r4618: - tidied up the alter_context client code a bit

- there is no alter_nak or alter_ack packet, its all done in an
  alter_response

- auto-allocated the contex_ids

- tried to fix up the dcom code to work again with
  alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)

5 files changed, 35 insertions, 103 deletions

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index d75f6db935..e133c77d07 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -562,6 +562,18 @@ static NTSTATUS full_request(struct dcerpc_connection *c,
 	return state->status;
 }
 
+/*
+  map a bind nak reason to a NTSTATUS
+*/
+static NTSTATUS dcerpc_map_reason(uint16_t reason)
+{
+	switch (reason) {
+	case DCERPC_BIND_REASON_ASYNTAX:
+		return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
+	}
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
 
 /* 
    perform a bind using the given syntax 
@@ -622,7 +634,7 @@ NTSTATUS dcerpc_bind(struct dcerpc_pipe *p,
 
 	if (pkt.ptype == DCERPC_PKT_BIND_NAK) {
 		DEBUG(2,("dcerpc: bind_nak reason %d\n", pkt.u.bind_nak.reject_reason));
-		return NT_STATUS_ACCESS_DENIED;
+		return dcerpc_map_reason(pkt.u.bind_nak.reject_reason);
 	}
 
 	if ((pkt.ptype != DCERPC_PKT_BIND_ACK) ||
@@ -1387,20 +1399,23 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p,
 		return status;
 	}
 
-	if (pkt.ptype == DCERPC_PKT_BIND_NAK) {
-		DEBUG(2,("dcerpc: alter_nak reason %d\n", pkt.u.bind_nak.reject_reason));
-		return NT_STATUS_ACCESS_DENIED;
+	if (pkt.ptype == DCERPC_PKT_ALTER_RESP &&
+	    pkt.u.alter_resp.num_results == 1 &&
+	    pkt.u.alter_resp.ctx_list[0].result != 0) {
+		DEBUG(2,("dcerpc: alter_resp failed - reason %d\n", 
+			 pkt.u.alter_resp.ctx_list[0].reason));
+		return dcerpc_map_reason(pkt.u.alter_resp.ctx_list[0].reason);
 	}
 
-	if ((pkt.ptype != DCERPC_PKT_ALTER_ACK) ||
-	    pkt.u.alter_ack.num_results == 0 ||
-	    pkt.u.alter_ack.ctx_list[0].result != 0) {
+	if (pkt.ptype != DCERPC_PKT_ALTER_RESP ||
+	    pkt.u.alter_resp.num_results == 0 ||
+	    pkt.u.alter_resp.ctx_list[0].result != 0) {
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	/* the alter_ack might contain a reply set of credentials */
-	if (p->conn->security_state.auth_info && pkt.u.alter_ack.auth_info.length) {
-		status = ndr_pull_struct_blob(&pkt.u.alter_ack.auth_info,
+	/* the alter_resp might contain a reply set of credentials */
+	if (p->conn->security_state.auth_info && pkt.u.alter_resp.auth_info.length) {
+		status = ndr_pull_struct_blob(&pkt.u.alter_resp.auth_info,
 					      mem_ctx,
 					      p->conn->security_state.auth_info,
 					      (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h
index 00f1fb6488..f5ed637d0b 100644
--- a/source4/librpc/rpc/dcerpc.h
+++ b/source4/librpc/rpc/dcerpc.h
@@ -76,6 +76,9 @@ struct dcerpc_connection {
 
 	/* private pointer for pending full requests */
 	void *full_request_private;
+
+	/* the next context_id to be assigned */
+	uint32_t next_context_id;
 };
 
 /*
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 9d43218e4b..4ff8fe549e 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -123,92 +123,3 @@ done:
 
 	return status;
 }
-
-#warning "bind_alter not implemented"
-#if 0
-NTSTATUS dcerpc_bind_alter(struct dcerpc_pipe *p, uint8_t auth_type, uint8_t auth_level,
-			  const char *uuid, uint_t version)
-{
-	NTSTATUS status;
-	TALLOC_CTX *mem_ctx;
-	DATA_BLOB credentials;
-	DATA_BLOB null_data_blob = data_blob(NULL, 0);
-
-	mem_ctx = talloc_init("dcerpc_bind_auth");
-	if (!mem_ctx) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	
-	if (!p->conn->security_state.generic_state) {
-		status = gensec_client_start(p, &p->conn->security_state.generic_state);
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-
-		status = gensec_start_mech_by_authtype(p->conn->security_state.generic_state, 
-						       auth_type, auth_level);
-
-		if (!NT_STATUS_IS_OK(status)) {
-			return status;
-		}
-	}
-
-	p->conn->security_state.auth_info = talloc_p(p, struct dcerpc_auth);
-	if (!p->conn->security_state.auth_info) {
-		status = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-
-	p->conn->security_state.auth_info->auth_type = auth_type;
-	p->conn->security_state.auth_info->auth_level = auth_level;
-	p->conn->security_state.auth_info->auth_pad_length = 0;
-	p->conn->security_state.auth_info->auth_reserved = 0;
-	p->conn->security_state.auth_info->auth_context_id = random();
-	p->conn->security_state.auth_info->credentials = null_data_blob;
-
-	status = gensec_update(p->conn->security_state.generic_state, mem_ctx,
-			       null_data_blob,
-			       &credentials);
-	
-	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		goto done;
-	}
-
-	p->conn->security_state.auth_info->credentials = credentials;
-
-	status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	while(1) {
-		status = gensec_update(p->conn->security_state.generic_state, mem_ctx,
-			       p->conn->security_state.auth_info->credentials,
-			       &credentials);
-
-		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-			goto done;
-		}
-
-		p->conn->security_state.auth_info->credentials = credentials;
-
-		status = dcerpc_alter(p, mem_ctx);
-		if (!NT_STATUS_IS_OK(status)) {
-			goto done;
-		}
-	}
-
-done:
-	talloc_destroy(mem_ctx);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		talloc_free(p->conn->security_state.generic_state);
-		ZERO_STRUCT(p->conn->security_state);
-	} else {
-		/* Authenticated connections use the generic session key */
-		p->conn->security_state.session_key = dcerpc_generic_session_key;
-	}
-
-	return status;
-}
-#endif
diff --git a/source4/librpc/rpc/dcerpc_spnego.c b/source4/librpc/rpc/dcerpc_spnego.c
index cab8865d6b..f67dd2c7cb 100644
--- a/source4/librpc/rpc/dcerpc_spnego.c
+++ b/source4/librpc/rpc/dcerpc_spnego.c
@@ -24,9 +24,12 @@
 
 #include "includes.h"
 
-#warning "this needs dcerpc_alter"
 #if 0
 /*
+  metze, can you tell me what you're trying to do with this?
+*/
+
+/*
   do spnego style authentication on a gensec pipe
 */
 NTSTATUS dcerpc_bind_auth_spnego(struct dcerpc_pipe *p,
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 702a1f6ecf..305c1c7725 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -1272,8 +1272,8 @@ void dcerpc_log_packet(const struct dcerpc_interface_table *ndr,
 
   this uses dcerpc_alter_context() to create a new dcerpc context_id
 */
-NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp2,
-				  uint32_t context_id,
+NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, 
+				  struct dcerpc_pipe **pp2,
 				  const char *pipe_uuid,
 				  uint32_t pipe_version)
 {
@@ -1286,7 +1286,7 @@ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, struct dcerpc_pipe **pp
 	}
 	p2->conn = talloc_reference(p2, p->conn);
 
-	p2->context_id = context_id;
+	p2->context_id = ++p->conn->next_context_id;
 
 	status = GUID_from_string(pipe_uuid, &p2->syntax.uuid);
 	if (!NT_STATUS_IS_OK(status)) {