diff options
-rw-r--r-- | source3/rpc_client/cli_pipe.c | 401 |
1 files changed, 0 insertions, 401 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 63d3689620..85085ad504 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -1585,41 +1585,6 @@ static NTSTATUS rpc_api_pipe_recv(struct async_req *req, TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -#if 0 -static NTSTATUS rpc_api_pipe(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *cli, - prs_struct *data, /* Outgoing pdu fragment, - * already formatted for - * send. */ - prs_struct *rbuf, /* Incoming reply - return as - * an NDR stream. */ - uint8 expected_pkt_type) -{ - TALLOC_CTX *frame = talloc_stackframe(); - struct event_context *ev; - struct async_req *req; - NTSTATUS status = NT_STATUS_NO_MEMORY; - - ev = event_context_init(frame); - if (ev == NULL) { - goto fail; - } - - req = rpc_api_pipe_send(frame, ev, cli, data, expected_pkt_type); - if (req == NULL) { - goto fail; - } - - while (req->state < ASYNC_REQ_DONE) { - event_loop_once(ev); - } - - status = rpc_api_pipe_recv(req, mem_ctx, rbuf); - fail: - TALLOC_FREE(frame); - return status; -} -#endif - /******************************************************************* Creates krb5 auth bind. ********************************************************************/ @@ -2611,109 +2576,6 @@ static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, return NT_STATUS_OK; } -/**************************************************************************** - Create and send the third packet in an RPC auth. -****************************************************************************/ - -#if 0 -static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli, - RPC_HDR *phdr, - prs_struct *rbuf, - uint32 rpc_call_id, - enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level) -{ - DATA_BLOB server_response = data_blob_null; - DATA_BLOB client_reply = data_blob_null; - RPC_HDR_AUTH hdr_auth; - NTSTATUS nt_status; - prs_struct rpc_out; - ssize_t ret; - - if (!phdr->auth_len || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* Process the returned NTLMSSP blob first. */ - if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) { - return NT_STATUS_INVALID_PARAMETER; - } - - if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* TODO - check auth_type/auth_level match. */ - - server_response = data_blob(NULL, phdr->auth_len); - prs_copy_data_out((char *)server_response.data, rbuf, phdr->auth_len); - - nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, - server_response, - &client_reply); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n")); - data_blob_free(&server_response); - return nt_status; - } - - prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL); - - nt_status = create_rpc_bind_auth3(cli, rpc_call_id, - auth_type, auth_level, - &client_reply, &rpc_out); - - if (!NT_STATUS_IS_OK(nt_status)) { - prs_mem_free(&rpc_out); - data_blob_free(&client_reply); - data_blob_free(&server_response); - return nt_status; - } - - switch (cli->transport_type) { - case NCACN_NP: - /* 8 here is named pipe message mode. */ - ret = cli_write(cli->trans.np.cli, cli->trans.np.fnum, - 0x8, prs_data_p(&rpc_out), 0, - (size_t)prs_offset(&rpc_out)); - break; - - if (ret != (ssize_t)prs_offset(&rpc_out)) { - nt_status = cli_get_nt_error(cli->trans.np.cli); - } - case NCACN_IP_TCP: - case NCACN_UNIX_STREAM: - ret = write_data(cli->trans.sock.fd, prs_data_p(&rpc_out), - (size_t)prs_offset(&rpc_out)); - if (ret != (ssize_t)prs_offset(&rpc_out)) { - nt_status = map_nt_error_from_unix(errno); - } - break; - default: - DEBUG(0, ("unknown transport type %d\n", cli->transport_type)); - return NT_STATUS_INTERNAL_ERROR; - } - - if (ret != (ssize_t)prs_offset(&rpc_out)) { - DEBUG(0,("rpc_send_auth_auth3: write failed. Return was %s\n", - nt_errstr(nt_status))); - prs_mem_free(&rpc_out); - data_blob_free(&client_reply); - data_blob_free(&server_response); - return nt_status; - } - - DEBUG(5,("rpc_send_auth_auth3: %s sent auth3 response ok.