2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Largely re-written : 2005
6 * Copyright (C) Jeremy Allison 1998 - 2005
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include "librpc/gen_ndr/ndr_named_pipe_auth.h"
26 #define DBGC_CLASS DBGC_RPC_SRV
28 static int pipes_open;
30 static pipes_struct *InternalPipes;
33 * the following prototypes are declared here to avoid
34 * code being moved about too much for a patch to be
35 * disrupted / less obvious.
37 * these functions, and associated functions that they
38 * call, should be moved behind a .so module-loading
39 * system _anyway_. so that's the next step...
42 static int close_internal_rpc_pipe_hnd(struct pipes_struct *p);
44 /****************************************************************************
45 Internal Pipe iterator functions.
46 ****************************************************************************/
48 pipes_struct *get_first_internal_pipe(void)
53 pipes_struct *get_next_internal_pipe(pipes_struct *p)
58 const char *get_pipe_name_tos(struct pipes_struct *p)
60 return get_pipe_name_from_syntax(talloc_tos(),
61 &p->interface->syntax_id);
64 /****************************************************************************
65 Initialise an outgoing packet.
66 ****************************************************************************/
68 static bool pipe_init_outgoing_data(pipes_struct *p)
70 output_data *o_data = &p->out_data;
72 /* Reset the offset counters. */
73 o_data->data_sent_length = 0;
74 o_data->current_pdu_sent = 0;
76 prs_mem_free(&o_data->frag);
78 /* Free any memory in the current return data buffer. */
79 prs_mem_free(&o_data->rdata);
82 * Initialize the outgoing RPC data buffer.
83 * we will use this as the raw data area for replying to rpc requests.
85 if(!prs_init(&o_data->rdata, 128, p->mem_ctx, MARSHALL)) {
86 DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n"));
93 /****************************************************************************
94 Make an internal namedpipes structure
95 ****************************************************************************/
97 static struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
98 const struct ndr_syntax_id *syntax,
99 const char *client_address,
100 struct auth_serversupplied_info *server_info)
104 DEBUG(4,("Create pipe requested %s\n",
105 get_pipe_name_from_syntax(talloc_tos(), syntax)));
107 p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct);
110 DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
114 p->mem_ctx = talloc_init("pipe %s %p",
115 get_pipe_name_from_syntax(talloc_tos(),
117 if (p->mem_ctx == NULL) {
118 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));
123 p->interface = get_iface_from_syntax(syntax);
124 if (p->interface == NULL) {
125 DEBUG(10, ("Could not find ndr table for syntax\n"));
126 TALLOC_FREE(p->mem_ctx);
131 if (!init_pipe_handle_list(p, syntax)) {
132 DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n"));
133 talloc_destroy(p->mem_ctx);
139 * Initialize the incoming RPC data buffer with one PDU worth of memory.
140 * We cheat here and say we're marshalling, as we intend to add incoming
141 * data directly into the prs_struct and we want it to auto grow. We will
142 * change the type to UNMARSALLING before processing the stream.
145 if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
146 DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
147 talloc_destroy(p->mem_ctx);
148 close_policy_by_pipe(p);
153 p->server_info = copy_serverinfo(p, server_info);
154 if (p->server_info == NULL) {
155 DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
156 talloc_destroy(p->mem_ctx);
157 close_policy_by_pipe(p);
162 DLIST_ADD(InternalPipes, p);
164 memcpy(p->client_address, client_address, sizeof(p->client_address));
166 p->endian = RPC_LITTLE_ENDIAN;
169 * Initialize the outgoing RPC data buffer with no memory.
171 prs_init_empty(&p->out_data.rdata, p->mem_ctx, MARSHALL);
173 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n",
174 get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open));
176 talloc_set_destructor(p, close_internal_rpc_pipe_hnd);
181 /****************************************************************************
182 Sets the fault state on incoming packets.
183 ****************************************************************************/
185 static void set_incoming_fault(pipes_struct *p)
187 prs_mem_free(&p->in_data.data);
188 p->in_data.pdu_needed_len = 0;
189 p->in_data.pdu_received_len = 0;
190 p->fault_state = True;
191 DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
192 get_pipe_name_tos(p)));
195 /****************************************************************************
196 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.
197 ****************************************************************************/
199 static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
201 size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len);
203 DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n",
204 (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
205 (unsigned int)p->in_data.pdu_received_len ));
207 if (p->in_data.current_in_pdu == NULL) {
208 p->in_data.current_in_pdu = talloc_array(p, uint8_t,
211 if (p->in_data.current_in_pdu == NULL) {
212 DEBUG(0, ("talloc failed\n"));
216 memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
217 p->in_data.pdu_received_len += len_needed_to_complete_hdr;
219 return (ssize_t)len_needed_to_complete_hdr;
222 /****************************************************************************
223 Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu.
224 ****************************************************************************/
226 static ssize_t unmarshall_rpc_header(pipes_struct *p)
229 * Unmarshall the header to determine the needed length.
234 if(p->in_data.pdu_received_len != RPC_HEADER_LEN) {
235 DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n"));
236 set_incoming_fault(p);
240 prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL);
241 prs_set_endian_data( &rpc_in, p->endian);
243 prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
244 p->in_data.pdu_received_len, False);
247 * Unmarshall the header as this will tell us how much
248 * data we need to read to get the complete pdu.
249 * This also sets the endian flag in rpc_in.
252 if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) {
253 DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n"));
254 set_incoming_fault(p);
255 prs_mem_free(&rpc_in);
260 * Validate the RPC header.
263 if(p->hdr.major != 5 && p->hdr.minor != 0) {
264 DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n"));
265 set_incoming_fault(p);
266 prs_mem_free(&rpc_in);
271 * If there's not data in the incoming buffer this should be the start of a new RPC.
274 if(prs_offset(&p->in_data.data) == 0) {
277 * AS/U doesn't set FIRST flag in a BIND packet it seems.
280 if ((p->hdr.pkt_type == DCERPC_PKT_REQUEST) && !(p->hdr.flags & DCERPC_PFC_FLAG_FIRST)) {
282 * Ensure that the FIRST flag is set. If not then we have
283 * a stream missmatch.
286 DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n"));
287 set_incoming_fault(p);
288 prs_mem_free(&rpc_in);
293 * If this is the first PDU then set the endianness
294 * flag in the pipe. We will need this when parsing all
298 p->endian = rpc_in.bigendian_data;
300 DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n",
301 p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" ));
306 * If this is *NOT* the first PDU then check the endianness
307 * flag in the pipe is the same as that in the PDU.
310 if (p->endian != rpc_in.bigendian_data) {
311 DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian));
312 set_incoming_fault(p);
313 prs_mem_free(&rpc_in);
319 * Ensure that the pdu length is sane.
322 if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > RPC_MAX_PDU_FRAG_LEN)) {
323 DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n"));
324 set_incoming_fault(p);
325 prs_mem_free(&rpc_in);
329 DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type,
330 (unsigned int)p->hdr.flags ));
332 p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN;
334 prs_mem_free(&rpc_in);
336 p->in_data.current_in_pdu = TALLOC_REALLOC_ARRAY(
337 p, p->in_data.current_in_pdu, uint8_t, p->hdr.frag_len);
338 if (p->in_data.current_in_pdu == NULL) {
339 DEBUG(0, ("talloc failed\n"));
340 set_incoming_fault(p);
344 return 0; /* No extra data processed. */
347 /****************************************************************************
348 Call this to free any talloc'ed memory. Do this before and after processing
350 ****************************************************************************/
352 static void free_pipe_context(pipes_struct *p)
355 DEBUG(3,("free_pipe_context: destroying talloc pool of size "
356 "%lu\n", (unsigned long)talloc_total_size(p->mem_ctx) ));
357 talloc_free_children(p->mem_ctx);
359 p->mem_ctx = talloc_init("pipe %s %p", get_pipe_name_tos(p),
361 if (p->mem_ctx == NULL) {
362 p->fault_state = True;
367 /****************************************************************************
368 Processes a request pdu. This will do auth processing if needed, and
369 appends the data into the complete stream if the LAST flag is not set.
370 ****************************************************************************/
372 static bool process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
374 uint32 ss_padding_len = 0;
375 size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
376 (p->hdr.auth_len ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len;
379 DEBUG(0,("process_request_pdu: rpc request with no bind.\n"));
380 set_incoming_fault(p);
385 * Check if we need to do authentication processing.
386 * This is only done on requests, not binds.
390 * Read the RPC request header.
393 if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) {
394 DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n"));
395 set_incoming_fault(p);
399 switch(p->auth.auth_type) {
400 case PIPE_AUTH_TYPE_NONE:
403 case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
404 case PIPE_AUTH_TYPE_NTLMSSP:
407 if(!api_pipe_ntlmssp_auth_process(p, rpc_in_p, &ss_padding_len, &status)) {
408 DEBUG(0,("process_request_pdu: failed to do auth processing.\n"));
409 DEBUG(0,("process_request_pdu: error was %s.\n", nt_errstr(status) ));
410 set_incoming_fault(p);
416 case PIPE_AUTH_TYPE_SCHANNEL:
417 if (!api_pipe_schannel_process(p, rpc_in_p, &ss_padding_len)) {
418 DEBUG(3,("process_request_pdu: failed to do schannel processing.\n"));
419 set_incoming_fault(p);
425 DEBUG(0,("process_request_pdu: unknown auth type %u set.\n", (unsigned int)p->auth.auth_type ));
426 set_incoming_fault(p);
430 /* Now we've done the sign/seal we can remove any padding data. */
431 if (data_len > ss_padding_len) {
432 data_len -= ss_padding_len;
436 * Check the data length doesn't go over the 15Mb limit.
437 * increased after observing a bug in the Windows NT 4.0 SP6a
438 * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC
439 * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
442 if(prs_offset(&p->in_data.data) + data_len > MAX_RPC_DATA_SIZE) {
443 DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n",
444 (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len ));
445 set_incoming_fault(p);
450 * Append the data portion into the buffer and return.
453 if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) {
454 DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n",
455 (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) ));
456 set_incoming_fault(p);
460 if(p->hdr.flags & DCERPC_PFC_FLAG_LAST) {
463 * Ok - we finally have a complete RPC stream.
464 * Call the rpc command to process it.
468 * Ensure the internal prs buffer size is *exactly* the same
469 * size as the current offset.
472 if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) {
473 DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
474 set_incoming_fault(p);
479 * Set the parse offset to the start of the data and set the
480 * prs_struct to UNMARSHALL.
483 prs_set_offset(&p->in_data.data, 0);
484 prs_switch_type(&p->in_data.data, UNMARSHALL);
487 * Process the complete data stream here.
490 free_pipe_context(p);
492 if(pipe_init_outgoing_data(p)) {
493 ret = api_pipe_request(p);
496 free_pipe_context(p);
499 * We have consumed the whole data stream. Set back to
500 * marshalling and set the offset back to the start of
501 * the buffer to re-use it (we could also do a prs_mem_free()
502 * and then re_init on the next start of PDU. Not sure which
503 * is best here.... JRA.
506 prs_switch_type(&p->in_data.data, MARSHALL);
507 prs_set_offset(&p->in_data.data, 0);
514 /****************************************************************************
515 Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has
516 already been parsed and stored in p->hdr.
517 ****************************************************************************/
519 static void process_complete_pdu(pipes_struct *p)
522 size_t data_len = p->in_data.pdu_received_len - RPC_HEADER_LEN;
523 char *data_p = (char *)&p->in_data.current_in_pdu[RPC_HEADER_LEN];
527 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
528 get_pipe_name_tos(p)));
529 set_incoming_fault(p);
530 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
534 prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL);
537 * Ensure we're using the corrent endianness for both the
538 * RPC header flags and the raw data we will be reading from.
541 prs_set_endian_data( &rpc_in, p->endian);
542 prs_set_endian_data( &p->in_data.data, p->endian);
544 prs_give_memory( &rpc_in, data_p, (uint32)data_len, False);
546 DEBUG(10,("process_complete_pdu: processing packet type %u\n",
547 (unsigned int)p->hdr.pkt_type ));
549 switch (p->hdr.pkt_type) {
550 case DCERPC_PKT_REQUEST:
551 reply = process_request_pdu(p, &rpc_in);
554 case DCERPC_PKT_PING: /* CL request - ignore... */
555 DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
556 (unsigned int)p->hdr.pkt_type,
557 get_pipe_name_tos(p)));
560 case DCERPC_PKT_RESPONSE: /* No responses here. */
561 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_RESPONSE received from client on pipe %s.\n",
562 get_pipe_name_tos(p)));
565 case DCERPC_PKT_FAULT:
566 case DCERPC_PKT_WORKING: /* CL request - reply to a ping when a call in process. */
567 case DCERPC_PKT_NOCALL: /* CL - server reply to a ping call. */
568 case DCERPC_PKT_REJECT:
570 case DCERPC_PKT_CL_CANCEL:
571 case DCERPC_PKT_FACK:
572 case DCERPC_PKT_CANCEL_ACK:
573 DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
574 (unsigned int)p->hdr.pkt_type,
575 get_pipe_name_tos(p)));
578 case DCERPC_PKT_BIND:
580 * We assume that a pipe bind is only in one pdu.
582 if(pipe_init_outgoing_data(p)) {
583 reply = api_pipe_bind_req(p, &rpc_in);
587 case DCERPC_PKT_BIND_ACK:
588 case DCERPC_PKT_BIND_NAK:
589 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK packet type %u received on pipe %s.\n",
590 (unsigned int)p->hdr.pkt_type,
591 get_pipe_name_tos(p)));
595 case DCERPC_PKT_ALTER:
597 * We assume that a pipe bind is only in one pdu.
599 if(pipe_init_outgoing_data(p)) {
600 reply = api_pipe_alter_context(p, &rpc_in);
604 case DCERPC_PKT_ALTER_RESP:
605 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_ALTER_RESP on pipe %s: Should only be server -> client.\n",
606 get_pipe_name_tos(p)));
609 case DCERPC_PKT_AUTH3:
611 * The third packet in an NTLMSSP auth exchange.
613 if(pipe_init_outgoing_data(p)) {
614 reply = api_pipe_bind_auth3(p, &rpc_in);
618 case DCERPC_PKT_SHUTDOWN:
619 DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_SHUTDOWN on pipe %s: Should only be server -> client.\n",
620 get_pipe_name_tos(p)));
623 case DCERPC_PKT_CO_CANCEL:
624 /* For now just free all client data and continue processing. */
625 DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL. Abandoning rpc call.\n"));
626 /* As we never do asynchronous RPC serving, we can never cancel a
627 call (as far as I know). If we ever did we'd have to send a cancel_ack
628 reply. For now, just free all client data and continue processing. */
632 /* Enable this if we're doing async rpc. */
633 /* We must check the call-id matches the outstanding callid. */
634 if(pipe_init_outgoing_data(p)) {
635 /* Send a cancel_ack PDU reply. */
636 /* We should probably check the auth-verifier here. */
637 reply = setup_cancel_ack_reply(p, &rpc_in);
642 case DCERPC_PKT_ORPHANED:
643 /* We should probably check the auth-verifier here.
644 For now just free all client data and continue processing. */
645 DEBUG(3,("process_complete_pdu: DCERPC_PKT_ORPHANED. Abandoning rpc call.\n"));
650 DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type ));
654 /* Reset to little endian. Probably don't need this but it won't hurt. */
655 prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN);
658 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
659 "pipe %s\n", get_pipe_name_tos(p)));
660 set_incoming_fault(p);
661 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
662 prs_mem_free(&rpc_in);
665 * Reset the lengths. We're ready for a new pdu.
667 TALLOC_FREE(p->in_data.current_in_pdu);
668 p->in_data.pdu_needed_len = 0;
669 p->in_data.pdu_received_len = 0;
672 prs_mem_free(&rpc_in);
675 /****************************************************************************
676 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.
677 ****************************************************************************/
679 static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n)
681 size_t data_to_copy = MIN(n, RPC_MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len);
683 DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n",
684 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len,
687 if(data_to_copy == 0) {
689 * This is an error - data is being received and there is no
690 * space in the PDU. Free the received data and go into the fault state.
692 DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \
693 incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n ));
694 set_incoming_fault(p);
699 * If we have no data already, wait until we get at least a RPC_HEADER_LEN
700 * number of bytes before we can do anything.
703 if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) {
705 * Always return here. If we have more data then the RPC_HEADER
706 * will be processed the next time around the loop.
708 return fill_rpc_header(p, data, data_to_copy);
712 * At this point we know we have at least an RPC_HEADER_LEN amount of data
713 * stored in current_in_pdu.
717 * If pdu_needed_len is zero this is a new pdu.
718 * Unmarshall the header so we know how much more
719 * data we need, then loop again.
722 if(p->in_data.pdu_needed_len == 0) {
723 ssize_t rret = unmarshall_rpc_header(p);
724 if (rret == -1 || p->in_data.pdu_needed_len > 0) {
727 /* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists
728 of an RPC_HEADER only. This is a DCERPC_PKT_SHUTDOWN, DCERPC_PKT_CO_CANCEL or DCERPC_PKT_ORPHANED
729 pdu type. Deal with this in process_complete_pdu(). */
733 * Ok - at this point we have a valid RPC_HEADER in p->hdr.
734 * Keep reading until we have a full pdu.
737 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);
740 * Copy as much of the data as we need into the current_in_pdu buffer.
741 * pdu_needed_len becomes zero when we have a complete pdu.
744 memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy);
745 p->in_data.pdu_received_len += data_to_copy;
746 p->in_data.pdu_needed_len -= data_to_copy;
749 * Do we have a complete PDU ?
750 * (return the number of bytes handled in the call)
753 if(p->in_data.pdu_needed_len == 0) {
754 process_complete_pdu(p);
758 DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n",
759 (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len ));
761 return (ssize_t)data_to_copy;
764 /****************************************************************************
765 Accepts incoming data on an internal rpc pipe.
766 ****************************************************************************/
768 static ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n)
770 size_t data_left = n;
775 DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left ));
777 data_used = process_incoming_data(p, data, data_left);
779 DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used ));
785 data_left -= data_used;
792 /****************************************************************************
793 Replies to a request to read data from a pipe.
795 Headers are interspersed with the data at PDU intervals. By the time
796 this function is called, the start of the data could possibly have been
797 read by an SMBtrans (file_offset != 0).
799 Calling create_rpc_reply() here is a hack. The data should already
800 have been prepared into arrays of headers + data stream sections.
801 ****************************************************************************/
803 static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data, size_t n,
804 bool *is_data_outstanding)
806 uint32 pdu_remaining = 0;
807 ssize_t data_returned = 0;
810 DEBUG(0,("read_from_pipe: pipe not open\n"));
814 DEBUG(6,(" name: %s len: %u\n", get_pipe_name_tos(p),
818 * We cannot return more than one PDU length per
823 * This condition should result in the connection being closed.
824 * Netapp filers seem to set it to 0xffff which results in domain
825 * authentications failing. Just ignore it so things work.
828 if(n > RPC_MAX_PDU_FRAG_LEN) {
829 DEBUG(5,("read_from_pipe: too large read (%u) requested on "
830 "pipe %s. We can only service %d sized reads.\n",
831 (unsigned int)n, get_pipe_name_tos(p),
832 RPC_MAX_PDU_FRAG_LEN ));
833 n = RPC_MAX_PDU_FRAG_LEN;
837 * Determine if there is still data to send in the
838 * pipe PDU buffer. Always send this first. Never
839 * send more than is left in the current PDU. The
840 * client should send a new read request for a new
844 pdu_remaining = prs_offset(&p->out_data.frag)
845 - p->out_data.current_pdu_sent;
847 if (pdu_remaining > 0) {
848 data_returned = (ssize_t)MIN(n, pdu_remaining);
850 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, "
851 "current_pdu_sent = %u returning %d bytes.\n",
852 get_pipe_name_tos(p),
853 (unsigned int)prs_offset(&p->out_data.frag),
854 (unsigned int)p->out_data.current_pdu_sent,
855 (int)data_returned));
858 prs_data_p(&p->out_data.frag)
859 + p->out_data.current_pdu_sent,
862 p->out_data.current_pdu_sent += (uint32)data_returned;
867 * At this point p->current_pdu_len == p->current_pdu_sent (which
868 * may of course be zero if this is the first return fragment.
871 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length "
872 "= %u, prs_offset(&p->out_data.rdata) = %u.\n",
873 get_pipe_name_tos(p), (int)p->fault_state,
874 (unsigned int)p->out_data.data_sent_length,
875 (unsigned int)prs_offset(&p->out_data.rdata) ));
877 if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) {
879 * We have sent all possible data, return 0.
886 * We need to create a new PDU from the data left in p->rdata.
887 * Create the header/data/footers. This also sets up the fields
888 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length
889 * and stores the outgoing PDU in p->current_pdu.
892 if(!create_next_pdu(p)) {
893 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n",
894 get_pipe_name_tos(p)));
898 data_returned = MIN(n, prs_offset(&p->out_data.frag));
900 memcpy( data, prs_data_p(&p->out_data.frag), (size_t)data_returned);
901 p->out_data.current_pdu_sent += (uint32)data_returned;
904 (*is_data_outstanding) = prs_offset(&p->out_data.frag) > n;
906 return data_returned;
909 /****************************************************************************
911 ****************************************************************************/
913 static int close_internal_rpc_pipe_hnd(struct pipes_struct *p)
916 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n"));
920 prs_mem_free(&p->out_data.frag);
921 prs_mem_free(&p->out_data.rdata);
922 prs_mem_free(&p->in_data.data);
924 if (p->auth.auth_data_free_func) {
925 (*p->auth.auth_data_free_func)(&p->auth);
928 TALLOC_FREE(p->mem_ctx);
930 free_pipe_rpc_context( p->contexts );
932 /* Free the handles database. */
933 close_policy_by_pipe(p);
935 DLIST_REMOVE(InternalPipes, p);
944 bool fsp_is_np(struct files_struct *fsp)
946 enum FAKE_FILE_TYPE type;
948 if ((fsp == NULL) || (fsp->fake_file_handle == NULL)) {
952 type = fsp->fake_file_handle->type;
954 return ((type == FAKE_FILE_TYPE_NAMED_PIPE)
955 || (type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY));
958 struct np_proxy_state {
959 struct tevent_queue *read_queue;
960 struct tevent_queue *write_queue;
967 static int np_proxy_state_destructor(struct np_proxy_state *state)
969 if (state->fd != -1) {
975 static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx,
976 const char *pipe_name,
977 struct auth_serversupplied_info *server_info)
979 struct np_proxy_state *result;
980 struct sockaddr_un addr;
982 const char *socket_dir;
985 struct netr_SamInfo3 *info3;
986 struct named_pipe_auth_req req;
989 struct named_pipe_auth_rep rep;
990 enum ndr_err_code ndr_err;
994 result = talloc(mem_ctx, struct np_proxy_state);
995 if (result == NULL) {
996 DEBUG(0, ("talloc failed\n"));
1000 result->fd = socket(AF_UNIX, SOCK_STREAM, 0);
1001 if (result->fd == -1) {
1002 DEBUG(10, ("socket(2) failed: %s\n", strerror(errno)));
1005 talloc_set_destructor(result, np_proxy_state_destructor);
1008 addr.sun_family = AF_UNIX;
1010 socket_dir = lp_parm_const_string(
1011 GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir",
1012 get_dyn_NCALRPCDIR());
1013 if (socket_dir == NULL) {
1014 DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n"));
1018 socket_path = talloc_asprintf(talloc_tos(), "%s/np/%s",
1019 socket_dir, pipe_name);
1020 if (socket_path == NULL) {
1021 DEBUG(0, ("talloc_asprintf failed\n"));
1024 strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
1025 TALLOC_FREE(socket_path);
1028 if (sys_connect(result->fd, (struct sockaddr *)&addr) == -1) {
1030 DEBUG(0, ("connect(%s) failed: %s\n", addr.sun_path,
1036 info3 = talloc(talloc_tos(), struct netr_SamInfo3);
1037 if (info3 == NULL) {
1038 DEBUG(0, ("talloc failed\n"));
1042 status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
1043 if (!NT_STATUS_IS_OK(status)) {
1045 DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
1046 nt_errstr(status)));
1051 req.info.info1 = *info3;
1053 ndr_err = ndr_push_struct_blob(
1054 &req_blob, talloc_tos(), NULL, &req,
1055 (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req);
1057 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1058 DEBUG(10, ("ndr_push_named_pipe_auth_req failed: %s\n",
1059 ndr_errstr(ndr_err)));
1063 DEBUG(10, ("named_pipe_auth_req(client)[%u]\n", (uint32_t)req_blob.length));
1064 dump_data(10, req_blob.data, req_blob.length);
1066 written = write_data(result->fd, (char *)req_blob.data,
1068 if (written == -1) {
1069 DEBUG(3, ("Could not write auth req data to RPC server\n"));
1073 status = read_data(result->fd, (char *)rep_buf, sizeof(rep_buf));
1074 if (!NT_STATUS_IS_OK(status)) {
1075 DEBUG(3, ("Could not read auth result\n"));
1079 rep_blob = data_blob_const(rep_buf, sizeof(rep_buf));
1081 DEBUG(10,("name_pipe_auth_rep(client)[%u]\n", (uint32_t)rep_blob.length));
1082 dump_data(10, rep_blob.data, rep_blob.length);
1084 ndr_err = ndr_pull_struct_blob(
1085 &rep_blob, talloc_tos(), NULL, &rep,
1086 (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_rep);
1088 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1089 DEBUG(0, ("ndr_pull_named_pipe_auth_rep failed: %s\n",
1090 ndr_errstr(ndr_err)));
1094 if (rep.length != 16) {
1095 DEBUG(0, ("req invalid length: %u != 16\n",
1100 if (strcmp(NAMED_PIPE_AUTH_MAGIC, rep.magic) != 0) {
1101 DEBUG(0, ("req invalid magic: %s != %s\n",
1102 rep.magic, NAMED_PIPE_AUTH_MAGIC));
1106 if (!NT_STATUS_IS_OK(rep.status)) {
1107 DEBUG(0, ("req failed: %s\n",
1108 nt_errstr(rep.status)));
1112 if (rep.level != 1) {
1113 DEBUG(0, ("req invalid level: %u != 1\n",
1120 result->read_queue = tevent_queue_create(result, "np_read");
1121 if (result->read_queue == NULL) {
1124 result->write_queue = tevent_queue_create(result, "np_write");
1125 if (result->write_queue == NULL) {
1132 TALLOC_FREE(result);
1136 NTSTATUS np_open(TALLOC_CTX *mem_ctx, const char *name,
1137 const char *client_address,
1138 struct auth_serversupplied_info *server_info,
1139 struct fake_file_handle **phandle)
1141 const char **proxy_list;
1142 struct fake_file_handle *handle;
1144 proxy_list = lp_parm_string_list(-1, "np", "proxy", NULL);
1146 handle = talloc(mem_ctx, struct fake_file_handle);
1147 if (handle == NULL) {
1148 return NT_STATUS_NO_MEMORY;
1151 if ((proxy_list != NULL) && str_list_check_ci(proxy_list, name)) {
1152 struct np_proxy_state *p;
1154 p = make_external_rpc_pipe_p(handle, name, server_info);
1156 handle->type = FAKE_FILE_TYPE_NAMED_PIPE_PROXY;
1157 handle->private_data = p;
1159 struct pipes_struct *p;
1160 struct ndr_syntax_id syntax;
1162 if (!is_known_pipename(name, &syntax)) {
1163 TALLOC_FREE(handle);
1164 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
1167 p = make_internal_rpc_pipe_p(handle, &syntax, client_address,
1170 handle->type = FAKE_FILE_TYPE_NAMED_PIPE;
1171 handle->private_data = p;
1174 if (handle->private_data == NULL) {
1175 TALLOC_FREE(handle);
1176 return NT_STATUS_PIPE_NOT_AVAILABLE;
1181 return NT_STATUS_OK;
1184 struct np_write_state {
1185 struct event_context *ev;
1186 struct np_proxy_state *p;
1191 static void np_write_done(struct tevent_req *subreq);
1193 struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
1194 struct fake_file_handle *handle,
1195 const uint8_t *data, size_t len)
1197 struct tevent_req *req;
1198 struct np_write_state *state;
1201 DEBUG(6, ("np_write_send: len: %d\n", (int)len));
1202 dump_data(50, data, len);
1204 req = tevent_req_create(mem_ctx, &state, struct np_write_state);
1210 state->nwritten = 0;
1211 status = NT_STATUS_OK;
1215 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {
1216 struct pipes_struct *p = talloc_get_type_abort(
1217 handle->private_data, struct pipes_struct);
1219 state->nwritten = write_to_internal_pipe(p, (char *)data, len);
1221 status = (state->nwritten >= 0)
1222 ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
1226 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) {
1227 struct np_proxy_state *p = talloc_get_type_abort(
1228 handle->private_data, struct np_proxy_state);
1229 struct tevent_req *subreq;
1233 state->iov.iov_base = CONST_DISCARD(void *, data);
1234 state->iov.iov_len = len;
1236 subreq = writev_send(state, ev, p->write_queue, p->fd,
1237 false, &state->iov, 1);
1238 if (subreq == NULL) {
1241 tevent_req_set_callback(subreq, np_write_done, req);
1245 status = NT_STATUS_INVALID_HANDLE;
1247 if (NT_STATUS_IS_OK(status)) {
1248 tevent_req_done(req);
1250 tevent_req_nterror(req, status);
1252 return tevent_req_post(req, ev);
1258 static void np_write_done(struct tevent_req *subreq)
1260 struct tevent_req *req = tevent_req_callback_data(
1261 subreq, struct tevent_req);
1262 struct np_write_state *state = tevent_req_data(
1263 req, struct np_write_state);
1267 received = writev_recv(subreq, &err);
1269 tevent_req_nterror(req, map_nt_error_from_unix(err));
1272 state->nwritten = received;
1273 tevent_req_done(req);
1276 NTSTATUS np_write_recv(struct tevent_req *req, ssize_t *pnwritten)
1278 struct np_write_state *state = tevent_req_data(
1279 req, struct np_write_state);
1282 if (tevent_req_is_nterror(req, &status)) {
1285 *pnwritten = state->nwritten;
1286 return NT_STATUS_OK;
1289 static ssize_t rpc_frag_more_fn(uint8_t *buf, size_t buflen, void *priv)
1292 struct rpc_hdr_info hdr;
1295 if (buflen > RPC_HEADER_LEN) {
1298 prs_init_empty(&hdr_prs, talloc_tos(), UNMARSHALL);
1299 prs_give_memory(&hdr_prs, (char *)buf, RPC_HEADER_LEN, false);
1300 ret = smb_io_rpc_hdr("", &hdr, &hdr_prs, 0);
1301 prs_mem_free(&hdr_prs);
1307 return (hdr.frag_len - RPC_HEADER_LEN);
1310 struct np_read_state {
1311 struct event_context *ev;
1312 struct np_proxy_state *p;
1317 bool is_data_outstanding;
1320 static void np_read_trigger(struct tevent_req *req, void *private_data);
1321 static void np_read_done(struct tevent_req *subreq);
1323 struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev,
1324 struct fake_file_handle *handle,
1325 uint8_t *data, size_t len)
1327 struct tevent_req *req;
1328 struct np_read_state *state;
1331 req = tevent_req_create(mem_ctx, &state, struct np_read_state);
1336 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {
1337 struct pipes_struct *p = talloc_get_type_abort(
1338 handle->private_data, struct pipes_struct);
1340 state->nread = read_from_internal_pipe(
1341 p, (char *)data, len, &state->is_data_outstanding);
1343 status = (state->nread >= 0)
1344 ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;
1348 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) {
1349 struct np_proxy_state *p = talloc_get_type_abort(
1350 handle->private_data, struct np_proxy_state);
1352 if (p->msg != NULL) {
1355 thistime = MIN(talloc_get_size(p->msg) - p->sent,
1358 memcpy(data, p->msg+p->sent, thistime);
1359 state->nread = thistime;
1360 p->sent += thistime;
1362 if (p->sent < talloc_get_size(p->msg)) {
1363 state->is_data_outstanding = true;
1365 state->is_data_outstanding = false;
1366 TALLOC_FREE(p->msg);
1368 status = NT_STATUS_OK;
1377 if (!tevent_queue_add(p->read_queue, ev, req, np_read_trigger,
1384 status = NT_STATUS_INVALID_HANDLE;
1386 if (NT_STATUS_IS_OK(status)) {
1387 tevent_req_done(req);
1389 tevent_req_nterror(req, status);
1391 return tevent_req_post(req, ev);
1397 static void np_read_trigger(struct tevent_req *req, void *private_data)
1399 struct np_read_state *state = tevent_req_data(
1400 req, struct np_read_state);
1401 struct tevent_req *subreq;
1403 subreq = read_packet_send(state, state->ev, state->p->fd,
1404 RPC_HEADER_LEN, rpc_frag_more_fn, NULL);
1405 if (tevent_req_nomem(subreq, req)) {
1408 tevent_req_set_callback(subreq, np_read_done, req);
1411 static void np_read_done(struct tevent_req *subreq)
1413 struct tevent_req *req = tevent_req_callback_data(
1414 subreq, struct tevent_req);
1415 struct np_read_state *state = tevent_req_data(
1416 req, struct np_read_state);
1421 received = read_packet_recv(subreq, state->p, &state->p->msg, &err);
1422 TALLOC_FREE(subreq);
1423 if (received == -1) {
1424 tevent_req_nterror(req, map_nt_error_from_unix(err));
1428 thistime = MIN(received, state->len);
1430 memcpy(state->data, state->p->msg, thistime);
1431 state->p->sent = thistime;
1432 state->nread = thistime;
1434 if (state->p->sent < received) {
1435 state->is_data_outstanding = true;
1437 TALLOC_FREE(state->p->msg);
1438 state->is_data_outstanding = false;
1441 tevent_req_done(req);
1445 NTSTATUS np_read_recv(struct tevent_req *req, ssize_t *nread,
1446 bool *is_data_outstanding)
1448 struct np_read_state *state = tevent_req_data(
1449 req, struct np_read_state);
1452 if (tevent_req_is_nterror(req, &status)) {
1455 *nread = state->nread;
1456 *is_data_outstanding = state->is_data_outstanding;
1457 return NT_STATUS_OK;
1461 * Create a new RPC client context which uses a local dispatch function.
1463 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,
1464 const struct ndr_syntax_id *abstract_syntax,
1465 NTSTATUS (*dispatch) (struct rpc_pipe_client *cli,
1466 TALLOC_CTX *mem_ctx,
1467 const char *interface,
1468 uint32_t interface_version,
1469 uint32_t opnum, void *r),
1470 struct auth_serversupplied_info *serversupplied_info,
1471 struct rpc_pipe_client **presult)
1473 struct rpc_pipe_client *result;
1475 result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
1476 if (result == NULL) {
1477 return NT_STATUS_NO_MEMORY;
1480 result->abstract_syntax = *abstract_syntax;
1481 result->transfer_syntax = ndr_transfer_syntax;
1482 result->dispatch = dispatch;
1484 result->pipes_struct = make_internal_rpc_pipe_p(
1485 result, abstract_syntax, "", serversupplied_info);
1486 if (result->pipes_struct == NULL) {
1487 TALLOC_FREE(result);
1488 return NT_STATUS_NO_MEMORY;
1491 result->max_xmit_frag = -1;
1492 result->max_recv_frag = -1;
1495 return NT_STATUS_OK;
1498 /*******************************************************************
1499 gets a domain user's groups from their already-calculated NT_USER_TOKEN
1500 ********************************************************************/
1502 static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
1503 const DOM_SID *domain_sid,
1505 const DOM_SID *sids,
1507 struct samr_RidWithAttribute **pgids)
1514 for (i=0; i<num_sids; i++) {
1515 struct samr_RidWithAttribute gid;
1516 if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.rid)) {
1519 gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
1521 ADD_TO_ARRAY(mem_ctx, struct samr_RidWithAttribute,
1522 gid, pgids, numgroups);
1523 if (*pgids == NULL) {
1524 return NT_STATUS_NO_MEMORY;
1527 return NT_STATUS_OK;
1530 /****************************************************************************
1531 inits a netr_SamBaseInfo structure from an auth_serversupplied_info.
1532 *****************************************************************************/
1534 static NTSTATUS serverinfo_to_SamInfo_base(TALLOC_CTX *mem_ctx,
1535 struct auth_serversupplied_info *server_info,
1536 uint8_t *pipe_session_key,
1537 size_t pipe_session_key_len,
1538 struct netr_SamBaseInfo *base)
1541 struct samr_RidWithAttribute *gids = NULL;
1542 const DOM_SID *user_sid = NULL;
1543 const DOM_SID *group_sid = NULL;
1545 uint32 user_rid, group_rid;
1549 const char *my_name;
1551 struct netr_UserSessionKey user_session_key;
1552 struct netr_LMSessionKey lm_session_key;
1554 NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
1555 NTTIME allow_password_change, force_password_change;
1556 struct samr_RidWithAttributeArray groups;
1558 struct dom_sid2 *sid = NULL;
1560 ZERO_STRUCT(user_session_key);
1561 ZERO_STRUCT(lm_session_key);
1563 sampw = server_info->sam_account;
1565 user_sid = pdb_get_user_sid(sampw);
1566 group_sid = pdb_get_group_sid(sampw);
1568 if (pipe_session_key && pipe_session_key_len != 16) {
1569 DEBUG(0,("serverinfo_to_SamInfo3: invalid "
1570 "pipe_session_key_len[%zu] != 16\n",
1571 pipe_session_key_len));
1572 return NT_STATUS_INTERNAL_ERROR;
1575 if ((user_sid == NULL) || (group_sid == NULL)) {
1576 DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
1577 return NT_STATUS_UNSUCCESSFUL;
1580 sid_copy(&domain_sid, user_sid);
1581 sid_split_rid(&domain_sid, &user_rid);
1583 sid = sid_dup_talloc(mem_ctx, &domain_sid);
1585 return NT_STATUS_NO_MEMORY;
1588 if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
1589 DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
1590 "%s\n but group sid %s.\n"
1591 "The conflicting domain portions are not "
1592 "supported for NETLOGON calls\n",
1593 pdb_get_domain(sampw),
1594 pdb_get_username(sampw),
1595 sid_string_dbg(user_sid),
1596 sid_string_dbg(group_sid)));
1597 return NT_STATUS_UNSUCCESSFUL;
1600 if(server_info->login_server) {
1601 my_name = server_info->login_server;
1603 my_name = global_myname();
1606 status = nt_token_to_group_list(mem_ctx, &domain_sid,
1607 server_info->num_sids,
1611 if (!NT_STATUS_IS_OK(status)) {
1615 if (server_info->user_session_key.length) {
1616 memcpy(user_session_key.key,
1617 server_info->user_session_key.data,
1618 MIN(sizeof(user_session_key.key),
1619 server_info->user_session_key.length));
1620 if (pipe_session_key) {
1621 arcfour_crypt(user_session_key.key, pipe_session_key, 16);
1624 if (server_info->lm_session_key.length) {
1625 memcpy(lm_session_key.key,
1626 server_info->lm_session_key.data,
1627 MIN(sizeof(lm_session_key.key),
1628 server_info->lm_session_key.length));
1629 if (pipe_session_key) {
1630 arcfour_crypt(lm_session_key.key, pipe_session_key, 8);
1634 groups.count = num_gids;
1635 groups.rids = TALLOC_ARRAY(mem_ctx, struct samr_RidWithAttribute, groups.count);
1637 return NT_STATUS_NO_MEMORY;
1640 for (i=0; i < groups.count; i++) {
1641 groups.rids[i].rid = gids[i].rid;
1642 groups.rids[i].attributes = gids[i].attributes;
1645 unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
1646 unix_to_nt_time(&last_logoff, get_time_t_max());
1647 unix_to_nt_time(&acct_expiry, get_time_t_max());
1648 unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
1649 unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
1650 unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
1652 base->last_logon = last_logon;
1653 base->last_logoff = last_logoff;
1654 base->acct_expiry = acct_expiry;
1655 base->last_password_change = last_password_change;
1656 base->allow_password_change = allow_password_change;
1657 base->force_password_change = force_password_change;
1658 base->account_name.string = talloc_strdup(mem_ctx, pdb_get_username(sampw));
1659 base->full_name.string = talloc_strdup(mem_ctx, pdb_get_fullname(sampw));
1660 base->logon_script.string = talloc_strdup(mem_ctx, pdb_get_logon_script(sampw));
1661 base->profile_path.string = talloc_strdup(mem_ctx, pdb_get_profile_path(sampw));
1662 base->home_directory.string = talloc_strdup(mem_ctx, pdb_get_homedir(sampw));
1663 base->home_drive.string = talloc_strdup(mem_ctx, pdb_get_dir_drive(sampw));
1664 base->logon_count = 0; /* ?? */
1665 base->bad_password_count = 0; /* ?? */
1666 base->rid = user_rid;
1667 base->primary_gid = group_rid;
1668 base->groups = groups;
1669 base->user_flags = NETLOGON_EXTRA_SIDS;
1670 base->key = user_session_key;
1671 base->logon_server.string = talloc_strdup(mem_ctx, my_name);
1672 base->domain.string = talloc_strdup(mem_ctx, pdb_get_domain(sampw));
1673 base->domain_sid = sid;
1674 base->LMSessKey = lm_session_key;
1675 base->acct_flags = pdb_get_acct_ctrl(sampw);
1677 ZERO_STRUCT(user_session_key);
1678 ZERO_STRUCT(lm_session_key);
1680 return NT_STATUS_OK;
1683 /****************************************************************************
1684 inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
1685 already be initialized and is used as the talloc parent for its members.
1686 *****************************************************************************/
1688 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
1689 uint8_t *pipe_session_key,
1690 size_t pipe_session_key_len,
1691 struct netr_SamInfo2 *sam2)
1695 status = serverinfo_to_SamInfo_base(sam2,
1698 pipe_session_key_len,
1700 if (!NT_STATUS_IS_OK(status)) {
1704 return NT_STATUS_OK;
1707 /****************************************************************************
1708 inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
1709 already be initialized and is used as the talloc parent for its members.
1710 *****************************************************************************/
1712 NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
1713 uint8_t *pipe_session_key,
1714 size_t pipe_session_key_len,
1715 struct netr_SamInfo3 *sam3)
1719 status = serverinfo_to_SamInfo_base(sam3,
1722 pipe_session_key_len,
1724 if (!NT_STATUS_IS_OK(status)) {
1731 return NT_STATUS_OK;
1734 /****************************************************************************
1735 inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
1736 already be initialized and is used as the talloc parent for its members.
1737 *****************************************************************************/
1739 NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
1740 uint8_t *pipe_session_key,
1741 size_t pipe_session_key_len,
1742 struct netr_SamInfo6 *sam6)
1745 struct pdb_domain_info *dominfo;
1747 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
1748 DEBUG(10,("Not adding validation info level 6 "
1749 "without ADS passdb backend\n"));
1750 return NT_STATUS_INVALID_INFO_CLASS;
1753 dominfo = pdb_get_domain_info(sam6);
1754 if (dominfo == NULL) {
1755 return NT_STATUS_NO_MEMORY;
1758 status = serverinfo_to_SamInfo_base(sam6,
1761 pipe_session_key_len,
1763 if (!NT_STATUS_IS_OK(status)) {
1770 sam6->forest.string = talloc_strdup(sam6, dominfo->dns_forest);
1771 if (sam6->forest.string == NULL) {
1772 return NT_STATUS_NO_MEMORY;
1775 sam6->principle.string = talloc_asprintf(sam6, "%s@%s",
1776 pdb_get_username(server_info->sam_account),
1777 dominfo->dns_domain);
1778 if (sam6->principle.string == NULL) {
1779 return NT_STATUS_NO_MEMORY;
1782 return NT_STATUS_OK;