Cosmetics: make check_bind_req() debug statements a little nicer.

[gd/samba/.git] / source / rpc_server / srv_pipe.c

diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index c213ec556a3fa0fb8cc254c4a56602f713da1adb..19c8db053359518495f97cdc7396eadb4c087273 100644 (file)
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -55,7 +55,7 @@ static DATA_BLOB generic_session_key(void)
  Handle NTLMSSP.
  ********************************************************************/
 
-static BOOL create_next_pdu_ntlmssp(pipes_struct *p)
+static bool create_next_pdu_ntlmssp(pipes_struct *p)
 {
        RPC_HDR_RESP hdr_resp;
        uint32 ss_padding_len = 0;
@@ -272,7 +272,7 @@ static BOOL create_next_pdu_ntlmssp(pipes_struct *p)
  Return an schannel authenticated fragment.
  ********************************************************************/
 
-static BOOL create_next_pdu_schannel(pipes_struct *p)
+static bool create_next_pdu_schannel(pipes_struct *p)
 {
        RPC_HDR_RESP hdr_resp;
        uint32 ss_padding_len = 0;
@@ -450,7 +450,7 @@ static BOOL create_next_pdu_schannel(pipes_struct *p)
  No authentication done.
 ********************************************************************/
 
-static BOOL create_next_pdu_noauth(pipes_struct *p)
+static bool create_next_pdu_noauth(pipes_struct *p)
 {
        RPC_HDR_RESP hdr_resp;
        uint32 data_len;
@@ -571,7 +571,7 @@ static BOOL create_next_pdu_noauth(pipes_struct *p)
  Generate the next PDU to be returned from the data in p->rdata. 
 ********************************************************************/
 
-BOOL create_next_pdu(pipes_struct *p)
+bool create_next_pdu(pipes_struct *p)
 {
        switch(p->auth.auth_level) {
                case PIPE_AUTH_LEVEL_NONE:
@@ -604,7 +604,7 @@ BOOL create_next_pdu(pipes_struct *p)
  the pipe struct.
 *******************************************************************/
 
-static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
+static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 {
        DATA_BLOB reply;
        NTSTATUS status;
@@ -714,7 +714,7 @@ struct rpc_table {
                const char *clnt;
                const char *srv;
        } pipe;
-       struct api_struct *cmds;
+       const struct api_struct *cmds;
        int n_cmds;
 };
 
@@ -725,7 +725,7 @@ static int rpc_lookup_size;
  This is the "stage3" NTLMSSP response after a bind request and reply.
 *******************************************************************/
 
-BOOL api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
+bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
 {
        RPC_HDR_AUTH auth_info;
        uint32 pad;
@@ -797,7 +797,7 @@ BOOL api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
  Marshall a bind_nak pdu.
 *******************************************************************/
 
-static BOOL setup_bind_nak(pipes_struct *p)
+static bool setup_bind_nak(pipes_struct *p)
 {
        prs_struct outgoing_rpc;
        RPC_HDR nak_hdr;
@@ -859,7 +859,7 @@ static BOOL setup_bind_nak(pipes_struct *p)
  Marshall a fault pdu.
 *******************************************************************/
 
-BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
+bool setup_fault_pdu(pipes_struct *p, NTSTATUS status)
 {
        prs_struct outgoing_pdu;
        RPC_HDR fault_hdr;
@@ -930,7 +930,7 @@ BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
  We should probably check the auth-verifier here.
 *******************************************************************/
 
-BOOL setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
+bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
 {
        prs_struct outgoing_pdu;
        RPC_HDR ack_reply_hdr;
@@ -978,7 +978,7 @@ BOOL setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
  Used to reject unknown binds from Win2k.
 *******************************************************************/
 
-BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
+bool check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
                     RPC_IFACE* transfer, uint32 context_id)
 {
        char *pipe_name = p->name;
@@ -993,7 +993,7 @@ BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
        /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
                
        for ( i=0; pipe_names[i].client_pipe; i++ ) {
-               DEBUG(10,("checking %s\n", pipe_names[i].client_pipe));
+               DEBUGADD(10,("checking %s\n", pipe_names[i].client_pipe));
                if ( strequal(pipe_names[i].client_pipe, pname)
                        && (abstract->version == pipe_names[i].abstr_syntax.version) 
                        && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct GUID)) == 0)
@@ -1075,12 +1075,8 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s
         ZERO_STRUCTP(rpc_entry);
         rpc_entry->pipe.clnt = SMB_STRDUP(clnt);
         rpc_entry->pipe.srv = SMB_STRDUP(srv);
-        rpc_entry->cmds = SMB_REALLOC_ARRAY(rpc_entry->cmds, struct api_struct, rpc_entry->n_cmds + size);
-       if (!rpc_entry->cmds) {
-               return NT_STATUS_NO_MEMORY;
-       }
-        memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds, size * sizeof(struct api_struct));
-        rpc_entry->n_cmds += size;
+        rpc_entry->cmds = cmds;
+        rpc_entry->n_cmds = size;
         
         return NT_STATUS_OK;
 }
@@ -1089,7 +1085,7 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s
  Handle a SPNEGO krb5 bind auth.
 *******************************************************************/
 
