2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998,
7 * Copyright (C) Jeremy Allison 1999,
8 * Copyright (C) Anthony Liguori 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
37 * ... if you read the docs. or stare at packets for weeks on end.
44 #define DBGC_CLASS DBGC_RPC_SRV
46 /*************************************************************
48 We need to transfer the session key from one rpc bind to the
49 next. This is the way the netlogon schannel works.
50 **************************************************************/
51 struct dcinfo last_dcinfo;
53 static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
55 unsigned char *hash = p->ntlmssp_hash;
56 unsigned char index_i = hash[256];
57 unsigned char index_j = hash[257];
60 for( ind = 0; ind < len; ind++) {
65 index_j += hash[index_i];
68 hash[index_i] = hash[index_j];
71 t = hash[index_i] + hash[index_j];
72 data[ind] = data[ind] ^ hash[t];
79 /*******************************************************************
80 Generate the next PDU to be returned from the data in p->rdata.
81 We cheat here as this function doesn't handle the special auth
82 footers of the authenticated bind response reply.
83 ********************************************************************/
85 BOOL create_next_pdu(pipes_struct *p)
87 RPC_HDR_RESP hdr_resp;
88 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
89 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
91 uint32 data_space_available;
93 prs_struct outgoing_pdu;
97 * If we're in the fault state, keep returning fault PDU's until
98 * the pipe gets closed. JRA.
102 setup_fault_pdu(p, NT_STATUS(0x1c010002));
106 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
108 /* Change the incoming request header to a response. */
109 p->hdr.pkt_type = RPC_RESPONSE;
111 /* Set up rpc header flags. */
112 if (p->out_data.data_sent_length == 0)
113 p->hdr.flags = RPC_FLG_FIRST;
118 * Work out how much we can fit in a single PDU.
121 data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
122 if(p->ntlmssp_auth_validated)
123 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
125 if(p->netsec_auth_validated)
126 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
129 * The amount we send is the minimum of the available
130 * space and the amount left to send.
133 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
136 * Ensure there really is data left to send.
140 DEBUG(0,("create_next_pdu: no data left to send !\n"));
144 data_len = MIN(data_len_left, data_space_available);
147 * Set up the alloc hint. This should be the data left to
151 hdr_resp.alloc_hint = data_len_left;
154 * Set up the header lengths.
157 if (p->ntlmssp_auth_validated) {
158 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
159 RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
160 p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
161 } else if (p->netsec_auth_validated) {
162 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
163 RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
164 p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
166 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
171 * Work out if this PDU will be the last.
174 if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata))
175 p->hdr.flags |= RPC_FLG_LAST;
178 * Init the parse struct to point at the outgoing
182 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
183 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
185 /* Store the header in the data stream. */
186 if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
187 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
188 prs_mem_free(&outgoing_pdu);
192 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
193 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
194 prs_mem_free(&outgoing_pdu);
198 /* Store the current offset. */
199 data_pos = prs_offset(&outgoing_pdu);
201 /* Copy the data into the PDU. */
203 if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
204 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
205 prs_mem_free(&outgoing_pdu);
209 if (p->ntlmssp_auth_validated) {
213 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
214 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
217 * Set data to point to where we copied the data into.
220 data = prs_data_p(&outgoing_pdu) + data_pos;
223 crc32 = crc32_calc_buffer(data, data_len);
224 NTLMSSPcalc_p(p, (uchar*)data, data_len);
227 if (auth_seal || auth_verify) {
228 RPC_HDR_AUTH auth_info;
230 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL,
231 (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0));
232 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
233 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
234 prs_mem_free(&outgoing_pdu);
240 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
241 char *auth_data = prs_data_p(&outgoing_pdu);
243 p->ntlmssp_seq_num++;
244 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
245 crc32, p->ntlmssp_seq_num++);
246 auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
247 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
248 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
249 prs_mem_free(&outgoing_pdu);
252 NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
256 if (p->netsec_auth_validated) {
258 RPC_HDR_AUTH auth_info;
259 static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
260 static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
262 RPC_AUTH_NETSEC_CHK verf;
268 data = prs_data_p(&outgoing_pdu) + data_pos;
270 init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL,
271 RPC_HDR_AUTH_LEN, 1);
273 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
274 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
275 prs_mem_free(&outgoing_pdu);
279 prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
280 prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
282 if ((p->netsec_auth.seq_num & 1) == 0) {
283 DEBUG(0,("SCHANNEL ERROR: seq_num must be odd in server! (seq_num=%d)\n",
284 p->netsec_auth.seq_num));
287 RSIVAL(sign, 0, p->netsec_auth.seq_num);
290 init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, sign, nullbytes);
292 netsec_encode(&p->netsec_auth, &verf, data, data_len);
294 smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
296 p->netsec_auth.seq_num++;
300 * Setup the counts for this PDU.
303 p->out_data.data_sent_length += data_len;
304 p->out_data.current_pdu_len = p->hdr.frag_len;
305 p->out_data.current_pdu_sent = 0;
307 prs_mem_free(&outgoing_pdu);
311 /*******************************************************************
312 Process an NTLMSSP authentication response.
313 If this function succeeds, the user has been authenticated
314 and their domain, name and calling workstation stored in
316 The initial challenge is stored in p->challenge.
317 *******************************************************************/
319 static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
331 struct auth_context *auth_context = NULL;
332 auth_usersupplied_info *user_info = NULL;
333 auth_serversupplied_info *server_info = NULL;
335 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
337 memset(p->user_name, '\0', sizeof(p->user_name));
338 memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
339 memset(p->domain, '\0', sizeof(p->domain));
340 memset(p->wks, '\0', sizeof(p->wks));
342 /* Set up for non-authenticated user. */
343 delete_nt_token(&p->pipe_user.nt_user_token);
344 p->pipe_user.ngroups = 0;
345 SAFE_FREE( p->pipe_user.groups);
348 * Setup an empty password for a guest user.
352 * We always negotiate UNICODE.
355 if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
356 rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
357 rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
358 rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
360 pull_ascii_fstring(user_name, ntlmssp_resp->user);
361 pull_ascii_fstring(domain, ntlmssp_resp->domain);
362 pull_ascii_fstring(wks, ntlmssp_resp->wks);
365 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
367 nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
368 lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
370 memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
371 memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
373 #ifdef DEBUG_PASSWORD
374 DEBUG(100,("lm, nt owfs, chal\n"));
375 dump_data(100, (char *)lm_owf, sizeof(lm_owf));
376 dump_data(100, (char *)nt_owf, nt_pw_len);
377 dump_data(100, (char *)p->challenge, 8);
381 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
387 * Do the length checking only if user is not NULL.
390 if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
392 if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
394 if (ntlmssp_resp->hdr_usr.str_str_len == 0)
396 if (ntlmssp_resp->hdr_domain.str_str_len == 0)
398 if (ntlmssp_resp->hdr_wks.str_str_len == 0)
403 make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
405 if (!make_user_info_netlogon_network(&user_info,
406 user_name, domain, wks,
408 nt_owf, nt_pw_len)) {
409 DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
413 nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
415 (auth_context->free)(&auth_context);
416 free_user_info(&user_info);
418 p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
420 if (!p->ntlmssp_auth_validated) {
421 DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
422 failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
423 free_server_info(&server_info);
428 * Set up the sign/seal data.
433 NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24);
445 for (ind = 0; ind < 256; ind++)
446 p->ntlmssp_hash[ind] = (unsigned char)ind;
448 for( ind = 0; ind < 256; ind++) {
451 j += (p->ntlmssp_hash[ind] + k2[ind%8]);
453 tc = p->ntlmssp_hash[ind];
454 p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
455 p->ntlmssp_hash[j] = tc;
458 p->ntlmssp_hash[256] = 0;
459 p->ntlmssp_hash[257] = 0;
461 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
462 p->ntlmssp_seq_num = 0;
466 fstrcpy(p->user_name, user_name);
467 fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
468 fstrcpy(p->domain, domain);
469 fstrcpy(p->wks, wks);
472 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
475 if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
476 DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
477 free_server_info(&server_info);
481 memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
483 p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
484 p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
486 p->pipe_user.ngroups = server_info->n_groups;
487 if (p->pipe_user.ngroups) {
488 if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
489 DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
490 free_server_info(&server_info);
495 if (server_info->ptok)
496 p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
498 DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
499 p->pipe_user.nt_user_token = NULL;
500 free_server_info(&server_info);
504 p->ntlmssp_auth_validated = True;
506 free_server_info(&server_info);
510 /*******************************************************************
511 The switch table for the pipe names and the functions to handle them.
512 *******************************************************************/
521 struct api_struct *cmds;
525 static struct rpc_table *rpc_lookup;
526 static int rpc_lookup_size;
528 /*******************************************************************
529 This is the client reply to our challenge for an authenticated
530 bind request. The challenge we sent is in p->challenge.
531 *******************************************************************/
533 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
535 RPC_HDR_AUTHA autha_info;
536 RPC_AUTH_VERIFIER auth_verifier;
537 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
539 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
541 if (p->hdr.auth_len == 0) {
542 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
547 * Decode the authentication verifier response.
550 if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
551 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
555 if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) {
556 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
557 (int)autha_info.auth_type, (int)autha_info.auth_level ));
561 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
562 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
567 * Ensure this is a NTLMSSP_AUTH packet type.
570 if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
571 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
575 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
576 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
581 * The following call actually checks the challenge/response data.
582 * for correctness against the given DOMAIN\user name.
585 if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
593 /*******************************************************************
594 Marshall a bind_nak pdu.
595 *******************************************************************/
597 static BOOL setup_bind_nak(pipes_struct *p)
599 prs_struct outgoing_rpc;
603 /* Free any memory in the current return data buffer. */
604 prs_mem_free(&p->out_data.rdata);
607 * Marshall directly into the outgoing PDU space. We
608 * must do this as we need to set to the bind response
609 * header and are never sending more than one PDU here.
612 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
613 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
617 * Initialize a bind_nak header.
620 init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
621 p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
624 * Marshall the header into the outgoing PDU.
627 if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
628 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
629 prs_mem_free(&outgoing_rpc);
634 * Now add the reject reason.
637 if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
638 prs_mem_free(&outgoing_rpc);
642 p->out_data.data_sent_length = 0;
643 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
644 p->out_data.current_pdu_sent = 0;
646 p->pipe_bound = False;
651 /*******************************************************************
652 Marshall a fault pdu.
653 *******************************************************************/
655 BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
657 prs_struct outgoing_pdu;
659 RPC_HDR_RESP hdr_resp;
660 RPC_HDR_FAULT fault_resp;
662 /* Free any memory in the current return data buffer. */
663 prs_mem_free(&p->out_data.rdata);
666 * Marshall directly into the outgoing PDU space. We
667 * must do this as we need to set to the bind response
668 * header and are never sending more than one PDU here.
671 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
672 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
675 * Initialize a fault header.
678 init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
679 p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
682 * Initialize the HDR_RESP and FAULT parts of the PDU.
685 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
687 fault_resp.status = status;
688 fault_resp.reserved = 0;
691 * Marshall the header into the outgoing PDU.
694 if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
695 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
696 prs_mem_free(&outgoing_pdu);
700 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
701 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
702 prs_mem_free(&outgoing_pdu);
706 if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
707 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
708 prs_mem_free(&outgoing_pdu);
712 p->out_data.data_sent_length = 0;
713 p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
714 p->out_data.current_pdu_sent = 0;
716 prs_mem_free(&outgoing_pdu);
720 /*******************************************************************
721 Ensure a bind request has the correct abstract & transfer interface.
722 Used to reject unknown binds from Win2k.
723 *******************************************************************/
725 BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract,
728 extern struct pipe_id_info pipe_names[];
731 fstrcpy(pname,"\\PIPE\\");
732 fstrcat(pname,pipe_name);
734 DEBUG(3,("check_bind_req for %s\n", pname));
736 #ifndef SUPPORT_NEW_LSARPC_UUID
738 /* check for the first pipe matching the name */
740 for ( i=0; pipe_names[i].client_pipe; i++ ) {
741 if ( strequal(pipe_names[i].client_pipe, pname) )
745 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
747 for ( i=0; pipe_names[i].client_pipe; i++ )
749 if ( strequal(pipe_names[i].client_pipe, pname)
750 && (abstract->version == pipe_names[i].abstr_syntax.version)
751 && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0)
752 && (transfer->version == pipe_names[i].trans_syntax.version)
753 && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) )
760 if(pipe_names[i].client_pipe == NULL)
763 #ifndef SUPPORT_NEW_LSARPC_UUID
764 /* check the abstract interface */
765 if ( (abstract->version != pipe_names[i].abstr_syntax.version)
766 || (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) != 0) )
771 /* check the transfer interface */
772 if ( (transfer->version != pipe_names[i].trans_syntax.version)
773 || (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) != 0) )
781 /*******************************************************************
782 Register commands to an RPC pipe
783 *******************************************************************/
784 NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *srv, const struct api_struct *cmds, int size)
786 struct rpc_table *rpc_entry;
788 if (!clnt || !srv || !cmds) {
789 return NT_STATUS_INVALID_PARAMETER;
792 if (version != SMB_RPC_INTERFACE_VERSION) {
793 DEBUG(0,("Can't register rpc commands!\n"
794 "You tried to register a rpc module with SMB_RPC_INTERFACE_VERSION %d"
795 ", while this version of samba uses version %d!\n",
796 version,SMB_RPC_INTERFACE_VERSION));
797 return NT_STATUS_OBJECT_TYPE_MISMATCH;
802 * we still need to make sure that don't register the same commands twice!!!
807 /* We use a temporary variable because this call can fail and
808 rpc_lookup will still be valid afterwards. It could then succeed if
809 called again later */
810 rpc_entry = realloc(rpc_lookup,
811 ++rpc_lookup_size*sizeof(struct rpc_table));
812 if (NULL == rpc_entry) {
814 DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
815 return NT_STATUS_NO_MEMORY;
817 rpc_lookup = rpc_entry;
820 rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
821 ZERO_STRUCTP(rpc_entry);
822 rpc_entry->pipe.clnt = strdup(clnt);
823 rpc_entry->pipe.srv = strdup(srv);
824 rpc_entry->cmds = realloc(rpc_entry->cmds,
825 (rpc_entry->n_cmds + size) *
826 sizeof(struct api_struct));
827 memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds,
828 size * sizeof(struct api_struct));
829 rpc_entry->n_cmds += size;
834 /*******************************************************************
835 Respond to a pipe bind request.
836 *******************************************************************/
838 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
842 RPC_HDR_AUTH auth_info;
844 fstring ack_pipe_name;
845 prs_struct out_hdr_ba;
847 prs_struct outgoing_rpc;
850 enum RPC_PKT_TYPE reply_pkt_type;
852 p->ntlmssp_auth_requested = False;
853 p->netsec_auth_validated = False;
855 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
858 * Try and find the correct pipe name to ensure
859 * that this is a pipe name we support.
863 for (i = 0; i < rpc_lookup_size; i++) {
864 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
865 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
866 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
867 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
872 if (i == rpc_lookup_size) {
873 if (NT_STATUS_IS_ERR(smb_probe_module("rpc", p->name))) {
874 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
876 if(!setup_bind_nak(p))
881 for (i = 0; i < rpc_lookup_size; i++) {
882 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
883 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
884 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
885 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
890 if (i == rpc_lookup_size) {
891 DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p->name, p->name));
896 /* decode the bind request */
897 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
898 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
903 * Check if this is an authenticated request.
906 if (p->hdr.auth_len != 0) {
907 RPC_AUTH_VERIFIER auth_verifier;
908 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
911 * Decode the authentication verifier.
914 if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
915 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
919 if(auth_info.auth_type == NTLMSSP_AUTH_TYPE) {
921 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
922 DEBUG(0,("api_pipe_bind_req: unable to "
923 "unmarshall RPC_HDR_AUTH struct.\n"));
927 if(!strequal(auth_verifier.signature, "NTLMSSP")) {
928 DEBUG(0,("api_pipe_bind_req: "
929 "auth_verifier.signature != NTLMSSP\n"));
933 if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
934 DEBUG(0,("api_pipe_bind_req: "
935 "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
936 auth_verifier.msg_type));
940 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
941 DEBUG(0,("api_pipe_bind_req: "
942 "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
946 p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
947 p->ntlmssp_auth_requested = True;
949 } else if (auth_info.auth_type == NETSEC_AUTH_TYPE) {
951 RPC_AUTH_NETSEC_NEG neg;
952 struct netsec_auth_struct *a = &(p->netsec_auth);
954 if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) {
955 DEBUG(0,("api_pipe_bind_req: "
956 "Could not unmarshal SCHANNEL auth neg\n"));
960 p->netsec_auth_validated = True;
962 memset(a->sess_key, 0, sizeof(a->sess_key));
963 memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key));
967 DEBUG(10,("schannel auth: domain [%s] myname [%s]\n",
968 neg.domain, neg.myname));
971 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
972 auth_info.auth_type ));
977 switch(p->hdr.pkt_type) {
979 /* name has to be \PIPE\xxxxx */
980 fstrcpy(ack_pipe_name, "\\PIPE\\");
981 fstrcat(ack_pipe_name, p->pipe_srv_name);
982 reply_pkt_type = RPC_BINDACK;
985 /* secondary address CAN be NULL
986 * as the specs say it's ignored.
987 * It MUST NULL to have the spoolss working.
989 fstrcpy(ack_pipe_name,"");
990 reply_pkt_type = RPC_ALTCONTRESP;
996 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
999 * Marshall directly into the outgoing PDU space. We
1000 * must do this as we need to set to the bind response
1001 * header and are never sending more than one PDU here.
1004 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
1005 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
1008 * Setup the memory to marshall the ba header, and the
1012 if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
1013 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
1014 prs_mem_free(&outgoing_rpc);
1018 if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
1019 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
1020 prs_mem_free(&outgoing_rpc);
1021 prs_mem_free(&out_hdr_ba);
1025 if (p->ntlmssp_auth_requested)
1028 assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
1031 * Create the bind response struct.
1034 /* If the requested abstract synt uuid doesn't match our client pipe,
1035 reject the bind_ack & set the transfer interface synt to all 0's,
1036 ver 0 (observed when NT5 attempts to bind to abstract interfaces
1038 Needed when adding entries to a DACL from NT5 - SK */
1040 if(check_bind_req(p->name, &hdr_rb.abstract, &hdr_rb.transfer)) {
1041 init_rpc_hdr_ba(&hdr_ba,
1049 RPC_IFACE null_interface;
1050 ZERO_STRUCT(null_interface);
1051 /* Rejection reason: abstract syntax not supported */
1052 init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
1053 MAX_PDU_FRAG_LEN, assoc_gid,
1054 ack_pipe_name, 0x1, 0x2, 0x1,
1062 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
1063 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
1068 * Now the authentication.
1071 if (p->ntlmssp_auth_requested) {
1072 RPC_AUTH_VERIFIER auth_verifier;
1073 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
1075 generate_random_buffer(p->challenge, 8, False);
1077 /*** Authentication info ***/
1079 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
1080 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1081 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1085 /*** NTLMSSP verifier ***/
1087 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
1088 if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
1089 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1093 /* NTLMSSP challenge ***/
1095 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
1096 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
1097 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
1101 /* Auth len in the rpc header doesn't include auth_header. */
1102 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1105 if (p->netsec_auth_validated) {
1106 RPC_AUTH_VERIFIER auth_verifier;
1109 /* The client opens a second RPC NETLOGON pipe without
1110 doing a auth2. The credentials for the schannel are
1111 re-used from the auth2 the client did before. */
1112 p->dc = last_dcinfo;
1114 init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
1115 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1116 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1120 /*** NETSEC verifier ***/
1122 init_rpc_auth_verifier(&auth_verifier, "\001", 0x0);
1123 if(!smb_io_rpc_netsec_verifier("", &auth_verifier, &out_auth, 0)) {
1124 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1128 prs_align(&out_auth);
1131 if(!prs_uint32("flags ", &out_auth, 0, &flags))
1134 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1138 * Create the header, now we know the length.
1141 init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
1143 RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
1147 * Marshall the header into the outgoing PDU.
1150 if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
1151 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1156 * Now add the RPC_HDR_BA and any auth needed.
1159 if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
1160 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1164 if((p->ntlmssp_auth_requested|p->netsec_auth_validated) &&
1165 !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
1166 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1170 if(!p->ntlmssp_auth_requested)
1171 p->pipe_bound = True;
1174 * Setup the lengths for the initial reply.
1177 p->out_data.data_sent_length = 0;
1178 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1179 p->out_data.current_pdu_sent = 0;
1181 prs_mem_free(&out_hdr_ba);
1182 prs_mem_free(&out_auth);
1188 prs_mem_free(&outgoing_rpc);
1189 prs_mem_free(&out_hdr_ba);
1190 prs_mem_free(&out_auth);
1194 /****************************************************************************
1195 Deal with sign & seal processing on an RPC request.
1196 ****************************************************************************/
1198 BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1201 * We always negotiate the following two bits....
1203 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1204 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1210 auth_len = p->hdr.auth_len;
1212 if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1213 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1218 * The following is that length of the data we must verify or unseal.
1219 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1220 * preceeding the auth_data.
1223 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1224 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1226 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1227 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1231 * The data in rpc_in doesn't contain the RPC_HEADER as this
1232 * has already been consumed.
1234 char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1235 NTLMSSPcalc_p(p, (uchar*)data, data_len);
1236 crc32 = crc32_calc_buffer(data, data_len);
1239 old_offset = prs_offset(rpc_in);
1241 if (auth_seal || auth_verify) {
1242 RPC_HDR_AUTH auth_info;
1244 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1245 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1246 (unsigned int)old_offset + data_len ));
1250 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1251 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1257 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1258 char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1260 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1263 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1266 if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1267 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1268 RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1272 NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1273 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1274 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1278 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1279 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1285 * Return the current pointer to the data offset.
1288 if(!prs_set_offset(rpc_in, old_offset)) {
1289 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1290 (unsigned int)old_offset ));
1297 /****************************************************************************
1298 Deal with schannel processing on an RPC request.
1299 ****************************************************************************/
1300 BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
1303 * We always negotiate the following two bits....
1308 RPC_HDR_AUTH auth_info;
1309 RPC_AUTH_NETSEC_CHK netsec_chk;
1312 auth_len = p->hdr.auth_len;
1314 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
1315 DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
1320 * The following is that length of the data we must verify or unseal.
1321 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1322 * preceeding the auth_data.
1325 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1326 RPC_HDR_AUTH_LEN - auth_len;
1328 DEBUG(5,("data %d auth %d\n", data_len, auth_len));
1330 old_offset = prs_offset(rpc_in);
1332 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1333 DEBUG(0,("cannot move offset to %u.\n",
1334 (unsigned int)old_offset + data_len ));
1338 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1339 DEBUG(0,("failed to unmarshall RPC_HDR_AUTH.\n"));
1343 if ((auth_info.auth_type != NETSEC_AUTH_TYPE) ||
1344 (auth_info.auth_level != NETSEC_AUTH_LEVEL)) {
1345 DEBUG(0,("Invalid auth info %d or level %d on schannel\n",
1346 auth_info.auth_type, auth_info.auth_level));
1350 if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
1351 DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
1355 if (!netsec_decode(&p->netsec_auth, &netsec_chk,
1356 prs_data_p(rpc_in)+old_offset, data_len)) {
1357 DEBUG(0,("failed to decode PDU\n"));
1362 * Return the current pointer to the data offset.
1365 if(!prs_set_offset(rpc_in, old_offset)) {
1366 DEBUG(0,("failed to set offset back to %u\n",
1367 (unsigned int)old_offset ));
1371 /* The sequence number gets incremented on both send and receive. */
1372 p->netsec_auth.seq_num++;
1377 /****************************************************************************
1378 Return a user struct for a pipe user.
1379 ****************************************************************************/
1381 struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1383 if (p->ntlmssp_auth_validated) {
1384 memcpy(user, &p->pipe_user, sizeof(struct current_user));
1386 extern struct current_user current_user;
1387 memcpy(user, ¤t_user, sizeof(struct current_user));
1393 /****************************************************************************
1394 Find the correct RPC function to call for this request.
1395 If the pipe is authenticated then become the correct UNIX user
1396 before doing the call.
1397 ****************************************************************************/
1399 BOOL api_pipe_request(pipes_struct *p)
1404 if (p->ntlmssp_auth_validated) {
1406 if(!become_authenticated_pipe_user(p)) {
1407 prs_mem_free(&p->out_data.rdata);
1412 DEBUG(5, ("Requested \\PIPE\\%s\n", p->name));
1414 for (i = 0; i < rpc_lookup_size; i++) {
1415 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
1416 DEBUG(3,("Doing \\PIPE\\%s\n",
1417 rpc_lookup[i].pipe.clnt));
1418 set_current_rpc_talloc(p->mem_ctx);
1419 ret = api_rpcTNP(p, rpc_lookup[i].pipe.clnt,
1421 rpc_lookup[i].n_cmds);
1422 set_current_rpc_talloc(NULL);
1428 if (i == rpc_lookup_size) {
1429 smb_probe_module("rpc", p->name);
1431 for (i = 0; i < rpc_lookup_size; i++) {
1432 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
1433 DEBUG(3,("Doing \\PIPE\\%s\n",
1434 rpc_lookup[i].pipe.clnt));
1435 set_current_rpc_talloc(p->mem_ctx);
1436 ret = api_rpcTNP(p, rpc_lookup[i].pipe.clnt,
1438 rpc_lookup[i].n_cmds);
1439 set_current_rpc_talloc(NULL);
1445 if(p->ntlmssp_auth_validated)
1446 unbecome_authenticated_pipe_user();
1451 /*******************************************************************
1452 Calls the underlying RPC function for a named pipe.
1453 ********************************************************************/
1455 BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
1456 const struct api_struct *api_rpc_cmds, int n_cmds)
1460 uint32 offset1, offset2;
1462 /* interpret the command */
1463 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1465 slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1466 prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1468 for (fn_num = 0; fn_num < n_cmds; fn_num++) {
1469 if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1470 DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
1475 if (fn_num == n_cmds) {
1477 * For an unknown RPC just return a fault PDU but
1478 * return True to allow RPC's on the pipe to continue
1479 * and not put the pipe into fault state. JRA.
1481 DEBUG(4, ("unknown\n"));
1482 setup_fault_pdu(p, NT_STATUS(0x1c010002));
1486 offset1 = prs_offset(&p->out_data.rdata);
1488 DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1489 fn_num, api_rpc_cmds[fn_num].fn));
1490 /* do the actual command */
1491 if(!api_rpc_cmds[fn_num].fn(p)) {
1492 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1493 prs_mem_free(&p->out_data.rdata);
1497 if (p->bad_handle_fault_state) {
1498 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1499 p->bad_handle_fault_state = False;
1500 setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1504 slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1505 offset2 = prs_offset(&p->out_data.rdata);
1506 prs_set_offset(&p->out_data.rdata, offset1);
1507 prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1508 prs_set_offset(&p->out_data.rdata, offset2);
1510 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1512 /* Check for buffer underflow in rpc parsing */
1514 if ((DEBUGLEVEL >= 10) &&
1515 (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1516 size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1519 data = malloc(data_len);
1521 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1523 prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);