diff options
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 469 | ||||
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 540 | ||||
| -rw-r--r-- | source3/rpc_client/cli_pipe.c | 3451 | ||||
| -rw-r--r-- | source3/rpc_client/cli_reg.c | 79 | ||||
| -rw-r--r-- | source3/rpc_client/cli_samr.c | 324 | ||||
| -rw-r--r-- | source3/rpc_client/cli_spoolss.c | 2052 | ||||
| -rw-r--r-- | source3/rpc_client/cli_spoolss_notify.c | 218 | ||||
| -rw-r--r-- | source3/rpc_client/cli_svcctl.c | 168 | ||||
| -rw-r--r-- | source3/rpc_client/init_lsa.c | 128 | ||||
| -rw-r--r-- | source3/rpc_client/init_netlogon.c | 393 | ||||
| -rw-r--r-- | source3/rpc_client/init_samr.c | 508 | ||||
| -rw-r--r-- | source3/rpc_client/init_srvsvc.c | 402 | ||||
| -rw-r--r-- | source3/rpc_client/ndr.c | 95 |
13 files changed, 8827 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c new file mode 100644 index 0000000000..577df64fbb --- /dev/null +++ b/source3/rpc_client/cli_lsarpc.c @@ -0,0 +1,469 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + Copyright (C) Tim Potter 2000-2001, + Copyright (C) Andrew Tridgell 1992-1997,2000, + Copyright (C) Rafal Szczesniak 2002 + Copyright (C) Jeremy Allison 2005. + Copyright (C) Michael Adam 2007. + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +/** @defgroup lsa LSA - Local Security Architecture + * @ingroup rpc_client + * + * @{ + **/ + +/** + * @file cli_lsarpc.c + * + * RPC client routines for the LSA RPC pipe. LSA means "local + * security authority", which is half of a password database. + **/ + +/** Open a LSA policy handle + * + * @param cli Handle on an initialised SMB connection */ + +NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + bool sec_qos, uint32 des_access, + POLICY_HND *pol) +{ + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; + uint16_t system_name = '\\'; + + if (sec_qos) { + init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + &qos); + } else { + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + NULL); + } + + return rpccli_lsa_OpenPolicy(cli, mem_ctx, + &system_name, + &attr, + des_access, + pol); +} + +/** Open a LSA policy handle + * + * @param cli Handle on an initialised SMB connection + */ + +NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, bool sec_qos, + uint32 des_access, POLICY_HND *pol) +{ + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; + + if (sec_qos) { + init_lsa_sec_qos(&qos, 0xc, 2, 1, 0); + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + &qos); + } else { + init_lsa_obj_attr(&attr, + 0x18, + NULL, + NULL, + 0, + NULL, + NULL); + } + + return rpccli_lsa_OpenPolicy2(cli, mem_ctx, + cli->srv_name_slash, + &attr, + des_access, + pol); +} + +/* Lookup a list of sids + * + * internal version withOUT memory allocation of the target arrays. + * this assumes suffciently sized arrays to store domains, names and types. */ + +static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + int num_sids, + const DOM_SID *sids, + char **domains, + char **names, + enum lsa_SidType *types) +{ + NTSTATUS result = NT_STATUS_OK; + TALLOC_CTX *tmp_ctx = NULL; + int i; + struct lsa_SidArray sid_array; + struct lsa_RefDomainList *ref_domains = NULL; + struct lsa_TransNameArray lsa_names; + uint32_t count = 0; + uint16_t level = 1; + + ZERO_STRUCT(lsa_names); + + tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + DEBUG(0, ("rpccli_lsa_lookup_sids_noalloc: out of memory!\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + sid_array.num_sids = num_sids; + sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids); + if (!sid_array.sids) { + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i<num_sids; i++) { + sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]); + if (!sid_array.sids[i].sid) { + return NT_STATUS_NO_MEMORY; + } + } + + result = rpccli_lsa_LookupSids(cli, mem_ctx, + pol, + &sid_array, + &ref_domains, + &lsa_names, + level, + &count); + + DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n", + nt_errstr(result), count)); + + if (!NT_STATUS_IS_OK(result) && + !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && + !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) + { + /* An actual error occured */ + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || + (count == 0)) + { + for (i = 0; i < num_sids; i++) { + (names)[i] = NULL; + (domains)[i] = NULL; + (types)[i] = SID_NAME_UNKNOWN; + } + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + for (i = 0; i < num_sids; i++) { + const char *name, *dom_name; + uint32_t dom_idx = lsa_names.names[i].sid_index; + + /* Translate optimised name through domain index array */ + + if (dom_idx != 0xffffffff) { + + dom_name = ref_domains->domains[dom_idx].name.string; + name = lsa_names.names[i].name.string; + + if (name) { + (names)[i] = talloc_strdup(mem_ctx, name); + if ((names)[i] == NULL) { + DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + (names)[i] = NULL; + } + (domains)[i] = talloc_strdup(mem_ctx, dom_name); + (types)[i] = lsa_names.names[i].sid_type; + if (((domains)[i] == NULL)) { + DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + } else { + (names)[i] = NULL; + (domains)[i] = NULL; + (types)[i] = SID_NAME_UNKNOWN; + } + } + +done: + TALLOC_FREE(tmp_ctx); + return result; +} + +/* Lookup a list of sids + * + * do it the right way: there is a limit (of 20480 for w2k3) entries + * returned by this call. when the sids list contains more entries, + * empty lists are returned. This version of lsa_lookup_sids passes + * the list of sids in hunks of LOOKUP_SIDS_HUNK_SIZE to the lsa call. */ + +/* This constant defines the limit of how many sids to look up + * in one call (maximum). the limit from the server side is + * at 20480 for win2k3, but we keep it at a save 1000 for now. */ +#define LOOKUP_SIDS_HUNK_SIZE 1000 + +NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, + int num_sids, + const DOM_SID *sids, + char ***pdomains, + char ***pnames, + enum lsa_SidType **ptypes) +{ + NTSTATUS result = NT_STATUS_OK; + int sids_left = 0; + int sids_processed = 0; + const DOM_SID *hunk_sids = sids; + char **hunk_domains; + char **hunk_names; + enum lsa_SidType *hunk_types; + char **domains = NULL; + char **names = NULL; + enum lsa_SidType *types = NULL; + + if (num_sids) { + if (!(domains = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto fail; + } + + if (!(names = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto fail; + } + + if (!(types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_sids))) { + DEBUG(0, ("rpccli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto fail; + } + } + + sids_left = num_sids; + hunk_domains = domains; + hunk_names = names; + hunk_types = types; + + while (sids_left > 0) { + int hunk_num_sids; + NTSTATUS hunk_result = NT_STATUS_OK; + + hunk_num_sids = ((sids_left > LOOKUP_SIDS_HUNK_SIZE) + ? LOOKUP_SIDS_HUNK_SIZE + : sids_left); + + DEBUG(10, ("rpccli_lsa_lookup_sids: processing items " + "%d -- %d of %d.\n", + sids_processed, + sids_processed + hunk_num_sids - 1, + num_sids)); + + hunk_result = rpccli_lsa_lookup_sids_noalloc(cli, + mem_ctx, + pol, + hunk_num_sids, + hunk_sids, + hunk_domains, + hunk_names, + hunk_types); + + if (!NT_STATUS_IS_OK(hunk_result) && + !NT_STATUS_EQUAL(hunk_result, STATUS_SOME_UNMAPPED) && + !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED)) + { + /* An actual error occured */ + result = hunk_result; + goto fail; + } + + /* adapt overall result */ + if (( NT_STATUS_IS_OK(result) && + !NT_STATUS_IS_OK(hunk_result)) + || + ( NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) && + !NT_STATUS_EQUAL(hunk_result, NT_STATUS_NONE_MAPPED))) + { + result = STATUS_SOME_UNMAPPED; + } + + sids_left -= hunk_num_sids; + sids_processed += hunk_num_sids; /* only used in DEBUG */ + hunk_sids += hunk_num_sids; + hunk_domains += hunk_num_sids; + hunk_names += hunk_num_sids; + hunk_types += hunk_num_sids; + } + + *pdomains = domains; + *pnames = names; + *ptypes = types; + return result; + +fail: + TALLOC_FREE(domains); + TALLOC_FREE(names); + TALLOC_FREE(types); + return result; +} + +/** Lookup a list of names */ + +NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, int num_names, + const char **names, + const char ***dom_names, + int level, + DOM_SID **sids, + enum lsa_SidType **types) +{ + NTSTATUS result; + int i; + struct lsa_String *lsa_names = NULL; + struct lsa_RefDomainList *domains = NULL; + struct lsa_TransSidArray sid_array; + uint32_t count = 0; + + ZERO_STRUCT(sid_array); + + lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names); + if (!lsa_names) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<num_names; i++) { + init_lsa_String(&lsa_names[i], names[i]); + } + + result = rpccli_lsa_LookupNames(cli, mem_ctx, + pol, + num_names, + lsa_names, + &domains, + &sid_array, + level, + &count); + + if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != + NT_STATUS_V(STATUS_SOME_UNMAPPED)) { + + /* An actual error occured */ + + goto done; + } + + /* Return output parameters */ + + if (count == 0) { + result = NT_STATUS_NONE_MAPPED; + goto done; + } + + if (num_names) { + if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (!((*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_names)))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + + if (dom_names != NULL) { + *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); + if (*dom_names == NULL) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } + } else { + *sids = NULL; + *types = NULL; + if (dom_names != NULL) { + *dom_names = NULL; + } + } + + for (i = 0; i < num_names; i++) { + uint32_t dom_idx = sid_array.sids[i].sid_index; + uint32_t dom_rid = sid_array.sids[i].rid; + DOM_SID *sid = &(*sids)[i]; + + /* Translate optimised sid through domain index array */ + + if (dom_idx == 0xffffffff) { + /* Nothing to do, this is unknown */ + ZERO_STRUCTP(sid); + (*types)[i] = SID_NAME_UNKNOWN; + continue; + } + + sid_copy(sid, domains->domains[dom_idx].sid); + + if (dom_rid != 0xffffffff) { + sid_append_rid(sid, dom_rid); + } + + (*types)[i] = sid_array.sids[i].sid_type; + + if (dom_names == NULL) { + continue; + } + + (*dom_names)[i] = domains->domains[dom_idx].name.string; + } + + done: + + return result; +} diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c new file mode 100644 index 0000000000..df87ed13d1 --- /dev/null +++ b/source3/rpc_client/cli_netlogon.c @@ -0,0 +1,540 @@ +/* + Unix SMB/CIFS implementation. + NT Domain Authentication SMB / MSRPC client + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Jeremy Allison 1998. + Largely re-written by Jeremy Allison (C) 2005. + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +/**************************************************************************** + Wrapper function that uses the auth and auth2 calls to set up a NETLOGON + credentials chain. Stores the credentials in the struct dcinfo in the + netlogon pipe struct. +****************************************************************************/ + +NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli, + const char *server_name, + const char *domain, + const char *clnt_name, + const char *machine_account, + const unsigned char machine_pwd[16], + enum netr_SchannelType sec_chan_type, + uint32_t *neg_flags_inout) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct netr_Credential clnt_chal_send; + struct netr_Credential srv_chal_recv; + struct dcinfo *dc; + bool retried = false; + + SMB_ASSERT(ndr_syntax_id_equal(&cli->abstract_syntax, + &ndr_table_netlogon.syntax_id)); + + TALLOC_FREE(cli->dc); + cli->dc = talloc_zero(cli, struct dcinfo); + if (cli->dc == NULL) { + return NT_STATUS_NO_MEMORY; + } + dc = cli->dc; + + /* Store the machine account password we're going to use. */ + memcpy(dc->mach_pw, machine_pwd, 16); + + fstrcpy(dc->remote_machine, "\\\\"); + fstrcat(dc->remote_machine, server_name); + + fstrcpy(dc->domain, domain); + + fstr_sprintf( dc->mach_acct, "%s$", machine_account); + + again: + /* Create the client challenge. */ + generate_random_buffer(clnt_chal_send.data, 8); + + /* Get the server challenge. */ + result = rpccli_netr_ServerReqChallenge(cli, talloc_tos(), + dc->remote_machine, + clnt_name, + &clnt_chal_send, + &srv_chal_recv); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + /* Calculate the session key and client credentials */ + creds_client_init(*neg_flags_inout, + dc, + &clnt_chal_send, + &srv_chal_recv, + machine_pwd, + &clnt_chal_send); + + /* + * Send client auth-2 challenge and receive server repy. + */ + + result = rpccli_netr_ServerAuthenticate2(cli, talloc_tos(), + dc->remote_machine, + dc->mach_acct, + sec_chan_type, + clnt_name, + &clnt_chal_send, /* input. */ + &srv_chal_recv, /* output. */ + neg_flags_inout); + + /* we might be talking to NT4, so let's downgrade in that case and retry + * with the returned neg_flags - gd */ + + if (NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) && !retried) { + retried = true; + goto again; + } + + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + /* + * Check the returned value using the initial + * server received challenge. + */ + + if (!netlogon_creds_client_check(dc, &srv_chal_recv)) { + /* + * Server replied with bad credential. Fail. + */ + DEBUG(0,("rpccli_netlogon_setup_creds: server %s " + "replied with bad credential\n", + cli->desthost )); + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(5,("rpccli_netlogon_setup_creds: server %s credential " + "chain established.\n", + cli->desthost )); + + return NT_STATUS_OK; +} + +/* Logon domain user */ + +NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + uint32 logon_parameters, + const char *domain, + const char *username, + const char *password, + const char *workstation, + int logon_type) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct netr_Authenticator clnt_creds; + struct netr_Authenticator ret_creds; + union netr_LogonInfo *logon; + union netr_Validation validation; + uint8_t authoritative; + int validation_level = 3; + fstring clnt_name_slash; + uint8 zeros[16]; + + ZERO_STRUCT(ret_creds); + ZERO_STRUCT(zeros); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonInfo); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + if (workstation) { + fstr_sprintf( clnt_name_slash, "\\\\%s", workstation ); + } else { + fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() ); + } + + /* Initialise input parameters */ + + netlogon_creds_client_step(cli->dc, &clnt_creds); + + switch (logon_type) { + case INTERACTIVE_LOGON_TYPE: { + + struct