2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998,
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1998.
7 * Copyright (C) Jeremy Allison 1999.
8 * Copyright (C) Andrew Bartlett 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 #define DBGC_CLASS DBGC_RPC_CLI
30 extern struct pipe_id_info pipe_names[];
32 /* convert pipe auth flags into the RPC auth type and level */
34 void get_auth_type_level(int pipe_auth_flags, int *auth_type, int *auth_level)
38 if (pipe_auth_flags & AUTH_PIPE_SEAL) {
39 *auth_level = RPC_PIPE_AUTH_SEAL_LEVEL;
40 } else if (pipe_auth_flags & AUTH_PIPE_SIGN) {
41 *auth_level = RPC_PIPE_AUTH_SIGN_LEVEL;
44 if (pipe_auth_flags & AUTH_PIPE_NETSEC) {
45 *auth_type = NETSEC_AUTH_TYPE;
46 } else if (pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
47 *auth_type = NTLMSSP_AUTH_TYPE;
51 /********************************************************************
53 ********************************************************************/
55 static uint32 get_rpc_call_id(void)
57 static uint32 call_id = 0;
61 /*******************************************************************
62 Use SMBreadX to get rest of one fragment's worth of rpc data.
63 ********************************************************************/
65 static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_read, uint32 *rdata_offset)
67 size_t size = (size_t)cli->max_recv_frag;
68 int stream_offset = 0;
71 int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
73 DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
74 (int)data_to_read, (unsigned int)*rdata_offset, extra_data_size));
77 * Grow the buffer if needed to accommodate the data to be read.
80 if (extra_data_size > 0) {
81 if(!prs_force_grow(rdata, (uint32)extra_data_size)) {
82 DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", extra_data_size ));
85 DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", extra_data_size, prs_data_size(rdata) ));
88 pdata = prs_data_p(rdata) + *rdata_offset;
90 do /* read data using SMBreadX */
95 if (size > (size_t)data_to_read)
96 size = (size_t)data_to_read;
98 num_read = (int)cli_read(cli, cli->nt_pipe_fnum, pdata, (off_t)stream_offset, size);
100 DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
101 num_read, stream_offset, data_to_read));
103 if (cli_is_dos_error(cli)) {
104 cli_dos_error(cli, &eclass, &ecode);
105 if (eclass != ERRDOS && ecode != ERRmoredata) {
106 DEBUG(0,("rpc_read: Error %d/%u in cli_read\n",
107 eclass, (unsigned int)ecode));
112 data_to_read -= num_read;
113 stream_offset += num_read;
116 } while (num_read > 0 && data_to_read > 0);
117 /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */
120 * Update the current offset into rdata by the amount read.
122 *rdata_offset += stream_offset;
127 /****************************************************************************
128 Checks the header. This will set the endian bit in the rdata prs_struct. JRA.
129 ****************************************************************************/
131 static BOOL rpc_check_hdr(prs_struct *rdata, RPC_HDR *rhdr,
132 BOOL *first, BOOL *last, uint32 *len)
134 DEBUG(5,("rpc_check_hdr: rdata->data_size = %u\n", (uint32)prs_data_size(rdata) ));
136 /* Next call sets endian bit. */
138 if(!smb_io_rpc_hdr("rpc_hdr ", rhdr, rdata, 0)) {
139 DEBUG(0,("rpc_check_hdr: Failed to unmarshall RPC_HDR.\n"));
143 if (prs_offset(rdata) != RPC_HEADER_LEN) {
144 DEBUG(0,("rpc_check_hdr: offset was %x, should be %x.\n", prs_offset(rdata), RPC_HEADER_LEN));
148 (*first) = ((rhdr->flags & RPC_FLG_FIRST) != 0);
149 (*last) = ((rhdr->flags & RPC_FLG_LAST ) != 0);
150 (*len) = (uint32)rhdr->frag_len - prs_data_size(rdata);
152 return (rhdr->pkt_type != RPC_FAULT);
155 /****************************************************************************
156 Verify data on an rpc pipe.
157 The VERIFY & SEAL code is only executed on packets that look like this :
159 Request/Response PDU's look like the following...
161 |<------------------PDU len----------------------------------------------->|
162 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
164 +------------+-----------------+-------------+---------------+-------------+
165 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
166 +------------+-----------------+-------------+---------------+-------------+
168 Never on bind requests/responses.
169 ****************************************************************************/
171 static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
172 uint32 fragment_start, int len, int auth_len, uint8 pkt_type,
173 int *pauth_padding_len)
177 * The following is that length of the data we must sign or seal.
178 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
179 * preceeding the auth_data.
182 int data_len = len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
185 * The start of the data to sign/seal is just after the RPC headers.
187 char *reply_data = prs_data_p(rdata) + fragment_start + RPC_HEADER_LEN + RPC_HDR_REQ_LEN;
189 RPC_HDR_AUTH rhdr_auth;
191 char *dp = prs_data_p(rdata) + fragment_start + len -
192 RPC_HDR_AUTH_LEN - auth_len;
193 prs_struct auth_verf;
195 *pauth_padding_len = 0;
198 if (cli->pipe_auth_flags == 0) {
199 /* move along, nothing to see here */
203 DEBUG(2, ("No authenticaton header recienved on reply, but this pipe is authenticated\n"));
207 DEBUG(5,("rpc_auth_pipe: pkt_type: %d len: %d auth_len: %d NTLMSSP %s schannel %s sign %s seal %s \n",
208 pkt_type, len, auth_len,
209 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP),
210 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_NETSEC),
211 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_SIGN),
212 BOOLSTR(cli->pipe_auth_flags & AUTH_PIPE_SEAL)));
214 if (dp - prs_data_p(rdata) > prs_data_size(rdata)) {
215 DEBUG(0,("rpc_auth_pipe: schannel auth data > data size !\n"));
219 DEBUG(10,("rpc_auth_pipe: packet:\n"));
220 dump_data(100, dp, auth_len);
222 prs_init(&auth_verf, 0, cli->mem_ctx, UNMARSHALL);
224 /* The endinness must be preserved. JRA. */
225 prs_set_endian_data( &auth_verf, rdata->bigendian_data);
227 /* Point this new parse struct at the auth section of the main
228 parse struct - rather than copying it. Avoids needing to
229 free it on every error
231 prs_give_memory(&auth_verf, dp, RPC_HDR_AUTH_LEN + auth_len, False /* not dynamic */);
232 prs_set_offset(&auth_verf, 0);
237 if (!smb_io_rpc_hdr_auth("auth_hdr", &rhdr_auth, &auth_verf, 0)) {
238 DEBUG(0, ("rpc_auth_pipe: Could not parse auth header\n"));
242 /* Let the caller know how much padding at the end of the data */
243 *pauth_padding_len = rhdr_auth.padding;
245 /* Check it's the type of reply we were expecting to decode */
247 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
248 if (rhdr_auth.auth_type != auth_type) {
249 DEBUG(0, ("BAD auth type %d (should be %d)\n",
250 rhdr_auth.auth_type, auth_type));
254 if (rhdr_auth.auth_level != auth_level) {
255 DEBUG(0, ("BAD auth level %d (should be %d)\n",
256 rhdr_auth.auth_level, auth_level));
261 if (pkt_type == RPC_BINDACK) {
262 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
263 /* copy the next auth_len bytes into a buffer for
266 DATA_BLOB ntlmssp_verf = data_blob(NULL, auth_len);
268 /* save the reply away, for use a little later */
269 prs_copy_data_out((char *)ntlmssp_verf.data, &auth_verf, auth_len);
272 return (NT_STATUS_IS_OK(ntlmssp_client_store_response(cli->ntlmssp_pipe_state,
275 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
276 /* nothing to do here - we don't seem to be able to
277 validate the bindack based on VL's comments */
282 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
285 if ((cli->pipe_auth_flags & AUTH_PIPE_SIGN) ||
286 (cli->pipe_auth_flags & AUTH_PIPE_SEAL)) {
287 if (auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) {
288 DEBUG(0,("rpc_auth_pipe: wrong ntlmssp auth len %d\n", auth_len));
291 sig = data_blob(NULL, auth_len);
292 prs_copy_data_out((char *)sig.data, &auth_verf, auth_len);
296 * Unseal any sealed data in the PDU, not including the
297 * 8 byte auth_header or the auth_data.
301 * Now unseal and check the auth verifier in the auth_data at
302 * the end of the packet.
305 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
307 DEBUG(1, ("Can't unseal - data_len < 0!!\n"));
310 nt_status = ntlmssp_client_unseal_packet(cli->ntlmssp_pipe_state,
311 (unsigned char *)reply_data, data_len,
314 else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
315 nt_status = ntlmssp_client_check_packet(cli->ntlmssp_pipe_state,
316 (const unsigned char *)reply_data, data_len,
320 data_blob_free(&sig);
322 if (!NT_STATUS_IS_OK(nt_status)) {
323 DEBUG(0, ("rpc_auth_pipe: could not validate "
324 "incoming NTLMSSP packet!\n"));
329 if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
330 RPC_AUTH_NETSEC_CHK chk;
332 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
333 DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
337 if (!smb_io_rpc_auth_netsec_chk("schannel_auth_sign",
338 &chk, &auth_verf, 0)) {
339 DEBUG(0, ("rpc_auth_pipe: schannel unmarshalling "
340 "RPC_AUTH_NETSECK_CHK failed\n"));
344 if (!netsec_decode(&cli->auth_info,
345 cli->pipe_auth_flags,
347 &chk, reply_data, data_len)) {
348 DEBUG(0, ("rpc_auth_pipe: Could not decode schannel\n"));
352 cli->auth_info.seq_num++;
359 /****************************************************************************
360 Send data on an rpc pipe via trans, which *must* be the last fragment.
361 receive response data from an rpc pipe, which may be large...
363 Read the first fragment: unfortunately have to use SMBtrans for the first
364 bit, then SMBreadX for subsequent bits.
366 If first fragment received also wasn't the last fragment, continue
367 getting fragments until we _do_ receive the last fragment.
369 Request/Response PDU's look like the following...
371 |<------------------PDU len----------------------------------------------->|
372 |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->|
374 +------------+-----------------+-------------+---------------+-------------+
375 | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA |
376 +------------+-----------------+-------------+---------------+-------------+
378 Where the presence of the AUTH_HDR and AUTH are dependent on the
379 signing & sealing being negotiated.
381 ****************************************************************************/
383 static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata,
384 uint8 expected_pkt_type)
388 uint32 rparam_len = 0;
393 char *pdata = data ? prs_data_p(data) : NULL;
394 uint32 data_len = data ? prs_offset(data) : 0;
396 uint32 rdata_len = 0;
397 uint32 current_offset = 0;
398 uint32 fragment_start = 0;
399 uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
400 int auth_padding_len = 0;
402 /* Create setup parameters - must be in native byte order. */
404 setup[0] = TRANSACT_DCERPCCMD;
405 setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
407 DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
409 /* Send the RPC request and receive a response. For short RPC
410 calls (about 1024 bytes or so) the RPC request and response
411 appears in a SMBtrans request and response. Larger RPC
412 responses are received further on. */
414 if (!cli_api_pipe(cli, "\\PIPE\\",
415 setup, 2, 0, /* Setup, length, max */
416 NULL, 0, 0, /* Params, length, max */
417 pdata, data_len, max_data, /* data, length, max */
418 &rparam, &rparam_len, /* return params, len */
419 &prdata, &rdata_len)) /* return data, len */
421 DEBUG(0, ("cli_pipe: return critical error. Error was %s\n", cli_errstr(cli)));
425 /* Throw away returned params - we know we won't use them. */
429 if (prdata == NULL) {
430 DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
431 (int)cli->nt_pipe_fnum));
436 * Give this memory as dynamically allocated to the return parse
440 prs_give_memory(rdata, prdata, rdata_len, True);
441 current_offset = rdata_len;
443 /* This next call sets the endian bit correctly in rdata. */
445 if (!rpc_check_hdr(rdata, &rhdr, &first, &last, &len)) {
450 if (rhdr.pkt_type == RPC_BINDACK) {
451 if (!last && !first) {
452 DEBUG(5,("rpc_api_pipe: bug in server (AS/U?), setting fragment first/last ON.\n"));
458 if (rhdr.pkt_type == RPC_BINDNACK) {
459 DEBUG(3, ("Bind NACK received on pipe %x!\n", (int)cli->nt_pipe_fnum));
464 if (rhdr.pkt_type == RPC_RESPONSE) {
465 RPC_HDR_RESP rhdr_resp;
466 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, rdata, 0)) {
467 DEBUG(5,("rpc_api_pipe: failed to unmarshal RPC_HDR_RESP.\n"));
473 if (rhdr.pkt_type != expected_pkt_type) {
474 DEBUG(3, ("Connection to pipe %x got an unexpected RPC packet type - %d, not %d\n", (int)cli->nt_pipe_fnum, rhdr.pkt_type, expected_pkt_type));
479 DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
480 (unsigned int)len, (unsigned int)rdata_len ));
482 /* check if data to be sent back was too large for one SMBtrans */
483 /* err status is only informational: the _real_ check is on the
487 /* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
489 /* Read the remaining part of the first response fragment */
491 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
498 * Now we have a complete PDU, check the auth struct if any was sent.
501 if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
502 rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
507 if (rhdr.auth_len != 0) {
509 * Drop the auth footers from the current offset.
510 * We need this if there are more fragments.
511 * The auth footers consist of the auth_data and the
512 * preceeding 8 byte auth_header.
514 current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
518 * Only one rpc fragment, and it has been read.
522 DEBUG(6,("rpc_api_pipe: fragment first and last both set\n"));
527 * Read more fragments using SMBreadX until we get one with the
532 RPC_HDR_RESP rhdr_resp;
534 char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
540 * First read the header of the next PDU.
543 prs_init(&hps, 0, cli->mem_ctx, UNMARSHALL);
544 prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
546 num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
547 if (cli_is_dos_error(cli)) {
548 cli_dos_error(cli, &eclass, &ecode);
549 if (eclass != ERRDOS && ecode != ERRmoredata) {
550 DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", eclass, ecode));
555 DEBUG(5,("rpc_api_pipe: read header (size:%d)\n", num_read));
557 if (num_read != RPC_HEADER_LEN+RPC_HDR_RESP_LEN) {
558 DEBUG(0,("rpc_api_pipe: Error : requested %d bytes, got %d.\n",
559 RPC_HEADER_LEN+RPC_HDR_RESP_LEN, num_read ));
563 /* This call sets the endianness in hps. */
565 if (!rpc_check_hdr(&hps, &rhdr, &first, &last, &len))
568 /* Ensure the endianness in rdata is set correctly - must be same as hps. */
570 if (hps.bigendian_data != rdata->bigendian_data) {
571 DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n",
572 rdata->bigendian_data ? "big" : "little",
573 hps.bigendian_data ? "big" : "little" ));
577 if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, &hps, 0)) {
578 DEBUG(0,("rpc_api_pipe: Error in unmarshalling RPC_HDR_RESP.\n"));
583 DEBUG(0,("rpc_api_pipe: secondary PDU rpc header has 'first' set !\n"));
588 * Now read the rest of the PDU.
591 if (!rpc_read(cli, rdata, len, ¤t_offset)) {
596 fragment_start = current_offset - len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
599 * Verify any authentication footer.
603 if(!rpc_auth_pipe(cli, rdata, fragment_start, rhdr.frag_len,
604 rhdr.auth_len, rhdr.pkt_type, &auth_padding_len)) {
609 if (rhdr.auth_len != 0 ) {
612 * Drop the auth footers from the current offset.
613 * The auth footers consist of the auth_data and the
614 * preceeding 8 byte auth_header.
615 * We need this if there are more fragments.
617 current_offset -= (auth_padding_len + RPC_HDR_AUTH_LEN + rhdr.auth_len);
624 /*******************************************************************
625 creates a DCE/RPC bind request
627 - initialises the parse structure.
628 - dynamically allocates the header data structure
629 - caller is expected to free the header data structure once used.
631 ********************************************************************/
633 static NTSTATUS create_rpc_bind_req(struct cli_state *cli, prs_struct *rpc_out,
635 RPC_IFACE *abstract, RPC_IFACE *transfer,
636 const char *my_name, const char *domain)
640 RPC_HDR_AUTH hdr_auth;
642 int auth_type, auth_level;
643 size_t saved_hdr_offset = 0;
645 prs_struct auth_info;
646 prs_init(&auth_info, RPC_HDR_AUTH_LEN, /* we will need at least this much */
647 prs_get_mem_context(rpc_out), MARSHALL);
649 if (cli->pipe_auth_flags) {
650 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
653 * Create the auth structs we will marshall.
656 init_rpc_hdr_auth(&hdr_auth, auth_type, auth_level, 0x00, 1);
659 * Now marshall the data into the temporary parse_struct.
662 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, &auth_info, 0)) {
663 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_AUTH.\n"));
664 prs_mem_free(&auth_info);
665 return NT_STATUS_NO_MEMORY;
667 saved_hdr_offset = prs_offset(&auth_info);
670 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
673 DATA_BLOB null_blob = data_blob(NULL, 0);
676 DEBUG(5, ("Processing NTLMSSP Negotiate\n"));
677 nt_status = ntlmssp_client_update(cli->ntlmssp_pipe_state,
681 if (!NT_STATUS_EQUAL(nt_status,
682 NT_STATUS_MORE_PROCESSING_REQUIRED)) {
683 prs_mem_free(&auth_info);
687 /* Auth len in the rpc header doesn't include auth_header. */
688 auth_len = request.length;
689 prs_copy_data_in(&auth_info, (char *)request.data, request.length);
691 DEBUG(5, ("NTLMSSP Negotiate:\n"));
692 dump_data(5, (const char *)request.data, request.length);
694 data_blob_free(&request);
696 } else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
697 RPC_AUTH_NETSEC_NEG netsec_neg;
699 /* Use lp_workgroup() if domain not specified */
701 if (!domain || !domain[0]) {
702 DEBUG(10,("create_rpc_bind_req: no domain; assuming my own\n"));
703 domain = lp_workgroup();
706 init_rpc_auth_netsec_neg(&netsec_neg, domain, my_name);
709 * Now marshall the data into the temporary parse_struct.
712 if(!smb_io_rpc_auth_netsec_neg("netsec_neg",
713 &netsec_neg, &auth_info, 0)) {
714 DEBUG(0,("Failed to marshall RPC_AUTH_NETSEC_NEG.\n"));
715 prs_mem_free(&auth_info);
716 return NT_STATUS_NO_MEMORY;
719 /* Auth len in the rpc header doesn't include auth_header. */
720 auth_len = prs_offset(&auth_info) - saved_hdr_offset;
723 /* Create the request RPC_HDR */
724 init_rpc_hdr(&hdr, RPC_BIND, 0x3, rpc_call_id,
725 RPC_HEADER_LEN + RPC_HDR_RB_LEN + prs_offset(&auth_info),
728 if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
729 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR.\n"));
730 prs_mem_free(&auth_info);
731 return NT_STATUS_NO_MEMORY;
734 /* create the bind request RPC_HDR_RB */
735 init_rpc_hdr_rb(&hdr_rb, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN, 0x0,
736 0x1, 0x0, 0x1, abstract, transfer);
738 /* Marshall the bind request data */
739 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
740 DEBUG(0,("create_rpc_bind_req: failed to marshall RPC_HDR_RB.\n"));
741 prs_mem_free(&auth_info);
742 return NT_STATUS_NO_MEMORY;
746 * Grow the outgoing buffer to store any auth info.
750 if(!prs_append_prs_data( rpc_out, &auth_info)) {
751 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
752 prs_mem_free(&auth_info);
753 return NT_STATUS_NO_MEMORY;
756 prs_mem_free(&auth_info);
760 /*******************************************************************
761 Creates a DCE/RPC bind authentication response.
762 This is the packet that is sent back to the server once we
763 have received a BIND-ACK, to finish the third leg of
764 the authentication handshake.
765 ********************************************************************/
767 static NTSTATUS create_rpc_bind_resp(struct cli_state *cli,
773 RPC_HDR_AUTHA hdr_autha;
774 DATA_BLOB ntlmssp_null_response = data_blob(NULL, 0);
775 DATA_BLOB ntlmssp_reply;
776 int auth_type, auth_level;
778 /* The response is picked up from the internal cache,
779 where it was placed by the rpc_auth_pipe() code */
780 nt_status = ntlmssp_client_update(cli->ntlmssp_pipe_state,
781 ntlmssp_null_response,
784 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
788 /* Create the request RPC_HDR */
789 init_rpc_hdr(&hdr, RPC_BINDRESP, 0x0, rpc_call_id,
790 RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN + ntlmssp_reply.length,
791 ntlmssp_reply.length );
794 if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) {
795 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR.\n"));
796 data_blob_free(&ntlmssp_reply);
797 return NT_STATUS_NO_MEMORY;
800 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
802 /* Create the request RPC_HDR_AUTHA */
803 init_rpc_hdr_autha(&hdr_autha, MAX_PDU_FRAG_LEN, MAX_PDU_FRAG_LEN,
804 auth_type, auth_level, 0x00);
806 if(!smb_io_rpc_hdr_autha("hdr_autha", &hdr_autha, rpc_out, 0)) {
807 DEBUG(0,("create_rpc_bind_resp: failed to marshall RPC_HDR_AUTHA.\n"));
808 data_blob_free(&ntlmssp_reply);
809 return NT_STATUS_NO_MEMORY;
813 * Append the auth data to the outgoing buffer.
816 if(!prs_copy_data_in(rpc_out, (char *)ntlmssp_reply.data, ntlmssp_reply.length)) {
817 DEBUG(0,("create_rpc_bind_req: failed to grow parse struct to add auth.\n"));
818 data_blob_free(&ntlmssp_reply);
819 return NT_STATUS_NO_MEMORY;
822 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
823 nt_status = ntlmssp_client_sign_init(cli->ntlmssp_pipe_state);
825 if (!NT_STATUS_IS_OK(nt_status)) {
830 data_blob_free(&ntlmssp_reply);
835 /*******************************************************************
836 Creates a DCE/RPC request.
837 ********************************************************************/
839 static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
844 uint32 callid = oldid ? oldid : get_rpc_call_id();
846 DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
848 /* create the rpc header RPC_HDR */
849 init_rpc_hdr(&hdr, RPC_REQUEST, flags,
850 callid, data_len, auth_len);
853 * The alloc hint should be the amount of data, not including
854 * RPC headers & footers.
858 alloc_hint = data_len - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
860 alloc_hint = data_len - RPC_HEADER_LEN;
862 DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
863 data_len, auth_len, alloc_hint));
865 /* Create the rpc request RPC_HDR_REQ */
866 init_rpc_hdr_req(&hdr_req, alloc_hint, op_num);
869 if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
872 if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
875 if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
881 /*******************************************************************
882 Puts an auth header into an rpc request.
883 ********************************************************************/
885 static BOOL create_auth_hdr(prs_struct *outgoing_packet,
887 int auth_level, int padding)
889 RPC_HDR_AUTH hdr_auth;
891 init_rpc_hdr_auth(&hdr_auth, auth_type, auth_level,
893 if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
894 outgoing_packet, 0)) {
895 DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
902 * Send a request on an RPC pipe and get a response.
904 * @param data NDR contents of the request to be sent.
905 * @param rdata Unparsed NDR response data.
908 BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
909 prs_struct *data, prs_struct *rdata)
911 uint32 auth_len, real_auth_len, auth_hdr_len, max_data, data_left, data_sent;
921 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
922 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
923 auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
925 if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
926 auth_len = RPC_AUTH_NETSEC_CHK_LEN;
928 auth_hdr_len = RPC_HDR_AUTH_LEN;
932 * calc how much actual data we can send in a PDU fragment
934 max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
935 auth_hdr_len - auth_len - 8;
937 for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
938 prs_struct outgoing_packet;
940 uint32 data_len, send_size;
942 uint32 auth_padding = 0;
946 * how much will we send this time
948 send_size = MIN(data_left, max_data);
950 if (!prs_init(&sec_blob, send_size, /* will need at least this much */
951 cli->mem_ctx, MARSHALL)) {
952 DEBUG(0,("Could not malloc %u bytes",
953 send_size+auth_padding));
957 if(!prs_append_some_prs_data(&sec_blob, data,
958 data_sent, send_size)) {
959 DEBUG(0,("Failed to append data to netsec blob\n"));
960 prs_mem_free(&sec_blob);
965 * NT expects the data that is sealed to be 8-byte
966 * aligned. The padding must be encrypted as well and
967 * taken into account when generating the
968 * authentication verifier. The amount of padding must
969 * be stored in the auth header.
972 if (cli->pipe_auth_flags) {
973 size_t data_and_padding_size;
976 prs_align_uint64(&sec_blob);
978 get_auth_type_level(cli->pipe_auth_flags, &auth_type, &auth_level);
980 data_and_padding_size = prs_offset(&sec_blob);
981 auth_padding = data_and_padding_size - send_size;
983 /* insert the auth header */
985 if(!create_auth_hdr(&sec_blob, auth_type, auth_level, auth_padding)) {
986 prs_mem_free(&sec_blob);
990 /* create an NTLMSSP signature */
991 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
993 * Seal the outgoing data if requested.
995 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
997 nt_status = ntlmssp_client_seal_packet(cli->ntlmssp_pipe_state,
998 (unsigned char*)prs_data_p(&sec_blob),
999 data_and_padding_size,
1001 if (!NT_STATUS_IS_OK(nt_status)) {
1002 prs_mem_free(&sec_blob);
1006 else if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
1008 nt_status = ntlmssp_client_sign_packet(cli->ntlmssp_pipe_state,
1009 (unsigned char*)prs_data_p(&sec_blob),
1010 data_and_padding_size, &sign_blob);
1011 if (!NT_STATUS_IS_OK(nt_status)) {
1012 prs_mem_free(&sec_blob);
1018 /* write auth footer onto the packet */
1019 real_auth_len = sign_blob.length;
1021 prs_copy_data_in(&sec_blob, (char *)sign_blob.data, sign_blob.length);
1022 data_blob_free(&sign_blob);
1025 else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
1026 size_t parse_offset_marker;
1027 RPC_AUTH_NETSEC_CHK verf;
1028 DEBUG(10,("SCHANNEL seq_num=%d\n", cli->auth_info.seq_num));
1030 netsec_encode(&cli->auth_info,
1031 cli->pipe_auth_flags,
1032 SENDER_IS_INITIATOR,
1034 prs_data_p(&sec_blob),
1035 data_and_padding_size);
1037 cli->auth_info.seq_num++;
1039 /* write auth footer onto the packet */
1041 parse_offset_marker = prs_offset(&sec_blob);
1042 if (!smb_io_rpc_auth_netsec_chk("", &verf,
1044 prs_mem_free(&sec_blob);
1047 real_auth_len = prs_offset(&sec_blob) - parse_offset_marker;
1051 data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + prs_offset(&sec_blob);
1054 * Malloc parse struct to hold it (and enough for alignments).
1056 if(!prs_init(&outgoing_packet, data_len + 8,
1057 cli->mem_ctx, MARSHALL)) {
1058 DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
1062 if (data_left == prs_offset(data))
1063 flags |= RPC_FLG_FIRST;
1065 if (data_left <= max_data)
1066 flags |= RPC_FLG_LAST;
1068 * Write out the RPC header and the request header.
1070 if(!(callid = create_rpc_request(&outgoing_packet, op_num,
1071 data_len, real_auth_len, flags,
1072 callid, data_left))) {
1073 DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
1074 prs_mem_free(&outgoing_packet);
1075 prs_mem_free(&sec_blob);
1079 prs_append_prs_data(&outgoing_packet, &sec_blob);
1080 prs_mem_free(&sec_blob);
1082 DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
1083 prs_offset(&outgoing_packet)));
1085 if (flags & RPC_FLG_LAST)
1086 ret = rpc_api_pipe(cli, &outgoing_packet,
1087 rdata, RPC_RESPONSE);
1089 cli_write(cli, cli->nt_pipe_fnum, 0x0008,
1090 prs_data_p(&outgoing_packet),
1091 data_sent, data_len);
1093 prs_mem_free(&outgoing_packet);
1094 data_sent += send_size;
1095 data_left -= send_size;
1097 /* Also capture received data */
1098 slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
1099 cli_pipe_get_name(cli));
1100 prs_dump(dump_name, op_num, rdata);
1105 /****************************************************************************
1106 Set the handle state.
1107 ****************************************************************************/
1109 static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, const char *pipe_name, uint16 device_state)
1111 BOOL state_set = False;
1113 uint16 setup[2]; /* only need 2 uint16 setup parameters */
1114 char *rparam = NULL;
1116 uint32 rparam_len, rdata_len;
1118 if (pipe_name == NULL)
1121 DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n",
1122 cli->nt_pipe_fnum, pipe_name, device_state));
1124 /* create parameters: device state */
1125 SSVAL(param, 0, device_state);
1127 /* create setup parameters. */
1129 setup[1] = cli->nt_pipe_fnum; /* pipe file handle. got this from an SMBOpenX. */
1131 /* send the data on \PIPE\ */
1132 if (cli_api_pipe(cli, "\\PIPE\\",
1133 setup, 2, 0, /* setup, length, max */
1134 param, 2, 0, /* param, length, max */
1135 NULL, 0, 1024, /* data, length, max */
1136 &rparam, &rparam_len, /* return param, length */
1137 &rdata, &rdata_len)) /* return data, length */
1139 DEBUG(5, ("Set Handle state: return OK\n"));
1149 /****************************************************************************
1150 check the rpc bind acknowledge response
1151 ****************************************************************************/
1153 int get_pipe_index( const char *pipe_name )
1157 while (pipe_names[pipe_idx].client_pipe != NULL) {
1158 if (strequal(pipe_name, pipe_names[pipe_idx].client_pipe ))
1167 /****************************************************************************
1168 check the rpc bind acknowledge response
1169 ****************************************************************************/
1171 const char* get_pipe_name_from_index( const int pipe_index )
1174 if ( (pipe_index < 0) || (pipe_index >= PI_MAX_PIPES) )
1177 return pipe_names[pipe_index].client_pipe;
1180 /****************************************************************************
1181 Check to see if this pipe index points to one of
1182 the pipes only supported by Win2k
1183 ****************************************************************************/
1185 BOOL is_win2k_pipe( const int pipe_idx )
1196 /****************************************************************************
1197 check the rpc bind acknowledge response
1198 ****************************************************************************/
1200 static BOOL valid_pipe_name(const int pipe_idx, RPC_IFACE *abstract, RPC_IFACE *transfer)
1202 if ( pipe_idx >= PI_MAX_PIPES ) {
1203 DEBUG(0,("valid_pipe_name: Programmer error! Invalid pipe index [%d]\n",
1208 DEBUG(5,("Bind Abstract Syntax: "));
1209 dump_data(5, (char*)&(pipe_names[pipe_idx].abstr_syntax),
1210 sizeof(pipe_names[pipe_idx].abstr_syntax));
1211 DEBUG(5,("Bind Transfer Syntax: "));
1212 dump_data(5, (char*)&(pipe_names[pipe_idx].trans_syntax),
1213 sizeof(pipe_names[pipe_idx].trans_syntax));
1215 /* copy the required syntaxes out so we can do the right bind */
1217 *transfer = pipe_names[pipe_idx].trans_syntax;
1218 *abstract = pipe_names[pipe_idx].abstr_syntax;
1223 /****************************************************************************
1224 check the rpc bind acknowledge response
1225 ****************************************************************************/
1227 static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, const int pipe_idx, RPC_IFACE *transfer)
1231 if ( hdr_ba->addr.len <= 0)
1234 if ( !strequal(hdr_ba->addr.str, pipe_names[pipe_idx].server_pipe ))
1236 DEBUG(4,("bind_rpc_pipe: pipe_name %s != expected pipe %s. oh well!\n",
1237 pipe_names[i].server_pipe ,hdr_ba->addr.str));
1241 DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", pipe_names[i].server_pipe ));
1243 if (pipe_names[pipe_idx].server_pipe == NULL) {
1244 DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba->addr.str));
1248 /* check the transfer syntax */
1249 if ((hdr_ba->transfer.version != transfer->version) ||
1250 (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) {
1251 DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n"));
1255 /* lkclXXXX only accept one result: check the result(s) */
1256 if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) {
1257 DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n",
1258 hdr_ba->res.num_results, hdr_ba->res.reason));
1261 DEBUG(5,("bind_rpc_pipe: accepted!\n"));
1265 /****************************************************************************
1266 Create and send the third packet in an RPC auth.
1267 ****************************************************************************/
1269 static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 rpc_call_id)
1274 prs_init(&rpc_out, RPC_HEADER_LEN + RPC_HDR_AUTHA_LEN, /* need at least this much */
1275 cli->mem_ctx, MARSHALL);
1277 if (!NT_STATUS_IS_OK(create_rpc_bind_resp(cli, rpc_call_id,
1282 if ((ret = cli_write(cli, cli->nt_pipe_fnum, 0x8, prs_data_p(&rpc_out),
1283 0, (size_t)prs_offset(&rpc_out))) != (ssize_t)prs_offset(&rpc_out)) {
1284 DEBUG(0,("rpc_send_auth_reply: cli_write failed. Return was %d\n", (int)ret));
1285 prs_mem_free(&rpc_out);
1289 prs_mem_free(&rpc_out);
1293 /****************************************************************************
1295 ****************************************************************************/
1297 static BOOL rpc_pipe_bind(struct cli_state *cli, int pipe_idx, const char *my_name)
1304 char buffer[MAX_PDU_FRAG_LEN];
1306 if ( (pipe_idx < 0) || (pipe_idx >= PI_MAX_PIPES) )
1309 DEBUG(5,("Bind RPC Pipe[%x]: %s\n", cli->nt_pipe_fnum, pipe_names[pipe_idx].client_pipe));
1311 if (!valid_pipe_name(pipe_idx, &abstract, &transfer))
1314 prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
1317 * Use the MAX_PDU_FRAG_LEN buffer to store the bind request.
1320 prs_give_memory( &rpc_out, buffer, sizeof(buffer), False);
1322 rpc_call_id = get_rpc_call_id();
1324 if (cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP) {
1328 DEBUG(5, ("NTLMSSP authenticated pipe selected\n"));
1330 nt_status = ntlmssp_client_start(&cli->ntlmssp_pipe_state);
1332 if (!NT_STATUS_IS_OK(nt_status))
1335 nt_status = ntlmssp_set_username(cli->ntlmssp_pipe_state,
1337 if (!NT_STATUS_IS_OK(nt_status))
1340 nt_status = ntlmssp_set_domain(cli->ntlmssp_pipe_state,
1342 if (!NT_STATUS_IS_OK(nt_status))
1345 pwd_get_cleartext(&cli->pwd, password);
1346 nt_status = ntlmssp_set_password(cli->ntlmssp_pipe_state,
1348 if (!NT_STATUS_IS_OK(nt_status))
1351 if (cli->pipe_auth_flags & AUTH_PIPE_SIGN) {
1352 cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1355 if (cli->pipe_auth_flags & AUTH_PIPE_SEAL) {
1356 cli->ntlmssp_pipe_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
1358 } else if (cli->pipe_auth_flags & AUTH_PIPE_NETSEC) {
1359 cli->auth_info.seq_num = 0;
1362 /* Marshall the outgoing data. */
1363 create_rpc_bind_req(cli, &rpc_out, rpc_call_id,
1364 &abstract, &transfer,
1365 global_myname(), cli->domain);
1367 /* Initialize the incoming data struct. */
1368 prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
1370 /* send data on \PIPE\. receive a response */
1371 if (rpc_api_pipe(cli, &rpc_out, &rdata, RPC_BINDACK)) {
1374 DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));
1376 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rdata, 0)) {
1377 DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n"));
1378 prs_mem_free(&rdata);
1382 if(!check_bind_response(&hdr_ba, pipe_idx, &transfer)) {
1383 DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n"));
1384 prs_mem_free(&rdata);
1388 cli->max_xmit_frag = hdr_ba.bba.max_tsize;
1389 cli->max_recv_frag = hdr_ba.bba.max_rsize;
1392 * If we're doing NTLMSSP auth we need to send a reply to
1393 * the bind-ack to complete the 3-way challenge response
1397 if ((cli->pipe_auth_flags & AUTH_PIPE_NTLMSSP)
1398 && !rpc_send_auth_reply(cli, &rdata, rpc_call_id)) {
1399 DEBUG(0,("rpc_pipe_bind: rpc_send_auth_reply failed.\n"));
1400 prs_mem_free(&rdata);
1403 prs_mem_free(&rdata);
1410 /****************************************************************************
1412 ****************************************************************************/
1414 BOOL cli_nt_session_open(struct cli_state *cli, const int pipe_idx)
1418 /* At the moment we can't have more than one pipe open over
1419 a cli connection. )-: */
1421 SMB_ASSERT(cli->nt_pipe_fnum == 0);
1423 /* The pipe index must fall within our array */
1425 SMB_ASSERT((pipe_idx >= 0) && (pipe_idx < PI_MAX_PIPES));
1427 if (cli->capabilities & CAP_NT_SMBS) {
1428 if ((fnum = cli_nt_create(cli, &pipe_names[pipe_idx].client_pipe[5], DESIRED_ACCESS_PIPE)) == -1) {
1429 DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s. Error was %s\n",
1430 &pipe_names[pipe_idx].client_pipe[5], cli->desthost, cli_errstr(cli)));
1434 cli->nt_pipe_fnum = (uint16)fnum;
1436 if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1437 DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
1438 pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
1442 cli->nt_pipe_fnum = (uint16)fnum;
1444 /**************** Set Named Pipe State ***************/
1445 if (!rpc_pipe_set_hnd_state(cli, pipe_names[pipe_idx].client_pipe, 0x4300)) {
1446 DEBUG(0,("cli_nt_session_open: pipe hnd state failed. Error was %s\n",
1448 cli_close(cli, cli->nt_pipe_fnum);
1453 /******************* bind request on pipe *****************/
1455 if (!rpc_pipe_bind(cli, pipe_idx, global_myname())) {
1456 DEBUG(2,("cli_nt_session_open: rpc bind to %s failed\n",
1457 get_pipe_name_from_index(pipe_idx)));
1458 cli_close(cli, cli->nt_pipe_fnum);
1463 * Setup the remote server name prefixed by \ and the machine account name.
1466 fstrcpy(cli->srv_name_slash, "\\\\");
1467 fstrcat(cli->srv_name_slash, cli->desthost);
1468 strupper_m(cli->srv_name_slash);
1470 fstrcpy(cli->clnt_name_slash, "\\\\");
1471 fstrcat(cli->clnt_name_slash, global_myname());
1472 strupper_m(cli->clnt_name_slash);
1474 fstrcpy(cli->mach_acct, global_myname());
1475 fstrcat(cli->mach_acct, "$");
1476 strupper_m(cli->mach_acct);
1478 /* Remember which pipe we're talking to */
1479 fstrcpy(cli->pipe_name, pipe_names[pipe_idx].client_pipe);
1485 /****************************************************************************
1486 Open a session to the NETLOGON pipe using schannel.
1488 (Assumes that the netlogon pipe is already open)
1489 ****************************************************************************/
1491 NTSTATUS cli_nt_establish_netlogon(struct cli_state *cli, int sec_chan,
1492 const uchar trust_password[16])
1495 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
1498 cli_nt_netlogon_netsec_session_close(cli);
1500 if (lp_client_schannel() != False)
1501 neg_flags |= NETLOGON_NEG_SCHANNEL;
1503 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1506 if (!NT_STATUS_IS_OK(result)) {
1507 cli_nt_session_close(cli);
1511 if ((lp_client_schannel() == True) &&
1512 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1514 DEBUG(3, ("Server did not offer schannel\n"));
1515 cli_nt_session_close(cli);
1516 return NT_STATUS_UNSUCCESSFUL;
1519 if ((lp_client_schannel() == False) ||
1520 ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) {
1521 return NT_STATUS_OK;
1523 /* keep the existing connection to NETLOGON open */
1527 /* Server offered schannel, so try it. */
1529 memcpy(cli->auth_info.sess_key, cli->sess_key,
1530 sizeof(cli->auth_info.sess_key));
1532 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1534 cli->pipe_auth_flags = AUTH_PIPE_NETSEC;
1535 cli->pipe_auth_flags |= AUTH_PIPE_SIGN;
1536 cli->pipe_auth_flags |= AUTH_PIPE_SEAL;
1538 if (cli->capabilities & CAP_NT_SMBS) {
1540 /* The secure channel connection must be opened on the same
1541 session (TCP connection) as the one the challenge was
1543 if ((fnum = cli_nt_create(cli, PIPE_NETLOGON_PLAIN,
1544 DESIRED_ACCESS_PIPE)) == -1) {
1545 DEBUG(0,("cli_nt_create failed to %s machine %s. "
1547 PIPE_NETLOGON, cli->desthost,
1549 return NT_STATUS_UNSUCCESSFUL;
1552 cli->nt_pipe_fnum = (uint16)fnum;
1554 if ((fnum = cli_open(cli, PIPE_NETLOGON,
1555 O_CREAT|O_RDWR, DENY_NONE)) == -1) {
1556 DEBUG(0,("cli_open failed on pipe %s to machine %s. "
1558 PIPE_NETLOGON, cli->desthost,
1560 return NT_STATUS_UNSUCCESSFUL;
1563 cli->nt_pipe_fnum = (uint16)fnum;
1565 /**************** Set Named Pipe State ***************/
1566 if (!rpc_pipe_set_hnd_state(cli, PIPE_NETLOGON, 0x4300)) {
1567 DEBUG(0,("Pipe hnd state failed. Error was %s\n",
1569 cli_close(cli, cli->nt_pipe_fnum);
1570 return NT_STATUS_UNSUCCESSFUL;
1574 if (!rpc_pipe_bind(cli, PI_NETLOGON, global_myname())) {
1575 DEBUG(2,("rpc bind to %s failed\n", PIPE_NETLOGON));
1576 cli_close(cli, cli->nt_pipe_fnum);
1577 return NT_STATUS_UNSUCCESSFUL;
1580 return NT_STATUS_OK;
1584 NTSTATUS cli_nt_setup_netsec(struct cli_state *cli, int sec_chan, int auth_flags,
1585 const uchar trust_password[16])
1588 uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
1589 cli->pipe_auth_flags = 0;
1591 if (lp_client_schannel() == False) {
1592 return NT_STATUS_OK;
1595 if (!cli_nt_session_open(cli, PI_NETLOGON)) {
1596 DEBUG(0, ("Could not initialise %s\n",
1597 get_pipe_name_from_index(PI_NETLOGON)));
1598 return NT_STATUS_UNSUCCESSFUL;
1601 if (lp_client_schannel() != False)
1602 neg_flags |= NETLOGON_NEG_SCHANNEL;
1604 neg_flags |= NETLOGON_NEG_SCHANNEL;
1606 result = cli_nt_setup_creds(cli, sec_chan, trust_password,
1609 if (!(neg_flags & NETLOGON_NEG_SCHANNEL)
1610 && lp_client_schannel() == True) {
1611 DEBUG(1, ("Could not negotiate SCHANNEL with the DC!\n"));
1612 result = NT_STATUS_UNSUCCESSFUL;
1615 if (!NT_STATUS_IS_OK(result)) {
1616 ZERO_STRUCT(cli->auth_info.sess_key);
1617 ZERO_STRUCT(cli->sess_key);
1618 cli->pipe_auth_flags = 0;
1619 cli_nt_session_close(cli);
1623 memcpy(cli->auth_info.sess_key, cli->sess_key,
1624 sizeof(cli->auth_info.sess_key));
1626 cli->saved_netlogon_pipe_fnum = cli->nt_pipe_fnum;
1627 cli->nt_pipe_fnum = 0;
1629 /* doing schannel, not per-user auth */
1630 cli->pipe_auth_flags = auth_flags;
1632 return NT_STATUS_OK;
1635 const char *cli_pipe_get_name(struct cli_state *cli)
1637 return cli->pipe_name;
git.samba.org / kai / samba.git / blob