*/
#include "includes.h"
-#include "../libcli/auth/libcli_auth.h"
#include "librpc/gen_ndr/cli_epmapper.h"
#include "../librpc/gen_ndr/ndr_schannel.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "../librpc/gen_ndr/ndr_dssetup.h"
+#include "../librpc/gen_ndr/ndr_samr.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "../librpc/gen_ndr/ndr_srvsvc.h"
+#include "../librpc/gen_ndr/ndr_wkssvc.h"
+#include "../librpc/gen_ndr/ndr_winreg.h"
+#include "../librpc/gen_ndr/ndr_spoolss.h"
+#include "../librpc/gen_ndr/ndr_dfs.h"
+#include "../librpc/gen_ndr/ndr_echo.h"
+#include "../librpc/gen_ndr/ndr_initshutdown.h"
+#include "../librpc/gen_ndr/ndr_svcctl.h"
+#include "../librpc/gen_ndr/ndr_eventlog.h"
+#include "../librpc/gen_ndr/ndr_ntsvcs.h"
+#include "../librpc/gen_ndr/ndr_epmapper.h"
+#include "../librpc/gen_ndr/ndr_drsuapi.h"
#include "../libcli/auth/schannel.h"
-#include "../libcli/auth/schannel_proto.h"
#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
+#include "../libcli/auth/ntlmssp.h"
+#include "rpc_client/cli_netlogon.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_CLI
return true;
}
+/*******************************************************************
+*******************************************************************/
+
+NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
+ enum dcerpc_pkt_type ptype,
+ uint8_t pfc_flags,
+ uint16_t frag_length,
+ uint16_t auth_length,
+ uint32_t call_id,
+ union dcerpc_payload u,
+ DATA_BLOB *blob)
+{
+ struct ncacn_packet r;
+ enum ndr_err_code ndr_err;
+
+ r.rpc_vers = 5;
+ r.rpc_vers_minor = 0;
+ r.ptype = ptype;
+ r.pfc_flags = pfc_flags;
+ r.drep[0] = DCERPC_DREP_LE;
+ r.drep[1] = 0;
+ r.drep[2] = 0;
+ r.drep[3] = 0;
+ r.frag_length = frag_length;
+ r.auth_length = auth_length;
+ r.call_id = call_id;
+ r.u = u;
+
+ ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
+ (ndr_push_flags_fn_t)ndr_push_ncacn_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(ncacn_packet, &r);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+*******************************************************************/
+
+NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct ncacn_packet *r)
+{
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_pull_struct_blob(blob, mem_ctx, r,
+ (ndr_pull_flags_fn_t)ndr_pull_ncacn_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(ncacn_packet, r);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+*******************************************************************/
+
+NTSTATUS dcerpc_pull_ncacn_packet_header(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct ncacn_packet_header *r)
+{
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_pull_struct_blob(blob, mem_ctx, r,
+ (ndr_pull_flags_fn_t)ndr_pull_ncacn_packet_header);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(ncacn_packet_header, r);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static NTSTATUS dcerpc_push_schannel_bind(TALLOC_CTX *mem_ctx,
+ struct NL_AUTH_MESSAGE *r,
+ DATA_BLOB *blob)
+{
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_push_struct_blob(blob, mem_ctx, r,
+ (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, r);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static NTSTATUS dcerpc_pull_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct dcerpc_auth *r)
+{
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_pull_struct_blob(blob, mem_ctx, r,
+ (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(dcerpc_auth, r);
+ }
+
+ return NT_STATUS_OK;
+}
/*******************************************************************
Use SMBreadX to get rest of one fragment's worth of rpc data.
static NTSTATUS parse_rpc_header(struct rpc_pipe_client *cli,
- struct rpc_hdr_info *prhdr,
+ struct ncacn_packet_header *prhdr,
prs_struct *pdu)
{
+ NTSTATUS status;
+ DATA_BLOB blob = data_blob_const(prs_data_p(pdu), prs_data_size(pdu));
+
/*
* This next call sets the endian bit correctly in current_pdu. We
* will propagate this to rbuf later.
*/
- if(!smb_io_rpc_hdr("rpc_hdr ", prhdr, pdu, 0)) {
- DEBUG(0, ("get_current_pdu: Failed to unmarshall RPC_HDR.\n"));
+ status = dcerpc_pull_ncacn_packet_header(cli, &blob, prhdr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!prs_set_offset(pdu, prs_offset(pdu) + RPC_HEADER_LEN)) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
- if (prhdr->frag_len > cli->max_recv_frag) {
+ if (UNMARSHALLING(pdu) && prhdr->drep[0] == 0) {
+ DEBUG(10,("parse_rpc_header: PDU data format is big-endian. Setting flag.\n"));
+ prs_set_endian_data(pdu, RPC_BIG_ENDIAN);
+ }
+
+ if (prhdr->frag_length > cli->max_recv_frag) {
DEBUG(0, ("cli_pipe_get_current_pdu: Server sent fraglen %d,"
- " we only allow %d\n", (int)prhdr->frag_len,
+ " we only allow %d\n", (int)prhdr->frag_length,
(int)cli->max_recv_frag));
return NT_STATUS_BUFFER_TOO_SMALL;
}
struct get_complete_frag_state {
struct event_context *ev;
struct rpc_pipe_client *cli;
- struct rpc_hdr_info *prhdr;
+ struct ncacn_packet_header *prhdr;
prs_struct *pdu;
};
static struct tevent_req *get_complete_frag_send(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct rpc_pipe_client *cli,
- struct rpc_hdr_info *prhdr,
+ struct ncacn_packet_header *prhdr,
prs_struct *pdu)
{
struct tevent_req *req, *subreq;
/*
* Ensure we have frag_len bytes of data.
*/
- if (pdu_len < prhdr->frag_len) {
- if (!rpc_grow_buffer(pdu, prhdr->frag_len)) {
+ if (pdu_len < prhdr->frag_length) {
+ if (!rpc_grow_buffer(pdu, prhdr->frag_length)) {
status = NT_STATUS_NO_MEMORY;
goto post_status;
}
subreq = rpc_read_send(state, state->ev,
state->cli->transport,
(uint8_t *)(prs_data_p(pdu) + pdu_len),
- prhdr->frag_len - pdu_len);
+ prhdr->frag_length - pdu_len);
if (subreq == NULL) {
status = NT_STATUS_NO_MEMORY;
goto post_status;
return;
}
- if (!rpc_grow_buffer(state->pdu, state->prhdr->frag_len)) {
+ if (!rpc_grow_buffer(state->pdu, state->prhdr->frag_length)) {
tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
return;
}
subreq = rpc_read_send(
state, state->ev, state->cli->transport,
(uint8_t *)(prs_data_p(state->pdu) + RPC_HEADER_LEN),
- state->prhdr->frag_len - RPC_HEADER_LEN);
+ state->prhdr->frag_length - RPC_HEADER_LEN);
if (tevent_req_nomem(subreq, req)) {
return;
}
In fact I should probably abstract these into identical pieces of code... JRA.
****************************************************************************/
-static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *prhdr,
+static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli,
+ struct ncacn_packet_header *prhdr,
prs_struct *current_pdu,
uint8 *p_ss_padding_len)
{
- RPC_HDR_AUTH auth_info;
+ struct dcerpc_auth auth_info;
uint32 save_offset = prs_offset(current_pdu);
- uint32 auth_len = prhdr->auth_len;
- NTLMSSP_STATE *ntlmssp_state = cli->auth->a_u.ntlmssp_state;
+ uint32_t auth_len = prhdr->auth_length;
+ struct ntlmssp_state *ntlmssp_state = cli->auth->a_u.ntlmssp_state;
unsigned char *data = NULL;
size_t data_len;
unsigned char *full_packet_data = NULL;
size_t full_packet_data_len;
DATA_BLOB auth_blob;
+ DATA_BLOB blob;
NTSTATUS status;
if (cli->auth->auth_level == DCERPC_AUTH_LEVEL_NONE
}
/* Ensure there's enough data for an authenticated response. */
- if ((auth_len > RPC_MAX_SIGN_SIZE) ||
- (RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_len)) {
+ if (auth_len > RPC_MAX_PDU_FRAG_LEN ||
+ prhdr->frag_length < RPC_HEADER_LEN +
+ RPC_HDR_RESP_LEN +
+ RPC_HDR_AUTH_LEN + auth_len) {
DEBUG(0,("cli_pipe_verify_ntlmssp: auth_len %u is too large.\n",
(unsigned int)auth_len ));
return NT_STATUS_BUFFER_TOO_SMALL;
*/
data = (unsigned char *)(prs_data_p(current_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN);
- data_len = (size_t)(prhdr->frag_len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len);
+ data_len = (size_t)(prhdr->frag_length - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len);
full_packet_data = (unsigned char *)prs_data_p(current_pdu);
- full_packet_data_len = prhdr->frag_len - auth_len;
+ full_packet_data_len = prhdr->frag_length - auth_len;
/* Pull the auth header and the following data into a blob. */
- if(!prs_set_offset(current_pdu, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len)) {
+ /* NB. The offset of the auth_header is relative to the *end*
+ * of the packet, not the start. */
+ if(!prs_set_offset(current_pdu, prhdr->frag_length - RPC_HDR_AUTH_LEN - auth_len)) {
DEBUG(0,("cli_pipe_verify_ntlmssp: cannot move offset to %u.\n",
(unsigned int)RPC_HEADER_LEN + (unsigned int)RPC_HDR_RESP_LEN + (unsigned int)data_len ));
return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+ blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu),
+ prs_data_size(current_pdu) - prs_offset(current_pdu));
+
+ status = dcerpc_pull_dcerpc_auth(cli, &blob, &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unmarshall dcerpc_auth.\n"));
+ return status;
}
- if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, current_pdu, 0)) {
- DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unmarshall RPC_HDR_AUTH.\n"));
+ /* Ensure auth_pad_len fits into the packet. */
+ if (RPC_HEADER_LEN + RPC_HDR_REQ_LEN + auth_info.auth_pad_length +
+ RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_length) {
+ DEBUG(0,("cli_pipe_verify_ntlmssp: auth_info.auth_pad_len "
+ "too large (%u), auth_len (%u), frag_len = (%u).\n",
+ (unsigned int)auth_info.auth_pad_length,
+ (unsigned int)auth_len,
+ (unsigned int)prhdr->frag_length));
return NT_STATUS_BUFFER_TOO_SMALL;
}
- auth_blob.data = (unsigned char *)prs_data_p(current_pdu) + prs_offset(current_pdu);
- auth_blob.length = auth_len;
+
+ auth_blob = auth_info.credentials;
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
* stream once the sign/seal is done.
*/
- *p_ss_padding_len = auth_info.auth_pad_len;
+ *p_ss_padding_len = auth_info.auth_pad_length;
return NT_STATUS_OK;
}
schannel specific sign/seal.
****************************************************************************/
-static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *prhdr,
+static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli,
+ struct ncacn_packet_header *prhdr,
prs_struct *current_pdu,
uint8 *p_ss_padding_len)
{
RPC_HDR_AUTH auth_info;
- uint32 auth_len = prhdr->auth_len;
+ uint32_t auth_len = prhdr->auth_length;
uint32 save_offset = prs_offset(current_pdu);
struct schannel_state *schannel_auth =
cli->auth->a_u.schannel_auth;
}
/* Ensure there's enough data for an authenticated response. */
- if ((auth_len > RPC_MAX_SIGN_SIZE) ||
- (RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_len)) {
+ if ((auth_len > RPC_MAX_PDU_FRAG_LEN) ||
+ (RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_length)) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u is too large.\n",
(unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
- data_len = prhdr->frag_len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
+ data_len = prhdr->frag_length - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len;
- if(!prs_set_offset(current_pdu, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len)) {
- DEBUG(0,("cli_pipe_verify_schannel: cannot move offset to %u.\n",
- (unsigned int)RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len ));
+ /* Pull the auth header and the following data into a blob. */
+ /* NB. The offset of the auth_header is relative to the *end*
+ * of the packet, not the start. */
+ if(!prs_set_offset(current_pdu,
+ prhdr->frag_length - RPC_HDR_AUTH_LEN - auth_len)) {
+ DEBUG(0,("cli_pipe_verify_schannel: cannot move "
+ "offset to %u.\n",
+ (unsigned int)(prhdr->frag_length -
+ RPC_HDR_AUTH_LEN - auth_len) ));
return NT_STATUS_BUFFER_TOO_SMALL;
}
return NT_STATUS_BUFFER_TOO_SMALL;
}
+ /* Ensure auth_pad_len fits into the packet. */
+ if (RPC_HEADER_LEN + RPC_HDR_REQ_LEN + auth_info.auth_pad_len +
+ RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_length) {
+ DEBUG(0,("cli_pipe_verify_schannel: auth_info.auth_pad_len "
+ "too large (%u), auth_len (%u), frag_len = (%u).\n",
+ (unsigned int)auth_info.auth_pad_len,
+ (unsigned int)auth_len,
+ (unsigned int)prhdr->frag_length));
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
if (auth_info.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) {
DEBUG(0,("cli_pipe_verify_schannel: Invalid auth info %d on schannel\n",
auth_info.auth_type));
Do the authentication checks on an incoming pdu. Check sign and unseal etc.
****************************************************************************/
-static NTSTATUS cli_pipe_validate_rpc_response(struct rpc_pipe_client *cli, RPC_HDR *prhdr,
+static NTSTATUS cli_pipe_validate_rpc_response(struct rpc_pipe_client *cli,
+ struct ncacn_packet_header *prhdr,
prs_struct *current_pdu,
uint8 *p_ss_padding_len)
{
NTSTATUS ret = NT_STATUS_OK;
/* Paranioa checks for auth_len. */
- if (prhdr->auth_len) {
- if (prhdr->auth_len > prhdr->frag_len) {
+ if (prhdr->auth_length) {
+ if (prhdr->auth_length > prhdr->frag_length) {
return NT_STATUS_INVALID_PARAMETER;
}
- if (prhdr->auth_len + (unsigned int)RPC_HDR_AUTH_LEN < prhdr->auth_len ||
- prhdr->auth_len + (unsigned int)RPC_HDR_AUTH_LEN < (unsigned int)RPC_HDR_AUTH_LEN) {
+ if (prhdr->auth_length + (unsigned int)RPC_HDR_AUTH_LEN < prhdr->auth_length ||
+ prhdr->auth_length + (unsigned int)RPC_HDR_AUTH_LEN < (unsigned int)RPC_HDR_AUTH_LEN) {
/* Integer wrap attempt. */
return NT_STATUS_INVALID_PARAMETER;
}
switch(cli->auth->auth_type) {
case PIPE_AUTH_TYPE_NONE:
- if (prhdr->auth_len) {
+ if (prhdr->auth_length) {
DEBUG(3, ("cli_pipe_validate_rpc_response: "
"Connection to %s - got non-zero "
"auth len %u.\n",
rpccli_pipe_txt(talloc_tos(), cli),
- (unsigned int)prhdr->auth_len ));
+ (unsigned int)prhdr->auth_length));
return NT_STATUS_INVALID_PARAMETER;
}
break;
Do basic authentication checks on an incoming pdu.
****************************************************************************/
-static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *prhdr,
+static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli,
+ struct ncacn_packet_header *prhdr,
prs_struct *current_pdu,
uint8 expected_pkt_type,
char **ppdata,
NTSTATUS ret = NT_STATUS_OK;
uint32 current_pdu_len = prs_data_size(current_pdu);
- if (current_pdu_len != prhdr->frag_len) {
+ if (current_pdu_len != prhdr->frag_length) {
DEBUG(5,("cli_pipe_validate_current_pdu: incorrect pdu length %u, expected %u\n",
- (unsigned int)current_pdu_len, (unsigned int)prhdr->frag_len ));
+ (unsigned int)current_pdu_len, (unsigned int)prhdr->frag_length));
return NT_STATUS_INVALID_PARAMETER;
}
*pdata_len = current_pdu_len;
/* Ensure we have the correct type. */
- switch (prhdr->pkt_type) {
+ switch (prhdr->ptype) {
case DCERPC_PKT_ALTER_RESP:
case DCERPC_PKT_BIND_ACK:
case DCERPC_PKT_RESPONSE:
{
- RPC_HDR_RESP rhdr_resp;
uint8 ss_padding_len = 0;
+ DATA_BLOB blob;
+ struct ncacn_packet r;
+
+ blob = data_blob_const(prs_data_p(current_pdu),
+ prs_data_size(current_pdu));
+
+ ret = dcerpc_pull_ncacn_packet(cli, &blob, &r);
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
+ }
- if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, current_pdu, 0)) {
- DEBUG(5,("cli_pipe_validate_current_pdu: failed to unmarshal RPC_HDR_RESP.\n"));
+ if (!prs_set_offset(current_pdu, prs_offset(current_pdu) + RPC_HDR_RESP_LEN)) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
*pdata_len = current_pdu_len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - ss_padding_len;
/* Remember to remove the auth footer. */
- if (prhdr->auth_len) {
+ if (prhdr->auth_length) {
/* We've already done integer wrap tests on auth_len in
cli_pipe_validate_rpc_response(). */
- if (*pdata_len < RPC_HDR_AUTH_LEN + prhdr->auth_len) {
+ if (*pdata_len < RPC_HDR_AUTH_LEN + prhdr->auth_length) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
- *pdata_len -= (RPC_HDR_AUTH_LEN + prhdr->auth_len);
+ *pdata_len -= (RPC_HDR_AUTH_LEN + prhdr->auth_length);
}
DEBUG(10,("cli_pipe_validate_current_pdu: got pdu len %u, data_len %u, ss_len %u\n",
* set up the return_data parse_struct to the correct size.
*/
- if ((prs_data_size(return_data) == 0) && rhdr_resp.alloc_hint && (rhdr_resp.alloc_hint < 15*1024*1024)) {
- if (!prs_set_buffer_size(return_data, rhdr_resp.alloc_hint)) {
+ if ((prs_data_size(return_data) == 0) && r.u.response.alloc_hint && (r.u.response.alloc_hint < 15*1024*1024)) {
+ if (!prs_set_buffer_size(return_data, r.u.response.alloc_hint)) {
DEBUG(0,("cli_pipe_validate_current_pdu: reply alloc hint %u "
"too large to allocate\n",
- (unsigned int)rhdr_resp.alloc_hint ));
+ (unsigned int)r.u.response.alloc_hint ));
return NT_STATUS_NO_MEMORY;
}
}
case DCERPC_PKT_FAULT:
{
- RPC_HDR_RESP rhdr_resp;
- RPC_HDR_FAULT fault_resp;
+ DATA_BLOB blob;
+ struct ncacn_packet r;
- if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, current_pdu, 0)) {
- DEBUG(5,("cli_pipe_validate_current_pdu: failed to unmarshal RPC_HDR_RESP.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
- }
+ blob = data_blob_const(prs_data_p(current_pdu),
+ prs_data_size(current_pdu));
- if(!smb_io_rpc_hdr_fault("fault", &fault_resp, current_pdu, 0)) {
- DEBUG(5,("cli_pipe_validate_current_pdu: failed to unmarshal RPC_HDR_FAULT.\n"));
- return NT_STATUS_BUFFER_TOO_SMALL;
+ ret = dcerpc_pull_ncacn_packet(cli, &blob, &r);
+ if (!NT_STATUS_IS_OK(ret)) {
+ return ret;
}
-
DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault "
"code %s received from %s!\n",
- dcerpc_errstr(talloc_tos(), NT_STATUS_V(fault_resp.status)),
+ dcerpc_errstr(talloc_tos(), r.u.fault.status),
rpccli_pipe_txt(talloc_tos(), cli)));
- if (NT_STATUS_IS_OK(fault_resp.status)) {
+
+ if (NT_STATUS_IS_OK(NT_STATUS(r.u.fault.status))) {
return NT_STATUS_UNSUCCESSFUL;
} else {
- return fault_resp.status;
+ return NT_STATUS(r.u.fault.status);
}
}
default:
DEBUG(0, ("cli_pipe_validate_current_pdu: unknown packet type %u received "
"from %s!\n",
- (unsigned int)prhdr->pkt_type,
+ (unsigned int)prhdr->ptype,
rpccli_pipe_txt(talloc_tos(), cli)));
return NT_STATUS_INVALID_INFO_CLASS;
}
- if (prhdr->pkt_type != expected_pkt_type) {
+ if (prhdr->ptype != expected_pkt_type) {
DEBUG(3, ("cli_pipe_validate_current_pdu: Connection to %s "
"got an unexpected RPC packet type - %u, not %u\n",
rpccli_pipe_txt(talloc_tos(), cli),
- prhdr->pkt_type,
+ prhdr->ptype,
expected_pkt_type));
return NT_STATUS_INVALID_INFO_CLASS;
}
data before now as we may have needed to do cryptographic actions on
it before. */
- if ((prhdr->pkt_type == DCERPC_PKT_BIND_ACK) && !(prhdr->flags & DCERPC_PFC_FLAG_LAST)) {
+ if ((prhdr->ptype == DCERPC_PKT_BIND_ACK) && !(prhdr->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
DEBUG(5,("cli_pipe_validate_current_pdu: bug in server (AS/U?), "
"setting fragment first/last ON.\n"));
- prhdr->flags |= DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST;
+ prhdr->pfc_flags |= DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST;
}
return NT_STATUS_OK;
deal with that.
****************************************************************************/
-static NTSTATUS cli_pipe_reset_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *prhdr, prs_struct *current_pdu)
+static NTSTATUS cli_pipe_reset_current_pdu(struct rpc_pipe_client *cli,
+ struct ncacn_packet_header *prhdr,
+ prs_struct *current_pdu)
{
uint32 current_pdu_len = prs_data_size(current_pdu);
- if (current_pdu_len < prhdr->frag_len) {
+ if (current_pdu_len < prhdr->frag_length) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
/* Common case. */
- if (current_pdu_len == (uint32)prhdr->frag_len) {
+ if (current_pdu_len == (uint32)prhdr->frag_length) {
prs_mem_free(current_pdu);
prs_init_empty(current_pdu, prs_get_mem_context(current_pdu), UNMARSHALL);
/* Make current_pdu dynamic with no memory. */
* Cheat. Move the data down and shrink the buffer.
*/
- memcpy(prs_data_p(current_pdu), prs_data_p(current_pdu) + prhdr->frag_len,
- current_pdu_len - prhdr->frag_len);
+ memcpy(prs_data_p(current_pdu), prs_data_p(current_pdu) + prhdr->frag_length,
+ current_pdu_len - prhdr->frag_length);
/* Remember to set the read offset back to zero. */
prs_set_offset(current_pdu, 0);
/* Shrink the buffer. */
- if (!prs_set_buffer_size(current_pdu, current_pdu_len - prhdr->frag_len)) {
+ if (!prs_set_buffer_size(current_pdu, current_pdu_len - prhdr->frag_length)) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
tevent_req_set_callback(subreq, cli_api_pipe_write_done, req);
return req;
- status = NT_STATUS_INVALID_PARAMETER;
-
post_status:
tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
uint8_t expected_pkt_type;
prs_struct incoming_frag;
- struct rpc_hdr_info rhdr;
+ struct ncacn_packet_header rhdr;
prs_struct incoming_pdu; /* Incoming reply */
uint32_t incoming_pdu_offset;
};
-static int rpc_api_pipe_state_destructor(struct rpc_api_pipe_state *state)
-{
- prs_mem_free(&state->incoming_frag);
- prs_mem_free(&state->incoming_pdu);
- return 0;
-}
-
static void rpc_api_pipe_trans_done(struct tevent_req *subreq);
static void rpc_api_pipe_got_pdu(struct tevent_req *subreq);
/* Make incoming_pdu dynamic with no memory. */
prs_give_memory(&state->incoming_pdu, NULL, 0, true);
- talloc_set_destructor(state, rpc_api_pipe_state_destructor);
-
/*
* Ensure we're not sending too much.
*/
NTSTATUS status;
uint8_t *rdata = NULL;
uint32_t rdata_len = 0;
- char *rdata_copy;
status = cli_api_pipe_recv(subreq, state, &rdata, &rdata_len);
TALLOC_FREE(subreq);
}
/*
- * Give the memory received from cli_trans as dynamic to the current
- * pdu. Duplicating it sucks, but prs_struct doesn't know about talloc
- * :-(
+ * This is equivalent to a talloc_steal - gives rdata to
+ * the prs_struct state->incoming_frag.
*/
- rdata_copy = (char *)memdup(rdata, rdata_len);
- TALLOC_FREE(rdata);
- if (tevent_req_nomem(rdata_copy, req)) {
- return;
- }
- prs_give_memory(&state->incoming_frag, rdata_copy, rdata_len, true);
+ prs_give_memory(&state->incoming_frag, (char *)rdata, rdata_len, true);
+ rdata = NULL;
/* Ensure we have enough data for a pdu. */
subreq = get_complete_frag_send(state, state->ev, state->cli,
return;
}
- if ((state->rhdr.flags & DCERPC_PFC_FLAG_FIRST)
- && (state->rhdr.pack_type[0] == 0)) {
+ if ((state->rhdr.pfc_flags & DCERPC_PFC_FLAG_FIRST)
+ && (state->rhdr.drep[0] == 0)) {
/*
* Set the data type correctly for big-endian data on the
* first packet.
return;
}
- if (state->rhdr.flags & DCERPC_PFC_FLAG_LAST) {
+ if (state->rhdr.pfc_flags & DCERPC_PFC_FLAG_LAST) {
DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n",
rpccli_pipe_txt(talloc_tos(), state->cli),
(unsigned)prs_data_size(&state->incoming_pdu)));
reply_pdu->mem_ctx = mem_ctx;
/*
- * Prevent state->incoming_pdu from being freed in
- * rpc_api_pipe_state_destructor()
+ * Prevent state->incoming_pdu from being freed
+ * when state is freed.
*/
+ talloc_steal(mem_ctx, prs_data_p(reply_pdu));
prs_init_empty(&state->incoming_pdu, state, UNMARSHALL);
return NT_STATUS_OK;
}
+/*******************************************************************
+ ********************************************************************/
+
+static NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ uint8_t auth_pad_length,
+ uint32_t auth_context_id,
+ const DATA_BLOB *credentials,
+ DATA_BLOB *blob)
+{
+ struct dcerpc_auth r;
+ enum ndr_err_code ndr_err;
+
+ r.auth_type = auth_type;
+ r.auth_level = auth_level;
+ r.auth_pad_length = auth_pad_length;
+ r.auth_reserved = 0;
+ r.auth_context_id = auth_context_id;
+ r.credentials = *credentials;
+
+ ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
+ (ndr_push_flags_fn_t)ndr_push_dcerpc_auth);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(dcerpc_auth, &r);
+ }
+
+ return NT_STATUS_OK;
+}
+
/*******************************************************************
Creates krb5 auth bind.
********************************************************************/
-static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli,
- enum dcerpc_AuthLevel auth_level,
- RPC_HDR_AUTH *pauth_out,
- prs_struct *auth_data)
+static NTSTATUS create_krb5_auth_bind_req(struct rpc_pipe_client *cli,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *auth_info)
{
#ifdef HAVE_KRB5
int ret;
+ NTSTATUS status;
struct kerberos_auth_struct *a = cli->auth->a_u.kerberos_auth;
DATA_BLOB tkt = data_blob_null;
DATA_BLOB tkt_wrapped = data_blob_null;
- /* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_KRB5, (int)auth_level, 0, 1);
-
DEBUG(5, ("create_krb5_auth_bind_req: creating a service ticket for principal %s\n",
a->service_principal ));
error_message(ret) ));
data_blob_free(&tkt);
- prs_mem_free(auth_data);
return NT_STATUS_INVALID_PARAMETER;
}
data_blob_free(&tkt);
- /* Auth len in the rpc header doesn't include auth_header. */
- if (!prs_copy_data_in(auth_data, (char *)tkt_wrapped.data, tkt_wrapped.length)) {
+ status = dcerpc_push_dcerpc_auth(cli,
+ DCERPC_AUTH_TYPE_KRB5,
+ auth_level,
+ 0, /* auth_pad_length */
+ 1, /* auth_context_id */
+ &tkt_wrapped,
+ auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&tkt_wrapped);
- prs_mem_free(auth_data);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
DEBUG(5, ("create_krb5_auth_bind_req: Created krb5 GSS blob :\n"));
dump_data(5, tkt_wrapped.data, tkt_wrapped.length);
- data_blob_free(&tkt_wrapped);
return NT_STATUS_OK;
#else
return NT_STATUS_INVALID_PARAMETER;
Creates SPNEGO NTLMSSP auth bind.
********************************************************************/
-static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum dcerpc_AuthLevel auth_level,
- RPC_HDR_AUTH *pauth_out,
- prs_struct *auth_data)
+static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *auth_info)
{
- NTSTATUS nt_status;
+ NTSTATUS status;
DATA_BLOB null_blob = data_blob_null;
DATA_BLOB request = data_blob_null;
DATA_BLOB spnego_msg = data_blob_null;
- /* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1);
-
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
+ status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
null_blob,
&request);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
data_blob_free(&request);
- prs_mem_free(auth_data);
- return nt_status;
+ return status;
}
/* Wrap this in SPNEGO. */
data_blob_free(&request);
- /* Auth len in the rpc header doesn't include auth_header. */
- if (!prs_copy_data_in(auth_data, (char *)spnego_msg.data, spnego_msg.length)) {
+ status = dcerpc_push_dcerpc_auth(cli,
+ DCERPC_AUTH_TYPE_SPNEGO,
+ auth_level,
+ 0, /* auth_pad_length */
+ 1, /* auth_context_id */
+ &spnego_msg,
+ auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&spnego_msg);
- prs_mem_free(auth_data);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
dump_data(5, spnego_msg.data, spnego_msg.length);
- data_blob_free(&spnego_msg);
return NT_STATUS_OK;
}
Creates NTLMSSP auth bind.
********************************************************************/
-static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum dcerpc_AuthLevel auth_level,
- RPC_HDR_AUTH *pauth_out,
- prs_struct *auth_data)
+static NTSTATUS create_ntlmssp_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *auth_info)
{
- NTSTATUS nt_status;
+ NTSTATUS status;
DATA_BLOB null_blob = data_blob_null;
DATA_BLOB request = data_blob_null;
- /* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_NTLMSSP, (int)auth_level, 0, 1);
-
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n"));
- nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
+ status = ntlmssp_update(cli->auth->a_u.ntlmssp_state,
null_blob,
&request);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
data_blob_free(&request);
- prs_mem_free(auth_data);
- return nt_status;
+ return status;
}
- /* Auth len in the rpc header doesn't include auth_header. */
- if (!prs_copy_data_in(auth_data, (char *)request.data, request.length)) {
+ status = dcerpc_push_dcerpc_auth(cli,
+ DCERPC_AUTH_TYPE_NTLMSSP,
+ auth_level,
+ 0, /* auth_pad_length */
+ 1, /* auth_context_id */
+ &request,
+ auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
data_blob_free(&request);
- prs_mem_free(auth_data);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n"));
dump_data(5, request.data, request.length);
- data_blob_free(&request);
return NT_STATUS_OK;
}
Creates schannel auth bind.
********************************************************************/
-static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
- enum dcerpc_AuthLevel auth_level,
- RPC_HDR_AUTH *pauth_out,
- prs_struct *auth_data)
+static NTSTATUS create_schannel_auth_rpc_bind_req(struct rpc_pipe_client *cli,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *auth_info)
{
+ NTSTATUS status;
struct NL_AUTH_MESSAGE r;
- enum ndr_err_code ndr_err;
- DATA_BLOB blob;
-
- /* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(pauth_out, DCERPC_AUTH_TYPE_SCHANNEL, (int)auth_level, 0, 1);
+ DATA_BLOB schannel_blob;
/* Use lp_workgroup() if domain not specified */
r.oem_netbios_domain.a = cli->auth->domain;
r.oem_netbios_computer.a = global_myname();
- ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &r,
- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));
- prs_mem_free(auth_data);
- return ndr_map_error2ntstatus(ndr_err);
+ status = dcerpc_push_schannel_bind(cli, &r, &schannel_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &r);
+ status = dcerpc_push_dcerpc_auth(cli,
+ DCERPC_AUTH_TYPE_SCHANNEL,
+ auth_level,
+ 0, /* auth_pad_length */
+ 1, /* auth_context_id */
+ &schannel_blob,
+ auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (!prs_copy_data_in(auth_data, (const char *)blob.data, blob.length))
- {
- prs_mem_free(auth_data);
- return NT_STATUS_NO_MEMORY;
- }
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static NTSTATUS init_dcerpc_ctx_list(TALLOC_CTX *mem_ctx,
+ const struct ndr_syntax_id *abstract_syntax,
+ const struct ndr_syntax_id *transfer_syntax,
+ struct dcerpc_ctx_list **ctx_list_p)
+{
+ struct dcerpc_ctx_list *ctx_list;
+
+ ctx_list = talloc_array(mem_ctx, struct dcerpc_ctx_list, 1);
+ NT_STATUS_HAVE_NO_MEMORY(ctx_list);
+
+ ctx_list[0].context_id = 0;
+ ctx_list[0].num_transfer_syntaxes = 1;
+ ctx_list[0].abstract_syntax = *abstract_syntax;
+ ctx_list[0].transfer_syntaxes = talloc_array(ctx_list,
+ struct ndr_syntax_id,
+ ctx_list[0].num_transfer_syntaxes);
+ NT_STATUS_HAVE_NO_MEMORY(ctx_list[0].transfer_syntaxes);
+ ctx_list[0].transfer_syntaxes[0] = *transfer_syntax;
+
+ *ctx_list_p = ctx_list;
return NT_STATUS_OK;
}
Creates the internals of a DCE/RPC bind request or alter context PDU.
********************************************************************/
-static NTSTATUS create_bind_or_alt_ctx_internal(enum dcerpc_pkt_type pkt_type,
+static NTSTATUS create_bind_or_alt_ctx_internal(enum dcerpc_pkt_type ptype,
prs_struct *rpc_out,
uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
const struct ndr_syntax_id *transfer,
- RPC_HDR_AUTH *phdr_auth,
- prs_struct *pauth_info)
+ const DATA_BLOB *auth_info)
{
- RPC_HDR hdr;
- RPC_HDR_RB hdr_rb;
- RPC_CONTEXT rpc_ctx;
- uint16 auth_len = prs_offset(pauth_info);
- uint8 ss_padding_len = 0;
+ uint16 auth_len = auth_info->length;
uint16 frag_len = 0;
+ NTSTATUS status;
+ union dcerpc_payload u;
+ DATA_BLOB blob;
+ struct dcerpc_ctx_list *ctx_list;
- /* create the RPC context. */
- init_rpc_context(&rpc_ctx, 0 /* context id */, abstract, transfer);
-
- /* create the bind request RPC_HDR_RB */
- init_rpc_hdr_rb(&hdr_rb, RPC_MAX_PDU_FRAG_LEN, RPC_MAX_PDU_FRAG_LEN, 0x0, &rpc_ctx);
-
- /* Start building the frag length. */
- frag_len = RPC_HEADER_LEN + RPC_HDR_RB_LEN(&hdr_rb);
-
- /* Do we need to pad ? */
- if (auth_len) {
- uint16 data_len = RPC_HEADER_LEN + RPC_HDR_RB_LEN(&hdr_rb);
- if (data_len % 8) {
- ss_padding_len = 8 - (data_len % 8);
- phdr_auth->auth_pad_len = ss_padding_len;
- }
- frag_len += RPC_HDR_AUTH_LEN + auth_len + ss_padding_len;
+ status = init_dcerpc_ctx_list(rpc_out->mem_ctx, abstract, transfer,
+ &ctx_list);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- /* Create the request RPC_HDR */
- init_rpc_hdr(&hdr, pkt_type, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id, frag_len, auth_len);
-
- /* Marshall the RPC header */
- if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
- DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR.\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ u.bind.max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
+ u.bind.max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
+ u.bind.assoc_group_id = 0x0;
+ u.bind.num_contexts = 1;
+ u.bind.ctx_list = ctx_list;
+ u.bind.auth_info = *auth_info;
- /* Marshall the bind request data */
- if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) {
+ /* Start building the frag length. */
+ frag_len = RPC_HEADER_LEN + RPC_HDR_RB_LEN(&u.bind) + auth_len;
+
+ status = dcerpc_push_ncacn_packet(rpc_out->mem_ctx,
+ ptype,
+ DCERPC_PFC_FLAG_FIRST |
+ DCERPC_PFC_FLAG_LAST,
+ frag_len,
+ auth_len ? auth_len - RPC_HDR_AUTH_LEN : 0,
+ rpc_call_id,
+ u,
+ &blob);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR_RB.\n"));
- return NT_STATUS_NO_MEMORY;
+ return status;
}
- /*
- * Grow the outgoing buffer to store any auth info.
- */
-
- if(auth_len != 0) {
- if (ss_padding_len) {
- char pad[8];
- memset(pad, '\0', 8);
- if (!prs_copy_data_in(rpc_out, pad, ss_padding_len)) {
- DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall padding.\n"));
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- if(!smb_io_rpc_hdr_auth("hdr_auth", phdr_auth, rpc_out, 0)) {
- DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR_AUTH.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
-
- if(!prs_append_prs_data( rpc_out, pauth_info)) {
- DEBUG(0,("create_bind_or_alt_ctx_internal: failed to grow parse struct to add auth.\n"));
- return NT_STATUS_NO_MEMORY;
- }
+ if (!prs_copy_data_in(rpc_out, (char *)blob.data, blob.length)) {
+ return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
********************************************************************/
static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
- prs_struct *rpc_out,
- uint32 rpc_call_id,
- const struct ndr_syntax_id *abstract,
- const struct ndr_syntax_id *transfer,
- enum pipe_auth_type auth_type,
- enum dcerpc_AuthLevel auth_level)
+ prs_struct *rpc_out,
+ uint32 rpc_call_id,
+ const struct ndr_syntax_id *abstract,
+ const struct ndr_syntax_id *transfer,
+ enum pipe_auth_type auth_type,
+ enum dcerpc_AuthLevel auth_level)
{
- RPC_HDR_AUTH hdr_auth;
- prs_struct auth_info;
+ DATA_BLOB auth_info = data_blob_null;
NTSTATUS ret = NT_STATUS_OK;
- ZERO_STRUCT(hdr_auth);
- if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL))
- return NT_STATUS_NO_MEMORY;
-
switch (auth_type) {
case PIPE_AUTH_TYPE_SCHANNEL:
- ret = create_schannel_auth_rpc_bind_req(cli, auth_level, &hdr_auth, &auth_info);
+ ret = create_schannel_auth_rpc_bind_req(cli, auth_level, &auth_info);
if (!NT_STATUS_IS_OK(ret)) {
- prs_mem_free(&auth_info);
return ret;
}
break;
case PIPE_AUTH_TYPE_NTLMSSP:
- ret = create_ntlmssp_auth_rpc_bind_req(cli, auth_level, &hdr_auth, &auth_info);
+ ret = create_ntlmssp_auth_rpc_bind_req(cli, auth_level, &auth_info);
if (!NT_STATUS_IS_OK(ret)) {
- prs_mem_free(&auth_info);
return ret;
}
break;
case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP:
- ret = create_spnego_ntlmssp_auth_rpc_bind_req(cli, auth_level, &hdr_auth, &auth_info);
+ ret = create_spnego_ntlmssp_auth_rpc_bind_req(cli, auth_level, &auth_info);
if (!NT_STATUS_IS_OK(ret)) {
- prs_mem_free(&auth_info);
return ret;
}
break;
case PIPE_AUTH_TYPE_KRB5:
- ret = create_krb5_auth_bind_req(cli, auth_level, &hdr_auth, &auth_info);
+ ret = create_krb5_auth_bind_req(cli, auth_level, &auth_info);
if (!NT_STATUS_IS_OK(ret)) {
- prs_mem_free(&auth_info);
return ret;
}
break;
}
ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_BIND,
- rpc_out,
- rpc_call_id,
- abstract,
- transfer,
- &hdr_auth,
- &auth_info);
-
- prs_mem_free(&auth_info);
+ rpc_out,
+ rpc_call_id,
+ abstract,
+ transfer,
+ &auth_info);
return ret;
}
NTSTATUS status;
DATA_BLOB auth_blob = data_blob_null;
uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
+ TALLOC_CTX *frame;
if (!cli->auth->a_u.ntlmssp_state) {
return NT_STATUS_INVALID_PARAMETER;
}
+ frame = talloc_stackframe();
+
/* Init and marshall the auth header. */
init_rpc_hdr_auth(&auth_info,
map_pipe_auth_type_to_rpc_auth_type(
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) {
DEBUG(0,("add_ntlmssp_auth_footer: failed to marshall RPC_HDR_AUTH.\n"));
- data_blob_free(&auth_blob);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
case DCERPC_AUTH_LEVEL_PRIVACY:
/* Data portion is encrypted. */
status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state,
+ frame,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_and_pad_len,
(unsigned char *)prs_data_p(outgoing_pdu),
(size_t)prs_offset(outgoing_pdu),
&auth_blob);
if (!NT_STATUS_IS_OK(status)) {
- data_blob_free(&auth_blob);
+ talloc_free(frame);
return status;
}
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
/* Data is signed. */
status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state,
+ frame,
(unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN,
data_and_pad_len,
(unsigned char *)prs_data_p(outgoing_pdu),
(size_t)prs_offset(outgoing_pdu),
&auth_blob);
if (!NT_STATUS_IS_OK(status)) {
- data_blob_free(&auth_blob);
+ talloc_free(frame);
return status;
}
break;
if (!prs_copy_data_in(outgoing_pdu, (const char *)auth_blob.data, NTLMSSP_SIG_SIZE)) {
DEBUG(0,("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n",
(unsigned int)NTLMSSP_SIG_SIZE));
- data_blob_free(&auth_blob);
+ talloc_free(frame);
return NT_STATUS_NO_MEMORY;
}
- data_blob_free(&auth_blob);
+ talloc_free(frame);
return NT_STATUS_OK;
}
data_len = MIN(data_space, data_left);
*p_ss_padding = 0;
- if (data_len % 8) {
- *p_ss_padding = 8 - (data_len % 8);
+ if (data_len % CLIENT_NDR_PADDING_SIZE) {
+ *p_ss_padding = CLIENT_NDR_PADDING_SIZE - (data_len % CLIENT_NDR_PADDING_SIZE);
}
*p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + /* Normal headers. */
data_len + *p_ss_padding + /* data plus padding. */
prs_struct reply_pdu;
};
-static int rpc_api_pipe_req_state_destructor(struct rpc_api_pipe_req_state *s)
-{
- prs_mem_free(&s->outgoing_frag);
- prs_mem_free(&s->reply_pdu);
- return 0;
-}
-
static void rpc_api_pipe_req_write_done(struct tevent_req *subreq);
static void rpc_api_pipe_req_done(struct tevent_req *subreq);
static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
goto fail;
}
- talloc_set_destructor(state, rpc_api_pipe_req_state_destructor);
-
status = prepare_next_frag(state, &is_last_frag);
if (!NT_STATUS_IS_OK(status)) {
goto post_status;
reply_pdu->mem_ctx = mem_ctx;
/*
- * Prevent state->req_pdu from being freed in
- * rpc_api_pipe_req_state_destructor()
+ * Prevent state->req_pdu from being freed
+ * when state is freed.
*/
+ talloc_steal(mem_ctx, prs_data_p(reply_pdu));
prs_init_empty(&state->reply_pdu, state, UNMARSHALL);
return NT_STATUS_OK;
/*
I'm puzzled about this - seems to violate the DCE RPC auth rules,
- about padding - shouldn't this pad to length 8 ? JRA.
+ about padding - shouldn't this pad to length CLIENT_NDR_PADDING_SIZE ? JRA.
*/
/* 4 bytes padding. */
const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */
prs_struct *rpc_out)
{
- RPC_HDR_AUTH hdr_auth;
- prs_struct auth_info;
- NTSTATUS ret = NT_STATUS_OK;
+ DATA_BLOB auth_info;
+ NTSTATUS status;
- ZERO_STRUCT(hdr_auth);
- if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL))
- return NT_STATUS_NO_MEMORY;
+ status = dcerpc_push_dcerpc_auth(prs_get_mem_context(rpc_out),
+ DCERPC_AUTH_TYPE_SPNEGO,
+ auth_level,
+ 0, /* auth_pad_length */
+ 1, /* auth_context_id */
+ pauth_blob,
+ &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- /* We may change the pad length before marshalling. */
- init_rpc_hdr_auth(&hdr_auth, DCERPC_AUTH_TYPE_SPNEGO, (int)auth_level, 0, 1);
- if (pauth_blob->length) {
- if (!prs_copy_data_in(&auth_info, (const char *)pauth_blob->data, pauth_blob->length)) {
- prs_mem_free(&auth_info);
- return NT_STATUS_NO_MEMORY;
- }
+ status = create_bind_or_alt_ctx_internal(DCERPC_PKT_ALTER,
+ rpc_out,
+ rpc_call_id,
+ abstract,
+ transfer,
+ &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_ALTER,
- rpc_out,
- rpc_call_id,
- abstract,
- transfer,
- &hdr_auth,
- &auth_info);
- prs_mem_free(&auth_info);
- return ret;
+ return status;
}
/****************************************************************************
uint32_t rpc_call_id;
};
-static int rpc_pipe_bind_state_destructor(struct rpc_pipe_bind_state *state)
-{
- prs_mem_free(&state->rpc_out);
- return 0;
-}
-
static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
static NTSTATUS rpc_finish_auth3_bind_send(struct tevent_req *req,
struct rpc_pipe_bind_state *state,
state->rpc_call_id = get_rpc_call_id();
prs_init_empty(&state->rpc_out, state, MARSHALL);
- talloc_set_destructor(state, rpc_pipe_bind_state_destructor);
cli->auth = talloc_move(cli, &auth);
/* Unmarshall the RPC header */
if (!smb_io_rpc_hdr("hdr", &hdr, &reply_pdu, 0)) {
DEBUG(0, ("rpc_pipe_bind: failed to unmarshall RPC_HDR.\n"));
- prs_mem_free(&reply_pdu);
tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
return;
}
if (!smb_io_rpc_hdr_ba("", &hdr_ba, &reply_pdu, 0)) {
DEBUG(0, ("rpc_pipe_bind: Failed to unmarshall "
"RPC_HDR_BA.\n"));
- prs_mem_free(&reply_pdu);
tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
return;
}
if (!check_bind_response(&hdr_ba, &state->cli->transfer_syntax)) {
DEBUG(2, ("rpc_pipe_bind: check_bind_response failed.\n"));
- prs_mem_free(&reply_pdu);
tevent_req_nterror(req, NT_STATUS_BUFFER_TOO_SMALL);
return;
}
case PIPE_AUTH_TYPE_NONE:
case PIPE_AUTH_TYPE_SCHANNEL:
/* Bind complete. */
- prs_mem_free(&reply_pdu);
tevent_req_done(req);
break;
/* Need to send AUTH3 packet - no reply. */
status = rpc_finish_auth3_bind_send(req, state, &hdr,
&reply_pdu);
- prs_mem_free(&reply_pdu);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
}
/* Need to send alter context request and reply. */
status = rpc_finish_spnego_ntlmssp_bind_send(req, state, &hdr,
&reply_pdu);
- prs_mem_free(&reply_pdu);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
}
default:
DEBUG(0,("cli_finish_bind_auth: unknown auth type %u\n",
(unsigned int)state->cli->auth->auth_type));
- prs_mem_free(&reply_pdu);
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
}
}
return status;
}
+#define RPCCLI_DEFAULT_TIMEOUT 10000 /* 10 seconds. */
+
unsigned int rpccli_set_timeout(struct rpc_pipe_client *rpc_cli,
unsigned int timeout)
{
- struct cli_state *cli = rpc_pipe_np_smb_conn(rpc_cli);
+ unsigned int old;
- if (cli == NULL) {
- return 0;
+ if (rpc_cli->transport == NULL) {
+ return RPCCLI_DEFAULT_TIMEOUT;
+ }
+
+ if (rpc_cli->transport->set_timeout == NULL) {
+ return RPCCLI_DEFAULT_TIMEOUT;
}
- return cli_set_timeout(cli, timeout);
+
+ old = rpc_cli->transport->set_timeout(rpc_cli->transport->priv, timeout);
+ if (old == 0) {
+ return RPCCLI_DEFAULT_TIMEOUT;
+ }
+
+ return old;
+}
+
+bool rpccli_is_connected(struct rpc_pipe_client *rpc_cli)
+{
+ if (rpc_cli == NULL) {
+ return false;
+ }
+
+ if (rpc_cli->transport == NULL) {
+ return false;
+ }
+
+ return rpc_cli->transport->is_connected(rpc_cli->transport->priv);
}
bool rpccli_get_pwd_hash(struct rpc_pipe_client *rpc_cli, uint8_t nt_hash[16])
return 0;
}
-NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
+static NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx,
enum pipe_auth_type auth_type,
enum dcerpc_AuthLevel auth_level,
const char *domain,
goto fail;
}
- status = ntlmssp_client_start(&result->a_u.ntlmssp_state);
+ status = ntlmssp_client_start(NULL,
+ global_myname(),
+ lp_workgroup(),
+ lp_client_ntlmv2_auth(),
+ &result->a_u.ntlmssp_state);
if (!NT_STATUS_IS_OK(status)) {
goto fail;
}
}
#endif
-NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
+static NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx,
enum dcerpc_AuthLevel auth_level,
const char *service_princ,
const char *username,
NTSTATUS status;
uint16_t port = 0;
- *presult = NULL;
-
status = rpc_pipe_get_tcp_port(host, abstract_syntax, &port);
if (!NT_STATUS_IS_OK(status)) {
- goto done;
+ return status;
}
- status = rpc_pipe_open_tcp_port(mem_ctx, host, port,
+ return rpc_pipe_open_tcp_port(mem_ctx, host, port,
abstract_syntax, presult);
-
-done:
- return status;
}
/********************************************************************
return status;
}
-static int rpc_pipe_client_np_destructor(struct rpc_pipe_client *p)
-{
+struct rpc_pipe_client_np_ref {
struct cli_state *cli;
+ struct rpc_pipe_client *pipe;
+};
- cli = rpc_pipe_np_smb_conn(p);
- if (cli != NULL) {
- DLIST_REMOVE(cli->pipe_list, p);
- }
+static int rpc_pipe_client_np_ref_destructor(struct rpc_pipe_client_np_ref *np_ref)
+{
+ DLIST_REMOVE(np_ref->cli->pipe_list, np_ref->pipe);
return 0;
}
{
struct rpc_pipe_client *result;
NTSTATUS status;
+ struct rpc_pipe_client_np_ref *np_ref;
/* sanity check to protect against crashes */
result->transport->transport = NCACN_NP;
- DLIST_ADD(cli->pipe_list, result);
- talloc_set_destructor(result, rpc_pipe_client_np_destructor);
+ np_ref = talloc(result->transport, struct rpc_pipe_client_np_ref);
+ if (np_ref == NULL) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
+ np_ref->cli = cli;
+ np_ref->pipe = result;
+
+ DLIST_ADD(np_ref->cli->pipe_list, np_ref->pipe);
+ talloc_set_destructor(np_ref, rpc_pipe_client_np_ref_destructor);
*presult = result;
return NT_STATUS_OK;
*presult = result;
}
- return NT_STATUS_OK;
+ return status;
}
/****************************************************************************