summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_client/cli_pipe.c193
1 files changed, 175 insertions, 18 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 995697d885..adfdfe986e 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -323,7 +323,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int
****************************************************************************/
-static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, prs_struct *rdata)
+static BOOL rpc_api_pipe(struct cli_state *cli, prs_struct *data, prs_struct *rdata)
{
uint32 len;
char *rparam = NULL;
@@ -337,14 +337,14 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
char *prdata = NULL;
uint32 rdata_len = 0;
uint32 current_offset = 0;
+ uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : 1024;
/* Create setup parameters - must be in native byte order. */
- setup[0] = cmd;
+ setup[0] = 0x26;
setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
- DEBUG(5,("rpc_api_pipe: cmd:%x fnum:%x\n", (int)cmd,
- (int)cli->nt_pipe_fnum));
+ DEBUG(5,("rpc_api_pipe: fnum:%x\n", (int)cli->nt_pipe_fnum));
/* Send the RPC request and receive a response. For short RPC
calls (about 1024 bytes or so) the RPC request and response
@@ -354,7 +354,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
if (!cli_api_pipe(cli, "\\PIPE\\",
setup, 2, 0, /* Setup, length, max */
NULL, 0, 0, /* Params, length, max */
- pdata, data_len, 1024, /* data, length, max */
+ pdata, data_len, max_data, /* data, length, max */
&rparam, &rparam_len, /* return params, len */
&prdata, &rdata_len)) /* return data, len */
{
@@ -367,8 +367,8 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
SAFE_FREE(rparam);
if (prdata == NULL) {
- DEBUG(0,("rpc_api_pipe: cmd %x on pipe %x failed to return data.\n",
- (int)cmd, (int)cli->nt_pipe_fnum));
+ DEBUG(0,("rpc_api_pipe: pipe %x failed to return data.\n",
+ (int)cli->nt_pipe_fnum));
return False;
}
@@ -730,17 +730,18 @@ static BOOL create_rpc_bind_resp(struct pwd_info *pwd,
Creates a DCE/RPC request.
********************************************************************/
-static BOOL create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len)
+static uint32 create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len, int auth_len, uint8 flags, uint32 oldid, uint32 data_left)
{
uint32 alloc_hint;
RPC_HDR hdr;
RPC_HDR_REQ hdr_req;
+ uint32 callid = oldid ? oldid : get_rpc_call_id();
DEBUG(5,("create_rpc_request: opnum: 0x%x data_len: 0x%x\n", op_num, data_len));
/* create the rpc header RPC_HDR */
- init_rpc_hdr(&hdr, RPC_REQUEST, RPC_FLG_FIRST | RPC_FLG_LAST,
- get_rpc_call_id(), data_len, auth_len);
+ init_rpc_hdr(&hdr, RPC_REQUEST, flags,
+ callid, data_len, auth_len);
/*
* The alloc hint should be the amount of data, not including
@@ -748,9 +749,9 @@ static BOOL create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len,
*/
if (auth_len != 0)
- alloc_hint = data_len - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
+ alloc_hint = data_left - RPC_HEADER_LEN - RPC_HDR_AUTH_LEN - auth_len;
else
- alloc_hint = data_len - RPC_HEADER_LEN;
+ alloc_hint = data_left - RPC_HEADER_LEN;
DEBUG(10,("create_rpc_request: data_len: %x auth_len: %x alloc_hint: %x\n",
data_len, auth_len, alloc_hint));
@@ -760,17 +761,172 @@ static BOOL create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len,
/* stream-time... */
if(!smb_io_rpc_hdr("hdr ", &hdr, rpc_out, 0))
- return False;
+ return 0;
if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, rpc_out, 0))
- return False;
+ return 0;
if (prs_offset(rpc_out) != RPC_HEADER_LEN + RPC_HDR_REQ_LEN)
+ return 0;
+
+ return callid;
+}
+
+static BOOL create_auth_hdr(prs_struct *outgoing_packet, BOOL auth_verify)
+{
+ RPC_HDR_AUTH hdr_auth;
+
+ init_rpc_hdr_auth(&hdr_auth, NTLMSSP_AUTH_TYPE,
+ NTLMSSP_AUTH_LEVEL, 0x08,
+ (auth_verify ? 1 : 0));
+ if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth,
+ outgoing_packet, 0)) {
+ DEBUG(0,("create_auth_hdr:Failed to marshal RPC_HDR_AUTH.\n"));
return False;
+ }
+ return True;
+}
+static BOOL create_auth_data(struct cli_state *cli, uint32 crc32,
+ prs_struct *outgoing_packet)
+{
+ char *pdata_out = prs_data_p(outgoing_packet);
+ RPC_AUTH_NTLMSSP_CHK chk;
+ uint32 current_offset = prs_offset(outgoing_packet);
+
+ init_rpc_auth_ntlmssp_chk(&chk, NTLMSSP_SIGN_VERSION,
+ crc32, cli->ntlmssp_seq_num++);
+ if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk,
+ outgoing_packet, 0)) {
+ DEBUG(0,("create_auth_data: Failed to marshal RPC_AUTH_NTLMSSP_CHK.\n"));
+ return False;
+ }
+ NTLMSSPcalc_ap(cli, (unsigned char*)
+ &pdata_out[current_offset+4],
+ RPC_AUTH_NTLMSSP_CHK_LEN - 4);
return True;
}
+BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
+ prs_struct *data, prs_struct *rdata)
+{
+ uint32 auth_len, max_data, data_left, data_sent;
+ BOOL ret = False;
+ BOOL auth_verify, auth_seal;
+ fstring dump_name;
+
+ auth_verify = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SIGN) != 0);
+ auth_seal = ((cli->ntlmssp_srv_flgs & NTLMSSP_NEGOTIATE_SEAL) != 0);
+
+ auth_len = (auth_verify ? RPC_AUTH_NTLMSSP_CHK_LEN : 0);
+
+ /*
+ * calc how much actual data we can send in a PDU fragment
+ */
+ max_data = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN -
+ (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len;
+
+ for (data_left = prs_offset(data), data_sent = 0; data_left > 0;) {
+ prs_struct outgoing_packet;
+ uint32 data_len, send_size;
+ uint8 flags = 0;
+ uint32 crc32 = 0;
+ uint32 callid;
+
+ /*
+ * how much will we send this time
+ */
+ send_size = MIN(data_left, max_data);
+ data_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + send_size +
+ (auth_verify ? RPC_HDR_AUTH_LEN : 0) + auth_len;
+
+ /*
+ * Malloc parse struct to hold it (and enough for alignments).
+ */
+ if(!prs_init(&outgoing_packet, data_len + 8,
+ cli->mem_ctx, MARSHALL)) {
+ DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len ));
+ return False;
+ }
+
+ if (data_left == prs_offset(data)) {
+ flags |= RPC_FLG_FIRST;
+ callid = 0;
+ }
+ if (data_left < max_data)
+ flags |= RPC_FLG_LAST;
+ /*
+ * Write out the RPC header and the request header.
+ */
+ if(!(callid = create_rpc_request(&outgoing_packet, op_num,
+ data_len, auth_len, flags,
+ callid, data_left))) {
+ DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
+ prs_mem_free(&outgoing_packet);
+ return False;
+ }
+
+ /*
+ * Seal the outgoing data if requested.
+ */
+ if (auth_seal) {
+ crc32 = crc32_calc_buffer(prs_data_p(data) + data_sent,
+ send_size);
+ NTLMSSPcalc_ap(cli, (unsigned char*)prs_data_p(data) +
+ data_sent, send_size);
+ }
+
+ /*
+ * Now copy the data into the outgoing packet.
+ */
+ if(!prs_append_some_prs_data(&outgoing_packet, data,
+ data_sent, send_size)) {
+ DEBUG(0,("rpc_api_pipe_req: Failed to append data to outgoing packet.\n"));
+ prs_mem_free(&outgoing_packet);
+ return False;
+ }
+
+ /*
+ * Add a trailing auth_verifier if needed.
+ */
+ if (auth_seal || auth_verify) {
+ if(!create_auth_hdr(&outgoing_packet, auth_verify)) {
+ prs_mem_free(&outgoing_packet);
+ return False;
+ }
+ }
+
+ /*
+ * Finally the auth data itself.
+ */
+ if (auth_verify) {
+ if (!create_auth_data(cli, crc32, &outgoing_packet)) {
+ prs_mem_free(&outgoing_packet);
+ return False;
+ }
+ }
+
+ DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len,
+ prs_offset(&outgoing_packet)));
+
+ if (flags & RPC_FLG_LAST)
+ ret = rpc_api_pipe(cli, &outgoing_packet, rdata);
+ else {
+ cli_write(cli, cli->nt_pipe_fnum, 0x0008,
+ prs_data_p(&outgoing_packet),
+ data_sent, data_len);
+ }
+ prs_mem_free(&outgoing_packet);
+ data_sent += send_size;
+ data_left -= send_size;
+ }
+ /* Also capture received data */
+ slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
+ cli_pipe_get_name(cli));
+ prs_dump(dump_name, op_num, rdata);
+
+ return ret;
+}
/**
* Send a request on an RPC pipe and get a response.
@@ -779,7 +935,7 @@ static BOOL create_rpc_request(prs_struct *rpc_out, uint8 op_num, int data_len,
* @param rdata Unparsed NDR response data.
**/
-BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
+BOOL rpc_api_pipe_req2(struct cli_state *cli, uint8 op_num,
prs_struct *data, prs_struct *rdata)
{
prs_struct outgoing_packet;
@@ -836,7 +992,8 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
* Write out the RPC header and the request header.
*/
- if(!create_rpc_request(&outgoing_packet, op_num, data_len, auth_len)) {
+ if(!create_rpc_request(&outgoing_packet, op_num, data_len, auth_len,
+ (uint8) RPC_FLG_FIRST | RPC_FLG_LAST, 0, data_len)) {
DEBUG(0,("rpc_api_pipe_req: Failed to create RPC request.\n"));
prs_mem_free(&outgoing_packet);
return False;
@@ -896,7 +1053,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
DEBUG(100,("data_len: %x data_calc_len: %x\n", data_len, prs_offset(&outgoing_packet)));
- ret = rpc_api_pipe(cli, 0x0026, &outgoing_packet, rdata);
+ ret = rpc_api_pipe(cli, &outgoing_packet, rdata);
/* Also capture received data */
slprintf(dump_name, sizeof(dump_name) - 1, "reply_%s",
@@ -1196,7 +1353,7 @@ BOOL rpc_pipe_bind(struct cli_state *cli, const int pipe_idx, char *my_name)
prs_init(&rdata, 0, cli->mem_ctx, UNMARSHALL);
/* send data on \PIPE\. receive a response */
- if (rpc_api_pipe(cli, 0x0026, &rpc_out, &rdata)) {
+ if (rpc_api_pipe(cli, &rpc_out, &rdata)) {
RPC_HDR_BA hdr_ba;
DEBUG(5, ("rpc_pipe_bind: rpc_api_pipe returned OK.\n"));