2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998,
7 * Copyright (C) Jeremy Allison 1999,
8 * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
37 * ... if you read the docs. or stare at packets for weeks on end.
44 #define DBGC_CLASS DBGC_RPC_SRV
46 /*************************************************************
48 We need to transfer the session key from one rpc bind to the
49 next. This is the way the netlogon schannel works.
50 **************************************************************/
51 struct dcinfo last_dcinfo;
53 static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
55 unsigned char *hash = p->ntlmssp_hash;
56 unsigned char index_i = hash[256];
57 unsigned char index_j = hash[257];
60 for( ind = 0; ind < len; ind++) {
65 index_j += hash[index_i];
68 hash[index_i] = hash[index_j];
71 t = hash[index_i] + hash[index_j];
72 data[ind] = data[ind] ^ hash[t];
79 /*******************************************************************
80 Generate the next PDU to be returned from the data in p->rdata.
81 We cheat here as this function doesn't handle the special auth
82 footers of the authenticated bind response reply.
83 ********************************************************************/
85 BOOL create_next_pdu(pipes_struct *p)
87 RPC_HDR_RESP hdr_resp;
88 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
89 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
90 uint32 ss_padding_len = 0;
92 uint32 data_space_available;
94 prs_struct outgoing_pdu;
98 * If we're in the fault state, keep returning fault PDU's until
99 * the pipe gets closed. JRA.
103 setup_fault_pdu(p, NT_STATUS(0x1c010002));
107 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
109 /* Change the incoming request header to a response. */
110 p->hdr.pkt_type = RPC_RESPONSE;
112 /* Set up rpc header flags. */
113 if (p->out_data.data_sent_length == 0) {
114 p->hdr.flags = RPC_FLG_FIRST;
120 * Work out how much we can fit in a single PDU.
123 data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
124 if(p->ntlmssp_auth_validated) {
125 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
126 } else if(p->netsec_auth_validated) {
127 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
131 * The amount we send is the minimum of the available
132 * space and the amount left to send.
135 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
138 * Ensure there really is data left to send.
142 DEBUG(0,("create_next_pdu: no data left to send !\n"));
146 data_len = MIN(data_len_left, data_space_available);
149 * Set up the alloc hint. This should be the data left to
153 hdr_resp.alloc_hint = data_len_left;
156 * Work out if this PDU will be the last.
159 if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
160 p->hdr.flags |= RPC_FLG_LAST;
161 if ((auth_seal || auth_verify) && (data_len_left % 8)) {
162 ss_padding_len = 8 - (data_len_left % 8);
163 DEBUG(10,("create_next_pdu: adding sign/seal padding of %u\n",
169 * Set up the header lengths.
172 if (p->ntlmssp_auth_validated) {
173 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
174 data_len + ss_padding_len +
175 RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
176 p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
177 } else if (p->netsec_auth_validated) {
178 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN +
179 data_len + ss_padding_len +
180 RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
181 p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
183 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
188 * Init the parse struct to point at the outgoing
192 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
193 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
195 /* Store the header in the data stream. */
196 if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
197 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
198 prs_mem_free(&outgoing_pdu);
202 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
203 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
204 prs_mem_free(&outgoing_pdu);
208 /* Store the current offset. */
209 data_pos = prs_offset(&outgoing_pdu);
211 /* Copy the data into the PDU. */
213 if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
214 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
215 prs_mem_free(&outgoing_pdu);
219 /* Copy the sign/seal padding data. */
220 if (ss_padding_len) {
222 memset(pad, '\0', 8);
223 if (!prs_copy_data_in(&outgoing_pdu, pad, ss_padding_len)) {
224 DEBUG(0,("create_next_pdu: failed to add %u bytes of pad data.\n", (unsigned int)ss_padding_len));
225 prs_mem_free(&outgoing_pdu);
230 if (p->ntlmssp_auth_validated) {
232 * NTLMSSP processing. Mutually exclusive with Schannel.
237 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
238 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len + ss_padding_len, p->hdr.auth_len));
241 * Set data to point to where we copied the data into.
244 data = prs_data_p(&outgoing_pdu) + data_pos;
247 crc32 = crc32_calc_buffer(data, data_len + ss_padding_len);
248 NTLMSSPcalc_p(p, (uchar*)data, data_len + ss_padding_len);
251 if (auth_seal || auth_verify) {
252 RPC_HDR_AUTH auth_info;
254 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE,
255 auth_seal ? RPC_PIPE_AUTH_SEAL_LEVEL : RPC_PIPE_AUTH_SIGN_LEVEL,
256 (auth_verify ? ss_padding_len : 0), (auth_verify ? 1 : 0));
257 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
258 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
259 prs_mem_free(&outgoing_pdu);
265 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
266 char *auth_data = prs_data_p(&outgoing_pdu);
268 p->ntlmssp_seq_num++;
269 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
270 crc32, p->ntlmssp_seq_num++);
271 auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
272 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
273 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
274 prs_mem_free(&outgoing_pdu);
277 NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
279 } else if (p->netsec_auth_validated) {
281 * Schannel processing. Mutually exclusive with NTLMSSP.
283 int auth_type, auth_level;
285 RPC_HDR_AUTH auth_info;
287 RPC_AUTH_NETSEC_CHK verf;
291 data = prs_data_p(&outgoing_pdu) + data_pos;
292 /* Check it's the type of reply we were expecting to decode */
294 get_auth_type_level(p->netsec_auth.auth_flags, &auth_type, &auth_level);
295 init_rpc_hdr_auth(&auth_info, auth_type, auth_level,
298 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
299 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
300 prs_mem_free(&outgoing_pdu);
304 prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
305 prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
307 netsec_encode(&p->netsec_auth,
308 p->netsec_auth.auth_flags,
310 &verf, data, data_len + ss_padding_len);
312 smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
314 p->netsec_auth.seq_num++;
318 * Setup the counts for this PDU.
321 p->out_data.data_sent_length += data_len;
322 p->out_data.current_pdu_len = p->hdr.frag_len;
323 p->out_data.current_pdu_sent = 0;
325 prs_mem_free(&outgoing_pdu);
329 /*******************************************************************
330 Process an NTLMSSP authentication response.
331 If this function succeeds, the user has been authenticated
332 and their domain, name and calling workstation stored in
334 The initial challenge is stored in p->challenge.
335 *******************************************************************/
337 static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
349 struct auth_context *auth_context = NULL;
350 auth_usersupplied_info *user_info = NULL;
351 auth_serversupplied_info *server_info = NULL;
353 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
355 memset(p->user_name, '\0', sizeof(p->user_name));
356 memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
357 memset(p->domain, '\0', sizeof(p->domain));
358 memset(p->wks, '\0', sizeof(p->wks));
360 /* Set up for non-authenticated user. */
361 delete_nt_token(&p->pipe_user.nt_user_token);
362 p->pipe_user.ngroups = 0;
363 SAFE_FREE( p->pipe_user.groups);
366 * Setup an empty password for a guest user.
370 * We always negotiate UNICODE.
373 if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
374 rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
375 rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
376 rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
378 pull_ascii_fstring(user_name, ntlmssp_resp->user);
379 pull_ascii_fstring(domain, ntlmssp_resp->domain);
380 pull_ascii_fstring(wks, ntlmssp_resp->wks);
383 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
385 nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
386 lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
388 memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
389 memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
391 #ifdef DEBUG_PASSWORD
392 DEBUG(100,("lm, nt owfs, chal\n"));
393 dump_data(100, (char *)lm_owf, sizeof(lm_owf));
394 dump_data(100, (char *)nt_owf, nt_pw_len);
395 dump_data(100, (char *)p->challenge, 8);
399 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
405 * Do the length checking only if user is not NULL.