-static BOOL pipe_spnego_auth_bind_kerberos(pipes_struct *p, prs_struct *rpc_in_p, RPC_HDR_AUTH *pauth_info,
+static bool pipe_spnego_auth_bind_kerberos(pipes_struct *p, prs_struct *rpc_in_p, RPC_HDR_AUTH *pauth_info,
                DATA_BLOB *psecblob, prs_struct *pout_auth)
 {
        return False;
@@ -1099,7 +1095,7 @@ static BOOL pipe_spnego_auth_bind_kerberos(pipes_struct *p, prs_struct *rpc_in_p
  Handle the first part of a SPNEGO bind auth.
 *******************************************************************/
 
-static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_p,
+static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_p,
                                        RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
        DATA_BLOB blob;
@@ -1109,7 +1105,7 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
        char *OIDs[ASN1_MAX_OIDS];
         int i;
        NTSTATUS status;
-        BOOL got_kerberos_mechanism = False;
+        bool got_kerberos_mechanism = false;
        AUTH_NTLMSSP_STATE *a = NULL;
        RPC_HDR_AUTH auth_info;
 
@@ -1137,7 +1133,7 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
         }
 
        if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) {
-               got_kerberos_mechanism = True;
+               got_kerberos_mechanism = true;
        }
 
        for (i=0;OIDs[i];i++) {
@@ -1147,7 +1143,7 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
        DEBUG(3,("pipe_spnego_auth_bind_negotiate: Got secblob of size %lu\n", (unsigned long)secblob.length));
 
        if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || lp_use_kerberos_keytab()) ) {
-               BOOL ret = pipe_spnego_auth_bind_kerberos(p, rpc_in_p, pauth_info, &secblob, pout_auth);
+               bool ret = pipe_spnego_auth_bind_kerberos(p, rpc_in_p, pauth_info, &secblob, pout_auth);
                data_blob_free(&secblob);
                data_blob_free(&blob);
                return ret;
@@ -1158,27 +1154,38 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
                free_pipe_ntlmssp_auth_data(&p->auth);
        }
 
-       /* Initialize the NTLM engine. */
-       status = auth_ntlmssp_start(&a);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto err;
-       }
+       if (!got_kerberos_mechanism) {
+               /* Initialize the NTLM engine. */
+               status = auth_ntlmssp_start(&a);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto err;
+               }
 
-       /*
-        * Pass the first security blob of data to it.
-        * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
-        * which means we need another packet to complete the bind.
-        */
+               /*
+                * Pass the first security blob of data to it.
+                * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
+                * which means we need another packet to complete the bind.
+                */
 
-        status = auth_ntlmssp_update(a, secblob, &chal);
+               status = auth_ntlmssp_update(a, secblob, &chal);
 
-       if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-               DEBUG(3,("pipe_spnego_auth_bind_negotiate: auth_ntlmssp_update failed.\n"));
-               goto err;
-       }
+               if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+                       DEBUG(3,("pipe_spnego_auth_bind_negotiate: auth_ntlmssp_update failed.\n"));
+                       goto err;
+               }
 
-       /* Generate the response blob we need for step 2 of the bind. */
-       response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+               /* Generate the response blob we need for step 2 of the bind. */
+               response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+       } else {
+               /*
+                * SPNEGO negotiate down to NTLMSSP. The subsequent
+                * code to process follow-up packets is not complete
+                * yet. JRA.
+                */
+               response = spnego_gen_auth_response(NULL,
+                                       NT_STATUS_MORE_PROCESSING_REQUIRED,
+                                       OID_NTLMSSP);
+       }
 
        /* Copy the blob into the pout_auth parse struct */
        init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
@@ -1220,7 +1227,7 @@ static BOOL pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
  Handle the second part of a SPNEGO bind auth.
 *******************************************************************/
 
-static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p,
+static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p,
                                        RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
        RPC_HDR_AUTH auth_info;
@@ -1235,6 +1242,10 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
        ZERO_STRUCT(auth_reply);
        ZERO_STRUCT(response);
 