\n", - rpccli_pipe_txt(debug_ctx(), cli))); - - prs_mem_free(&rpc_out); - data_blob_free(&client_reply); - data_blob_free(&server_response); - return NT_STATUS_OK; -} -#endif - /******************************************************************* Creates a DCE/RPC bind alter context authentication request which may contain a spnego auth blobl @@ -2755,273 +2617,10 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, return ret; } -/******************************************************************* - Third leg of the SPNEGO bind mechanism - sends alter context PDU - and gets a response. - ********************************************************************/ - -#if 0 -static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli, - RPC_HDR *phdr, - prs_struct *rbuf, - uint32 rpc_call_id, - const RPC_IFACE *abstract, - const RPC_IFACE *transfer, - enum pipe_auth_type auth_type, - enum pipe_auth_level auth_level) -{ - DATA_BLOB server_spnego_response = data_blob_null; - DATA_BLOB server_ntlm_response = data_blob_null; - DATA_BLOB client_reply = data_blob_null; - DATA_BLOB tmp_blob = data_blob_null; - RPC_HDR_AUTH hdr_auth; - NTSTATUS nt_status; - prs_struct rpc_out; - - if (!phdr->auth_len || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* Process the returned NTLMSSP blob first. */ - if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) { - return NT_STATUS_INVALID_PARAMETER; - } - - if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) { - return NT_STATUS_INVALID_PARAMETER; - } - - server_spnego_response = data_blob(NULL, phdr->auth_len); - prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len); - - /* The server might give us back two challenges - tmp_blob is for the second. */ - if (!spnego_parse_challenge(server_spnego_response, &server_ntlm_response, &tmp_blob)) { - data_blob_free(&server_spnego_response); - data_blob_free(&server_ntlm_response); - data_blob_free(&tmp_blob); - return NT_STATUS_INVALID_PARAMETER; - } - - /* We're finished with the server spnego response and the tmp_blob. */ - data_blob_free(&server_spnego_response); - data_blob_free(&tmp_blob); - - nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, - server_ntlm_response, - &client_reply); - - /* Finished with the server_ntlm response */ - data_blob_free(&server_ntlm_response); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("rpc_finish_spnego_ntlmssp_bind: NTLMSSP update using server blob failed.\n")); - data_blob_free(&client_reply); - return nt_status; - } - - /* SPNEGO wrap the client reply. */ - tmp_blob = spnego_gen_auth(client_reply); - data_blob_free(&client_reply); - client_reply = tmp_blob; - tmp_blob = data_blob_null; /* Ensure it's safe to free this just in case. */ - - /* Now prepare the alter context pdu. */ - prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL); - - nt_status = create_rpc_alter_context(rpc_call_id, - abstract, - transfer, - auth_level, - &client_reply, - &rpc_out); - - data_blob_free(&client_reply); - - if (!NT_STATUS_IS_OK(nt_status)) { - prs_mem_free(&rpc_out); - return nt_status; - } - - /* Initialize the returning data struct. */ - prs_mem_free(rbuf); - - nt_status = rpc_api_pipe(talloc_tos(), cli, &rpc_out, rbuf, - RPC_ALTCONTRESP); - prs_mem_free(&rpc_out); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - /* Get the auth blob from the reply. */ - if(!smb_io_rpc_hdr("rpc_hdr ", phdr, rbuf, 0)) { - DEBUG(0,("rpc_finish_spnego_ntlmssp_bind: Failed to unmarshall RPC_HDR.\n")); - return NT_STATUS_BUFFER_TOO_SMALL; - } - - if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) { - return NT_STATUS_INVALID_PARAMETER; - } - - if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) { - return NT_STATUS_INVALID_PARAMETER; - } - - server_spnego_response = data_blob(NULL, phdr->auth_len); - prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len); - - /* Check we got a valid auth response. */ - if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) { - data_blob_free(&server_spnego_response); - data_blob_free(&tmp_blob); - return NT_STATUS_INVALID_PARAMETER; - } - - data_blob_free(&server_spnego_response); - data_blob_free(&tmp_blob); - - DEBUG(5,("rpc_finish_spnego_ntlmssp_bind: alter context request to " - "%s.\n", rpccli_pipe_txt(debug_ctx(), cli))); - - return NT_STATUS_OK; -} -#endif - /**************************************************************************** Do an rpc bind. ****************************************************************************/ -#if 0 -NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli, - struct cli_pipe_auth_data *auth) -{ - RPC_HDR hdr; - RPC_HDR_BA hdr_ba; - prs_struct rpc_out; - prs_struct rbuf; - uint32 rpc_call_id; - NTSTATUS status; - - DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n", - rpccli_pipe_txt(debug_ctx(), cli), - (unsigned int)auth->auth_type, - (unsigned int)auth->auth_level )); - - cli->auth = talloc_move(cli, &auth); - - prs_init_empty(&rpc_out, talloc_tos(), MARSHALL); - - rpc_call_id = get_rpc_call_id(); - - /* Marshall the outgoing data. */ - status = create_rpc_bind_req(cli, &rpc_out, rpc_call_id, - &cli->abstract_syntax, - &cli->transfer_syntax, - cli->auth->auth_type, - cli->auth->auth_level); - - if (!NT_STATUS_IS_OK(status)) { - prs_mem_free(&rpc_out); - return status; - } - - /* send data on \PIPE\. receive a response */ - status = rpc_api_pipe(talloc_tos(), cli, &rpc_out, &rbuf, RPC_BINDACK); - prs_mem_free(&rpc_out); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - DEBUG(3,("rpc_pipe_bind: %s bind request returned ok.\n", - rpccli_pipe_txt(debug_ctx(), cli))); - - /* Unmarshall the RPC header */ - if(!smb_io_rpc_hdr("hdr" , &hdr, &rbuf, 0)) { - DEBUG(0,("rpc_pipe_bind: failed to unmarshall RPC_HDR.\n")); - prs_mem_free(&rbuf); - return NT_STATUS_BUFFER_TOO_SMALL; - } - - if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rbuf, 0)) { - DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n")); - prs_mem_free(&rbuf); - return NT_STATUS_BUFFER_TOO_SMALL; - } - - if(!check_bind_response(&hdr_ba, &cli->transfer_syntax)) { - DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n")); - prs_mem_free(&rbuf); - return NT_STATUS_BUFFER_TOO_SMALL; - } - - cli->max_xmit_frag = hdr_ba.bba.max_tsize; - cli->max_recv_frag = hdr_ba.bba.max_rsize; - - /* For authenticated binds we may need to do 3 or 4 leg binds. */ - switch(cli->auth->auth_type) { - - case PIPE_AUTH_TYPE_NONE: - case PIPE_AUTH_TYPE_SCHANNEL: - /* Bind complete. */ - break; - - case PIPE_AUTH_TYPE_NTLMSSP: - /* Need to send AUTH3 packet - no reply. */ - status = rpc_finish_auth3_bind( - cli, &hdr, &rbuf, rpc_call_id, - cli->auth->auth_type, - cli->auth->auth_level); - if (!NT_STATUS_IS_OK(status)) { - prs_mem_free(&rbuf); - return status; - } - break; - - case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: - /* Need to send alter context request and reply. */ - status = rpc_finish_spnego_ntlmssp_bind( - cli, &hdr, &rbuf, rpc_call_id, - &cli->abstract_syntax, &cli->transfer_syntax, - cli->auth->auth_type, cli->auth->auth_level); - if (!NT_STATUS_IS_OK(status)) { - prs_mem_free(&rbuf); - return status; - } - break; - - case PIPE_AUTH_TYPE_KRB5: - /* */ - - default: - DEBUG(0,("cli_finish_bind_auth: unknown auth type " - "%u\n", (unsigned int)cli->auth->auth_type)); - prs_mem_free(&rbuf); - return NT_STATUS_INVALID_INFO_CLASS; - } - - /* For NTLMSSP ensure the server gave us the auth_level we wanted. */ - if (cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP - || cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { - if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { - DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP signing and server refused.\n")); - prs_mem_free(&rbuf); - return NT_STATUS_INVALID_PARAMETER; - } - } - if (cli->auth->auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { - if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { - DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP sealing and server refused.\n")); - prs_mem_free(&rbuf); - return NT_STATUS_INVALID_PARAMETER; - } - } - } - - prs_mem_free(&rbuf); - return NT_STATUS_OK; -} -#endif - struct rpc_pipe_bind_state { struct event_context *ev; struct rpc_pipe_client *cli; |