summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-16 03:58:13 -0700
committerAndrew Tridgell <tridge@samba.org>2009-09-16 03:58:13 -0700
commit7860817737158e5daa7596304dd9e35cb65ddcee (patch)
tree71c3c397aeea6b48541e16152be2ca6309c9dc99 /source3
parentf391e64a82b8e6bf5862175d3ebd71ff8d4b08e8 (diff)
parentc405d721c1a84bd2bdab2d56dd89e232cabe7955 (diff)
downloadsamba-7860817737158e5daa7596304dd9e35cb65ddcee.tar.gz
samba-7860817737158e5daa7596304dd9e35cb65ddcee.tar.bz2
samba-7860817737158e5daa7596304dd9e35cb65ddcee.zip
Merge branch 'master' of /home/tridge/samba/git/combined
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/include/rpc_dce.h44
-rw-r--r--source3/lib/netapi/user.c6
-rw-r--r--source3/rpc_client/cli_pipe.c108
-rw-r--r--source3/rpc_parse/parse_rpc.c2
-rw-r--r--source3/rpc_server/srv_pipe.c100
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c58
-rw-r--r--source3/rpcclient/cmd_lsarpc.c2
-rw-r--r--source3/utils/eventlogadm.c2
9 files changed, 131 insertions, 193 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 8af6dba7b0..007ee9f223 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5712,7 +5712,7 @@ bool prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx);
/* The following definitions come from rpc_parse/parse_rpc.c */
const char *get_pipe_name_from_iface(const struct ndr_syntax_id *interface);
-void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
+void init_rpc_hdr(RPC_HDR *hdr, enum dcerpc_pkt_type pkt_type, uint8 flags,
uint32 call_id, int data_len, int auth_len);
bool smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth);
void init_rpc_context(RPC_CONTEXT *rpc_ctx, uint16 context_id,
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index fc2d8809b9..3fd833c0bd 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -22,49 +22,7 @@
#ifndef _DCE_RPC_H /* _DCE_RPC_H */
#define _DCE_RPC_H
-/* DCE/RPC packet types */
-
-enum RPC_PKT_TYPE {
- RPC_REQUEST = 0x00, /* Ordinary request. */
- RPC_PING = 0x01, /* Connectionless is server alive ? */
- RPC_RESPONSE = 0x02, /* Ordinary reply. */
- RPC_FAULT = 0x03, /* Fault in processing of call. */
- RPC_WORKING = 0x04, /* Connectionless reply to a ping when server busy. */
- RPC_NOCALL = 0x05, /* Connectionless reply to a ping when server has lost part of clients call. */
- RPC_REJECT = 0x06, /* Refuse a request with a code. */
- RPC_ACK = 0x07, /* Connectionless client to server code. */
- RPC_CL_CANCEL= 0x08, /* Connectionless cancel. */
- RPC_FACK = 0x09, /* Connectionless fragment ack. Both client and server send. */
- RPC_CANCEL_ACK = 0x0A, /* Server ACK to client cancel request. */
- RPC_BIND = 0x0B, /* Bind to interface. */
- RPC_BINDACK = 0x0C, /* Server ack of bind. */
- RPC_BINDNACK = 0x0D, /* Server nack of bind. */
- RPC_ALTCONT = 0x0E, /* Alter auth. */
- RPC_ALTCONTRESP = 0x0F, /* Reply to alter auth. */
- RPC_AUTH3 = 0x10, /* not the real name! this is undocumented! */
- RPC_SHUTDOWN = 0x11, /* Server to client request to shutdown. */
- RPC_CO_CANCEL= 0x12, /* Connection-oriented cancel request. */
- RPC_ORPHANED = 0x13 /* Client telling server it's aborting a partially sent request or telling
- server to stop sending replies. */
-};
-
-/* DCE/RPC flags */
-#define RPC_FLG_FIRST 0x01
-#define RPC_FLG_LAST 0x02
-#define RPC_FLG_NOCALL 0x20
-
-/* Netlogon schannel auth type and level */
-#define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
-#define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
-
#define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 0x20
-#define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 0x18
-
-
-enum schannel_direction {
- SENDER_IS_INITIATOR,
- SENDER_IS_ACCEPTOR
-};
/* Maximum size of the signing data in a fragment. */
#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
@@ -79,7 +37,7 @@ enum schannel_direction {
typedef struct rpc_hdr_info {
uint8 major; /* 5 - RPC major version */
uint8 minor; /* 0 - RPC minor version */
- uint8 pkt_type; /* RPC_PKT_TYPE - RPC response packet */
+ uint8 pkt_type; /* dcerpc_pkt_type - RPC response packet */
uint8 flags; /* DCE/RPC flags */
uint8 pack_type[4]; /* 0x1000 0000 - little-endian packed data representation */
uint16 frag_len; /* fragment length - data size (bytes) inc header and tail. */
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index 9fa3ddd9a8..f95750fae7 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -466,7 +466,7 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
&user_handle);
done:
- if (is_valid_policy_hnd(&user_handle)) {
+ if (is_valid_policy_hnd(&user_handle) && pipe_cli) {
rpccli_samr_Close(pipe_cli, ctx, &user_handle);
}
@@ -1696,7 +1696,7 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
}
done:
- if (is_valid_policy_hnd(&user_handle)) {
+ if (is_valid_policy_hnd(&user_handle) && pipe_cli) {
rpccli_samr_Close(pipe_cli, ctx, &user_handle);
}
@@ -1864,7 +1864,7 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
werr = WERR_OK;
done:
- if (is_valid_policy_hnd(&user_handle)) {
+ if (is_valid_policy_hnd(&user_handle) && pipe_cli) {
rpccli_samr_Close(pipe_cli, ctx, &user_handle);
}
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index febf787815..186696fbbc 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -672,13 +672,12 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
uint8 *p_ss_padding_len)
{
RPC_HDR_AUTH auth_info;
- struct NL_AUTH_SIGNATURE schannel_chk;
uint32 auth_len = prhdr->auth_len;
uint32 save_offset = prs_offset(current_pdu);
struct schannel_state *schannel_auth =
cli->auth->a_u.schannel_auth;
+ uint8_t *data;
uint32 data_len;
- enum ndr_err_code ndr_err;
DATA_BLOB blob;
NTSTATUS status;
@@ -725,31 +724,28 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
blob = data_blob_const(prs_data_p(current_pdu) + prs_offset(current_pdu), auth_len);
- ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk,
- (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n"));
- return ndr_map_error2ntstatus(ndr_err);
- }
-
if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk);
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
+ data = (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN;
+
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_unseal_packet(schannel_auth,
+ status = netsec_incoming_packet(schannel_auth,
talloc_tos(),
- (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
+ true,
+ data,
data_len,
&blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_check_packet(schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN,
- data_len,
- &blob);
+ status = netsec_incoming_packet(schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
@@ -881,14 +877,14 @@ static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_H
/* Ensure we have the correct type. */
switch (prhdr->pkt_type) {
- case RPC_ALTCONTRESP:
- case RPC_BINDACK:
+ case DCERPC_PKT_ALTER_RESP:
+ case DCERPC_PKT_BIND_ACK:
/* Alter context and bind ack share the same packet definitions. */
break;
- case RPC_RESPONSE:
+ case DCERPC_PKT_RESPONSE:
{
RPC_HDR_RESP rhdr_resp;
uint8 ss_padding_len = 0;
@@ -944,14 +940,14 @@ static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_H
break;
}
- case RPC_BINDNACK:
+ case DCERPC_PKT_BIND_NAK:
DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK "
"received from %s!\n",
rpccli_pipe_txt(debug_ctx(), cli)));
/* Use this for now... */
return NT_STATUS_NETWORK_ACCESS_DENIED;
- case RPC_FAULT:
+ case DCERPC_PKT_FAULT:
{
RPC_HDR_RESP rhdr_resp;
RPC_HDR_FAULT fault_resp;
@@ -998,10 +994,10 @@ static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_H
data before now as we may have needed to do cryptographic actions on
it before. */
- if ((prhdr->pkt_type == RPC_BINDACK) && !(prhdr->flags & RPC_FLG_LAST)) {
+ if ((prhdr->pkt_type == DCERPC_PKT_BIND_ACK) && !(prhdr->flags & DCERPC_PFC_FLAG_LAST)) {
DEBUG(5,("cli_pipe_validate_current_pdu: bug in server (AS/U?), "
"setting fragment first/last ON.\n"));
- prhdr->flags |= RPC_FLG_FIRST|RPC_FLG_LAST;
+ prhdr->flags |= DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST;
}
return NT_STATUS_OK;
@@ -1401,7 +1397,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
return;
}
- if ((state->rhdr.flags & RPC_FLG_FIRST)
+ if ((state->rhdr.flags & DCERPC_PFC_FLAG_FIRST)
&& (state->rhdr.pack_type[0] == 0)) {
/*
* Set the data type correctly for big-endian data on the
@@ -1442,7 +1438,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
return;
}
- if (state->rhdr.flags & RPC_FLG_LAST) {
+ if (state->rhdr.flags & DCERPC_PFC_FLAG_LAST) {
DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n",
rpccli_pipe_txt(debug_ctx(), state->cli),
(unsigned)prs_data_size(&state->incoming_pdu)));
@@ -1688,7 +1684,7 @@ static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli,
Creates the internals of a DCE/RPC bind request or alter context PDU.
********************************************************************/
-static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type,
+static NTSTATUS create_bind_or_alt_ctx_internal(enum dcerpc_pkt_type pkt_type,
prs_struct *rpc_out,
uint32 rpc_call_id,
const struct ndr_syntax_id *abstract,
@@ -1723,7 +1719,7 @@ static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type,
}
/* Create the request RPC_HDR */
- init_rpc_hdr(&hdr, pkt_type, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id, frag_len, auth_len);
+ init_rpc_hdr(&hdr, pkt_type, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id, frag_len, auth_len);
/* Marshall the RPC header */
if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) {
@@ -1827,7 +1823,7 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
return NT_STATUS_INVALID_INFO_CLASS;
}
- ret = create_bind_or_alt_ctx_internal(RPC_BIND,
+ ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_BIND,
rpc_out,
rpc_call_id,
abstract,
@@ -1930,11 +1926,9 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
prs_struct *outgoing_pdu)
{
RPC_HDR_AUTH auth_info;
- struct NL_AUTH_SIGNATURE verf;
struct schannel_state *sas = cli->auth->a_u.schannel_auth;
char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN;
size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
- enum ndr_err_code ndr_err;
DATA_BLOB blob;
NTSTATUS status;
@@ -1959,18 +1953,20 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
switch (cli->auth->auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_seal_packet(sas,
- talloc_tos(),
- (uint8_t *)data_p,
- data_and_pad_len,
- &blob);
+ status = netsec_outgoing_packet(sas,
+ talloc_tos(),
+ true,
+ (uint8_t *)data_p,
+ data_and_pad_len,
+ &blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_sign_packet(sas,
- talloc_tos(),
- (uint8_t *)data_p,
- data_and_pad_len,
- &blob);
+ status = netsec_outgoing_packet(sas,
+ talloc_tos(),
+ false,
+ (uint8_t *)data_p,
+ data_and_pad_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
@@ -1982,17 +1978,11 @@ static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli,
nt_errstr(status)));
return status;
}
-#if 0
- ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf,
- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return ndr_map_error2ntstatus(ndr_err);
- }
if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf);
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
-#endif
+
/* Finally marshall the blob. */
if (!prs_copy_data_in(outgoing_pdu, (const char *)blob.data, blob.length)) {
return NT_STATUS_NO_MEMORY;
@@ -2143,7 +2133,7 @@ struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
if (is_last_frag) {
subreq = rpc_api_pipe_send(state, ev, state->cli,
&state->outgoing_frag,
- RPC_RESPONSE);
+ DCERPC_PKT_RESPONSE);
if (subreq == NULL) {
goto fail;
}
@@ -2189,11 +2179,11 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
state->cli, data_left, &frag_len, &auth_len, &ss_padding);
if (state->req_data_sent == 0) {
- flags = RPC_FLG_FIRST;
+ flags = DCERPC_PFC_FLAG_FIRST;
}
if (data_sent_thistime == data_left) {
- flags |= RPC_FLG_LAST;
+ flags |= DCERPC_PFC_FLAG_LAST;
}
if (!prs_set_offset(&state->outgoing_frag, 0)) {
@@ -2201,7 +2191,7 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
}
/* Create and marshall the header and request header. */
- init_rpc_hdr(&hdr, RPC_REQUEST, flags, state->call_id, frag_len,
+ init_rpc_hdr(&hdr, DCERPC_PKT_REQUEST, flags, state->call_id, frag_len,
auth_len);
if (!smb_io_rpc_hdr("hdr ", &hdr, &state->outgoing_frag, 0)) {
@@ -2249,7 +2239,7 @@ static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
}
state->req_data_sent += data_sent_thistime;
- *is_last_frag = ((flags & RPC_FLG_LAST) != 0);
+ *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0);
return status;
}
@@ -2279,7 +2269,7 @@ static void rpc_api_pipe_req_write_done(struct tevent_req *subreq)
if (is_last_frag) {
subreq = rpc_api_pipe_send(state, state->ev, state->cli,
&state->outgoing_frag,
- RPC_RESPONSE);
+ DCERPC_PKT_RESPONSE);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -2436,7 +2426,7 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli,
uint32 pad = 0;
/* Create the request RPC_HDR */
- init_rpc_hdr(&hdr, RPC_AUTH3, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id,
+ init_rpc_hdr(&hdr, DCERPC_PKT_AUTH3, DCERPC_PFC_FLAG_FIRST|DCERPC_PFC_FLAG_LAST, rpc_call_id,
RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + pauth_blob->length,
pauth_blob->length );
@@ -2509,7 +2499,7 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
}
}
- ret = create_bind_or_alt_ctx_internal(RPC_ALTCONT,
+ ret = create_bind_or_alt_ctx_internal(DCERPC_PKT_ALTER,
rpc_out,
rpc_call_id,
abstract,
@@ -2590,7 +2580,7 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
}
subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out,
- RPC_BINDACK);
+ DCERPC_PKT_BIND_ACK);
if (subreq == NULL) {
goto fail;
}
@@ -2858,7 +2848,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind_send(struct tevent_req *req,
}
subreq = rpc_api_pipe_send(state, state->ev, state->cli,
- &state->rpc_out, RPC_ALTCONTRESP);
+ &state->rpc_out, DCERPC_PKT_ALTER_RESP);
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/rpc_parse/parse_rpc.c b/source3/rpc_parse/parse_rpc.c
index eb568b60a3..f720de35a1 100644
--- a/source3/rpc_parse/parse_rpc.c
+++ b/source3/rpc_parse/parse_rpc.c
@@ -29,7 +29,7 @@
Inits an RPC_HDR structure.
********************************************************************/
-void init_rpc_hdr(RPC_HDR *hdr, enum RPC_PKT_TYPE pkt_type, uint8 flags,
+void init_rpc_hdr(RPC_HDR *hdr, enum dcerpc_pkt_type pkt_type, uint8 flags,
uint32 call_id, int data_len, int auth_len)
{
hdr->major = 5; /* RPC version 5 */
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 576bd85745..627dac0f82 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -84,11 +84,11 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
/* Change the incoming request header to a response. */
- p->hdr.pkt_type = RPC_RESPONSE;
+ p->hdr.pkt_type = DCERPC_PKT_RESPONSE;
/* Set up rpc header flags. */
if (p->out_data.data_sent_length == 0) {
- p->hdr.flags = RPC_FLG_FIRST;
+ p->hdr.flags = DCERPC_PFC_FLAG_FIRST;
} else {
p->hdr.flags = 0;
}
@@ -130,7 +130,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
*/
if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
- p->hdr.flags |= RPC_FLG_LAST;
+ p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
if (data_len_left % 8) {
ss_padding_len = 8 - (data_len_left % 8);
DEBUG(10,("create_next_pdu_ntlmssp: adding sign/seal padding of %u\n",
@@ -302,11 +302,11 @@ static bool create_next_pdu_schannel(pipes_struct *p)
memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
/* Change the incoming request header to a response. */
- p->hdr.pkt_type = RPC_RESPONSE;
+ p->hdr.pkt_type = DCERPC_PKT_RESPONSE;
/* Set up rpc header flags. */
if (p->out_data.data_sent_length == 0) {
- p->hdr.flags = RPC_FLG_FIRST;
+ p->hdr.flags = DCERPC_PFC_FLAG_FIRST;
} else {
p->hdr.flags = 0;
}
@@ -349,7 +349,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
*/
if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
- p->hdr.flags |= RPC_FLG_LAST;
+ p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
if (data_len_left % 8) {
ss_padding_len = 8 - (data_len_left % 8);
DEBUG(10,("create_next_pdu_schannel: adding sign/seal padding of %u\n",
@@ -410,9 +410,8 @@ static bool create_next_pdu_schannel(pipes_struct *p)
* Schannel processing.
*/
RPC_HDR_AUTH auth_info;
- struct NL_AUTH_SIGNATURE verf;
DATA_BLOB blob;
- enum ndr_err_code ndr_err;
+ uint8_t *data;
/* Check it's the type of reply we were expecting to decode */
@@ -429,20 +428,24 @@ static bool create_next_pdu_schannel(pipes_struct *p)
return False;
}
+ data = (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos;
+
switch (p->auth.auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_seal_packet(p->auth.a_u.schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos,
- data_len + ss_padding_len,
- &blob);
+ status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+ talloc_tos(),
+ true,
+ data,
+ data_len + ss_padding_len,
+ &blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_sign_packet(p->auth.a_u.schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(&p->out_data.frag) + data_pos,
- data_len + ss_padding_len,
- &blob);
+ status = netsec_outgoing_packet(p->auth.a_u.schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len + ss_padding_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
@@ -458,18 +461,10 @@ static bool create_next_pdu_schannel(pipes_struct *p)
/* Finally marshall the blob. */
-#if 0
- ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL, &verf,
- (ndr_push_flags_fn_t)ndr_push_NL_AUTH_SIGNATURE);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- prs_mem_free(&p->out_data.frag);
- return false;
- }
-
if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &verf);
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
-#endif
+
if (!prs_copy_data_in(&p->out_data.frag, (const char *)blob.data, blob.length)) {
prs_mem_free(&p->out_data.frag);
return false;
@@ -511,11 +506,11 @@ static bool create_next_pdu_noauth(pipes_struct *p)
memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
/* Change the incoming request header to a response. */
- p->hdr.pkt_type = RPC_RESPONSE;
+ p->hdr.pkt_type = DCERPC_PKT_RESPONSE;
/* Set up rpc header flags. */
if (p->out_data.data_sent_length == 0) {
- p->hdr.flags = RPC_FLG_FIRST;
+ p->hdr.flags = DCERPC_PFC_FLAG_FIRST;
} else {
p->hdr.flags = 0;
}
@@ -557,7 +552,7 @@ static bool create_next_pdu_noauth(pipes_struct *p)
*/
if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) {
- p->hdr.flags |= RPC_FLG_LAST;
+ p->hdr.flags |= DCERPC_PFC_FLAG_LAST;
}
/*
@@ -836,7 +831,7 @@ static bool setup_bind_nak(pipes_struct *p)
* Initialize a bind_nak header.
*/
- init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+ init_rpc_hdr(&nak_hdr, DCERPC_PKT_BIND_NAK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0);
/*
@@ -896,7 +891,7 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS status)
* Initialize a fault header.
*/
- init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL,
+ init_rpc_hdr(&fault_hdr, DCERPC_PKT_FAULT, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST | DCERPC_PFC_FLAG_DID_NOT_EXECUTE,
p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0);
/*
@@ -963,7 +958,7 @@ bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
* Initialize a cancel_ack header.
*/
- init_rpc_hdr(&ack_reply_hdr, RPC_CANCEL_ACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+ init_rpc_hdr(&ack_reply_hdr, DCERPC_PKT_CANCEL_ACK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
p->hdr.call_id, RPC_HEADER_LEN, 0);
/*
@@ -1557,7 +1552,7 @@ static bool pipe_ntlmssp_auth_bind(pipes_struct *p, prs_struct *rpc_in_p,
DEBUG(10,("pipe_ntlmssp_auth_bind: NTLMSSP auth started\n"));
- /* We can't set pipe_bound True yet - we need an RPC_AUTH3 response packet... */
+ /* We can't set pipe_bound True yet - we need an DCERPC_PKT_AUTH3 response packet... */
return True;
err:
@@ -1808,7 +1803,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
}
- init_rpc_hdr(&p->hdr, RPC_BINDACK, RPC_FLG_FIRST | RPC_FLG_LAST,
+ init_rpc_hdr(&p->hdr, DCERPC_PKT_BIND_ACK, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
p->hdr.call_id,
RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
auth_len);
@@ -1996,7 +1991,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN;
}
- init_rpc_hdr(&p->hdr, RPC_ALTCONTRESP, RPC_FLG_FIRST | RPC_FLG_LAST,
+ init_rpc_hdr(&p->hdr, DCERPC_PKT_ALTER_RESP, DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST,
p->hdr.call_id,
RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth),
auth_len);
@@ -2170,10 +2165,9 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
uint32 auth_len;
uint32 save_offset = prs_offset(rpc_in);
RPC_HDR_AUTH auth_info;
- struct NL_AUTH_SIGNATURE schannel_chk;
- enum ndr_err_code ndr_err;
DATA_BLOB blob;
NTSTATUS status;
+ uint8_t *data;
auth_len = p->hdr.auth_len;
@@ -2223,32 +2217,28 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss
blob = data_blob_const(prs_data_p(rpc_in) + prs_offset(rpc_in), auth_len);
- ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL, &schannel_chk,
- (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_SIGNATURE);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(0,("failed to pull NL_AUTH_SIGNATURE\n"));
- dump_data(2, blob.data, blob.length);
- return false;
- }
-
if (DEBUGLEVEL >= 10) {
- NDR_PRINT_DEBUG(NL_AUTH_SIGNATURE, &schannel_chk);
+ dump_NL_AUTH_SIGNATURE(talloc_tos(), &blob);
}
+ data = (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN;
+
switch (auth_info.auth_level) {
case DCERPC_AUTH_LEVEL_PRIVACY:
- status = schannel_unseal_packet(p->auth.a_u.schannel_auth,
+ status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
talloc_tos(),
- (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN,
+ true,
+ data,
data_len,
&blob);
break;
case DCERPC_AUTH_LEVEL_INTEGRITY:
- status = schannel_check_packet(p->auth.a_u.schannel_auth,
- talloc_tos(),
- (uint8_t *)prs_data_p(rpc_in)+RPC_HDR_REQ_LEN,
- data_len,
- &blob);
+ status = netsec_incoming_packet(p->auth.a_u.schannel_auth,
+ talloc_tos(),
+ false,
+ data,
+ data_len,
+ &blob);
break;
default:
status = NT_STATUS_INTERNAL_ERROR;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 2f3d7632b0..b13e34be07 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -264,7 +264,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p)
* AS/U doesn't set FIRST flag in a BIND packet it seems.
*/
- if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) {
+ if ((p->hdr.pkt_type == DCERPC_PKT_REQUEST) && !(p->hdr.flags & DCERPC_PFC_FLAG_FIRST)) {
/*
* Ensure that the FIRST flag is set. If not then we have
* a stream missmatch.
@@ -444,7 +444,7 @@ static bool process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p)
return False;
}
- if(p->hdr.flags & RPC_FLG_LAST) {
+ if(p->hdr.flags & DCERPC_PFC_FLAG_LAST) {
bool ret = False;
/*
* Ok - we finally have a complete RPC stream.
@@ -534,35 +534,35 @@ static void process_complete_pdu(pipes_struct *p)
(unsigned int)p->hdr.pkt_type ));
switch (p->hdr.pkt_type) {
- case RPC_REQUEST:
+ case DCERPC_PKT_REQUEST:
reply = process_request_pdu(p, &rpc_in);
break;
- case RPC_PING: /* CL request - ignore... */
+ case DCERPC_PKT_PING: /* CL request - ignore... */
DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
(unsigned int)p->hdr.pkt_type,
get_pipe_name_from_iface(&p->syntax)));
break;
- case RPC_RESPONSE: /* No responses here. */
- DEBUG(0,("process_complete_pdu: Error. RPC_RESPONSE received from client on pipe %s.\n",
+ case DCERPC_PKT_RESPONSE: /* No responses here. */
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_RESPONSE received from client on pipe %s.\n",
get_pipe_name_from_iface(&p->syntax)));
break;
- case RPC_FAULT:
- case RPC_WORKING: /* CL request - reply to a ping when a call in process. */
- case RPC_NOCALL: /* CL - server reply to a ping call. */
- case RPC_REJECT:
- case RPC_ACK:
- case RPC_CL_CANCEL:
- case RPC_FACK:
- case RPC_CANCEL_ACK:
+ case DCERPC_PKT_FAULT:
+ case DCERPC_PKT_WORKING: /* CL request - reply to a ping when a call in process. */
+ case DCERPC_PKT_NOCALL: /* CL - server reply to a ping call. */
+ case DCERPC_PKT_REJECT:
+ case DCERPC_PKT_ACK:
+ case DCERPC_PKT_CL_CANCEL:
+ case DCERPC_PKT_FACK:
+ case DCERPC_PKT_CANCEL_ACK:
DEBUG(0,("process_complete_pdu: Error. Connectionless packet type %u received on pipe %s.\n",
(unsigned int)p->hdr.pkt_type,
get_pipe_name_from_iface(&p->syntax)));
break;
- case RPC_BIND:
+ case DCERPC_PKT_BIND:
/*
* We assume that a pipe bind is only in one pdu.
*/
@@ -571,15 +571,15 @@ static void process_complete_pdu(pipes_struct *p)
}
break;
- case RPC_BINDACK:
- case RPC_BINDNACK:
- DEBUG(0,("process_complete_pdu: Error. RPC_BINDACK/RPC_BINDNACK packet type %u received on pipe %s.\n",
+ case DCERPC_PKT_BIND_ACK:
+ case DCERPC_PKT_BIND_NAK:
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK packet type %u received on pipe %s.\n",
(unsigned int)p->hdr.pkt_type,
get_pipe_name_from_iface(&p->syntax)));
break;
- case RPC_ALTCONT:
+ case DCERPC_PKT_ALTER:
/*
* We assume that a pipe bind is only in one pdu.
*/
@@ -588,12 +588,12 @@ static void process_complete_pdu(pipes_struct *p)
}
break;
- case RPC_ALTCONTRESP:
- DEBUG(0,("process_complete_pdu: Error. RPC_ALTCONTRESP on pipe %s: Should only be server -> client.\n",
+ case DCERPC_PKT_ALTER_RESP:
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_ALTER_RESP on pipe %s: Should only be server -> client.\n",
get_pipe_name_from_iface(&p->syntax)));
break;
- case RPC_AUTH3:
+ case DCERPC_PKT_AUTH3:
/*
* The third packet in an NTLMSSP auth exchange.
*/
@@ -602,14 +602,14 @@ static void process_complete_pdu(pipes_struct *p)
}
break;
- case RPC_SHUTDOWN:
- DEBUG(0,("process_complete_pdu: Error. RPC_SHUTDOWN on pipe %s: Should only be server -> client.\n",
+ case DCERPC_PKT_SHUTDOWN:
+ DEBUG(0,("process_complete_pdu: Error. DCERPC_PKT_SHUTDOWN on pipe %s: Should only be server -> client.\n",
get_pipe_name_from_iface(&p->syntax)));
break;
- case RPC_CO_CANCEL:
+ case DCERPC_PKT_CO_CANCEL:
/* For now just free all client data and continue processing. */
- DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n"));
+ DEBUG(3,("process_complete_pdu: DCERPC_PKT_CO_CANCEL. Abandoning rpc call.\n"));
/* As we never do asynchronous RPC serving, we can never cancel a
call (as far as I know). If we ever did we'd have to send a cancel_ack
reply. For now, just free all client data and continue processing. */
@@ -626,10 +626,10 @@ static void process_complete_pdu(pipes_struct *p)
break;
#endif
- case RPC_ORPHANED:
+ case DCERPC_PKT_ORPHANED:
/* We should probably check the auth-verifier here.
For now just free all client data and continue processing. */
- DEBUG(3,("process_complete_pdu: RPC_ORPHANED. Abandoning rpc call.\n"));
+ DEBUG(3,("process_complete_pdu: DCERPC_PKT_ORPHANED. Abandoning rpc call.\n"));
reply = True;
break;
@@ -712,7 +712,7 @@ incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned
return rret;
}
/* If rret == 0 and pdu_needed_len == 0 here we have a PDU that consists
- of an RPC_HEADER only. This is a RPC_SHUTDOWN, RPC_CO_CANCEL or RPC_ORPHANED
+ of an RPC_HEADER only. This is a DCERPC_PKT_SHUTDOWN, DCERPC_PKT_CO_CANCEL or DCERPC_PKT_ORPHANED
pdu type. Deal with this in process_complete_pdu(). */
}
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index b660cfad25..752881c221 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -1731,7 +1731,7 @@ static NTSTATUS cmd_lsa_retrieve_private_data(struct rpc_pipe_client *cli,
struct lsa_String name;
struct lsa_DATA_BUF *val;
DATA_BLOB session_key;
- DATA_BLOB blob;
+ DATA_BLOB blob = data_blob_null;
char *secret;
if (argc < 2) {
diff --git a/source3/utils/eventlogadm.c b/source3/utils/eventlogadm.c
index d134ea8fea..7fc04b008e 100644
--- a/source3/utils/eventlogadm.c
+++ b/source3/utils/eventlogadm.c
@@ -91,7 +91,7 @@ static int DoWriteCommand( int argc, char **argv, bool debugflag, char *exename
char linein[1024];
bool is_eor;
struct eventlog_Record_tdb ee;
- uint32_t record_number;
+ uint32_t record_number = 0;
TALLOC_CTX *mem_ctx = talloc_tos();
f1 = stdin;