#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/cli_epmapper.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
+#include "../libcli/auth/schannel.h"
+#include "../libcli/auth/schannel_proto.h"
+#include "../libcli/auth/spnego.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
-/*******************************************************************
-interface/version dce/rpc pipe identification
-********************************************************************/
-
-#define PIPE_SRVSVC "\\PIPE\\srvsvc"
-#define PIPE_SAMR "\\PIPE\\samr"
-#define PIPE_WINREG "\\PIPE\\winreg"
-#define PIPE_WKSSVC "\\PIPE\\wkssvc"
-#define PIPE_NETLOGON "\\PIPE\\NETLOGON"
-#define PIPE_NTLSA "\\PIPE\\ntlsa"
-#define PIPE_NTSVCS "\\PIPE\\ntsvcs"
-#define PIPE_LSASS "\\PIPE\\lsass"
-#define PIPE_LSARPC "\\PIPE\\lsarpc"
-#define PIPE_SPOOLSS "\\PIPE\\spoolss"
-#define PIPE_NETDFS "\\PIPE\\netdfs"
-#define PIPE_ECHO "\\PIPE\\rpcecho"
-#define PIPE_SHUTDOWN "\\PIPE\\initshutdown"
-#define PIPE_EPM "\\PIPE\\epmapper"
-#define PIPE_SVCCTL "\\PIPE\\svcctl"
-#define PIPE_EVENTLOG "\\PIPE\\eventlog"
-#define PIPE_EPMAPPER "\\PIPE\\epmapper"
-#define PIPE_DRSUAPI "\\PIPE\\drsuapi"
+static const char *get_pipe_name_from_iface(
+ TALLOC_CTX *mem_ctx, const struct ndr_interface_table *interface)
+{
+ int i;
+ const struct ndr_interface_string_array *ep = interface->endpoints;
+ char *p;
-/*
- * IMPORTANT!! If you update this structure, make sure to
- * update the index #defines in smb.h.
- */
+ for (i=0; i<ep->count; i++) {
+ if (strncmp(ep->names[i], "ncacn_np:[\\pipe\\", 16) == 0) {
+ break;
+ }
+ }
+ if (i == ep->count) {
+ return NULL;
+ }
-static const struct pipe_id_info {
- /* the names appear not to matter: the syntaxes _do_ matter */
-
- const char *client_pipe;
- const struct ndr_syntax_id *abstr_syntax; /* this one is the abstract syntax id */
-} pipe_names [] =
-{
- { PIPE_LSARPC, &ndr_table_lsarpc.syntax_id },
- { PIPE_LSARPC, &ndr_table_dssetup.syntax_id },
- { PIPE_SAMR, &ndr_table_samr.syntax_id },
- { PIPE_NETLOGON, &ndr_table_netlogon.syntax_id },
- { PIPE_SRVSVC, &ndr_table_srvsvc.syntax_id },
- { PIPE_WKSSVC, &ndr_table_wkssvc.syntax_id },
- { PIPE_WINREG, &ndr_table_winreg.syntax_id },
- { PIPE_SPOOLSS, &ndr_table_spoolss.syntax_id },
- { PIPE_NETDFS, &ndr_table_netdfs.syntax_id },
- { PIPE_ECHO, &ndr_table_rpcecho.syntax_id },
- { PIPE_SHUTDOWN, &ndr_table_initshutdown.syntax_id },
- { PIPE_SVCCTL, &ndr_table_svcctl.syntax_id },
- { PIPE_EVENTLOG, &ndr_table_eventlog.syntax_id },
- { PIPE_NTSVCS, &ndr_table_ntsvcs.syntax_id },
- { PIPE_EPMAPPER, &ndr_table_epmapper.syntax_id },
- { PIPE_DRSUAPI, &ndr_table_drsuapi.syntax_id },
- { NULL, NULL }
-};
+ /*
+ * extract the pipe name without \\pipe from for example
+ * ncacn_np:[\\pipe\\epmapper]
+ */
+ p = strchr(ep->names[i]+15, ']');
+ if (p == NULL) {
+ return "PIPE";
+ }
+ return talloc_strndup(mem_ctx, ep->names[i]+15, p - ep->names[i] - 15);
+}
+
+static const struct ndr_interface_table **interfaces;
+
+bool smb_register_ndr_interface(const struct ndr_interface_table *interface)
+{
+ int num_interfaces = talloc_array_length(interfaces);
+ const struct ndr_interface_table **tmp;
+ int i;
+
+ for (i=0; i<num_interfaces; i++) {
+ if (ndr_syntax_id_equal(&interfaces[i]->syntax_id,
+ &interface->syntax_id)) {
+ return true;
+ }
+ }
+
+ tmp = talloc_realloc(NULL, interfaces,
+ const struct ndr_interface_table *,
+ num_interfaces + 1);
+ if (tmp == NULL) {
+ DEBUG(1, ("smb_register_ndr_interface: talloc failed\n"));
+ return false;
+ }
+ interfaces = tmp;
+ interfaces[num_interfaces] = interface;
+ return true;
+}
+
+static bool initialize_interfaces(void)
+{
+ if (!smb_register_ndr_interface(&ndr_table_lsarpc)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_dssetup)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_samr)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_netlogon)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_srvsvc)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_wkssvc)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_winreg)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_spoolss)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_netdfs)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_rpcecho)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_initshutdown)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_svcctl)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_eventlog)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_epmapper)) {
+ return false;
+ }
+ if (!smb_register_ndr_interface(&ndr_table_drsuapi)) {
+ return false;
+ }
+ return true;
+}
+
+const struct ndr_interface_table *get_iface_from_syntax(
+ const struct ndr_syntax_id *syntax)
+{
+ int num_interfaces;
+ int i;
+
+ if (interfaces == NULL) {
+ if (!initialize_interfaces()) {
+ return NULL;
+ }
+ }
+ num_interfaces = talloc_array_length(interfaces);
+
+ for (i=0; i<num_interfaces; i++) {
+ if (ndr_syntax_id_equal(&interfaces[i]->syntax_id, syntax)) {
+ return interfaces[i];
+ }
+ }
+
+ return NULL;
+}
/****************************************************************************
Return the pipe name from the interface.
****************************************************************************/
-const char *get_pipe_name_from_iface(const struct ndr_syntax_id *interface)
+const char *get_pipe_name_from_syntax(TALLOC_CTX *mem_ctx,
+ const struct ndr_syntax_id *syntax)
{
+ const struct ndr_interface_table *interface;
char *guid_str;
const char *result;
- int i;
- for (i = 0; pipe_names[i].client_pipe; i++) {
- if (ndr_syntax_id_equal(pipe_names[i].abstr_syntax,
- interface)) {
- return &pipe_names[i].client_pipe[5];
+
+ interface = get_iface_from_syntax(syntax);
+ if (interface != NULL) {
+ result = get_pipe_name_from_iface(mem_ctx, interface);
+ if (result != NULL) {
+ return result;
}
}
* interested in the known pipes mentioned in pipe_names[]
*/
- guid_str = GUID_string(talloc_tos(), &interface->uuid);
+ guid_str = GUID_string(talloc_tos(), &syntax->uuid);
if (guid_str == NULL) {
return NULL;
}
- result = talloc_asprintf(talloc_tos(), "Interface %s.%d", guid_str,
- (int)interface->if_version);
+ result = talloc_asprintf(mem_ctx, "Interface %s.%d", guid_str,
+ (int)syntax->if_version);
TALLOC_FREE(guid_str);
if (result == NULL) {
switch (auth_type) {
case PIPE_AUTH_TYPE_NONE:
- return RPC_ANONYMOUS_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_NONE;
case PIPE_AUTH_TYPE_NTLMSSP:
- return RPC_NTLMSSP_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_NTLMSSP;
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
- return RPC_SPNEGO_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_SPNEGO;
case PIPE_AUTH_TYPE_SCHANNEL:
- return RPC_SCHANNEL_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_SCHANNEL;
case PIPE_AUTH_TYPE_KRB5:
- return RPC_KRB5_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_KRB5;
default:
DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe "
DATA_BLOB auth_blob;
NTSTATUS status;
- if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
- || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
auth_blob.length = auth_len;
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
status = ntlmssp_unseal_packet(ntlmssp_state,
data, data_len,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unseal "
"packet from %s. Error was %s.\n",
- rpccli_pipe_txt(debug_ctx(), cli),
+ rpccli_pipe_txt(talloc_tos(), cli),
nt_errstr(status) ));
return status;
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_check_packet(ntlmssp_state,
data, data_len,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_pipe_verify_ntlmssp: check signing failed on "
"packet from %s. Error was %s.\n",
- rpccli_pipe_txt(debug_ctx(), cli),
+ rpccli_pipe_txt(talloc_tos(), cli),
nt_errstr(status) ));
return status;
}
uint8 *p_ss_padding_len)
{
RPC_HDR_AUTH auth_info;
- RPC_AUTH_SCHANNEL_CHK schannel_chk;
uint32 auth_len = prhdr->auth_len;
uint32 save_offset = prs_offset(current_pdu);
- struct schannel_auth_struct *schannel_auth =
+ struct schannel_state *schannel_auth =
cli->auth->a_u.schannel_auth;
+ uint8_t *data;
uint32 data_len;
+ DATA_BLOB blob;
+ NTSTATUS status;
- if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
- || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
return NT_STATUS_BUFFER_TOO_SMALL;
}
- if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) {
+ if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("cli_pipe_verify_schannel: Invalid auth info %d on schannel\n",
auth_info.auth_type));
return NT_STATUS_BUFFER_TOO_SMALL;
}
- if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &schannel_chk, current_pdu, 0)) {
- DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
+ blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), auth_len);
+
+ if (DEBUGLEVEL >= 10) {
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
- if (!schannel_decode(schannel_auth,
- cli->auth->auth_level,
- SENDER_IS_ACCEPTOR,
- &schannel_chk,
- prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
- data_len)) {
+ data = (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN;
+
+ switch (cli->auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = netsec_incoming_packet(schannel_auth,
+ talloc_tos(),
+ true,
+ data,
+ data_len,
+ &blob);
+ break;
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ status = netsec_incoming_packet(schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len,
+ &blob);
+ break;
+ default:
+ status = NT_STATUS_INTERNAL_ERROR;
+ break;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(3,("cli_pipe_verify_schannel: failed to decode PDU "
- "Connection to %s.\n",
- rpccli_pipe_txt(debug_ctx(), cli)));
+ "Connection to %s (%s).\n",
+ rpccli_pipe_txt(talloc_tos(), cli),
+ nt_errstr(status)));
return NT_STATUS_INVALID_PARAMETER;
}
- /* The sequence number gets incremented on both send and receive. */
- schannel_auth->seq_num++;
-
/*
* Return the current pointer to the data offset.
*/
DEBUG(3, ("cli_pipe_validate_rpc_response: "
"Connection to %s - got non-zero "
"auth len %u.\n",
- rpccli_pipe_txt(debug_ctx(), cli),
+ rpccli_pipe_txt(talloc_tos(), cli),
(unsigned int)prhdr->auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
default:
DEBUG(3, ("cli_pipe_validate_rpc_response: Connection "
"to %s - unknown internal auth type %u.\n",
- rpccli_pipe_txt(debug_ctx(), cli),
+ rpccli_pipe_txt(talloc_tos(), cli),
cli->auth->auth_type ));
return NT_STATUS_INVALID_INFO_CLASS;
}
/* Ensure we have the correct type. */
switch (prhdr->pkt_type) {
- case RPC_ALTCONTRESP:
- case RPC_BINDACK:
+ case DCERPC_PKT_ALTER_RESP:
+ case DCERPC_PKT_BIND_ACK:
/* Alter context and bind ack share the same packet definitions. */
break;
- case RPC_RESPONSE:
+ case DCERPC_PKT_RESPONSE:
{
RPC_HDR_RESP rhdr_resp;
uint8 ss_padding_len = 0;
break;
}
- case RPC_BINDNACK:
+ case DCERPC_PKT_BIND_NAK:
DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK "
"received from %s!\n",
- rpccli_pipe_txt(debug_ctx(), cli)));
+ rpccli_pipe_txt(talloc_tos(), cli)));
/* Use this for now... */
return NT_STATUS_NETWORK_ACCESS_DENIED;
- case RPC_FAULT:
+ case DCERPC_PKT_FAULT:
{
RPC_HDR_RESP rhdr_resp;
RPC_HDR_FAULT fault_resp;
DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault "
"code %s received from %s!\n",
- dcerpc_errstr(debug_ctx(), NT_STATUS_V(fault_resp.status)),
- rpccli_pipe_txt(debug_ctx(), cli)));
+ dcerpc_errstr(talloc_tos(), NT_STATUS_V(fault_resp.status)),
+ rpccli_pipe_txt(talloc_tos(), cli)));
if (NT_STATUS_IS_OK(fault_resp.status)) {
return NT_STATUS_UNSUCCESSFUL;
} else {
DEBUG(0, ("cli_pipe_validate_current_pdu: unknown packet type %u received "
"from %s!\n",
(unsigned int)prhdr->pkt_type,
- rpccli_pipe_txt(debug_ctx(), cli)));
+ rpccli_pipe_txt(talloc_tos(), cli)));
return NT_STATUS_INVALID_INFO_CLASS;
}
if (prhdr->pkt_type != expected_pkt_type) {
DEBUG(3, ("cli_pipe_validate_current_pdu: Connection to %s "
"got an unexpected RPC packet type - %u, not %u\n",
- rpccli_pipe_txt(debug_ctx(), cli),
+ rpccli_pipe_txt(talloc_tos(), cli),
prhdr->pkt_type,
expected_pkt_type));
return NT_STATUS_INVALID_INFO_CLASS;
data before now as we may have needed to do cryptographic actions on
it before. */
- if ((prhdr->pkt_type == RPC_BINDACK) && !(prhdr->flags & RPC_FLG_LAST)) {
+ if ((prhdr->pkt_type == DCERPC_PKT_BIND_ACK) && !(prhdr->flags & DCERPC_PFC_FLAG_LAST)) {
DEBUG(5,("cli_pipe_validate_current_pdu: bug in server (AS/U?), "
"setting fragment first/last ON.\n"));
- prhdr->flags |= RPC_FLG_FIRST|RPC_FLG_LAST;
+ prhdr->flags |= DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST;
}
return NT_STATUS_OK;
goto post_status;
}
- DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(debug_ctx(), cli)));
+ DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(talloc_tos(), cli)));
max_recv_frag = cli->max_recv_frag;
-#ifdef DEVELOPER
+#if 0
max_recv_frag = RPC_HEADER_LEN + 10 + (sys_random() % 32);
#endif
if (rdata == NULL) {
DEBUG(3,("rpc_api_pipe: %s failed to return data.\n",
- rpccli_pipe_txt(debug_ctx(), state->cli)));
+ rpccli_pipe_txt(talloc_tos(), state->cli)));
tevent_req_done(req);
return;
}
return;
}
- if ((state->rhdr.flags & RPC_FLG_FIRST)
+ if ((state->rhdr.flags & DCERPC_PFC_FLAG_FIRST)
&& (state->rhdr.pack_type[0] == 0)) {
/*
* Set the data type correctly for big-endian data on the
*/
DEBUG(10,("rpc_api_pipe: On %s PDU data format is "
"big-endian.\n",
- rpccli_pipe_txt(debug_ctx(), state->cli)));
+ rpccli_pipe_txt(talloc_tos(), state->cli)));
prs_set_endian_data(&state->incoming_pdu, RPC_BIG_ENDIAN);
}
/*
return;
}
- if (state->rhdr.flags & RPC_FLG_LAST) {
+ if (state->rhdr.flags & DCERPC_PFC_FLAG_LAST) {
DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n",
- rpccli_pipe_txt(debug_ctx(), state->cli),
+ rpccli_pipe_txt(talloc_tos(), state->cli),
(unsigned)prs_data_size(&state->incoming_pdu)));
tevent_req_done(req);
return;
********************************************************************/
static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
DATA_BLOB tkt_wrapped = data_blob_null;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_KRB5, (int)auth_level, 0, 1);
DEBUG(5, ("create_krb5_auth_bind_req: creating a service ticket for principal %s\n",
a->service_principal ));
/* Create the ticket for the service principal and return it in a gss-api wrapped blob. */
ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt,
- &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL);
+ &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL, NULL);
if (ret) {
DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s "
********************************************************************/
static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
DATA_BLOB spnego_msg = data_blob_null;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1);
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
DATA_BLOB request = data_blob_null;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_NTLMSSP, (int)auth_level, 0, 1);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
********************************************************************/
static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
- RPC_AUTH_SCHANNEL_NEG schannel_neg;
+ struct NL_AUTH_MESSAGE r;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SCHANNEL, (int)auth_level, 0, 1);
/* Use lp_workgroup() if domain not specified */
}
}
- init_rpc_auth_schannel_neg(&schannel_neg, cli->auth->domain,
- global_myname());
-
/*
* Now marshall the data into the auth parse_struct.
*/
- if(!smb_io_rpc_auth_schannel_neg("schannel_neg",
- &schannel_neg, auth_data, 0)) {
- DEBUG(0,("Failed to marshall RPC_AUTH_SCHANNEL_NEG.\n"));
+ r.MessageType = NL_NEGOTIATE_REQUEST;
+ r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
+ r.oem_netbios_domain.a = cli->auth->domain;
+ r.oem_netbios_computer.a = global_myname();
+
+ ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &r,
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
+ prs_mem_free(auth_data);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &r);
+ }
+
+ if (!prs_copy_data_in(auth_data, (const char *)blob.data, blob.length))
+ {
prs_mem_free(auth_data);
return NT_STATUS_NO_MEMORY;
}
Creates the internals of a DCE/RPC bind request or alter context PDU.
********************************************************************/
-static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type,
+static NTSTATUS create_bind_or_alt_ctx_internal(enum dcerpc_pkt_type pkt_type,
prs_struct *rpc_out,
uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
}
/* Create the request RPC_HDR */
- init_rpc_hdr(&hdr, pkt_type, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id, frag_len, auth_len);
+ init_rpc_hdr(&hdr, pkt_type, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id, frag_len, auth_len);
/* Marshall the RPC header */
if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level)
+ enum dcerpc_AuthLevel auth_level)
{
RPC_HDR_AUTH hdr_auth;
prs_struct auth_info;
return NT_STATUS_INVALID_INFO_CLASS;
}
- ret = create_bind_or_alt_ctx_internal(RPC_BIND,
+ ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_BIND,
rpc_out,
rpc_call_id,
abstract,
}
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
prs_struct *outgoing_pdu)
{
RPC_HDR_AUTH auth_info;
- RPC_AUTH_SCHANNEL_CHK verf;
- struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth;
+ struct schannel_state *sas = cli->auth->a_u.schannel_auth;
char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+ DATA_BLOB blob;
+ NTSTATUS status;
if (!sas) {
return NT_STATUS_INVALID_PARAMETER;
return NT_STATUS_NO_MEMORY;
}
+ DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
+ sas->seq_num));
+
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
- case PIPE_AUTH_LEVEL_INTEGRITY:
- DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
- sas->seq_num));
-
- schannel_encode(sas,
- cli->auth->auth_level,
- SENDER_IS_INITIATOR,
- &verf,
- data_p,
- data_and_pad_len);
-
- sas->seq_num++;
- break;
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ status = netsec_outgoing_packet(sas,
+ talloc_tos(),
+ true,
+ (uint8_t *)data_p,
+ data_and_pad_len,
+ &blob);
+ break;
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ status = netsec_outgoing_packet(sas,
+ talloc_tos(),
+ false,
+ (uint8_t *)data_p,
+ data_and_pad_len,
+ &blob);
+ break;
+ default:
+ status = NT_STATUS_INTERNAL_ERROR;
+ break;
+ }
- default:
- /* Can't happen. */
- smb_panic("bad auth level");
- /* Notreached. */
- return NT_STATUS_INVALID_PARAMETER;
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("add_schannel_auth_footer: failed to process packet: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
/* Finally marshall the blob. */
- smb_io_rpc_auth_schannel_chk("",
- RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &verf,
- outgoing_pdu,
- 0);
+ if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) {
+ return NT_STATUS_NO_MEMORY;
+ }
return NT_STATUS_OK;
}
{
uint32 data_space, data_len;
-#ifdef DEVELOPER
+#if 0
if ((data_left > 0) && (sys_random() % 2)) {
data_left = MAX(data_left/2, 1);
}
#endif
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_NONE:
- case PIPE_AUTH_LEVEL_CONNECT:
+ case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_CONNECT:
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
data_len = MIN(data_space, data_left);
*p_ss_padding = 0;
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len;
return data_len;
- case PIPE_AUTH_LEVEL_INTEGRITY:
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Treat the same for all authenticated rpc requests. */
switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
if (is_last_frag) {
subreq = rpc_api_pipe_send(state, ev, state->cli,
&state->outgoing_frag,
- RPC_RESPONSE);
+ DCERPC_PKT_RESPONSE);
if (subreq == NULL) {
goto fail;
}
state->cli, data_left, &frag_len, &auth_len, &ss_padding);
if (state->req_data_sent == 0) {
- flags = RPC_FLG_FIRST;
+ flags = DCERPC_PFC_FLAG_FIRST;
}
if (data_sent_thistime == data_left) {
- flags |= RPC_FLG_LAST;
+ flags |= DCERPC_PFC_FLAG_LAST;
}
if (!prs_set_offset(&state->outgoing_frag, 0)) {
}
/* Create and marshall the header and request header. */
- init_rpc_hdr(&hdr, RPC_REQUEST, flags, state->call_id, frag_len,
+ init_rpc_hdr(&hdr, DCERPC_PKT_REQUEST, flags, state->call_id, frag_len,
auth_len);
if (!smb_io_rpc_hdr("hdr ", &hdr, &state->outgoing_frag, 0)) {
}
state->req_data_sent += data_sent_thistime;
- *is_last_frag = ((flags & RPC_FLG_LAST) != 0);
+ *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0);
return status;
}
if (is_last_frag) {
subreq = rpc_api_pipe_send(state, state->ev, state->cli,
&state->outgoing_frag,
- RPC_RESPONSE);
+ DCERPC_PKT_RESPONSE);
if (tevent_req_nomem(subreq, req)) {
return;
}
static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
uint32 rpc_call_id,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
DATA_BLOB *pauth_blob,
prs_struct *rpc_out)
{
uint32 pad = 0;
/* Create the request RPC_HDR */
- init_rpc_hdr(&hdr, RPC_AUTH3, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id,
+ init_rpc_hdr(&hdr, DCERPC_PKT_AUTH3, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id,
RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + pauth_blob->length,
pauth_blob->length );
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
prs_struct *rpc_out)
{
return NT_STATUS_NO_MEMORY;
/* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
+ init_rpc_hdr_auth(&hdr_auth, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1);
if (pauth_blob->length) {
if (!prs_copy_data_in(&auth_info, (const char *)pauth_blob->data, pauth_blob->length)) {
}
}
- ret = create_bind_or_alt_ctx_internal(RPC_ALTCONT,
+ ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_ALTER,
rpc_out,
rpc_call_id,
abstract,
}
DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
- rpccli_pipe_txt(debug_ctx(), cli),
+ rpccli_pipe_txt(talloc_tos(), cli),
(unsigned int)auth->auth_type,
(unsigned int)auth->auth_level ));
}
subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out,
- RPC_BINDACK);
+ DCERPC_PKT_BIND_ACK);
if (subreq == NULL) {
goto fail;
}
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("rpc_pipe_bind: %s bind request returned %s\n",
- rpccli_pipe_txt(debug_ctx(), state->cli),
+ rpccli_pipe_txt(talloc_tos(), state->cli),
nt_errstr(status)));
tevent_req_nterror(req, status);
return;
}
subreq = rpc_api_pipe_send(state, state->ev, state->cli,
- &state->rpc_out, RPC_ALTCONTRESP);
+ &state->rpc_out, DCERPC_PKT_ALTER_RESP);
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
data_blob_free(&tmp_blob);
DEBUG(5,("rpc_finish_spnego_ntlmssp_bind: alter context request to "
- "%s.\n", rpccli_pipe_txt(debug_ctx(), state->cli)));
+ "%s.\n", rpccli_pipe_txt(talloc_tos(), state->cli)));
tevent_req_done(req);
}
}
result->auth_type = PIPE_AUTH_TYPE_NONE;
- result->auth_level = PIPE_AUTH_LEVEL_NONE;
+ result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
result->domain = talloc_strdup(result, "");
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
result->a_u.ntlmssp_state->neg_flags &=
~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
result->a_u.ntlmssp_state->neg_flags
|= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
}
}
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- enum pipe_auth_level auth_level,
- const uint8_t sess_key[16],
+ enum dcerpc_AuthLevel auth_level,
+ struct netlogon_creds_CredentialState *creds,
struct cli_pipe_auth_data **presult)
{
struct cli_pipe_auth_data *result;
goto fail;
}
- result->a_u.schannel_auth = talloc(result,
- struct schannel_auth_struct);
+ result->a_u.schannel_auth = talloc(result, struct schannel_state);
if (result->a_u.schannel_auth == NULL) {
goto fail;
}
- memcpy(result->a_u.schannel_auth->sess_key, sess_key,
- sizeof(result->a_u.schannel_auth->sess_key));
+ result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
result->a_u.schannel_auth->seq_num = 0;
+ result->a_u.schannel_auth->initiator = true;
+ result->a_u.schannel_auth->creds = creds;
*presult = result;
return NT_STATUS_OK;
#endif
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = talloc_strdup(result, host);
result->srv_name_slash = talloc_asprintf_strupper_m(
result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
- if (!resolve_name(host, &addr, 0)) {
+ if (!resolve_name(host, &addr, 0, false)) {
status = NT_STATUS_NOT_FOUND;
goto fail;
}
goto fail;
}
+ result->transport->transport = NCACN_IP_TCP;
+
*presult = result;
return NT_STATUS_OK;
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = get_myname(result);
result->srv_name_slash = talloc_asprintf_strupper_m(
goto fail;
}
+ result->transport->transport = NCALRPC;
+
*presult = result;
return NT_STATUS_OK;
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = talloc_strdup(result, cli->desthost);
result->srv_name_slash = talloc_asprintf_strupper_m(
result, "\\\\%s", result->desthost);
return status;
}
+ result->transport->transport = NCACN_NP;
+
DLIST_ADD(cli->pipe_list, result);
talloc_set_destructor(result, rpc_pipe_client_np_destructor);
result->abstract_syntax = *syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
return status;
}
+ result->transport->transport = NCACN_INTERNAL;
+
*presult = result;
return NT_STATUS_OK;
}
****************************************************************************/
static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult)
{
- if (ndr_syntax_id_equal(interface, &ndr_table_drsuapi.syntax_id)) {
- /*
- * We should have a better way to figure out this drsuapi
- * speciality...
- */
+ switch (transport) {
+ case NCACN_IP_TCP:
return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
presult);
+ case NCACN_NP:
+ return rpc_pipe_open_np(cli, interface, presult);
+ default:
+ return NT_STATUS_NOT_IMPLEMENTED;
}
-
- return rpc_pipe_open_np(cli, interface, presult);
}
/****************************************************************************
Open a named pipe to an SMB server and bind anonymously.
****************************************************************************/
-NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
"%s failed with error %s\n",
- get_pipe_name_from_iface(interface),
+ get_pipe_name_from_syntax(talloc_tos(), interface),
nt_errstr(status) ));
TALLOC_FREE(result);
return status;
DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
"%s and bound anonymously.\n",
- get_pipe_name_from_iface(interface), cli->desthost));
+ get_pipe_name_from_syntax(talloc_tos(), interface),
+ cli->desthost));
*presult = result;
return NT_STATUS_OK;
}
+/****************************************************************************
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
+{
+ return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
+ interface, presult);
+}
+
/****************************************************************************
Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
****************************************************************************/
static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
"machine %s and bound NTLMSSP as user %s\\%s.\n",
- get_pipe_name_from_iface(interface), cli->desthost, domain,
- username ));
+ get_pipe_name_from_syntax(talloc_tos(), interface),
+ cli->desthost, domain, username ));
*presult = result;
return NT_STATUS_OK;
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
interface,
+ transport,
PIPE_AUTH_TYPE_NTLMSSP,
auth_level,
domain,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
interface,
+ transport,
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
auth_level,
domain,
const char *domain,
uint32 *pneg_flags)
{
- uint32 sec_chan_type = 0;
+ enum netr_SchannelType sec_chan_type = 0;
unsigned char machine_pwd[16];
const char *machine_account;
NTSTATUS status;
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult)
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = rpccli_schannel_bind_data(result, domain, auth_level,
- (*pdc)->session_key, &auth);
+ *pdc, &auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
nt_errstr(status)));
* in - reference them in
*/
result->dc = talloc_move(result, pdc);
- if (result->dc == NULL) {
- DEBUG(0, ("talloc reference failed\n"));
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
"for domain %s and bound using schannel.\n",
- get_pipe_name_from_iface(interface),
+ get_pipe_name_from_syntax(talloc_tos(), interface),
cli->desthost, domain ));
*presult = result;
NTSTATUS status;
status = cli_rpc_pipe_open_spnego_ntlmssp(
- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
&result);
/* Now we've bound using the session key we can close the netlog pipe. */
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result = NULL;
NTSTATUS status;
+ *presult = NULL;
+
status = get_schannel_session_key(cli, domain, &neg_flags,
&netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
&result);
/* Now we've bound using the session key we can close the netlog pipe. */
*presult = result;
}
- return NT_STATUS_OK;
+ return status;
}
/****************************************************************************
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
switch (cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SCHANNEL:
*session_key = data_blob_talloc(mem_ctx,
- cli->auth->a_u.schannel_auth->sess_key, 16);
+ cli->auth->a_u.schannel_auth->creds->session_key, 16);
break;
case PIPE_AUTH_TYPE_NTLMSSP:
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: