2 * Unix SMB/CIFS implementation.
3 * RPC Pipe client / server routines
4 * Copyright (C) Andrew Tridgell 1992-1998
5 * Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
6 * Copyright (C) Paul Ashton 1997-1998,
7 * Copyright (C) Jeremy Allison 1999,
8 * Copyright (C) Anthony Liguori 2003.
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* this module apparently provides an implementation of DCE/RPC over a
26 * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
27 * documentation are available (in on-line form) from the X-Open group.
29 * this module should provide a level of abstraction between SMB
30 * and DCE/RPC, while minimising the amount of mallocs, unnecessary
31 * data copies, and network traffic.
33 * in this version, which takes a "let's learn what's going on and
34 * get something running" approach, there is additional network
35 * traffic generated, but the code should be easier to understand...
37 * ... if you read the docs. or stare at packets for weeks on end.
44 #define DBGC_CLASS DBGC_RPC_SRV
46 /*************************************************************
48 We need to transfer the session key from one rpc bind to the
49 next. This is the way the netlogon schannel works.
50 **************************************************************/
51 struct dcinfo last_dcinfo;
53 static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
55 unsigned char *hash = p->ntlmssp_hash;
56 unsigned char index_i = hash[256];
57 unsigned char index_j = hash[257];
60 for( ind = 0; ind < len; ind++) {
65 index_j += hash[index_i];
68 hash[index_i] = hash[index_j];
71 t = hash[index_i] + hash[index_j];
72 data[ind] = data[ind] ^ hash[t];
79 /*******************************************************************
80 Generate the next PDU to be returned from the data in p->rdata.
81 We cheat here as this function doesn't handle the special auth
82 footers of the authenticated bind response reply.
83 ********************************************************************/
85 BOOL create_next_pdu(pipes_struct *p)
87 RPC_HDR_RESP hdr_resp;
88 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
89 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
91 uint32 data_space_available;
93 prs_struct outgoing_pdu;
97 * If we're in the fault state, keep returning fault PDU's until
98 * the pipe gets closed. JRA.
102 setup_fault_pdu(p, NT_STATUS(0x1c010002));
106 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
108 /* Change the incoming request header to a response. */
109 p->hdr.pkt_type = RPC_RESPONSE;
111 /* Set up rpc header flags. */
112 if (p->out_data.data_sent_length == 0)
113 p->hdr.flags = RPC_FLG_FIRST;
118 * Work out how much we can fit in a single PDU.
121 data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
122 if(p->ntlmssp_auth_validated)
123 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN);
125 if(p->netsec_auth_validated)
126 data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN);
129 * The amount we send is the minimum of the available
130 * space and the amount left to send.
133 data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length;
136 * Ensure there really is data left to send.
140 DEBUG(0,("create_next_pdu: no data left to send !\n"));
144 data_len = MIN(data_len_left, data_space_available);
147 * Set up the alloc hint. This should be the data left to
151 hdr_resp.alloc_hint = data_len_left;
154 * Set up the header lengths.
157 if (p->ntlmssp_auth_validated) {
158 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
159 RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN;
160 p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN;
161 } else if (p->netsec_auth_validated) {
162 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len +
163 RPC_HDR_AUTH_LEN + RPC_AUTH_NETSEC_CHK_LEN;
164 p->hdr.auth_len = RPC_AUTH_NETSEC_CHK_LEN;
166 p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len;
171 * Work out if this PDU will be the last.
174 if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata))
175 p->hdr.flags |= RPC_FLG_LAST;
178 * Init the parse struct to point at the outgoing
182 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
183 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
185 /* Store the header in the data stream. */
186 if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) {
187 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n"));
188 prs_mem_free(&outgoing_pdu);
192 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
193 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n"));
194 prs_mem_free(&outgoing_pdu);
198 /* Store the current offset. */
199 data_pos = prs_offset(&outgoing_pdu);
201 /* Copy the data into the PDU. */
203 if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) {
204 DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len));
205 prs_mem_free(&outgoing_pdu);
209 if (p->ntlmssp_auth_validated) {
213 DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n",
214 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len));
217 * Set data to point to where we copied the data into.