+       /*
+        * NB. If we've negotiated down from krb5 to NTLMSSP we'll currently
+        * fail here as 'a' == NULL.
+        */
        if (p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP || !a) {
                DEBUG(0,("pipe_spnego_auth_bind_continue: not in NTLMSSP auth state.\n"));
                goto err;
@@ -1263,7 +1274,7 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
         * The following call actually checks the challenge/response data.
         * for correctness against the given DOMAIN\user name.
         */
-       
+
        if (!pipe_ntlmssp_verify_final(p, &auth_blob)) {
                goto err;
        }
@@ -1310,13 +1321,13 @@ static BOOL pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
  Handle an schannel bind auth.
 *******************************************************************/
 
-static BOOL pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
+static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
                                        RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
        RPC_HDR_AUTH auth_info;
        RPC_AUTH_SCHANNEL_NEG neg;
        RPC_AUTH_VERIFIER auth_verifier;
-       BOOL ret;
+       bool ret;
        struct dcinfo *pdcinfo;
        uint32 flags;
 
@@ -1410,7 +1421,7 @@ static BOOL pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
  Handle an NTLMSSP bind auth.
 *******************************************************************/
 
-static BOOL pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
+static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
                                        RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
        RPC_HDR_AUTH auth_info;
@@ -1491,7 +1502,7 @@ static BOOL pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
  Respond to a pipe bind request.
 *******************************************************************/
 
-BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
+bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
 {
        RPC_HDR_BA hdr_ba;
        RPC_HDR_RB hdr_rb;
@@ -1771,7 +1782,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
  SPNEGO calls.
 ****************************************************************************/
 
-BOOL api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
+bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
 {
        RPC_HDR_BA hdr_ba;
        RPC_HDR_RB hdr_rb;
@@ -1962,7 +1973,7 @@ BOOL api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
  Deal with NTLMSSP sign & seal processing on an RPC request.
 ****************************************************************************/
 
-BOOL api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
+bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
                                        uint32 *p_ss_padding_len, NTSTATUS *pstatus)
 {
        RPC_HDR_AUTH auth_info;
@@ -2078,7 +2089,7 @@ BOOL api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
  Deal with schannel processing on an RPC request.
 ****************************************************************************/
 
-BOOL api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len)
+bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len)
 {
        uint32 data_len;
        uint32 auth_len;
@@ -2230,10 +2241,10 @@ void free_pipe_rpc_context( PIPE_RPC_FNS *list )
  before doing the call.
 ****************************************************************************/
 
-BOOL api_pipe_request(pipes_struct *p)
+bool api_pipe_request(pipes_struct *p)
 {
-       BOOL ret = False;
-       BOOL changed_user = False;
+       bool ret = False;
+       bool changed_user = False;
        PIPE_RPC_FNS *pipe_fns;
        
        if (p->pipe_bound &&
@@ -2273,7 +2284,7 @@ BOOL api_pipe_request(pipes_struct *p)
  Calls the underlying RPC function for a named pipe.
  ********************************************************************/
 
-BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name, 
+bool api_rpcTNP(pipes_struct *p, const char *rpc_name, 
                const struct api_struct *api_rpc_cmds, int n_cmds)
 {
        int fn_num;
@@ -2365,16 +2376,16 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
 
        switch ( idx ) {
                case PI_LSARPC:
-                       lsa_get_pipe_fns( &cmds, &n_cmds );
+                       lsarpc_get_pipe_fns( &cmds, &n_cmds );
                        break;
-               case PI_LSARPC_DS:
-                       lsa_ds_get_pipe_fns( &cmds, &n_cmds );
+               case PI_DSSETUP:
+                       dssetup_get_pipe_fns( &cmds, &n_cmds );
                        break;
                case PI_SAMR:
                        samr_get_pipe_fns( &cmds, &n_cmds );
                        break;
                case PI_NETLOGON:
-                       netlog_get_pipe_fns( &cmds, &n_cmds );
+                       netlogon_get_pipe_fns( &cmds, &n_cmds );
                        break;
                case PI_SRVSVC:
                        srvsvc2_get_pipe_fns( &cmds, &n_cmds );
@@ -2398,7 +2409,7 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
                        eventlog2_get_pipe_fns( &cmds, &n_cmds );
                        break;
                case PI_NTSVCS:
-                       ntsvcs_get_pipe_fns( &cmds, &n_cmds );
+                       ntsvcs2_get_pipe_fns( &cmds, &n_cmds );
                        break;
 #ifdef DEVELOPER
                case PI_RPCECHO: