
1702 auth.credentials, &auth_token);
1703 if (NT_STATUS_EQUAL(status,
1704 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
1705 status = rpc_bind_next_send(req, state,
1707 } else if (NT_STATUS_IS_OK(status)) {
1708 if (auth_token.length == 0) {
1709 /* Bind complete. */
1710 tevent_req_done(req);
1713 status = rpc_bind_finish_send(req, state,
1722 if (!NT_STATUS_IS_OK(status)) {
1723 tevent_req_nterror(req, status);
1728 DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
1729 (unsigned int)state->cli->auth->auth_type));
1730 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
1733 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
1734 struct rpc_pipe_bind_state *state,
1735 DATA_BLOB *auth_token)
1737 struct pipe_auth_data *auth = state->cli->auth;
1738 struct tevent_req *subreq;
1741 /* Now prepare the alter context pdu. */
1742 data_blob_free(&state->rpc_out);
1744 status = create_rpc_alter_context(state,
1748 &state->cli->abstract_syntax,
1749 &state->cli->transfer_syntax,
1752 if (!NT_STATUS_IS_OK(status)) {
1756 subreq = rpc_api_pipe_send(state, state->ev, state->cli,
1757 &state->rpc_out, DCERPC_PKT_ALTER_RESP);
1758 if (subreq == NULL) {
1759 return NT_STATUS_NO_MEMORY;
1761 tevent_req_set_callback(subreq, rpc_pipe_bind_step_one_done, req);
1762 return NT_STATUS_OK;
1765 static NTSTATUS rpc_bind_finish_send(struct tevent_req *req,
1766 struct rpc_pipe_bind_state *state,
1767 DATA_BLOB *auth_token)
1769 struct pipe_auth_data *auth = state->cli->auth;
1770 struct tevent_req *subreq;
1773 state->auth3 = true;
1775 /* Now prepare the auth3 context pdu. */
1776 data_blob_free(&state->rpc_out);
1778 status = create_rpc_bind_auth3(state, state->cli,
1784 if (!NT_STATUS_IS_OK(status)) {
1788 subreq = rpc_api_pipe_send(state, state->ev, state->cli,
1789 &state->rpc_out, DCERPC_PKT_AUTH3);
1790 if (subreq == NULL) {
1791 return NT_STATUS_NO_MEMORY;
1793 tevent_req_set_callback(subreq, rpc_pipe_bind_step_one_done, req);
1794 return NT_STATUS_OK;
1797 NTSTATUS rpc_pipe_bind_recv(struct tevent_req *req)
1799 return tevent_req_simple_recv_ntstatus(req);
1802 NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
1803 struct pipe_auth_data *auth)
1805 TALLOC_CTX *frame = talloc_stackframe();
1806 struct event_context *ev;
1807 struct tevent_req *req;
1808 NTSTATUS status = NT_STATUS_OK;
1810 ev = event_context_init(frame);
1812 status = NT_STATUS_NO_MEMORY;
1816 req = rpc_pipe_bind_send(frame, ev, cli, auth);
1818 status = NT_STATUS_NO_MEMORY;
1822 if (!tevent_req_poll(req, ev)) {
1823 status = map_nt_error_from_unix(errno);
1827 status = rpc_pipe_bind_recv(req);
1833 #define RPCCLI_DEFAULT_TIMEOUT 10000 /* 10 seconds. */
1835 unsigned int rpccli_set_timeout(struct rpc_pipe_client *rpc_cli,
1836 unsigned int timeout)
1840 if (rpc_cli->transport == NULL) {
1841 return RPCCLI_DEFAULT_TIMEOUT;
1844 if (rpc_cli->transport->set_timeout == NULL) {
1845 return RPCCLI_DEFAULT_TIMEOUT;
1848 old = rpc_cli->transport->set_timeout(rpc_cli->transport->priv, timeout);
1850 return RPCCLI_DEFAULT_TIMEOUT;
1856 bool rpccli_is_connected(struct rpc_pipe_client *rpc_cli)
1858 if (rpc_cli == NULL) {
1862 if (rpc_cli->transport == NULL) {
1866 return rpc_cli->transport->is_connected(rpc_cli->transport->priv);
1869 struct rpccli_bh_state {
1870 struct rpc_pipe_client *rpc_cli;
1873 static bool rpccli_bh_is_connected(struct dcerpc_binding_handle *h)
1875 struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
1876 struct rpccli_bh_state);
1878 return rpccli_is_connected(hs->rpc_cli);
1881 static uint32_t rpccli_bh_set_timeout(struct dcerpc_binding_handle *h,
1884 struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
1885 struct rpccli_bh_state);
1887 return rpccli_set_timeout(hs->rpc_cli, timeout);
1890 struct rpccli_bh_raw_call_state {
1896 static void rpccli_bh_raw_call_done(struct tevent_req *subreq);
1898 static struct tevent_req *rpccli_bh_raw_call_send(TALLOC_CTX *mem_ctx,
1899 struct tevent_context *ev,
1900 struct dcerpc_binding_handle *h,
1901 const struct GUID *object,
1904 const uint8_t *in_data,
1907 struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
1908 struct rpccli_bh_state);
1909 struct tevent_req *req;
1910 struct rpccli_bh_raw_call_state *state;
1912 struct tevent_req *subreq;
1914 req = tevent_req_create(mem_ctx, &state,
1915 struct rpccli_bh_raw_call_state);
1919 state->in_data.data = discard_const_p(uint8_t, in_data);
1920 state->in_data.length = in_length;
1922 ok = rpccli_bh_is_connected(h);
1924 tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
1925 return tevent_req_post(req, ev);
1928 subreq = rpc_api_pipe_req_send(state, ev, hs->rpc_cli,
1929 opnum, &state->in_data);
1930 if (tevent_req_nomem(subreq, req)) {
1931 return tevent_req_post(req, ev);
1933 tevent_req_set_callback(subreq, rpccli_bh_raw_call_done, req);
1938 static void rpccli_bh_raw_call_done(struct tevent_req *subreq)
1940 struct tevent_req *req =
1941 tevent_req_callback_data(subreq,
1943 struct rpccli_bh_raw_call_state *state =
1944 tevent_req_data(req,
1945 struct rpccli_bh_raw_call_state);
1948 state->out_flags = 0;
1950 /* TODO: support bigendian responses */
1952 status = rpc_api_pipe_req_recv(subreq, state, &state->out_data);
1953 TALLOC_FREE(subreq);
1954 if (!NT_STATUS_IS_OK(status)) {
1955 tevent_req_nterror(req, status);
1959 tevent_req_done(req);
1962 static NTSTATUS rpccli_bh_raw_call_recv(struct tevent_req *req,
1963 TALLOC_CTX *mem_ctx,
1966 uint32_t *out_flags)
1968 struct rpccli_bh_raw_call_state *state =
1969 tevent_req_data(req,
1970 struct rpccli_bh_raw_call_state);
1973 if (tevent_req_is_nterror(req, &status)) {
1974 tevent_req_received(req);
1978 *out_data = talloc_move(mem_ctx, &state->out_data.data);
1979 *out_length = state->out_data.length;
1980 *out_flags = state->out_flags;
1981 tevent_req_received(req);
1982 return NT_STATUS_OK;
1985 struct rpccli_bh_disconnect_state {
1989 static struct tevent_req *rpccli_bh_disconnect_send(TALLOC_CTX *mem_ctx,
1990 struct tevent_context *ev,
1991 struct dcerpc_binding_handle *h)
1993 struct rpccli_bh_state *hs = dcerpc_binding_handle_data(h,
1994 struct rpccli_bh_state);
1995 struct tevent_req *req;
1996 struct rpccli_bh_disconnect_state *state;
1999 req = tevent_req_create(mem_ctx, &state,
2000 struct rpccli_bh_disconnect_state);
2005 ok = rpccli_bh_is_connected(h);
2007 tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
2008 return tevent_req_post(req, ev);
2012 * TODO: do a real async disconnect ...
2014 * For now the caller needs to free rpc_cli
2018 tevent_req_done(req);
2019 return tevent_req_post(req, ev);
2022 static NTSTATUS rpccli_bh_disconnect_recv(struct tevent_req *req)
2026 if (tevent_req_is_nterror(req, &status)) {
2027 tevent_req_received(req);
2031 tevent_req_received(req);
2032 return NT_STATUS_OK;
2035 static bool rpccli_bh_ref_alloc(struct dcerpc_binding_handle *h)
2040 static void rpccli_bh_do_ndr_print(struct dcerpc_binding_handle *h,
2042 const void *_struct_ptr,
2043 const struct ndr_interface_call *call)
2045 void *struct_ptr = discard_const(_struct_ptr);
2047 if (DEBUGLEVEL < 10) {
2051 if (ndr_flags & NDR_IN) {
2052 ndr_print_function_debug(call->ndr_print,
2057 if (ndr_flags & NDR_OUT) {
2058 ndr_print_function_debug(call->ndr_print,
2065 static const struct dcerpc_binding_handle_ops rpccli_bh_ops = {
2067 .is_connected = rpccli_bh_is_connected,
2068 .set_timeout = rpccli_bh_set_timeout,
2069 .raw_call_send = rpccli_bh_raw_call_send,
2070 .raw_call_recv = rpccli_bh_raw_call_recv,
2071 .disconnect_send = rpccli_bh_disconnect_send,
2072 .disconnect_recv = rpccli_bh_disconnect_recv,
2074 .ref_alloc = rpccli_bh_ref_alloc,
2075 .do_ndr_print = rpccli_bh_do_ndr_print,
2078 /* initialise a rpc_pipe_client binding handle */
2079 struct dcerpc_binding_handle *rpccli_bh_create(struct rpc_pipe_client *c)
2081 struct dcerpc_binding_handle *h;
2082 struct rpccli_bh_state *hs;
2084 h = dcerpc_binding_handle_create(c,
2089 struct rpccli_bh_state,
2099 NTSTATUS rpccli_ncalrpc_bind_data(TALLOC_CTX *mem_ctx,
2100 struct pipe_auth_data **presult)
2102 struct pipe_auth_data *result;
2104 result = talloc(mem_ctx, struct pipe_auth_data);
2105 if (result == NULL) {
2106 return NT_STATUS_NO_MEMORY;
2109 result->auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM;
2110 result->auth_level = DCERPC_AUTH_LEVEL_CONNECT;
2112 result->user_name = talloc_strdup(result, "");
2113 result->domain = talloc_strdup(result, "");
2114 if ((result->user_name == NULL) || (result->domain == NULL)) {
2115 TALLOC_FREE(result);
2116 return NT_STATUS_NO_MEMORY;
2120 return NT_STATUS_OK;
2123 NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
2124 struct pipe_auth_data **presult)
2126 struct pipe_auth_data *result;
2128 result = talloc(mem_ctx, struct pipe_auth_data);
2129 if (result == NULL) {
2130 return NT_STATUS_NO_MEMORY;
2133 result->auth_type = DCERPC_AUTH_TYPE_NONE;
2134 result->auth_level = DCERPC_AUTH_LEVEL_NONE;
2136 result->user_name = talloc_strdup(result, "");
2137 result->domain = talloc_strdup(result, "");
2138 if ((result->user_name == NULL) || (result->domain == NULL)) {
2139 TALLOC_FREE(result);
2140 return NT_STATUS_NO_MEMORY;
2144 return NT_STATUS_OK;
2147 static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
2148 enum dcerpc_AuthType auth_type,
2149 enum dcerpc_AuthLevel auth_level,
2151 const char *target_service,
2153 const char *username,
2154 const char *password,
2155 enum credentials_use_kerberos use_kerberos,
2156 struct pipe_auth_data **presult)
2158 struct auth_generic_state *auth_generic_ctx;
2159 struct pipe_auth_data *result;
2162 result = talloc(mem_ctx, struct pipe_auth_data);
2163 if (result == NULL) {
2164 return NT_STATUS_NO_MEMORY;
2167 result->auth_type = auth_type;
2168 result->auth_level = auth_level;
2170 result->user_name = talloc_strdup(result, username);
2171 result->domain = talloc_strdup(result, domain);
2172 if ((result->user_name == NULL) || (result->domain == NULL)) {
2173 status = NT_STATUS_NO_MEMORY;
2177 status = auth_generic_client_prepare(result,
2179 if (!NT_STATUS_IS_OK(status)) {
2183 status = auth_generic_set_username(auth_generic_ctx, username);
2184 if (!NT_STATUS_IS_OK(status)) {
2188 status = auth_generic_set_domain(auth_generic_ctx, domain);
2189 if (!NT_STATUS_IS_OK(status)) {
2193 status = auth_generic_set_password(auth_generic_ctx, password);
2194 if (!NT_STATUS_IS_OK(status)) {
2198 status = gensec_set_target_service(auth_generic_ctx->gensec_security, target_service);
2199 if (!NT_STATUS_IS_OK(status)) {
2203 status = gensec_set_target_hostname(auth_generic_ctx->gensec_security, server);
2204 if (!NT_STATUS_IS_OK(status)) {
2208 cli_credentials_set_kerberos_state(auth_generic_ctx->credentials, use_kerberos);
2210 status = auth_generic_client_start_by_authtype(auth_generic_ctx, auth_type, auth_level);
2211 if (!NT_STATUS_IS_OK(status)) {
2215 result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
2216 talloc_free(auth_generic_ctx);
2218 return NT_STATUS_OK;
2221 TALLOC_FREE(result);
2225 NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
2226 enum dcerpc_AuthLevel auth_level,
2227 struct netlogon_creds_CredentialState *creds,
2228 struct pipe_auth_data **presult)
2230 struct schannel_state *schannel_auth;
2231 struct pipe_auth_data *result;
2233 result = talloc(mem_ctx, struct pipe_auth_data);
2234 if (result == NULL) {
2235 return NT_STATUS_NO_MEMORY;
2238 result->auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
2239 result->auth_level = auth_level;
2241 result->user_name = talloc_strdup(result, "");
2242 result->domain = talloc_strdup(result, domain);
2243 if ((result->user_name == NULL) || (result->domain == NULL)) {
2247 schannel_auth = talloc_zero(result, struct schannel_state);
2248 if (schannel_auth == NULL) {
2252 schannel_auth->state = SCHANNEL_STATE_START;
2253 schannel_auth->initiator = true;
2254 schannel_auth->creds = netlogon_creds_copy(result, creds);
2256 result->auth_ctx = schannel_auth;
2258 return NT_STATUS_OK;
2261 TALLOC_FREE(result);
2262 return NT_STATUS_NO_MEMORY;
2266 * Create an rpc pipe client struct, connecting to a tcp port.
2268 static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
2270 const struct ndr_syntax_id *abstract_syntax,
2271 struct rpc_pipe_client **presult)
2273 struct rpc_pipe_client *result;
2274 struct sockaddr_storage addr;
2278 result = talloc_zero(mem_ctx, struct rpc_pipe_client);
2279 if (result == NULL) {
2280 return NT_STATUS_NO_MEMORY;
2283 result->abstract_syntax = *abstract_syntax;
2284 result->transfer_syntax = ndr_transfer_syntax_ndr;
2286 result->desthost = talloc_strdup(result, host);
2287 result->srv_name_slash = talloc_asprintf_strupper_m(
2288 result, "\\\\%s", result->desthost);
2289 if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
2290 status = NT_STATUS_NO_MEMORY;
2294 result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
2295 result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
2297 if (!resolve_name(host, &addr, 0, false)) {
2298 status = NT_STATUS_NOT_FOUND;
2302 status = open_socket_out(&addr, port, 60*1000, &fd);
2303 if (!NT_STATUS_IS_OK(status)) {
2306 set_socket_options(fd, lp_socket_options());
2308 status = rpc_transport_sock_init(result, fd, &result->transport);
2309 if (!NT_STATUS_IS_OK(status)) {
2314 result->transport->transport = NCACN_IP_TCP;
2316 result->binding_handle = rpccli_bh_create(result);
2317 if (result->binding_handle == NULL) {
2318 TALLOC_FREE(result);
2319 return NT_STATUS_NO_MEMORY;
2323 return NT_STATUS_OK;
2326 TALLOC_FREE(result);
2331 * Determine the tcp port on which a dcerpc interface is listening
2332 * for the ncacn_ip_tcp transport via the endpoint mapper of the
2335 static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
2336 const struct ndr_syntax_id *abstract_syntax,
2340 struct rpc_pipe_client *epm_pipe = NULL;
2341 struct dcerpc_binding_handle *epm_handle = NULL;
2342 struct pipe_auth_data *auth = NULL;
2343 struct dcerpc_binding *map_binding = NULL;
2344 struct dcerpc_binding *res_binding = NULL;
2345 struct epm_twr_t *map_tower = NULL;
2346 struct epm_twr_t *res_towers = NULL;
2347 struct policy_handle *entry_handle = NULL;
2348 uint32_t num_towers = 0;
2349 uint32_t max_towers = 1;
2350 struct epm_twr_p_t towers;
2351 TALLOC_CTX *tmp_ctx = talloc_stackframe();
2352 uint32_t result = 0;
2354 if (pport == NULL) {
2355 status = NT_STATUS_INVALID_PARAMETER;
2359 if (ndr_syntax_id_equal(abstract_syntax,
2360 &ndr_table_epmapper.syntax_id)) {
2362 return NT_STATUS_OK;
2365 /* open the connection to the endpoint mapper */
2366 status = rpc_pipe_open_tcp_port(tmp_ctx, host, 135,
2367 &ndr_table_epmapper.syntax_id,
2370 if (!NT_STATUS_IS_OK(status)) {
2373 epm_handle = epm_pipe->binding_handle;
2375 status = rpccli_anon_bind_data(tmp_ctx, &auth);
2376 if (!NT_STATUS_IS_OK(status)) {
2380 status = rpc_pipe_bind(epm_pipe, auth);
2381 if (!NT_STATUS_IS_OK(status)) {
2385 /* create tower for asking the epmapper */
2387 map_binding = talloc_zero(tmp_ctx, struct dcerpc_binding);
2388 if (map_binding == NULL) {
2389 status = NT_STATUS_NO_MEMORY;
2393 map_binding->transport = NCACN_IP_TCP;
2394 map_binding->object = *abstract_syntax;
2395 map_binding->host = host; /* needed? */
2396 map_binding->endpoint = "0"; /* correct? needed? */
2398 map_tower = talloc_zero(tmp_ctx, struct epm_twr_t);
2399 if (map_tower == NULL) {
2400 status = NT_STATUS_NO_MEMORY;
2404 status = dcerpc_binding_build_tower(tmp_ctx, map_binding,
2405 &(map_tower->tower));
2406 if (!NT_STATUS_IS_OK(status)) {
2410 /* allocate further parameters for the epm_Map call */
2412 res_towers = talloc_array(tmp_ctx, struct epm_twr_t, max_towers);
2413 if (res_towers == NULL) {
2414 status = NT_STATUS_NO_MEMORY;
2417 towers.twr = res_towers;
2419 entry_handle = talloc_zero(tmp_ctx, struct policy_handle);
2420 if (entry_handle == NULL) {
2421 status = NT_STATUS_NO_MEMORY;
2425 /* ask the endpoint mapper for the port */
2427 status = dcerpc_epm_Map(epm_handle,
2429 discard_const_p(struct GUID,
2430 &(abstract_syntax->uuid)),
2438 if (!NT_STATUS_IS_OK(status)) {
2442 if (result != EPMAPPER_STATUS_OK) {
2443 status = NT_STATUS_UNSUCCESSFUL;
2447 if (num_towers != 1) {
2448 status = NT_STATUS_UNSUCCESSFUL;
2452 /* extract the port from the answer */
2454 status = dcerpc_binding_from_tower(tmp_ctx,
2455 &(towers.twr->tower),
2457 if (!NT_STATUS_IS_OK(status)) {
2461 /* are further checks here necessary? */
2462 if (res_binding->transport != NCACN_IP_TCP) {
2463 status = NT_STATUS_UNSUCCESSFUL;
2467 *pport = (uint16_t)atoi(res_binding->endpoint);
2470 TALLOC_FREE(tmp_ctx);
2475 * Create a rpc pipe client struct, connecting to a host via tcp.
2476 * The port is determined by asking the endpoint mapper on the given
2479 NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
2480 const struct ndr_syntax_id *abstract_syntax,
2481 struct rpc_pipe_client **presult)
2486 status = rpc_pipe_get_tcp_port(host, abstract_syntax, &port);
2487 if (!NT_STATUS_IS_OK(status)) {
2491 return rpc_pipe_open_tcp_port(mem_ctx, host, port,
2492 abstract_syntax, presult);
2495 /********************************************************************
2496 Create a rpc pipe client struct, connecting to a unix domain socket
2497 ********************************************************************/
2498 NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
2499 const struct ndr_syntax_id *abstract_syntax,
2500 struct rpc_pipe_client **presult)
2502 struct rpc_pipe_client *result;
2503 struct sockaddr_un addr;
2508 result = talloc_zero(mem_ctx, struct rpc_pipe_client);
2509 if (result == NULL) {
2510 return NT_STATUS_NO_MEMORY;
2513 result->abstract_syntax = *abstract_syntax;
2514 result->transfer_syntax = ndr_transfer_syntax_ndr;
2516 result->desthost = get_myname(result);
2517 result->srv_name_slash = talloc_asprintf_strupper_m(
2518 result, "\\\\%s", result->desthost);
2519 if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
2520 status = NT_STATUS_NO_MEMORY;
2524 result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
2525 result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
2527 fd = socket(AF_UNIX, SOCK_STREAM, 0);
2529 status = map_nt_error_from_unix(errno);
2534 addr.sun_family = AF_UNIX;
2535 strlcpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
2536 salen = sizeof(struct sockaddr_un);
2538 if (connect(fd, (struct sockaddr *)(void *)&addr, salen) == -1) {
2539 DEBUG(0, ("connect(%s) failed: %s\n", socket_path,
2542 return map_nt_error_from_unix(errno);
2545 status = rpc_transport_sock_init(result, fd, &result->transport);
2546 if (!NT_STATUS_IS_OK(status)) {
2551 result->transport->transport = NCALRPC;
2553 result->binding_handle = rpccli_bh_create(result);
2554 if (result->binding_handle == NULL) {
2555 TALLOC_FREE(result);
2556 return NT_STATUS_NO_MEMORY;
2560 return NT_STATUS_OK;
2563 TALLOC_FREE(result);
2567 struct rpc_pipe_client_np_ref {
2568 struct cli_state *cli;
2569 struct rpc_pipe_client *pipe;
2572 static int rpc_pipe_client_np_ref_destructor(struct rpc_pipe_client_np_ref *np_ref)
2574 DLIST_REMOVE(np_ref->cli->pipe_list, np_ref->pipe);
2578 /****************************************************************************
2579 Open a named pipe over SMB to a remote server.
2581 * CAVEAT CALLER OF THIS FUNCTION:
2582 * The returned rpc_pipe_client saves a copy of the cli_state cli pointer,
2583 * so be sure that this function is called AFTER any structure (vs pointer)
2584 * assignment of the cli. In particular, libsmbclient does structure
2585 * assignments of cli, which invalidates the data in the returned
2586 * rpc_pipe_client if this function is called before the structure assignment
2589 ****************************************************************************/
2591 static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
2592 const struct ndr_syntax_id *abstract_syntax,
2593 struct rpc_pipe_client **presult)
2595 struct rpc_pipe_client *result;
2597 struct rpc_pipe_client_np_ref *np_ref;
2599 /* sanity check to protect against crashes */
2602 return NT_STATUS_INVALID_HANDLE;
2605 result = talloc_zero(NULL, struct rpc_pipe_client);
2606 if (result == NULL) {
2607 return NT_STATUS_NO_MEMORY;
2610 result->abstract_syntax = *abstract_syntax;
2611 result->transfer_syntax = ndr_transfer_syntax_ndr;
2612 result->desthost = talloc_strdup(result, smbXcli_conn_remote_name(cli->conn));
2613 result->srv_name_slash = talloc_asprintf_strupper_m(
2614 result, "\\\\%s", result->desthost);
2616 result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
2617 result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
2619 if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
2620 TALLOC_FREE(result);
2621 return NT_STATUS_NO_MEMORY;
2624 status = rpc_transport_np_init(result, cli, abstract_syntax,
2625 &result->transport);
2626 if (!NT_STATUS_IS_OK(status)) {
2627 TALLOC_FREE(result);
2631 result->transport->transport = NCACN_NP;
2633 np_ref = talloc(result->transport, struct rpc_pipe_client_np_ref);
2634 if (np_ref == NULL) {
2635 TALLOC_FREE(result);
2636 return NT_STATUS_NO_MEMORY;
2639 np_ref->pipe = result;
2641 DLIST_ADD(np_ref->cli->pipe_list, np_ref->pipe);
2642 talloc_set_destructor(np_ref, rpc_pipe_client_np_ref_destructor);
2644 result->binding_handle = rpccli_bh_create(result);
2645 if (result->binding_handle == NULL) {
2646 TALLOC_FREE(result);
2647 return NT_STATUS_NO_MEMORY;
2651 return NT_STATUS_OK;
2654 /****************************************************************************
2655 Open a pipe to a remote server.
2656 ****************************************************************************/
2658 static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
2659 enum dcerpc_transport_t transport,
2660 const struct ndr_syntax_id *interface,
2661 struct rpc_pipe_client **presult)
2663 switch (transport) {
2665 return rpc_pipe_open_tcp(NULL, smbXcli_conn_remote_name(cli->conn),
2666 interface, presult);
2668 return rpc_pipe_open_np(cli, interface, presult);
2670 return NT_STATUS_NOT_IMPLEMENTED;
2674 /****************************************************************************
2675 Open a named pipe to an SMB server and bind anonymously.
2676 ****************************************************************************/
2678 NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
2679 enum dcerpc_transport_t transport,
2680 const struct ndr_syntax_id *interface,
2681 struct rpc_pipe_client **presult)
2683 struct rpc_pipe_client *result;
2684 struct pipe_auth_data *auth;
2687 status = cli_rpc_pipe_open(cli, transport, interface, &result);
2688 if (!NT_STATUS_IS_OK(status)) {
2692 status = rpccli_anon_bind_data(result, &auth);
2693 if (!NT_STATUS_IS_OK(status)) {
2694 DEBUG(0, ("rpccli_anon_bind_data returned %s\n",
2695 nt_errstr(status)));
2696 TALLOC_FREE(result);
2701 * This is a bit of an abstraction violation due to the fact that an
2702 * anonymous bind on an authenticated SMB inherits the user/domain
2703 * from the enclosing SMB creds
2706 TALLOC_FREE(auth->user_name);
2707 TALLOC_FREE(auth->domain);
2709 auth->user_name = talloc_strdup(auth, cli->user_name);
2710 auth->domain = talloc_strdup(auth, cli->domain);
2711 auth->user_session_key = data_blob_talloc(auth,
2712 cli->user_session_key.data,
2713 cli->user_session_key.length);
2715 if ((auth->user_name == NULL) || (auth->domain == NULL)) {
2716 TALLOC_FREE(result);
2717 return NT_STATUS_NO_MEMORY;
2720 status = rpc_pipe_bind(result, auth);
2721 if (!NT_STATUS_IS_OK(status)) {
2723 if (ndr_syntax_id_equal(interface,
2724 &ndr_table_dssetup.syntax_id)) {
2725 /* non AD domains just don't have this pipe, avoid
2726 * level 0 statement in that case - gd */
2729 DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
2730 "%s failed with error %s\n",
2731 get_pipe_name_from_syntax(talloc_tos(), interface),
2732 nt_errstr(status) ));
2733 TALLOC_FREE(result);
2737 DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
2738 "%s and bound anonymously.\n",
2739 get_pipe_name_from_syntax(talloc_tos(), interface),
2743 return NT_STATUS_OK;
2746 /****************************************************************************
2747 ****************************************************************************/
2749 NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
2750 const struct ndr_syntax_id *interface,
2751 struct rpc_pipe_client **presult)
2753 return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
2754 interface, presult);
2757 /****************************************************************************
2758 Open a named pipe to an SMB server and bind using the mech specified
2759 ****************************************************************************/
2761 NTSTATUS cli_rpc_pipe_open_generic_auth(struct cli_state *cli,
2762 const struct ndr_interface_table *table,
2763 enum dcerpc_transport_t transport,
2764 enum dcerpc_AuthType auth_type,
2765 enum dcerpc_AuthLevel auth_level,
2768 const char *username,
2769 const char *password,
2770 struct rpc_pipe_client **presult)
2772 struct rpc_pipe_client *result;
2773 struct pipe_auth_data *auth = NULL;
2774 const char *target_service = table->authservices->names[0];
2778 status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
2779 if (!NT_STATUS_IS_OK(status)) {
2783 status = rpccli_generic_bind_data(result,
2784 auth_type, auth_level,
2785 server, target_service,
2786 domain, username, password,
2787 CRED_AUTO_USE_KERBEROS,
2789 if (!NT_STATUS_IS_OK(status)) {
2790 DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
2791 nt_errstr(status)));
2795 status = rpc_pipe_bind(result, auth);
2796 if (!NT_STATUS_IS_OK(status)) {
2797 DEBUG(0, ("cli_rpc_pipe_open_generic_auth: cli_rpc_pipe_bind failed with error %s\n",
2798 nt_errstr(status) ));
2802 DEBUG(10,("cli_rpc_pipe_open_generic_auth: opened pipe %s to "
2803 "machine %s and bound as user %s\\%s.\n", table->name,
2804 result->desthost, domain, username));
2807 return NT_STATUS_OK;
2811 TALLOC_FREE(result);
2815 /****************************************************************************
2817 Open a named pipe to an SMB server and bind using schannel (bind type 68)
2818 using session_key. sign and seal.
2820 The *pdc will be stolen onto this new pipe
2821 ****************************************************************************/
2823 NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
2824 const struct ndr_syntax_id *interface,
2825 enum dcerpc_transport_t transport,
2826 enum dcerpc_AuthLevel auth_level,
2828 struct netlogon_creds_CredentialState **pdc,
2829 struct rpc_pipe_client **presult)
2831 struct rpc_pipe_client *result;
2832 struct pipe_auth_data *auth;
2835 status = cli_rpc_pipe_open(cli, transport, interface, &result);
2836 if (!NT_STATUS_IS_OK(status)) {
2840 status = rpccli_schannel_bind_data(result, domain, auth_level,
2842 if (!NT_STATUS_IS_OK(status)) {
2843 DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
2844 nt_errstr(status)));
2845 TALLOC_FREE(result);
2849 status = rpc_pipe_bind(result, auth);
2850 if (!NT_STATUS_IS_OK(status)) {
2851 DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: "
2852 "cli_rpc_pipe_bind failed with error %s\n",
2853 nt_errstr(status) ));
2854 TALLOC_FREE(result);
2859 * The credentials on a new netlogon pipe are the ones we are passed
2860 * in - copy them over
2862 result->dc = netlogon_creds_copy(result, *pdc);
2863 if (result->dc == NULL) {
2864 TALLOC_FREE(result);
2865 return NT_STATUS_NO_MEMORY;
2868 DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
2869 "for domain %s and bound using schannel.\n",
2870 get_pipe_name_from_syntax(talloc_tos(), interface),
2871 result->desthost, domain));
2874 return NT_STATUS_OK;
2877 NTSTATUS cli_rpc_pipe_open_spnego(struct cli_state *cli,
2878 const struct ndr_interface_table *table,
2879 enum dcerpc_transport_t transport,
2881 enum dcerpc_AuthLevel auth_level,
2884 const char *username,
2885 const char *password,
2886 struct rpc_pipe_client **presult)
2888 struct rpc_pipe_client *result;
2889 struct pipe_auth_data *auth = NULL;
2890 const char *target_service = table->authservices->names[0];
2893 enum credentials_use_kerberos use_kerberos;
2895 if (strcmp(oid, GENSEC_OID_KERBEROS5) == 0) {
2896 use_kerberos = CRED_MUST_USE_KERBEROS;
2897 } else if (strcmp(oid, GENSEC_OID_NTLMSSP) == 0) {
2898 use_kerberos = CRED_DONT_USE_KERBEROS;
2900 return NT_STATUS_INVALID_PARAMETER;
2903 status = cli_rpc_pipe_open(cli, transport, &table->syntax_id, &result);
2904 if (!NT_STATUS_IS_OK(status)) {
2908 status = rpccli_generic_bind_data(result,
2909 DCERPC_AUTH_TYPE_SPNEGO, auth_level,
2910 server, target_service,
2911 domain, username, password,
2914 if (!NT_STATUS_IS_OK(status)) {
2915 DEBUG(0, ("rpccli_generic_bind_data returned %s\n",
2916 nt_errstr(status)));
2920 status = rpc_pipe_bind(result, auth);
2921 if (!NT_STATUS_IS_OK(status)) {
2922 DEBUG(0, ("cli_rpc_pipe_open_spnego: cli_rpc_pipe_bind failed with error %s\n",
2923 nt_errstr(status) ));
2927 DEBUG(10,("cli_rpc_pipe_open_spnego: opened pipe %s to "
2928 "machine %s.\n", table->name,
2932 return NT_STATUS_OK;
2936 TALLOC_FREE(result);
2940 NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
2941 struct rpc_pipe_client *cli,
2942 DATA_BLOB *session_key)
2945 struct pipe_auth_data *a;
2946 struct schannel_state *schannel_auth;
2947 struct gensec_security *gensec_security;
2948 DATA_BLOB sk = data_blob_null;
2949 bool make_dup = false;
2951 if (!session_key || !cli) {
2952 return NT_STATUS_INVALID_PARAMETER;
2958 return NT_STATUS_INVALID_PARAMETER;
2961 switch (cli->auth->auth_type) {
2962 case DCERPC_AUTH_TYPE_SCHANNEL:
2963 schannel_auth = talloc_get_type_abort(a->auth_ctx,
2964 struct schannel_state);
2965 sk = data_blob_const(schannel_auth->creds->session_key, 16);
2968 case DCERPC_AUTH_TYPE_SPNEGO:
2969 case DCERPC_AUTH_TYPE_NTLMSSP:
2970 case DCERPC_AUTH_TYPE_KRB5:
2971 gensec_security = talloc_get_type_abort(a->auth_ctx,
2972 struct gensec_security);
2973 status = gensec_session_key(gensec_security, mem_ctx, &sk);
2974 if (!NT_STATUS_IS_OK(status)) {
2979 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
2980 case DCERPC_AUTH_TYPE_NONE:
2981 sk = data_blob_const(a->user_session_key.data,
2982 a->user_session_key.length);
2990 return NT_STATUS_NO_USER_SESSION_KEY;
2994 *session_key = data_blob_dup_talloc(mem_ctx, sk);
2999 return NT_STATUS_OK;
git.samba.org / samba.git / blob