408 if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
410 if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
412 if (ntlmssp_resp->hdr_usr.str_str_len == 0)
414 if (ntlmssp_resp->hdr_domain.str_str_len == 0)
416 if (ntlmssp_resp->hdr_wks.str_str_len == 0)
421 make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
423 if (!make_user_info_netlogon_network(&user_info,
424 user_name, domain, wks,
426 nt_owf, nt_pw_len)) {
427 DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
431 nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
433 (auth_context->free)(&auth_context);
434 free_user_info(&user_info);
436 p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
438 if (!p->ntlmssp_auth_validated) {
439 DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
440 failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
441 free_server_info(&server_info);
446 * Set up the sign/seal data.
449 if (server_info->lm_session_key.length != 16) {
450 DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
451 succeeded authentication on named pipe %s, but session key was of incorrect length [%u].\n",
452 domain, user_name, wks, p->name, server_info->lm_session_key.length));
453 free_server_info(&server_info);
457 NTLMSSPOWFencrypt(server_info->lm_session_key.data, lm_owf, p24);
469 for (ind = 0; ind < 256; ind++)
470 p->ntlmssp_hash[ind] = (unsigned char)ind;
472 for( ind = 0; ind < 256; ind++) {
475 j += (p->ntlmssp_hash[ind] + k2[ind%8]);
477 tc = p->ntlmssp_hash[ind];
478 p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
479 p->ntlmssp_hash[j] = tc;
482 p->ntlmssp_hash[256] = 0;
483 p->ntlmssp_hash[257] = 0;
486 dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
487 sizeof(p->ntlmssp_hash));
489 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
490 p->ntlmssp_seq_num = 0;
494 fstrcpy(p->user_name, user_name);
495 fstrcpy(p->pipe_user_name, server_info->unix_name);
496 fstrcpy(p->domain, domain);
497 fstrcpy(p->wks, wks);
500 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
503 p->session_key = data_blob(server_info->lm_session_key.data, server_info->lm_session_key.length);
505 p->pipe_user.uid = server_info->uid;
506 p->pipe_user.gid = server_info->gid;
508 p->pipe_user.ngroups = server_info->n_groups;
509 if (p->pipe_user.ngroups) {
510 if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
511 DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
512 free_server_info(&server_info);
517 if (server_info->ptok)
518 p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
520 DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
521 p->pipe_user.nt_user_token = NULL;
522 free_server_info(&server_info);
526 p->ntlmssp_auth_validated = True;
528 free_server_info(&server_info);
532 /*******************************************************************
533 The switch table for the pipe names and the functions to handle them.
534 *******************************************************************/
543 struct api_struct *cmds;
547 static struct rpc_table *rpc_lookup;
548 static int rpc_lookup_size;
550 /*******************************************************************
551 This is the client reply to our challenge for an authenticated
552 bind request. The challenge we sent is in p->challenge.
553 *******************************************************************/
555 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
557 RPC_HDR_AUTHA autha_info;
558 RPC_AUTH_VERIFIER auth_verifier;
559 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
561 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
563 if (p->hdr.auth_len == 0) {
564 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
569 * Decode the authentication verifier response.
572 if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
573 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
577 if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL) {
578 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
579 (int)autha_info.auth_type, (int)autha_info.auth_level ));
583 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
584 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
589 * Ensure this is a NTLMSSP_AUTH packet type.
592 if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
593 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
597 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
598 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
603 * The following call actually checks the challenge/response data.
604 * for correctness against the given DOMAIN\user name.
607 if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
615 /*******************************************************************
616 Marshall a bind_nak pdu.
617 *******************************************************************/
619 static BOOL setup_bind_nak(pipes_struct *p)
621 prs_struct outgoing_rpc;
625 /* Free any memory in the current return data buffer. */
626 prs_mem_free(&p->out_data.rdata);
629 * Marshall directly into the outgoing PDU space. We
630 * must do this as we need to set to the bind response
631 * header and are never sending more than one PDU here.
634 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
635 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
639 * Initialize a bind_nak header.
642 init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
643 p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
646 * Marshall the header into the outgoing PDU.
649 if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
650 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
651 prs_mem_free(&outgoing_rpc);
656 * Now add the reject reason.
659 if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
660 prs_mem_free(&outgoing_rpc);
664 p->out_data.data_sent_length = 0;
665 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
666 p->out_data.current_pdu_sent = 0;
668 p->pipe_bound = False;
673 /*******************************************************************
674 Marshall a fault pdu.
675 *******************************************************************/
677 BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
679 prs_struct outgoing_pdu;
681 RPC_HDR_RESP hdr_resp;
682 RPC_HDR_FAULT fault_resp;
684 /* Free any memory in the current return data buffer. */
685 prs_mem_free(&p->out_data.rdata);
688 * Marshall directly into the outgoing PDU space. We
689 * must do this as we need to set to the bind response
690 * header and are never sending more than one PDU here.
693 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
694 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
697 * Initialize a fault header.
700 init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
701 p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
704 * Initialize the HDR_RESP and FAULT parts of the PDU.
707 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
709 fault_resp.status = status;
710 fault_resp.reserved = 0;
713 * Marshall the header into the outgoing PDU.
716 if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
717 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
718 prs_mem_free(&outgoing_pdu);
722 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
723 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
724 prs_mem_free(&outgoing_pdu);
728 if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
729 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
730 prs_mem_free(&outgoing_pdu);
734 p->out_data.data_sent_length = 0;
735 p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
736 p->out_data.current_pdu_sent = 0;
738 prs_mem_free(&outgoing_pdu);
742 /*******************************************************************
743 Ensure a bind request has the correct abstract & transfer interface.
744 Used to reject unknown binds from Win2k.
745 *******************************************************************/
747 BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
748 RPC_IFACE* transfer, uint32 context_id)
750 extern struct pipe_id_info pipe_names[];
751 char *pipe_name = p->name;
755 fstrcpy(pname,"\\PIPE\\");
756 fstrcat(pname,pipe_name);
758 DEBUG(3,("check_bind_req for %s\n", pname));
760 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
762 for ( i=0; pipe_names[i].client_pipe; i++ )
764 if ( strequal(pipe_names[i].client_pipe, pname)
765 && (abstract->version == pipe_names[i].abstr_syntax.version)
766 && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0)
767 && (transfer->version == pipe_names[i].trans_syntax.version)
768 && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) )
770 struct api_struct *fns = NULL;
772 PIPE_RPC_FNS *context_fns;
774 if ( !(context_fns = malloc(sizeof(PIPE_RPC_FNS))) ) {
775 DEBUG(0,("check_bind_req: malloc() failed!\n"));
779 /* save the RPC function table associated with this bind */
781 get_pipe_fns(i, &fns, &n_fns);
783 context_fns->cmds = fns;
784 context_fns->n_cmds = n_fns;
785 context_fns->context_id = context_id;
787 /* add to the list of open contexts */
789 DLIST_ADD( p->contexts, context_fns );
795 if(pipe_names[i].client_pipe == NULL)
801 /*******************************************************************
802 Register commands to an RPC pipe
803 *******************************************************************/
804 NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *srv, const struct api_struct *cmds, int size)
806 struct rpc_table *rpc_entry;
808 if (!clnt || !srv || !cmds) {
809 return NT_STATUS_INVALID_PARAMETER;
812 if (version != SMB_RPC_INTERFACE_VERSION) {
813 DEBUG(0,("Can't register rpc commands!\n"
814 "You tried to register a rpc module with SMB_RPC_INTERFACE_VERSION %d"
815 ", while this version of samba uses version %d!\n",
816 version,SMB_RPC_INTERFACE_VERSION));
817 return NT_STATUS_OBJECT_TYPE_MISMATCH;
822 * we still need to make sure that don't register the same commands twice!!!
827 /* We use a temporary variable because this call can fail and
828 rpc_lookup will still be valid afterwards. It could then succeed if
829 called again later */
830 rpc_entry = realloc(rpc_lookup,
831 ++rpc_lookup_size*sizeof(struct rpc_table));
832 if (NULL == rpc_entry) {
834 DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
835 return NT_STATUS_NO_MEMORY;
837 rpc_lookup = rpc_entry;
840 rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
841 ZERO_STRUCTP(rpc_entry);
842 rpc_entry->pipe.clnt = strdup(clnt);
843 rpc_entry->pipe.srv = strdup(srv);
844 rpc_entry->cmds = realloc(rpc_entry->cmds,
845 (rpc_entry->n_cmds + size) *
846 sizeof(struct api_struct));
847 memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds,
848 size * sizeof(struct api_struct));
849 rpc_entry->n_cmds += size;
854 /*******************************************************************
855 Respond to a pipe bind request.
856 *******************************************************************/
858 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
862 RPC_HDR_AUTH auth_info;
864 fstring ack_pipe_name;
865 prs_struct out_hdr_ba;
867 prs_struct outgoing_rpc;
870 enum RPC_PKT_TYPE reply_pkt_type;
872 p->ntlmssp_auth_requested = False;
873 p->netsec_auth_validated = False;
875 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
878 * Try and find the correct pipe name to ensure
879 * that this is a pipe name we support.
883 for (i = 0; i < rpc_lookup_size; i++) {
884 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
885 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
886 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
887 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
892 if (i == rpc_lookup_size) {
893 if (NT_STATUS_IS_ERR(smb_probe_module("rpc", p->name))) {
894 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
896 if(!setup_bind_nak(p))
901 for (i = 0; i < rpc_lookup_size; i++) {
902 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
903 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
904 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
905 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
910 if (i == rpc_lookup_size) {
911 DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p->name, p->name));
916 /* decode the bind request */
917 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
918 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
923 * Check if this is an authenticated request.
926 if (p->hdr.auth_len != 0) {
927 RPC_AUTH_VERIFIER auth_verifier;
928 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
931 * Decode the authentication verifier.
934 if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
935 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
939 if(auth_info.auth_type == NTLMSSP_AUTH_TYPE) {
941 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
942 DEBUG(0,("api_pipe_bind_req: unable to "
943 "unmarshall RPC_HDR_AUTH struct.\n"));
947 if(!strequal(auth_verifier.signature, "NTLMSSP")) {
948 DEBUG(0,("api_pipe_bind_req: "
949 "auth_verifier.signature != NTLMSSP\n"));
953 if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
954 DEBUG(0,("api_pipe_bind_req: "
955 "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
956 auth_verifier.msg_type));
960 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
961 DEBUG(0,("api_pipe_bind_req: "
962 "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
966 p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
967 p->ntlmssp_auth_requested = True;
969 } else if (auth_info.auth_type == NETSEC_AUTH_TYPE) {
971 RPC_AUTH_NETSEC_NEG neg;
972 struct netsec_auth_struct *a = &(p->netsec_auth);
974 if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) {
975 DEBUG(0,("api_pipe_bind_req: "
976 "Could not unmarshal SCHANNEL auth neg\n"));
980 p->netsec_auth_validated = True;
982 memset(a->sess_key, 0, sizeof(a->sess_key));
983 memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key));
987 DEBUG(10,("schannel auth: domain [%s] myname [%s]\n",
988 neg.domain, neg.myname));
991 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
992 auth_info.auth_type ));
997 switch(p->hdr.pkt_type) {
999 /* name has to be \PIPE\xxxxx */
1000 fstrcpy(ack_pipe_name, "\\PIPE\\");
1001 fstrcat(ack_pipe_name, p->pipe_srv_name);
1002 reply_pkt_type = RPC_BINDACK;
1005 /* secondary address CAN be NULL
1006 * as the specs say it's ignored.
1007 * It MUST NULL to have the spoolss working.
1009 fstrcpy(ack_pipe_name,"");
1010 reply_pkt_type = RPC_ALTCONTRESP;
1016 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
1019 * Marshall directly into the outgoing PDU space. We
1020 * must do this as we need to set to the bind response
1021 * header and are never sending more than one PDU here.
1024 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
1025 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
1028 * Setup the memory to marshall the ba header, and the
1032 if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
1033 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
1034 prs_mem_free(&outgoing_rpc);
1038 if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
1039 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
1040 prs_mem_free(&outgoing_rpc);
1041 prs_mem_free(&out_hdr_ba);
1045 if (p->ntlmssp_auth_requested)
1048 assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
1051 * Create the bind response struct.
1054 /* If the requested abstract synt uuid doesn't match our client pipe,
1055 reject the bind_ack & set the transfer interface synt to all 0's,
1056 ver 0 (observed when NT5 attempts to bind to abstract interfaces
1058 Needed when adding entries to a DACL from NT5 - SK */
1060 if(check_bind_req(p, &hdr_rb.abstract, &hdr_rb.transfer, hdr_rb.context_id ))
1062 init_rpc_hdr_ba(&hdr_ba,
1070 RPC_IFACE null_interface;
1071 ZERO_STRUCT(null_interface);
1072 /* Rejection reason: abstract syntax not supported */
1073 init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
1074 MAX_PDU_FRAG_LEN, assoc_gid,
1075 ack_pipe_name, 0x1, 0x2, 0x1,
1083 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
1084 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
1089 * Now the authentication.
1092 if (p->ntlmssp_auth_requested) {
1093 RPC_AUTH_VERIFIER auth_verifier;
1094 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
1096 generate_random_buffer(p->challenge, 8, False);
1098 /*** Authentication info ***/
1100 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, RPC_HDR_AUTH_LEN, 1);
1101 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1102 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1106 /*** NTLMSSP verifier ***/
1108 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
1109 if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
1110 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1114 /* NTLMSSP challenge ***/
1116 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
1117 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
1118 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
1122 /* Auth len in the rpc header doesn't include auth_header. */
1123 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1126 if (p->netsec_auth_validated) {
1127 RPC_AUTH_VERIFIER auth_verifier;
1130 /* The client opens a second RPC NETLOGON pipe without
1131 doing a auth2. The credentials for the schannel are
1132 re-used from the auth2 the client did before. */
1133 p->dc = last_dcinfo;
1135 init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, auth_info.auth_level, RPC_HDR_AUTH_LEN, 1);
1136 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1137 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1141 /*** NETSEC verifier ***/
1143 init_rpc_auth_verifier(&auth_verifier, "\001", 0x0);
1144 if(!smb_io_rpc_netsec_verifier("", &auth_verifier, &out_auth, 0)) {
1145 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1149 prs_align(&out_auth);
1152 if(!prs_uint32("flags ", &out_auth, 0, &flags))
1155 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1159 * Create the header, now we know the length.
1162 init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
1164 RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
1168 * Marshall the header into the outgoing PDU.
1171 if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
1172 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1177 * Now add the RPC_HDR_BA and any auth needed.
1180 if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
1181 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1185 if((p->ntlmssp_auth_requested|p->netsec_auth_validated) &&
1186 !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
1187 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1191 if(!p->ntlmssp_auth_requested)
1192 p->pipe_bound = True;
1195 * Setup the lengths for the initial reply.
1198 p->out_data.data_sent_length = 0;
1199 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1200 p->out_data.current_pdu_sent = 0;
1202 prs_mem_free(&out_hdr_ba);
1203 prs_mem_free(&out_auth);
1209 prs_mem_free(&outgoing_rpc);
1210 prs_mem_free(&out_hdr_ba);
1211 prs_mem_free(&out_auth);
1215 /****************************************************************************
1216 Deal with sign & seal processing on an RPC request.
1217 ****************************************************************************/
1219 BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1222 * We always negotiate the following two bits....
1224 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1225 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1231 auth_len = p->hdr.auth_len;
1233 if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1234 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1239 * The following is that length of the data we must verify or unseal.
1240 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1241 * preceeding the auth_data.
1244 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1245 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1247 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1248 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1252 * The data in rpc_in doesn't contain the RPC_HEADER as this
1253 * has already been consumed.