220 data = prs_data_p(&outgoing_pdu) + data_pos;
223 crc32 = crc32_calc_buffer(data, data_len);
224 NTLMSSPcalc_p(p, (uchar*)data, data_len);
227 if (auth_seal || auth_verify) {
228 RPC_HDR_AUTH auth_info;
230 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL,
231 (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0));
232 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
233 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
234 prs_mem_free(&outgoing_pdu);
240 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
241 char *auth_data = prs_data_p(&outgoing_pdu);
243 p->ntlmssp_seq_num++;
244 init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION,
245 crc32, p->ntlmssp_seq_num++);
246 auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4;
247 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) {
248 DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n"));
249 prs_mem_free(&outgoing_pdu);
252 NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
256 if (p->netsec_auth_validated) {
258 RPC_HDR_AUTH auth_info;
259 static const uchar netsec_sig[8] = NETSEC_SIGNATURE;
260 static const uchar nullbytes[8] = { 0,0,0,0,0,0,0,0 };
262 RPC_AUTH_NETSEC_CHK verf;
268 data = prs_data_p(&outgoing_pdu) + data_pos;
270 init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL,
271 RPC_HDR_AUTH_LEN, 1);
273 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
274 DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
275 prs_mem_free(&outgoing_pdu);
279 prs_init(&rverf, 0, p->mem_ctx, MARSHALL);
280 prs_init(&rauth, 0, p->mem_ctx, MARSHALL);
282 if ((p->netsec_auth.seq_num & 1) == 0) {
283 DEBUG(0,("SCHANNEL ERROR: seq_num must be odd in server! (seq_num=%d)\n",
284 p->netsec_auth.seq_num));
287 RSIVAL(sign, 0, p->netsec_auth.seq_num);
290 init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, sign, nullbytes);
292 netsec_encode(&p->netsec_auth, &verf, data, data_len);
294 smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
296 p->netsec_auth.seq_num++;
300 * Setup the counts for this PDU.
303 p->out_data.data_sent_length += data_len;
304 p->out_data.current_pdu_len = p->hdr.frag_len;
305 p->out_data.current_pdu_sent = 0;
307 prs_mem_free(&outgoing_pdu);
311 /*******************************************************************
312 Process an NTLMSSP authentication response.
313 If this function succeeds, the user has been authenticated
314 and their domain, name and calling workstation stored in
316 The initial challenge is stored in p->challenge.
317 *******************************************************************/
319 static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp)
331 struct auth_context *auth_context = NULL;
332 auth_usersupplied_info *user_info = NULL;
333 auth_serversupplied_info *server_info = NULL;
335 DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
337 memset(p->user_name, '\0', sizeof(p->user_name));
338 memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
339 memset(p->domain, '\0', sizeof(p->domain));
340 memset(p->wks, '\0', sizeof(p->wks));
342 /* Set up for non-authenticated user. */
343 delete_nt_token(&p->pipe_user.nt_user_token);
344 p->pipe_user.ngroups = 0;
345 SAFE_FREE( p->pipe_user.groups);
348 * Setup an empty password for a guest user.
352 * We always negotiate UNICODE.
355 if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) {
356 rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 );
357 rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0);
358 rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0);
360 pull_ascii_fstring(user_name, ntlmssp_resp->user);
361 pull_ascii_fstring(domain, ntlmssp_resp->domain);
362 pull_ascii_fstring(wks, ntlmssp_resp->wks);
365 DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks));
367 nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len);
368 lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len);
370 memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf));
371 memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len);
373 #ifdef DEBUG_PASSWORD
374 DEBUG(100,("lm, nt owfs, chal\n"));
375 dump_data(100, (char *)lm_owf, sizeof(lm_owf));
376 dump_data(100, (char *)nt_owf, nt_pw_len);
377 dump_data(100, (char *)p->challenge, 8);
381 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
387 * Do the length checking only if user is not NULL.
390 if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0)
392 if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0)
394 if (ntlmssp_resp->hdr_usr.str_str_len == 0)
396 if (ntlmssp_resp->hdr_domain.str_str_len == 0)
398 if (ntlmssp_resp->hdr_wks.str_str_len == 0)
403 make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
405 if (!make_user_info_netlogon_network(&user_info,
406 user_name, domain, wks,
408 nt_owf, nt_pw_len)) {
409 DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n"));
413 nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
415 (auth_context->free)(&auth_context);
416 free_user_info(&user_info);
418 p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
420 if (!p->ntlmssp_auth_validated) {
421 DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
422 failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
423 free_server_info(&server_info);
428 * Set up the sign/seal data.
433 NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24);
445 for (ind = 0; ind < 256; ind++)
446 p->ntlmssp_hash[ind] = (unsigned char)ind;
448 for( ind = 0; ind < 256; ind++) {
451 j += (p->ntlmssp_hash[ind] + k2[ind%8]);
453 tc = p->ntlmssp_hash[ind];
454 p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
455 p->ntlmssp_hash[j] = tc;
458 p->ntlmssp_hash[256] = 0;
459 p->ntlmssp_hash[257] = 0;
461 /* NTLMSSPhash(p->ntlmssp_hash, p24); */
462 p->ntlmssp_seq_num = 0;
466 fstrcpy(p->user_name, user_name);
467 fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
468 fstrcpy(p->domain, domain);
469 fstrcpy(p->wks, wks);
472 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
475 if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
476 DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n"));
477 free_server_info(&server_info);
481 memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
483 p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
484 p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
486 p->pipe_user.ngroups = server_info->n_groups;
487 if (p->pipe_user.ngroups) {
488 if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
489 DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
490 free_server_info(&server_info);
495 if (server_info->ptok)
496 p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
498 DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
499 p->pipe_user.nt_user_token = NULL;
500 free_server_info(&server_info);
504 p->ntlmssp_auth_validated = True;
506 free_server_info(&server_info);
510 /*******************************************************************
511 The switch table for the pipe names and the functions to handle them.
512 *******************************************************************/
521 struct api_struct *cmds;
525 static struct rpc_table *rpc_lookup;
526 static int rpc_lookup_size;
528 /*******************************************************************
529 This is the client reply to our challenge for an authenticated
530 bind request. The challenge we sent is in p->challenge.
531 *******************************************************************/
533 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
535 RPC_HDR_AUTHA autha_info;
536 RPC_AUTH_VERIFIER auth_verifier;
537 RPC_AUTH_NTLMSSP_RESP ntlmssp_resp;
539 DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
541 if (p->hdr.auth_len == 0) {
542 DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n"));
547 * Decode the authentication verifier response.
550 if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) {
551 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n"));
555 if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) {
556 DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
557 (int)autha_info.auth_type, (int)autha_info.auth_level ));
561 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
562 DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n"));
567 * Ensure this is a NTLMSSP_AUTH packet type.
570 if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) {
571 DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n"));
575 if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) {
576 DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n"));
581 * The following call actually checks the challenge/response data.
582 * for correctness against the given DOMAIN\user name.
585 if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp))
593 /*******************************************************************
594 Marshall a bind_nak pdu.
595 *******************************************************************/
597 static BOOL setup_bind_nak(pipes_struct *p)
599 prs_struct outgoing_rpc;
603 /* Free any memory in the current return data buffer. */
604 prs_mem_free(&p->out_data.rdata);
607 * Marshall directly into the outgoing PDU space. We
608 * must do this as we need to set to the bind response
609 * header and are never sending more than one PDU here.
612 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
613 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
617 * Initialize a bind_nak header.
620 init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
621 p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
624 * Marshall the header into the outgoing PDU.
627 if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) {
628 DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n"));
629 prs_mem_free(&outgoing_rpc);
634 * Now add the reject reason.
637 if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) {
638 prs_mem_free(&outgoing_rpc);
642 p->out_data.data_sent_length = 0;
643 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
644 p->out_data.current_pdu_sent = 0;
646 p->pipe_bound = False;
651 /*******************************************************************
652 Marshall a fault pdu.
653 *******************************************************************/
655 BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status)
657 prs_struct outgoing_pdu;
659 RPC_HDR_RESP hdr_resp;
660 RPC_HDR_FAULT fault_resp;
662 /* Free any memory in the current return data buffer. */
663 prs_mem_free(&p->out_data.rdata);
666 * Marshall directly into the outgoing PDU space. We
667 * must do this as we need to set to the bind response
668 * header and are never sending more than one PDU here.
671 prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
672 prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
675 * Initialize a fault header.
678 init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
679 p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
682 * Initialize the HDR_RESP and FAULT parts of the PDU.
685 memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
687 fault_resp.status = status;
688 fault_resp.reserved = 0;
691 * Marshall the header into the outgoing PDU.
694 if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) {
695 DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n"));
696 prs_mem_free(&outgoing_pdu);
700 if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) {
701 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n"));
702 prs_mem_free(&outgoing_pdu);
706 if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) {
707 DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n"));
708 prs_mem_free(&outgoing_pdu);
712 p->out_data.data_sent_length = 0;
713 p->out_data.current_pdu_len = prs_offset(&outgoing_pdu);
714 p->out_data.current_pdu_sent = 0;
716 prs_mem_free(&outgoing_pdu);
720 /*******************************************************************
721 Ensure a bind request has the correct abstract & transfer interface.
722 Used to reject unknown binds from Win2k.
723 *******************************************************************/
725 BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract,
728 extern struct pipe_id_info pipe_names[];
731 fstrcpy(pname,"\\PIPE\\");
732 fstrcat(pname,pipe_name);
734 DEBUG(3,("check_bind_req for %s\n", pname));
736 #ifndef SUPPORT_NEW_LSARPC_UUID
738 /* check for the first pipe matching the name */
740 for ( i=0; pipe_names[i].client_pipe; i++ ) {
741 if ( strequal(pipe_names[i].client_pipe, pname) )
745 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
747 for ( i=0; pipe_names[i].client_pipe; i++ )
749 if ( strequal(pipe_names[i].client_pipe, pname)
750 && (abstract->version == pipe_names[i].abstr_syntax.version)
751 && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0)
752 && (transfer->version == pipe_names[i].trans_syntax.version)
753 && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) )
760 if(pipe_names[i].client_pipe == NULL)
763 #ifndef SUPPORT_NEW_LSARPC_UUID
764 /* check the abstract interface */
765 if ( (abstract->version != pipe_names[i].abstr_syntax.version)
766 || (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) != 0) )
771 /* check the transfer interface */
772 if ( (transfer->version != pipe_names[i].trans_syntax.version)
773 || (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) != 0) )
781 /*******************************************************************
782 Register commands to an RPC pipe
783 *******************************************************************/
784 int rpc_pipe_register_commands(const char *clnt, const char *srv, const struct api_struct *cmds, int size)
786 struct rpc_table *rpc_entry;
789 /* We use a temporary variable because this call can fail and
790 rpc_lookup will still be valid afterwards. It could then succeed if
791 called again later */
792 rpc_entry = realloc(rpc_lookup,
793 ++rpc_lookup_size*sizeof(struct rpc_table));
794 if (NULL == rpc_entry) {
796 DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
799 rpc_lookup = rpc_entry;
802 rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
803 ZERO_STRUCTP(rpc_entry);
804 rpc_entry->pipe.clnt = strdup(clnt);
805 rpc_entry->pipe.srv = strdup(srv);
806 rpc_entry->cmds = realloc(rpc_entry->cmds,
807 (rpc_entry->n_cmds + size) *
808 sizeof(struct api_struct));
809 memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds,
810 size * sizeof(struct api_struct));
811 rpc_entry->n_cmds += size;
816 /*******************************************************************
817 Respond to a pipe bind request.
818 *******************************************************************/
820 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
824 RPC_HDR_AUTH auth_info;
826 fstring ack_pipe_name;
827 prs_struct out_hdr_ba;
829 prs_struct outgoing_rpc;
832 enum RPC_PKT_TYPE reply_pkt_type;
834 p->ntlmssp_auth_requested = False;
835 p->netsec_auth_validated = False;
837 DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
840 * Try and find the correct pipe name to ensure
841 * that this is a pipe name we support.
845 for (i = 0; i < rpc_lookup_size; i++) {
846 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
847 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
848 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
849 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
854 if (i == rpc_lookup_size) {
855 if (!smb_probe_module("rpc", p->name)) {
856 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n",
858 if(!setup_bind_nak(p))
863 for (i = 0; i < rpc_lookup_size; i++) {
864 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
865 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
866 rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv));
867 fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv);
872 if (i == rpc_lookup_size) {
873 DEBUG(0, ("module %s doesn't provide functions for pipe %s!\n", p->name, p->name));
878 /* decode the bind request */
879 if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) {
880 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n"));
885 * Check if this is an authenticated request.
888 if (p->hdr.auth_len != 0) {
889 RPC_AUTH_VERIFIER auth_verifier;
890 RPC_AUTH_NTLMSSP_NEG ntlmssp_neg;
893 * Decode the authentication verifier.
896 if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) {
897 DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n"));
901 if(auth_info.auth_type == NTLMSSP_AUTH_TYPE) {
903 if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) {
904 DEBUG(0,("api_pipe_bind_req: unable to "
905 "unmarshall RPC_HDR_AUTH struct.\n"));
909 if(!strequal(auth_verifier.signature, "NTLMSSP")) {
910 DEBUG(0,("api_pipe_bind_req: "
911 "auth_verifier.signature != NTLMSSP\n"));
915 if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) {
916 DEBUG(0,("api_pipe_bind_req: "
917 "auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n",
918 auth_verifier.msg_type));
922 if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) {
923 DEBUG(0,("api_pipe_bind_req: "
924 "Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n"));
928 p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS;
929 p->ntlmssp_auth_requested = True;
931 } else if (auth_info.auth_type == NETSEC_AUTH_TYPE) {
933 RPC_AUTH_NETSEC_NEG neg;
934 struct netsec_auth_struct *a = &(p->netsec_auth);
936 if (!smb_io_rpc_auth_netsec_neg("", &neg, rpc_in_p, 0)) {
937 DEBUG(0,("api_pipe_bind_req: "
938 "Could not unmarshal SCHANNEL auth neg\n"));
942 p->netsec_auth_validated = True;
944 memset(a->sess_key, 0, sizeof(a->sess_key));
945 memcpy(a->sess_key, last_dcinfo.sess_key, sizeof(last_dcinfo.sess_key));
949 DEBUG(10,("schannel auth: domain [%s] myname [%s]\n",
950 neg.domain, neg.myname));
953 DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n",
954 auth_info.auth_type ));
959 switch(p->hdr.pkt_type) {
961 /* name has to be \PIPE\xxxxx */
962 fstrcpy(ack_pipe_name, "\\PIPE\\");
963 fstrcat(ack_pipe_name, p->pipe_srv_name);
964 reply_pkt_type = RPC_BINDACK;
967 /* secondary address CAN be NULL
968 * as the specs say it's ignored.
969 * It MUST NULL to have the spoolss working.
971 fstrcpy(ack_pipe_name,"");
972 reply_pkt_type = RPC_ALTCONTRESP;
978 DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
981 * Marshall directly into the outgoing PDU space. We
982 * must do this as we need to set to the bind response
983 * header and are never sending more than one PDU here.
986 prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
987 prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
990 * Setup the memory to marshall the ba header, and the
994 if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) {
995 DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n"));
996 prs_mem_free(&outgoing_rpc);
1000 if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) {
1001 DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n"));
1002 prs_mem_free(&outgoing_rpc);
1003 prs_mem_free(&out_hdr_ba);
1007 if (p->ntlmssp_auth_requested)
1010 assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0;
1013 * Create the bind response struct.
1016 /* If the requested abstract synt uuid doesn't match our client pipe,
1017 reject the bind_ack & set the transfer interface synt to all 0's,
1018 ver 0 (observed when NT5 attempts to bind to abstract interfaces
1020 Needed when adding entries to a DACL from NT5 - SK */
1022 if(check_bind_req(p->name, &hdr_rb.abstract, &hdr_rb.transfer)) {
1023 init_rpc_hdr_ba(&hdr_ba,
1031 RPC_IFACE null_interface;
1032 ZERO_STRUCT(null_interface);
1033 /* Rejection reason: abstract syntax not supported */
1034 init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN,
1035 MAX_PDU_FRAG_LEN, assoc_gid,
1036 ack_pipe_name, 0x1, 0x2, 0x1,
1044 if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) {
1045 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n"));
1050 * Now the authentication.
1053 if (p->ntlmssp_auth_requested) {
1054 RPC_AUTH_VERIFIER auth_verifier;
1055 RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal;
1057 generate_random_buffer(p->challenge, 8, False);
1059 /*** Authentication info ***/
1061 init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
1062 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1063 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1067 /*** NTLMSSP verifier ***/
1069 init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE);
1070 if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) {
1071 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1075 /* NTLMSSP challenge ***/
1077 init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge);
1078 if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) {
1079 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n"));
1083 /* Auth len in the rpc header doesn't include auth_header. */
1084 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1087 if (p->netsec_auth_validated) {
1088 RPC_AUTH_VERIFIER auth_verifier;
1091 init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
1092 if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
1093 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
1097 /*** NETSEC verifier ***/
1099 init_rpc_auth_verifier(&auth_verifier, "\001", 0x0);
1100 if(!smb_io_rpc_netsec_verifier("", &auth_verifier, &out_auth, 0)) {
1101 DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n"));
1105 prs_align(&out_auth);
1108 if(!prs_uint32("flags ", &out_auth, 0, &flags))
1111 auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
1115 * Create the header, now we know the length.
1118 init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
1120 RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
1124 * Marshall the header into the outgoing PDU.
1127 if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) {
1128 DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n"));
1133 * Now add the RPC_HDR_BA and any auth needed.
1136 if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) {
1137 DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n"));
1141 if((p->ntlmssp_auth_requested|p->netsec_auth_validated) &&
1142 !prs_append_prs_data( &outgoing_rpc, &out_auth)) {
1143 DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n"));
1147 if(!p->ntlmssp_auth_requested)
1148 p->pipe_bound = True;
1151 * Setup the lengths for the initial reply.
1154 p->out_data.data_sent_length = 0;
1155 p->out_data.current_pdu_len = prs_offset(&outgoing_rpc);
1156 p->out_data.current_pdu_sent = 0;
1158 prs_mem_free(&out_hdr_ba);
1159 prs_mem_free(&out_auth);
1165 prs_mem_free(&outgoing_rpc);
1166 prs_mem_free(&out_hdr_ba);
1167 prs_mem_free(&out_auth);
1171 /****************************************************************************
1172 Deal with sign & seal processing on an RPC request.
1173 ****************************************************************************/
1175 BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
1178 * We always negotiate the following two bits....
1180 BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0);
1181 BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0);
1187 auth_len = p->hdr.auth_len;
1189 if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) {
1190 DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len ));
1195 * The following is that length of the data we must verify or unseal.
1196 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1197 * preceeding the auth_data.
1200 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1201 (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
1203 DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
1204 BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
1208 * The data in rpc_in doesn't contain the RPC_HEADER as this
1209 * has already been consumed.
1211 char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
1212 NTLMSSPcalc_p(p, (uchar*)data, data_len);
1213 crc32 = crc32_calc_buffer(data, data_len);
1216 old_offset = prs_offset(rpc_in);
1218 if (auth_seal || auth_verify) {
1219 RPC_HDR_AUTH auth_info;
1221 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1222 DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n",
1223 (unsigned int)old_offset + data_len ));
1227 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1228 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n"));
1234 RPC_AUTH_NTLMSSP_CHK ntlmssp_chk;
1235 char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4;
1237 DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4));
1240 * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the
1243 if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) {
1244 DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n",
1245 RPC_AUTH_NTLMSSP_CHK_LEN - 4 ));
1249 NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4);
1250 if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) {
1251 DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n"));
1255 if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) {
1256 DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n"));
1262 * Return the current pointer to the data offset.
1265 if(!prs_set_offset(rpc_in, old_offset)) {
1266 DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n",
1267 (unsigned int)old_offset ));
1274 /****************************************************************************
1275 Deal with schannel processing on an RPC request.
1276 ****************************************************************************/
1277 BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
1280 * We always negotiate the following two bits....
1285 RPC_HDR_AUTH auth_info;
1286 RPC_AUTH_NETSEC_CHK netsec_chk;
1289 auth_len = p->hdr.auth_len;
1291 if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
1292 DEBUG(0,("Incorrect auth_len %d.\n", auth_len ));
1297 * The following is that length of the data we must verify or unseal.
1298 * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN
1299 * preceeding the auth_data.
1302 data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
1303 RPC_HDR_AUTH_LEN - auth_len;
1305 DEBUG(5,("data %d auth %d\n", data_len, auth_len));
1307 old_offset = prs_offset(rpc_in);
1309 if(!prs_set_offset(rpc_in, old_offset + data_len)) {
1310 DEBUG(0,("cannot move offset to %u.\n",
1311 (unsigned int)old_offset + data_len ));
1315 if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) {
1316 DEBUG(0,("failed to unmarshall RPC_HDR_AUTH.\n"));
1320 if ((auth_info.auth_type != NETSEC_AUTH_TYPE) ||
1321 (auth_info.auth_level != NETSEC_AUTH_LEVEL)) {
1322 DEBUG(0,("Invalid auth info %d or level %d on schannel\n",
1323 auth_info.auth_type, auth_info.auth_level));
1327 if(!smb_io_rpc_auth_netsec_chk("", &netsec_chk, rpc_in, 0)) {
1328 DEBUG(0,("failed to unmarshal RPC_AUTH_NETSEC_CHK.\n"));
1332 if (!netsec_decode(&p->netsec_auth, &netsec_chk,
1333 prs_data_p(rpc_in)+old_offset, data_len)) {
1334 DEBUG(0,("failed to decode PDU\n"));
1339 * Return the current pointer to the data offset.
1342 if(!prs_set_offset(rpc_in, old_offset)) {
1343 DEBUG(0,("failed to set offset back to %u\n",
1344 (unsigned int)old_offset ));
1348 /* The sequence number gets incremented on both send and receive. */
1349 p->netsec_auth.seq_num++;
1354 /****************************************************************************
1355 Return a user struct for a pipe user.
1356 ****************************************************************************/
1358 struct current_user *get_current_user(struct current_user *user, pipes_struct *p)
1360 if (p->ntlmssp_auth_validated) {
1361 memcpy(user, &p->pipe_user, sizeof(struct current_user));
1363 extern struct current_user current_user;
1364 memcpy(user, ¤t_user, sizeof(struct current_user));
1370 /****************************************************************************
1371 Find the correct RPC function to call for this request.
1372 If the pipe is authenticated then become the correct UNIX user
1373 before doing the call.
1374 ****************************************************************************/
1376 BOOL api_pipe_request(pipes_struct *p)
1381 if (p->ntlmssp_auth_validated) {
1383 if(!become_authenticated_pipe_user(p)) {
1384 prs_mem_free(&p->out_data.rdata);
1389 DEBUG(5, ("Requested \\PIPE\\%s\n", p->name));
1391 for (i = 0; i < rpc_lookup_size; i++) {
1392 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
1393 DEBUG(3,("Doing \\PIPE\\%s\n",
1394 rpc_lookup[i].pipe.clnt));
1395 set_current_rpc_talloc(p->mem_ctx);
1396 ret = api_rpcTNP(p, rpc_lookup[i].pipe.clnt,
1398 rpc_lookup[i].n_cmds);
1399 set_current_rpc_talloc(NULL);
1405 if (i == rpc_lookup_size) {
1406 smb_probe_module("rpc", p->name);
1408 for (i = 0; i < rpc_lookup_size; i++) {
1409 if (strequal(rpc_lookup[i].pipe.clnt, p->name)) {
1410 DEBUG(3,("Doing \\PIPE\\%s\n",
1411 rpc_lookup[i].pipe.clnt));
1412 set_current_rpc_talloc(p->mem_ctx);
1413 ret = api_rpcTNP(p, rpc_lookup[i].pipe.clnt,
1415 rpc_lookup[i].n_cmds);
1416 set_current_rpc_talloc(NULL);
1422 if(p->ntlmssp_auth_validated)
1423 unbecome_authenticated_pipe_user();
1428 /*******************************************************************
1429 Calls the underlying RPC function for a named pipe.
1430 ********************************************************************/
1432 BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name,
1433 const struct api_struct *api_rpc_cmds, int n_cmds)
1437 uint32 offset1, offset2;
1439 /* interpret the command */
1440 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
1442 slprintf(name, sizeof(name)-1, "in_%s", rpc_name);
1443 prs_dump(name, p->hdr_req.opnum, &p->in_data.data);
1445 for (fn_num = 0; fn_num < n_cmds; fn_num++) {
1446 if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) {
1447 DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name));
1452 if (fn_num == n_cmds) {
1454 * For an unknown RPC just return a fault PDU but
1455 * return True to allow RPC's on the pipe to continue
1456 * and not put the pipe into fault state. JRA.
1458 DEBUG(4, ("unknown\n"));
1459 setup_fault_pdu(p, NT_STATUS(0x1c010002));
1463 offset1 = prs_offset(&p->out_data.rdata);
1465 DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n",
1466 fn_num, api_rpc_cmds[fn_num].fn));
1467 /* do the actual command */
1468 if(!api_rpc_cmds[fn_num].fn(p)) {
1469 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name));
1470 prs_mem_free(&p->out_data.rdata);
1474 if (p->bad_handle_fault_state) {
1475 DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
1476 p->bad_handle_fault_state = False;
1477 setup_fault_pdu(p, NT_STATUS(0x1C00001A));
1481 slprintf(name, sizeof(name)-1, "out_%s", rpc_name);
1482 offset2 = prs_offset(&p->out_data.rdata);
1483 prs_set_offset(&p->out_data.rdata, offset1);
1484 prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata);
1485 prs_set_offset(&p->out_data.rdata, offset2);
1487 DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name));
1489 /* Check for buffer underflow in rpc parsing */
1491 if ((DEBUGLEVEL >= 10) &&
1492 (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1493 size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1496 data = malloc(data_len);
1498 DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1500 prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);