2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998,
7 * Copyright (C) Jeremy Allison 1999,
8 * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
37 * ... if you read the docs. or stare at packets for weeks on end.
44 #define DBGC_CLASS DBGC_RPC_SRV
46 /*************************************************************
48 We need to transfer the session key from one rpc bind to the
49 next. This is the way the netlogon schannel works.
50 **************************************************************/
51 struct dcinfo last_dcinfo;
53 static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
55 unsigned char *hash = p->ntlmssp_hash;
56 unsigned char index_i = hash[256];
57 unsigned char index_j = hash[257];
60 for( ind = 0; ind < len; ind++) {
65 index_j += hash[index_i];
68 hash[index_i] = hash[index_j];
71 t = hash[index_i] + hash[index_j];
72 data[ind] = data[ind] ^ hash[t];
79 /*******************************************************************
80 Generate the next PDU to be returned from the data in p->rdata.
81 We cheat here as this function doesn't handle the special auth
82 footers of the authenticated bind response reply.
83 ********************************************************************/
85 BOOL create_next_pdu(pipes_struct *p)
87 RPC_HDR_RESP hdr_resp;
88 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
89 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
91 uint32 data_space_available;
93 prs_struct outgoing_pdu;
97 * If we're in the fault state, keep returning fault PDU's until
98 * the pipe gets closed. JRA.
102 setup_fault_pdu(p, NT_STATUS(0x1c010002));
106 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
108 /* Change the incoming request header to a response. */
109 p->hdr.pkt_type = RPC_RESPONSE;
111 /* Set up rpc header flags. */
112 if (p->out_data.data_sent_length == 0)
113 p->hdr.flags = RPC_FLG_FIRST;
118 * Work out how much we can fit in a single PDU.
121 data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
122 if(p->ntlmssp_auth_validated)
123 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
125 if(p->netsec_auth_validated)
126 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
129 * The amount we send is the minimum of the available
130 * space and the amount left to send.
133 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
136 * Ensure there really is data left to send.
140 DEBUG(0,("create_next_pdu: no data left to send !\n"));
144 data_len = MIN(data_len_left, data_space_available);
147 * Set up the alloc hint. This should be the data left to
151 hdr_resp.alloc_hint = data_len_left;
154 * Set up the header lengths.
157 if (p->ntlmssp_auth_validated) {
158 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
159 RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
160 p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
161 } else if (p->netsec_auth_validated) {
162 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
163 RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
164 p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
166 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
171 * Work out if this PDU will be the last.
174 if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata))
175 p->hdr.flags |= RPC_FLG_LAST;
178 * Init the parse struct to point at the outgoing
182 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
183 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
185 /* Store the header in the data stream. */
186 if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
187 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
188 prs_mem_free(&outgoing_pdu);
192 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
193 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
194 prs_mem_free(&outgoing_pdu);
198 /* Store the current offset. */
199 data_pos = prs_offset(&outgoing_pdu);
201 /* Copy the data into the PDU. */
203 if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
204 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
205 prs_mem_free(&outgoing_pdu);
209 if (p->ntlmssp_auth_validated) {
213 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
214 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
217 * Set data to point to where we copied the data into.
220 data = prs_data_p(&outgoing_pdu) + data_pos;
223 crc32 = crc32_calc_buffer(data, data_len);
224 NTLMSSPcalc_p(p, (uchar*)data, data_len);
227 if (auth_seal || auth_verify) {
228 RPC_HDR_AUTH auth_info;
230 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL,
231 (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0));
232 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
233 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
234 prs_mem_free(&outgoing_pdu);
240 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
241 char *auth_data = prs_data_p(&outgoing_pdu);
243 p->ntlmssp_seq_num++;
244 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
245 crc32, p->ntlmssp_seq_num++);
246 auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
247 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
248 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
249 prs_mem_free(&outgoing_pdu);
252 NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
256 if (p->netsec_auth_validated) {
257 int auth_type, auth_level;
259 RPC_HDR_AUTH auth_info;
261 RPC_AUTH_NETSEC_CHK verf;
265 data = prs_data_p(&outgoing_pdu) + data_pos;
266 /* Check it's the type of reply we were expecting to decode */
268 get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level);
269 init_rpc_hdr_auth(&auth_info, auth_type, auth_level,
270 RPC_HDR_AUTH_LEN, 1);
272 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
273 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
274 prs_mem_free(&outgoing_pdu);
278 prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
279 prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
281 netsec_encode(&p->netsec_auth,
282 p->netsec_auth.auth_flags,
284 &verf, data, data_len);
286 smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
288 p->netsec_auth.seq_num++;
292 * Setup the counts for this PDU.
295 p->out_data.data_sent_length += data_len;
296 p->out_data.current_pdu_len = p->hdr.frag_len;
297 p->out_data.current_pdu_sent = 0;
299 prs_mem_free(&outgoing_pdu);
303 /*******************************************************************
304 Process an NTLMSSP authentication response.
305 If this function succeeds, the user has been authenticated
306 and their domain, name and calling workstation stored in
308 The initial challenge is stored in p->challenge.
309 *******************************************************************/
311 static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
323 struct auth_context *auth_context = NULL;
324 auth_usersupplied_info *user_info = NULL;
325 auth_serversupplied_info *server_info = NULL;
327 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
329 memset(p->user_name, '\0', sizeof(p->user_name));
330 memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
331 memset(p->domain, '\0', sizeof(p->domain));
332 memset(p->wks, '\0', sizeof(p->wks));
334 /* Set up for non-authenticated user. */
335 delete_nt_token(&p->pipe_user.nt_user_token);
336 p->pipe_user.ngroups = 0;
337 SAFE_FREE( p->pipe_user.groups);
340 * Setup an empty password for a guest user.
344 * We always negotiate UNICODE.
347 if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
348 rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
349 rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
350 rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
352 pull_ascii_fstring(user_name, ntlmssp_resp->user);
353 pull_ascii_fstring(domain, ntlmssp_resp->domain);
354 pull_ascii_fstring(wks, ntlmssp_resp->wks);
357 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
359 nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
360 lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
362 memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
363 memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
365 #ifdef DEBUG_PASSWORD
366 DEBUG(100,("lm, nt owfs, chal\n"));
367 dump_data(100, (char *)lm_owf, sizeof(lm_owf));
368 dump_data(100, (char *)nt_owf, nt_pw_len);
369 dump_data(100, (char *)p->challenge, 8);
373 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
379 * Do the length checking only if user is not NULL.
382 if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
384 if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
386 if (ntlmssp_resp->hdr_usr.str_str_len == 0)
388 if (ntlmssp_resp->hdr_domain.str_str_len == 0)
390 if (ntlmssp_resp->hdr_wks.str_str_len == 0)
395 make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
397 if (!make_user_info_netlogon_network(&user_info,
398 user_name, domain, wks,
400 nt_owf, nt_pw_len)) {
401 DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
405 nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
407 (auth_context->free)(&auth_context);
408 free_user_info(&user_info);
410 p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
412 if (!p->ntlmssp_auth_validated) {
413 DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
414 failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
415 free_server_info(&server_info);
420 * Set up the sign/seal data.
425 NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24);
437 for (ind = 0; ind < 256; ind++)
438 p->ntlmssp_hash[ind] = (unsigned char)ind;
440 for( ind = 0; ind < 256; ind++) {
443 j += (p->ntlmssp_hash[ind] + k2[ind%8]);
445 tc = p->ntlmssp_hash[ind];
446 p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
447 p->ntlmssp_hash[j] = tc;
450 p->ntlmssp_hash[256] = 0;
451 p->ntlmssp_hash[257] = 0;
454 dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
455 sizeof(p->ntlmssp_hash));
457 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
458 p->ntlmssp_seq_num = 0;
462 fstrcpy(p->user_name, user_name);
463 fstrcpy(p->pipe_user_name, server_info->unix_name);
464 fstrcpy(p->domain, domain);
465 fstrcpy(p->wks, wks);
468 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
471 memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
473 p->pipe_user.uid = server_info->uid;
474 p->pipe_user.gid = server_info->gid;
476 p->pipe_user.ngroups = server_info->n_groups;
477 if (p->pipe_user.ngroups) {
478 if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
479 DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
480 free_server_info(&server_info);
485 if (server_info->ptok)
486 p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
488 DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
489 p->pipe_user.nt_user_token = NULL;
490 free_server_info(&server_info);
494 p->ntlmssp_auth_validated = True;
496 free_server_info(&server_info);
500 /*******************************************************************
501 The switch table for the pipe names and the functions to handle them.
502 *******************************************************************/
511 struct api_struct *cmds;
515 static struct rpc_table *rpc_lookup;
516 static int rpc_lookup_size;
518 /*******************************************************************
519 This is the client reply to our challenge for an authenticated
520 bind request. The challenge we sent is in p->challenge.
521 *******************************************************************/
523 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
525 RPC_HDR_AUTHA autha_info;
526 RPC_AUTH_VERIFIER auth_verifier;
527 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
529 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
531 if (p->hdr.auth_len == 0) {
532 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
537 * Decode the authentication verifier response.
540 if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
541 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
545 if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL) {
546 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
547 (int)autha_info.auth_type, (int)autha_info.auth_level ));
551 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
552 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
557 * Ensure this is a NTLMSSP_AUTH packet type.
560 if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
561 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
565 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
566 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
571 * The following call actually checks the challenge/response data.
572 * for correctness against the given DOMAIN\user name.
575 if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
583 /*******************************************************************
584 Marshall a bind_nak pdu.
585 *******************************************************************/
587 static BOOL setup_bind_nak(pipes_struct *p)
589 prs_struct outgoing_rpc;
593 /* Free any memory in the current return data buffer. */
594 prs_mem_free(&p->out_data.rdata);
597 * Marshall directly into the outgoing PDU space. We
598 * must do this as we need to set to the bind response
599 * header and are never sending more than one PDU here.
602 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
603 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
607 * Initialize a bind_nak header.
610 init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
611 p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
614 * Marshall the header into the outgoing PDU.
617 if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
618 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
619 prs_mem_free(&outgoing_rpc);
624 * Now add the reject reason.
627 if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
628 prs_mem_free(&outgoing_rpc);
632 p->out_data.data_sent_length = 0;
633 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
634 p->out_data.current_pdu_sent = 0;
636 p->pipe_bound = False;
641 /*******************************************************************
642 Marshall a fault pdu.
643 *******************************************************************/
645 BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
647 prs_struct outgoing_pdu;
649 RPC_HDR_RESP hdr_resp;
650 RPC_HDR_FAULT fault_resp;
652 /* Free any memory in the current return data buffer. */
653 prs_mem_free(&p->out_data.rdata);
656 * Marshall directly into the outgoing PDU space. We
657 * must do this as we need to set to the bind response
658 * header and are never sending more than one PDU here.
661 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
662 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
665 * Initialize a fault header.
668 init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
669 p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
672 * Initialize the HDR_RESP and FAULT parts of the PDU.
675 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
677 fault_resp.status = status;
678 fault_resp.reserved = 0;
681 * Marshall the header into the outgoing PDU.
684 if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
685 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
686 prs_mem_free(&outgoing_pdu);
690 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
691 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
692 prs_mem_free(&outgoing_pdu);
696 if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
697 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
698 prs_mem_free(&outgoing_pdu);
702 p->out_data.data_sent_length = 0;
703 p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
704 p->out_data.current_pdu_sent = 0;
706 prs_mem_free(&outgoing_pdu);
710 /*******************************************************************
711 Ensure a bind request has the correct abstract & transfer interface.
712 Used to reject unknown binds from Win2k.
713 *******************************************************************/
715 BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
716 RPC_IFACE* transfer, uint32 context_id)
718 extern struct pipe_id_info pipe_names[];
719 char *pipe_name = p->name;
723 fstrcpy(pname,"\\PIPE\\");
724 fstrcat(pname,pipe_name);
726 DEBUG(3,("check_bind_req for %s\n", pname));
728 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
730 for ( i=0; pipe_names[i].client_pipe; i++ )
732 if ( strequal(pipe_names[i].client_pipe, pname)
733 && (abstract->version == pipe_names[i].abstr_syntax.version)
734 && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0)
735 && (transfer->version == pipe_names[i].trans_syntax.version)
736 && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) )
738 struct api_struct *fns = NULL;
740 PIPE_RPC_FNS *context_fns;
742 if ( !(context_fns = malloc(sizeof(PIPE_RPC_FNS))) ) {
743 DEBUG(0,("check_bind_req: malloc() failed!\n"));
747 /* save the RPC function table associated with this bind */
749 get_pipe_fns(i, &fns, &n_fns);
751 context_fns->cmds = fns;
752 context_fns->n_cmds = n_fns;
753 context_fns->context_id = context_id;
755 /* add to the list of open contexts */
757 DLIST_ADD( p->contexts, context_fns );
763 if(pipe_names[i].client_pipe == NULL)
769 /*******************************************************************
770 Register commands to an RPC pipe
771 *******************************************************************/
772 NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *srv, const struct api_struct *cmds, int size)
774 struct rpc_table *rpc_entry;
776 if (!clnt || !srv || !cmds) {
777 return NT_STATUS_INVALID_PARAMETER;
780 if (version != SMB_RPC_INTERFACE_VERSION) {
781 DEBUG(0,("Can't register rpc commands!\n"
782 "You tried to register a rpc module with SMB_RPC_INTERFACE_VERSION %d"
783 ", while this version of samba uses version %d!\n",
784 version,SMB_RPC_INTERFACE_VERSION));
785 return NT_STATUS_OBJECT_TYPE_MISMATCH;
790 * we still need to make sure that don't register the same commands twice!!!
795 /* We use a temporary variable because this call can fail and
796 rpc_lookup will still be valid afterwards. It could then succeed if
797 called again later */
798 rpc_entry = realloc(rpc_lookup,
799 ++rpc_lookup_size*sizeof(struct rpc_table));
800 if (NULL == rpc_entry) {
802 DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
803 return NT_STATUS_NO_MEMORY;
805 rpc_lookup = rpc_entry;
808 rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
809 ZERO_STRUCTP(rpc_entry);
810 rpc_entry->pipe.clnt = strdup(clnt);
811 rpc_entry->pipe.srv = strdup(srv);
812 rpc_entry->cmds = realloc(rpc_entry->cmds,
813 (rpc_entry->n_cmds + size) *
814 sizeof(struct api_struct));
815 memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds,
816 size * sizeof(struct api_struct));
817 rpc_entry->n_cmds += size;
822 /*******************************************************************
823 Respond to a pipe bind request.
824 *******************************************************************/
826 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
830 RPC_HDR_AUTH auth_info;
832 fstring ack_pipe_name;
833 prs_struct out_hdr_ba;
835 prs_struct outgoing_rpc;
838 enum RPC_PKT_TYPE reply_pkt_type;
840 p->ntlmssp_auth_requested = False;
841 p->netsec_auth_validated = False;
843 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
846 * Try and find the correct pipe name to ensure
847 * that this is a pipe name we support.
851 for (i = 0; i < rpc_lookup_size; i++) {
852 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
853 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
854 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
855 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
860 if (i == rpc_lookup_size) {
861 if (NT_STATUS_IS_ERR(smb_probe_module("rpc", p->name))) {
862 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
864 if(!setup_bind_nak(p))
869 for (i = 0; i < rpc_lookup_size; i++) {
870 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
871 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
872 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
873 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
878 if (i == rpc_lookup_size) {
879 DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p->name, p->name));
884 /* decode the bind request */
885 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
886 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
891 * Check if this is an authenticated request.
894 if (p->hdr.auth_len != 0) {
895 RPC_AUTH_VERIFIER auth_verifier;
896 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
899 * Decode the authentication verifier.
902 if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
903 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
907 if(auth_info.auth_type == NTLMSSP_AUTH_TYPE) {
909 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
910 DEBUG(0,("api_pipe_bind_req: unable to "
911 "unmarshall RPC_HDR_AUTH struct.\n"));
915 if(!strequal(auth_verifier.signature, "NTLMSSP")) {
916 DEBUG(0,("api_pipe_bind_req: "
917 "auth_verifier.signature != NTLMSSP\n"));
921 if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
922 DEBUG(0,("api_pipe_bind_req: "
923 "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
924 auth_verifier.msg_type));
928 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
929 DEBUG(0,("api_pipe_bind_req: "
930 "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
934 p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
935 p->ntlmssp_auth_requested = True;
937 } else if (auth_info.auth_type == NETSEC_AUTH_TYPE) {
939 RPC_AUTH_NETSEC_NEG neg;
940 struct netsec_auth_struct *a = &(p->netsec_auth);
942 if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) {
943 DEBUG(0,("api_pipe_bind_req: "
944 "Could not unmarshal SCHANNEL auth neg\n"));
948 p->netsec_auth_validated = True;
950 memset(a->sess_key, 0, sizeof(a->sess_key));
951 memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key));
955 DEBUG(10,("schannel auth: domain [%s] myname [%s]\n",
956 neg.domain, neg.myname));
959 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
960 auth_info.auth_type ));
965 switch(p->hdr.pkt_type) {
967 /* name has to be \PIPE\xxxxx */
968 fstrcpy(ack_pipe_name, "\\PIPE\\");
969 fstrcat(ack_pipe_name, p->pipe_srv_name);
970 reply_pkt_type = RPC_BINDACK;
973 /* secondary address CAN be NULL
974 * as the specs say it's ignored.
975 * It MUST NULL to have the spoolss working.
977 fstrcpy(ack_pipe_name,"");
978 reply_pkt_type = RPC_ALTCONTRESP;
984 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
987 * Marshall directly into the outgoing PDU space. We
988 * must do this as we need to set to the bind response
989 * header and are never sending more than one PDU here.
992 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
993 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
996 * Setup the memory to marshall the ba header, and the
1000 if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
1001 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
1002 prs_mem_free(&outgoing_rpc);
1006 if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
1007 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
1008 prs_mem_free(&outgoing_rpc);
1009 prs_mem_free(&out_hdr_ba);
1013 if (p->ntlmssp_auth_requested)
1016 assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
1019 * Create the bind response struct.
1022 /* If the requested abstract synt uuid doesn't match our client pipe,
1023 reject the bind_ack & set the transfer interface synt to all 0's,
1024 ver 0 (observed when NT5 attempts to bind to abstract interfaces
1026 Needed when adding entries to a DACL from NT5 - SK */
1028 if(check_bind_req(p, &hdr_rb.abstract, &hdr_rb.transfer, hdr_rb.context_id ))
1030 init_rpc_hdr_ba(&hdr_ba,
1038 RPC_IFACE null_interface;
1039 ZERO_STRUCT(null_interface);
1040 /* Rejection reason: abstract syntax not supported */
1041 init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
1042 MAX_PDU_FRAG_LEN, assoc_gid,
1043 ack_pipe_name, 0x1, 0x2, 0x1,
1051 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
1052 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
1057 * Now the authentication.
1060 if (p->ntlmssp_auth_requested) {
1061 RPC_AUTH_VERIFIER auth_verifier;
1062 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
1064 generate_random_buffer(p->challenge, 8, False);
1066 /*** Authentication info ***/
1068 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, RPC_HDR_AUTH_LEN, 1);
1069 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1070 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1074 /*** NTLMSSP verifier ***/
1076 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
1077 if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
1078 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1082 /* NTLMSSP challenge ***/
1084 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
1085 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
1086 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
1090 /* Auth len in the rpc header doesn't include auth_header. */
1091 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1094 if (p->netsec_auth_validated) {
1095 RPC_AUTH_VERIFIER auth_verifier;
1098 /* The client opens a second RPC NETLOGON pipe without
1099 doing a auth2. The credentials for the schannel are
1100 re-used from the auth2 the client did before. */
1101 p->dc = last_dcinfo;
1103 init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, RPC_HDR_AUTH_LEN, 1);
1104 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1105 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1109 /*** NETSEC verifier ***/
1111 init_rpc_auth_verifier(&auth_verifier, "\001", 0x0);
1112 if(!smb_io_rpc_netsec_verifier("", &auth_verifier, &out_auth, 0)) {
1113 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1117 prs_align(&out_auth);
1120 if(!prs_uint32("flags ", &out_auth, 0, &flags))
1123 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1127 * Create the header, now we know the length.
1130 init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
1132 RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
1136 * Marshall the header into the outgoing PDU.
1139 if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
1140 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1145 * Now add the RPC_HDR_BA and any auth needed.
1148 if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
1149 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1153 if((p->ntlmssp_auth_requested|p->netsec_auth_validated) &&
1154 !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
1155 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1159 if(!p->ntlmssp_auth_requested)
1160 p->pipe_bound = True;
1163 * Setup the lengths for the initial reply.
1166 p->out_data.data_sent_length = 0;
1167 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1168 p->out_data.current_pdu_sent = 0;
1170 prs_mem_free(&out_hdr_ba);
1171 prs_mem_free(&out_auth);
1177 prs_mem_free(&outgoing_rpc);
1178 prs_mem_free(&out_hdr_ba);
1179 prs_mem_free(&out_auth);
1183 /****************************************************************************
1184 Deal with sign & seal processing on an RPC request.
1185 ****************************************************************************/
1187 BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1190 * We always negotiate the following two bits....
1192 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1193 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1199 auth_len = p->hdr.auth_len;
1201 if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1202 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1207 * The following is that length of the data we must verify or unseal.
1208 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1209 * preceeding the auth_data.
1212 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1213 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1215 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1216 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1220 * The data in rpc_in doesn't contain the RPC_HEADER as this
1221 * has already been consumed.
1223 char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1224 dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
1225 sizeof(p->ntlmssp_hash));
1227 dump_data_pw("Incoming RPC PDU (NTLMSSP sealed)\n",
1228 (const unsigned char *)data, data_len);
1229 NTLMSSPcalc_p(p, (uchar*)data, data_len);
1230 dump_data_pw("Incoming RPC PDU (NTLMSSP unsealed)\n",
1231 (const unsigned char *)data, data_len);
1232 crc32 = crc32_calc_buffer(data, data_len);
1235 old_offset = prs_offset(rpc_in);
1237 if (auth_seal || auth_verify) {
1238 RPC_HDR_AUTH auth_info;
1240 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1241 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1242 (unsigned int)old_offset + data_len ));
1246 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1247 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1253 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1254 char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1256 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1259 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1262 if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1263 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1264 RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1268 NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1269 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1270 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1274 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1275 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1281 * Return the current pointer to the data offset.
1284 if(!prs_set_offset(rpc_in, old_offset)) {
1285 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1286 (unsigned int)old_offset ));
1293 /****************************************************************************
1294 Deal with schannel processing on an RPC request.
1295 ****************************************************************************/
1296 BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
1299 * We always negotiate the following two bits....
1304 RPC_HDR_AUTH auth_info;
1305 RPC_AUTH_NETSEC_CHK netsec_chk;
1308 auth_len = p->hdr.auth_len;
1310 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
1311 DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
1316 * The following is that length of the data we must verify or unseal.
1317 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1318 * preceeding the auth_data.
1321 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1322 RPC_HDR_AUTH_LEN - auth_len;
1324 DEBUG(5,("data %d auth %d\n", data_len, auth_len));
1326 old_offset = prs_offset(rpc_in);
1328 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1329 DEBUG(0,("cannot move offset to %u.\n",
1330 (unsigned int)old_offset + data_len ));
1334 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1335 DEBUG(0,("failed to unmarshall RPC_HDR_AUTH.\n"));
1339 if (auth_info.auth_type != NETSEC_AUTH_TYPE) {
1340 DEBUG(0,("Invalid auth info %d on schannel\n",
1341 auth_info.auth_type));
1345 if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) {
1346 p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
1347 } else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) {
1348 p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN;
1350 DEBUG(0,("Invalid auth level %d on schannel\n",
1351 auth_info.auth_level));
1355 if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
1356 DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
1360 if (!netsec_decode(&p->netsec_auth,
1361 p->netsec_auth.auth_flags,
1362 SENDER_IS_INITIATOR,
1364 prs_data_p(rpc_in)+old_offset, data_len)) {
1365 DEBUG(0,("failed to decode PDU\n"));
1370 * Return the current pointer to the data offset.
1373 if(!prs_set_offset(rpc_in, old_offset)) {
1374 DEBUG(0,("failed to set offset back to %u\n",
1375 (unsigned int)old_offset ));
1379 /* The sequence number gets incremented on both send and receive. */
1380 p->netsec_auth.seq_num++;
1385 /****************************************************************************
1386 Return a user struct for a pipe user.
1387 ****************************************************************************/
1389 struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1391 if (p->ntlmssp_auth_validated) {
1392 memcpy(user, &p->pipe_user, sizeof(struct current_user));
1394 extern struct current_user current_user;
1395 memcpy(user, ¤t_user, sizeof(struct current_user));
1401 /****************************************************************************
1402 Find the set of RPC functions associated with this context_id
1403 ****************************************************************************/
1405 static PIPE_RPC_FNS* find_pipe_fns_by_context( PIPE_RPC_FNS *list, uint32 context_id )
1407 PIPE_RPC_FNS *fns = NULL;
1408 PIPE_RPC_FNS *tmp = NULL;
1411 DEBUG(0,("find_pipe_fns_by_context: ERROR! No context list for pipe!\n"));
1415 for (tmp=list; tmp; tmp=tmp->next ) {
1416 if ( tmp->context_id == context_id )
1425 /****************************************************************************
1427 ****************************************************************************/
1429 void free_pipe_rpc_context( PIPE_RPC_FNS *list )
1431 PIPE_RPC_FNS *tmp = list;
1443 /****************************************************************************
1444 Find the correct RPC function to call for this request.
1445 If the pipe is authenticated then become the correct UNIX user
1446 before doing the call.
1447 ****************************************************************************/
1449 BOOL api_pipe_request(pipes_struct *p)
1452 PIPE_RPC_FNS *pipe_fns;
1454 if (p->ntlmssp_auth_validated) {
1456 if(!become_authenticated_pipe_user(p)) {
1457 prs_mem_free(&p->out_data.rdata);
1462 DEBUG(5, ("Requested \\PIPE\\%s\n", p->name));
1464 /* get the set of RPC functions for this context */
1466 pipe_fns = find_pipe_fns_by_context(p->contexts, p->hdr_req.context_id);
1469 set_current_rpc_talloc(p->mem_ctx);
1470 ret = api_rpcTNP(p, p->name, pipe_fns->cmds, pipe_fns->n_cmds);
1471 set_current_rpc_talloc(NULL);
1474 DEBUG(0,("api_pipe_request: No rpc function table associated with context [%d] on pipe [%s]\n",
1475 p->hdr_req.context_id, p->name));
1478 if(p->ntlmssp_auth_validated)
1479 unbecome_authenticated_pipe_user();
1484 /*******************************************************************
1485 Calls the underlying RPC function for a named pipe.
1486 ********************************************************************/
1488 BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
1489 const struct api_struct *api_rpc_cmds, int n_cmds)
1493 uint32 offset1, offset2;
1495 /* interpret the command */
1496 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1498 slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1499 prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1501 for (fn_num = 0; fn_num < n_cmds; fn_num++) {
1502 if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1503 DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
1508 if (fn_num == n_cmds) {
1510 * For an unknown RPC just return a fault PDU but
1511 * return True to allow RPC's on the pipe to continue
1512 * and not put the pipe into fault state. JRA.
1514 DEBUG(4, ("unknown\n"));
1515 setup_fault_pdu(p, NT_STATUS(0x1c010002));
1519 offset1 = prs_offset(&p->out_data.rdata);
1521 DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1522 fn_num, api_rpc_cmds[fn_num].fn));
1523 /* do the actual command */
1524 if(!api_rpc_cmds[fn_num].fn(p)) {
1525 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1526 prs_mem_free(&p->out_data.rdata);
1530 if (p->bad_handle_fault_state) {
1531 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1532 p->bad_handle_fault_state = False;
1533 setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1537 slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1538 offset2 = prs_offset(&p->out_data.rdata);
1539 prs_set_offset(&p->out_data.rdata, offset1);
1540 prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1541 prs_set_offset(&p->out_data.rdata, offset2);
1543 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1545 /* Check for buffer underflow in rpc parsing */
1547 if ((DEBUGLEVEL >= 10) &&
1548 (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1549 size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1552 data = malloc(data_len);
1554 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1556 prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);
1565 /*******************************************************************
1566 *******************************************************************/
1568 void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
1570 struct api_struct *cmds = NULL;
1575 lsa_get_pipe_fns( &cmds, &n_cmds );
1578 lsa_ds_get_pipe_fns( &cmds, &n_cmds );
1581 samr_get_pipe_fns( &cmds, &n_cmds );
1584 netlog_get_pipe_fns( &cmds, &n_cmds );
1587 srvsvc_get_pipe_fns( &cmds, &n_cmds );
1590 wkssvc_get_pipe_fns( &cmds, &n_cmds );
1593 reg_get_pipe_fns( &cmds, &n_cmds );
1596 spoolss_get_pipe_fns( &cmds, &n_cmds );
1599 netdfs_get_pipe_fns( &cmds, &n_cmds );
1603 echo_get_pipe_fns( &cmds, &n_cmds );
1607 epm_get_pipe_fns( &cmds, &n_cmds );
1610 DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx));