*/
#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/cli_epmapper.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
-extern struct pipe_id_info pipe_names[];
+/*******************************************************************
+interface/version dce/rpc pipe identification
+********************************************************************/
+
+#define PIPE_SRVSVC "\\PIPE\\srvsvc"
+#define PIPE_SAMR "\\PIPE\\samr"
+#define PIPE_WINREG "\\PIPE\\winreg"
+#define PIPE_WKSSVC "\\PIPE\\wkssvc"
+#define PIPE_NETLOGON "\\PIPE\\NETLOGON"
+#define PIPE_NTLSA "\\PIPE\\ntlsa"
+#define PIPE_NTSVCS "\\PIPE\\ntsvcs"
+#define PIPE_LSASS "\\PIPE\\lsass"
+#define PIPE_LSARPC "\\PIPE\\lsarpc"
+#define PIPE_SPOOLSS "\\PIPE\\spoolss"
+#define PIPE_NETDFS "\\PIPE\\netdfs"
+#define PIPE_ECHO "\\PIPE\\rpcecho"
+#define PIPE_SHUTDOWN "\\PIPE\\initshutdown"
+#define PIPE_EPM "\\PIPE\\epmapper"
+#define PIPE_SVCCTL "\\PIPE\\svcctl"
+#define PIPE_EVENTLOG "\\PIPE\\eventlog"
+#define PIPE_EPMAPPER "\\PIPE\\epmapper"
+#define PIPE_DRSUAPI "\\PIPE\\drsuapi"
+
+/*
+ * IMPORTANT!! If you update this structure, make sure to
+ * update the index #defines in smb.h.
+ */
+
+static const struct pipe_id_info {
+ /* the names appear not to matter: the syntaxes _do_ matter */
+
+ const char *client_pipe;
+ const struct ndr_syntax_id *abstr_syntax; /* this one is the abstract syntax id */
+} pipe_names [] =
+{
+ { PIPE_LSARPC, &ndr_table_lsarpc.syntax_id },
+ { PIPE_LSARPC, &ndr_table_dssetup.syntax_id },
+ { PIPE_SAMR, &ndr_table_samr.syntax_id },
+ { PIPE_NETLOGON, &ndr_table_netlogon.syntax_id },
+ { PIPE_SRVSVC, &ndr_table_srvsvc.syntax_id },
+ { PIPE_WKSSVC, &ndr_table_wkssvc.syntax_id },
+ { PIPE_WINREG, &ndr_table_winreg.syntax_id },
+ { PIPE_SPOOLSS, &ndr_table_spoolss.syntax_id },
+ { PIPE_NETDFS, &ndr_table_netdfs.syntax_id },
+ { PIPE_ECHO, &ndr_table_rpcecho.syntax_id },
+ { PIPE_SHUTDOWN, &ndr_table_initshutdown.syntax_id },
+ { PIPE_SVCCTL, &ndr_table_svcctl.syntax_id },
+ { PIPE_EVENTLOG, &ndr_table_eventlog.syntax_id },
+ { PIPE_NTSVCS, &ndr_table_ntsvcs.syntax_id },
+ { PIPE_EPMAPPER, &ndr_table_epmapper.syntax_id },
+ { PIPE_DRSUAPI, &ndr_table_drsuapi.syntax_id },
+ { NULL, NULL }
+};
+
+/****************************************************************************
+ Return the pipe name from the interface.
+ ****************************************************************************/
+
+const char *get_pipe_name_from_iface(const struct ndr_syntax_id *interface)
+{
+ char *guid_str;
+ const char *result;
+ int i;
+ for (i = 0; pipe_names[i].client_pipe; i++) {
+ if (ndr_syntax_id_equal(pipe_names[i].abstr_syntax,
+ interface)) {
+ return &pipe_names[i].client_pipe[5];
+ }
+ }
+
+ /*
+ * Here we should ask \\epmapper, but for now our code is only
+ * interested in the known pipes mentioned in pipe_names[]
+ */
+
+ guid_str = GUID_string(talloc_tos(), &interface->uuid);
+ if (guid_str == NULL) {
+ return NULL;
+ }
+ result = talloc_asprintf(talloc_tos(), "Interface %s.%d", guid_str,
+ (int)interface->if_version);
+ TALLOC_FREE(guid_str);
+
+ if (result == NULL) {
+ return "PIPE";
+ }
+ return result;
+}
/********************************************************************
Map internal value to wire value.
return -1;
}
+/********************************************************************
+ Pipe description for a DEBUG
+ ********************************************************************/
+static const char *rpccli_pipe_txt(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *cli)
+{
+ char *result = talloc_asprintf(mem_ctx, "host %s", cli->desthost);
+ if (result == NULL) {
+ return "pipe";
+ }
+ return result;
+}
+
/********************************************************************
Rpc pipe call id.
********************************************************************/
return ++call_id;
}
+/*
+ * Realloc pdu to have a least "size" bytes
+ */
+
+static bool rpc_grow_buffer(prs_struct *pdu, size_t size)
+{
+ size_t extra_size;
+
+ if (prs_data_size(pdu) >= size) {
+ return true;
+ }
+
+ extra_size = size - prs_data_size(pdu);
+
+ if (!prs_force_grow(pdu, extra_size)) {
+ DEBUG(0, ("rpc_grow_buffer: Failed to grow parse struct by "
+ "%d bytes.\n", (int)extra_size));
+ return false;
+ }
+
+ DEBUG(5, ("rpc_grow_buffer: grew buffer by %d bytes to %u\n",
+ (int)extra_size, prs_data_size(pdu)));
+ return true;
+}
+
+
/*******************************************************************
Use SMBreadX to get rest of one fragment's worth of rpc data.
- Will expand the current_pdu struct to the correct size.
+ Reads the whole size or give an error message
********************************************************************/
-static NTSTATUS rpc_read(struct rpc_pipe_client *cli,
- prs_struct *current_pdu,
- uint32 data_to_read,
- uint32 *current_pdu_offset)
+struct rpc_read_state {
+ struct event_context *ev;
+ struct rpc_cli_transport *transport;
+ uint8_t *data;
+ size_t size;
+ size_t num_read;
+};
+
+static void rpc_read_done(struct tevent_req *subreq);
+
+static struct tevent_req *rpc_read_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_cli_transport *transport,
+ uint8_t *data, size_t size)
{
- size_t size = (size_t)cli->max_recv_frag;
- uint32 stream_offset = 0;
- ssize_t num_read;
- char *pdata;
- ssize_t extra_data_size = ((ssize_t)*current_pdu_offset) + ((ssize_t)data_to_read) - (ssize_t)prs_data_size(current_pdu);
+ struct tevent_req *req, *subreq;
+ struct rpc_read_state *state;
- DEBUG(5,("rpc_read: data_to_read: %u current_pdu offset: %u extra_data_size: %d\n",
- (unsigned int)data_to_read, (unsigned int)*current_pdu_offset, (int)extra_data_size ));
+ req = tevent_req_create(mem_ctx, &state, struct rpc_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->transport = transport;
+ state->data = data;
+ state->size = size;
+ state->num_read = 0;
- /*
- * Grow the buffer if needed to accommodate the data to be read.
- */
+ DEBUG(5, ("rpc_read_send: data_to_read: %u\n", (unsigned int)size));
- if (extra_data_size > 0) {
- if(!prs_force_grow(current_pdu, (uint32)extra_data_size)) {
- DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", (int)extra_data_size ));
- return NT_STATUS_NO_MEMORY;
- }
- DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", (int)extra_data_size, prs_data_size(current_pdu) ));
+ subreq = transport->read_send(state, ev, (uint8_t *)data, size,
+ transport->priv);
+ if (subreq == NULL) {
+ goto fail;
}
+ tevent_req_set_callback(subreq, rpc_read_done, req);
+ return req;
- pdata = prs_data_p(current_pdu) + *current_pdu_offset;
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
- do {
- /* read data using SMBreadX */
- if (size > (size_t)data_to_read) {
- size = (size_t)data_to_read;
- }
+static void rpc_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_read_state *state = tevent_req_data(
+ req, struct rpc_read_state);
+ NTSTATUS status;
+ ssize_t received;
- num_read = cli_read(cli->cli, cli->fnum, pdata,
- (off_t)stream_offset, size);
+ status = state->transport->read_recv(subreq, &received);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
- DEBUG(5,("rpc_read: num_read = %d, read offset: %u, to read: %u\n",
- (int)num_read, (unsigned int)stream_offset, (unsigned int)data_to_read));
+ state->num_read += received;
+ if (state->num_read == state->size) {
+ tevent_req_done(req);
+ return;
+ }
- /*
- * A dos error of ERRDOS/ERRmoredata is not an error.
- */
- if (cli_is_dos_error(cli->cli)) {
- uint32 ecode;
- uint8 eclass;
- cli_dos_error(cli->cli, &eclass, &ecode);
- if (eclass != ERRDOS && ecode != ERRmoredata) {
- DEBUG(0,("rpc_read: DOS Error %d/%u (%s) in cli_read on pipe %s\n",
- eclass, (unsigned int)ecode,
- cli_errstr(cli->cli),
- cli->pipe_name ));
- return dos_to_ntstatus(eclass, ecode);
- }
- }
+ subreq = state->transport->read_send(state, state->ev,
+ state->data + state->num_read,
+ state->size - state->num_read,
+ state->transport->priv);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, rpc_read_done, req);
+}
- /*
- * Likewise for NT_STATUS_BUFFER_TOO_SMALL
- */
- if (cli_is_nt_error(cli->cli)) {
- if (!NT_STATUS_EQUAL(cli_nt_error(cli->cli), NT_STATUS_BUFFER_TOO_SMALL)) {
- DEBUG(0,("rpc_read: Error (%s) in cli_read on pipe %s\n",
- nt_errstr(cli_nt_error(cli->cli)),
- cli->pipe_name ));
- return cli_nt_error(cli->cli);
- }
- }
+static NTSTATUS rpc_read_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
- if (num_read == -1) {
- DEBUG(0,("rpc_read: Error - cli_read on pipe %s returned -1\n",
- cli->pipe_name ));
- return cli_get_nt_error(cli->cli);
- }
+struct rpc_write_state {
+ struct event_context *ev;
+ struct rpc_cli_transport *transport;
+ const uint8_t *data;
+ size_t size;
+ size_t num_written;
+};
+
+static void rpc_write_done(struct tevent_req *subreq);
+
+static struct tevent_req *rpc_write_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_cli_transport *transport,
+ const uint8_t *data, size_t size)
+{
+ struct tevent_req *req, *subreq;
+ struct rpc_write_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct rpc_write_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->transport = transport;
+ state->data = data;
+ state->size = size;
+ state->num_written = 0;
+
+ DEBUG(5, ("rpc_write_send: data_to_write: %u\n", (unsigned int)size));
+
+ subreq = transport->write_send(state, ev, data, size, transport->priv);
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, rpc_write_done, req);
+ return req;
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
+
+static void rpc_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_write_state *state = tevent_req_data(
+ req, struct rpc_write_state);
+ NTSTATUS status;
+ ssize_t written;
+
+ status = state->transport->write_recv(subreq, &written);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ state->num_written += written;
+
+ if (state->num_written == state->size) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = state->transport->write_send(state, state->ev,
+ state->data + state->num_written,
+ state->size - state->num_written,
+ state->transport->priv);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, rpc_write_done, req);
+}
- data_to_read -= num_read;
- stream_offset += num_read;
- pdata += num_read;
+static NTSTATUS rpc_write_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
- } while (num_read > 0 && data_to_read > 0);
- /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
+static NTSTATUS parse_rpc_header(struct rpc_pipe_client *cli,
+ struct rpc_hdr_info *prhdr,
+ prs_struct *pdu)
+{
/*
- * Update the current offset into current_pdu by the amount read.
+ * This next call sets the endian bit correctly in current_pdu. We
+ * will propagate this to rbuf later.
*/
- *current_pdu_offset += stream_offset;
+
+ if(!smb_io_rpc_hdr("rpc_hdr ", prhdr, pdu, 0)) {
+ DEBUG(0, ("get_current_pdu: Failed to unmarshall RPC_HDR.\n"));
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+ if (prhdr->frag_len > cli->max_recv_frag) {
+ DEBUG(0, ("cli_pipe_get_current_pdu: Server sent fraglen %d,"
+ " we only allow %d\n", (int)prhdr->frag_len,
+ (int)cli->max_recv_frag));
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
return NT_STATUS_OK;
}
from the wire.
****************************************************************************/
-static NTSTATUS cli_pipe_get_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *prhdr, prs_struct *current_pdu)
+struct get_complete_frag_state {
+ struct event_context *ev;
+ struct rpc_pipe_client *cli;
+ struct rpc_hdr_info *prhdr;
+ prs_struct *pdu;
+};
+
+static void get_complete_frag_got_header(struct tevent_req *subreq);
+static void get_complete_frag_got_rest(struct tevent_req *subreq);
+
+static struct tevent_req *get_complete_frag_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_pipe_client *cli,
+ struct rpc_hdr_info *prhdr,
+ prs_struct *pdu)
{
- NTSTATUS ret = NT_STATUS_OK;
- uint32 current_pdu_len = prs_data_size(current_pdu);
+ struct tevent_req *req, *subreq;
+ struct get_complete_frag_state *state;
+ uint32_t pdu_len;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct get_complete_frag_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->prhdr = prhdr;
+ state->pdu = pdu;
- /* Ensure we have at least RPC_HEADER_LEN worth of data to parse. */
- if (current_pdu_len < RPC_HEADER_LEN) {
- /* rpc_read expands the current_pdu struct as neccessary. */
- ret = rpc_read(cli, current_pdu, RPC_HEADER_LEN - current_pdu_len, ¤t_pdu_len);
- if (!NT_STATUS_IS_OK(ret)) {
- return ret;
+ pdu_len = prs_data_size(pdu);
+ if (pdu_len < RPC_HEADER_LEN) {
+ if (!rpc_grow_buffer(pdu, RPC_HEADER_LEN)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto post_status;
}
+ subreq = rpc_read_send(
+ state, state->ev,
+ state->cli->transport,
+ (uint8_t *)(prs_data_p(state->pdu) + pdu_len),
+ RPC_HEADER_LEN - pdu_len);
+ if (subreq == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto post_status;
+ }
+ tevent_req_set_callback(subreq, get_complete_frag_got_header,
+ req);
+ return req;
}
- /* This next call sets the endian bit correctly in current_pdu. */
- /* We will propagate this to rbuf later. */
- if(!smb_io_rpc_hdr("rpc_hdr ", prhdr, current_pdu, 0)) {
- DEBUG(0,("cli_pipe_get_current_pdu: Failed to unmarshall RPC_HDR.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
+ status = parse_rpc_header(cli, prhdr, pdu);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto post_status;
}
- /* Ensure we have frag_len bytes of data. */
- if (current_pdu_len < prhdr->frag_len) {
- /* rpc_read expands the current_pdu struct as neccessary. */
- ret = rpc_read(cli, current_pdu, (uint32)prhdr->frag_len - current_pdu_len, ¤t_pdu_len);
- if (!NT_STATUS_IS_OK(ret)) {
- return ret;
+ /*
+ * Ensure we have frag_len bytes of data.
+ */
+ if (pdu_len < prhdr->frag_len) {
+ if (!rpc_grow_buffer(pdu, prhdr->frag_len)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto post_status;
}
+ subreq = rpc_read_send(state, state->ev,
+ state->cli->transport,
+ (uint8_t *)(prs_data_p(pdu) + pdu_len),
+ prhdr->frag_len - pdu_len);
+ if (subreq == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto post_status;
+ }
+ tevent_req_set_callback(subreq, get_complete_frag_got_rest,
+ req);
+ return req;
}
- if (current_pdu_len < prhdr->frag_len) {
- return NT_STATUS_BUFFER_TOO_SMALL;
+ status = NT_STATUS_OK;
+ post_status:
+ if (NT_STATUS_IS_OK(status)) {
+ tevent_req_done(req);
+ } else {
+ tevent_req_nterror(req, status);
}
+ return tevent_req_post(req, ev);
+}
- return NT_STATUS_OK;
+static void get_complete_frag_got_header(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct get_complete_frag_state *state = tevent_req_data(
+ req, struct get_complete_frag_state);
+ NTSTATUS status;
+
+ status = rpc_read_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ status = parse_rpc_header(state->cli, state->prhdr, state->pdu);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (!rpc_grow_buffer(state->pdu, state->prhdr->frag_len)) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+
+ /*
+ * We're here in this piece of code because we've read exactly
+ * RPC_HEADER_LEN bytes into state->pdu.
+ */
+
+ subreq = rpc_read_send(
+ state, state->ev, state->cli->transport,
+ (uint8_t *)(prs_data_p(state->pdu) + RPC_HEADER_LEN),
+ state->prhdr->frag_len - RPC_HEADER_LEN);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, get_complete_frag_got_rest, req);
+}
+
+static void get_complete_frag_got_rest(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = rpc_read_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS get_complete_frag_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
}
/****************************************************************************
RPC_HDR_AUTH auth_info;
uint32 save_offset = prs_offset(current_pdu);
uint32 auth_len = prhdr->auth_len;
- NTLMSSP_STATE *ntlmssp_state = cli->auth.a_u.ntlmssp_state;
+ NTLMSSP_STATE *ntlmssp_state = cli->auth->a_u.ntlmssp_state;
unsigned char *data = NULL;
size_t data_len;
unsigned char *full_packet_data = NULL;
DATA_BLOB auth_blob;
NTSTATUS status;
- if (cli->auth.auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
auth_blob.data = (unsigned char *)prs_data_p(current_pdu) + prs_offset(current_pdu);
auth_blob.length = auth_len;
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
status = ntlmssp_unseal_packet(ntlmssp_state,
&auth_blob);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unseal "
- "packet from remote machine %s on pipe %s "
- "fnum 0x%x. Error was %s.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
+ "packet from %s. Error was %s.\n",
+ rpccli_pipe_txt(debug_ctx(), cli),
nt_errstr(status) ));
return status;
}
&auth_blob);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_pipe_verify_ntlmssp: check signing failed on "
- "packet from remote machine %s on pipe %s "
- "fnum 0x%x. Error was %s.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
+ "packet from %s. Error was %s.\n",
+ rpccli_pipe_txt(debug_ctx(), cli),
nt_errstr(status) ));
return status;
}
break;
default:
- DEBUG(0,("cli_pipe_verify_ntlmssp: unknown internal auth level %d\n",
- cli->auth.auth_level ));
+ DEBUG(0, ("cli_pipe_verify_ntlmssp: unknown internal "
+ "auth level %d\n", cli->auth->auth_level));
return NT_STATUS_INVALID_INFO_CLASS;
}
RPC_AUTH_SCHANNEL_CHK schannel_chk;
uint32 auth_len = prhdr->auth_len;
uint32 save_offset = prs_offset(current_pdu);
- struct schannel_auth_struct *schannel_auth = cli->auth.a_u.schannel_auth;
+ struct schannel_auth_struct *schannel_auth =
+ cli->auth->a_u.schannel_auth;
uint32 data_len;
- if (cli->auth.auth_level == PIPE_AUTH_LEVEL_NONE || cli->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
(unsigned int)RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len ));
return NT_STATUS_BUFFER_TOO_SMALL;
}
-
+
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, current_pdu, 0)) {
DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshall RPC_HDR_AUTH.\n"));
return NT_STATUS_BUFFER_TOO_SMALL;
}
if (!schannel_decode(schannel_auth,
- cli->auth.auth_level,
+ cli->auth->auth_level,
SENDER_IS_ACCEPTOR,
&schannel_chk,
prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
data_len)) {
DEBUG(3,("cli_pipe_verify_schannel: failed to decode PDU "
- "Connection to remote machine %s "
- "pipe %s fnum 0x%x.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum ));
+ "Connection to %s.\n",
+ rpccli_pipe_txt(debug_ctx(), cli)));
return NT_STATUS_INVALID_PARAMETER;
}
return NT_STATUS_INVALID_PARAMETER;
}
- if (prhdr->auth_len + RPC_HDR_AUTH_LEN < prhdr->auth_len ||
- prhdr->auth_len + RPC_HDR_AUTH_LEN < RPC_HDR_AUTH_LEN) {
+ if (prhdr->auth_len + (unsigned int)RPC_HDR_AUTH_LEN < prhdr->auth_len ||
+ prhdr->auth_len + (unsigned int)RPC_HDR_AUTH_LEN < (unsigned int)RPC_HDR_AUTH_LEN) {
/* Integer wrap attempt. */
return NT_STATUS_INVALID_PARAMETER;
}
* Now we have a complete RPC request PDU fragment, try and verify any auth data.
*/
- switch(cli->auth.auth_type) {
+ switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_NONE:
if (prhdr->auth_len) {
- DEBUG(3, ("cli_pipe_validate_rpc_response: Connection to remote machine %s "
- "pipe %s fnum 0x%x - got non-zero auth len %u.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
+ DEBUG(3, ("cli_pipe_validate_rpc_response: "
+ "Connection to %s - got non-zero "
+ "auth len %u.\n",
+ rpccli_pipe_txt(debug_ctx(), cli),
(unsigned int)prhdr->auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
case PIPE_AUTH_TYPE_KRB5:
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
default:
- DEBUG(3, ("cli_pipe_validate_rpc_response: Connection to remote machine %s "
- "pipe %s fnum %x - unknown internal auth type %u.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
- cli->auth.auth_type ));
+ DEBUG(3, ("cli_pipe_validate_rpc_response: Connection "
+ "to %s - unknown internal auth type %u.\n",
+ rpccli_pipe_txt(debug_ctx(), cli),
+ cli->auth->auth_type ));
return NT_STATUS_INVALID_INFO_CLASS;
}
}
case RPC_BINDNACK:
- DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK received from remote machine %s "
- "pipe %s fnum 0x%x!\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
+ DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK "
+ "received from %s!\n",
+ rpccli_pipe_txt(debug_ctx(), cli)));
/* Use this for now... */
return NT_STATUS_NETWORK_ACCESS_DENIED;
return NT_STATUS_BUFFER_TOO_SMALL;
}
- DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault code %s received from remote machine %s "
- "pipe %s fnum 0x%x!\n",
- dcerpc_errstr(NT_STATUS_V(fault_resp.status)),
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
+ DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault "
+ "code %s received from %s!\n",
+ dcerpc_errstr(debug_ctx(), NT_STATUS_V(fault_resp.status)),
+ rpccli_pipe_txt(debug_ctx(), cli)));
if (NT_STATUS_IS_OK(fault_resp.status)) {
return NT_STATUS_UNSUCCESSFUL;
} else {
return fault_resp.status;
}
-
}
default:
DEBUG(0, ("cli_pipe_validate_current_pdu: unknown packet type %u received "
- "from remote machine %s pipe %s fnum 0x%x!\n",
+ "from %s!\n",
(unsigned int)prhdr->pkt_type,
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
+ rpccli_pipe_txt(debug_ctx(), cli)));
return NT_STATUS_INVALID_INFO_CLASS;
}
if (prhdr->pkt_type != expected_pkt_type) {
- DEBUG(3, ("cli_pipe_validate_current_pdu: Connection to remote machine %s "
- "pipe %s fnum %x got an unexpected RPC packet "
- "type - %u, not %u\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
+ DEBUG(3, ("cli_pipe_validate_current_pdu: Connection to %s "
+ "got an unexpected RPC packet type - %u, not %u\n",
+ rpccli_pipe_txt(debug_ctx(), cli),
prhdr->pkt_type,
expected_pkt_type));
return NT_STATUS_INVALID_INFO_CLASS;
return NT_STATUS_OK;
}
+/****************************************************************************
+ Call a remote api on an arbitrary pipe. takes param, data and setup buffers.
+****************************************************************************/
+
+struct cli_api_pipe_state {
+ struct event_context *ev;
+ struct rpc_cli_transport *transport;
+ uint8_t *rdata;
+ uint32_t rdata_len;
+};
+
+static void cli_api_pipe_trans_done(struct tevent_req *subreq);
+static void cli_api_pipe_write_done(struct tevent_req *subreq);
+static void cli_api_pipe_read_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_api_pipe_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_cli_transport *transport,
+ uint8_t *data, size_t data_len,
+ uint32_t max_rdata_len)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_api_pipe_state *state;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_api_pipe_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->transport = transport;
+
+ if (max_rdata_len < RPC_HEADER_LEN) {
+ /*
+ * For a RPC reply we always need at least RPC_HEADER_LEN
+ * bytes. We check this here because we will receive
+ * RPC_HEADER_LEN bytes in cli_trans_sock_send_done.
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto post_status;
+ }
+
+ if (transport->trans_send != NULL) {
+ subreq = transport->trans_send(state, ev, data, data_len,
+ max_rdata_len, transport->priv);
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, cli_api_pipe_trans_done, req);
+ return req;
+ }
+
+ /*
+ * If the transport does not provide a "trans" routine, i.e. for
+ * example the ncacn_ip_tcp transport, do the write/read step here.
+ */
+
+ subreq = rpc_write_send(state, ev, transport, data, data_len);
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, cli_api_pipe_write_done, req);
+ return req;
+
+ status = NT_STATUS_INVALID_PARAMETER;
+
+ post_status:
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
+
+static void cli_api_pipe_trans_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_api_pipe_state *state = tevent_req_data(
+ req, struct cli_api_pipe_state);
+ NTSTATUS status;
+
+ status = state->transport->trans_recv(subreq, state, &state->rdata,
+ &state->rdata_len);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_api_pipe_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_api_pipe_state *state = tevent_req_data(
+ req, struct cli_api_pipe_state);
+ NTSTATUS status;
+
+ status = rpc_write_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ state->rdata = TALLOC_ARRAY(state, uint8_t, RPC_HEADER_LEN);
+ if (tevent_req_nomem(state->rdata, req)) {
+ return;
+ }
+
+ /*
+ * We don't need to use rpc_read_send here, the upper layer will cope
+ * with a short read, transport->trans_send could also return less
+ * than state->max_rdata_len.
+ */
+ subreq = state->transport->read_send(state, state->ev, state->rdata,
+ RPC_HEADER_LEN,
+ state->transport->priv);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_api_pipe_read_done, req);
+}
+
+static void cli_api_pipe_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_api_pipe_state *state = tevent_req_data(
+ req, struct cli_api_pipe_state);
+ NTSTATUS status;
+ ssize_t received;
+
+ status = state->transport->read_recv(subreq, &received);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ state->rdata_len = received;
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **prdata, uint32_t *prdata_len)
+{
+ struct cli_api_pipe_state *state = tevent_req_data(
+ req, struct cli_api_pipe_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ *prdata = talloc_move(mem_ctx, &state->rdata);
+ *prdata_len = state->rdata_len;
+ return NT_STATUS_OK;
+}
+
/****************************************************************************
Send data on an rpc pipe via trans. The prs_struct data must be the last
pdu fragment of an NDR data stream.
****************************************************************************/
-static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli,
- prs_struct *data, /* Outgoing pdu fragment, already formatted for send. */
- prs_struct *rbuf, /* Incoming reply - return as an NDR stream. */
- uint8 expected_pkt_type)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- char *rparam = NULL;
- uint32 rparam_len = 0;
- uint16 setup[2];
- char *pdata = prs_data_p(data);
- uint32 data_len = prs_offset(data);
- char *prdata = NULL;
- uint32 rdata_len = 0;
- uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : RPC_MAX_PDU_FRAG_LEN;
- uint32 current_rbuf_offset = 0;
- prs_struct current_pdu;
-
-#ifdef DEVELOPER
- /* Ensure we're not sending too much. */
- SMB_ASSERT(data_len <= max_data);
-#endif
+struct rpc_api_pipe_state {
+ struct event_context *ev;
+ struct rpc_pipe_client *cli;
+ uint8_t expected_pkt_type;
- /* Set up the current pdu parse struct. */
- prs_init_empty(¤t_pdu, prs_get_mem_context(rbuf), UNMARSHALL);
+ prs_struct incoming_frag;
+ struct rpc_hdr_info rhdr;
- /* Create setup parameters - must be in native byte order. */
- setup[0] = TRANSACT_DCERPCCMD;
- setup[1] = cli->fnum; /* Pipe file handle. */
+ prs_struct incoming_pdu; /* Incoming reply */
+ uint32_t incoming_pdu_offset;
+};
+
+static int rpc_api_pipe_state_destructor(struct rpc_api_pipe_state *state)
+{
+ prs_mem_free(&state->incoming_frag);
+ prs_mem_free(&state->incoming_pdu);
+ return 0;
+}
- DEBUG(5,("rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum ));
+static void rpc_api_pipe_trans_done(struct tevent_req *subreq);
+static void rpc_api_pipe_got_pdu(struct tevent_req *subreq);
- /*
- * Send the last (or only) fragment of an RPC request. For small
- * amounts of data (about 1024 bytes or so) the RPC request and response
- * appears in a SMBtrans request and response.
- */
+static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_pipe_client *cli,
+ prs_struct *data, /* Outgoing PDU */
+ uint8_t expected_pkt_type)
+{
+ struct tevent_req *req, *subreq;
+ struct rpc_api_pipe_state *state;
+ uint16_t max_recv_frag;
+ NTSTATUS status;
- if (!cli_api_pipe(cli->cli, "\\PIPE\\",
- setup, 2, 0, /* Setup, length, max */
- NULL, 0, 0, /* Params, length, max */
- pdata, data_len, max_data, /* data, length, max */
- &rparam, &rparam_len, /* return params, len */
- &prdata, &rdata_len)) /* return data, len */
- {
- DEBUG(0, ("rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x "
- "returned critical error. Error was %s\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
- cli_errstr(cli->cli)));
- ret = cli_get_nt_error(cli->cli);
- SAFE_FREE(rparam);
- SAFE_FREE(prdata);
- goto err;
+ req = tevent_req_create(mem_ctx, &state, struct rpc_api_pipe_state);
+ if (req == NULL) {
+ return NULL;
}
+ state->ev = ev;
+ state->cli = cli;
+ state->expected_pkt_type = expected_pkt_type;
+ state->incoming_pdu_offset = 0;
- /* Throw away returned params - we know we won't use them. */
+ prs_init_empty(&state->incoming_frag, state, UNMARSHALL);
- SAFE_FREE(rparam);
+ prs_init_empty(&state->incoming_pdu, state, UNMARSHALL);
+ /* Make incoming_pdu dynamic with no memory. */
+ prs_give_memory(&state->incoming_pdu, NULL, 0, true);
- if (prdata == NULL) {
- DEBUG(3,("rpc_api_pipe: Remote machine %s pipe %s "
- "fnum 0x%x failed to return data.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
- /* Yes - some calls can truely return no data... */
- prs_mem_free(¤t_pdu);
- return NT_STATUS_OK;
- }
+ talloc_set_destructor(state, rpc_api_pipe_state_destructor);
/*
- * Give this memory as dynamic to the current pdu.
+ * Ensure we're not sending too much.
*/
+ if (prs_offset(data) > cli->max_xmit_frag) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto post_status;
+ }
- prs_give_memory(¤t_pdu, prdata, rdata_len, True);
-
- /* Ensure we can mess with the return prs_struct. */
- SMB_ASSERT(UNMARSHALLING(rbuf));
- SMB_ASSERT(prs_data_size(rbuf) == 0);
+ DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(debug_ctx(), cli)));
- /* Make rbuf dynamic with no memory. */
- prs_give_memory(rbuf, 0, 0, True);
+ max_recv_frag = cli->max_recv_frag;
- while(1) {
- RPC_HDR rhdr;
- char *ret_data;
- uint32 ret_data_len;
+#ifdef DEVELOPER
+ max_recv_frag = RPC_HEADER_LEN + 10 + (sys_random() % 32);
+#endif
- /* Ensure we have enough data for a pdu. */
- ret = cli_pipe_get_current_pdu(cli, &rhdr, ¤t_pdu);
- if (!NT_STATUS_IS_OK(ret)) {
- goto err;
- }
+ subreq = cli_api_pipe_send(state, ev, cli->transport,
+ (uint8_t *)prs_data_p(data),
+ prs_offset(data), max_recv_frag);
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, rpc_api_pipe_trans_done, req);
+ return req;
- /* We pass in rbuf here so if the alloc hint is set correctly
- we can set the output size and avoid reallocs. */
+ post_status:
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
- ret = cli_pipe_validate_current_pdu(cli, &rhdr, ¤t_pdu, expected_pkt_type,
- &ret_data, &ret_data_len, rbuf);
+static void rpc_api_pipe_trans_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_api_pipe_state *state = tevent_req_data(
+ req, struct rpc_api_pipe_state);
+ NTSTATUS status;
+ uint8_t *rdata = NULL;
+ uint32_t rdata_len = 0;
+ char *rdata_copy;
- DEBUG(10,("rpc_api_pipe: got PDU len of %u at offset %u\n",
- prs_data_size(¤t_pdu), current_rbuf_offset ));
+ status = cli_api_pipe_recv(subreq, state, &rdata, &rdata_len);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("cli_api_pipe failed: %s\n", nt_errstr(status)));
+ tevent_req_nterror(req, status);
+ return;
+ }
- if (!NT_STATUS_IS_OK(ret)) {
- goto err;
- }
+ if (rdata == NULL) {
+ DEBUG(3,("rpc_api_pipe: %s failed to return data.\n",
+ rpccli_pipe_txt(debug_ctx(), state->cli)));
+ tevent_req_done(req);
+ return;
+ }
- if ((rhdr.flags & RPC_FLG_FIRST)) {
- if (rhdr.pack_type[0] == 0) {
- /* Set the data type correctly for big-endian data on the first packet. */
- DEBUG(10,("rpc_api_pipe: On machine %s pipe %s fnum 0x%x "
- "PDU data format is big-endian.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
+ /*
+ * Give the memory received from cli_trans as dynamic to the current
+ * pdu. Duplicating it sucks, but prs_struct doesn't know about talloc
+ * :-(
+ */
+ rdata_copy = (char *)memdup(rdata, rdata_len);
+ TALLOC_FREE(rdata);
+ if (tevent_req_nomem(rdata_copy, req)) {
+ return;
+ }
+ prs_give_memory(&state->incoming_frag, rdata_copy, rdata_len, true);
- prs_set_endian_data(rbuf, RPC_BIG_ENDIAN);
- } else {
- /* Check endianness on subsequent packets. */
- if (current_pdu.bigendian_data != rbuf->bigendian_data) {
- DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
- rbuf->bigendian_data ? "big" : "little",
- current_pdu.bigendian_data ? "big" : "little" ));
- ret = NT_STATUS_INVALID_PARAMETER;
- goto err;
- }
- }
- }
+ /* Ensure we have enough data for a pdu. */
+ subreq = get_complete_frag_send(state, state->ev, state->cli,
+ &state->rhdr, &state->incoming_frag);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, rpc_api_pipe_got_pdu, req);
+}
- /* Now copy the data portion out of the pdu into rbuf. */
- if (!prs_force_grow(rbuf, ret_data_len)) {
- ret = NT_STATUS_NO_MEMORY;
- goto err;
- }
- memcpy(prs_data_p(rbuf)+current_rbuf_offset, ret_data, (size_t)ret_data_len);
- current_rbuf_offset += ret_data_len;
-
- /* See if we've finished with all the data in current_pdu yet ? */
- ret = cli_pipe_reset_current_pdu(cli, &rhdr, ¤t_pdu);
- if (!NT_STATUS_IS_OK(ret)) {
- goto err;
- }
+static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_api_pipe_state *state = tevent_req_data(
+ req, struct rpc_api_pipe_state);
+ NTSTATUS status;
+ char *rdata = NULL;
+ uint32_t rdata_len = 0;
- if (rhdr.flags & RPC_FLG_LAST) {
- break; /* We're done. */
- }
+ status = get_complete_frag_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("get_complete_frag failed: %s\n",
+ nt_errstr(status)));
+ tevent_req_nterror(req, status);
+ return;
}
- DEBUG(10,("rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x returned %u bytes.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum,
- (unsigned int)prs_data_size(rbuf) ));
+ status = cli_pipe_validate_current_pdu(
+ state->cli, &state->rhdr, &state->incoming_frag,
+ state->expected_pkt_type, &rdata, &rdata_len,
+ &state->incoming_pdu);
- prs_mem_free(¤t_pdu);
- return NT_STATUS_OK;
+ DEBUG(10,("rpc_api_pipe: got frag len of %u at offset %u: %s\n",
+ (unsigned)prs_data_size(&state->incoming_frag),
+ (unsigned)state->incoming_pdu_offset,
+ nt_errstr(status)));
- err:
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
- prs_mem_free(¤t_pdu);
- prs_mem_free(rbuf);
- return ret;
+ if ((state->rhdr.flags & RPC_FLG_FIRST)
+ && (state->rhdr.pack_type[0] == 0)) {
+ /*
+ * Set the data type correctly for big-endian data on the
+ * first packet.
+ */
+ DEBUG(10,("rpc_api_pipe: On %s PDU data format is "
+ "big-endian.\n",
+ rpccli_pipe_txt(debug_ctx(), state->cli)));
+ prs_set_endian_data(&state->incoming_pdu, RPC_BIG_ENDIAN);
+ }
+ /*
+ * Check endianness on subsequent packets.
+ */
+ if (state->incoming_frag.bigendian_data
+ != state->incoming_pdu.bigendian_data) {
+ DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to "
+ "%s\n",
+ state->incoming_pdu.bigendian_data?"big":"little",
+ state->incoming_frag.bigendian_data?"big":"little"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ /* Now copy the data portion out of the pdu into rbuf. */
+ if (!prs_force_grow(&state->incoming_pdu, rdata_len)) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+
+ memcpy(prs_data_p(&state->incoming_pdu) + state->incoming_pdu_offset,
+ rdata, (size_t)rdata_len);
+ state->incoming_pdu_offset += rdata_len;
+
+ status = cli_pipe_reset_current_pdu(state->cli, &state->rhdr,
+ &state->incoming_frag);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (state->rhdr.flags & RPC_FLG_LAST) {
+ DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n",
+ rpccli_pipe_txt(debug_ctx(), state->cli),
+ (unsigned)prs_data_size(&state->incoming_pdu)));
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = get_complete_frag_send(state, state->ev, state->cli,
+ &state->rhdr, &state->incoming_frag);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, rpc_api_pipe_got_pdu, req);
+}
+
+static NTSTATUS rpc_api_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ prs_struct *reply_pdu)
+{
+ struct rpc_api_pipe_state *state = tevent_req_data(
+ req, struct rpc_api_pipe_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ *reply_pdu = state->incoming_pdu;
+ reply_pdu->mem_ctx = mem_ctx;
+
+ /*
+ * Prevent state->incoming_pdu from being freed in
+ * rpc_api_pipe_state_destructor()
+ */
+ prs_init_empty(&state->incoming_pdu, state, UNMARSHALL);
+
+ return NT_STATUS_OK;
}
/*******************************************************************
{
#ifdef HAVE_KRB5
int ret;
- struct kerberos_auth_struct *a = cli->auth.a_u.kerberos_auth;
+ struct kerberos_auth_struct *a = cli->auth->a_u.kerberos_auth;
DATA_BLOB tkt = data_blob_null;
DATA_BLOB tkt_wrapped = data_blob_null;
init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
+ nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
null_blob,
&request);
init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1);
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
+ nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
null_blob,
&request);
/* Use lp_workgroup() if domain not specified */
- if (!cli->domain || !cli->domain[0]) {
- cli->domain = lp_workgroup();
+ if (!cli->auth->domain || !cli->auth->domain[0]) {
+ cli->auth->domain = talloc_strdup(cli, lp_workgroup());
+ if (cli->auth->domain == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
- init_rpc_auth_schannel_neg(&schannel_neg, cli->domain, global_myname());
+ init_rpc_auth_schannel_neg(&schannel_neg, cli->auth->domain,
+ global_myname());
/*
* Now marshall the data into the auth parse_struct.
static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type,
prs_struct *rpc_out,
uint32 rpc_call_id,
- RPC_IFACE *abstract,
- RPC_IFACE *transfer,
+ const struct ndr_syntax_id *abstract,
+ const struct ndr_syntax_id *transfer,
RPC_HDR_AUTH *phdr_auth,
prs_struct *pauth_info)
{
static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
prs_struct *rpc_out,
uint32 rpc_call_id,
- RPC_IFACE *abstract, RPC_IFACE *transfer,
+ const struct ndr_syntax_id *abstract,
+ const struct ndr_syntax_id *transfer,
enum pipe_auth_type auth_type,
enum pipe_auth_level auth_level)
{
DATA_BLOB auth_blob = data_blob_null;
uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
- if (!cli->auth.a_u.ntlmssp_state) {
+ if (!cli->auth->a_u.ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
/* Init and marshall the auth header. */
init_rpc_hdr_auth(&auth_info,
- map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type),
- cli->auth.auth_level,
+ map_pipe_auth_type_to_rpc_auth_type(
+ cli->auth->auth_type),
+ cli->auth->auth_level,
ss_padding_len,
1 /* context id. */);
return NT_STATUS_NO_MEMORY;
}
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
- status = ntlmssp_seal_packet(cli->auth.a_u.ntlmssp_state,
+ status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_and_pad_len,
(unsigned char *)prs_data_p(outgoing_pdu),
case PIPE_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
- status = ntlmssp_sign_packet(cli->auth.a_u.ntlmssp_state,
+ status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_and_pad_len,
(unsigned char *)prs_data_p(outgoing_pdu),
}
/* Finally marshall the blob. */
-
+
if (!prs_copy_data_in(outgoing_pdu, (const char *)auth_blob.data, NTLMSSP_SIG_SIZE)) {
DEBUG(0,("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n",
(unsigned int)NTLMSSP_SIG_SIZE));
data_blob_free(&auth_blob);
return NT_STATUS_NO_MEMORY;
}
-
+
data_blob_free(&auth_blob);
return NT_STATUS_OK;
}
{
RPC_HDR_AUTH auth_info;
RPC_AUTH_SCHANNEL_CHK verf;
- struct schannel_auth_struct *sas = cli->auth.a_u.schannel_auth;
+ struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth;
char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
/* Init and marshall the auth header. */
init_rpc_hdr_auth(&auth_info,
- map_pipe_auth_type_to_rpc_auth_type(cli->auth.auth_type),
- cli->auth.auth_level,
+ map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type),
+ cli->auth->auth_level,
ss_padding_len,
1 /* context id. */);
return NT_STATUS_NO_MEMORY;
}
- switch (cli->auth.auth_level) {
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_PRIVACY:
case PIPE_AUTH_LEVEL_INTEGRITY:
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
schannel_encode(sas,
- cli->auth.auth_level,
+ cli->auth->auth_level,
SENDER_IS_INITIATOR,
&verf,
data_p,
&verf,
outgoing_pdu,
0);
-
+
return NT_STATUS_OK;
}
{
uint32 data_space, data_len;
- switch (cli->auth.auth_level) {
+#ifdef DEVELOPER
+ if ((data_left > 0) && (sys_random() % 2)) {
+ data_left = MAX(data_left/2, 1);
+ }
+#endif
+
+ switch (cli->auth->auth_level) {
case PIPE_AUTH_LEVEL_NONE:
case PIPE_AUTH_LEVEL_CONNECT:
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
case PIPE_AUTH_LEVEL_INTEGRITY:
case PIPE_AUTH_LEVEL_PRIVACY:
/* Treat the same for all authenticated rpc requests. */
- switch(cli->auth.auth_type) {
+ switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
case PIPE_AUTH_TYPE_NTLMSSP:
*p_auth_len = NTLMSSP_SIG_SIZE;
RPC_HDR_AUTH_LEN - *p_auth_len;
data_len = MIN(data_space, data_left);
+ *p_ss_padding = 0;
if (data_len % 8) {
*p_ss_padding = 8 - (data_len % 8);
}
and deals with signing/sealing details.
********************************************************************/
-NTSTATUS rpc_api_pipe_req(struct rpc_pipe_client *cli,
- uint8 op_num,
- prs_struct *in_data,
- prs_struct *out_data)
+struct rpc_api_pipe_req_state {
+ struct event_context *ev;
+ struct rpc_pipe_client *cli;
+ uint8_t op_num;
+ uint32_t call_id;
+ prs_struct *req_data;
+ uint32_t req_data_sent;
+ prs_struct outgoing_frag;
+ prs_struct reply_pdu;
+};
+
+static int rpc_api_pipe_req_state_destructor(struct rpc_api_pipe_req_state *s)
+{
+ prs_mem_free(&s->outgoing_frag);
+ prs_mem_free(&s->reply_pdu);
+ return 0;
+}
+
+static void rpc_api_pipe_req_write_done(struct tevent_req *subreq);
+static void rpc_api_pipe_req_done(struct tevent_req *subreq);
+static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
+ bool *is_last_frag);
+
+struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_pipe_client *cli,
+ uint8_t op_num,
+ prs_struct *req_data)
{
- NTSTATUS ret;
- uint32 data_left = prs_offset(in_data);
- uint32 alloc_hint = prs_offset(in_data);
- uint32 data_sent_thistime = 0;
- uint32 current_data_offset = 0;
- uint32 call_id = get_rpc_call_id();
- char pad[8];
- prs_struct outgoing_pdu;
+ struct tevent_req *req, *subreq;
+ struct rpc_api_pipe_req_state *state;
+ NTSTATUS status;
+ bool is_last_frag;
- memset(pad, '\0', 8);
+ req = tevent_req_create(mem_ctx, &state,
+ struct rpc_api_pipe_req_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->op_num = op_num;
+ state->req_data = req_data;
+ state->req_data_sent = 0;
+ state->call_id = get_rpc_call_id();
- if (cli->max_xmit_frag < RPC_HEADER_LEN + RPC_HDR_REQ_LEN + RPC_MAX_SIGN_SIZE) {
+ if (cli->max_xmit_frag
+ < RPC_HEADER_LEN + RPC_HDR_REQ_LEN + RPC_MAX_SIGN_SIZE) {
/* Server is screwed up ! */
- return NT_STATUS_INVALID_PARAMETER;
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto post_status;
}
- if (!prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL))
- return NT_STATUS_NO_MEMORY;
+ prs_init_empty(&state->reply_pdu, state, UNMARSHALL);
- while (1) {
- RPC_HDR hdr;
- RPC_HDR_REQ hdr_req;
- uint16 auth_len = 0;
- uint16 frag_len = 0;
- uint8 flags = 0;
- uint32 ss_padding = 0;
+ if (!prs_init(&state->outgoing_frag, cli->max_xmit_frag,
+ state, MARSHALL)) {
+ goto fail;
+ }
- data_sent_thistime = calculate_data_len_tosend(cli, data_left,
- &frag_len, &auth_len, &ss_padding);
+ talloc_set_destructor(state, rpc_api_pipe_req_state_destructor);
- if (current_data_offset == 0) {
- flags = RPC_FLG_FIRST;
- }
+ status = prepare_next_frag(state, &is_last_frag);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto post_status;
+ }
- if (data_sent_thistime == data_left) {
- flags |= RPC_FLG_LAST;
+ if (is_last_frag) {
+ subreq = rpc_api_pipe_send(state, ev, state->cli,
+ &state->outgoing_frag,
+ RPC_RESPONSE);
+ if (subreq == NULL) {
+ goto fail;
}
+ tevent_req_set_callback(subreq, rpc_api_pipe_req_done, req);
+ } else {
+ subreq = rpc_write_send(
+ state, ev, cli->transport,
+ (uint8_t *)prs_data_p(&state->outgoing_frag),
+ prs_offset(&state->outgoing_frag));
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, rpc_api_pipe_req_write_done,
+ req);
+ }
+ return req;
- /* Create and marshall the header and request header. */
- init_rpc_hdr(&hdr, RPC_REQUEST, flags, call_id, frag_len, auth_len);
+ post_status:
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
- if(!smb_io_rpc_hdr("hdr ", &hdr, &outgoing_pdu, 0)) {
- prs_mem_free(&outgoing_pdu);
- return NT_STATUS_NO_MEMORY;
- }
+static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
+ bool *is_last_frag)
+{
+ RPC_HDR hdr;
+ RPC_HDR_REQ hdr_req;
+ uint32_t data_sent_thistime;
+ uint16_t auth_len;
+ uint16_t frag_len;
+ uint8_t flags = 0;
+ uint32_t ss_padding;
+ uint32_t data_left;
+ char pad[8] = { 0, };
+ NTSTATUS status;
- /* Create the rpc request RPC_HDR_REQ */
- init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
+ data_left = prs_offset(state->req_data) - state->req_data_sent;
- if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, &outgoing_pdu, 0)) {
- prs_mem_free(&outgoing_pdu);
- return NT_STATUS_NO_MEMORY;
- }
+ data_sent_thistime = calculate_data_len_tosend(
+ state->cli, data_left, &frag_len, &auth_len, &ss_padding);
- /* Copy in the data, plus any ss padding. */
- if (!prs_append_some_prs_data(&outgoing_pdu, in_data, current_data_offset, data_sent_thistime)) {
- prs_mem_free(&outgoing_pdu);
- return NT_STATUS_NO_MEMORY;
- }
+ if (state->req_data_sent == 0) {
+ flags = RPC_FLG_FIRST;
+ }
- /* Copy the sign/seal padding data. */
- if (ss_padding) {
- if (!prs_copy_data_in(&outgoing_pdu, pad, ss_padding)) {
- prs_mem_free(&outgoing_pdu);
- return NT_STATUS_NO_MEMORY;
- }
- }
+ if (data_sent_thistime == data_left) {
+ flags |= RPC_FLG_LAST;
+ }
- /* Generate any auth sign/seal and add the auth footer. */
- if (auth_len) {
- switch (cli->auth.auth_type) {
- case PIPE_AUTH_TYPE_NONE:
- break;
- case PIPE_AUTH_TYPE_NTLMSSP:
- case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- ret = add_ntlmssp_auth_footer(cli, &hdr, ss_padding, &outgoing_pdu);
- if (!NT_STATUS_IS_OK(ret)) {
- prs_mem_free(&outgoing_pdu);
- return ret;
- }
- break;
- case PIPE_AUTH_TYPE_SCHANNEL:
- ret = add_schannel_auth_footer(cli, &hdr, ss_padding, &outgoing_pdu);
- if (!NT_STATUS_IS_OK(ret)) {
- prs_mem_free(&outgoing_pdu);
- return ret;
- }
- break;
- default:
- smb_panic("bad auth type");
- break; /* notreached */
- }
- }
+ if (!prs_set_offset(&state->outgoing_frag, 0)) {
+ return NT_STATUS_NO_MEMORY;
+ }
- /* Actually send the packet. */
- if (flags & RPC_FLG_LAST) {
- /* Last packet - send the data, get the reply and return. */
- ret = rpc_api_pipe(cli, &outgoing_pdu, out_data, RPC_RESPONSE);
- prs_mem_free(&outgoing_pdu);
-
- if (DEBUGLEVEL >= 50) {
- char *dump_name = NULL;
- /* Also capture received data */
- if (asprintf(&dump_name, "%s/reply_%s_%d",
- get_dyn_LOGFILEBASE(), cli->pipe_name,
- op_num) > 0) {
- prs_dump(dump_name, op_num, out_data);
- SAFE_FREE(dump_name);
- }
- }
+ /* Create and marshall the header and request header. */
+ init_rpc_hdr(&hdr, RPC_REQUEST, flags, state->call_id, frag_len,
+ auth_len);
- return ret;
- } else {
- /* More packets to come - write and continue. */
- ssize_t num_written = cli_write(cli->cli, cli->fnum, 8, /* 8 means message mode. */
- prs_data_p(&outgoing_pdu),
- (off_t)0,
- (size_t)hdr.frag_len);
-
- if (num_written != hdr.frag_len) {
- prs_mem_free(&outgoing_pdu);
- return cli_get_nt_error(cli->cli);
- }
- }
+ if (!smb_io_rpc_hdr("hdr ", &hdr, &state->outgoing_frag, 0)) {
+ return NT_STATUS_NO_MEMORY;
+ }
- current_data_offset += data_sent_thistime;
- data_left -= data_sent_thistime;
+ /* Create the rpc request RPC_HDR_REQ */
+ init_rpc_hdr_req(&hdr_req, prs_offset(state->req_data),
+ state->op_num);
- /* Reset the marshalling position back to zero. */
- if (!prs_set_offset(&outgoing_pdu, 0)) {
- prs_mem_free(&outgoing_pdu);
- return NT_STATUS_NO_MEMORY;
+ if (!smb_io_rpc_hdr_req("hdr_req", &hdr_req,
+ &state->outgoing_frag, 0)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Copy in the data, plus any ss padding. */
+ if (!prs_append_some_prs_data(&state->outgoing_frag,
+ state->req_data, state->req_data_sent,
+ data_sent_thistime)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Copy the sign/seal padding data. */
+ if (!prs_copy_data_in(&state->outgoing_frag, pad, ss_padding)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Generate any auth sign/seal and add the auth footer. */
+ switch (state->cli->auth->auth_type) {
+ case PIPE_AUTH_TYPE_NONE:
+ status = NT_STATUS_OK;
+ break;
+ case PIPE_AUTH_TYPE_NTLMSSP:
+ case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+ status = add_ntlmssp_auth_footer(state->cli, &hdr, ss_padding,
+ &state->outgoing_frag);
+ break;
+ case PIPE_AUTH_TYPE_SCHANNEL:
+ status = add_schannel_auth_footer(state->cli, &hdr, ss_padding,
+ &state->outgoing_frag);
+ break;
+ default:
+ status = NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ state->req_data_sent += data_sent_thistime;
+ *is_last_frag = ((flags & RPC_FLG_LAST) != 0);
+
+ return status;
+}
+
+static void rpc_api_pipe_req_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_api_pipe_req_state *state = tevent_req_data(
+ req, struct rpc_api_pipe_req_state);
+ NTSTATUS status;
+ bool is_last_frag;
+
+ status = rpc_write_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ status = prepare_next_frag(state, &is_last_frag);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (is_last_frag) {
+ subreq = rpc_api_pipe_send(state, state->ev, state->cli,
+ &state->outgoing_frag,
+ RPC_RESPONSE);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, rpc_api_pipe_req_done, req);
+ } else {
+ subreq = rpc_write_send(
+ state, state->ev,
+ state->cli->transport,
+ (uint8_t *)prs_data_p(&state->outgoing_frag),
+ prs_offset(&state->outgoing_frag));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
}
+ tevent_req_set_callback(subreq, rpc_api_pipe_req_write_done,
+ req);
}
}
+
+static void rpc_api_pipe_req_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_api_pipe_req_state *state = tevent_req_data(
+ req, struct rpc_api_pipe_req_state);
+ NTSTATUS status;
+
+ status = rpc_api_pipe_recv(subreq, state, &state->reply_pdu);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ prs_struct *reply_pdu)
+{
+ struct rpc_api_pipe_req_state *state = tevent_req_data(
+ req, struct rpc_api_pipe_req_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ /*
+ * We always have to initialize to reply pdu, even if there is
+ * none. The rpccli_* caller routines expect this.
+ */
+ prs_init_empty(reply_pdu, mem_ctx, UNMARSHALL);
+ return status;
+ }
+
+ *reply_pdu = state->reply_pdu;
+ reply_pdu->mem_ctx = mem_ctx;
+
+ /*
+ * Prevent state->req_pdu from being freed in
+ * rpc_api_pipe_req_state_destructor()
+ */
+ prs_init_empty(&state->reply_pdu, state, UNMARSHALL);
+
+ return NT_STATUS_OK;
+}
+
#if 0
/****************************************************************************
Set the handle state.
Check the rpc bind acknowledge response.
****************************************************************************/
-static bool valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
-{
- if ( pipe_idx >= PI_MAX_PIPES ) {
- DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
- pipe_idx));
- return False;
- }
-
- DEBUG(5,("Bind Abstract Syntax: "));
- dump_data(5, (uint8 *)&pipe_names[pipe_idx].abstr_syntax,
- sizeof(pipe_names[pipe_idx].abstr_syntax));
- DEBUG(5,("Bind Transfer Syntax: "));
- dump_data(5, (uint8 *)&pipe_names[pipe_idx].trans_syntax,
- sizeof(pipe_names[pipe_idx].trans_syntax));
-
- /* copy the required syntaxes out so we can do the right bind */
-
- *transfer = *pipe_names[pipe_idx].trans_syntax;
- *abstract = *pipe_names[pipe_idx].abstr_syntax;
-
- return True;
-}
-
-/****************************************************************************
- Check the rpc bind acknowledge response.
-****************************************************************************/
-
-static bool check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
+static bool check_bind_response(RPC_HDR_BA *hdr_ba,
+ const struct ndr_syntax_id *transfer)
{
if ( hdr_ba->addr.len == 0) {
DEBUG(4,("Ignoring length check -- ASU bug (server didn't fill in the pipe name correctly)"));
}
-# if 0 /* JERRY -- apparently ASU forgets to fill in the server pipe name sometimes */
- if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].client_pipe) &&
- !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe) )
- {
- DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
- pipe_names[i].server_pipe ,hdr_ba->addr.str));
- return False;
- }
-
- DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
-
- if (pipe_names[pipe_idx].server_pipe == NULL) {
- DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
- return False;
- }
-#endif /* JERRY */
-
/* check the transfer syntax */
if ((hdr_ba->transfer.if_version != transfer->if_version) ||
(memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
init_rpc_hdr(&hdr, RPC_AUTH3, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id,
RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + pauth_blob->length,
pauth_blob->length );
-
+
/* Marshall it. */
if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
DEBUG(0,("create_rpc_bind_auth3: failed to marshall RPC_HDR.\n"));
return NT_STATUS_OK;
}
-/****************************************************************************
- Create and send the third packet in an RPC auth.
-****************************************************************************/
-
-static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli,
- RPC_HDR *phdr,
- prs_struct *rbuf,
- uint32 rpc_call_id,
- enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level)
-{
- DATA_BLOB server_response = data_blob_null;
- DATA_BLOB client_reply = data_blob_null;
- RPC_HDR_AUTH hdr_auth;
- NTSTATUS nt_status;
- prs_struct rpc_out;
- ssize_t ret;
-
- if (!phdr->auth_len || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* Process the returned NTLMSSP blob first. */
- if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* TODO - check auth_type/auth_level match. */
-
- server_response = data_blob(NULL, phdr->auth_len);
- prs_copy_data_out((char *)server_response.data, rbuf, phdr->auth_len);
-
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
- server_response,
- &client_reply);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n"));
- data_blob_free(&server_response);
- return nt_status;
- }
-
- prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL);
-
- nt_status = create_rpc_bind_auth3(cli, rpc_call_id,
- auth_type, auth_level,
- &client_reply, &rpc_out);
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- prs_mem_free(&rpc_out);
- data_blob_free(&client_reply);
- data_blob_free(&server_response);
- return nt_status;
- }
-
- /* 8 here is named pipe message mode. */
- ret = cli_write(cli->cli, cli->fnum, 0x8, prs_data_p(&rpc_out), 0,
- (size_t)prs_offset(&rpc_out));
-
- if (ret != (ssize_t)prs_offset(&rpc_out)) {
- DEBUG(0,("rpc_send_auth_auth3: cli_write failed. Return was %d\n", (int)ret));
- prs_mem_free(&rpc_out);
- data_blob_free(&client_reply);
- data_blob_free(&server_response);
- return cli_get_nt_error(cli->cli);
- }
-
- DEBUG(5,("rpc_send_auth_auth3: Remote machine %s pipe %s "
- "fnum 0x%x sent auth3 response ok.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
-
- prs_mem_free(&rpc_out);
- data_blob_free(&client_reply);
- data_blob_free(&server_response);
- return NT_STATUS_OK;
-}
-
/*******************************************************************
Creates a DCE/RPC bind alter context authentication request which
may contain a spnego auth blobl
********************************************************************/
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
- RPC_IFACE *abstract,
- RPC_IFACE *transfer,
+ const struct ndr_syntax_id *abstract,
+ const struct ndr_syntax_id *transfer,
enum pipe_auth_level auth_level,
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
prs_struct *rpc_out)
return ret;
}
-/*******************************************************************
- Third leg of the SPNEGO bind mechanism - sends alter context PDU
- and gets a response.
- ********************************************************************/
+/****************************************************************************
+ Do an rpc bind.
+****************************************************************************/
-static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli,
- RPC_HDR *phdr,
- prs_struct *rbuf,
- uint32 rpc_call_id,
- RPC_IFACE *abstract,
- RPC_IFACE *transfer,
- enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level)
-{
- DATA_BLOB server_spnego_response = data_blob_null;
- DATA_BLOB server_ntlm_response = data_blob_null;
- DATA_BLOB client_reply = data_blob_null;
- DATA_BLOB tmp_blob = data_blob_null;
- RPC_HDR_AUTH hdr_auth;
- NTSTATUS nt_status;
+struct rpc_pipe_bind_state {
+ struct event_context *ev;
+ struct rpc_pipe_client *cli;
prs_struct rpc_out;
+ uint32_t rpc_call_id;
+};
- if (!phdr->auth_len || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+static int rpc_pipe_bind_state_destructor(struct rpc_pipe_bind_state *state)
+{
+ prs_mem_free(&state->rpc_out);
+ return 0;
+}
- /* Process the returned NTLMSSP blob first. */
- if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
+static NTSTATUS rpc_finish_auth3_bind_send(struct tevent_req *req,
+ struct rpc_pipe_bind_state *state,
+ struct rpc_hdr_info *phdr,
+ prs_struct *reply_pdu);
+static void rpc_bind_auth3_write_done(struct tevent_req *subreq);
+static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req,
+ struct rpc_pipe_bind_state *state,
+ struct rpc_hdr_info *phdr,
+ prs_struct *reply_pdu);
+static void rpc_bind_ntlmssp_api_done(struct tevent_req *subreq);
+
+struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct rpc_pipe_client *cli,
+ struct cli_pipe_auth_data *auth)
+{
+ struct tevent_req *req, *subreq;
+ struct rpc_pipe_bind_state *state;
+ NTSTATUS status;
- if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) {
- return NT_STATUS_INVALID_PARAMETER;
+ req = tevent_req_create(mem_ctx, &state, struct rpc_pipe_bind_state);
+ if (req == NULL) {
+ return NULL;
}
- server_spnego_response = data_blob(NULL, phdr->auth_len);
- prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len);
-
- /* The server might give us back two challenges - tmp_blob is for the second. */
- if (!spnego_parse_challenge(server_spnego_response, &server_ntlm_response, &tmp_blob)) {
- data_blob_free(&server_spnego_response);
- data_blob_free(&server_ntlm_response);
- data_blob_free(&tmp_blob);
- return NT_STATUS_INVALID_PARAMETER;
- }
+ DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n",
+ rpccli_pipe_txt(debug_ctx(), cli),
+ (unsigned int)auth->auth_type,
+ (unsigned int)auth->auth_level ));
- /* We're finished with the server spnego response and the tmp_blob. */
- data_blob_free(&server_spnego_response);
- data_blob_free(&tmp_blob);
+ state->ev = ev;
+ state->cli = cli;
+ state->rpc_call_id = get_rpc_call_id();
- nt_status = ntlmssp_update(cli->auth.a_u.ntlmssp_state,
- server_ntlm_response,
- &client_reply);
-
- /* Finished with the server_ntlm response */
- data_blob_free(&server_ntlm_response);
+ prs_init_empty(&state->rpc_out, state, MARSHALL);
+ talloc_set_destructor(state, rpc_pipe_bind_state_destructor);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0,("rpc_finish_spnego_ntlmssp_bind: NTLMSSP update using server blob failed.\n"));
- data_blob_free(&client_reply);
- return nt_status;
- }
+ cli->auth = talloc_move(cli, &auth);
- /* SPNEGO wrap the client reply. */
- tmp_blob = spnego_gen_auth(client_reply);
- data_blob_free(&client_reply);
- client_reply = tmp_blob;
- tmp_blob = data_blob_null; /* Ensure it's safe to free this just in case. */
+ /* Marshall the outgoing data. */
+ status = create_rpc_bind_req(cli, &state->rpc_out,
+ state->rpc_call_id,
+ &cli->abstract_syntax,
+ &cli->transfer_syntax,
+ cli->auth->auth_type,
+ cli->auth->auth_level);
- /* Now prepare the alter context pdu. */
- prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto post_status;
+ }
- nt_status = create_rpc_alter_context(rpc_call_id,
- abstract,
- transfer,
- auth_level,
- &client_reply,
- &rpc_out);
+ subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out,
+ RPC_BINDACK);
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, rpc_pipe_bind_step_one_done, req);
+ return req;
+
+ post_status:
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
+
+static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_pipe_bind_state *state = tevent_req_data(
+ req, struct rpc_pipe_bind_state);
+ prs_struct reply_pdu;
+ struct rpc_hdr_info hdr;
+ struct rpc_hdr_ba_info hdr_ba;
+ NTSTATUS status;
+
+ status = rpc_api_pipe_recv(subreq, talloc_tos(), &reply_pdu);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("rpc_pipe_bind: %s bind request returned %s\n",
+ rpccli_pipe_txt(debug_ctx(), state->cli),
+ nt_errstr(status)));
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ /* Unmarshall the RPC header */
+ if (!smb_io_rpc_hdr("hdr", &hdr, &reply_pdu, 0)) {
+ DEBUG(0, ("rpc_pipe_bind: failed to unmarshall RPC_HDR.\n"));
+ prs_mem_free(&reply_pdu);
+ tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
+ return;
+ }
+
+ if (!smb_io_rpc_hdr_ba("", &hdr_ba, &reply_pdu, 0)) {
+ DEBUG(0, ("rpc_pipe_bind: Failed to unmarshall "
+ "RPC_HDR_BA.\n"));
+ prs_mem_free(&reply_pdu);
+ tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
+ return;
+ }
+
+ if (!check_bind_response(&hdr_ba, &state->cli->transfer_syntax)) {
+ DEBUG(2, ("rpc_pipe_bind: check_bind_response failed.\n"));
+ prs_mem_free(&reply_pdu);
+ tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
+ return;
+ }
+
+ state->cli->max_xmit_frag = hdr_ba.bba.max_tsize;
+ state->cli->max_recv_frag = hdr_ba.bba.max_rsize;
+
+ /*
+ * For authenticated binds we may need to do 3 or 4 leg binds.
+ */
+
+ switch(state->cli->auth->auth_type) {
+
+ case PIPE_AUTH_TYPE_NONE:
+ case PIPE_AUTH_TYPE_SCHANNEL:
+ /* Bind complete. */
+ prs_mem_free(&reply_pdu);
+ tevent_req_done(req);
+ break;
+
+ case PIPE_AUTH_TYPE_NTLMSSP:
+ /* Need to send AUTH3 packet - no reply. */
+ status = rpc_finish_auth3_bind_send(req, state, &hdr,
+ &reply_pdu);
+ prs_mem_free(&reply_pdu);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ }
+ break;
+
+ case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+ /* Need to send alter context request and reply. */
+ status = rpc_finish_spnego_ntlmssp_bind_send(req, state, &hdr,
+ &reply_pdu);
+ prs_mem_free(&reply_pdu);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ }
+ break;
+
+ case PIPE_AUTH_TYPE_KRB5:
+ /* */
+
+ default:
+ DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
+ (unsigned int)state->cli->auth->auth_type));
+ prs_mem_free(&reply_pdu);
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ }
+}
+static NTSTATUS rpc_finish_auth3_bind_send(struct tevent_req *req,
+ struct rpc_pipe_bind_state *state,
+ struct rpc_hdr_info *phdr,
+ prs_struct *reply_pdu)
+{
+ DATA_BLOB server_response = data_blob_null;
+ DATA_BLOB client_reply = data_blob_null;
+ struct rpc_hdr_auth_info hdr_auth;
+ struct tevent_req *subreq;
+ NTSTATUS status;
+
+ if ((phdr->auth_len == 0)
+ || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!prs_set_offset(
+ reply_pdu,
+ phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, reply_pdu, 0)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* TODO - check auth_type/auth_level match. */
+
+ server_response = data_blob_talloc(talloc_tos(), NULL, phdr->auth_len);
+ prs_copy_data_out((char *)server_response.data, reply_pdu,
+ phdr->auth_len);
+
+ status = ntlmssp_update(state->cli->auth->a_u.ntlmssp_state,
+ server_response, &client_reply);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpc_finish_auth3_bind: NTLMSSP update using server "
+ "blob failed: %s.\n", nt_errstr(status)));
+ return status;
+ }
+
+ prs_init_empty(&state->rpc_out, talloc_tos(), MARSHALL);
+
+ status = create_rpc_bind_auth3(state->cli, state->rpc_call_id,
+ state->cli->auth->auth_type,
+ state->cli->auth->auth_level,
+ &client_reply, &state->rpc_out);
data_blob_free(&client_reply);
- if (!NT_STATUS_IS_OK(nt_status)) {
- prs_mem_free(&rpc_out);
- return nt_status;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ subreq = rpc_write_send(state, state->ev, state->cli->transport,
+ (uint8_t *)prs_data_p(&state->rpc_out),
+ prs_offset(&state->rpc_out));
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
}
+ tevent_req_set_callback(subreq, rpc_bind_auth3_write_done, req);
+ return NT_STATUS_OK;
+}
- /* Initialize the returning data struct. */
- prs_mem_free(rbuf);
- prs_init_empty(rbuf, talloc_tos(), UNMARSHALL);
+static void rpc_bind_auth3_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
- nt_status = rpc_api_pipe(cli, &rpc_out, rbuf, RPC_ALTCONTRESP);
- if (!NT_STATUS_IS_OK(nt_status)) {
- prs_mem_free(&rpc_out);
- return nt_status;
+ status = rpc_write_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
}
+ tevent_req_done(req);
+}
- prs_mem_free(&rpc_out);
+static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req,
+ struct rpc_pipe_bind_state *state,
+ struct rpc_hdr_info *phdr,
+ prs_struct *reply_pdu)
+{
+ DATA_BLOB server_spnego_response = data_blob_null;
+ DATA_BLOB server_ntlm_response = data_blob_null;
+ DATA_BLOB client_reply = data_blob_null;
+ DATA_BLOB tmp_blob = data_blob_null;
+ RPC_HDR_AUTH hdr_auth;
+ struct tevent_req *subreq;
+ NTSTATUS status;
- /* Get the auth blob from the reply. */
- if(!smb_io_rpc_hdr("rpc_hdr ", phdr, rbuf, 0)) {
- DEBUG(0,("rpc_finish_spnego_ntlmssp_bind: Failed to unmarshall RPC_HDR.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
+ if ((phdr->auth_len == 0)
+ || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) {
+ return NT_STATUS_INVALID_PARAMETER;
}
- if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) {
+ /* Process the returned NTLMSSP blob first. */
+ if (!prs_set_offset(
+ reply_pdu,
+ phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) {
return NT_STATUS_INVALID_PARAMETER;
}
- if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) {
+ if (!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, reply_pdu, 0)) {
return NT_STATUS_INVALID_PARAMETER;
}
server_spnego_response = data_blob(NULL, phdr->auth_len);
- prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len);
+ prs_copy_data_out((char *)server_spnego_response.data,
+ reply_pdu, phdr->auth_len);
- /* Check we got a valid auth response. */
- if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) {
+ /*
+ * The server might give us back two challenges - tmp_blob is for the
+ * second.
+ */
+ if (!spnego_parse_challenge(server_spnego_response,
+ &server_ntlm_response, &tmp_blob)) {
data_blob_free(&server_spnego_response);
+ data_blob_free(&server_ntlm_response);
data_blob_free(&tmp_blob);
return NT_STATUS_INVALID_PARAMETER;
}
+ /* We're finished with the server spnego response and the tmp_blob. */
+ data_blob_free(&server_spnego_response);
+ data_blob_free(&tmp_blob);
+
+ status = ntlmssp_update(state->cli->auth->a_u.ntlmssp_state,
+ server_ntlm_response, &client_reply);
+
+ /* Finished with the server_ntlm response */
+ data_blob_free(&server_ntlm_response);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpc_finish_spnego_ntlmssp_bind: NTLMSSP update "
+ "using server blob failed.\n"));
+ data_blob_free(&client_reply);
+ return status;
+ }
+
+ /* SPNEGO wrap the client reply. */
+ tmp_blob = spnego_gen_auth(client_reply);
+ data_blob_free(&client_reply);
+ client_reply = tmp_blob;
+ tmp_blob = data_blob_null;
+
+ /* Now prepare the alter context pdu. */
+ prs_init_empty(&state->rpc_out, state, MARSHALL);
+
+ status = create_rpc_alter_context(state->rpc_call_id,
+ &state->cli->abstract_syntax,
+ &state->cli->transfer_syntax,
+ state->cli->auth->auth_level,
+ &client_reply,
+ &state->rpc_out);
+ data_blob_free(&client_reply);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ subreq = rpc_api_pipe_send(state, state->ev, state->cli,
+ &state->rpc_out, RPC_ALTCONTRESP);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ tevent_req_set_callback(subreq, rpc_bind_ntlmssp_api_done, req);
+ return NT_STATUS_OK;
+}
+
+static void rpc_bind_ntlmssp_api_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct rpc_pipe_bind_state *state = tevent_req_data(
+ req, struct rpc_pipe_bind_state);
+ DATA_BLOB server_spnego_response = data_blob_null;
+ DATA_BLOB tmp_blob = data_blob_null;
+ prs_struct reply_pdu;
+ struct rpc_hdr_info hdr;
+ struct rpc_hdr_auth_info hdr_auth;
+ NTSTATUS status;
+
+ status = rpc_api_pipe_recv(subreq, talloc_tos(), &reply_pdu);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ /* Get the auth blob from the reply. */
+ if (!smb_io_rpc_hdr("rpc_hdr ", &hdr, &reply_pdu, 0)) {
+ DEBUG(0, ("rpc_finish_spnego_ntlmssp_bind: Failed to "
+ "unmarshall RPC_HDR.\n"));
+ tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
+ return;
+ }
+
+ if (!prs_set_offset(
+ &reply_pdu,
+ hdr.frag_len - hdr.auth_len - RPC_HDR_AUTH_LEN)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ if (!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &reply_pdu, 0)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ server_spnego_response = data_blob(NULL, hdr.auth_len);
+ prs_copy_data_out((char *)server_spnego_response.data, &reply_pdu,
+ hdr.auth_len);
+
+ /* Check we got a valid auth response. */
+ if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK,
+ OID_NTLMSSP, &tmp_blob)) {
+ data_blob_free(&server_spnego_response);
+ data_blob_free(&tmp_blob);
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
data_blob_free(&server_spnego_response);
data_blob_free(&tmp_blob);
DEBUG(5,("rpc_finish_spnego_ntlmssp_bind: alter context request to "
- "remote machine %s pipe %s fnum 0x%x.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
+ "%s.\n", rpccli_pipe_txt(debug_ctx(), state->cli)));
+ tevent_req_done(req);
+}
+
+NTSTATUS rpc_pipe_bind_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
+ struct cli_pipe_auth_data *auth)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct event_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ ev = event_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = rpc_pipe_bind_send(frame, ev, cli, auth);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll(req, ev)) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ status = rpc_pipe_bind_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+unsigned int rpccli_set_timeout(struct rpc_pipe_client *rpc_cli,
+ unsigned int timeout)
+{
+ struct cli_state *cli = rpc_pipe_np_smb_conn(rpc_cli);
+
+ if (cli == NULL) {
+ return 0;
+ }
+ return cli_set_timeout(cli, timeout);
+}
+
+bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
+{
+ struct cli_state *cli;
+
+ if ((rpc_cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP)
+ || (rpc_cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)) {
+ memcpy(nt_hash, rpc_cli->auth->a_u.ntlmssp_state->nt_hash, 16);
+ return true;
+ }
+
+ cli = rpc_pipe_np_smb_conn(rpc_cli);
+ if (cli == NULL) {
+ return false;
+ }
+ E_md4hash(cli->password ? cli->password : "", nt_hash);
+ return true;
+}
+
+NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
+ struct cli_pipe_auth_data **presult)
+{
+ struct cli_pipe_auth_data *result;
+
+ result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ result->auth_type = PIPE_AUTH_TYPE_NONE;
+ result->auth_level = PIPE_AUTH_LEVEL_NONE;
+ result->user_name = talloc_strdup(result, "");
+ result->domain = talloc_strdup(result, "");
+ if ((result->user_name == NULL) || (result->domain == NULL)) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *presult = result;
return NT_STATUS_OK;
}
-/****************************************************************************
- Do an rpc bind.
-****************************************************************************/
+static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth)
+{
+ ntlmssp_end(&auth->a_u.ntlmssp_state);
+ return 0;
+}
-static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
- enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level)
+NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
+ enum pipe_auth_type auth_type,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct cli_pipe_auth_data **presult)
{
- RPC_HDR hdr;
- RPC_HDR_BA hdr_ba;
- RPC_IFACE abstract;
- RPC_IFACE transfer;
- prs_struct rpc_out;
- prs_struct rbuf;
- uint32 rpc_call_id;
+ struct cli_pipe_auth_data *result;
NTSTATUS status;
- DEBUG(5,("Bind RPC Pipe[%x]: %s auth_type %u, auth_level %u\n",
- (unsigned int)cli->fnum,
- cli->pipe_name,
- (unsigned int)auth_type,
- (unsigned int)auth_level ));
+ result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- if (!valid_pipe_name(cli->pipe_idx, &abstract, &transfer)) {
- return NT_STATUS_INVALID_PARAMETER;
+ result->auth_type = auth_type;
+ result->auth_level = auth_level;
+
+ result->user_name = talloc_strdup(result, username);
+ result->domain = talloc_strdup(result, domain);
+ if ((result->user_name == NULL) || (result->domain == NULL)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
}
- prs_init_empty(&rpc_out, talloc_tos(), MARSHALL);
+ status = ntlmssp_client_start(&result->a_u.ntlmssp_state);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
- rpc_call_id = get_rpc_call_id();
+ talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor);
- /* Marshall the outgoing data. */
- status = create_rpc_bind_req(cli, &rpc_out, rpc_call_id,
- &abstract, &transfer,
- auth_type,
- auth_level);
+ status = ntlmssp_set_username(result->a_u.ntlmssp_state, username);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ status = ntlmssp_set_domain(result->a_u.ntlmssp_state, domain);
if (!NT_STATUS_IS_OK(status)) {
- prs_mem_free(&rpc_out);
- return status;
+ goto fail;
+ }
+
+ status = ntlmssp_set_password(result->a_u.ntlmssp_state, password);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /*
+ * Turn off sign+seal to allow selected auth level to turn it back on.
+ */
+ result->a_u.ntlmssp_state->neg_flags &=
+ ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
+
+ if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
+ } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ result->a_u.ntlmssp_state->neg_flags
+ |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
+ }
+
+ *presult = result;
+ return NT_STATUS_OK;
+
+ fail:
+ TALLOC_FREE(result);
+ return status;
+}
+
+NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
+ enum pipe_auth_level auth_level,
+ const uint8_t sess_key[16],
+ struct cli_pipe_auth_data **presult)
+{
+ struct cli_pipe_auth_data *result;
+
+ result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ result->auth_type = PIPE_AUTH_TYPE_SCHANNEL;
+ result->auth_level = auth_level;
+
+ result->user_name = talloc_strdup(result, "");
+ result->domain = talloc_strdup(result, domain);
+ if ((result->user_name == NULL) || (result->domain == NULL)) {
+ goto fail;
+ }
+
+ result->a_u.schannel_auth = talloc(result,
+ struct schannel_auth_struct);
+ if (result->a_u.schannel_auth == NULL) {
+ goto fail;
+ }
+
+ memcpy(result->a_u.schannel_auth->sess_key, sess_key,
+ sizeof(result->a_u.schannel_auth->sess_key));
+ result->a_u.schannel_auth->seq_num = 0;
+
+ *presult = result;
+ return NT_STATUS_OK;
+
+ fail:
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+}
+
+#ifdef HAVE_KRB5
+static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth)
+{
+ data_blob_free(&auth->session_key);
+ return 0;
+}
+#endif
+
+NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
+ enum pipe_auth_level auth_level,
+ const char *service_princ,
+ const char *username,
+ const char *password,
+ struct cli_pipe_auth_data **presult)
+{
+#ifdef HAVE_KRB5
+ struct cli_pipe_auth_data *result;
+
+ if ((username != NULL) && (password != NULL)) {
+ int ret = kerberos_kinit_password(username, password, 0, NULL);
+ if (ret != 0) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ result = talloc(mem_ctx, struct cli_pipe_auth_data);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ result->auth_type = PIPE_AUTH_TYPE_KRB5;
+ result->auth_level = auth_level;
+
+ /*
+ * Username / domain need fixing!
+ */
+ result->user_name = talloc_strdup(result, "");
+ result->domain = talloc_strdup(result, "");
+ if ((result->user_name == NULL) || (result->domain == NULL)) {
+ goto fail;
+ }
+
+ result->a_u.kerberos_auth = TALLOC_ZERO_P(
+ result, struct kerberos_auth_struct);
+ if (result->a_u.kerberos_auth == NULL) {
+ goto fail;
+ }
+ talloc_set_destructor(result->a_u.kerberos_auth,
+ cli_auth_kerberos_data_destructor);
+
+ result->a_u.kerberos_auth->service_principal = talloc_strdup(
+ result, service_princ);
+ if (result->a_u.kerberos_auth->service_principal == NULL) {
+ goto fail;
+ }
+
+ *presult = result;
+ return NT_STATUS_OK;
+
+ fail:
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+#else
+ return NT_STATUS_NOT_SUPPORTED;
+#endif
+}
+
+/**
+ * Create an rpc pipe client struct, connecting to a tcp port.
+ */
+static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
+ uint16_t port,
+ const struct ndr_syntax_id *abstract_syntax,
+ struct rpc_pipe_client **presult)
+{
+ struct rpc_pipe_client *result;
+ struct sockaddr_storage addr;
+ NTSTATUS status;
+ int fd;
+
+ result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ result->abstract_syntax = *abstract_syntax;
+ result->transfer_syntax = ndr_transfer_syntax;
+ result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
+
+ result->desthost = talloc_strdup(result, host);
+ result->srv_name_slash = talloc_asprintf_strupper_m(
+ result, "\\\\%s", result->desthost);
+ if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
}
- /* Initialize the incoming data struct. */
- prs_init_empty(&rbuf, talloc_tos(), UNMARSHALL);
+ result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
- /* send data on \PIPE\. receive a response */
- status = rpc_api_pipe(cli, &rpc_out, &rbuf, RPC_BINDACK);
+ if (!resolve_name(host, &addr, 0, false)) {
+ status = NT_STATUS_NOT_FOUND;
+ goto fail;
+ }
+
+ status = open_socket_out(&addr, port, 60, &fd);
if (!NT_STATUS_IS_OK(status)) {
- prs_mem_free(&rpc_out);
- return status;
+ goto fail;
}
+ set_socket_options(fd, lp_socket_options());
- prs_mem_free(&rpc_out);
+ status = rpc_transport_sock_init(result, fd, &result->transport);
+ if (!NT_STATUS_IS_OK(status)) {
+ close(fd);
+ goto fail;
+ }
- DEBUG(3,("rpc_pipe_bind: Remote machine %s pipe %s "
- "fnum 0x%x bind request returned ok.\n",
- cli->desthost,
- cli->pipe_name,
- (unsigned int)cli->fnum));
+ *presult = result;
+ return NT_STATUS_OK;
- /* Unmarshall the RPC header */
- if(!smb_io_rpc_hdr("hdr" , &hdr, &rbuf, 0)) {
- DEBUG(0,("rpc_pipe_bind: failed to unmarshall RPC_HDR.\n"));
- prs_mem_free(&rbuf);
- return NT_STATUS_BUFFER_TOO_SMALL;
+ fail:
+ TALLOC_FREE(result);
+ return status;
+}
+
+/**
+ * Determine the tcp port on which a dcerpc interface is listening
+ * for the ncacn_ip_tcp transport via the endpoint mapper of the
+ * target host.
+ */
+static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
+ const struct ndr_syntax_id *abstract_syntax,
+ uint16_t *pport)
+{
+ NTSTATUS status;
+ struct rpc_pipe_client *epm_pipe = NULL;
+ struct cli_pipe_auth_data *auth = NULL;
+ struct dcerpc_binding *map_binding = NULL;
+ struct dcerpc_binding *res_binding = NULL;
+ struct epm_twr_t *map_tower = NULL;
+ struct epm_twr_t *res_towers = NULL;
+ struct policy_handle *entry_handle = NULL;
+ uint32_t num_towers = 0;
+ uint32_t max_towers = 1;
+ struct epm_twr_p_t towers;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ if (pport == NULL) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ /* open the connection to the endpoint mapper */
+ status = rpc_pipe_open_tcp_port(tmp_ctx, host, 135,
+ &ndr_table_epmapper.syntax_id,
+ &epm_pipe);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
- if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rbuf, 0)) {
- DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
- prs_mem_free(&rbuf);
- return NT_STATUS_BUFFER_TOO_SMALL;
+ status = rpccli_anon_bind_data(tmp_ctx, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
- if(!check_bind_response(&hdr_ba, cli->pipe_idx, &transfer)) {
- DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
- prs_mem_free(&rbuf);
- return NT_STATUS_BUFFER_TOO_SMALL;
+ status = rpc_pipe_bind(epm_pipe, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
- cli->max_xmit_frag = hdr_ba.bba.max_tsize;
- cli->max_recv_frag = hdr_ba.bba.max_rsize;
+ /* create tower for asking the epmapper */
- /* For authenticated binds we may need to do 3 or 4 leg binds. */
- switch(auth_type) {
+ map_binding = TALLOC_ZERO_P(tmp_ctx, struct dcerpc_binding);
+ if (map_binding == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- case PIPE_AUTH_TYPE_NONE:
- case PIPE_AUTH_TYPE_SCHANNEL:
- /* Bind complete. */
- break;
+ map_binding->transport = NCACN_IP_TCP;
+ map_binding->object = *abstract_syntax;
+ map_binding->host = host; /* needed? */
+ map_binding->endpoint = "0"; /* correct? needed? */
- case PIPE_AUTH_TYPE_NTLMSSP:
- /* Need to send AUTH3 packet - no reply. */
- status = rpc_finish_auth3_bind(cli, &hdr, &rbuf, rpc_call_id,
- auth_type, auth_level);
- if (!NT_STATUS_IS_OK(status)) {
- prs_mem_free(&rbuf);
- return status;
- }
- break;
+ map_tower = TALLOC_ZERO_P(tmp_ctx, struct epm_twr_t);
+ if (map_tower == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- /* Need to send alter context request and reply. */
- status = rpc_finish_spnego_ntlmssp_bind(cli, &hdr, &rbuf, rpc_call_id,
- &abstract, &transfer,
- auth_type, auth_level);
- if (!NT_STATUS_IS_OK(status)) {
- prs_mem_free(&rbuf);
- return status;
- }
- break;
+ status = dcerpc_binding_build_tower(tmp_ctx, map_binding,
+ &(map_tower->tower));
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ /* allocate further parameters for the epm_Map call */
+
+ res_towers = TALLOC_ARRAY(tmp_ctx, struct epm_twr_t, max_towers);
+ if (res_towers == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ towers.twr = res_towers;
+
+ entry_handle = TALLOC_ZERO_P(tmp_ctx, struct policy_handle);
+ if (entry_handle == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* ask the endpoint mapper for the port */
+
+ status = rpccli_epm_Map(epm_pipe,
+ tmp_ctx,
+ CONST_DISCARD(struct GUID *,
+ &(abstract_syntax->uuid)),
+ map_tower,
+ entry_handle,
+ max_towers,
+ &num_towers,
+ &towers);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (num_towers != 1) {
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ /* extract the port from the answer */
+
+ status = dcerpc_binding_from_tower(tmp_ctx,
+ &(towers.twr->tower),
+ &res_binding);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ /* are further checks here necessary? */
+ if (res_binding->transport != NCACN_IP_TCP) {
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ *pport = (uint16_t)atoi(res_binding->endpoint);
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
+}
+
+/**
+ * Create a rpc pipe client struct, connecting to a host via tcp.
+ * The port is determined by asking the endpoint mapper on the given
+ * host.
+ */
+NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
+ const struct ndr_syntax_id *abstract_syntax,
+ struct rpc_pipe_client **presult)
+{
+ NTSTATUS status;
+ uint16_t port = 0;
+
+ *presult = NULL;
+
+ status = rpc_pipe_get_tcp_port(host, abstract_syntax, &port);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = rpc_pipe_open_tcp_port(mem_ctx, host, port,
+ abstract_syntax, presult);
+
+done:
+ return status;
+}
+
+/********************************************************************
+ Create a rpc pipe client struct, connecting to a unix domain socket
+ ********************************************************************/
+NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path,
+ const struct ndr_syntax_id *abstract_syntax,
+ struct rpc_pipe_client **presult)
+{
+ struct rpc_pipe_client *result;
+ struct sockaddr_un addr;
+ NTSTATUS status;
+ int fd;
+
+ result = talloc_zero(mem_ctx, struct rpc_pipe_client);
+ if (result == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ result->abstract_syntax = *abstract_syntax;
+ result->transfer_syntax = ndr_transfer_syntax;
+ result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
+
+ result->desthost = get_myname(result);
+ result->srv_name_slash = talloc_asprintf_strupper_m(
+ result, "\\\\%s", result->desthost);
+ if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
- case PIPE_AUTH_TYPE_KRB5:
- /* */
+ result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
- default:
- DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
- (unsigned int)auth_type ));
- prs_mem_free(&rbuf);
- return NT_STATUS_INVALID_INFO_CLASS;
+ fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (fd == -1) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
}
- /* For NTLMSSP ensure the server gave us the auth_level we wanted. */
- if (auth_type == PIPE_AUTH_TYPE_NTLMSSP || auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
- if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
- DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP signing and server refused.\n"));
- prs_mem_free(&rbuf);
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
- if (!(cli->auth.a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
- DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP sealing and server refused.\n"));
- prs_mem_free(&rbuf);
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
+ ZERO_STRUCT(addr);
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
- /* Pipe is bound - set up auth_type and auth_level data. */
+ if (sys_connect(fd, (struct sockaddr *)(void *)&addr) == -1) {
+ DEBUG(0, ("connect(%s) failed: %s\n", socket_path,
+ strerror(errno)));
+ close(fd);
+ return map_nt_error_from_unix(errno);
+ }
- cli->auth.auth_type = auth_type;
- cli->auth.auth_level = auth_level;
+ status = rpc_transport_sock_init(result, fd, &result->transport);
+ if (!NT_STATUS_IS_OK(status)) {
+ close(fd);
+ goto fail;
+ }
- prs_mem_free(&rbuf);
+ *presult = result;
return NT_STATUS_OK;
+
+ fail:
+ TALLOC_FREE(result);
+ return status;
}
-unsigned int rpccli_set_timeout(struct rpc_pipe_client *cli,
- unsigned int timeout)
+static int rpc_pipe_client_np_destructor(struct rpc_pipe_client *p)
{
- return cli_set_timeout(cli->cli, timeout);
+ struct cli_state *cli;
+
+ cli = rpc_pipe_np_smb_conn(p);
+ if (cli != NULL) {
+ DLIST_REMOVE(cli->pipe_list, p);
+ }
+ return 0;
}
/****************************************************************************
*
****************************************************************************/
-static struct rpc_pipe_client *cli_rpc_pipe_open(struct cli_state *cli, int pipe_idx, NTSTATUS *perr)
+static NTSTATUS rpc_pipe_open_np(struct cli_state *cli,
+ const struct ndr_syntax_id *abstract_syntax,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
- int fnum;
-
- *perr = NT_STATUS_NO_MEMORY;
+ NTSTATUS status;
/* sanity check to protect against crashes */
if ( !cli ) {
- *perr = NT_STATUS_INVALID_HANDLE;
- return NULL;
+ return NT_STATUS_INVALID_HANDLE;
}
- /* The pipe name index must fall within our array */
- SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
-
result = TALLOC_ZERO_P(NULL, struct rpc_pipe_client);
if (result == NULL) {
- return NULL;
- }
-
- result->pipe_name = cli_get_pipe_name(pipe_idx);
-
- fnum = cli_nt_create(cli, result->pipe_name, DESIRED_ACCESS_PIPE);
-
- if (fnum == -1) {
- DEBUG(1,("cli_rpc_pipe_open: cli_nt_create failed on pipe %s "
- "to machine %s. Error was %s\n",
- result->pipe_name, cli->desthost,
- cli_errstr(cli)));
- *perr = cli_get_nt_error(cli);
- talloc_destroy(result);
- return NULL;
+ return NT_STATUS_NO_MEMORY;
}
- result->fnum = fnum;
- result->cli = cli;
- result->pipe_idx = pipe_idx;
- result->auth.auth_type = PIPE_AUTH_TYPE_NONE;
- result->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
-
+ result->abstract_syntax = *abstract_syntax;
+ result->transfer_syntax = ndr_transfer_syntax;
+ result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = talloc_strdup(result, cli->desthost);
- if (result->desthost == NULL) {
- TALLOC_FREE(result);
- return NULL;
- }
-
result->srv_name_slash = talloc_asprintf_strupper_m(
result, "\\\\%s", result->desthost);
- if (result->srv_name_slash == NULL) {
+
+ result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
+
+ if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
TALLOC_FREE(result);
- return NULL;
+ return NT_STATUS_NO_MEMORY;
}
- if (pipe_idx == PI_NETLOGON) {
- /* Set up a netlogon credential chain for a netlogon pipe. */
- result->dc = TALLOC_ZERO_P(result, struct dcinfo);
- if (result->dc == NULL) {
- talloc_destroy(result);
- return NULL;
- }
+ status = rpc_transport_np_init(result, cli, abstract_syntax,
+ &result->transport);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(result);
+ return status;
}
DLIST_ADD(cli->pipe_list, result);
- *perr = NT_STATUS_OK;
+ talloc_set_destructor(result, rpc_pipe_client_np_destructor);
- return result;
+ *presult = result;
+ return NT_STATUS_OK;
}
-/****************************************************************************
- Open a named pipe to an SMB server and bind anonymously.
- ****************************************************************************/
-
-struct rpc_pipe_client *cli_rpc_pipe_open_noauth(struct cli_state *cli, int pipe_idx, NTSTATUS *perr)
+NTSTATUS rpc_pipe_open_local(TALLOC_CTX *mem_ctx,
+ struct rpc_cli_smbd_conn *conn,
+ const struct ndr_syntax_id *syntax,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
+ struct cli_pipe_auth_data *auth;
+ NTSTATUS status;
- result = cli_rpc_pipe_open(cli, pipe_idx, perr);
+ result = talloc(mem_ctx, struct rpc_pipe_client);
if (result == NULL) {
- return NULL;
+ return NT_STATUS_NO_MEMORY;
}
+ result->abstract_syntax = *syntax;
+ result->transfer_syntax = ndr_transfer_syntax;
+ result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
+ result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
- result->domain = talloc_strdup(result, cli->domain);
- result->user_name = talloc_strdup(result, cli->user_name);
+ result->desthost = talloc_strdup(result, global_myname());
+ result->srv_name_slash = talloc_asprintf_strupper_m(
+ result, "\\\\%s", global_myname());
+ if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
- if ((result->domain == NULL) || (result->user_name == NULL)) {
- *perr = NT_STATUS_NO_MEMORY;
- cli_rpc_pipe_close(result);
- return NULL;
+ status = rpc_transport_smbd_init(result, conn, syntax,
+ &result->transport);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("rpc_transport_smbd_init failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
}
- *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_NONE, PIPE_AUTH_LEVEL_NONE);
- if (!NT_STATUS_IS_OK(*perr)) {
- int lvl = 0;
- if (pipe_idx == PI_DSSETUP) {
- /* non AD domains just don't have this pipe, avoid
- * level 0 statement in that case - gd */
- lvl = 3;
- }
- DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe %s failed with error %s\n",
- cli_get_pipe_name(pipe_idx), nt_errstr(*perr) ));
- cli_rpc_pipe_close(result);
- return NULL;
+ status = rpccli_anon_bind_data(result, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("rpccli_anon_bind_data failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
}
- DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine %s and bound anonymously.\n",
- result->pipe_name, cli->desthost ));
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("rpc_pipe_bind failed: %s\n", nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
+ }
- return result;
+ *presult = result;
+ return NT_STATUS_OK;
}
/****************************************************************************
- Free function for NTLMSSP auth.
+ Open a pipe to a remote server.
****************************************************************************/
-static void cli_ntlmssp_auth_free(struct cli_pipe_auth_data *auth)
+static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
{
- if (auth->a_u.ntlmssp_state) {
- ntlmssp_end(&auth->a_u.ntlmssp_state);
- auth->a_u.ntlmssp_state = NULL;
+ if (ndr_syntax_id_equal(interface, &ndr_table_drsuapi.syntax_id)) {
+ /*
+ * We should have a better way to figure out this drsuapi
+ * speciality...
+ */
+ return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
+ presult);
}
+
+ return rpc_pipe_open_np(cli, interface, presult);
}
/****************************************************************************
- Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
+ Open a named pipe to an SMB server and bind anonymously.
****************************************************************************/
-static struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
- const char *domain,
- const char *username,
- const char *password,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
- NTLMSSP_STATE *ntlmssp_state = NULL;
+ struct cli_pipe_auth_data *auth;
+ NTSTATUS status;
- result = cli_rpc_pipe_open(cli, pipe_idx, perr);
- if (result == NULL) {
- return NULL;
+ status = cli_rpc_pipe_open(cli, interface, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
- result->auth.cli_auth_data_free_func = cli_ntlmssp_auth_free;
- result->domain = talloc_strdup(result, domain);
- result->user_name = talloc_strdup(result, username);
-
- if ((result->domain == NULL) || (result->user_name == NULL)) {
- *perr = NT_STATUS_NO_MEMORY;
- goto err;
+ status = rpccli_anon_bind_data(result, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpccli_anon_bind_data returned %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
}
- pwd_set_cleartext(&result->pwd, password);
-
- *perr = ntlmssp_client_start(&ntlmssp_state);
- if (!NT_STATUS_IS_OK(*perr)) {
- goto err;
- }
+ /*
+ * This is a bit of an abstraction violation due to the fact that an
+ * anonymous bind on an authenticated SMB inherits the user/domain
+ * from the enclosing SMB creds
+ */
- result->auth.a_u.ntlmssp_state = ntlmssp_state;
+ TALLOC_FREE(auth->user_name);
+ TALLOC_FREE(auth->domain);
- *perr = ntlmssp_set_username(ntlmssp_state, username);
- if (!NT_STATUS_IS_OK(*perr)) {
- goto err;
- }
+ auth->user_name = talloc_strdup(auth, cli->user_name);
+ auth->domain = talloc_strdup(auth, cli->domain);
+ auth->user_session_key = data_blob_talloc(auth,
+ cli->user_session_key.data,
+ cli->user_session_key.length);
- *perr = ntlmssp_set_domain(ntlmssp_state, domain);
- if (!NT_STATUS_IS_OK(*perr)) {
- goto err;
+ if ((auth->user_name == NULL) || (auth->domain == NULL)) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
}
- if (cli->pwd.null_pwd) {
- *perr = ntlmssp_set_password(ntlmssp_state, NULL);
- if (!NT_STATUS_IS_OK(*perr)) {
- goto err;
- }
- } else {
- *perr = ntlmssp_set_password(ntlmssp_state, password);
- if (!NT_STATUS_IS_OK(*perr)) {
- goto err;
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ int lvl = 0;
+ if (ndr_syntax_id_equal(interface,
+ &ndr_table_dssetup.syntax_id)) {
+ /* non AD domains just don't have this pipe, avoid
+ * level 0 statement in that case - gd */
+ lvl = 3;
}
+ DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe "
+ "%s failed with error %s\n",
+ get_pipe_name_from_iface(interface),
+ nt_errstr(status) ));
+ TALLOC_FREE(result);
+ return status;
}
- /* Turn off sign+seal to allow selected auth level to turn it back on. */
- ntlmssp_state->neg_flags &= ~(NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL);
+ DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine "
+ "%s and bound anonymously.\n",
+ get_pipe_name_from_iface(interface), cli->desthost));
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
- ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
+ *presult = result;
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
+ ****************************************************************************/
+
+static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_type auth_type,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
+{
+ struct rpc_pipe_client *result;
+ struct cli_pipe_auth_data *auth;
+ NTSTATUS status;
+
+ status = cli_rpc_pipe_open(cli, interface, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = rpccli_ntlmssp_bind_data(
+ result, auth_type, auth_level, domain, username,
+ password, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n",
+ nt_errstr(status)));
+ goto err;
}
-
- *perr = rpc_pipe_bind(result, auth_type, auth_level);
- if (!NT_STATUS_IS_OK(*perr)) {
+
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error %s\n",
- nt_errstr(*perr) ));
+ nt_errstr(status) ));
goto err;
}
DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to "
"machine %s and bound NTLMSSP as user %s\\%s.\n",
- result->pipe_name, cli->desthost,
- domain, username ));
+ get_pipe_name_from_iface(interface), cli->desthost, domain,
+ username ));
- return result;
+ *presult = result;
+ return NT_STATUS_OK;
err:
- cli_rpc_pipe_close(result);
- return NULL;
+ TALLOC_FREE(result);
+ return status;
}
/****************************************************************************
Open a named pipe to an SMB server and bind using NTLMSSP (bind type 10)
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- const char *username,
- const char *password,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
- pipe_idx,
+ interface,
PIPE_AUTH_TYPE_NTLMSSP,
auth_level,
domain,
username,
password,
- perr);
+ presult);
}
/****************************************************************************
Open a named pipe to an SMB server and bind using spnego NTLMSSP (bind type 9)
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- const char *username,
- const char *password,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
- pipe_idx,
+ interface,
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
auth_level,
domain,
username,
password,
- perr);
+ presult);
}
/****************************************************************************
Get a the schannel session key out of an already opened netlogon pipe.
****************************************************************************/
-static bool get_schannel_session_key_common(struct rpc_pipe_client *netlogon_pipe,
- struct cli_state *cli,
- const char *domain,
- uint32 *pneg_flags,
- NTSTATUS *perr)
+static NTSTATUS get_schannel_session_key_common(struct rpc_pipe_client *netlogon_pipe,
+ struct cli_state *cli,
+ const char *domain,
+ uint32 *pneg_flags)
{
uint32 sec_chan_type = 0;
unsigned char machine_pwd[16];
const char *machine_account;
+ NTSTATUS status;
/* Get the machine account credentials from secrets.tdb. */
if (!get_trust_pw_hash(domain, machine_pwd, &machine_account,
DEBUG(0, ("get_schannel_session_key: could not fetch "
"trust account password for domain '%s'\n",
domain));
- *perr = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- return false;
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- *perr = rpccli_netlogon_setup_creds(netlogon_pipe,
+ status = rpccli_netlogon_setup_creds(netlogon_pipe,
cli->desthost, /* server name */
domain, /* domain */
global_myname(), /* client name */
sec_chan_type,
pneg_flags);
- if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(3,("get_schannel_session_key_common: rpccli_netlogon_setup_creds "
- "failed with result %s to server %s, domain %s, machine account %s.\n",
- nt_errstr(*perr), cli->desthost, domain, machine_account ));
- return false;
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("get_schannel_session_key_common: "
+ "rpccli_netlogon_setup_creds failed with result %s "
+ "to server %s, domain %s, machine account %s.\n",
+ nt_errstr(status), cli->desthost, domain,
+ machine_account ));
+ return status;
}
if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) {
DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n",
cli->desthost));
- *perr = NT_STATUS_INVALID_NETWORK_RESPONSE;
- return false;
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- return true;
+ return NT_STATUS_OK;;
}
/****************************************************************************
****************************************************************************/
-struct rpc_pipe_client *get_schannel_session_key(struct cli_state *cli,
- const char *domain,
- uint32 *pneg_flags,
- NTSTATUS *perr)
+NTSTATUS get_schannel_session_key(struct cli_state *cli,
+ const char *domain,
+ uint32 *pneg_flags,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *netlogon_pipe = NULL;
+ NTSTATUS status;
- netlogon_pipe = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, perr);
- if (!netlogon_pipe) {
- return NULL;
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id,
+ &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (!get_schannel_session_key_common(netlogon_pipe, cli, domain,
- pneg_flags, perr))
- {
- cli_rpc_pipe_close(netlogon_pipe);
- return NULL;
+ status = get_schannel_session_key_common(netlogon_pipe, cli, domain,
+ pneg_flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(netlogon_pipe);
+ return status;
}
- return netlogon_pipe;
+ *presult = netlogon_pipe;
+ return NT_STATUS_OK;
}
/****************************************************************************
External interface.
Open a named pipe to an SMB server and bind using schannel (bind type 68)
using session_key. sign and seal.
+
+ The *pdc will be stolen onto this new pipe
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- const struct dcinfo *pdc,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ struct netlogon_creds_CredentialState **pdc,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
+ struct cli_pipe_auth_data *auth;
+ NTSTATUS status;
- result = cli_rpc_pipe_open(cli, pipe_idx, perr);
- if (result == NULL) {
- return NULL;
+ status = cli_rpc_pipe_open(cli, interface, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- result->auth.a_u.schannel_auth = TALLOC_ZERO_P(
- result, struct schannel_auth_struct);
- if (!result->auth.a_u.schannel_auth) {
- cli_rpc_pipe_close(result);
- *perr = NT_STATUS_NO_MEMORY;
- return NULL;
+ status = rpccli_schannel_bind_data(result, domain, auth_level,
+ (*pdc)->session_key, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpccli_schannel_bind_data returned %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
}
- result->domain = domain;
- memcpy(result->auth.a_u.schannel_auth->sess_key, pdc->sess_key, 16);
-
- *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_SCHANNEL, auth_level);
- if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: cli_rpc_pipe_bind failed with error %s\n",
- nt_errstr(*perr) ));
- cli_rpc_pipe_close(result);
- return NULL;
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: "
+ "cli_rpc_pipe_bind failed with error %s\n",
+ nt_errstr(status) ));
+ TALLOC_FREE(result);
+ return status;
}
- /* The credentials on a new netlogon pipe are the ones we are passed in - copy them over. */
- if (result->dc) {
- *result->dc = *pdc;
+ /*
+ * The credentials on a new netlogon pipe are the ones we are passed
+ * in - reference them in
+ */
+ result->dc = talloc_move(result, pdc);
+ if (result->dc == NULL) {
+ DEBUG(0, ("talloc reference failed\n"));
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
- "for domain %s "
- "and bound using schannel.\n",
- result->pipe_name, cli->desthost, domain ));
+ "for domain %s and bound using schannel.\n",
+ get_pipe_name_from_iface(interface),
+ cli->desthost, domain ));
- return result;
+ *presult = result;
+ return NT_STATUS_OK;
}
/****************************************************************************
version uses an ntlmssp auth bound netlogon pipe to get the key.
****************************************************************************/
-static struct rpc_pipe_client *get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
- const char *domain,
- const char *username,
- const char *password,
- uint32 *pneg_flags,
- NTSTATUS *perr)
+static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli,
+ const char *domain,
+ const char *username,
+ const char *password,
+ uint32 *pneg_flags,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *netlogon_pipe = NULL;
+ NTSTATUS status;
- netlogon_pipe = cli_rpc_pipe_open_spnego_ntlmssp(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, username, password, perr);
- if (!netlogon_pipe) {
- return NULL;
+ status = cli_rpc_pipe_open_spnego_ntlmssp(
+ cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ domain, username, password, &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (!get_schannel_session_key_common(netlogon_pipe, cli, domain,
- pneg_flags, perr))
- {
- cli_rpc_pipe_close(netlogon_pipe);
- return NULL;
+ status = get_schannel_session_key_common(netlogon_pipe, cli, domain,
+ pneg_flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(netlogon_pipe);
+ return status;
}
- return netlogon_pipe;
+ *presult = netlogon_pipe;
+ return NT_STATUS_OK;
}
/****************************************************************************
uses an ntlmssp bind to get the session key.
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- const char *username,
- const char *password,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
{
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
+ NTSTATUS status;
- netlogon_pipe = get_schannel_session_key_auth_ntlmssp(cli, domain, username,
- password, &neg_flags, perr);
- if (!netlogon_pipe) {
+ status = get_schannel_session_key_auth_ntlmssp(
+ cli, domain, username, password, &neg_flags, &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get schannel session "
"key from server %s for domain %s.\n",
cli->desthost, domain ));
- return NULL;
+ return status;
}
- result = cli_rpc_pipe_open_schannel_with_key(cli, pipe_idx,
- auth_level,
- domain, netlogon_pipe->dc, perr);
+ status = cli_rpc_pipe_open_schannel_with_key(
+ cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ &result);
/* Now we've bound using the session key we can close the netlog pipe. */
- cli_rpc_pipe_close(netlogon_pipe);
+ TALLOC_FREE(netlogon_pipe);
- return result;
+ if (NT_STATUS_IS_OK(status)) {
+ *presult = result;
+ }
+ return status;
}
/****************************************************************************
Fetch the session key ourselves using a temporary netlogon pipe.
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *domain,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *domain,
+ struct rpc_pipe_client **presult)
{
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct rpc_pipe_client *netlogon_pipe = NULL;
struct rpc_pipe_client *result = NULL;
+ NTSTATUS status;
- netlogon_pipe = get_schannel_session_key(cli, domain, &neg_flags, perr);
- if (!netlogon_pipe) {
+ status = get_schannel_session_key(cli, domain, &neg_flags,
+ &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel session "
"key from server %s for domain %s.\n",
cli->desthost, domain ));
- return NULL;
+ return status;
}
- result = cli_rpc_pipe_open_schannel_with_key(cli, pipe_idx,
- auth_level,
- domain, netlogon_pipe->dc, perr);
+ status = cli_rpc_pipe_open_schannel_with_key(
+ cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ &result);
/* Now we've bound using the session key we can close the netlog pipe. */
- cli_rpc_pipe_close(netlogon_pipe);
-
- return result;
-}
-
-#ifdef HAVE_KRB5
+ TALLOC_FREE(netlogon_pipe);
-/****************************************************************************
- Free function for the kerberos spcific data.
- ****************************************************************************/
+ if (NT_STATUS_IS_OK(status)) {
+ *presult = result;
+ }
-static void kerberos_auth_struct_free(struct cli_pipe_auth_data *a)
-{
- data_blob_free(&a->a_u.kerberos_auth->session_key);
+ return NT_STATUS_OK;
}
-#endif
-
/****************************************************************************
Open a named pipe to an SMB server and bind using krb5 (bind type 16).
The idea is this can be called with service_princ, username and password all
NULL so long as the caller has a TGT.
****************************************************************************/
-struct rpc_pipe_client *cli_rpc_pipe_open_krb5(struct cli_state *cli,
- int pipe_idx,
- enum pipe_auth_level auth_level,
- const char *service_princ,
- const char *username,
- const char *password,
- NTSTATUS *perr)
+NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ enum pipe_auth_level auth_level,
+ const char *service_princ,
+ const char *username,
+ const char *password,
+ struct rpc_pipe_client **presult)
{
#ifdef HAVE_KRB5
struct rpc_pipe_client *result;
+ struct cli_pipe_auth_data *auth;
+ NTSTATUS status;
- result = cli_rpc_pipe_open(cli, pipe_idx, perr);
- if (result == NULL) {
- return NULL;
+ status = cli_rpc_pipe_open(cli, interface, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- /* Default service principal is "desthost$@realm" */
- if (!service_princ) {
- service_princ = talloc_asprintf(result, "%s$@%s",
- cli->desthost, lp_realm() );
- if (!service_princ) {
- cli_rpc_pipe_close(result);
- return NULL;
- }
+ status = rpccli_kerberos_bind_data(result, auth_level, service_princ,
+ username, password, &auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("rpccli_kerberos_bind_data returned %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
}
- /* Only get a new TGT if username/password are given. */
- if (username && password) {
- int ret = kerberos_kinit_password(username, password, 0, NULL);
- if (ret) {
- cli_rpc_pipe_close(result);
- return NULL;
- }
+ status = rpc_pipe_bind(result, auth);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("cli_rpc_pipe_open_krb5: cli_rpc_pipe_bind failed "
+ "with error %s\n", nt_errstr(status)));
+ TALLOC_FREE(result);
+ return status;
}
- result->auth.a_u.kerberos_auth = TALLOC_ZERO_P(
- result, struct kerberos_auth_struct);
- if (!result->auth.a_u.kerberos_auth) {
- cli_rpc_pipe_close(result);
- *perr = NT_STATUS_NO_MEMORY;
- return NULL;
+ *presult = result;
+ return NT_STATUS_OK;
+#else
+ DEBUG(0,("cli_rpc_pipe_open_krb5: kerberos not found at compile time.\n"));
+ return NT_STATUS_NOT_IMPLEMENTED;
+#endif
+}
+
+NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *cli,
+ DATA_BLOB *session_key)
+{
+ if (!session_key || !cli) {
+ return NT_STATUS_INVALID_PARAMETER;
}
- result->auth.a_u.kerberos_auth->service_principal = service_princ;
- result->auth.cli_auth_data_free_func = kerberos_auth_struct_free;
+ if (!cli->auth) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- *perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_KRB5, auth_level);
- if (!NT_STATUS_IS_OK(*perr)) {
- DEBUG(0, ("cli_rpc_pipe_open_krb5: cli_rpc_pipe_bind failed with error %s\n",
- nt_errstr(*perr) ));
- cli_rpc_pipe_close(result);
- return NULL;
+ switch (cli->auth->auth_type) {
+ case PIPE_AUTH_TYPE_SCHANNEL:
+ *session_key = data_blob_talloc(mem_ctx,
+ cli->auth->a_u.schannel_auth->sess_key, 16);
+ break;
+ case PIPE_AUTH_TYPE_NTLMSSP:
+ case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
+ *session_key = data_blob_talloc(mem_ctx,
+ cli->auth->a_u.ntlmssp_state->session_key.data,
+ cli->auth->a_u.ntlmssp_state->session_key.length);
+ break;
+ case PIPE_AUTH_TYPE_KRB5:
+ case PIPE_AUTH_TYPE_SPNEGO_KRB5:
+ *session_key = data_blob_talloc(mem_ctx,
+ cli->auth->a_u.kerberos_auth->session_key.data,
+ cli->auth->a_u.kerberos_auth->session_key.length);
+ break;
+ case PIPE_AUTH_TYPE_NONE:
+ *session_key = data_blob_talloc(mem_ctx,
+ cli->auth->user_session_key.data,
+ cli->auth->user_session_key.length);
+ break;
+ default:
+ return NT_STATUS_NO_USER_SESSION_KEY;
}
- return result;
-#else
- DEBUG(0,("cli_rpc_pipe_open_krb5: kerberos not found at compile time.\n"));
- return NULL;
-#endif
+ return NT_STATUS_OK;
}