gensec: Remove mem_ctx from calls that do not return memory

[nivanova/samba-autobuild/.git] / source4 / librpc / rpc / dcerpc.c

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 0ae56a470e500c6f8e7db82d8b8bec4208113278..496cc0b2a684dd25e0980bbfa27c8c02d68167b9 100644 (file)
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -30,17 +30,83 @@
 #include "libcli/composite/composite.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "librpc/rpc/rpc_common.h"
 
-_PUBLIC_ NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx)
+enum rpc_request_state {
+       RPC_REQUEST_QUEUED,
+       RPC_REQUEST_PENDING,
+       RPC_REQUEST_DONE
+};
+
+/*
+  handle for an async dcerpc request
+*/
+struct rpc_request {
+       struct rpc_request *next, *prev;
+       struct dcerpc_pipe *p;
+       NTSTATUS status;
+       uint32_t call_id;
+       enum rpc_request_state state;
+       DATA_BLOB payload;
+       uint32_t flags;
+       uint32_t fault_code;
+
+       /* this is used to distinguish bind and alter_context requests
+          from normal requests */
+       void (*recv_handler)(struct rpc_request *conn, 
+                            DATA_BLOB *blob, struct ncacn_packet *pkt);
+
+       const struct GUID *object;
+       uint16_t opnum;
+       DATA_BLOB request_data;
+       bool ignore_timeout;
+
+       /* use by the ndr level async recv call */
+       struct {
+               const struct ndr_interface_table *table;
+               uint32_t opnum;
+               void *struct_ptr;
+               TALLOC_CTX *mem_ctx;
+       } ndr;
+
+       struct {
+               void (*callback)(struct rpc_request *);
+               void *private_data;
+       } async;
+};
+
+_PUBLIC_ NTSTATUS dcerpc_init(void)
 {
-       return gensec_init(lp_ctx);
+       return gensec_init();
 }
 
-static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status);
-static void dcerpc_ship_next_request(struct dcerpc_connection *c);
+static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status);
+static void dcerpc_ship_next_request(struct dcecli_connection *c);
+
+static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p,
+                                              const struct GUID *object,
+                                              uint16_t opnum,
+                                              DATA_BLOB *stub_data);
+static NTSTATUS dcerpc_request_recv(struct rpc_request *req,
+                                   TALLOC_CTX *mem_ctx,
+                                   DATA_BLOB *stub_data);
+static NTSTATUS dcerpc_ndr_validate_in(struct dcecli_connection *c,
+                                      TALLOC_CTX *mem_ctx,
+                                      DATA_BLOB blob,
+                                      size_t struct_size,
+                                      ndr_push_flags_fn_t ndr_push,
+                                      ndr_pull_flags_fn_t ndr_pull);
+static NTSTATUS dcerpc_ndr_validate_out(struct dcecli_connection *c,
+                                       struct ndr_pull *pull_in,
+                                       void *struct_ptr,
+                                       size_t struct_size,
+                                       ndr_push_flags_fn_t ndr_push,
+                                       ndr_pull_flags_fn_t ndr_pull,
+                                       ndr_print_function_t ndr_print);
 
 /* destroy a dcerpc connection */
-static int dcerpc_connection_destructor(struct dcerpc_connection *conn)
+static int dcerpc_connection_destructor(struct dcecli_connection *conn)
 {
        if (conn->dead) {
                conn->free_skipped = true;
@@ -54,20 +120,17 @@ static int dcerpc_connection_destructor(struct dcerpc_connection *conn)
 /* initialise a dcerpc connection. 
    the event context is optional
 */
-static struct dcerpc_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, 
-                                                struct tevent_context *ev,
-                                                struct smb_iconv_convenience *ic)
+static struct dcecli_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, 
+                                                struct tevent_context *ev)
 {
-       struct dcerpc_connection *c;
+       struct dcecli_connection *c;
 
-       c = talloc_zero(mem_ctx, struct dcerpc_connection);
+       c = talloc_zero(mem_ctx, struct dcecli_connection);
        if (!c) {
                return NULL;
        }
 
-       c->iconv_convenience = talloc_reference(c, ic);
-
-       c->event_ctx = talloc_reference(c, ev);
+       c->event_ctx = ev;
 
        if (c->event_ctx == NULL) {
                talloc_free(c);
@@ -89,18 +152,424 @@ static struct dcerpc_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx,
        return c;
 }
 
+struct dcerpc_bh_state {
+       struct dcerpc_pipe *p;
+};
+
+static bool dcerpc_bh_is_connected(struct dcerpc_binding_handle *h)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+
+       if (!hs->p) {
+               return false;
+       }
+
+       return true;
+}
+
+static uint32_t dcerpc_bh_set_timeout(struct dcerpc_binding_handle *h,
+                                     uint32_t timeout)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+       uint32_t old;
+
+       if (!hs->p) {
+               return DCERPC_REQUEST_TIMEOUT;
+       }
+
+       old = hs->p->request_timeout;
+       hs->p->request_timeout = timeout;
+
+       return old;
+}
+
+struct dcerpc_bh_raw_call_state {
+       struct dcerpc_binding_handle *h;
+       DATA_BLOB in_data;
+       DATA_BLOB out_data;
+       uint32_t out_flags;
+};
+
+static void dcerpc_bh_raw_call_done(struct rpc_request *subreq);
+
+static struct tevent_req *dcerpc_bh_raw_call_send(TALLOC_CTX *mem_ctx,
+                                                 struct tevent_context *ev,
+                                                 struct dcerpc_binding_handle *h,
+                                                 const struct GUID *object,
+                                                 uint32_t opnum,
+                                                 uint32_t in_flags,
+                                                 const uint8_t *in_data,
+                                                 size_t in_length)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+       struct tevent_req *req;
+       struct dcerpc_bh_raw_call_state *state;
+       bool ok;
+       struct rpc_request *subreq;
+
+       req = tevent_req_create(mem_ctx, &state,
+                               struct dcerpc_bh_raw_call_state);
+       if (req == NULL) {
+               return NULL;
+       }
+       state->h = h;
+       state->in_data.data = discard_const_p(uint8_t, in_data);
+       state->in_data.length = in_length;
+
+       ok = dcerpc_bh_is_connected(h);
+       if (!ok) {
+               tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+               return tevent_req_post(req, ev);
+       }
+
+       subreq = dcerpc_request_send(hs->p,
+                                    object,
+                                    opnum,
+                                    &state->in_data);
+       if (tevent_req_nomem(subreq, req)) {
+               return tevent_req_post(req, ev);
+       }
+       subreq->async.callback = dcerpc_bh_raw_call_done;
+       subreq->async.private_data = req;
+
+       return req;
+}
+
+static void dcerpc_bh_raw_call_done(struct rpc_request *subreq)
+{
+       struct tevent_req *req =
+               talloc_get_type_abort(subreq->async.private_data,
+               struct tevent_req);
+       struct dcerpc_bh_raw_call_state *state =
+               tevent_req_data(req,
+               struct dcerpc_bh_raw_call_state);
+       NTSTATUS status;
+       uint32_t fault_code;
+
+       state->out_flags = 0;
+       if (subreq->flags & DCERPC_PULL_BIGENDIAN) {
+               state->out_flags |= LIBNDR_FLAG_BIGENDIAN;
+       }
+
+       fault_code = subreq->fault_code;
+
+       status = dcerpc_request_recv(subreq, state, &state->out_data);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+               status = dcerpc_fault_to_nt_status(fault_code);
+       }
+       if (!NT_STATUS_IS_OK(status)) {
+               tevent_req_nterror(req, status);
+               return;
+       }
+
+       tevent_req_done(req);
+}
+
+static NTSTATUS dcerpc_bh_raw_call_recv(struct tevent_req *req,
+                                       TALLOC_CTX *mem_ctx,
+                                       uint8_t **out_data,
+                                       size_t *out_length,
+                                       uint32_t *out_flags)
+{
+       struct dcerpc_bh_raw_call_state *state =
+               tevent_req_data(req,
+               struct dcerpc_bh_raw_call_state);
+       NTSTATUS status;
+
+       if (tevent_req_is_nterror(req, &status)) {
+               tevent_req_received(req);
+               return status;
+       }
+
+       *out_data = talloc_move(mem_ctx, &state->out_data.data);
+       *out_length = state->out_data.length;
+       *out_flags = state->out_flags;
+       tevent_req_received(req);
+       return NT_STATUS_OK;
+}
+
+struct dcerpc_bh_disconnect_state {
+       uint8_t _dummy;
+};
+
+static struct tevent_req *dcerpc_bh_disconnect_send(TALLOC_CTX *mem_ctx,
+                                               struct tevent_context *ev,
+                                               struct dcerpc_binding_handle *h)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+       struct tevent_req *req;
+       struct dcerpc_bh_disconnect_state *state;
+       bool ok;
+
+       req = tevent_req_create(mem_ctx, &state,
+                               struct dcerpc_bh_disconnect_state);
+       if (req == NULL) {
+               return NULL;
+       }
+
+       ok = dcerpc_bh_is_connected(h);
+       if (!ok) {
+               tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+               return tevent_req_post(req, ev);
+       }
+
+       /* TODO: do a real disconnect ... */
+       hs->p = NULL;
+
+       tevent_req_done(req);
+       return tevent_req_post(req, ev);
+}
+
+static NTSTATUS dcerpc_bh_disconnect_recv(struct tevent_req *req)
+{
+       NTSTATUS status;
+
+       if (tevent_req_is_nterror(req, &status)) {
+               tevent_req_received(req);
+               return status;
+       }
+
+       tevent_req_received(req);
+       return NT_STATUS_OK;
+}
+
+static bool dcerpc_bh_push_bigendian(struct dcerpc_binding_handle *h)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+
+       if (hs->p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
+               return true;
+       }
+
+       return false;
+}
+
+static bool dcerpc_bh_ref_alloc(struct dcerpc_binding_handle *h)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+
+       if (hs->p->conn->flags & DCERPC_NDR_REF_ALLOC) {
+               return true;
+       }
+
+       return false;
+}
+
+static bool dcerpc_bh_use_ndr64(struct dcerpc_binding_handle *h)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+
+       if (hs->p->conn->flags & DCERPC_NDR64) {
+               return true;
+       }
+
+       return false;
+}
+
+static void dcerpc_bh_do_ndr_print(struct dcerpc_binding_handle *h,
+                                  int ndr_flags,
+                                  const void *_struct_ptr,
+                                  const struct ndr_interface_call *call)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+       void *struct_ptr = discard_const(_struct_ptr);
+
+       if (ndr_flags & NDR_IN) {
+               if (hs->p->conn->flags & DCERPC_DEBUG_PRINT_IN) {
+                       ndr_print_function_debug(call->ndr_print,
+                                                call->name,
+                                                ndr_flags,
+                                                struct_ptr);
+               }
+       }
+       if (ndr_flags & NDR_OUT) {
+               if (hs->p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
+                       ndr_print_function_debug(call->ndr_print,
+                                                call->name,
+                                                ndr_flags,
+                                                struct_ptr);
+               }
+       }
+}
+
+static void dcerpc_bh_ndr_push_failed(struct dcerpc_binding_handle *h,
+                                     NTSTATUS error,
+                                     const void *struct_ptr,
+                                     const struct ndr_interface_call *call)
+{
+       DEBUG(2,("Unable to ndr_push structure for %s - %s\n",
+                call->name, nt_errstr(error)));
+}
+
+static void dcerpc_bh_ndr_pull_failed(struct dcerpc_binding_handle *h,
+                                     NTSTATUS error,
+                                     const DATA_BLOB *blob,
+                                     const struct ndr_interface_call *call)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+       const uint32_t num_examples = 20;
+       uint32_t i;
+
+       DEBUG(2,("Unable to ndr_pull structure for %s - %s\n",
+                call->name, nt_errstr(error)));
+
+       if (hs->p->conn->packet_log_dir == NULL) return;
+
+       for (i=0;i<num_examples;i++) {
+               char *name=NULL;
+               asprintf(&name, "%s/rpclog/%s-out.%d",
+                        hs->p->conn->packet_log_dir,
+                        call->name, i);
+               if (name == NULL) {
+                       return;
+               }
+               if (!file_exist(name)) {
+                       if (file_save(name, blob->data, blob->length)) {
+                               DEBUG(10,("Logged rpc packet to %s\n", name));
+                       }
+                       free(name);
+                       break;
+               }
+               free(name);
+       }
+}
+
+static NTSTATUS dcerpc_bh_ndr_validate_in(struct dcerpc_binding_handle *h,
+                                         TALLOC_CTX *mem_ctx,
+                                         const DATA_BLOB *blob,
+                                         const struct ndr_interface_call *call)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+
+       if (hs->p->conn->flags & DCERPC_DEBUG_VALIDATE_IN) {
+               NTSTATUS status;
+
+               status = dcerpc_ndr_validate_in(hs->p->conn,
+                                               mem_ctx,
+                                               *blob,
+                                               call->struct_size,
+                                               call->ndr_push,
+                                               call->ndr_pull);
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(0,("Validation [in] failed for %s - %s\n",
+                                call->name, nt_errstr(status)));
+                       return status;
+               }
+       }
+
+       DEBUG(10,("rpc request data:\n"));
+       dump_data(10, blob->data, blob->length);
+
+       return NT_STATUS_OK;
+}
+
+static NTSTATUS dcerpc_bh_ndr_validate_out(struct dcerpc_binding_handle *h,
+                                          struct ndr_pull *pull_in,
+                                          const void *_struct_ptr,
+                                          const struct ndr_interface_call *call)
+{
+       struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                    struct dcerpc_bh_state);
+       void *struct_ptr = discard_const(_struct_ptr);
+
+       DEBUG(10,("rpc reply data:\n"));
+       dump_data(10, pull_in->data, pull_in->data_size);
+
+       if (pull_in->offset != pull_in->data_size) {
+               DEBUG(0,("Warning! ignoring %u unread bytes at ofs:%u (0x%08X) for %s!\n",
+                        pull_in->data_size - pull_in->offset,
+                        pull_in->offset, pull_in->offset,
+                        call->name));
+               /* we used to return NT_STATUS_INFO_LENGTH_MISMATCH here,
+                  but it turns out that early versions of NT
+                  (specifically NT3.1) add junk onto the end of rpc
+                  packets, so if we want to interoperate at all with
+                  those versions then we need to ignore this error */
+       }
+
+       if (hs->p->conn->flags & DCERPC_DEBUG_VALIDATE_OUT) {
+               NTSTATUS status;
+
+               status = dcerpc_ndr_validate_out(hs->p->conn,
+                                                pull_in,
+                                                struct_ptr,
+                                                call->struct_size,
+                                                call->ndr_push,
+                                                call->ndr_pull,
+                                                call->ndr_print);
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(2,("Validation [out] failed for %s - %s\n",
+                                call->name, nt_errstr(status)));
+                       return status;
+               }
+       }
+
+       return NT_STATUS_OK;
+}
+
+static const struct dcerpc_binding_handle_ops dcerpc_bh_ops = {
+       .name                   = "dcerpc",
+       .is_connected           = dcerpc_bh_is_connected,
+       .set_timeout            = dcerpc_bh_set_timeout,
+       .raw_call_send          = dcerpc_bh_raw_call_send,
+       .raw_call_recv          = dcerpc_bh_raw_call_recv,
+       .disconnect_send        = dcerpc_bh_disconnect_send,
+       .disconnect_recv        = dcerpc_bh_disconnect_recv,
+
+       .push_bigendian         = dcerpc_bh_push_bigendian,
+       .ref_alloc              = dcerpc_bh_ref_alloc,
+       .use_ndr64              = dcerpc_bh_use_ndr64,
+       .do_ndr_print           = dcerpc_bh_do_ndr_print,
+       .ndr_push_failed        = dcerpc_bh_ndr_push_failed,
+       .ndr_pull_failed        = dcerpc_bh_ndr_pull_failed,
+       .ndr_validate_in        = dcerpc_bh_ndr_validate_in,
+       .ndr_validate_out       = dcerpc_bh_ndr_validate_out,
+};
+
 /* initialise a dcerpc pipe. */
-_PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
-                                    struct smb_iconv_convenience *ic)
+struct dcerpc_binding_handle *dcerpc_pipe_binding_handle(struct dcerpc_pipe *p)
+{
+       struct dcerpc_binding_handle *h;
+       struct dcerpc_bh_state *hs;
+
+       h = dcerpc_binding_handle_create(p,
+                                        &dcerpc_bh_ops,
+                                        NULL,
+                                        NULL, /* TODO */
+                                        &hs,
+                                        struct dcerpc_bh_state,
+                                        __location__);
+       if (h == NULL) {
+               return NULL;
+       }
+       hs->p = p;
+
+       dcerpc_binding_handle_set_sync_ev(h, p->conn->event_ctx);
+
+       return h;
+}
+
+/* initialise a dcerpc pipe. */
+_PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev)
 {
        struct dcerpc_pipe *p;
 
-       p = talloc(mem_ctx, struct dcerpc_pipe);
+       p = talloc_zero(mem_ctx, struct dcerpc_pipe);
        if (!p) {
                return NULL;
        }
 
-       p->conn = dcerpc_connection_init(p, ev, ic);
+       p->conn = dcerpc_connection_init(p, ev);
        if (p->conn == NULL) {
                talloc_free(p);
                return NULL;
@@ -118,6 +587,12 @@ _PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent
                p->conn->flags |= DCERPC_DEBUG_PRINT_BOTH;
        }
 
+       p->binding_handle = dcerpc_pipe_binding_handle(p);
+       if (p->binding_handle == NULL) {
+               talloc_free(p);
+               return NULL;
+       }
+
        return p;
 }
 
@@ -125,7 +600,7 @@ _PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent
 /* 
    choose the next call id to use
 */
-static uint32_t next_call_id(struct dcerpc_connection *c)
+static uint32_t next_call_id(struct dcecli_connection *c)
 {
        c->call_id++;
        if (c->call_id == 0) {
@@ -134,43 +609,13 @@ static uint32_t next_call_id(struct dcerpc_connection *c)
        return c->call_id;
 }
 
-/* we need to be able to get/set the fragment length without doing a full
-   decode */
-void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v)
-{
-       if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
-               SSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
-       } else {
-               RSSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
-       }
-}
-
-uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob)
-{
-       if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
-               return SVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
-       } else {
-               return RSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
-       }
-}
-
-void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v)
-{
-       if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
-               SSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
-       } else {
-               RSSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
-       }
-}
-
-
 /**
   setup for a ndr pull, also setting up any flags from the binding string
 */
-static struct ndr_pull *ndr_pull_init_flags(struct dcerpc_connection *c, 
+static struct ndr_pull *ndr_pull_init_flags(struct dcecli_connection *c, 
                                            DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
 {
-       struct ndr_pull *ndr = ndr_pull_init_blob(blob, mem_ctx, c->iconv_convenience);
+       struct ndr_pull *ndr = ndr_pull_init_blob(blob, mem_ctx);
 
        if (ndr == NULL) return ndr;
 
@@ -182,6 +627,10 @@ static struct ndr_pull *ndr_pull_init_flags(struct dcerpc_connection *c,
                ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
        }
 
+       if (c->flags & DCERPC_NDR64) {
+               ndr->flags |= LIBNDR_FLAG_NDR64;
+       }
+
        return ndr;
 }
 
@@ -189,7 +638,7 @@ static struct ndr_pull *ndr_pull_init_flags(struct dcerpc_connection *c,
    parse a data blob into a ncacn_packet structure. This handles both
    input and output packets
 */
-static NTSTATUS ncacn_pull(struct dcerpc_connection *c, DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
+static NTSTATUS ncacn_pull(struct dcecli_connection *c, DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
                            struct ncacn_packet *pkt)
 {
        struct ndr_pull *ndr;
@@ -215,15 +664,13 @@ static NTSTATUS ncacn_pull(struct dcerpc_connection *c, DATA_BLOB *blob, TALLOC_
 /* 
    parse the authentication information on a dcerpc response packet
 */
-static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX *mem_ctx, 
+static NTSTATUS ncacn_pull_request_auth(struct dcecli_connection *c, TALLOC_CTX *mem_ctx, 
                                        DATA_BLOB *raw_packet,
                                        struct ncacn_packet *pkt)
 {
-       struct ndr_pull *ndr;
        NTSTATUS status;
        struct dcerpc_auth auth;
-       DATA_BLOB auth_blob;
-       enum ndr_err_code ndr_err;
+       uint32_t auth_length;
 
        if (!c->security_state.auth_info ||
            !c->security_state.generic_state) {
@@ -250,39 +697,17 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX
                return NT_STATUS_INVALID_LEVEL;
        }
 
-       auth_blob.length = 8 + pkt->auth_length;
-
-       /* check for a valid length */
-       if (pkt->u.response.stub_and_verifier.length < auth_blob.length) {
-               return NT_STATUS_INFO_LENGTH_MISMATCH;
-       }
+       status = dcerpc_pull_auth_trailer(pkt, mem_ctx,
+                                         &pkt->u.response.stub_and_verifier,
+                                         &auth, &auth_length, false);
+       NT_STATUS_NOT_OK_RETURN(status);
 
-       auth_blob.data = 
-               pkt->u.response.stub_and_verifier.data + 
-               pkt->u.response.stub_and_verifier.length - auth_blob.length;
-       pkt->u.response.stub_and_verifier.length -= auth_blob.length;
-
-       /* pull the auth structure */
-       ndr = ndr_pull_init_flags(c, &auth_blob, mem_ctx);
-       if (!ndr) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
-               ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
-       }
-
-       ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               return ndr_map_error2ntstatus(ndr_err);
-       }
-       status = NT_STATUS_OK;
+       pkt->u.response.stub_and_verifier.length -= auth_length;
 
        /* check signature or unseal the packet */
        switch (c->security_state.auth_info->auth_level) {
        case DCERPC_AUTH_LEVEL_PRIVACY:
                status = gensec_unseal_packet(c->security_state.generic_state, 
-                                             mem_ctx, 
                                              raw_packet->data + DCERPC_REQUEST_LENGTH,
                                              pkt->u.response.stub_and_verifier.length, 
                                              raw_packet->data,
@@ -295,7 +720,6 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX
                
        case DCERPC_AUTH_LEVEL_INTEGRITY:
                status = gensec_check_packet(c->security_state.generic_state, 
-                                            mem_ctx, 
                                             pkt->u.response.stub_and_verifier.data, 
                                             pkt->u.response.stub_and_verifier.length, 
                                             raw_packet->data,
@@ -313,7 +737,7 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX
                break;
        }
        
-       /* remove the indicated amount of paddiing */
+       /* remove the indicated amount of padding */
        if (pkt->u.response.stub_and_verifier.length < auth.auth_pad_length) {
                return NT_STATUS_INFO_LENGTH_MISMATCH;
        }
@@ -326,7 +750,7 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX
 /* 
    push a dcerpc request packet into a blob, possibly signing it.
 */
-static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, 
+static NTSTATUS ncacn_push_request_sign(struct dcecli_connection *c, 
                                         DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
                                         size_t sig_size,
                                         struct ncacn_packet *pkt)
@@ -340,7 +764,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 
        /* non-signed packets are simpler */
        if (sig_size == 0) {
-               return ncacn_push_auth(blob, mem_ctx, c->iconv_convenience, pkt, NULL);
+               return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
        }
 
        switch (c->security_state.auth_info->auth_level) {
@@ -350,16 +774,16 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 
        case DCERPC_AUTH_LEVEL_CONNECT:
                /* TODO: let the gensec mech decide if it wants to generate a signature */
-               return ncacn_push_auth(blob, mem_ctx, c->iconv_convenience, pkt, NULL);
+               return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
 
        case DCERPC_AUTH_LEVEL_NONE:
-               return ncacn_push_auth(blob, mem_ctx, c->iconv_convenience, pkt, NULL);
+               return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
 
        default:
                return NT_STATUS_INVALID_LEVEL;
        }
 
-       ndr = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+       ndr = ndr_push_init_ctx(mem_ctx);
        if (!ndr) {
                return NT_STATUS_NO_MEMORY;
        }
@@ -368,6 +792,10 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
                ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
        }
 
+       if (c->flags & DCERPC_NDR64) {
+               ndr->flags |= LIBNDR_FLAG_NDR64;
+       }
+
        if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
                ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
                hdr_size += 16;
@@ -377,17 +805,18 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                return ndr_map_error2ntstatus(ndr_err);
        }
-       status = NT_STATUS_OK;
 
        /* pad to 16 byte multiple in the payload portion of the
-          packet. This matches what w2k3 does */
-       c->security_state.auth_info->auth_pad_length = 
+          packet. This matches what w2k3 does. Note that we can't use
+          ndr_push_align() as that is relative to the start of the
+          whole packet, whereas w2k8 wants it relative to the start
+          of the stub */
+       c->security_state.auth_info->auth_pad_length =
                (16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
        ndr_err = ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                return ndr_map_error2ntstatus(ndr_err);
        }
-       status = NT_STATUS_OK;
 
        payload_length = pkt->u.request.stub_and_verifier.length + 
                c->security_state.auth_info->auth_pad_length;
@@ -400,7 +829,6 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                return ndr_map_error2ntstatus(ndr_err);
        }
-       status = NT_STATUS_OK;
 
        /* extract the whole packet as a blob */
        *blob = ndr_push_blob(ndr);
@@ -448,11 +876,17 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
        }
 
        if (creds2.length != sig_size) {
-               DEBUG(0,("dcesrv_auth_response: creds2.length[%u] != sig_size[%u] pad[%u] stub[%u]\n",
-                       creds2.length, (uint32_t)sig_size,
-                       c->security_state.auth_info->auth_pad_length,
-                       pkt->u.request.stub_and_verifier.length));
-               return NT_STATUS_INTERNAL_ERROR;
+               /* this means the sig_size estimate for the signature
+                  was incorrect. We have to correct the packet
+                  sizes. That means we could go over the max fragment
+                  length */
+               DEBUG(3,("ncacn_push_request_sign: creds2.length[%u] != sig_size[%u] pad[%u] stub[%u]\n",
+                       (unsigned) creds2.length,
+                       (unsigned) sig_size,
+                       (unsigned) c->security_state.auth_info->auth_pad_length,
+                       (unsigned) pkt->u.request.stub_and_verifier.length));
+               dcerpc_set_frag_length(blob, blob->length + creds2.length);
+               dcerpc_set_auth_length(blob, creds2.length);
        }
 
        if (!data_blob_append(mem_ctx, blob, creds2.data, creds2.length)) {
@@ -466,7 +900,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 /* 
    fill in the fixed values in a dcerpc header 
 */
-static void init_ncacn_hdr(struct dcerpc_connection *c, struct ncacn_packet *pkt)
+static void init_ncacn_hdr(struct dcecli_connection *c, struct ncacn_packet *pkt)
 {
        pkt->rpc_vers = 5;
        pkt->rpc_vers_minor = 0;
@@ -526,7 +960,7 @@ static int dcerpc_req_dequeue(struct rpc_request *req)
 /*
   mark the dcerpc connection dead. All outstanding requests get an error
 */
-static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status)
+static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status)
 {
        if (conn->dead) return;
 
@@ -557,7 +991,7 @@ static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS stat
   forward declarations of the recv_data handlers for the types of
   packets we need to handle
 */
-static void dcerpc_request_recv_data(struct dcerpc_connection *c, 
+static void dcerpc_request_recv_data(struct dcecli_connection *c, 
                                     DATA_BLOB *raw_packet, struct ncacn_packet *pkt);
 
 /*
@@ -565,7 +999,7 @@ static void dcerpc_request_recv_data(struct dcerpc_connection *c,
   type of reply it is (normal request, bind or alter context) and
   dispatch to the appropriate handler
 */
-static void dcerpc_recv_data(struct dcerpc_connection *conn, DATA_BLOB *blob, NTSTATUS status)
+static void dcerpc_recv_data(struct dcecli_connection *conn, DATA_BLOB *blob, NTSTATUS status)
 {
        struct ncacn_packet pkt;
 
@@ -591,7 +1025,6 @@ static void dcerpc_recv_data(struct dcerpc_connection *conn, DATA_BLOB *blob, NT
        dcerpc_request_recv_data(conn, blob, &pkt);
 }
 
-
 /*
   Receive a bind reply from the transport
 */
@@ -599,7 +1032,7 @@ static void dcerpc_bind_recv_handler(struct rpc_request *req,
                                     DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
 {
        struct composite_context *c;
-       struct dcerpc_connection *conn;
+       struct dcecli_connection *conn;
 
        c = talloc_get_type(req->async.private_data, struct composite_context);
 
@@ -614,6 +1047,7 @@ static void dcerpc_bind_recv_handler(struct rpc_request *req,
        if ((pkt->ptype != DCERPC_PKT_BIND_ACK) ||
            (pkt->u.bind_ack.num_results == 0) ||
            (pkt->u.bind_ack.ctx_list[0].result != 0)) {
+               req->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
                composite_error(c, NT_STATUS_NET_WRITE_FAULT);
                return;
        }
@@ -634,17 +1068,14 @@ static void dcerpc_bind_recv_handler(struct rpc_request *req,
        }
 
        /* the bind_ack might contain a reply set of credentials */
-       if (conn->security_state.auth_info &&
-           pkt->u.bind_ack.auth_info.length) {
-               enum ndr_err_code ndr_err;
-               ndr_err = ndr_pull_struct_blob(
-                       &pkt->u.bind_ack.auth_info, conn,
-                       NULL,
-                       conn->security_state.auth_info,
-                       (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
-               if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                       c->status = ndr_map_error2ntstatus(ndr_err);
-                       if (!composite_is_ok(c)) return;
+       if (conn->security_state.auth_info && pkt->u.bind_ack.auth_info.length) {
+               NTSTATUS status;
+               uint32_t auth_length;
+               status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.bind_ack.auth_info,
+                                                 conn->security_state.auth_info, &auth_length, true);
+               if (!NT_STATUS_IS_OK(status)) {
+                       composite_error(c, status);
+                       return;
                }
        }
 
@@ -723,7 +1154,7 @@ struct composite_context *dcerpc_bind_send(struct dcerpc_pipe *p,
        pkt.u.bind.auth_info = data_blob(NULL, 0);
 
        /* construct the NDR form of the packet */
-       c->status = ncacn_push_auth(&blob, c, p->conn->iconv_convenience, &pkt,
+       c->status = ncacn_push_auth(&blob, c, &pkt,
                                    p->conn->security_state.auth_info);
        if (!composite_is_ok(c)) return c;
 
@@ -782,7 +1213,6 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p,
        pkt.pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
        pkt.call_id = next_call_id(p->conn);
        pkt.auth_length = 0;
-       pkt.u.auth3._pad = 0;
        pkt.u.auth3.auth_info = data_blob(NULL, 0);
 
        if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
@@ -795,7 +1225,6 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p,
 
        /* construct the NDR form of the packet */
        status = ncacn_push_auth(&blob, mem_ctx,
-                                p->conn->iconv_convenience,
                                 &pkt,
                                 p->conn->security_state.auth_info);
        if (!NT_STATUS_IS_OK(status)) {
@@ -818,11 +1247,11 @@ NTSTATUS dcerpc_auth3(struct dcerpc_pipe *p,
 
   This function frees the data 
 */
-static void dcerpc_request_recv_data(struct dcerpc_connection *c, 
+static void dcerpc_request_recv_data(struct dcecli_connection *c, 
                                     DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
 {
        struct rpc_request *req;
-       uint_t length;
+       unsigned int length;
        NTSTATUS status = NT_STATUS_OK;
 
        /*
@@ -938,7 +1367,6 @@ req_done:
 static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p, 
                                               const struct GUID *object,
                                               uint16_t opnum,
-                                              bool async,
                                               DATA_BLOB *stub_data)
 {
        struct rpc_request *req;
@@ -957,7 +1385,6 @@ static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p,
        req->payload = data_blob(NULL, 0);
        req->flags = 0;
        req->fault_code = 0;
-       req->async_call = async;
        req->ignore_timeout = false;
        req->async.callback = NULL;
        req->async.private_data = NULL;
@@ -998,7 +1425,7 @@ static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p,
   Send a request using the transport
 */
 
-static void dcerpc_ship_next_request(struct dcerpc_connection *c)
+static void dcerpc_ship_next_request(struct dcecli_connection *c)
 {
        struct rpc_request *req;
        struct dcerpc_pipe *p;
@@ -1008,6 +1435,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
        uint32_t remaining, chunk_size;
        bool first_packet = true;
        size_t sig_size = 0;
+       bool need_async = false;
 
        req = c->request_queue;
        if (req == NULL) {
@@ -1017,8 +1445,8 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
        p = req->p;
        stub_data = &req->request_data;
 
-       if (!req->async_call && (c->pending != NULL)) {
-               return;
+       if (c->pending) {
+               need_async = true;
        }
 
        DLIST_REMOVE(c->request_queue, req);
@@ -1055,7 +1483,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
        if (req->object) {
                pkt.u.request.object.object = *req->object;
                pkt.pfc_flags |= DCERPC_PFC_FLAG_OBJECT_UUID;
-               chunk_size -= ndr_size_GUID(req->object,NULL,0);
+               chunk_size -= ndr_size_GUID(req->object,0);
        }
 
        /* we send a series of pdus without waiting for a reply */
@@ -1086,7 +1514,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c)
                        return;
                }
 
-               if (last_frag && !req->async_call) {
+               if (last_frag && !need_async) {
                        do_trans = true;
                }
 
@@ -1124,9 +1552,9 @@ _PUBLIC_ struct tevent_context *dcerpc_event_context(struct dcerpc_pipe *p)
 /*
   perform the receive side of a async dcerpc request
 */
-NTSTATUS dcerpc_request_recv(struct rpc_request *req,
-                            TALLOC_CTX *mem_ctx,
-                            DATA_BLOB *stub_data)
+static NTSTATUS dcerpc_request_recv(struct rpc_request *req,
+                                   TALLOC_CTX *mem_ctx,
+                                   DATA_BLOB *stub_data)
 {
        NTSTATUS status;
 
@@ -1148,34 +1576,13 @@ NTSTATUS dcerpc_request_recv(struct rpc_request *req,
        return status;
 }
 
-/*
-  perform a full request/response pair on a dcerpc pipe
-*/
-NTSTATUS dcerpc_request(struct dcerpc_pipe *p, 
-                       struct GUID *object,
-                       uint16_t opnum,
-                       TALLOC_CTX *mem_ctx,
-                       DATA_BLOB *stub_data_in,
-                       DATA_BLOB *stub_data_out)
-{
-       struct rpc_request *req;
-
-       req = dcerpc_request_send(p, object, opnum, false, stub_data_in);
-       if (req == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       return dcerpc_request_recv(req, mem_ctx, stub_data_out);
-}
-
-
 /*
   this is a paranoid NDR validator. For every packet we push onto the wire
   we pull it back again, then push it again. Then we compare the raw NDR data
   for that to the NDR we initially generated. If they don't match then we know
   we must have a bug in either the pull or push side of our code
 */
-static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_connection *c, 
+static NTSTATUS dcerpc_ndr_validate_in(struct dcecli_connection *c, 
                                       TALLOC_CTX *mem_ctx,
                                       DATA_BLOB blob,
                                       size_t struct_size,
@@ -1199,6 +1606,14 @@ static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_connection *c,
        }
        pull->flags |= LIBNDR_FLAG_REF_ALLOC;
 
+       if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+               pull->flags |= LIBNDR_FLAG_BIGENDIAN;
+       }
+
+       if (c->flags & DCERPC_NDR64) {
+               pull->flags |= LIBNDR_FLAG_NDR64;
+       }
+
        ndr_err = ndr_pull(pull, NDR_IN, st);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
@@ -1208,11 +1623,19 @@ static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_connection *c,
                return ndr_map_error2ntstatus(ndr_err);
        }
 
-       push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+       push = ndr_push_init_ctx(mem_ctx);
        if (!push) {
                return NT_STATUS_NO_MEMORY;
        }       
 
+       if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+               push->flags |= LIBNDR_FLAG_BIGENDIAN;
+       }
+
+       if (c->flags & DCERPC_NDR64) {
+               push->flags |= LIBNDR_FLAG_NDR64;
+       }
+
        ndr_err = ndr_push(push, NDR_IN, st);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
@@ -1244,7 +1667,7 @@ static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_connection *c,
   initially generated. If they don't match then we know we must have a
   bug in either the pull or push side of our code
 */
-static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_connection *c,
+static NTSTATUS dcerpc_ndr_validate_out(struct dcecli_connection *c,
                                        struct ndr_pull *pull_in,
                                        void *struct_ptr,
                                        size_t struct_size,
@@ -1266,7 +1689,7 @@ static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_connection *c,
        }
        memcpy(st, struct_ptr, struct_size);
 
-       push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+       push = ndr_push_init_ctx(mem_ctx);
        if (!push) {
                return NT_STATUS_NO_MEMORY;
        }       
@@ -1297,7 +1720,7 @@ static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_connection *c,
                return ndr_map_error2ntstatus(ndr_err);
        }
 
-       push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+       push = ndr_push_init_ctx(mem_ctx);
        if (!push) {
                return NT_STATUS_NO_MEMORY;
        }       
@@ -1347,191 +1770,6 @@ static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_connection *c,
        return NT_STATUS_OK;
 }
 
-
-/**
- send a rpc request given a dcerpc_call structure 
- */
-struct rpc_request *dcerpc_ndr_request_send(struct dcerpc_pipe *p,
-                                           const struct GUID *object,
-                                           const struct ndr_interface_table *table,
-                                           uint32_t opnum,
-                                           bool async,
-                                           TALLOC_CTX *mem_ctx,
-                                           void *r)
-{
-       const struct ndr_interface_call *call;
-       struct ndr_push *push;
-       NTSTATUS status;
-       DATA_BLOB request;
-       struct rpc_request *req;
-       enum ndr_err_code ndr_err;
-
-       call = &table->calls[opnum];
-
-       /* setup for a ndr_push_* call */
-       push = ndr_push_init_ctx(mem_ctx, p->conn->iconv_convenience);
-       if (!push) {
-               return NULL;
-       }
-
-       if (p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
-               push->flags |= LIBNDR_FLAG_BIGENDIAN;
-       }
-
-       /* push the structure into a blob */
-       ndr_err = call->ndr_push(push, NDR_IN, r);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               status = ndr_map_error2ntstatus(ndr_err);
-               DEBUG(2,("Unable to ndr_push structure in dcerpc_ndr_request_send - %s\n",
-                        nt_errstr(status)));
-               talloc_free(push);
-               return NULL;
-       }
-
-       /* retrieve the blob */
-       request = ndr_push_blob(push);
-
-       if (p->conn->flags & DCERPC_DEBUG_VALIDATE_IN) {
-               status = dcerpc_ndr_validate_in(p->conn, push, request, call->struct_size, 
-                                               call->ndr_push, call->ndr_pull);
-               if (!NT_STATUS_IS_OK(status)) {
-                       DEBUG(2,("Validation failed in dcerpc_ndr_request_send - %s\n",
-                                nt_errstr(status)));
-                       talloc_free(push);
-                       return NULL;
-               }
-       }
-
-       DEBUG(10,("rpc request data:\n"));
-       dump_data(10, request.data, request.length);
-
-       /* make the actual dcerpc request */
-       req = dcerpc_request_send(p, object, opnum, async, &request);
-
-       if (req != NULL) {
-               req->ndr.table = table;
-               req->ndr.opnum = opnum;
-               req->ndr.struct_ptr = r;
-               req->ndr.mem_ctx = mem_ctx;
-       }
-
-       talloc_free(push);
-
-       return req;
-}
-
-/*
-  receive the answer from a dcerpc_ndr_request_send()
-*/
-_PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req)
-{
-       struct dcerpc_pipe *p = req->p;
-       NTSTATUS status;
-       DATA_BLOB response;
-       struct ndr_pull *pull;
-       uint_t flags;
-       TALLOC_CTX *mem_ctx = req->ndr.mem_ctx;
-       void *r = req->ndr.struct_ptr;
-       uint32_t opnum = req->ndr.opnum;
-       const struct ndr_interface_table *table = req->ndr.table;
-       const struct ndr_interface_call *call = &table->calls[opnum];
-       enum ndr_err_code ndr_err;
-
-       /* make sure the recv code doesn't free the request, as we
-          need to grab the flags element before it is freed */
-       if (talloc_reference(p, req) == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       status = dcerpc_request_recv(req, mem_ctx, &response);
-       if (!NT_STATUS_IS_OK(status)) {
-               talloc_unlink(p, req);
-               return status;
-       }
-
-       flags = req->flags;
-
-       /* prepare for ndr_pull_* */
-       pull = ndr_pull_init_flags(p->conn, &response, mem_ctx);
-       if (!pull) {
-               talloc_unlink(p, req);
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       if (pull->data) {
-               pull->data = talloc_steal(pull, pull->data);
-       }
-       talloc_unlink(p, req);
-
-       if (flags & DCERPC_PULL_BIGENDIAN) {
-               pull->flags |= LIBNDR_FLAG_BIGENDIAN;
-       }
-
-       DEBUG(10,("rpc reply data:\n"));
-       dump_data(10, pull->data, pull->data_size);
-
-       /* pull the structure from the blob */
-       ndr_err = call->ndr_pull(pull, NDR_OUT, r);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-               status = ndr_map_error2ntstatus(ndr_err);
-               dcerpc_log_packet(p->conn->packet_log_dir,
-                                                 table, opnum, NDR_OUT, 
-                                                 &response);
-               return status;
-       }
-
-       if (p->conn->flags & DCERPC_DEBUG_VALIDATE_OUT) {
-               status = dcerpc_ndr_validate_out(p->conn, pull, r, call->struct_size, 
-                                                call->ndr_push, call->ndr_pull, 
-                                                call->ndr_print);
-               if (!NT_STATUS_IS_OK(status)) {
-                       dcerpc_log_packet(p->conn->packet_log_dir, 
-                                                         table, opnum, NDR_OUT, 
-                                 &response);
-                       return status;
-               }
-       }
-
-       if (pull->offset != pull->data_size) {
-               DEBUG(0,("Warning! ignoring %d unread bytes in rpc packet!\n", 
-                        pull->data_size - pull->offset));
-               /* we used to return NT_STATUS_INFO_LENGTH_MISMATCH here,
-                  but it turns out that early versions of NT
-                  (specifically NT3.1) add junk onto the end of rpc
-                  packets, so if we want to interoperate at all with
-                  those versions then we need to ignore this error */
-       }
-
-       /* TODO: make pull context independent from the output mem_ctx and free the pull context */
-
-       return NT_STATUS_OK;
-}
-
-
-/*
-  a useful helper function for synchronous rpc requests 
-
-  this can be used when you have ndr push/pull functions in the
-  standard format
-*/
-_PUBLIC_ NTSTATUS dcerpc_ndr_request(struct dcerpc_pipe *p,
-                           const struct GUID *object,
-                           const struct ndr_interface_table *table,
-                           uint32_t opnum, 
-                           TALLOC_CTX *mem_ctx, 
-                           void *r)
-{
-       struct rpc_request *req;
-
-       req = dcerpc_ndr_request_send(p, object, table, opnum, false, mem_ctx, r);
-       if (req == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       return dcerpc_ndr_request_recv(req);
-}
-
-
 /*
   a useful function for retrieving the server name we connected to
 */
@@ -1550,7 +1788,7 @@ _PUBLIC_ const char *dcerpc_server_name(struct dcerpc_pipe *p)
 /*
   get the dcerpc auth_level for a open connection
 */
-uint32_t dcerpc_auth_level(struct dcerpc_connection *c) 
+uint32_t dcerpc_auth_level(struct dcecli_connection *c) 
 {
        uint8_t auth_level;
 
@@ -1587,9 +1825,17 @@ static void dcerpc_alter_recv_handler(struct rpc_request *req,
                return;
        }
 
+       if (pkt->ptype == DCERPC_PKT_FAULT) {
+               DEBUG(5,("rpc fault: %s\n", dcerpc_errstr(c, pkt->u.fault.status)));
+               recv_pipe->last_fault_code = pkt->u.fault.status;
+               composite_error(c, NT_STATUS_NET_WRITE_FAULT);
+               return;
+       }
+
        if (pkt->ptype != DCERPC_PKT_ALTER_RESP ||
            pkt->u.alter_resp.num_results == 0 ||
            pkt->u.alter_resp.ctx_list[0].result != 0) {
+               recv_pipe->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
                composite_error(c, NT_STATUS_NET_WRITE_FAULT);
                return;
        }
@@ -1597,15 +1843,14 @@ static void dcerpc_alter_recv_handler(struct rpc_request *req,
        /* the alter_resp might contain a reply set of credentials */
        if (recv_pipe->conn->security_state.auth_info &&
            pkt->u.alter_resp.auth_info.length) {
-               enum ndr_err_code ndr_err;
-               ndr_err = ndr_pull_struct_blob(
-                       &pkt->u.alter_resp.auth_info, recv_pipe,
-                       NULL,
-                       recv_pipe->conn->security_state.auth_info,
-                       (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
-               if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                       c->status = ndr_map_error2ntstatus(ndr_err);
-                       if (!composite_is_ok(c)) return;
+               struct dcecli_connection *conn = recv_pipe->conn;
+               NTSTATUS status;
+               uint32_t auth_length;
+               status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.alter_resp.auth_info,
+                                                 conn->security_state.auth_info, &auth_length, true);
+               if (!NT_STATUS_IS_OK(status)) {
+                       composite_error(c, status);
+                       return;
                }
        }
 
@@ -1661,7 +1906,7 @@ struct composite_context *dcerpc_alter_context_send(struct dcerpc_pipe *p,
        pkt.u.alter.auth_info = data_blob(NULL, 0);
 
        /* construct the NDR form of the packet */
-       c->status = ncacn_push_auth(&blob, mem_ctx, p->conn->iconv_convenience, &pkt,
+       c->status = ncacn_push_auth(&blob, mem_ctx, &pkt,
                                    p->conn->security_state.auth_info);
        if (!composite_is_ok(c)) return c;
 
@@ -1712,3 +1957,4 @@ _PUBLIC_ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p,
        creq = dcerpc_alter_context_send(p, mem_ctx, syntax, transfer_syntax);
        return dcerpc_alter_context_recv(creq);
 }
+