netr_PasswordInfo *password_info; + + struct samr_Password lmpassword; + struct samr_Password ntpassword; + + unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16]; + + unsigned char lm_owf[16]; + unsigned char nt_owf[16]; + unsigned char key[16]; + + password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo); + if (!password_info) { + return NT_STATUS_NO_MEMORY; + } + + nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm cypher:")); + dump_data(100, lm_owf_user_pwd, 16); + + DEBUG(100,("nt cypher:")); + dump_data(100, nt_owf_user_pwd, 16); +#endif + memset(key, 0, 16); + memcpy(key, cli->dc->sess_key, 8); + + memcpy(lm_owf, lm_owf_user_pwd, 16); + SamOEMhash(lm_owf, key, 16); + memcpy(nt_owf, nt_owf_user_pwd, 16); + SamOEMhash(nt_owf, key, 16); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("encrypt of lm owf password:")); + dump_data(100, lm_owf, 16); + + DEBUG(100,("encrypt of nt owf password:")); + dump_data(100, nt_owf, 16); +#endif + memcpy(lmpassword.hash, lm_owf, 16); + memcpy(ntpassword.hash, nt_owf, 16); + + init_netr_PasswordInfo(password_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + clnt_name_slash, + lmpassword, + ntpassword); + + logon->password = password_info; + + break; + } + case NET_LOGON_TYPE: { + struct netr_NetworkInfo *network_info; + uint8 chal[8]; + unsigned char local_lm_response[24]; + unsigned char local_nt_response[24]; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } + + generate_random_buffer(chal, 8); + + SMBencrypt(password, chal, local_lm_response); + SMBNTencrypt(password, chal, local_nt_response); + + lm.length = 24; + lm.data = local_lm_response; + + nt.length = 24; + nt.data = local_nt_response; + + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + clnt_name_slash, + chal, + nt, + lm); + + logon->network = network_info; + + break; + } + default: + DEBUG(0, ("switch value %d not supported\n", + logon_type)); + return NT_STATUS_INVALID_INFO_CLASS; + } + + result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + cli->dc->remote_machine, + global_myname(), + &clnt_creds, + &ret_creds, + logon_type, + logon, + validation_level, + &validation, + &authoritative); + + if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) { + /* Check returned credentials if present. */ + if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { + DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + } + + return result; +} + + +/** + * Logon domain user with an 'network' SAM logon + * + * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller. + **/ + +NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + uint32 logon_parameters, + const char *server, + const char *username, + const char *domain, + const char *workstation, + const uint8 chal[8], + DATA_BLOB lm_response, + DATA_BLOB nt_response, + struct netr_SamInfo3 **info3) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + int validation_level = 3; + const char *workstation_name_slash; + const char *server_name_slash; + uint8 zeros[16]; + struct netr_Authenticator clnt_creds; + struct netr_Authenticator ret_creds; + union netr_LogonInfo *logon = NULL; + struct netr_NetworkInfo *network_info; + uint8_t authoritative; + union netr_Validation validation; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + + *info3 = NULL; + + ZERO_STRUCT(zeros); + ZERO_STRUCT(ret_creds); + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonInfo); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } + + netlogon_creds_client_step(cli->dc, &clnt_creds); + + if (server[0] != '\\' && server[1] != '\\') { + server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server); + } else { + server_name_slash = server; + } + + if (workstation[0] != '\\' && workstation[1] != '\\') { + workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation); + } else { + workstation_name_slash = workstation; + } + + if (!workstation_name_slash || !server_name_slash) { + DEBUG(0, ("talloc_asprintf failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Initialise input parameters */ + + lm.data = lm_response.data; + lm.length = lm_response.length; + nt.data = nt_response.data; + nt.length = nt_response.length; + + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + workstation_name_slash, + (uint8_t *) chal, + nt, + lm); + + logon->network = network_info; + + /* Marshall data and send request */ + + result = rpccli_netr_LogonSamLogon(cli, mem_ctx, + server_name_slash, + global_myname(), + &clnt_creds, + &ret_creds, + NET_LOGON_TYPE, + logon, + validation_level, + &validation, + &authoritative); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + if (memcmp(zeros, validation.sam3->base.key.key, 16) != 0) { + SamOEMhash(validation.sam3->base.key.key, + cli->dc->sess_key, 16); + } + + if (memcmp(zeros, validation.sam3->base.LMSessKey.key, 8) != 