Copyright (C) Andrew Tridgell 1992-1997
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
Copyright (C) Paul Ashton 1997
+ Copyright (C) Jeremy Allison 2000-2004
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */
#define _NT_DOMAIN_H
-/* dce/rpc support */
-#include "rpc_dce.h"
-
-/* miscellaneous structures / defines */
-#include "rpc_misc.h"
-
-#include "rpc_creds.h"
-
-#include "talloc.h"
-
/*
* A bunch of stuff that was put into smb.h
* in the NTDOM branch - it didn't belong there.
*/
-typedef struct _prs_struct
-{
+typedef struct _prs_struct {
BOOL io; /* parsing in or out of data stream */
/*
* If the (incoming) data is big-endian. On output we are
uint32 grow_size; /* size requested via prs_grow() calls */
char *data_p; /* The buffer itself. */
TALLOC_CTX *mem_ctx; /* When unmarshalling, use this.... */
+ const char *sess_key; /* If we have to do encrypt/decrypt on the fly. */
} prs_struct;
/*
* The current PDU being returned. This inclues
* headers, data and authentication footer.
*/
- unsigned char current_pdu[MAX_PDU_FRAG_LEN];
+ unsigned char current_pdu[RPC_MAX_PDU_FRAG_LEN];
/* The amount of data in the current_pdu buffer. */
uint32 current_pdu_len;
} output_data;
typedef struct _input_data {
- /*
- * This is the current incoming pdu. The data here
- * is collected via multiple writes until a complete
- * pdu is seen, then the data is copied into the in_data
- * structure. The maximum size of this is 0x1630 (MAX_PDU_FRAG_LEN).
- */
- unsigned char current_in_pdu[MAX_PDU_FRAG_LEN];
-
- /*
- * The amount of data needed to complete the in_pdu.
- * If this is zero, then we are at the start of a new
- * pdu.
- */
- uint32 pdu_needed_len;
-
- /*
- * The amount of data received so far in the in_pdu.
- * If this is zero, then we are at the start of a new
- * pdu.
- */
- uint32 pdu_received_len;
-
- /*
- * This is the collection of input data with all
- * the rpc headers and auth footers removed.
- * The maximum length of this (1Mb) is strictly enforced.
- */
- prs_struct data;
+ /*
+ * This is the current incoming pdu. The data here
+ * is collected via multiple writes until a complete
+ * pdu is seen, then the data is copied into the in_data
+ * structure. The maximum size of this is 0x1630 (RPC_MAX_PDU_FRAG_LEN).
+ */
+ unsigned char current_in_pdu[RPC_MAX_PDU_FRAG_LEN];
+
+ /*
+ * The amount of data needed to complete the in_pdu.
+ * If this is zero, then we are at the start of a new
+ * pdu.
+ */
+ uint32 pdu_needed_len;
+
+ /*
+ * The amount of data received so far in the in_pdu.
+ * If this is zero, then we are at the start of a new
+ * pdu.
+ */
+ uint32 pdu_received_len;
+
+ /*
+ * This is the collection of input data with all
+ * the rpc headers and auth footers removed.
+ * The maximum length of this (1Mb) is strictly enforced.
+ */
+ prs_struct data;
} input_data;
/*
* Handle database - stored per pipe.
*/
-struct policy
-{
- struct policy *next, *prev;
-
- POLICY_HND pol_hnd;
+struct policy {
+ struct policy *next, *prev;
- void *data_ptr;
- void (*free_fn)(void *);
+ POLICY_HND pol_hnd;
+ void *data_ptr;
+ void (*free_fn)(void *);
};
struct handle_list {
};
/* Domain controller authentication protocol info */
-struct dcinfo
-{
- DOM_CHAL clnt_chal; /* Initial challenge received from client */
- DOM_CHAL srv_chal; /* Initial server challenge */
- DOM_CRED clnt_cred; /* Last client credential */
- DOM_CRED srv_cred; /* Last server credential */
+struct dcinfo {
+ uint32 sequence; /* "timestamp" from client. */
+ DOM_CHAL seed_chal;
+ DOM_CHAL clnt_chal; /* Client credential */
+ DOM_CHAL srv_chal; /* Server credential */
- uchar sess_key[8]; /* Session key */
- uchar md4pw[16]; /* md4(machine password) */
+ unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
+ unsigned char mach_pw[16]; /* md4(machine password) */
fstring mach_acct; /* Machine name we've authenticated. */
fstring remote_machine; /* Machine name we've authenticated. */
+ fstring domain;
BOOL challenge_sent;
- BOOL got_session_key;
BOOL authenticated;
+};
+
+typedef struct pipe_rpc_fns {
+
+ struct pipe_rpc_fns *next, *prev;
+
+ /* RPC function table associated with the current rpc_bind (associated by context) */
+
+ struct api_struct *cmds;
+ int n_cmds;
+ uint32 context_id;
+
+} PIPE_RPC_FNS;
+
+/*
+ * Different auth types we support.
+ * Can't keep in sync with wire values as spnego wraps different auth methods.
+ */
+
+enum pipe_auth_type { PIPE_AUTH_TYPE_NONE = 0, PIPE_AUTH_TYPE_NTLMSSP, PIPE_AUTH_TYPE_SCHANNEL,
+ PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, PIPE_AUTH_TYPE_KRB5, PIPE_AUTH_TYPE_SPNEGO_KRB5 };
+/* Possible auth levels - keep these in sync with the wire values. */
+enum pipe_auth_level { PIPE_AUTH_LEVEL_NONE = 0,
+ PIPE_AUTH_LEVEL_CONNECT = 1, /* We treat as NONE. */
+ PIPE_AUTH_LEVEL_INTEGRITY = 5, /* Sign. */
+ PIPE_AUTH_LEVEL_PRIVACY = 6 /* Seal. */
+};
+
+/* auth state for krb5. */
+struct kerberos_auth_struct {
+ const char *service_principal;
+ DATA_BLOB session_key;
+};
+
+/* auth state for schannel. */
+struct schannel_auth_struct {
+ unsigned char sess_key[16];
+ uint32 seq_num;
+};
+
+/* auth state for all bind types. */
+
+struct pipe_auth_data {
+ enum pipe_auth_type auth_type; /* switch for union below. */
+ enum pipe_auth_level auth_level;
+ union {
+ struct schannel_auth_struct *schannel_auth;
+ AUTH_NTLMSSP_STATE *auth_ntlmssp_state;
+/* struct kerberos_auth_struct *kerberos_auth; TO BE ADDED... */
+ } a_u;
+ void (*auth_data_free_func)(struct pipe_auth_data *);
};
/*
* DCE/RPC-specific samba-internal-specific handling of data on
* NamedPipes.
- *
*/
-typedef struct pipes_struct
-{
+typedef struct pipes_struct {
struct pipes_struct *next, *prev;
connection_struct *conn;
fstring name;
fstring pipe_srv_name;
-
+
+ /* linked list of rpc dispatch tables associated
+ with the open rpc contexts */
+
+ PIPE_RPC_FNS *contexts;
+
RPC_HDR hdr; /* Incoming RPC header. */
RPC_HDR_REQ hdr_req; /* Incoming request header. */
- uint32 ntlmssp_chal_flags; /* Client challenge flags. */
- BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */
- BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */
- unsigned char challenge[8];
- unsigned char ntlmssp_hash[258];
- uint32 ntlmssp_seq_num;
- struct dcinfo dc; /* Keeps the creds data. */
+ /* This context is used for pipe state storage and is freed when the pipe is closed. */
+ TALLOC_CTX *pipe_state_mem_ctx;
- /* Hmm. In my understanding the authentication happens
- implicitly later, so there are no two stages for
- schannel. */
+ struct pipe_auth_data auth;
- BOOL netsec_auth_validated;
- struct netsec_auth_struct netsec_auth;
+ struct dcinfo *dc; /* Keeps the creds data from netlogon. */
/*
- * Windows user info.
+ * Credentials used for the pipe operations
*/
- fstring user_name;
- fstring domain;
- fstring wks;
- /*
- * Unix user name and credentials.
- */
-
- fstring pipe_user_name;
struct current_user pipe_user;
-
- uint8 session_key[16];
-
+ DATA_BLOB session_key;
+
/*
* Set to true when an RPC bind has been done on this pipe.
*/
*/
BOOL bad_handle_fault_state;
+
+ /*
+ * Set to true when the backend does not support a call.
+ */
+
+ BOOL rng_fault_state;
/*
* Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's
output_data out_data;
- /* talloc context to use when allocating memory on this pipe. */
+ /* This context is used for PDU data and is freed between each pdu.
+ Don't use for pipe state storage. */
TALLOC_CTX *mem_ctx;
/* handle database to use on this pipe. */
} pipes_struct;
-typedef struct smb_np_struct
-{
+typedef struct smb_np_struct {
struct smb_np_struct *next, *prev;
int pnum;
connection_struct *conn;
} smb_np_struct;
-struct api_struct
-{
- const char *name;
- uint8 opnum;
- BOOL (*fn) (pipes_struct *);
+struct api_struct {
+ const char *name;
+ uint8 opnum;
+ BOOL (*fn) (pipes_struct *);
};
-typedef struct
-{
+typedef struct {
uint32 rid;
const char *name;
-
} rid_name;
-struct acct_info
-{
- fstring acct_name; /* account name */
- fstring acct_desc; /* account name */
- uint32 rid; /* domain-relative RID */
-};
-
/*
* higher order functions for use with msrpc client code
*/
/* end higher order functions */
-
-/* security descriptor structures */
-#include "rpc_secdes.h"
-
-/* pac */
-#include "authdata.h"
-
-/* different dce/rpc pipes */
-#include "rpc_lsa.h"
-#include "rpc_netlogon.h"
-#include "rpc_reg.h"
-#include "rpc_samr.h"
-#include "rpc_srvsvc.h"
-#include "rpc_wkssvc.h"
-#include "rpc_spoolss.h"
-#include "rpc_dfs.h"
-#include "rpc_ds.h"
-#include "rpc_echo.h"
+typedef struct {
+ uint32 size;
+ prs_struct prs;
+ uint32 struct_start;
+ uint32 string_at_end;
+} RPC_BUFFER;
#endif /* _NT_DOMAIN_H */
git.samba.org / tprouty / samba.git / blobdiff