git.samba.org / sfrench / samba-autobuild / .git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
s3:rpc: Fix is_known_pipename for dynamically loaded pipes
[sfrench/samba-autobuild/.git] / source3 / rpc_server / srv_pipe.c
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index f33ee88aec4e57dcc57c7d87734bc5c6c5f03e8d..a246b6db50d6d795c37d893825d73c352975fe40 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -28,8 +28,12 @@
  */
 
 #include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_schannel.h"
+#include "../libcli/auth/schannel.h"
+#include "../libcli/auth/schannel_proto.h"
+#include "../libcli/auth/spnego.h"
 
-extern struct pipe_id_info pipe_names[];
 extern struct current_user current_user;
 
 #undef DBGC_CLASS
@@ -62,7 +66,6 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
        uint32 data_space_available;
        uint32 data_len_left;
        uint32 data_len;
-       prs_struct outgoing_pdu;
        NTSTATUS status;
        DATA_BLOB auth_blob;
        RPC_HDR_AUTH auth_info;
@@ -82,11 +85,11 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
        memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
 
        /* Change the incoming request header to a response. */
-       p->hdr.pkt_type = RPC_RESPONSE;
+       p->hdr.pkt_type = DCERPC_PKT_RESPONSE;
 
        /* Set up rpc header flags. */
        if (p->out_data.data_sent_length == 0) {
-               p->hdr.flags = RPC_FLG_FIRST;
+               p->hdr.flags = DCERPC_PFC_FLAG_FIRST;
        } else {
                p->hdr.flags = 0;
        }
@@ -106,8 +109,8 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
                return False;
        }
 
-       data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN -
-                                       RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE;
+       data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
+               - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - NTLMSSP_SIG_SIZE;
 
        /*
         * The amount we send is the minimum of the available
@@ -128,7 +131,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
         */
 
        if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
-               p->hdr.flags |= RPC_FLG_LAST;
+               p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
                if (data_len_left % 8) {
                        ss_padding_len = 8 - (data_len_left % 8);
                        DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n",
@@ -151,27 +154,27 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
         * data.
         */
 
-       prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
-       prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /* Store the header in the data stream. */
-       if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr("hdr", &p->hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("create_next_pdu_ntlmssp: failed to marshall RPC_HDR.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
-       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &p->out_data.frag, 0)) {
                DEBUG(0,("create_next_pdu_ntlmssp: failed to marshall RPC_HDR_RESP.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        /* Copy the data into the PDU. */
 
-       if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
+       if(!prs_append_some_prs_data(&p->out_data.frag, &p->out_data.rdata,
+                                    p->out_data.data_sent_length, data_len)) {
                DEBUG(0,("create_next_pdu_ntlmssp: failed to copy %u bytes of data.\n", (unsigned int)data_len));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
@@ -180,10 +183,11 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
                char pad[8];
 
                memset(pad, '\0', 8);
-               if (!prs_copy_data_in(&outgoing_pdu, pad, ss_padding_len)) {
+               if (!prs_copy_data_in(&p->out_data.frag, pad,
+                                     ss_padding_len)) {
                        DEBUG(0,("create_next_pdu_ntlmssp: failed to add %u bytes of pad data.\n",
                                        (unsigned int)ss_padding_len));
-                       prs_mem_free(&outgoing_pdu);
+                       prs_mem_free(&p->out_data.frag);
                        return False;
                }
        }
@@ -191,65 +195,71 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
 
        /* Now write out the auth header and null blob. */
        if (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) {
-               auth_type = RPC_NTLMSSP_AUTH_TYPE;
+               auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
        } else {
-               auth_type = RPC_SPNEGO_AUTH_TYPE;
+               auth_type = DCERPC_AUTH_TYPE_SPNEGO;
        }
-       if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
-               auth_level = RPC_AUTH_LEVEL_PRIVACY;
+       if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+               auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
        } else {
-               auth_level = RPC_AUTH_LEVEL_INTEGRITY;
+               auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
        }
 
        init_rpc_hdr_auth(&auth_info, auth_type, auth_level, ss_padding_len, 1 /* context id. */);
-       if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &p->out_data.frag,
+                               0)) {
                DEBUG(0,("create_next_pdu_ntlmssp: failed to marshall RPC_HDR_AUTH.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        /* Generate the sign blob. */
 
        switch (p->auth.auth_level) {
-               case PIPE_AUTH_LEVEL_PRIVACY:
+               case DCERPC_AUTH_LEVEL_PRIVACY:
                        /* Data portion is encrypted. */
-                       status = ntlmssp_seal_packet(a->ntlmssp_state,
-                                                       (unsigned char *)prs_data_p(&outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
-                                                       data_len + ss_padding_len,
-                                                       (unsigned char *)prs_data_p(&outgoing_pdu),
-                                                       (size_t)prs_offset(&outgoing_pdu),
-                                                       &auth_blob);
+                       status = ntlmssp_seal_packet(
+                               a->ntlmssp_state,
+                               (uint8_t *)prs_data_p(&p->out_data.frag)
+                               + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
+                               data_len + ss_padding_len,
+                               (unsigned char *)prs_data_p(&p->out_data.frag),
+                               (size_t)prs_offset(&p->out_data.frag),
+                               &auth_blob);
                        if (!NT_STATUS_IS_OK(status)) {
                                data_blob_free(&auth_blob);
-                               prs_mem_free(&outgoing_pdu);
+                               prs_mem_free(&p->out_data.frag);
                                return False;
                        }
                        break;
-               case PIPE_AUTH_LEVEL_INTEGRITY:
+               case DCERPC_AUTH_LEVEL_INTEGRITY:
                        /* Data is signed. */
-                       status = ntlmssp_sign_packet(a->ntlmssp_state,
-                                                       (unsigned char *)prs_data_p(&outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
-                                                       data_len + ss_padding_len,
-                                                       (unsigned char *)prs_data_p(&outgoing_pdu),
-                                                       (size_t)prs_offset(&outgoing_pdu),
-                                                       &auth_blob);
+                       status = ntlmssp_sign_packet(
+                               a->ntlmssp_state,
+                               (unsigned char *)prs_data_p(&p->out_data.frag)
+                               + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
+                               data_len + ss_padding_len,
+                               (unsigned char *)prs_data_p(&p->out_data.frag),
+                               (size_t)prs_offset(&p->out_data.frag),
+                               &auth_blob);
                        if (!NT_STATUS_IS_OK(status)) {
                                data_blob_free(&auth_blob);
-                               prs_mem_free(&outgoing_pdu);
+                               prs_mem_free(&p->out_data.frag);
                                return False;
                        }
                        break;
                default:
-                       prs_mem_free(&outgoing_pdu);
+                       prs_mem_free(&p->out_data.frag);
                        return False;
        }
 
        /* Append the auth blob. */
-       if (!prs_copy_data_in(&outgoing_pdu, (char *)auth_blob.data, NTLMSSP_SIG_SIZE)) {
+       if (!prs_copy_data_in(&p->out_data.frag, (char *)auth_blob.data,
+                             NTLMSSP_SIG_SIZE)) {
                DEBUG(0,("create_next_pdu_ntlmssp: failed to add %u bytes auth blob.\n",
                                (unsigned int)NTLMSSP_SIG_SIZE));
                data_blob_free(&auth_blob);
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
@@ -260,10 +270,8 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
         */
 
        p->out_data.data_sent_length += data_len;
-       p->out_data.current_pdu_len = p->hdr.frag_len;
        p->out_data.current_pdu_sent = 0;
 
-       prs_mem_free(&outgoing_pdu);
        return True;
 }
 
@@ -279,8 +287,8 @@ static bool create_next_pdu_schannel(pipes_struct *p)
        uint32 data_len;
        uint32 data_space_available;
        uint32 data_len_left;
-       prs_struct outgoing_pdu;
        uint32 data_pos;
+       NTSTATUS status;
 
        /*
         * If we're in the fault state, keep returning fault PDU's until
@@ -295,11 +303,11 @@ static bool create_next_pdu_schannel(pipes_struct *p)
        memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
 
        /* Change the incoming request header to a response. */
-       p->hdr.pkt_type = RPC_RESPONSE;
+       p->hdr.pkt_type = DCERPC_PKT_RESPONSE;
 
        /* Set up rpc header flags. */
        if (p->out_data.data_sent_length == 0) {
-               p->hdr.flags = RPC_FLG_FIRST;
+               p->hdr.flags = DCERPC_PFC_FLAG_FIRST;
        } else {
                p->hdr.flags = 0;
        }
@@ -319,8 +327,9 @@ static bool create_next_pdu_schannel(pipes_struct *p)
                return False;
        }
 
-       data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN -
-                                       RPC_HDR_AUTH_LEN - RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;
+       data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
+               - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN
+               - RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN;
 
        /*
         * The amount we send is the minimum of the available
@@ -341,7 +350,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
         */
 
        if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
-               p->hdr.flags |= RPC_FLG_LAST;
+               p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
                if (data_len_left % 8) {
                        ss_padding_len = 8 - (data_len_left % 8);
                        DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n",
@@ -358,30 +367,30 @@ static bool create_next_pdu_schannel(pipes_struct *p)
         * data.
         */
 
-       prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
-       prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /* Store the header in the data stream. */
-       if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr("hdr", &p->hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("create_next_pdu_schannel: failed to marshall RPC_HDR.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
-       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &p->out_data.frag, 0)) {
                DEBUG(0,("create_next_pdu_schannel: failed to marshall RPC_HDR_RESP.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        /* Store the current offset. */
-       data_pos = prs_offset(&outgoing_pdu);
+       data_pos = prs_offset(&p->out_data.frag);
 
        /* Copy the data into the PDU. */
 
-       if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
+       if(!prs_append_some_prs_data(&p->out_data.frag, &p->out_data.rdata,
+                                    p->out_data.data_sent_length, data_len)) {
                DEBUG(0,("create_next_pdu_schannel: failed to copy %u bytes of data.\n", (unsigned int)data_len));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
@@ -389,9 +398,10 @@ static bool create_next_pdu_schannel(pipes_struct *p)
        if (ss_padding_len) {
                char pad[8];
                memset(pad, '\0', 8);
-               if (!prs_copy_data_in(&outgoing_pdu, pad, ss_padding_len)) {
+               if (!prs_copy_data_in(&p->out_data.frag, pad,
+                                     ss_padding_len)) {
                        DEBUG(0,("create_next_pdu_schannel: failed to add %u bytes of pad data.\n", (unsigned int)ss_padding_len));
-                       prs_mem_free(&outgoing_pdu);
+                       prs_mem_free(&p->out_data.frag);
                        return False;
                }
        }
@@ -400,37 +410,66 @@ static bool create_next_pdu_schannel(pipes_struct *p)
                /*
                 * Schannel processing.
                 */
-               char *data;
                RPC_HDR_AUTH auth_info;
-               RPC_AUTH_SCHANNEL_CHK verf;
+               DATA_BLOB blob;
+               uint8_t *data;
 
-               data = prs_data_p(&outgoing_pdu) + data_pos;
                /* Check it's the type of reply we were expecting to decode */
 
                init_rpc_hdr_auth(&auth_info,
-                               RPC_SCHANNEL_AUTH_TYPE,
-                               p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY ?
-                                       RPC_AUTH_LEVEL_PRIVACY : RPC_AUTH_LEVEL_INTEGRITY,
+                               DCERPC_AUTH_TYPE_SCHANNEL,
+                               p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY ?
+                                       DCERPC_AUTH_LEVEL_PRIVACY : DCERPC_AUTH_LEVEL_INTEGRITY,
                                ss_padding_len, 1);
 
-               if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
+               if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info,
+                                       &p->out_data.frag, 0)) {
                        DEBUG(0,("create_next_pdu_schannel: failed to marshall RPC_HDR_AUTH.\n"));
-                       prs_mem_free(&outgoing_pdu);
+                       prs_mem_free(&p->out_data.frag);
                        return False;
                }
 
-               schannel_encode(p->auth.a_u.schannel_auth, 
-                             p->auth.auth_level,
-                             SENDER_IS_ACCEPTOR,
-                             &verf, data, data_len + ss_padding_len);
+               data = (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos;
 
-               if (!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, 
-                               &verf, &outgoing_pdu, 0)) {
-                       prs_mem_free(&outgoing_pdu);
-                       return False;
+               switch (p->auth.auth_level) {
+               case DCERPC_AUTH_LEVEL_PRIVACY:
+                       status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+                                                       talloc_tos(),
+                                                       true,
+                                                       data,
+                                                       data_len + ss_padding_len,
+                                                       &blob);
+                       break;
+               case DCERPC_AUTH_LEVEL_INTEGRITY:
+                       status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+                                                       talloc_tos(),
+                                                       false,
+                                                       data,
+                                                       data_len + ss_padding_len,
+                                                       &blob);
+                       break;
+               default:
+                       status = NT_STATUS_INTERNAL_ERROR;
+                       break;
                }
 
-               p->auth.a_u.schannel_auth->seq_num++;
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(0,("create_next_pdu_schannel: failed to process packet: %s\n",
+                               nt_errstr(status)));
+                       prs_mem_free(&p->out_data.frag);
+                       return false;
+               }
+
+               /* Finally marshall the blob. */
+
+               if (DEBUGLEVEL >= 10) {
+                       dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
+               }
+
+               if (!prs_copy_data_in(&p->out_data.frag, (const char *)blob.data, blob.length)) {
+                       prs_mem_free(&p->out_data.frag);
+                       return false;
+               }
        }
 
        /*
@@ -438,10 +477,8 @@ static bool create_next_pdu_schannel(pipes_struct *p)
         */
 
        p->out_data.data_sent_length += data_len;
-       p->out_data.current_pdu_len = p->hdr.frag_len;
        p->out_data.current_pdu_sent = 0;
 
-       prs_mem_free(&outgoing_pdu);
        return True;
 }
 
@@ -456,7 +493,6 @@ static bool create_next_pdu_noauth(pipes_struct *p)
        uint32 data_len;
        uint32 data_space_available;
        uint32 data_len_left;
-       prs_struct outgoing_pdu;
 
        /*
         * If we're in the fault state, keep returning fault PDU's until
@@ -471,11 +507,11 @@ static bool create_next_pdu_noauth(pipes_struct *p)
        memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
 
        /* Change the incoming request header to a response. */
-       p->hdr.pkt_type = RPC_RESPONSE;
+       p->hdr.pkt_type = DCERPC_PKT_RESPONSE;
 
        /* Set up rpc header flags. */
        if (p->out_data.data_sent_length == 0) {
-               p->hdr.flags = RPC_FLG_FIRST;
+               p->hdr.flags = DCERPC_PFC_FLAG_FIRST;
        } else {
                p->hdr.flags = 0;
        }
@@ -495,7 +531,8 @@ static bool create_next_pdu_noauth(pipes_struct *p)
                return False;
        }
 
-       data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+       data_space_available = RPC_MAX_PDU_FRAG_LEN - RPC_HEADER_LEN
+               - RPC_HDR_RESP_LEN;
 
        /*
         * The amount we send is the minimum of the available
@@ -516,7 +553,7 @@ static bool create_next_pdu_noauth(pipes_struct *p)
         */
 
        if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
-               p->hdr.flags |= RPC_FLG_LAST;
+               p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
        }
 
        /*
@@ -531,27 +568,27 @@ static bool create_next_pdu_noauth(pipes_struct *p)
         * data.
         */
 
-       prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
-       prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /* Store the header in the data stream. */
-       if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr("hdr", &p->hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("create_next_pdu_noath: failed to marshall RPC_HDR.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
-       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &p->out_data.frag, 0)) {
                DEBUG(0,("create_next_pdu_noath: failed to marshall RPC_HDR_RESP.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        /* Copy the data into the PDU. */
 
-       if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
+       if(!prs_append_some_prs_data(&p->out_data.frag, &p->out_data.rdata,
+                                    p->out_data.data_sent_length, data_len)) {
                DEBUG(0,("create_next_pdu_noauth: failed to copy %u bytes of data.\n", (unsigned int)data_len));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
@@ -560,10 +597,8 @@ static bool create_next_pdu_noauth(pipes_struct *p)
         */
 
        p->out_data.data_sent_length += data_len;
-       p->out_data.current_pdu_len = p->hdr.frag_len;
        p->out_data.current_pdu_sent = 0;
 
-       prs_mem_free(&outgoing_pdu);
        return True;
 }
 
@@ -574,11 +609,11 @@ static bool create_next_pdu_noauth(pipes_struct *p)
 bool create_next_pdu(pipes_struct *p)
 {
        switch(p->auth.auth_level) {
-               case PIPE_AUTH_LEVEL_NONE:
-               case PIPE_AUTH_LEVEL_CONNECT:
+               case DCERPC_AUTH_LEVEL_NONE:
+               case DCERPC_AUTH_LEVEL_CONNECT:
                        /* This is incorrect for auth level connect. Fixme. JRA */
                        return create_next_pdu_noauth(p);
-               
+
                default:
                        switch(p->auth.auth_type) {
                                case PIPE_AUTH_TYPE_NTLMSSP:
@@ -606,24 +641,16 @@ bool create_next_pdu(pipes_struct *p)
 
 static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
 {
-       DATA_BLOB reply;
+       DATA_BLOB session_key, reply;
        NTSTATUS status;
        AUTH_NTLMSSP_STATE *a = p->auth.a_u.auth_ntlmssp_state;
+       bool ret;
 
-       DEBUG(5,("pipe_ntlmssp_verify_final: pipe %s checking user details\n", p->name));
+       DEBUG(5,("pipe_ntlmssp_verify_final: pipe %s checking user details\n",
+                get_pipe_name_from_iface(&p->syntax)));
 
        ZERO_STRUCT(reply);
 
-       memset(p->user_name, '\0', sizeof(p->user_name));
-       memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
-       memset(p->domain, '\0', sizeof(p->domain));
-       memset(p->wks, '\0', sizeof(p->wks));
-
-       /* Set up for non-authenticated user. */
-       TALLOC_FREE(p->pipe_user.nt_user_token);
-       p->pipe_user.ut.ngroups = 0;
-       SAFE_FREE( p->pipe_user.ut.groups);
-
        /* this has to be done as root in order to verify the password */
        become_root();
        status = auth_ntlmssp_update(a, *p_resp_blob, &reply);
@@ -640,67 +667,54 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
           ensure the underlying NTLMSSP flags are also set. If not we should
           refuse the bind. */
 
-       if (p->auth.auth_level == PIPE_AUTH_LEVEL_INTEGRITY) {
+       if (p->auth.auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
                if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) {
                        DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet integrity requested "
                                "but client declined signing.\n",
-                                       p->name ));
+                               get_pipe_name_from_iface(&p->syntax)));
                        return False;
                }
        }
-       if (p->auth.auth_level == PIPE_AUTH_LEVEL_PRIVACY) {
+       if (p->auth.auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
                if (!(a->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) {
                        DEBUG(0,("pipe_ntlmssp_verify_final: pipe %s : packet privacy requested "
                                "but client declined sealing.\n",
-                                       p->name ));
+                               get_pipe_name_from_iface(&p->syntax)));
                        return False;
                }
        }
-       
-       fstrcpy(p->user_name, a->ntlmssp_state->user);
-       fstrcpy(p->pipe_user_name, a->server_info->unix_name);
-       fstrcpy(p->domain, a->ntlmssp_state->domain);
-       fstrcpy(p->wks, a->ntlmssp_state->workstation);
 
-       DEBUG(5,("pipe_ntlmssp_verify_final: OK: user: %s domain: %s workstation: %s\n",
-               p->user_name, p->domain, p->wks));
+       DEBUG(5, ("pipe_ntlmssp_verify_final: OK: user: %s domain: %s "
+                 "workstation: %s\n", a->ntlmssp_state->user,
+                 a->ntlmssp_state->domain, a->ntlmssp_state->workstation));
 
-       /*
-        * Store the UNIX credential data (uid/gid pair) in the pipe structure.
-        */
+       if (a->server_info->ptok == NULL) {
+               DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
+               return False;
+       }
+
+       TALLOC_FREE(p->server_info);
+
+       p->server_info = copy_serverinfo(p, a->server_info);
+       if (p->server_info == NULL) {
+               DEBUG(0, ("copy_serverinfo failed\n"));
+               return false;
+       }
 
-       p->pipe_user.ut.uid = a->server_info->uid;
-       p->pipe_user.ut.gid = a->server_info->gid;
-       
        /*
-        * We're an authenticated bind over smbd, so the session key needs to
+        * We're an authenticated bind over smb, so the session key needs to
         * be set to "SystemLibraryDTC". Weird, but this is what Windows
         * does. See the RPC-SAMBA3SESSIONKEY.
         */
 
-       data_blob_free(&p->session_key);
-       p->session_key = generic_session_key();
-       if (!p->session_key.data) {
+       session_key = generic_session_key();
+       if (session_key.data == NULL) {
                return False;
        }
 
-       p->pipe_user.ut.ngroups = a->server_info->n_groups;
-       if (p->pipe_user.ut.ngroups) {
-               if (!(p->pipe_user.ut.groups = (gid_t *)memdup(a->server_info->groups,
-                                               sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
-                       DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
-                       return False;
-               }
-       }
+       ret = server_info_set_session_key(p->server_info, session_key);
 
-       if (a->server_info->ptok) {
-               p->pipe_user.nt_user_token =
-                       dup_nt_token(NULL, a->server_info->ptok);
-       } else {
-               DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
-               p->pipe_user.nt_user_token = NULL;
-               return False;
-       }
+       data_blob_free(&session_key);
 
        return True;
 }
@@ -714,6 +728,7 @@ struct rpc_table {
                const char *clnt;
                const char *srv;
        } pipe;
+       struct ndr_syntax_id rpc_interface;
        const struct api_struct *cmds;
        int n_cmds;
 };
@@ -728,7 +743,7 @@ static int rpc_lookup_size;
 bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
 {
        RPC_HDR_AUTH auth_info;
-       uint32 pad;
+       uint32 pad = 0;
        DATA_BLOB blob;
 
        ZERO_STRUCT(blob);
@@ -755,7 +770,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
                goto err;
        }
 
-       if (auth_info.auth_type != RPC_NTLMSSP_AUTH_TYPE) {
+       if (auth_info.auth_type != DCERPC_AUTH_TYPE_NTLMSSP) {
                DEBUG(0,("api_pipe_bind_auth3: incorrect auth type (%u).\n",
                        (unsigned int)auth_info.auth_type ));
                return False;
@@ -773,7 +788,7 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
         * The following call actually checks the challenge/response data.
         * for correctness against the given DOMAIN\user name.
         */
-       
+
        if (!pipe_ntlmssp_verify_final(p, &blob)) {
                goto err;
        }
@@ -799,7 +814,6 @@ bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
 
 static bool setup_bind_nak(pipes_struct *p)
 {
-       prs_struct outgoing_rpc;
        RPC_HDR nak_hdr;
        uint16 zero = 0;
 
@@ -812,23 +826,22 @@ static bool setup_bind_nak(pipes_struct *p)
         * header and are never sending more than one PDU here.
         */
 
-       prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL);
-       prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /*
         * Initialize a bind_nak header.
         */
 
-       init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+       init_rpc_hdr(&nak_hdr, DCERPC_PKT_BIND_NAK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
                p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
 
        /*
         * Marshall the header into the outgoing PDU.
         */
 
-       if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
+       if(!smb_io_rpc_hdr("", &nak_hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
-               prs_mem_free(&outgoing_rpc);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
@@ -836,19 +849,18 @@ static bool setup_bind_nak(pipes_struct *p)
         * Now add the reject reason.
         */
 
-       if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
-               prs_mem_free(&outgoing_rpc);
+       if(!prs_uint16("reject code", &p->out_data.frag, 0, &zero)) {
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        p->out_data.data_sent_length = 0;
-       p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
        p->out_data.current_pdu_sent = 0;
 
        if (p->auth.auth_data_free_func) {
                (*p->auth.auth_data_free_func)(&p->auth);
        }
-       p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
+       p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
        p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
        p->pipe_bound = False;
 
@@ -861,7 +873,6 @@ static bool setup_bind_nak(pipes_struct *p)
 
 bool setup_fault_pdu(pipes_struct *p, NTSTATUS status)
 {
-       prs_struct outgoing_pdu;
        RPC_HDR fault_hdr;
        RPC_HDR_RESP hdr_resp;
        RPC_HDR_FAULT fault_resp;
@@ -875,14 +886,13 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS status)
         * header and are never sending more than one PDU here.
         */
 
-       prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
-       prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /*
         * Initialize a fault header.
         */
 
-       init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
+       init_rpc_hdr(&fault_hdr, DCERPC_PKT_FAULT, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
             p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
 
        /*
@@ -898,29 +908,27 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS status)
         * Marshall the header into the outgoing PDU.
         */
 
-       if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr("", &fault_hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
-       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &p->out_data.frag, 0)) {
                DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
-       if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
+       if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &p->out_data.frag, 0)) {
                DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
-               prs_mem_free(&outgoing_pdu);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        p->out_data.data_sent_length = 0;
-       p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
        p->out_data.current_pdu_sent = 0;
 
-       prs_mem_free(&outgoing_pdu);
        return True;
 }
 
@@ -951,7 +959,7 @@ bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
         * Initialize a cancel_ack header.
         */
 
-       init_rpc_hdr(&ack_reply_hdr, RPC_CANCEL_ACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+       init_rpc_hdr(&ack_reply_hdr, DCERPC_PKT_CANCEL_ACK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
                        p->hdr.call_id, RPC_HEADER_LEN, 0);
 
        /*
@@ -978,56 +986,47 @@ bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
  Used to reject unknown binds from Win2k.
 *******************************************************************/
 
-bool check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
-                    RPC_IFACE* transfer, uint32 context_id)
+static bool check_bind_req(struct pipes_struct *p,
+                          struct ndr_syntax_id* abstract,
+                          struct ndr_syntax_id* transfer,
+                          uint32 context_id)
 {
-       char *pipe_name = p->name;
        int i=0;
-       fstring pname;
-       
-       fstrcpy(pname,"\\PIPE\\");
-       fstrcat(pname,pipe_name);
+       struct pipe_rpc_fns *context_fns;
 
-       DEBUG(3,("check_bind_req for %s\n", pname));
+       DEBUG(3,("check_bind_req for %s\n",
+                get_pipe_name_from_iface(&p->syntax)));
 
        /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
-               
-       for ( i=0; pipe_names[i].client_pipe; i++ ) {
-               DEBUGADD(10,("checking %s\n", pipe_names[i].client_pipe));
-               if ( strequal(pipe_names[i].client_pipe, pname)
-                       && (abstract->version == pipe_names[i].abstr_syntax.version) 
-                       && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct GUID)) == 0)
-                       && (transfer->version == pipe_names[i].trans_syntax.version)
-                       && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct GUID)) == 0) ) {
-                       struct api_struct       *fns = NULL;
-                       int                     n_fns = 0;
-                       PIPE_RPC_FNS            *context_fns;
-                       
-                       if ( !(context_fns = SMB_MALLOC_P(PIPE_RPC_FNS)) ) {
-                               DEBUG(0,("check_bind_req: malloc() failed!\n"));
-                               return False;
-                       }
-                       
-                       /* save the RPC function table associated with this bind */
-                       
-                       get_pipe_fns(i, &fns, &n_fns);
-                       
-                       context_fns->cmds = fns;
-                       context_fns->n_cmds = n_fns;
-                       context_fns->context_id = context_id;
-                       
-                       /* add to the list of open contexts */
-                       
-                       DLIST_ADD( p->contexts, context_fns );
-                       
+
+       for (i=0; i<rpc_lookup_size; i++) {
+               DEBUGADD(10, ("checking %s\n", rpc_lookup[i].pipe.clnt));
+               if (ndr_syntax_id_equal(
+                           abstract, &rpc_lookup[i].rpc_interface)
+                   && ndr_syntax_id_equal(
+                           transfer, &ndr_transfer_syntax)) {
                        break;
                }
        }
 
-       if(pipe_names[i].client_pipe == NULL) {
+       if (i == rpc_lookup_size) {
+               return false;
+       }
+
+       context_fns = SMB_MALLOC_P(struct pipe_rpc_fns);
+       if (context_fns == NULL) {
+               DEBUG(0,("check_bind_req: malloc() failed!\n"));
                return False;
        }
 
+       context_fns->cmds = rpc_lookup[i].cmds;
+       context_fns->n_cmds = rpc_lookup[i].n_cmds;
+       context_fns->context_id = context_id;
+
+       /* add to the list of open contexts */
+
+       DLIST_ADD( p->contexts, context_fns );
+
        return True;
 }
 
@@ -1035,7 +1034,9 @@ bool check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
  Register commands to an RPC pipe
 *******************************************************************/
 
-NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *srv, const struct api_struct *cmds, int size)
+NTSTATUS rpc_srv_register(int version, const char *clnt, const char *srv,
+                         const struct ndr_interface_table *iface,
+                         const struct api_struct *cmds, int size)
 {
         struct rpc_table *rpc_entry;
 
@@ -1070,17 +1071,73 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s
         } else {
                 rpc_lookup = rpc_entry;
         }
-        
+
         rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
         ZERO_STRUCTP(rpc_entry);
         rpc_entry->pipe.clnt = SMB_STRDUP(clnt);
         rpc_entry->pipe.srv = SMB_STRDUP(srv);
+       rpc_entry->rpc_interface = iface->syntax_id;
         rpc_entry->cmds = cmds;
         rpc_entry->n_cmds = size;
-        
+
         return NT_STATUS_OK;
 }
 
+/**
+ * Is a named pipe known?
+ * @param[in] cli_filename     The pipe name requested by the client
+ * @result                     Do we want to serve this?
+ */
+bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
+{
+       const char *pipename = cli_filename;
+       int i;
+       NTSTATUS status;
+
+       if (strnequal(pipename, "\\PIPE\\", 6)) {
+               pipename += 5;
+       }
+
+       if (*pipename == '\\') {
+               pipename += 1;
+       }
+
+       if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+               DEBUG(10, ("refusing spoolss access\n"));
+               return false;
+       }
+
+       for (i=0; i<rpc_lookup_size; i++) {
+               if (strequal(pipename, rpc_lookup[i].pipe.clnt)) {
+                       *syntax = rpc_lookup[i].rpc_interface;
+                       return true;
+               }
+       }
+
+       status = smb_probe_module("rpc", pipename);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10, ("is_known_pipename: %s unknown\n", cli_filename));
+               return false;
+       }
+       DEBUG(10, ("is_known_pipename: %s loaded dynamically\n", pipename));
+
+       /*
+        * Scan the list again for the interface id
+        */
+
+       for (i=0; i<rpc_lookup_size; i++) {
+               if (strequal(pipename, rpc_lookup[i].pipe.clnt)) {
+                       *syntax = rpc_lookup[i].rpc_interface;
+                       return true;
+               }
+       }
+
+       DEBUG(10, ("is_known_pipename: pipe %s did not register itself!\n",
+                  pipename));
+
+       return false;
+}
+
 /*******************************************************************
  Handle a SPNEGO krb5 bind auth.
 *******************************************************************/
@@ -1138,11 +1195,11 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
 
        for (i=0;OIDs[i];i++) {
                DEBUG(3,("pipe_spnego_auth_bind_negotiate: Got OID %s\n", OIDs[i]));
-               SAFE_FREE(OIDs[i]);
+               TALLOC_FREE(OIDs[i]);
        }
        DEBUG(3,("pipe_spnego_auth_bind_negotiate: Got secblob of size %lu\n", (unsigned long)secblob.length));
 
-       if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || lp_use_kerberos_keytab()) ) {
+       if ( got_kerberos_mechanism && ((lp_security()==SEC_ADS) || USE_KERBEROS_KEYTAB) ) {
                bool ret = pipe_spnego_auth_bind_kerberos(p, rpc_in_p, pauth_info, &secblob, pout_auth);
                data_blob_free(&secblob);
                data_blob_free(&blob);
@@ -1188,7 +1245,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
        }
 
        /* Copy the blob into the pout_auth parse struct */
-       init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+       init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
        if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
                DEBUG(0,("pipe_spnego_auth_bind_negotiate: marshalling of RPC_HDR_AUTH failed.\n"));
                goto err;
@@ -1286,7 +1343,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
        response = spnego_gen_auth_response(&auth_reply, NT_STATUS_OK, OID_NTLMSSP);
 
        /* Copy the blob into the pout_auth parse struct */
-       init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+       init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SPNEGO, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
        if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
                DEBUG(0,("pipe_spnego_auth_bind_continue: marshalling of RPC_HDR_AUTH failed.\n"));
                goto err;
@@ -1325,45 +1382,61 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
                                        RPC_HDR_AUTH *pauth_info, prs_struct *pout_auth)
 {
        RPC_HDR_AUTH auth_info;
-       RPC_AUTH_SCHANNEL_NEG neg;
-       RPC_AUTH_VERIFIER auth_verifier;
+       struct NL_AUTH_MESSAGE neg;
+       struct NL_AUTH_MESSAGE reply;
        bool ret;
-       struct dcinfo *pdcinfo;
-       uint32 flags;
+       NTSTATUS status;
+       struct netlogon_creds_CredentialState *creds;
+       DATA_BLOB session_key;
+       enum ndr_err_code ndr_err;
+       DATA_BLOB blob;
 
-       if (!smb_io_rpc_auth_schannel_neg("", &neg, rpc_in_p, 0)) {
+       blob = data_blob_const(prs_data_p(rpc_in_p) + prs_offset(rpc_in_p),
+                              prs_data_size(rpc_in_p));
+
+       ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &neg,
+                              (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));
-               return False;
+               return false;
+       }
+
+       if (DEBUGLEVEL >= 10) {
+               NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);
+       }
+
+       if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {
+               DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios computer name\n"));
+               return false;
        }
 
        /*
-        * The neg.myname key here must match the remote computer name
+        * The neg.oem_netbios_computer.a key here must match the remote computer name
         * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe
         * operations that use credentials.
         */
 
        become_root();
-       ret = secrets_restore_schannel_session_info(p->mem_ctx, neg.myname, &pdcinfo);
+       status = schannel_fetch_session_key(p,
+                                           neg.oem_netbios_computer.a,
+                                           &creds);
        unbecome_root();
 
-       if (!ret) {
+       if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n"));
                return False;
        }
 
-       p->auth.a_u.schannel_auth = TALLOC_P(p->pipe_state_mem_ctx, struct schannel_auth_struct);
+       p->auth.a_u.schannel_auth = talloc(p, struct schannel_state);
        if (!p->auth.a_u.schannel_auth) {
-               TALLOC_FREE(pdcinfo);
+               TALLOC_FREE(creds);
                return False;
        }
 
-       memset(p->auth.a_u.schannel_auth->sess_key, 0, sizeof(p->auth.a_u.schannel_auth->sess_key));
-       memcpy(p->auth.a_u.schannel_auth->sess_key, pdcinfo->sess_key,
-                       sizeof(pdcinfo->sess_key));
-
-       TALLOC_FREE(pdcinfo);
-
+       p->auth.a_u.schannel_auth->state = SCHANNEL_STATE_START;
        p->auth.a_u.schannel_auth->seq_num = 0;
+       p->auth.a_u.schannel_auth->initiator = false;
+       p->auth.a_u.schannel_auth->creds = creds;
 
        /*
         * JRA. Should we also copy the schannel session key into the pipe session key p->session_key
@@ -1376,15 +1449,23 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
         * anymore.
         */
 
-       data_blob_free(&p->session_key);
-       p->session_key = generic_session_key();
-       if (p->session_key.data == NULL) {
+       session_key = generic_session_key();
+       if (session_key.data == NULL) {
                DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
                          " key\n"));
-               return False;
+               return false;
        }
 
-       init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+       ret = server_info_set_session_key(p->server_info, session_key);
+
+       data_blob_free(&session_key);
+
+       if (!ret) {
+               DEBUG(0, ("server_info_set_session_key failed\n"));
+               return false;
+       }
+
+       init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_SCHANNEL, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
        if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
                DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n"));
                return False;
@@ -1392,21 +1473,29 @@ static bool pipe_schannel_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
 
        /*** SCHANNEL verifier ***/
 
-       init_rpc_auth_verifier(&auth_verifier, "\001", 0x0);
-       if(!smb_io_rpc_schannel_verifier("", &auth_verifier, pout_auth, 0)) {
-               DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_AUTH_VERIFIER failed.\n"));
-               return False;
+       reply.MessageType                       = NL_NEGOTIATE_RESPONSE;
+       reply.Flags                             = 0;
+       reply.Buffer.dummy                      = 5; /* ??? actually I don't think
+                                                     * this has any meaning
+                                                     * here - gd */
+
+       ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &reply,
+                      (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+               DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
+               return false;
        }
 
-       prs_align(pout_auth);
+       if (DEBUGLEVEL >= 10) {
+               NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply);
+       }
 
-       flags = 5;
-       if(!prs_uint32("flags ", pout_auth, 0, &flags)) {
-               return False;
+       if (!prs_copy_data_in(pout_auth, (const char *)blob.data, blob.length)) {
+               return false;
        }
 
        DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n",
-               neg.domain, neg.myname));
+               neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));
 
        /* We're finished with this bind - no more packets. */
        p->auth.auth_data_free_func = NULL;
@@ -1465,7 +1554,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
        data_blob_free(&blob);
 
        /* Copy the blob into the pout_auth parse struct */
-       init_rpc_hdr_auth(&auth_info, RPC_NTLMSSP_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
+       init_rpc_hdr_auth(&auth_info, DCERPC_AUTH_TYPE_NTLMSSP, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
        if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
                DEBUG(0,("pipe_ntlmssp_auth_bind: marshalling of RPC_HDR_AUTH failed.\n"));
                goto err;
@@ -1485,7 +1574,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
 
        DEBUG(10,("pipe_ntlmssp_auth_bind: NTLMSSP auth started\n"));
 
-       /* We can't set pipe_bound True yet - we need an RPC_AUTH3 response packet... */
+       /* We can't set pipe_bound True yet - we need an DCERPC_PKT_AUTH3 response packet... */
        return True;
 
   err:
@@ -1511,18 +1600,18 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
        fstring ack_pipe_name;
        prs_struct out_hdr_ba;
        prs_struct out_auth;
-       prs_struct outgoing_rpc;
        int i = 0;
        int auth_len = 0;
-       unsigned int auth_type = RPC_ANONYMOUS_AUTH_TYPE;
+       unsigned int auth_type = DCERPC_AUTH_TYPE_NONE;
 
        /* No rebinds on a bound pipe - use alter context. */
        if (p->pipe_bound) {
-               DEBUG(2,("api_pipe_bind_req: rejecting bind request on bound pipe %s.\n", p->pipe_srv_name));
+               DEBUG(2,("api_pipe_bind_req: rejecting bind request on bound "
+                        "pipe %s.\n", get_pipe_name_from_iface(&p->syntax)));
                return setup_bind_nak(p);
        }
 
-       prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /* 
         * Marshall directly into the outgoing PDU space. We
@@ -1530,8 +1619,6 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
         * header and are never sending more than one PDU here.
         */
 
-       prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
-
        /*
         * Setup the memory to marshall the ba header, and the
         * auth footers.
@@ -1539,39 +1626,59 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
 
        if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
                DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
-               prs_mem_free(&outgoing_rpc);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
                DEBUG(0,("api_pipe_bind_req: malloc out_auth failed.\n"));
-               prs_mem_free(&outgoing_rpc);
+               prs_mem_free(&p->out_data.frag);
                prs_mem_free(&out_hdr_ba);
                return False;
        }
 
        DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
 
+       ZERO_STRUCT(hdr_rb);
+
+       /* decode the bind request */
+
+       if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0))  {
+               DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB "
+                        "struct.\n"));
+               goto err_exit;
+       }
+
+       if (hdr_rb.num_contexts == 0) {
+               DEBUG(0, ("api_pipe_bind_req: no rpc contexts around\n"));
+               goto err_exit;
+       }
+
        /*
         * Try and find the correct pipe name to ensure
         * that this is a pipe name we support.
         */
 
-
        for (i = 0; i < rpc_lookup_size; i++) {
-               if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
+               if (ndr_syntax_id_equal(&rpc_lookup[i].rpc_interface,
+                                       &hdr_rb.rpc_context[0].abstract)) {
                        DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
                                rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
-                       fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
                        break;
                }
        }
 
        if (i == rpc_lookup_size) {
-               if (NT_STATUS_IS_ERR(smb_probe_module("rpc", p->name))) {
+               NTSTATUS status;
+
+               status = smb_probe_module(
+                       "rpc", get_pipe_name_from_iface(
+                               &hdr_rb.rpc_context[0].abstract));
+
+               if (NT_STATUS_IS_ERR(status)) {
                        DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
-                                p->name ));
-                       prs_mem_free(&outgoing_rpc);
+                                get_pipe_name_from_iface(&hdr_rb.rpc_context[0].abstract)));
+                       prs_mem_free(&p->out_data.frag);
                        prs_mem_free(&out_hdr_ba);
                        prs_mem_free(&out_auth);
 
@@ -1579,29 +1686,26 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
                 }
 
                 for (i = 0; i < rpc_lookup_size; i++) {
-                       if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
+                       if (strequal(rpc_lookup[i].pipe.clnt,
+                                   get_pipe_name_from_iface(&p->syntax))) {
                                DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
                                          rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
-                               fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
                                break;
                        }
                 }
 
                if (i == rpc_lookup_size) {
-                       DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p->name, p->name));
+                       DEBUG(0, ("module %s doesn't provide functions for "
+                                 "pipe %s!\n",
+                                 get_pipe_name_from_iface(&p->syntax),
+                                 get_pipe_name_from_iface(&p->syntax)));
                        goto err_exit;
                }
        }
 
-       /* decode the bind request */
-       if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0))  {
-               DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
-               goto err_exit;
-       }
-
        /* name has to be \PIPE\xxxxx */
        fstrcpy(ack_pipe_name, "\\PIPE\\");
-       fstrcat(ack_pipe_name, p->pipe_srv_name);
+       fstrcat(ack_pipe_name, rpc_lookup[i].pipe.srv);
 
        DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
 
@@ -1623,11 +1727,11 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
 
                /* Work out if we have to sign or seal etc. */
                switch (auth_info.auth_level) {
-                       case RPC_AUTH_LEVEL_INTEGRITY:
-                               p->auth.auth_level = PIPE_AUTH_LEVEL_INTEGRITY;
+                       case DCERPC_AUTH_LEVEL_INTEGRITY:
+                               p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
                                break;
-                       case RPC_AUTH_LEVEL_PRIVACY:
-                               p->auth.auth_level = PIPE_AUTH_LEVEL_PRIVACY;
+                       case DCERPC_AUTH_LEVEL_PRIVACY:
+                               p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY;
                                break;
                        default:
                                DEBUG(0,("api_pipe_bind_req: unexpected auth level (%u).\n",
@@ -1641,36 +1745,31 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
        assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
 
        switch(auth_type) {
-               case RPC_NTLMSSP_AUTH_TYPE:
+               case DCERPC_AUTH_TYPE_NTLMSSP:
                        if (!pipe_ntlmssp_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) {
                                goto err_exit;
                        }
                        assoc_gid = 0x7a77;
                        break;
 
-               case RPC_SCHANNEL_AUTH_TYPE:
+               case DCERPC_AUTH_TYPE_SCHANNEL:
                        if (!pipe_schannel_auth_bind(p, rpc_in_p, &auth_info, &out_auth)) {
                                goto err_exit;
                        }
                        break;
 
-               case RPC_SPNEGO_AUTH_TYPE:
+               case DCERPC_AUTH_TYPE_SPNEGO:
                        if (!pipe_spnego_auth_bind_negotiate(p, rpc_in_p, &auth_info, &out_auth)) {
                                goto err_exit;
                        }
                        break;
 
-               case RPC_ANONYMOUS_AUTH_TYPE:
+               case DCERPC_AUTH_TYPE_NONE:
                        /* Unauthenticated bind request. */
-                       /* Get the authenticated pipe user from current_user */
-                       if (!copy_current_user(&p->pipe_user, &current_user)) {
-                               DEBUG(10, ("Could not copy current user\n"));
-                               goto err_exit;
-                       }
                        /* We're finished - no more packets. */
                        p->auth.auth_type = PIPE_AUTH_TYPE_NONE;
                        /* We must set the pipe auth_level here also. */
-                       p->auth.auth_level = PIPE_AUTH_LEVEL_NONE;
+                       p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE;
                        p->pipe_bound = True;
                        /* The session key was initialized from the SMB
                         * session in make_internal_rpc_pipe_p */
@@ -1701,13 +1800,11 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
                        0x1, 0x0, 0x0,
                        &hdr_rb.rpc_context[0].transfer[0]);
        } else {
-               RPC_IFACE null_interface;
-               ZERO_STRUCT(null_interface);
                /* Rejection reason: abstract syntax not supported */
                init_rpc_hdr_ba(&hdr_ba, RPC_MAX_PDU_FRAG_LEN,
                                        RPC_MAX_PDU_FRAG_LEN, assoc_gid,
                                        ack_pipe_name, 0x1, 0x2, 0x1,
-                                       &null_interface);
+                                       &null_ndr_syntax_id);
                p->pipe_bound = False;
        }
 
@@ -1728,7 +1825,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
                auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
        }
 
-       init_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+       init_rpc_hdr(&p->hdr, DCERPC_PKT_BIND_ACK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
                        p->hdr.call_id,
                        RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
                        auth_len);
@@ -1737,7 +1834,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
         * Marshall the header into the outgoing PDU.
         */
 
-       if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
+       if(!smb_io_rpc_hdr("", &p->hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
                goto err_exit;
        }
@@ -1746,12 +1843,12 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
         * Now add the RPC_HDR_BA and any auth needed.
         */
 
-       if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
+       if(!prs_append_prs_data(&p->out_data.frag, &out_hdr_ba)) {
                DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
                goto err_exit;
        }
 
-       if (auth_len && !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
+       if (auth_len && !prs_append_prs_data( &p->out_data.frag, &out_auth)) {
                DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
                goto err_exit;
        }
@@ -1761,7 +1858,6 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
         */
 
        p->out_data.data_sent_length = 0;
-       p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
        p->out_data.current_pdu_sent = 0;
 
        prs_mem_free(&out_hdr_ba);
@@ -1771,7 +1867,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
 
   err_exit:
 
-       prs_mem_free(&outgoing_rpc);
+       prs_mem_free(&p->out_data.frag);
        prs_mem_free(&out_hdr_ba);
        prs_mem_free(&out_auth);
        return setup_bind_nak(p);
@@ -1791,10 +1887,9 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
        fstring ack_pipe_name;
        prs_struct out_hdr_ba;
        prs_struct out_auth;
-       prs_struct outgoing_rpc;
        int auth_len = 0;
 
-       prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL);
+       prs_init_empty(&p->out_data.frag, p->mem_ctx, MARSHALL);
 
        /* 
         * Marshall directly into the outgoing PDU space. We
@@ -1802,8 +1897,6 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
         * header and are never sending more than one PDU here.
         */
 
-       prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
-
        /*
         * Setup the memory to marshall the ba header, and the
         * auth footers.
@@ -1811,17 +1904,19 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
 
        if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
                DEBUG(0,("api_pipe_alter_context: malloc out_hdr_ba failed.\n"));
-               prs_mem_free(&outgoing_rpc);
+               prs_mem_free(&p->out_data.frag);
                return False;
        }
 
        if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
                DEBUG(0,("api_pipe_alter_context: malloc out_auth failed.\n"));
-               prs_mem_free(&outgoing_rpc);
+               prs_mem_free(&p->out_data.frag);
                prs_mem_free(&out_hdr_ba);
                return False;
        }
 
+       ZERO_STRUCT(hdr_rb);
+
        DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__));
 
        /* decode the alter context request */
@@ -1857,7 +1952,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
                 * response in place of the NTLMSSP auth3 type.
                 */
 
-               if (auth_info.auth_type == RPC_SPNEGO_AUTH_TYPE) {
+               if (auth_info.auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
                        /* We can only finish if the pipe is unbound. */
                        if (!p->pipe_bound) {
                                if (!pipe_spnego_auth_bind_continue(p, rpc_in_p, &auth_info, &out_auth)) {
@@ -1893,13 +1988,11 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
                        0x1, 0x0, 0x0,
                        &hdr_rb.rpc_context[0].transfer[0]);
        } else {
-               RPC_IFACE null_interface;
-               ZERO_STRUCT(null_interface);
                /* Rejection reason: abstract syntax not supported */
                init_rpc_hdr_ba(&hdr_ba, RPC_MAX_PDU_FRAG_LEN,
                                        RPC_MAX_PDU_FRAG_LEN, assoc_gid,
                                        ack_pipe_name, 0x1, 0x2, 0x1,
-                                       &null_interface);
+                                       &null_ndr_syntax_id);
                p->pipe_bound = False;
        }
 
@@ -1920,7 +2013,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
                auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
        }
 
-       init_rpc_hdr(&p->hdr, RPC_ALTCONTRESP, RPC_FLG_FIRST | RPC_FLG_LAST,
+       init_rpc_hdr(&p->hdr, DCERPC_PKT_ALTER_RESP, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
                        p->hdr.call_id,
                        RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
                        auth_len);
@@ -1929,7 +2022,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
         * Marshall the header into the outgoing PDU.
         */
 
-       if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
+       if(!smb_io_rpc_hdr("", &p->hdr, &p->out_data.frag, 0)) {
                DEBUG(0,("api_pipe_alter_context: marshalling of RPC_HDR failed.\n"));
                goto err_exit;
        }
@@ -1938,12 +2031,12 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
         * Now add the RPC_HDR_BA and any auth needed.
         */
 
-       if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
+       if(!prs_append_prs_data(&p->out_data.frag, &out_hdr_ba)) {
                DEBUG(0,("api_pipe_alter_context: append of RPC_HDR_BA failed.\n"));
                goto err_exit;
        }
 
-       if (auth_len && !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
+       if (auth_len && !prs_append_prs_data(&p->out_data.frag, &out_auth)) {
                DEBUG(0,("api_pipe_alter_context: append of auth info failed.\n"));
                goto err_exit;
        }
@@ -1953,7 +2046,6 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
         */
 
        p->out_data.data_sent_length = 0;
-       p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
        p->out_data.current_pdu_sent = 0;
 
        prs_mem_free(&out_hdr_ba);
@@ -1963,7 +2055,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
 
   err_exit:
 
-       prs_mem_free(&outgoing_rpc);
+       prs_mem_free(&p->out_data.frag);
        prs_mem_free(&out_hdr_ba);
        prs_mem_free(&out_auth);
        return setup_bind_nak(p);
@@ -1985,10 +2077,10 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
        unsigned char *full_packet_data = NULL;
        size_t full_packet_data_len;
        DATA_BLOB auth_blob;
-       
+
        *pstatus = NT_STATUS_OK;
 
-       if (p->auth.auth_level == PIPE_AUTH_LEVEL_NONE || p->auth.auth_level == PIPE_AUTH_LEVEL_CONNECT) {
+       if (p->auth.auth_level == DCERPC_AUTH_LEVEL_NONE || p->auth.auth_level == DCERPC_AUTH_LEVEL_CONNECT) {
                return True;
        }
 
@@ -2035,9 +2127,9 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
 
        auth_blob.data = (unsigned char *)prs_data_p(rpc_in) + prs_offset(rpc_in);
        auth_blob.length = auth_len;
-       
+
        switch (p->auth.auth_level) {
-               case PIPE_AUTH_LEVEL_PRIVACY:
+               case DCERPC_AUTH_LEVEL_PRIVACY:
                        /* Data is encrypted. */
                        *pstatus = ntlmssp_unseal_packet(a->ntlmssp_state,
                                                        data, data_len,
@@ -2048,7 +2140,7 @@ bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
                                return False;
                        }
                        break;
-               case PIPE_AUTH_LEVEL_INTEGRITY:
+               case DCERPC_AUTH_LEVEL_INTEGRITY:
                        /* Data is signed. */
                        *pstatus = ntlmssp_check_packet(a->ntlmssp_state,
                                                        data, data_len,
@@ -2095,11 +2187,17 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
        uint32 auth_len;
        uint32 save_offset = prs_offset(rpc_in);
        RPC_HDR_AUTH auth_info;
-       RPC_AUTH_SCHANNEL_CHK schannel_chk;
+       DATA_BLOB blob;
+       NTSTATUS status;
+       uint8_t *data;
 
        auth_len = p->hdr.auth_len;
 
-       if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+       if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN ||
+                       auth_len > RPC_HEADER_LEN +
+                                       RPC_HDR_REQ_LEN +
+                                       RPC_HDR_AUTH_LEN +
+                                       auth_len) {
                DEBUG(0,("Incorrect auth_len %u.\n", (unsigned int)auth_len ));
                return False;
        }
@@ -2119,7 +2217,7 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
 
        data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - 
                RPC_HDR_AUTH_LEN - auth_len;
-       
+
        DEBUG(5,("data %d auth %d\n", data_len, auth_len));
 
        if(!prs_set_offset(rpc_in, RPC_HDR_REQ_LEN + data_len)) {
@@ -2133,24 +2231,45 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
                return False;
        }
 
-       if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) {
+       if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
                DEBUG(0,("Invalid auth info %d on schannel\n",
                         auth_info.auth_type));
                return False;
        }
 
-       if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, &schannel_chk, rpc_in, 0)) {
-               DEBUG(0,("failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
-               return False;
+       blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), auth_len);
+
+       if (DEBUGLEVEL >= 10) {
+               dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
        }
 
-       if (!schannel_decode(p->auth.a_u.schannel_auth,
-                          p->auth.auth_level,
-                          SENDER_IS_INITIATOR,
-                          &schannel_chk,
-                          prs_data_p(rpc_in)+RPC_HDR_REQ_LEN, data_len)) {
-               DEBUG(3,("failed to decode PDU\n"));
-               return False;
+       data = (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN;
+
+       switch (auth_info.auth_level) {
+       case DCERPC_AUTH_LEVEL_PRIVACY:
+               status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
+                                               talloc_tos(),
+                                               true,
+                                               data,
+                                               data_len,
+                                               &blob);
+               break;
+       case DCERPC_AUTH_LEVEL_INTEGRITY:
+               status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
+                                               talloc_tos(),
+                                               false,
+                                               data,
+                                               data_len,
+                                               &blob);
+               break;
+       default:
+               status = NT_STATUS_INTERNAL_ERROR;
+               break;
+       }
+
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0,("failed to unseal packet: %s\n", nt_errstr(status)));
+               return false;
        }
 
        /*
@@ -2163,9 +2282,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
                return False;
        }
 
-       /* The sequence number gets incremented on both send and receive. */
-       p->auth.a_u.schannel_auth->seq_num++;
-
        /*
         * Remember the padding length. We must remove it from the real data
         * stream once the sign/seal is done.
@@ -2176,23 +2292,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
        return True;
 }
 
-/****************************************************************************
- Return a user struct for a pipe user.
-****************************************************************************/
-
-struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
-{
-       if (p->pipe_bound &&
-                       (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP ||
-                       (p->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
-               memcpy(user, &p->pipe_user, sizeof(struct current_user));
-       } else {
-               memcpy(user, &current_user, sizeof(struct current_user));
-       }
-
-       return user;
-}
-
 /****************************************************************************
  Find the set of RPC functions associated with this context_id
 ****************************************************************************/
@@ -2200,21 +2299,17 @@ struct current_user *get_current_user(struct current_user *user, pipes_struct *p
 static PIPE_RPC_FNS* find_pipe_fns_by_context( PIPE_RPC_FNS *list, uint32 context_id )
 {
        PIPE_RPC_FNS *fns = NULL;
-       PIPE_RPC_FNS *tmp = NULL;
-       
+
        if ( !list ) {
                DEBUG(0,("find_pipe_fns_by_context: ERROR!  No context list for pipe!\n"));
                return NULL;
        }
-       
-       for (tmp=list; tmp; tmp=tmp->next ) {
-               if ( tmp->context_id == context_id )
-                       break;
+
+       for (fns=list; fns; fns=fns->next ) {
+               if ( fns->context_id == context_id )
+                       return fns;
        }
-       
-       fns = tmp;
-       
-       return fns;
+       return NULL;
 }
 
 /****************************************************************************
@@ -2225,7 +2320,7 @@ void free_pipe_rpc_context( PIPE_RPC_FNS *list )
 {
        PIPE_RPC_FNS *tmp = list;
        PIPE_RPC_FNS *tmp2;
-               
+
        while (tmp) {
                tmp2 = tmp->next;
                SAFE_FREE(tmp);
@@ -2235,6 +2330,9 @@ void free_pipe_rpc_context( PIPE_RPC_FNS *list )
        return; 
 }
 
+static bool api_rpcTNP(pipes_struct *p,
+                      const struct api_struct *api_rpc_cmds, int n_cmds);
+
 /****************************************************************************
  Find the correct RPC function to call for this request.
  If the pipe is authenticated then become the correct UNIX user
@@ -2246,7 +2344,7 @@ bool api_pipe_request(pipes_struct *p)
        bool ret = False;
        bool changed_user = False;
        PIPE_RPC_FNS *pipe_fns;
-       
+
        if (p->pipe_bound &&
                        ((p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP) ||
                         (p->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) {
@@ -2257,20 +2355,22 @@ bool api_pipe_request(pipes_struct *p)
                changed_user = True;
        }
 
-       DEBUG(5, ("Requested \\PIPE\\%s\n", p->name));
-       
+       DEBUG(5, ("Requested \\PIPE\\%s\n",
+                 get_pipe_name_from_iface(&p->syntax)));
+
        /* get the set of RPC functions for this context */
-       
+
        pipe_fns = find_pipe_fns_by_context(p->contexts, p->hdr_req.context_id);
-       
+
        if ( pipe_fns ) {
                TALLOC_CTX *frame = talloc_stackframe();
-               ret = api_rpcTNP(p, p->name, pipe_fns->cmds, pipe_fns->n_cmds);
+               ret = api_rpcTNP(p, pipe_fns->cmds, pipe_fns->n_cmds);
                TALLOC_FREE(frame);
        }
        else {
                DEBUG(0,("api_pipe_request: No rpc function table associated with context [%d] on pipe [%s]\n",
-                       p->hdr_req.context_id, p->name));
+                       p->hdr_req.context_id,
+                       get_pipe_name_from_iface(&p->syntax)));
        }
 
        if (changed_user) {
@@ -2284,18 +2384,22 @@ bool api_pipe_request(pipes_struct *p)
  Calls the underlying RPC function for a named pipe.
  ********************************************************************/
 
-bool api_rpcTNP(pipes_struct *p, const char *rpc_name, 
-               const struct api_struct *api_rpc_cmds, int n_cmds)
+static bool api_rpcTNP(pipes_struct *p,
+                      const struct api_struct *api_rpc_cmds, int n_cmds)
 {
        int fn_num;
-       fstring name;
        uint32 offset1, offset2;
+
        /* interpret the command */
-       DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
+       DEBUG(4,("api_rpcTNP: %s op 0x%x - ",
+                get_pipe_name_from_iface(&p->syntax), p->hdr_req.opnum));
 
-       slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
-       prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
+       if (DEBUGLEVEL >= 50) {
+               fstring name;
+               slprintf(name, sizeof(name)-1, "in_%s",
+                        get_pipe_name_from_iface(&p->syntax));
+               prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
+       }
 
        for (fn_num = 0; fn_num < n_cmds; fn_num++) {
                if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
@@ -2321,7 +2425,9 @@ bool api_rpcTNP(pipes_struct *p, const char *rpc_name,
                 fn_num, api_rpc_cmds[fn_num].fn));
        /* do the actual command */
        if(!api_rpc_cmds[fn_num].fn(p)) {
-               DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
+               DEBUG(0,("api_rpcTNP: %s: %s failed.\n",
+                        get_pipe_name_from_iface(&p->syntax),
+                        api_rpc_cmds[fn_num].name));
                prs_mem_free(&p->out_data.rdata);
                return False;
        }
@@ -2340,13 +2446,18 @@ bool api_rpcTNP(pipes_struct *p, const char *rpc_name,
                return True;
        }
 
-       slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
        offset2 = prs_offset(&p->out_data.rdata);
        prs_set_offset(&p->out_data.rdata, offset1);
-       prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
+       if (DEBUGLEVEL >= 50) {
+               fstring name;
+               slprintf(name, sizeof(name)-1, "out_%s",
+                        get_pipe_name_from_iface(&p->syntax));
+               prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
+       }
        prs_set_offset(&p->out_data.rdata, offset2);
 
-       DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
+       DEBUG(5,("api_rpcTNP: called %s successfully\n",
+                get_pipe_name_from_iface(&p->syntax)));
 
        /* Check for buffer underflow in rpc parsing */
 
@@ -2365,63 +2476,3 @@ bool api_rpcTNP(pipes_struct *p, const char *rpc_name,
 
        return True;
 }
-
-/*******************************************************************
-*******************************************************************/
-
-void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
-{
-       struct api_struct *cmds = NULL;
-       int               n_cmds = 0;
-
-       switch ( idx ) {
-               case PI_LSARPC:
-                       lsarpc_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_DSSETUP:
-                       dssetup_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_SAMR:
-                       samr_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_NETLOGON:
-                       netlogon_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_SRVSVC:
-                       srvsvc_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_WKSSVC:
-                       wkssvc_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_WINREG:
-                       winreg_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_SPOOLSS:
-                       spoolss_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_NETDFS:
-                       netdfs_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_SVCCTL:
-                       svcctl2_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_EVENTLOG:
-                       eventlog2_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-               case PI_NTSVCS:
-                       ntsvcs2_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-#ifdef DEVELOPER
-               case PI_RPCECHO:
-                       rpcecho_get_pipe_fns( &cmds, &n_cmds );
-                       break;
-#endif
-               default:
-                       DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx));
-       }
-
-       *fns = cmds;
-       *n_fns = n_cmds;
-
-       return;
-}
Unnamed repository; edit this file 'description' to name the repository.