0) { + SamOEMhash(validation.sam3->base.LMSessKey.key, + cli->dc->sess_key, 8); + } + + if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) { + /* Check returned credentials if present. */ + if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) { + DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + } + + *info3 = validation.sam3; + + return result; +} + +NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + uint32 logon_parameters, + const char *server, + const char *username, + const char *domain, + const char *workstation, + const uint8 chal[8], + DATA_BLOB lm_response, + DATA_BLOB nt_response, + struct netr_SamInfo3 **info3) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + int validation_level = 3; + const char *workstation_name_slash; + const char *server_name_slash; + uint8 zeros[16]; + union netr_LogonInfo *logon = NULL; + struct netr_NetworkInfo *network_info; + uint8_t authoritative; + union netr_Validation validation; + struct netr_ChallengeResponse lm; + struct netr_ChallengeResponse nt; + uint32_t flags = 0; + + *info3 = NULL; + + ZERO_STRUCT(zeros); + + ZERO_STRUCT(lm); + ZERO_STRUCT(nt); + + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonInfo); + if (!logon) { + return NT_STATUS_NO_MEMORY; + } + + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo); + if (!network_info) { + return NT_STATUS_NO_MEMORY; + } + + if (server[0] != '\\' && server[1] != '\\') { + server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server); + } else { + server_name_slash = server; + } + + if (workstation[0] != '\\' && workstation[1] != '\\') { + workstation_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", workstation); + } else { + workstation_name_slash = workstation; + } + + if (!workstation_name_slash || !server_name_slash) { + DEBUG(0, ("talloc_asprintf failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Initialise input parameters */ + + lm.data = lm_response.data; + lm.length = lm_response.length; + nt.data = nt_response.data; + nt.length = nt_response.length; + + init_netr_NetworkInfo(network_info, + domain, + logon_parameters, + 0xdead, + 0xbeef, + username, + workstation_name_slash, + (uint8_t *) chal, + nt, + lm); + + logon->network = network_info; + + /* Marshall data and send request */ + + result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx, + server_name_slash, + global_myname(), + NET_LOGON_TYPE, + logon, + validation_level, + &validation, + &authoritative, + &flags); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + if (memcmp(zeros, validation.sam3->base.key.key, 16) != 0) { + SamOEMhash(validation.sam3->base.key.key, + cli->dc->sess_key, 16); + } + + if (memcmp(zeros, validation.sam3->base.LMSessKey.key, 8) != 0) { + SamOEMhash(validation.sam3->base.LMSessKey.key, + cli->dc->sess_key, 8); + } + + *info3 = validation.sam3; + + return result; +} diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c new file mode 100644 index 0000000000..f32a33fdb6 --- /dev/null +++ b/source3/rpc_client/cli_pipe.c @@ -0,0 +1,3451 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Largely rewritten by Jeremy Allison 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "librpc/gen_ndr/cli_epmapper.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_CLI + +/******************************************************************* +interface/version dce/rpc pipe identification +********************************************************************/ + +#define PIPE_SRVSVC "\\PIPE\\srvsvc" +#define PIPE_SAMR "\\PIPE\\samr" +#define PIPE_WINREG "\\PIPE\\winreg" +#define PIPE_WKSSVC "\\PIPE\\wkssvc" +#define PIPE_NETLOGON "\\PIPE\\NETLOGON" +#define PIPE_NTLSA "\\PIPE\\ntlsa" +#define PIPE_NTSVCS "\\PIPE\\ntsvcs" +#define PIPE_LSASS "\\PIPE\\lsass" +#define PIPE_LSARPC "\\PIPE\\lsarpc" +#define PIPE_SPOOLSS "\\PIPE\\spoolss" +#define PIPE_NETDFS "\\PIPE\\netdfs" +#define PIPE_ECHO "\\PIPE\\rpcecho" +#define PIPE_SHUTDOWN "\\PIPE\\initshutdown" +#define PIPE_EPM "\\PIPE\\epmapper" +#define PIPE_SVCCTL "\\PIPE\\svcctl" +#define PIPE_EVENTLOG "\\PIPE\\eventlog" +#define PIPE_EPMAPPER "\\PIPE\\epmapper" +#define PIPE_DRSUAPI "\\PIPE\\drsuapi" + +/* + * IMPORTANT!! If you update this structure, make sure to + * update the index #defines in smb.h. + */ + +static const struct pipe_id_info { + /* the names appear not to matter: the syntaxes _do_ matter */ + + const char *client_pipe; + const RPC_IFACE *abstr_syntax; /* this one is the abstract syntax id */ +} pipe_names [] = +{ + { PIPE_LSARPC, &ndr_table_lsarpc.syntax_id }, + { PIPE_LSARPC, &ndr_table_dssetup.syntax_id }, + { PIPE_SAMR, &ndr_table_samr.syntax_id }, + { PIPE_NETLOGON, &ndr_table_netlogon.syntax_id }, + { PIPE_SRVSVC, &ndr_table_srvsvc.syntax_id }, + { PIPE_WKSSVC, &ndr_table_wkssvc.syntax_id }, + { PIPE_WINREG, &ndr_table_winreg.syntax_id }, + { PIPE_SPOOLSS, &syntax_spoolss }, + { PIPE_NETDFS, &ndr_table_netdfs.syntax_id }, + { PIPE_ECHO, &ndr_table_rpcecho.syntax_id }, + { PIPE_SHUTDOWN, &ndr_table_initshutdown.syntax_id }, + { PIPE_SVCCTL, &ndr_table_svcctl.syntax_id }, + { PIPE_EVENTLOG, &ndr_table_eventlog.syntax_id }, + { PIPE_NTSVCS, &ndr_table_ntsvcs.syntax_id }, + { PIPE_EPMAPPER, &ndr_table_epmapper.syntax_id }, + { PIPE_DRSUAPI, &ndr_table_drsuapi.syntax_id }, + { NULL, NULL } +}; + +/**************************************************************************** + Return the pipe name from the interface. + ****************************************************************************/ + +const char *cli_get_pipe_name_from_iface(TALLOC_CTX *mem_ctx, + struct cli_state *cli, + const struct ndr_syntax_id *interface) +{ + int i; + for (i = 0; pipe_names[i].client_pipe; i++) { + if (ndr_syntax_id_equal(pipe_names[i].abstr_syntax, + interface)) { + return &pipe_names[i].client_pipe[5]; + } + } + + /* + * Here we should ask \\epmapper, but for now our code is only + * interested in the known pipes mentioned in pipe_names[] + */ + + return NULL; +} + +/******************************************************************** + Map internal value to wire value. + ********************************************************************/ + +static int map_pipe_auth_type_to_rpc_auth_type(enum pipe_auth_type auth_type) +{ + switch (auth_type) { + + case PIPE_AUTH_TYPE_NONE: + return RPC_ANONYMOUS_AUTH_TYPE; + + case PIPE_AUTH_TYPE_NTLMSSP: + return RPC_NTLMSSP_AUTH_TYPE; + + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + case PIPE_AUTH_TYPE_SPNEGO_KRB5: + return RPC_SPNEGO_AUTH_TYPE; + + case PIPE_AUTH_TYPE_SCHANNEL: + return RPC_SCHANNEL_AUTH_TYPE; + + case PIPE_AUTH_TYPE_KRB5: + return RPC_KRB5_AUTH_TYPE; + + default: + DEBUG(0,("map_pipe_auth_type_to_rpc_type: unknown pipe " + "auth type %u\n", + (unsigned int)auth_type )); + break; + } + return -1; +} + +/******************************************************************** + Pipe description for a DEBUG + ********************************************************************/ +static char *rpccli_pipe_txt(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *cli) +{ + char *result; + + switch (cli->transport_type) { + case NCACN_NP: + result = talloc_asprintf(mem_ctx, "host %s, pipe %s, " + "fnum 0x%x", + cli->desthost, + cli->trans.np.pipe_name, + (unsigned int)(cli->trans.np.fnum)); + break; + case NCACN_IP_TCP: + case NCACN_UNIX_STREAM: + result = talloc_asprintf(mem_ctx, "host %s, fd %d", + cli->desthost, cli->trans.sock.fd); + break; + default: + result = talloc_asprintf(mem_ctx, "host %s", cli->desthost); + break; + } + SMB_ASSERT(result != NULL); + return result; +} + +/******************************************************************** + Rpc pipe call id. + ********************************************************************/ + +static uint32 get_rpc_call_id(void) +{ + static uint32 call_id = 0; + return ++call_id; +} + +/******************************************************************* + Read from a RPC named pipe + ********************************************************************/ +static NTSTATUS rpc_read_np(struct cli_state *cli, const char *pipe_name, + int fnum, char *buf, off_t offset, size_t size, + ssize_t *pnum_read) +{ + ssize_t num_read; + + num_read = cli_read(cli, fnum, buf, offset, size); + + DEBUG(5,("rpc_read_np: num_read = %d, read offset: %u, to read: %u\n", + (int)num_read, (unsigned int)offset, (unsigned int)size)); + + /* + * A dos error of ERRDOS/ERRmoredata is not an error. + */ + if (cli_is_dos_error(cli)) { + uint32 ecode; + uint8 eclass; + cli_dos_error(cli, &eclass, &ecode); + if (eclass != ERRDOS && ecode != ERRmoredata) { + DEBUG(0,("rpc_read: DOS Error %d/%u (%s) in cli_read " + "on fnum 0x%x\n", eclass, (unsigned int)ecode, + cli_errstr(cli), fnum)); + return dos_to_ntstatus(eclass, ecode); + } + } + + /* + * Likewise for NT_STATUS_BUFFER_TOO_SMALL + */ + if (cli_is_nt_error(cli)) { + if (!NT_STATUS_EQUAL(cli_nt_error(cli), + NT_STATUS_BUFFER_TOO_SMALL)) { + DEBUG(0,("rpc_read: Error (%s) in cli_read on fnum " + "0x%x\n", nt_errstr(cli_nt_error(cli)), fnum)); + return cli_nt_error(cli); + } + } + + if (num_read == -1) { + DEBUG(0,("rpc_read: Error - cli_read on fnum 0x%x returned " + "-1\n", fnum)); + return cli_get_nt_error(cli); + } + + *pnum_read = num_read; + return NT_STATUS_OK; +} + + +/******************************************************************* + Use SMBreadX to get rest of one fragment's worth of rpc data. + Will expand the current_pdu struct to the correct size. + ********************************************************************/ + +static NTSTATUS rpc_read(struct rpc_pipe_client *cli, + prs_struct *current_pdu, + uint32 data_to_read, + uint32 *current_pdu_offset) +{ + size_t size = (size_t)cli->max_recv_frag; + uint32 stream_offset = 0; + ssize_t num_read = 0; + char *pdata; + ssize_t extra_data_size = ((ssize_t)*current_pdu_offset) + ((ssize_t)data_to_read) - (ssize_t)prs_data_size(current_pdu); + + DEBUG(5,("rpc_read: data_to_read: %u current_pdu offset: %u extra_data_size: %d\n", + (unsigned int)data_to_read, (unsigned int)*current_pdu_offset, (int)extra_data_size )); + + /* + * Grow the buffer if needed to accommodate the data to be read. + */ + + if (extra_data_size > 0) { + if(!prs_force_grow(current_pdu, (uint32)extra_data_size)) { + DEBUG(0,("rpc_read: Failed to grow parse struct by %d bytes.\n", (int)extra_data_size )); + return NT_STATUS_NO_MEMORY; + } + DEBUG(5,("rpc_read: grew buffer by %d bytes to %u\n", (int)extra_data_size, prs_data_size(current_pdu) )); + } + + pdata = prs_data_p(current_pdu) + *current_pdu_offset; + + do { + NTSTATUS status; + + /* read data using SMBreadX */ + if (size > (size_t)data_to_read) { + size = (size_t)data_to_read; + } + + switch (cli->transport_type) { + case NCACN_NP: + status = rpc_read_np(cli->trans.np.cli, + cli->trans.np.pipe_name, + cli->trans.np.fnum, pdata, + (off_t)stream_offset, size, + &num_read); + break; + case NCACN_IP_TCP: + case NCACN_UNIX_STREAM: + status = NT_STATUS_OK; + num_read = sys_read(cli->trans.sock.fd, pdata, size); + if (num_read == -1) { + status = map_nt_error_from_unix(errno); + } + if (num_read == 0) { + status = NT_STATUS_END_OF_FILE; + } + break; + default: + DEBUG(0, ("unknown transport type %d\n", + cli->transport_type)); + return NT_STATUS_INTERNAL_ERROR; + } + + data_to_read -= num_read; + stream_offset += num_read; + pdata += num_read; + + } while (num_read > 0 && data_to_read > 0); + /* && err == (0x80000000 | STATUS_BUFFER_OVERFLOW)); */ + + /* + * Update the current offset into current_pdu by the amount read. + */ + *current_pdu_offset += stream_offset; + return NT_STATUS_OK; +} + +/**************************************************************************** + Try and get a PDU's worth of data from current_pdu. If not, then read more + from the wire. + ****************************************************************************/ + +static NTSTATUS cli_pipe_get_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *prhdr, prs_struct *current_pdu) +{ + NTSTATUS ret = NT_STATUS_OK; + uint32 current_pdu_len = prs_data_size(current_pdu); + + /* Ensure we have at least RPC_HEADER_LEN worth of data to parse. */ + if (current_pdu_len < RPC_HEADER_LEN) { + /* rpc_read expands the current_pdu struct as neccessary. */ + ret = rpc_read(cli, current_pdu, RPC_HEADER_LEN - current_pdu_len, ¤t_pdu_len); + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + } + + /* This next call sets the endian bit correctly in current_pdu. */ + /* We will propagate this to rbuf later. */ + if(!smb_io_rpc_hdr("rpc_hdr ", prhdr, current_pdu, 0)) { + DEBUG(0,("cli_pipe_get_current_pdu: Failed to unmarshall RPC_HDR.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* Ensure we have frag_len bytes of data. */ + if (current_pdu_len < prhdr->frag_len) { + /* rpc_read expands the current_pdu struct as neccessary. */ + ret = rpc_read(cli, current_pdu, (uint32)prhdr->frag_len - current_pdu_len, ¤t_pdu_len); + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + } + + if (current_pdu_len < prhdr->frag_len) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + NTLMSSP specific sign/seal. + Virtually identical to rpc_server/srv_pipe.c:api_pipe_ntlmssp_auth_process. + In fact I should probably abstract these into identical pieces of code... JRA. + ****************************************************************************/ + +static NTSTATUS cli_pipe_verify_ntlmssp(struct rpc_pipe_client *cli, RPC_HDR *prhdr, + prs_struct *current_pdu, + uint8 *p_ss_padding_len) +{ + RPC_HDR_AUTH auth_info; + uint32 save_offset = prs_offset(current_pdu); + uint32 auth_len = prhdr->auth_len; + NTLMSSP_STATE *ntlmssp_state = cli->auth->a_u.ntlmssp_state; + unsigned char *data = NULL; + size_t data_len; + unsigned char *full_packet_data = NULL; + size_t full_packet_data_len; + DATA_BLOB auth_blob; + NTSTATUS status; + + if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE + || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + return NT_STATUS_OK; + } + + if (!ntlmssp_state) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* Ensure there's enough data for an authenticated response. */ + if ((auth_len > RPC_MAX_SIGN_SIZE) || + (RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_len)) { + DEBUG(0,("cli_pipe_verify_ntlmssp: auth_len %u is too large.