1255 char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1256 dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
1257 sizeof(p->ntlmssp_hash));
1259 dump_data_pw("Incoming RPC PDU (NTLMSSP sealed)\n",
1260 (const unsigned char *)data, data_len);
1261 NTLMSSPcalc_p(p, (uchar*)data, data_len);
1262 dump_data_pw("Incoming RPC PDU (NTLMSSP unsealed)\n",
1263 (const unsigned char *)data, data_len);
1264 crc32 = crc32_calc_buffer(data, data_len);
1267 old_offset = prs_offset(rpc_in);
1269 if (auth_seal || auth_verify) {
1270 RPC_HDR_AUTH auth_info;
1272 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1273 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1274 (unsigned int)old_offset + data_len ));
1278 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1279 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1285 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1286 char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1288 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1291 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1294 if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1295 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1296 RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1300 NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1301 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1302 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1306 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1307 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1313 * Return the current pointer to the data offset.
1316 if(!prs_set_offset(rpc_in, old_offset)) {
1317 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1318 (unsigned int)old_offset ));
1325 /****************************************************************************
1326 Deal with schannel processing on an RPC request.
1327 ****************************************************************************/
1328 BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
1331 * We always negotiate the following two bits....
1336 RPC_HDR_AUTH auth_info;
1337 RPC_AUTH_NETSEC_CHK netsec_chk;
1340 auth_len = p->hdr.auth_len;
1342 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
1343 DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
1348 * The following is that length of the data we must verify or unseal.
1349 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1350 * preceeding the auth_data.
1353 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1354 RPC_HDR_AUTH_LEN - auth_len;
1356 DEBUG(5,("data %d auth %d\n", data_len, auth_len));
1358 old_offset = prs_offset(rpc_in);
1360 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1361 DEBUG(0,("cannot move offset to %u.\n",
1362 (unsigned int)old_offset + data_len ));
1366 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1367 DEBUG(0,("failed to unmarshall RPC_HDR_AUTH.\n"));
1371 if (auth_info.auth_type != NETSEC_AUTH_TYPE) {
1372 DEBUG(0,("Invalid auth info %d on schannel\n",
1373 auth_info.auth_type));
1377 if (auth_info.auth_level == RPC_PIPE_AUTH_SEAL_LEVEL) {
1378 p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL;
1379 } else if (auth_info.auth_level == RPC_PIPE_AUTH_SIGN_LEVEL) {
1380 p->netsec_auth.auth_flags = AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN;
1382 DEBUG(0,("Invalid auth level %d on schannel\n",
1383 auth_info.auth_level));
1387 if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
1388 DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
1392 if (!netsec_decode(&p->netsec_auth,
1393 p->netsec_auth.auth_flags,
1394 SENDER_IS_INITIATOR,
1396 prs_data_p(rpc_in)+old_offset, data_len)) {
1397 DEBUG(0,("failed to decode PDU\n"));
1402 * Return the current pointer to the data offset.
1405 if(!prs_set_offset(rpc_in, old_offset)) {
1406 DEBUG(0,("failed to set offset back to %u\n",
1407 (unsigned int)old_offset ));
1411 /* The sequence number gets incremented on both send and receive. */
1412 p->netsec_auth.seq_num++;
1417 /****************************************************************************
1418 Return a user struct for a pipe user.
1419 ****************************************************************************/
1421 struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1423 if (p->ntlmssp_auth_validated) {
1424 memcpy(user, &p->pipe_user, sizeof(struct current_user));
1426 extern struct current_user current_user;
1427 memcpy(user, ¤t_user, sizeof(struct current_user));
1433 /****************************************************************************
1434 Find the set of RPC functions associated with this context_id
1435 ****************************************************************************/
1437 static PIPE_RPC_FNS* find_pipe_fns_by_context( PIPE_RPC_FNS *list, uint32 context_id )
1439 PIPE_RPC_FNS *fns = NULL;
1440 PIPE_RPC_FNS *tmp = NULL;
1443 DEBUG(0,("find_pipe_fns_by_context: ERROR! No context list for pipe!\n"));
1447 for (tmp=list; tmp; tmp=tmp->next ) {
1448 if ( tmp->context_id == context_id )
1457 /****************************************************************************
1459 ****************************************************************************/
1461 void free_pipe_rpc_context( PIPE_RPC_FNS *list )
1463 PIPE_RPC_FNS *tmp = list;
1475 /****************************************************************************
1476 Find the correct RPC function to call for this request.
1477 If the pipe is authenticated then become the correct UNIX user
1478 before doing the call.
1479 ****************************************************************************/
1481 BOOL api_pipe_request(pipes_struct *p)
1484 PIPE_RPC_FNS *pipe_fns;
1486 if (p->ntlmssp_auth_validated) {
1488 if(!become_authenticated_pipe_user(p)) {
1489 prs_mem_free(&p->out_data.rdata);
1494 DEBUG(5, ("Requested \\PIPE\\%s\n", p->name));
1496 /* get the set of RPC functions for this context */
1498 pipe_fns = find_pipe_fns_by_context(p->contexts, p->hdr_req.context_id);
1501 set_current_rpc_talloc(p->mem_ctx);
1502 ret = api_rpcTNP(p, p->name, pipe_fns->cmds, pipe_fns->n_cmds);
1503 set_current_rpc_talloc(NULL);
1506 DEBUG(0,("api_pipe_request: No rpc function table associated with context [%d] on pipe [%s]\n",
1507 p->hdr_req.context_id, p->name));
1510 if(p->ntlmssp_auth_validated)
1511 unbecome_authenticated_pipe_user();
1516 /*******************************************************************
1517 Calls the underlying RPC function for a named pipe.
1518 ********************************************************************/
1520 BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
1521 const struct api_struct *api_rpc_cmds, int n_cmds)
1525 uint32 offset1, offset2;
1527 /* interpret the command */
1528 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1530 slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1531 prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1533 for (fn_num = 0; fn_num < n_cmds; fn_num++) {
1534 if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1535 DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
1540 if (fn_num == n_cmds) {
1542 * For an unknown RPC just return a fault PDU but
1543 * return True to allow RPC's on the pipe to continue
1544 * and not put the pipe into fault state. JRA.
1546 DEBUG(4, ("unknown\n"));
1547 setup_fault_pdu(p, NT_STATUS(0x1c010002));
1551 offset1 = prs_offset(&p->out_data.rdata);
1553 DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1554 fn_num, api_rpc_cmds[fn_num].fn));
1555 /* do the actual command */
1556 if(!api_rpc_cmds[fn_num].fn(p)) {
1557 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1558 prs_mem_free(&p->out_data.rdata);
1562 if (p->bad_handle_fault_state) {
1563 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1564 p->bad_handle_fault_state = False;
1565 setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1569 slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1570 offset2 = prs_offset(&p->out_data.rdata);
1571 prs_set_offset(&p->out_data.rdata, offset1);
1572 prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1573 prs_set_offset(&p->out_data.rdata, offset2);
1575 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1577 /* Check for buffer underflow in rpc parsing */
1579 if ((DEBUGLEVEL >= 10) &&
1580 (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1581 size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1584 data = malloc(data_len);
1586 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1588 prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);
1597 /*******************************************************************
1598 *******************************************************************/
1600 void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
1602 struct api_struct *cmds = NULL;
1607 lsa_get_pipe_fns( &cmds, &n_cmds );
1610 lsa_ds_get_pipe_fns( &cmds, &n_cmds );
1613 samr_get_pipe_fns( &cmds, &n_cmds );
1616 netlog_get_pipe_fns( &cmds, &n_cmds );
1619 srvsvc_get_pipe_fns( &cmds, &n_cmds );
1622 wkssvc_get_pipe_fns( &cmds, &n_cmds );
1625 reg_get_pipe_fns( &cmds, &n_cmds );
1628 spoolss_get_pipe_fns( &cmds, &n_cmds );
1631 netdfs_get_pipe_fns( &cmds, &n_cmds );
1635 echo_get_pipe_fns( &cmds, &n_cmds );
1639 DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx));