7 files changed, 138 insertions, 82 deletions

diff --git a/source3/include/async_smb.h b/source3/include/async_smb.h
index 7fc4ff7d27..2ac1101a1e 100644
--- a/source3/include/async_smb.h
+++ b/source3/include/async_smb.h
@@ -63,6 +63,8 @@ struct cli_request {
 	 */
 	uint16_t mid;
 
+	uint32_t seqnum;
+
 	/**
 	 * The bytes we have to ship to the server
 	 */
diff --git a/source3/include/client.h b/source3/include/client.h
index 320a90e66b..73a1d7b554 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -71,26 +71,26 @@ struct rpc_cli_transport {
 	/**
 	 * Trigger an async read from the server. May return a short read.
 	 */
-	struct async_req *(*read_send)(TALLOC_CTX *mem_ctx,
-				       struct event_context *ev,
-                                       uint8_t *data, size_t size,
-				       void *priv);
+	struct tevent_req *(*read_send)(TALLOC_CTX *mem_ctx,
+					struct event_context *ev,
+					uint8_t *data, size_t size,
+					void *priv);
 	/**
 	 * Get the result from the read_send operation.
 	 */
-	NTSTATUS (*read_recv)(struct async_req *req, ssize_t *preceived);
+	NTSTATUS (*read_recv)(struct tevent_req *req, ssize_t *preceived);
 
 	/**
 	 * Trigger an async write to the server. May return a short write.
 	 */
-	struct async_req *(*write_send)(TALLOC_CTX *mem_ctx,
-					struct event_context *ev,
-					const uint8_t *data, size_t size,
-					void *priv);
+	struct tevent_req *(*write_send)(TALLOC_CTX *mem_ctx,
+					 struct event_context *ev,
+					 const uint8_t *data, size_t size,
+					 void *priv);
 	/**
 	 * Get the result from the read_send operation.
 	 */
-	NTSTATUS (*write_recv)(struct async_req *req, ssize_t *psent);
+	NTSTATUS (*write_recv)(struct tevent_req *req, ssize_t *psent);
 
 	/**
 	 * This is an optimization for the SMB transport. It models the
@@ -98,15 +98,15 @@ struct rpc_cli_transport {
 	 * trip. The transport implementation is free to set this to NULL,
 	 * cli_pipe.c will fall back to the explicit write/read routines.
 	 */
-	struct async_req *(*trans_send)(TALLOC_CTX *mem_ctx,
-					struct event_context *ev,
-					uint8_t *data, size_t data_len,
-					uint32_t max_rdata_len,
-					void *priv);
+	struct tevent_req *(*trans_send)(TALLOC_CTX *mem_ctx,
+					 struct event_context *ev,
+					 uint8_t *data, size_t data_len,
+					 uint32_t max_rdata_len,
+					 void *priv);
 	/**
 	 * Get the result from the trans_send operation.
 	 */
-	NTSTATUS (*trans_recv)(struct async_req *req, TALLOC_CTX *mem_ctx,
+	NTSTATUS (*trans_recv)(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 			       uint8_t **prdata, uint32_t *prdata_len);
 	void *priv;
 };
@@ -166,6 +166,13 @@ struct smb_trans_enc_state {
         } s;
 };
 
+struct cli_state_seqnum {
+	struct cli_state_seqnum *prev, *next;
+	uint16_t mid;
+	uint32_t seqnum;
+	bool persistent;
+};
+
 struct cli_state {
 	/**
 	 * A list of subsidiary connections for DFS.
@@ -217,6 +224,7 @@ struct cli_state {
 	size_t max_xmit;
 	size_t max_mux;
 	char *outbuf;
+	struct cli_state_seqnum *seqnum;
 	char *inbuf;
 	unsigned int bufsize;
 	int initialised;
@@ -231,7 +239,7 @@ struct cli_state {
 	TALLOC_CTX *call_mem_ctx;
 #endif
 
-	smb_sign_info sign_info;
+	struct smb_signing_state *signing_state;
 
 	struct smb_trans_enc_state *trans_enc_state; /* Setup if we're encrypting SMB's. */
 
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 4bf4b5c735..c883e17713 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -598,6 +598,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx);
 #include "messages.h"
 #include "locking.h"
 #include "smb_perfcount.h"
+#include "smb_signing.h"
 #include "smb.h"
 #include "nameserv.h"
 #include "secrets.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9bffa4d319..77be0aba09 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -150,6 +150,10 @@ bool is_trusted_domain(const char* dom_name);
 
 NTSTATUS auth_winbind_init(void);
 
+/* The following definitions come from auth/auth_wbc.c  */
+
+NTSTATUS auth_wbc_init(void);
+
 /* The following definitions come from auth/pampass.c  */
 
 bool smb_pam_claim_session(char *user, char *tty, char *rhost);
@@ -2410,6 +2414,10 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 int cli_set_message(char *buf,int num_words,int num_bytes,bool zero);
 unsigned int cli_set_timeout(struct cli_state *cli, unsigned int timeout);
 void cli_set_port(struct cli_state *cli, int port);
+bool cli_state_seqnum_persistent(struct cli_state *cli,
+				 uint16_t mid);
+bool cli_state_seqnum_remove(struct cli_state *cli,
+			     uint16_t mid);
 bool cli_receive_smb(struct cli_state *cli);
 ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len);
 bool cli_receive_smb_readX_header(struct cli_state *cli);
@@ -3181,29 +3189,34 @@ void cli_free_enc_buffer(struct cli_state *cli, char *buf);
 NTSTATUS cli_decrypt_message(struct cli_state *cli);
 NTSTATUS cli_encrypt_message(struct cli_state *cli, char *buf, char **buf_out);
 
-/* The following definitions come from libsmb/smb_signing.c  */
+/* The following definitions come from libsmb/clisigning.c  */
 
 bool cli_simple_set_signing(struct cli_state *cli,
 			    const DATA_BLOB user_session_key,
 			    const DATA_BLOB response);
-bool cli_null_set_signing(struct cli_state *cli);
 bool cli_temp_set_signing(struct cli_state *cli);
-void cli_free_signing_context(struct cli_state *cli);
-void cli_calculate_sign_mac(struct cli_state *cli, char *buf);
-bool cli_check_sign_mac(struct cli_state *cli, char *buf);
-bool client_set_trans_sign_state_on(struct cli_state *cli, uint16 mid);
-bool client_set_trans_sign_state_off(struct cli_state *cli, uint16 mid);
+void cli_calculate_sign_mac(struct cli_state *cli, char *buf, uint32_t *seqnum);
+bool cli_check_sign_mac(struct cli_state *cli, const char *buf, uint32_t seqnum);
 bool client_is_signing_on(struct cli_state *cli);
-bool srv_oplock_set_signing(bool onoff);
-bool srv_check_sign_mac(const char *inbuf, bool must_be_ok);
-void srv_calculate_sign_mac(char *outbuf);
-void srv_defer_sign_response(uint16 mid);
-void srv_cancel_sign_response(uint16 mid, bool cancel);
-void srv_set_signing_negotiated(void);
-bool srv_is_signing_active(void);
-bool srv_is_signing_negotiated(void);
-bool srv_signing_started(void);
-void srv_set_signing(const DATA_BLOB user_session_key, const DATA_BLOB response);
+bool client_is_signing_allowed(struct cli_state *cli);
+bool client_is_signing_mandatory(struct cli_state *cli);
+void cli_set_signing_negotiated(struct cli_state *cli);
+
+/* The following definitions come from smbd/signing.c  */
+
+struct smbd_server_connection;
+bool srv_check_sign_mac(struct smbd_server_connection *conn,
+			const char *inbuf, uint32_t *seqnum);
+void srv_calculate_sign_mac(struct smbd_server_connection *conn,
+			    char *outbuf, uint32_t seqnum);
+void srv_cancel_sign_response(struct smbd_server_connection *conn);
+bool srv_init_signing(struct smbd_server_connection *conn);
+void srv_set_signing_negotiated(struct smbd_server_connection *conn);
+bool srv_is_signing_active(struct smbd_server_connection *conn);
+bool srv_is_signing_negotiated(struct smbd_server_connection *conn);
+void srv_set_signing(struct smbd_server_connection *conn,
+		     const DATA_BLOB user_session_key,
+		     const DATA_BLOB response);
 
 /* The following definitions come from libsmb/smbdes.c  */
 
@@ -3779,6 +3792,8 @@ bool send_mailslot(bool unique, const char *mailslot,char *buf, size_t len,
 
 /* The following definitions come from nmbd/nmbd_processlogon.c  */
 
+bool initialize_nmbd_proxy_logon(void);
+
 void process_logon_packet(struct packet_struct *p, char *buf,int len, 
                           const char *mailslot);
 
@@ -4345,7 +4360,7 @@ const char *lp_printcapname(void);
 bool lp_disable_spoolss( void );
 void lp_set_spoolss_state( uint32 state );
 uint32 lp_get_spoolss_state( void );
-bool lp_use_sendfile(int snum);
+bool lp_use_sendfile(int snum, struct smb_signing_state *signing_state);
 void set_use_sendfile(int snum, bool val);
 void set_store_dos_attributes(int snum, bool val);
 void lp_set_mangling_method(const char *new_method);
@@ -4828,7 +4843,7 @@ WERROR add_printer_data( NT_PRINTER_INFO_LEVEL_2 *p2, const char *key, const cha
 REGISTRY_VALUE* get_printer_data( NT_PRINTER_INFO_LEVEL_2 *p2, const char *key, const char *value );
 WERROR mod_a_printer(NT_PRINTER_INFO_LEVEL *printer, uint32 level);
 bool set_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level);
-bool del_driver_init(char *drivername);
+bool del_driver_init(const char *drivername);
 WERROR save_driver_init(NT_PRINTER_INFO_LEVEL *printer, uint32 level, uint8 *data, uint32 data_len);
 WERROR get_a_printer( Printer_entry *print_hnd,
 			NT_PRINTER_INFO_LEVEL **pp_printer,
@@ -4840,8 +4855,8 @@ WERROR get_a_printer_search( Printer_entry *print_hnd,
 			const char *sharename);
 uint32 free_a_printer(NT_PRINTER_INFO_LEVEL **pp_printer, uint32 level);
 uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level);
-WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
-                            fstring drivername, const char *architecture, uint32 version);
+WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32_t level,
+			    const char *drivername, const char *architecture, uint32_t version);
 uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level);
 bool printer_driver_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3 );
 bool printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info );
@@ -5241,22 +5256,22 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli,
 
 /* The following definitions come from rpc_client/cli_pipe.c  */
 
-struct async_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
-					struct event_context *ev,
-					struct rpc_pipe_client *cli,
-					uint8_t op_num,
-					prs_struct *req_data);
-NTSTATUS rpc_api_pipe_req_recv(struct async_req *req, TALLOC_CTX *mem_ctx,
+struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
+					 struct event_context *ev,
+					 struct rpc_pipe_client *cli,
+					 uint8_t op_num,
+					 prs_struct *req_data);
+NTSTATUS rpc_api_pipe_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 			       prs_struct *reply_pdu);
 NTSTATUS rpc_api_pipe_req(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *cli,
 			uint8 op_num,
 			prs_struct *in_data,
 			prs_struct *out_data);
-struct async_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
-				     struct event_context *ev,
-				     struct rpc_pipe_client *cli,
-				     struct cli_pipe_auth_data *auth);
-NTSTATUS rpc_pipe_bind_recv(struct async_req *req);
+struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
+				      struct event_context *ev,
+				      struct rpc_pipe_client *cli,
+				      struct cli_pipe_auth_data *auth);
+NTSTATUS rpc_pipe_bind_recv(struct tevent_req *req);
 NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
 		       struct cli_pipe_auth_data *auth);
 unsigned int rpccli_set_timeout(struct rpc_pipe_client *cli,
@@ -5678,10 +5693,8 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli,
 bool smb_io_time(const char *desc, NTTIME *nttime, prs_struct *ps, int depth);
 bool smb_io_system_time(const char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime);
 bool make_systemtime(SYSTEMTIME *systime, struct tm *unixtime);
-bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth);
 bool smb_io_uuid(const char *desc, struct GUID *uuid, 
 		 prs_struct *ps, int depth);
-void init_unistr(UNISTR *str, const char *buf);
 void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags);
 
 /* The following definitions come from rpc_parse/parse_prs.c  */
@@ -5803,11 +5816,6 @@ bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
                                 RPC_AUTH_SCHANNEL_CHK * chk,
 				prs_struct *ps, int depth);
 
-/* The following definitions come from rpc_parse/parse_sec.c  */
-
-bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth);
-bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth);
-
 /* The following definitions come from rpc_server/srv_eventlog_lib.c  */
 
 TDB_CONTEXT *elog_init_tdb( char *tdbfilename );
@@ -6720,7 +6728,9 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
 
 void smbd_setup_sig_term_handler(void);
 void smbd_setup_sig_hup_handler(void);
-bool srv_send_smb(int fd, char *buffer, bool do_encrypt,
+bool srv_send_smb(int fd, char *buffer,
+		  bool no_signing, uint32_t seqnum,
+		  bool do_encrypt,
 		  struct smb_perfcount_data *pcd);
 int srv_set_message(char *buf,
                         int num_words,
@@ -7217,6 +7227,16 @@ NTSTATUS idmap_sid_to_gid(const char *domname, DOM_SID *sid, gid_t *gid);
 
 NTSTATUS nss_info_template_init( void );
 
+/* The following definitions come from lib/avahi.c */
+
+struct AvahiPoll *tevent_avahi_poll(TALLOC_CTX *mem_ctx,
+				    struct tevent_context *ev);
+
+/* The following definitions come from smbd/avahi_register.c */
+
+void *avahi_start_register(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+			   uint16_t port);
+
 /* Misc protos */
 
 #endif /*  _PROTO_H_  */
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 580b14f1d8..ca58040757 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -81,16 +81,6 @@ enum RPC_PKT_TYPE {
 #define RPC_PIPE_AUTH_SEAL_LEVEL 0x6
 #endif
 
-#define DCERPC_FAULT_OP_RNG_ERROR	0x1c010002
-#define DCERPC_FAULT_UNK_IF		0x1c010003
-#define DCERPC_FAULT_INVALID_TAG	0x1c000006
-#define DCERPC_FAULT_CONTEXT_MISMATCH	0x1c00001a
-#define DCERPC_FAULT_OTHER		0x00000001
-#define DCERPC_FAULT_ACCESS_DENIED	0x00000005
-#define DCERPC_FAULT_CANT_PERFORM	0x000006d8
-#define DCERPC_FAULT_NDR		0x000006f7
-
-
 /* Netlogon schannel auth type and level */
 #define SCHANNEL_SIGN_SIGNATURE { 0x77, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 }
 #define SCHANNEL_SEAL_SIGNATURE { 0x77, 0x00, 0x7a, 0x00, 0xff, 0xff, 0x00, 0x00 }
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 281a218256..01e6ddf64c 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -252,6 +252,8 @@ struct id_map {
 #include "librpc/gen_ndr/drsuapi.h"
 #include "librpc/gen_ndr/drsblobs.h"
 #include "librpc/gen_ndr/spoolss.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
 
 struct lsa_dom_info {
 	bool valid;
@@ -621,6 +623,7 @@ struct smb_request {
 	uint16 flags2;
 	uint16 smbpid;
 	uint16 mid;
+	uint32_t seqnum;
 	uint16 vuid;
 	uint16 tid;
 	uint8  wct;
@@ -722,6 +725,7 @@ struct pending_message_list {
 	struct timeval request_time; /* When was this first issued? */
 	struct timed_event *te;
 	struct smb_perfcount_data pcd;
+	uint32_t seqnum;
 	bool encrypted;
 	DATA_BLOB buf;
 	DATA_BLOB private_data;
@@ -1847,21 +1851,6 @@ struct ip_service {
 /* Special name type used to cause a _kerberos DNS lookup. */
 #define KDC_NAME_TYPE 0xDCDC
 
-/* Used by the SMB signing functions. */
-
-typedef struct smb_sign_info {
-	void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si);
-	bool (*check_incoming_message)(const char *inbuf, struct smb_sign_info *si, bool must_be_ok);
-	void (*free_signing_context)(struct smb_sign_info *si);
-	void *signing_context;
-
-	bool negotiated_smb_signing;
-	bool allow_smb_signing;
-	bool doing_signing;
-	bool mandatory_signing;
-	bool seen_valid; /* Have I ever seen a validly signed packet? */
-} smb_sign_info;
-
 struct ea_struct {
 	uint8 flags;
 	char *name;
diff --git a/source3/include/smb_signing.h b/source3/include/smb_signing.h
new file mode 100644
index 0000000000..770c40cb35
--- /dev/null
+++ b/source3/include/smb_signing.h
@@ -0,0 +1,46 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB Signing Code
+   Copyright (C) Jeremy Allison 2003.
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2002-2003
+   Copyright (C) Stefan Metzmacher 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SMB_SIGNING_H_
+#define _SMB_SIGNING_H_
+
+struct smb_signing_state;
+
+struct smb_signing_state *smb_signing_init(TALLOC_CTX *mem_ctx,
+					   bool allowed,
+					   bool mandatory);
+uint32_t smb_signing_next_seqnum(struct smb_signing_state *si, bool oneway);
+void smb_signing_cancel_reply(struct smb_signing_state *si, bool oneway);
+void smb_signing_sign_pdu(struct smb_signing_state *si,
+			  uint8_t *outbuf, uint32_t seqnum);
+bool smb_signing_check_pdu(struct smb_signing_state *si,
+			   const uint8_t *inbuf, uint32_t seqnum);
+bool smb_signing_set_bsrspyl(struct smb_signing_state *si);
+bool smb_signing_activate(struct smb_signing_state *si,
+			  const DATA_BLOB user_session_key,
+			  const DATA_BLOB response);
+bool smb_signing_is_active(struct smb_signing_state *si);
+bool smb_signing_is_allowed(struct smb_signing_state *si);
+bool smb_signing_is_mandatory(struct smb_signing_state *si);
+bool smb_signing_set_negotiated(struct smb_signing_state *si);
+bool smb_signing_is_negotiated(struct smb_signing_state *si);
+
+#endif /* _SMB_SIGNING_H_ */