#include "includes.h"
#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/cli_epmapper.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
switch (auth_type) {
case PIPE_AUTH_TYPE_NONE:
- return RPC_ANONYMOUS_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_NONE;
case PIPE_AUTH_TYPE_NTLMSSP:
- return RPC_NTLMSSP_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_NTLMSSP;
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
case PIPE_AUTH_TYPE_SPNEGO_KRB5:
- return RPC_SPNEGO_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_SPNEGO;
case PIPE_AUTH_TYPE_SCHANNEL:
- return RPC_SCHANNEL_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_SCHANNEL;
case PIPE_AUTH_TYPE_KRB5:
- return RPC_KRB5_AUTH_TYPE;
+ return DCERPC_AUTH_TYPE_KRB5;
default:
DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe "
DATA_BLOB auth_blob;
NTSTATUS status;
- if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
- || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
auth_blob.length = auth_len;
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data is encrypted. */
status = ntlmssp_unseal_packet(ntlmssp_state,
data, data_len,
return status;
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_check_packet(ntlmssp_state,
data, data_len,
uint8 *p_ss_padding_len)
{
RPC_HDR_AUTH auth_info;
- RPC_AUTH_SCHANNEL_CHK schannel_chk;
+ struct NL_AUTH_SIGNATURE schannel_chk;
uint32 auth_len = prhdr->auth_len;
uint32 save_offset = prs_offset(current_pdu);
struct schannel_auth_struct *schannel_auth =
cli->auth->a_u.schannel_auth;
uint32 data_len;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
- if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE
- || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+ if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
+ || cli->auth->auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
return NT_STATUS_OK;
}
- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
return NT_STATUS_BUFFER_TOO_SMALL;
}
- if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &schannel_chk, current_pdu, 0)) {
+ blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), data_len);
+
+ ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk,
+ (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk);
}
if (!schannel_decode(schannel_auth,
********************************************************************/
static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
********************************************************************/
static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
********************************************************************/
static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
********************************************************************/
static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
RPC_HDR_AUTH *pauth_out,
prs_struct *auth_data)
{
- RPC_AUTH_SCHANNEL_NEG schannel_neg;
+ struct NL_AUTH_MESSAGE r;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1);
}
}
- init_rpc_auth_schannel_neg(&schannel_neg, cli->auth->domain,
- global_myname());
-
/*
* Now marshall the data into the auth parse_struct.
*/
- if(!smb_io_rpc_auth_schannel_neg("schannel_neg",
- &schannel_neg, auth_data, 0)) {
- DEBUG(0,("Failed to marshall RPC_AUTH_SCHANNEL_NEG.\n"));
+ r.MessageType = NL_NEGOTIATE_REQUEST;
+ r.Flags = NL_FLAG_OEM_NETBIOS_DOMAIN_NAME |
+ NL_FLAG_OEM_NETBIOS_COMPUTER_NAME;
+ r.oem_netbios_domain.a = cli->auth->domain;
+ r.oem_netbios_computer.a = global_myname();
+
+ ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &r,
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
+ prs_mem_free(auth_data);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &r);
+ }
+
+ if (!prs_copy_data_in(auth_data, (const char *)blob.data, blob.length))
+ {
prs_mem_free(auth_data);
return NT_STATUS_NO_MEMORY;
}
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level)
+ enum dcerpc_AuthLevel auth_level)
{
RPC_HDR_AUTH hdr_auth;
prs_struct auth_info;
}
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
}
break;
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
prs_struct *outgoing_pdu)
{
RPC_HDR_AUTH auth_info;
- RPC_AUTH_SCHANNEL_CHK verf;
+ struct NL_AUTH_SIGNATURE verf;
struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth;
char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
if (!sas) {
return NT_STATUS_INVALID_PARAMETER;
}
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_PRIVACY:
- case PIPE_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n",
sas->seq_num));
return NT_STATUS_INVALID_PARAMETER;
}
+ ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf,
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf);
+ }
+
/* Finally marshall the blob. */
- smb_io_rpc_auth_schannel_chk("",
- RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN,
- &verf,
- outgoing_pdu,
- 0);
+ if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) {
+ return NT_STATUS_NO_MEMORY;
+ }
return NT_STATUS_OK;
}
#endif
switch (cli->auth->auth_level) {
- case PIPE_AUTH_LEVEL_NONE:
- case PIPE_AUTH_LEVEL_CONNECT:
+ case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_CONNECT:
data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN;
data_len = MIN(data_space, data_left);
*p_ss_padding = 0;
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len;
return data_len;
- case PIPE_AUTH_LEVEL_INTEGRITY:
- case PIPE_AUTH_LEVEL_PRIVACY:
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PRIVACY:
/* Treat the same for all authenticated rpc requests. */
switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
uint32 rpc_call_id,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
DATA_BLOB *pauth_blob,
prs_struct *rpc_out)
{
static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
prs_struct *rpc_out)
{
}
result->auth_type = PIPE_AUTH_TYPE_NONE;
- result->auth_level = PIPE_AUTH_LEVEL_NONE;
+ result->auth_level = DCERPC_AUTH_LEVEL_NONE;
result->user_name = talloc_strdup(result, "");
result->domain = talloc_strdup(result, "");
NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
result->a_u.ntlmssp_state->neg_flags &=
~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL);
- if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+ if (auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+ } else if (auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
result->a_u.ntlmssp_state->neg_flags
|= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN;
}
}
NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const uint8_t sess_key[16],
struct cli_pipe_auth_data **presult)
{
#endif
NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = talloc_strdup(result, host);
result->srv_name_slash = talloc_asprintf_strupper_m(
result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
- if (!resolve_name(host, &addr, 0)) {
+ if (!resolve_name(host, &addr, 0, false)) {
status = NT_STATUS_NOT_FOUND;
goto fail;
}
goto fail;
}
+ result->transport->transport = NCACN_IP_TCP;
+
*presult = result;
return NT_STATUS_OK;
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = get_myname(result);
result->srv_name_slash = talloc_asprintf_strupper_m(
goto fail;
}
+ result->transport->transport = NCALRPC;
+
*presult = result;
return NT_STATUS_OK;
result->abstract_syntax = *abstract_syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->desthost = talloc_strdup(result, cli->desthost);
result->srv_name_slash = talloc_asprintf_strupper_m(
result, "\\\\%s", result->desthost);
return status;
}
+ result->transport->transport = NCACN_NP;
+
DLIST_ADD(cli->pipe_list, result);
talloc_set_destructor(result, rpc_pipe_client_np_destructor);
result->abstract_syntax = *syntax;
result->transfer_syntax = ndr_transfer_syntax;
result->dispatch = cli_do_rpc_ndr;
+ result->dispatch_send = cli_do_rpc_ndr_send;
+ result->dispatch_recv = cli_do_rpc_ndr_recv;
result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
return status;
}
+ result->transport->transport = NCACN_INTERNAL;
+
*presult = result;
return NT_STATUS_OK;
}
****************************************************************************/
static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
const struct ndr_syntax_id *interface,
struct rpc_pipe_client **presult)
{
- if (ndr_syntax_id_equal(interface, &ndr_table_drsuapi.syntax_id)) {
- /*
- * We should have a better way to figure out this drsuapi
- * speciality...
- */
+ switch (transport) {
+ case NCACN_IP_TCP:
return rpc_pipe_open_tcp(NULL, cli->desthost, interface,
presult);
+ case NCACN_NP:
+ return rpc_pipe_open_np(cli, interface, presult);
+ default:
+ return NT_STATUS_NOT_IMPLEMENTED;
}
-
- return rpc_pipe_open_np(cli, interface, presult);
}
/****************************************************************************
Open a named pipe to an SMB server and bind anonymously.
****************************************************************************/
-NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
- const struct ndr_syntax_id *interface,
- struct rpc_pipe_client **presult)
+NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
+ enum dcerpc_transport_t transport,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
{
struct rpc_pipe_client *result;
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_OK;
}
+/****************************************************************************
+ ****************************************************************************/
+
+NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli,
+ const struct ndr_syntax_id *interface,
+ struct rpc_pipe_client **presult)
+{
+ return cli_rpc_pipe_open_noauth_transport(cli, NCACN_NP,
+ interface, presult);
+}
+
/****************************************************************************
Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP
****************************************************************************/
static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli,
const struct ndr_syntax_id *interface,
+ enum dcerpc_transport_t transport,
enum pipe_auth_type auth_type,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
interface,
+ transport,
PIPE_AUTH_TYPE_NTLMSSP,
auth_level,
domain,
NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
{
return cli_rpc_pipe_open_ntlmssp_internal(cli,
interface,
+ transport,
PIPE_AUTH_TYPE_SPNEGO_NTLMSSP,
auth_level,
domain,
NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct netlogon_creds_CredentialState **pdc,
struct rpc_pipe_client **presult)
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, transport, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
NTSTATUS status;
status = cli_rpc_pipe_open_spnego_ntlmssp(
- cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY,
+ cli, &ndr_table_netlogon.syntax_id, NCACN_NP,
+ DCERPC_AUTH_LEVEL_PRIVACY,
domain, username, password, &netlogon_pipe);
if (!NT_STATUS_IS_OK(status)) {
return status;
NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
const char *username,
const char *password,
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
&result);
/* Now we've bound using the session key we can close the netlog pipe. */
NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_transport_t transport,
+ enum dcerpc_AuthLevel auth_level,
const char *domain,
struct rpc_pipe_client **presult)
{
}
status = cli_rpc_pipe_open_schannel_with_key(
- cli, interface, auth_level, domain, &netlogon_pipe->dc,
+ cli, interface, transport, auth_level, domain, &netlogon_pipe->dc,
&result);
/* Now we've bound using the session key we can close the netlog pipe. */
NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli,
const struct ndr_syntax_id *interface,
- enum pipe_auth_level auth_level,
+ enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
const char *password,
struct cli_pipe_auth_data *auth;
NTSTATUS status;
- status = cli_rpc_pipe_open(cli, interface, &result);
+ status = cli_rpc_pipe_open(cli, NCACN_NP, interface, &result);
if (!NT_STATUS_IS_OK(status)) {
return status;
}