delineation between smb and msrpc more marked. smbd now constructs

pdus, and then feeds them over either a "local" function call or a "remote"
function call to an msrpc service.  the "remote" msrpc daemon, on the
other side of a unix socket, then calls the same "local" function that
smbd would, if the msrpc service were being run from inside smbd.

this allows a transition from local msrpc services (inside the same smbd
process) to remote (over a unix socket).

removed reference to pipes_struct in msrpc services.  all msrpc processing
functions take rpcsrv_struct which is a structure containing state info
for the msrpc functions to decode and create pdus.

created become_vuser() which does everything not related to connection_struct
that become_user() does.

removed, as best i could, connection_struct dependencies from the nt spoolss
printing code.

todo: remove dcinfo from rpcsrv_struct because this stores NETLOGON-specific
info on a per-connection basis, and if the connection dies then so does
the info, and that's a fairly serious problem.

had to put pretty much everything that is in user_struct into parse_creds.c
to feed unix user info over to the msrpc daemons.  why?  because it's
expensive to do unix password/group database lookups, and it's definitely
expensive to do nt user profile lookups, not to mention pretty difficult
and if you did either of these it would introduce a complication /
unnecessary interdependency.  so, send uid/gid/num_groups/gid_t* +
SID+num_rids+domain_group_rids* + unix username + nt username + nt domain
+ user session key etc.  this is the MINIMUM info identified so far that's
actually implemented.  missing bits include the called and calling
netbios names etc.  (basically, anything that can be loaded into
standard_sub() and standard_sub_basic()...)
(This used to be commit aa3c659a8dba0437c17c60055a6ed30fdfecdb6d)

1 files changed, 422 insertions, 281 deletions

diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index ca87cafcf7..73a06b208c 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -43,7 +43,7 @@
 
 extern int DEBUGLEVEL;
 
-static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
+static void NTLMSSPcalc_p( rpcsrv_struct *p, unsigned char *data, int len)
 {
     unsigned char *hash = p->ntlmssp_hash;
     unsigned char index_i = hash[256];
@@ -71,27 +71,40 @@ static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len)
 }
 
 /*******************************************************************
+ frees all temporary data used in construction of pdu
+ ********************************************************************/
+void rpcsrv_free_temp(rpcsrv_struct *l)
+{
+	mem_free_data(l->rhdr .data);
+	mem_free_data(l->rfault .data);
+	mem_free_data(l->rdata_i.data);		
+	mem_free_data(l->rauth  .data);
+	mem_free_data(l->rverf  .data);
+	mem_free_data(l->rntlm  .data);		
+}
+
+/*******************************************************************
  turns a DCE/RPC request into a DCE/RPC reply
 
  this is where the data really should be split up into an array of
  headers and data sections.
 
  ********************************************************************/
-BOOL create_rpc_reply(pipes_struct *p,
-				uint32 data_start, uint32 data_end)
+BOOL create_rpc_reply(rpcsrv_struct *l, uint32 data_start)
 {
 	char *data;
-	BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
-	BOOL auth_seal   = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
+	BOOL auth_verify = IS_BITS_SET_ALL(l->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
+	BOOL auth_seal   = IS_BITS_SET_ALL(l->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
 	uint32 data_len;
 	uint32 auth_len;
+	uint32 data_end = l->rdata.offset + (l->ntlmssp_auth ? (8 + 16) : 0);
 
 	DEBUG(5,("create_rpc_reply: data_start: %d data_end: %d max_tsize: %d\n",
-	          data_start, data_end, p->hdr_ba.bba.max_tsize));
+	          data_start, data_end, l->hdr_ba.bba.max_tsize));
 
-	auth_len = p->hdr.auth_len;
+	auth_len = l->hdr.auth_len;
 
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
 		DEBUG(10,("create_rpc_reply: auth\n"));
 		if (auth_len != 16)
@@ -100,63 +113,63 @@ BOOL create_rpc_reply(pipes_struct *p,
 		}
 	}
 
-	prs_init(&p->rhdr , 0x18, 4, 0, False);
-	prs_init(&p->rauth, 1024, 4, 0, False);
-	prs_init(&p->rverf, 0x10, 4, 0, False);
+	prs_init(&l->rhdr , 0x18, 4, 0, False);
+	prs_init(&l->rauth, 1024, 4, 0, False);
+	prs_init(&l->rverf, 0x10, 4, 0, False);
 
-	p->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
+	l->hdr.pkt_type = RPC_RESPONSE; /* mark header as an rpc response */
 
 	/* set up rpc header (fragmentation issues) */
 	if (data_start == 0)
 	{
-		p->hdr.flags = RPC_FLG_FIRST;
+		l->hdr.flags = RPC_FLG_FIRST;
 	}
 	else
 	{
-		p->hdr.flags = 0;
+		l->hdr.flags = 0;
 	}
 
-	p->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
+	l->hdr_resp.alloc_hint = data_end - data_start; /* calculate remaining data to be sent */
 
-	if (p->hdr_resp.alloc_hint + 0x18 <= p->hdr_ba.bba.max_tsize)
+	if (l->hdr_resp.alloc_hint + 0x18 <= l->hdr_ba.bba.max_tsize)
 	{
-		p->hdr.flags |= RPC_FLG_LAST;
-		p->hdr.frag_len = p->hdr_resp.alloc_hint + 0x18;
+		l->hdr.flags |= RPC_FLG_LAST;
+		l->hdr.frag_len = l->hdr_resp.alloc_hint + 0x18;
 	}
 	else
 	{
-		p->hdr.frag_len = p->hdr_ba.bba.max_tsize;
+		l->hdr.frag_len = l->hdr_ba.bba.max_tsize;
 	}
 
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
-		p->hdr_resp.alloc_hint -= auth_len + 8;
+		l->hdr_resp.alloc_hint -= auth_len + 8;
 	}
 
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
-		data_len = p->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
+		data_len = l->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
 	}
 	else
 	{
-		data_len = p->hdr.frag_len - 0x18;
+		data_len = l->hdr.frag_len - 0x18;
 	}
 
-	p->rhdr.data->offset.start = 0;
-	p->rhdr.data->offset.end   = 0x18;
+	l->rhdr.data->offset.start = 0;
+	l->rhdr.data->offset.end   = 0x18;
 
 	/* store the header in the data stream */
-	smb_io_rpc_hdr     ("hdr" , &(p->hdr     ), &(p->rhdr), 0);
-	smb_io_rpc_hdr_resp("resp", &(p->hdr_resp), &(p->rhdr), 0);
+	smb_io_rpc_hdr     ("hdr" , &(l->hdr     ), &(l->rhdr), 0);
+	smb_io_rpc_hdr_resp("resp", &(l->hdr_resp), &(l->rhdr), 0);
 
 	/* don't use rdata: use rdata_i instead, which moves... */
 	/* make a pointer to the rdata data, NOT A COPY */
 
-	p->rdata_i.data = NULL;
-	prs_init(&p->rdata_i, 0, p->rdata.align, p->rdata.data->margin, p->rdata.io);
-	data = mem_data(&(p->rdata.data), data_start);
-	mem_create(p->rdata_i.data, data, 0, data_len, 0, False); 
-	p->rdata_i.offset = data_len;
+	l->rdata_i.data = NULL;
+	prs_init(&l->rdata_i, 0, l->rdata.align, l->rdata.data->margin, l->rdata.io);
+	data = mem_data(&(l->rdata.data), data_start);
+	mem_create(l->rdata_i.data, data, 0, data_len, 0, False); 
+	l->rdata_i.offset = data_len;
 
 	if (auth_len > 0)
 	{
@@ -168,44 +181,44 @@ BOOL create_rpc_reply(pipes_struct *p,
 		if (auth_seal)
 		{
 			crc32 = crc32_calc_buffer(data_len, data);
-			NTLMSSPcalc_p(p, (uchar*)data, data_len);
+			NTLMSSPcalc_p(l, (uchar*)data, data_len);
 		}
 
 		if (auth_seal || auth_verify)
 		{
-			make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
-			smb_io_rpc_hdr_auth("hdr_auth", &p->auth_info, &p->rauth, 0);
+			make_rpc_hdr_auth(&l->auth_info, 0x0a, 0x06, 0x08, (auth_verify ? 1 : 0));
+			smb_io_rpc_hdr_auth("hdr_auth", &l->auth_info, &l->rauth, 0);
 		}
 
 		if (auth_verify)
 		{
 			char *auth_data;
-			p->ntlmssp_seq_num++;
-			make_rpc_auth_ntlmssp_chk(&p->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, p->ntlmssp_seq_num++);
-			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), &p->rverf, 0);
-			auth_data = mem_data(&p->rverf.data, 4);
-			NTLMSSPcalc_p(p, (uchar*)auth_data, 12);
+			l->ntlmssp_seq_num++;
+			make_rpc_auth_ntlmssp_chk(&l->ntlmssp_chk, NTLMSSP_SIGN_VERSION, crc32, l->ntlmssp_seq_num++);
+			smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(l->ntlmssp_chk), &l->rverf, 0);
+			auth_data = mem_data(&l->rverf.data, 4);
+			NTLMSSPcalc_p(l, (uchar*)auth_data, 12);
 		}
 	}
 
 	/* set up the data chain */
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
-		prs_link(NULL       , &p->rhdr   , &p->rdata_i);
-		prs_link(&p->rhdr   , &p->rdata_i, &p->rauth  );
-		prs_link(&p->rdata_i, &p->rauth  , &p->rverf  );
-		prs_link(&p->rauth  , &p->rverf  , NULL       );
+		prs_link(NULL       , &l->rhdr   , &l->rdata_i);
+		prs_link(&l->rhdr   , &l->rdata_i, &l->rauth  );
+		prs_link(&l->rdata_i, &l->rauth  , &l->rverf  );
+		prs_link(&l->rauth  , &l->rverf  , NULL       );
 	}
 	else
 	{
-		prs_link(NULL    , &p->rhdr   , &p->rdata_i);
-		prs_link(&p->rhdr, &p->rdata_i, NULL       );
+		prs_link(NULL    , &l->rhdr   , &l->rdata_i);
+		prs_link(&l->rhdr, &l->rdata_i, NULL       );
 	}
 
-	return p->rhdr.data != NULL && p->rhdr.offset == 0x18;
+	return l->rhdr.data != NULL && l->rhdr.offset == 0x18;
 }
 
-static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
+static BOOL api_pipe_ntlmssp_verify(rpcsrv_struct *l)
 {
 	uchar *pwd = NULL;
 	uchar null_pwd[16];
@@ -220,23 +233,15 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 
 	struct smb_passwd *smb_pass = NULL;
 	
-	user_struct *vuser = get_valid_user_struct(p->vuid);
-
 	memset(null_pwd, 0, sizeof(null_pwd));
 
 	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
 
-	if (vuser == NULL)
-	{
-		DEBUG(0,("get user struct %d failed\n", p->vuid));
-		return False;
-	}
-
-	lm_owf_len = p->ntlmssp_resp.hdr_lm_resp.str_str_len;
-	nt_owf_len = p->ntlmssp_resp.hdr_nt_resp.str_str_len;
-	usr_len    = p->ntlmssp_resp.hdr_usr    .str_str_len;
-	dom_len    = p->ntlmssp_resp.hdr_domain .str_str_len;
-	wks_len    = p->ntlmssp_resp.hdr_wks    .str_str_len;
+	lm_owf_len = l->ntlmssp_resp.hdr_lm_resp.str_str_len;
+	nt_owf_len = l->ntlmssp_resp.hdr_nt_resp.str_str_len;
+	usr_len    = l->ntlmssp_resp.hdr_usr    .str_str_len;
+	dom_len    = l->ntlmssp_resp.hdr_domain .str_str_len;
+	wks_len    = l->ntlmssp_resp.hdr_wks    .str_str_len;
 
 	if (lm_owf_len == 0 && nt_owf_len == 0 &&
 	    usr_len == 0 && dom_len == 0 && wks_len == 0)
@@ -247,65 +252,65 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 	{
 		if (lm_owf_len == 0) return False;
 		if (nt_owf_len == 0) return False;
-		if (p->ntlmssp_resp.hdr_usr    .str_str_len == 0) return False;
-		if (p->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
-		if (p->ntlmssp_resp.hdr_wks    .str_str_len == 0) return False;
+		if (l->ntlmssp_resp.hdr_usr    .str_str_len == 0) return False;
+		if (l->ntlmssp_resp.hdr_domain .str_str_len == 0) return False;
+		if (l->ntlmssp_resp.hdr_wks    .str_str_len == 0) return False;
 	}
 
 	if (lm_owf_len > sizeof(lm_owf)) return False;
 	if (nt_owf_len > sizeof(nt_owf)) return False;
 
-	memcpy(lm_owf, p->ntlmssp_resp.lm_resp, sizeof(lm_owf));
-	memcpy(nt_owf, p->ntlmssp_resp.nt_resp, sizeof(nt_owf));
+	memcpy(lm_owf, l->ntlmssp_resp.lm_resp, sizeof(lm_owf));
+	memcpy(nt_owf, l->ntlmssp_resp.nt_resp, sizeof(nt_owf));
 
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("lm, nt owfs, chal\n"));
 	dump_data(100, lm_owf, sizeof(lm_owf));
 	dump_data(100, nt_owf, sizeof(nt_owf));
-	dump_data(100, p->ntlmssp_chal.challenge, 8);
+	dump_data(100, l->ntlmssp_chal.challenge, 8);
 #endif
 
-	memset(p->user_name, 0, sizeof(p->user_name));
-	memset(p->domain   , 0, sizeof(p->domain   ));
-	memset(p->wks      , 0, sizeof(p->wks      ));
+	memset(l->user_name, 0, sizeof(l->user_name));
+	memset(l->domain   , 0, sizeof(l->domain   ));
+	memset(l->wks      , 0, sizeof(l->wks      ));
 
-	if (IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
+	if (IS_BITS_SET_ALL(l->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_UNICODE))
 	{
-		unibuf_to_ascii(p->user_name, p->ntlmssp_resp.user,
-				MIN(p->ntlmssp_resp.hdr_usr   .str_str_len/2,
-				    sizeof(p->user_name)-1));
-		unibuf_to_ascii(p->domain   , p->ntlmssp_resp.domain,
-				MIN(p->ntlmssp_resp.hdr_domain.str_str_len/2,
-				    sizeof(p->domain   )-1));
-		unibuf_to_ascii(p->wks      , p->ntlmssp_resp.wks,
-				MIN(p->ntlmssp_resp.hdr_wks   .str_str_len/2,
-				    sizeof(p->wks      )-1));
+		unibuf_to_ascii(l->user_name, l->ntlmssp_resp.user,
+				MIN(l->ntlmssp_resp.hdr_usr   .str_str_len/2,
+				    sizeof(l->user_name)-1));
+		unibuf_to_ascii(l->domain   , l->ntlmssp_resp.domain,
+				MIN(l->ntlmssp_resp.hdr_domain.str_str_len/2,
+				    sizeof(l->domain   )-1));
+		unibuf_to_ascii(l->wks      , l->ntlmssp_resp.wks,
+				MIN(l->ntlmssp_resp.hdr_wks   .str_str_len/2,
+				    sizeof(l->wks      )-1));
 	}
 	else
 	{
-		fstrcpy(p->user_name, p->ntlmssp_resp.user  );
-		fstrcpy(p->domain   , p->ntlmssp_resp.domain);
-		fstrcpy(p->wks      , p->ntlmssp_resp.wks   );
+		fstrcpy(l->user_name, l->ntlmssp_resp.user  );
+		fstrcpy(l->domain   , l->ntlmssp_resp.domain);
+		fstrcpy(l->wks      , l->ntlmssp_resp.wks   );
 	}
 
 
 	if (anonymous)
 	{
 		DEBUG(5,("anonymous user session\n"));
-		mdfour(vuser->dc.user_sess_key, null_pwd, 16);
+		mdfour(l->user_sess_key, null_pwd, 16);
 		pwd = null_pwd;
-		p->ntlmssp_validated = True;
+		l->ntlmssp_validated = True;
 	}
 	else
 	{
-		DEBUG(5,("user: %s domain: %s wks: %s\n", p->user_name, p->domain, p->wks));
+		DEBUG(5,("user: %s domain: %s wks: %s\n", l->user_name, l->domain, l->wks));
 		become_root(True);
-		smb_pass = getsmbpwnam(p->user_name);
-		p->ntlmssp_validated = pass_check_smb(smb_pass, p->domain,
-				      (uchar*)p->ntlmssp_chal.challenge,
+		smb_pass = getsmbpwnam(l->user_name);
+		l->ntlmssp_validated = pass_check_smb(smb_pass, l->domain,
+				      (uchar*)l->ntlmssp_chal.challenge,
 				      lm_owf, lm_owf_len,
 				      nt_owf, nt_owf_len,
-				      NULL, vuser->dc.user_sess_key);
+				      NULL, l->user_sess_key);
 		unbecome_root(True);
 
 		if (smb_pass != NULL)
@@ -314,7 +319,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 		}
 	}
 
-	if (p->ntlmssp_validated && pwd != NULL)
+	if (l->ntlmssp_validated && pwd != NULL)
 	{
 		uchar p24[24];
 		NTLMSSPOWFencrypt(pwd, lm_owf, p24);
@@ -331,47 +336,47 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p)
 
 			for (ind = 0; ind < 256; ind++)
 			{
-				p->ntlmssp_hash[ind] = (unsigned char)ind;
+				l->ntlmssp_hash[ind] = (unsigned char)ind;
 			}
 
 			for( ind = 0; ind < 256; ind++)
 			{
 				unsigned char tc;
 
-				j += (p->ntlmssp_hash[ind] + k2[ind%8]);
+				j += (l->ntlmssp_hash[ind] + k2[ind%8]);
 
-				tc = p->ntlmssp_hash[ind];
-				p->ntlmssp_hash[ind] = p->ntlmssp_hash[j];
-				p->ntlmssp_hash[j] = tc;
+				tc = l->ntlmssp_hash[ind];
+				l->ntlmssp_hash[ind] = l->ntlmssp_hash[j];
+				l->ntlmssp_hash[j] = tc;
 			}
 
-			p->ntlmssp_hash[256] = 0;
-			p->ntlmssp_hash[257] = 0;
+			l->ntlmssp_hash[256] = 0;
+			l->ntlmssp_hash[257] = 0;
 		}
-		p->ntlmssp_seq_num = 0;
+		l->ntlmssp_seq_num = 0;
 	}
 	else
 	{
-		p->ntlmssp_validated = False;
+		l->ntlmssp_validated = False;
 	}
 
-	return p->ntlmssp_validated;
+	return l->ntlmssp_validated;
 }
 
-static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
+static BOOL api_pipe_ntlmssp(rpcsrv_struct *l, prs_struct *pd)
 {
 	/* receive a negotiate; send a challenge; receive a response */
-	switch (p->auth_verifier.msg_type)
+	switch (l->auth_verifier.msg_type)
 	{
 		case NTLMSSP_NEGOTIATE:
 		{
-			smb_io_rpc_auth_ntlmssp_neg("", &p->ntlmssp_neg, pd, 0);
+			smb_io_rpc_auth_ntlmssp_neg("", &l->ntlmssp_neg, pd, 0);
 			break;
 		}
 		case NTLMSSP_AUTH:
 		{
-			smb_io_rpc_auth_ntlmssp_resp("", &p->ntlmssp_resp, pd, 0);
-			if (!api_pipe_ntlmssp_verify(p))
+			smb_io_rpc_auth_ntlmssp_resp("", &l->ntlmssp_resp, pd, 0);
+			if (!api_pipe_ntlmssp_verify(l))
 			{
 				pd->offset = 0;
 			}
@@ -381,7 +386,7 @@ static BOOL api_pipe_ntlmssp(pipes_struct *p, prs_struct *pd)
 		{
 			/* NTLMSSP expected: unexpected message type */
 			DEBUG(3,("unexpected message type in NTLMSSP %d\n",
-			          p->auth_verifier.msg_type));
+			          l->auth_verifier.msg_type));
 			return False;
 		}
 	}
@@ -393,7 +398,7 @@ struct api_cmd
 {
   char * pipe_clnt_name;
   char * pipe_srv_name;
-  BOOL (*fn) (pipes_struct *, prs_struct *);
+  BOOL (*fn) (rpcsrv_struct *, prs_struct *);
 };
 
 static struct api_cmd **api_fd_commands = NULL;
@@ -480,7 +485,7 @@ void close_msrpc_command_processor(void)
 
 void add_msrpc_command_processor(char* pipe_name,
 				char* process_name,
-				BOOL (*fn) (pipes_struct *, prs_struct *))
+				BOOL (*fn) (rpcsrv_struct *, prs_struct *))
 {
 	struct api_cmd cmd;
 	cmd.pipe_clnt_name = pipe_name;
@@ -490,269 +495,281 @@ void add_msrpc_command_processor(char* pipe_name,
 	add_api_cmd_to_array(&num_cmds, &api_fd_commands, &cmd);
 }
 
-static BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *pd)
+static BOOL api_pipe_bind_auth_resp(rpcsrv_struct *l, prs_struct *pd)
 {
 	DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__));
 
-	if (p->hdr.auth_len == 0) return False;
+	if (l->hdr.auth_len == 0) return False;
 
 	/* decode the authentication verifier response */
-	smb_io_rpc_hdr_autha("", &p->autha_info, pd, 0);
+	smb_io_rpc_hdr_autha("", &l->autha_info, pd, 0);
 	if (pd->offset == 0) return False;
 
-	if (!rpc_hdr_auth_chk(&(p->auth_info))) return False;
+	if (!rpc_hdr_auth_chk(&(l->auth_info))) return False;
 
-	smb_io_rpc_auth_ntlmssp_verifier("", &p->auth_verifier, pd, 0);
+	smb_io_rpc_auth_ntlmssp_verifier("", &l->auth_verifier, pd, 0);
 	if (pd->offset == 0) return False;
 
-	if (!rpc_auth_ntlmssp_verifier_chk(&(p->auth_verifier), "NTLMSSP", NTLMSSP_AUTH)) return False;
+	if (!rpc_auth_ntlmssp_verifier_chk(&(l->auth_verifier), "NTLMSSP", NTLMSSP_AUTH)) return False;
 	
-	return api_pipe_ntlmssp(p, pd);
+	return api_pipe_ntlmssp(l, pd);
 }
 
-static BOOL api_pipe_fault_resp(pipes_struct *p, prs_struct *pd, uint32 status)
+static BOOL api_pipe_fault_resp(rpcsrv_struct *l, prs_struct *pd, uint32 status)
 {
 	DEBUG(5,("api_pipe_fault_resp: make response\n"));
 
-	prs_init(&(p->rhdr     ), 0x18, 4, 0, False);
-	prs_init(&(p->rfault   ), 0x8 , 4, 0, False);
+	prs_init(&(l->rhdr     ), 0x18, 4, 0, False);
+	prs_init(&(l->rfault   ), 0x8 , 4, 0, False);
 
 	/***/
 	/*** set up the header, response header and fault status ***/
 	/***/
 
-	p->hdr_fault.status   = status;
-	p->hdr_fault.reserved = 0x0;
+	l->hdr_fault.status   = status;
+	l->hdr_fault.reserved = 0x0;
 
-	p->hdr_resp.alloc_hint   = 0x0;
-	p->hdr_resp.cancel_count = 0x0;
-	p->hdr_resp.reserved     = 0x0;
+	l->hdr_resp.alloc_hint   = 0x0;
+	l->hdr_resp.cancel_count = 0x0;
+	l->hdr_resp.reserved     = 0x0;
 
-	make_rpc_hdr(&p->hdr, RPC_FAULT, RPC_FLG_NOCALL | RPC_FLG_FIRST | RPC_FLG_LAST,
-	             p->hdr.call_id,
+	make_rpc_hdr(&l->hdr, RPC_FAULT, RPC_FLG_NOCALL | RPC_FLG_FIRST | RPC_FLG_LAST,
+	             l->hdr.call_id,
 	             0x20,
 	             0);
 
-	smb_io_rpc_hdr      ("hdr"  , &(p->hdr      ), &(p->rhdr), 0);
-	smb_io_rpc_hdr_resp ("resp" , &(p->hdr_resp ), &(p->rhdr), 0);
-	smb_io_rpc_hdr_fault("fault", &(p->hdr_fault), &(p->rfault), 0);
-	mem_realloc_data(p->rhdr.data, p->rhdr.offset);
-	mem_realloc_data(p->rfault.data, p->rfault.offset);
+	smb_io_rpc_hdr      ("hdr"  , &(l->hdr      ), &(l->rhdr), 0);
+	smb_io_rpc_hdr_resp ("resp" , &(l->hdr_resp ), &(l->rhdr), 0);
+	smb_io_rpc_hdr_fault("fault", &(l->hdr_fault), &(l->rfault), 0);
+	mem_realloc_data(l->rhdr.data, l->rhdr.offset);
+	mem_realloc_data(l->rfault.data, l->rfault.offset);
 
 	/***/
 	/*** link rpc header and fault together ***/
 	/***/
 
-	prs_link(NULL    , &p->rhdr  , &p->rfault);
-	prs_link(&p->rhdr, &p->rfault, NULL      );
+	prs_link(NULL    , &l->rhdr  , &l->rfault);
+	prs_link(&l->rhdr, &l->rfault, NULL      );
 
 	return True;
 }
 
-static BOOL api_pipe_bind_and_alt_req(pipes_struct *p, prs_struct *pd, enum RPC_PKT_TYPE pkt_type)
+static BOOL srv_pipe_bind_and_alt_req(rpcsrv_struct *l, prs_struct *pd, 
+				const char* ack_pipe_name,
+				enum RPC_PKT_TYPE pkt_type)
 {
 	uint16 assoc_gid;
-	fstring ack_pipe_name;
-	int i = 0;
-
-	p->ntlmssp_auth = False;
-
-	DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
-
-	for (i = 0; i < num_cmds; i++)
-	{
-		if (strequal(api_fd_commands[i]->pipe_clnt_name, p->name) &&
-		    api_fd_commands[i]->fn != NULL)
-		{
-			DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
-			           api_fd_commands[i]->pipe_clnt_name,
-			           api_fd_commands[i]->pipe_srv_name));
-			fstrcpy(p->pipe_srv_name, api_fd_commands[i]->pipe_srv_name);
-			break;
-		}
-	}
 
-	if (api_fd_commands[i]->fn == NULL) return False;
+	l->ntlmssp_auth = False;
 
 	/* decode the bind request */
-	smb_io_rpc_hdr_rb("", &p->hdr_rb, pd, 0);
+	smb_io_rpc_hdr_rb("", &l->hdr_rb, pd, 0);
 
 	if (pd->offset == 0) return False;
 
-	if (p->hdr.auth_len != 0)
+	if (l->hdr.auth_len != 0)
 	{
 		/* decode the authentication verifier */
-		smb_io_rpc_hdr_auth    ("", &p->auth_info    , pd, 0);
+		smb_io_rpc_hdr_auth    ("", &l->auth_info    , pd, 0);
 		if (pd->offset == 0) return False;
 
-		p->ntlmssp_auth = p->auth_info.auth_type = 0x0a;
+		l->ntlmssp_auth = l->auth_info.auth_type = 0x0a;
 
-		if (p->ntlmssp_auth)
+		if (l->ntlmssp_auth)
 		{
-			smb_io_rpc_auth_ntlmssp_verifier("", &p->auth_verifier, pd, 0);
+			smb_io_rpc_auth_ntlmssp_verifier("", &l->auth_verifier, pd, 0);
 			if (pd->offset == 0) return False;
 
-			p->ntlmssp_auth = strequal(p->auth_verifier.signature, "NTLMSSP");
+			l->ntlmssp_auth = strequal(l->auth_verifier.signature, "NTLMSSP");
 		}
 
-		if (p->ntlmssp_auth)
+		if (l->ntlmssp_auth)
 		{
-			if (!api_pipe_ntlmssp(p, pd)) return False;
-		}
-	}
-
-	switch (pkt_type)
-	{
-		case RPC_BINDACK:
-		{
-			/* name has to be \PIPE\xxxxx */
-			fstrcpy(ack_pipe_name, "\\PIPE\\");
-			fstrcat(ack_pipe_name, p->pipe_srv_name);
-			break;
-		}
-		case RPC_ALTCONTRESP:
-		{
-			/* secondary address CAN be NULL
-			 * as the specs says it's ignored.
-			 * It MUST NULL to have the spoolss working.
-			 */
-			fstrcpy(ack_pipe_name, "");
-			break;
-		}
-		default:
-		{
-			return False;
+			if (!api_pipe_ntlmssp(l, pd)) return False;
 		}
 	}
 
 	DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__));
 
-	prs_init(&(p->rdata), 1024, 4, 0, False);
-	prs_init(&(p->rhdr ), 0x18, 4, 0, False);
-	prs_init(&(p->rauth), 1024, 4, 0, False);
-	prs_init(&(p->rverf), 0x08, 4, 0, False);
-	prs_init(&(p->rntlm), 1024, 4, 0, False);
+	prs_init(&(l->rdata), 1024, 4, 0, False);
+	prs_init(&(l->rhdr ), 0x18, 4, 0, False);
+	prs_init(&(l->rauth), 1024, 4, 0, False);
+	prs_init(&(l->rverf), 0x08, 4, 0, False);
+	prs_init(&(l->rntlm), 1024, 4, 0, False);
 
 	/***/
 	/*** do the bind ack first ***/
 	/***/
 
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
 		assoc_gid = 0x7a77;
 	}
 	else
 	{
-		assoc_gid = p->hdr_rb.bba.assoc_gid;
+		assoc_gid = l->hdr_rb.bba.assoc_gid;
 	}
 
-	make_rpc_hdr_ba(&p->hdr_ba,
-	                p->hdr_rb.bba.max_tsize,
-	                p->hdr_rb.bba.max_rsize,
+	make_rpc_hdr_ba(&l->hdr_ba,
+	                l->hdr_rb.bba.max_tsize,
+	                l->hdr_rb.bba.max_rsize,
 	                assoc_gid,
 	                ack_pipe_name,
 	                0x1, 0x0, 0x0,
-	                &(p->hdr_rb.transfer));
+	                &(l->hdr_rb.transfer));
 
-	smb_io_rpc_hdr_ba("", &p->hdr_ba, &p->rdata, 0);
-	mem_realloc_data(p->rdata.data, p->rdata.offset);
+	smb_io_rpc_hdr_ba("", &l->hdr_ba, &l->rdata, 0);
+	mem_realloc_data(l->rdata.data, l->rdata.offset);
 
 	/***/
 	/*** now the authentication ***/
 	/***/
 
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
 		uint8 challenge[8];
 		generate_random_buffer(challenge, 8, False);
 
 		/*** authentication info ***/
 
-		make_rpc_hdr_auth(&p->auth_info, 0x0a, 0x06, 0, 1);
-		smb_io_rpc_hdr_auth("", &p->auth_info, &p->rverf, 0);
-		mem_realloc_data(p->rverf.data, p->rverf.offset);
+		make_rpc_hdr_auth(&l->auth_info, 0x0a, 0x06, 0, 1);
+		smb_io_rpc_hdr_auth("", &l->auth_info, &l->rverf, 0);
+		mem_realloc_data(l->rverf.data, l->rverf.offset);
 
 		/*** NTLMSSP verifier ***/
 
-		make_rpc_auth_ntlmssp_verifier(&p->auth_verifier,
+		make_rpc_auth_ntlmssp_verifier(&l->auth_verifier,
 		                       "NTLMSSP", NTLMSSP_CHALLENGE);
-		smb_io_rpc_auth_ntlmssp_verifier("", &p->auth_verifier, &p->rauth, 0);
-		mem_realloc_data(p->rauth.data, p->rauth.offset);
+		smb_io_rpc_auth_ntlmssp_verifier("", &l->auth_verifier, &l->rauth, 0);
+		mem_realloc_data(l->rauth.data, l->rauth.offset);
 
 		/* NTLMSSP challenge ***/
 
-		make_rpc_auth_ntlmssp_chal(&p->ntlmssp_chal,
+		make_rpc_auth_ntlmssp_chal(&l->ntlmssp_chal,
 		                           0x000082b1, challenge);
-		smb_io_rpc_auth_ntlmssp_chal("", &p->ntlmssp_chal, &p->rntlm, 0);
-		mem_realloc_data(p->rntlm.data, p->rntlm.offset);
+		smb_io_rpc_auth_ntlmssp_chal("", &l->ntlmssp_chal, &l->rntlm, 0);
+		mem_realloc_data(l->rntlm.data, l->rntlm.offset);
 	}
 
 	/***/
 	/*** then do the header, now we know the length ***/
 	/***/
 
-	make_rpc_hdr(&p->hdr, pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
-	             p->hdr.call_id,
-	             p->rdata.offset + p->rverf.offset + p->rauth.offset + p->rntlm.offset + 0x10,
-	             p->rauth.offset + p->rntlm.offset);
+	make_rpc_hdr(&l->hdr, pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST,
+	             l->hdr.call_id,
+	             l->rdata.offset + l->rverf.offset + l->rauth.offset + l->rntlm.offset + 0x10,
+	             l->rauth.offset + l->rntlm.offset);
 
-	smb_io_rpc_hdr("", &p->hdr, &p->rhdr, 0);
-	mem_realloc_data(p->rhdr.data, p->rdata.offset);
+	smb_io_rpc_hdr("", &l->hdr, &l->rhdr, 0);
+	mem_realloc_data(l->rhdr.data, l->rdata.offset);
 
 	/***/
 	/*** link rpc header, bind acknowledgment and authentication responses ***/
 	/***/
 
-	if (p->ntlmssp_auth)
+	if (l->ntlmssp_auth)
 	{
-		prs_link(NULL     , &p->rhdr , &p->rdata);
-		prs_link(&p->rhdr , &p->rdata, &p->rverf);
-		prs_link(&p->rdata, &p->rverf, &p->rauth);
-		prs_link(&p->rverf, &p->rauth, &p->rntlm);
-		prs_link(&p->rauth, &p->rntlm, NULL     );
+		prs_link(NULL     , &l->rhdr , &l->rdata);
+		prs_link(&l->rhdr , &l->rdata, &l->rverf);
+		prs_link(&l->rdata, &l->rverf, &l->rauth);
+		prs_link(&l->rverf, &l->rauth, &l->rntlm);
+		prs_link(&l->rauth, &l->rntlm, NULL     );
 	}
 	else
 	{
-		prs_link(NULL    , &p->rhdr , &p->rdata);
-		prs_link(&p->rhdr, &p->rdata, NULL     );
+		prs_link(NULL    , &l->rhdr , &l->rdata);
+		prs_link(&l->rhdr, &l->rdata, NULL     );
 	}
 
 	return True;
 }
 
+static BOOL api_pipe_bind_and_alt_req(rpcsrv_struct *l, prs_struct *pd,
+				const char* name,
+				enum RPC_PKT_TYPE pkt_type)
+{
+	fstring ack_pipe_name;
+	fstring pipe_srv_name;
+	int i = 0;
+
+	DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__));
+
+	for (i = 0; i < num_cmds; i++)
+	{
+		if (strequal(api_fd_commands[i]->pipe_clnt_name, name) &&
+		    api_fd_commands[i]->fn != NULL)
+		{
+			DEBUG(3,("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",
+			           api_fd_commands[i]->pipe_clnt_name,
+			           api_fd_commands[i]->pipe_srv_name));
+			fstrcpy(pipe_srv_name, api_fd_commands[i]->pipe_srv_name);
+			break;
+		}
+	}
+
+	if (api_fd_commands[i]->fn == NULL) return False;
+
+	switch (pkt_type)
+	{
+		case RPC_BINDACK:
+		{
+			/* name has to be \PIPE\xxxxx */
+			fstrcpy(ack_pipe_name, "\\PIPE\\");
+			fstrcat(ack_pipe_name, pipe_srv_name);
+			break;
+		}
+		case RPC_ALTCONTRESP:
+		{
+			/* secondary address CAN be NULL
+			 * as the specs says it's ignored.
+			 * It MUST NULL to have the spoolss working.
+			 */
+			fstrcpy(ack_pipe_name, "");
+			break;
+		}
+		default:
+		{
+			return False;
+		}
+	}
+	return srv_pipe_bind_and_alt_req(l, pd, ack_pipe_name, pkt_type);
+}
+
 /*
  * The RPC Alter-Context call is used only by the spoolss pipe
  * simply because there is a bug (?) in the MS unmarshalling code
  * or in the marshalling code. If it's in the later, then Samba
  * have the same bug.
  */
-static BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *pd)
+static BOOL api_pipe_bind_req(rpcsrv_struct *l, prs_struct *pd,
+				const char* name)
 {
-	return api_pipe_bind_and_alt_req(p, pd, RPC_BINDACK);
+	return api_pipe_bind_and_alt_req(l, pd, name, RPC_BINDACK);
 }
 
-static BOOL api_pipe_alt_req(pipes_struct *p, prs_struct *pd)
+static BOOL api_pipe_alt_req(rpcsrv_struct *l, prs_struct *pd,
+				const char* name)
 {
-	return api_pipe_bind_and_alt_req(p, pd, RPC_ALTCONTRESP);
+	return api_pipe_bind_and_alt_req(l, pd, name, RPC_ALTCONTRESP);
 }
 
-static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
+static BOOL api_pipe_auth_process(rpcsrv_struct *l, prs_struct *pd)
 {
-	BOOL auth_verify = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
-	BOOL auth_seal   = IS_BITS_SET_ALL(p->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
+	BOOL auth_verify = IS_BITS_SET_ALL(l->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SIGN);
+	BOOL auth_seal   = IS_BITS_SET_ALL(l->ntlmssp_chal.neg_flags, NTLMSSP_NEGOTIATE_SEAL);
 	int data_len;
 	int auth_len;
 	uint32 old_offset;
 	uint32 crc32 = 0;
 
-	auth_len = p->hdr.auth_len;
+	auth_len = l->hdr.auth_len;
 
 	if (auth_len != 16 && auth_verify)
 	{
 		return False;
 	}
 
-	data_len = p->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
+	data_len = l->hdr.frag_len - auth_len - (auth_verify ? 8 : 0) - 0x18;
 	
 	DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n",
 	         BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len));
@@ -761,7 +778,7 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 	{
 		char *data = mem_data(&pd->data, pd->offset);
 		DEBUG(5,("api_pipe_auth_process: data %d\n", pd->offset));
-		NTLMSSPcalc_p(p, (uchar*)data, data_len);
+		NTLMSSPcalc_p(l, (uchar*)data, data_len);
 		crc32 = crc32_calc_buffer(data_len, data);
 	}
 
@@ -771,18 +788,18 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 	if (auth_seal || auth_verify)
 	{
 		pd->offset += data_len;
-		smb_io_rpc_hdr_auth("hdr_auth", &p->auth_info, pd, 0);
+		smb_io_rpc_hdr_auth("hdr_auth", &l->auth_info, pd, 0);
 	}
 
 	if (auth_verify)
 	{
 		char *req_data = mem_data(&pd->data, pd->offset + 4);
 		DEBUG(5,("api_pipe_auth_process: auth %d\n", pd->offset + 4));
-		NTLMSSPcalc_p(p, (uchar*)req_data, 12);
-		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(p->ntlmssp_chk), pd, 0);
+		NTLMSSPcalc_p(l, (uchar*)req_data, 12);
+		smb_io_rpc_auth_ntlmssp_chk("auth_sign", &(l->ntlmssp_chk), pd, 0);
 
-		if (!rpc_auth_ntlmssp_chk(&(p->ntlmssp_chk), crc32,
-		                          p->ntlmssp_seq_num))
+		if (!rpc_auth_ntlmssp_chk(&(l->ntlmssp_chk), crc32,
+		                          l->ntlmssp_seq_num))
 		{
 			return False;
 		}
@@ -793,13 +810,13 @@ static BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *pd)
 	return True;
 }
 
-static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
+static BOOL api_pipe_request(rpcsrv_struct *l, prs_struct *pd, const char* name)
 {
 	int i = 0;
 
-	if (p->ntlmssp_auth && p->ntlmssp_validated)
+	if (l->ntlmssp_auth && l->ntlmssp_validated)
 	{
-		if (!api_pipe_auth_process(p, pd)) return False;
+		if (!api_pipe_auth_process(l, pd)) return False;
 
 		DEBUG(0,("api_pipe_request: **** MUST CALL become_user() HERE **** \n"));
 #if 0
@@ -809,61 +826,116 @@ static BOOL api_pipe_request(pipes_struct *p, prs_struct *pd)
 
 	for (i = 0; i < num_cmds; i++)
 	{
-		if (strequal(api_fd_commands[i]->pipe_clnt_name, p->name) &&
+		if (strequal(api_fd_commands[i]->pipe_clnt_name, name) &&
 		    api_fd_commands[i]->fn != NULL)
 		{
 			DEBUG(3,("Doing \\PIPE\\%s\n", api_fd_commands[i]->pipe_clnt_name));
-			return api_fd_commands[i]->fn(p, pd);
+			return api_fd_commands[i]->fn(l, pd);
 		}
 	}
 	return False;
 }
 
-BOOL rpc_command(pipes_struct *p, prs_struct *pd)
+BOOL rpc_add_to_pdu(prs_struct *ps, const char *data, int len)
 {
-	BOOL reply = False;
-	DEBUG(10,("rpc_command\n"));
+	int prev_size;
+	int new_size;
+	char *to = NULL;
 
-	if (p->m != NULL)
+	ps->offset = 0;
+
+	if (ps->data == NULL)
 	{
-		DEBUG(10,("msrpc redirect\n"));
-		if (!msrpc_send_prs(p->m, pd))
+		DEBUG(10,("rpc_add_to_pdu: new_size: %d\n", len));
+		prs_init(ps, len, 4, 0, True);
+		prev_size = 0;
+		new_size  = len;
+		if (ps->data == NULL)
 		{
-			DEBUG(2,("msrpc redirect send failed\n"));
 			return False;
 		}
-		if (!msrpc_receive_prs(p->m, &p->rhdr))
+	}
+	else
+	{
+		prev_size = ps->data->data_used;
+		new_size  = prev_size + len;
+		DEBUG(10,("rpc_add_to_pdu: prev_size: %d new_size: %d\n",
+				prev_size, new_size));
+		if (!mem_realloc_data(ps->data, new_size))
 		{
-			DEBUG(2,("msrpc redirect receive failed\n"));
 			return False;
 		}
-		prs_link(NULL, &p->rhdr, NULL);
-		prs_debug_out(&p->rhdr, 10);
-		return True;
 	}
 
-	if (pd->data == NULL) return False;
+	DEBUG(10,("ps->data->start: %d\n", ps->data->offset.start));
+	ps->data->offset.start = 0x0;
+
+	to = mem_data(&ps->data, prev_size);
+	if (to == NULL)
+	{
+		DEBUG(10,("rpc_add_to_pdu: data could not be found\n"));
+		return False;
+	}
+	if (ps->data->data_used != new_size)
+	{
+		DEBUG(10,("rpc_add_to_pdu: ERROR: data used %d new_size %d\n",
+				ps->data->data_used, new_size));
+		return False;
+	}
+	memcpy(to, data, len);
+	return True;
+}
+
+static BOOL rpc_redir_remote(pipes_struct *p, prs_struct *req, prs_struct *resp)
+{
+	DEBUG(10,("rpc_redirect\n"));
+
+	if (!msrpc_send_prs(p->m, req))
+	{
+		DEBUG(2,("msrpc redirect send failed\n"));
+		return False;
+	}
+	if (!msrpc_receive_prs(p->m, resp))
+	{
+		DEBUG(2,("msrpc redirect receive failed\n"));
+		return False;
+	}
+	prs_link(NULL, resp, NULL);
+	prs_debug_out(resp, "redirect", 100);
+	return True;
+}
 
+static BOOL rpc_redir_local(rpcsrv_struct *l, prs_struct *req, prs_struct *resp,
+				const char* name)
+{
+	BOOL reply = False;
+
+	if (req->data == NULL) return False;
+
+	/* lkclXXXX still assume that the first complete PDU is always
+	   in a single request!!!
+	 */
 	/* process the rpc header */
-	smb_io_rpc_hdr("", &p->hdr, pd, 0);
+	req->offset = 0x0;
+	smb_io_rpc_hdr("", &l->hdr, req, 0);
 
-	if (pd->offset == 0) return False;
+	if (req->offset == 0) return False;
 
-	switch (p->hdr.pkt_type)
+	switch (l->hdr.pkt_type)
 	{
 		case RPC_BIND   :
 		{
-			reply = api_pipe_bind_req(p, pd);
+			reply = api_pipe_bind_req(l, req, name);
 			break;
 		}
 		case RPC_ALTCONT:
 		{
-			reply = api_pipe_alt_req(p, pd);
+			reply = api_pipe_alt_req(l, req, name);
  			break;
  		}
 		case RPC_REQUEST:
 		{
-			if (p->ntlmssp_auth && !p->ntlmssp_validated)
+			if (l->ntlmssp_auth && !l->ntlmssp_validated)
 			{
 				/* authentication _was_ requested
 				   and it failed.  sorry, no deal!
@@ -873,41 +945,87 @@ BOOL rpc_command(pipes_struct *p, prs_struct *pd)
 			else
 			{
 				/* read the rpc header */
-				smb_io_rpc_hdr_req("req", &(p->hdr_req), pd, 0);
-				reply = api_pipe_request(p, pd);
+				smb_io_rpc_hdr_req("req", &(l->hdr_req), req, 0);
+				reply = api_pipe_request(l, req, name);
 			}
 			break;
 		}
 		case RPC_BINDRESP: /* not the real name! */
 		{
-			reply = api_pipe_bind_auth_resp(p, pd);
-			p->ntlmssp_auth = reply;
+			reply = api_pipe_bind_auth_resp(l, req);
+			l->ntlmssp_auth = reply;
 			break;
 		}
 	}
 
 	if (!reply)
 	{
-		reply = api_pipe_fault_resp(p, pd, 0x1c010002);
+		reply = api_pipe_fault_resp(l, req, 0x1c010002);
+	}
+	
+	if (reply)
+	{
+		/* flatten the data into a single pdu */
+		reply = prs_copy(resp, &l->rhdr);
 	}
 
+	/* delete intermediate data used to set up the pdu.  leave
+	   rdata alone because that's got the rest of the data in it */
+	rpcsrv_free_temp(l);
+
 	return reply;
 }
 
+BOOL rpc_send_and_rcv_pdu(pipes_struct *p)
+{
+	DEBUG(10,("rpc_send_and_rcv_pdu\n"));
+
+	if (p->m != NULL)
+	{
+		return rpc_redir_remote(p, &p->smb_pdu, &p->rsmb_pdu);
+	}
+	else if (p->l != NULL)
+	{
+		return rpc_redir_local(p->l, &p->smb_pdu, &p->rsmb_pdu,
+					p->name);
+	}
+	return False;
+}
+
+/*******************************************************************
+ entry point from msrpc to smb.  adds data received to pdu; checks
+ pdu; hands pdu off to msrpc, which gets a pdu back (except in the
+ case of the RPC_BINDCONT pdu).
+ ********************************************************************/
+BOOL rpc_to_smb(pipes_struct *p, char *data, int len)
+{
+	BOOL reply = rpc_add_to_pdu(&p->smb_pdu, data, len);
+
+	if (reply && is_complete_pdu(&p->smb_pdu))
+	{
+		p->smb_pdu.offset = p->smb_pdu.data->data_size;
+		prs_link(NULL, &p->smb_pdu, NULL);
+		reply = rpc_send_and_rcv_pdu(p);
+		mem_free_data(p->smb_pdu.data);
+		prs_init(&p->smb_pdu, 0, 4, 0, True);
+
+	}
+	return reply;
+}
 
 /*******************************************************************
  receives a netlogon pipe and responds.
  ********************************************************************/
-static BOOL api_rpc_command(pipes_struct *p, 
+static BOOL api_rpc_command(rpcsrv_struct *l, 
 				char *rpc_name, struct api_struct *api_rpc_cmds,
 				prs_struct *data)
 {
 	int fn_num;
-	DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, p->hdr_req.opnum));
+	DEBUG(4,("api_rpc_command: %s op 0x%x - ", rpc_name, l->hdr_req.opnum));
 
 	for (fn_num = 0; api_rpc_cmds[fn_num].name; fn_num++)
 	{
-		if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL)
+		if (api_rpc_cmds[fn_num].opnum == l->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL)
 		{
 			DEBUG(3,("api_rpc_command: %s\n", api_rpc_cmds[fn_num].name));
 			break;
@@ -921,18 +1039,18 @@ static BOOL api_rpc_command(pipes_struct *p,
 	}
 
 	/* start off with 1024 bytes, and a large safety margin too */
-	prs_init(&p->rdata, 1024, 4, SAFETY_MARGIN, False);
+	prs_init(&l->rdata, 1024, 4, SAFETY_MARGIN, False);
 
 	/* do the actual command */
-	api_rpc_cmds[fn_num].fn(p, data, &(p->rdata));
+	api_rpc_cmds[fn_num].fn(l, data, &(l->rdata));
 
-	if (p->rdata.data == NULL || p->rdata.offset == 0)
+	if (l->rdata.data == NULL || l->rdata.offset == 0)
 	{
-		mem_free_data(p->rdata.data);
+		mem_free_data(l->rdata.data);
 		return False;
 	}
 
-	mem_realloc_data(p->rdata.data, p->rdata.offset);
+	mem_realloc_data(l->rdata.data, l->rdata.offset);
 
 	DEBUG(10,("called %s\n", rpc_name));
 
@@ -943,7 +1061,7 @@ static BOOL api_rpc_command(pipes_struct *p,
 /*******************************************************************
  receives a netlogon pipe and responds.
  ********************************************************************/
-BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds,
+BOOL api_rpcTNP(rpcsrv_struct *l, char *rpc_name, struct api_struct *api_rpc_cmds,
 				prs_struct *data)
 {
 	if (data == NULL || data->data == NULL)
@@ -953,16 +1071,39 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds
 	}
 
 	/* interpret the command */
-	if (!api_rpc_command(p, rpc_name, api_rpc_cmds, data))
+	if (!api_rpc_command(l, rpc_name, api_rpc_cmds, data))
 	{
 		return False;
 	}
 
 	/* create the rpc header */
-	if (!create_rpc_reply(p, 0, p->rdata.offset + (p->ntlmssp_auth ? (16 + 8) : 0)))
+	if (!create_rpc_reply(l, 0))
 	{
 		return False;
 	}
 
 	return True;
 }
+
+BOOL is_complete_pdu(prs_struct *ps)
+{
+	RPC_HDR hdr;
+	int len = ps->data->data_size;
+
+	DEBUG(10,("is_complete_pdu - len %d\n", len));
+	ps->offset = 0x0;
+
+	if (!ps->io)
+	{
+		/* writing.  oops!! */
+		DEBUG(4,("is_complete_pdu: write set, not read!\n"));
+		return False;
+	}
+		
+	if (!smb_io_rpc_hdr("hdr", &hdr, ps, 0))
+	{
+		return False;
+	}
+	/* check that the fragment length is equal to the data length so far */
+	return hdr.frag_len == len;
+}