\n", + (unsigned int)auth_len )); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* + * We need the full packet data + length (minus auth stuff) as well as the packet data + length + * after the RPC header. + * We need to pass in the full packet (minus auth len) to the NTLMSSP sign and check seal + * functions as NTLMv2 checks the rpc headers also. + */ + + data = (unsigned char *)(prs_data_p(current_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN); + data_len = (size_t)(prhdr->frag_len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len); + + full_packet_data = (unsigned char *)prs_data_p(current_pdu); + full_packet_data_len = prhdr->frag_len - auth_len; + + /* Pull the auth header and the following data into a blob. */ + if(!prs_set_offset(current_pdu, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len)) { + DEBUG(0,("cli_pipe_verify_ntlmssp: cannot move offset to %u.\n", + (unsigned int)RPC_HEADER_LEN + (unsigned int)RPC_HDR_RESP_LEN + (unsigned int)data_len )); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, current_pdu, 0)) { + DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unmarshall RPC_HDR_AUTH.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + auth_blob.data = (unsigned char *)prs_data_p(current_pdu) + prs_offset(current_pdu); + auth_blob.length = auth_len; + + switch (cli->auth->auth_level) { + case PIPE_AUTH_LEVEL_PRIVACY: + /* Data is encrypted. */ + status = ntlmssp_unseal_packet(ntlmssp_state, + data, data_len, + full_packet_data, + full_packet_data_len, + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("cli_pipe_verify_ntlmssp: failed to unseal " + "packet from %s. Error was %s.\n", + rpccli_pipe_txt(debug_ctx(), cli), + nt_errstr(status) )); + return status; + } + break; + case PIPE_AUTH_LEVEL_INTEGRITY: + /* Data is signed. */ + status = ntlmssp_check_packet(ntlmssp_state, + data, data_len, + full_packet_data, + full_packet_data_len, + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("cli_pipe_verify_ntlmssp: check signing failed on " + "packet from %s. Error was %s.\n", + rpccli_pipe_txt(debug_ctx(), cli), + nt_errstr(status) )); + return status; + } + break; + default: + DEBUG(0, ("cli_pipe_verify_ntlmssp: unknown internal " + "auth level %d\n", cli->auth->auth_level)); + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* + * Return the current pointer to the data offset. + */ + + if(!prs_set_offset(current_pdu, save_offset)) { + DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n", + (unsigned int)save_offset )); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* + * Remember the padding length. We must remove it from the real data + * stream once the sign/seal is done. + */ + + *p_ss_padding_len = auth_info.auth_pad_len; + + return NT_STATUS_OK; +} + +/**************************************************************************** + schannel specific sign/seal. + ****************************************************************************/ + +static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *prhdr, + prs_struct *current_pdu, + uint8 *p_ss_padding_len) +{ + RPC_HDR_AUTH auth_info; + RPC_AUTH_SCHANNEL_CHK schannel_chk; + uint32 auth_len = prhdr->auth_len; + uint32 save_offset = prs_offset(current_pdu); + struct schannel_auth_struct *schannel_auth = + cli->auth->a_u.schannel_auth; + uint32 data_len; + + if (cli->auth->auth_level == PIPE_AUTH_LEVEL_NONE + || cli->auth->auth_level == PIPE_AUTH_LEVEL_CONNECT) { + return NT_STATUS_OK; + } + + if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { + DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len )); + return NT_STATUS_INVALID_PARAMETER; + } + + if (!schannel_auth) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* Ensure there's enough data for an authenticated response. */ + if ((auth_len > RPC_MAX_SIGN_SIZE) || + (RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_AUTH_LEN + auth_len > prhdr->frag_len)) { + DEBUG(0,("cli_pipe_verify_schannel: auth_len %u is too large.\n", + (unsigned int)auth_len )); + return NT_STATUS_INVALID_PARAMETER; + } + + data_len = prhdr->frag_len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - RPC_HDR_AUTH_LEN - auth_len; + + if(!prs_set_offset(current_pdu, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len)) { + DEBUG(0,("cli_pipe_verify_schannel: cannot move offset to %u.\n", + (unsigned int)RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len )); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, current_pdu, 0)) { + DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshall RPC_HDR_AUTH.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if (auth_info.auth_type != RPC_SCHANNEL_AUTH_TYPE) { + DEBUG(0,("cli_pipe_verify_schannel: Invalid auth info %d on schannel\n", + auth_info.auth_type)); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if(!smb_io_rpc_auth_schannel_chk("", RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, + &schannel_chk, current_pdu, 0)) { + DEBUG(0,("cli_pipe_verify_schannel: failed to unmarshal RPC_AUTH_SCHANNEL_CHK.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if (!schannel_decode(schannel_auth, + cli->auth->auth_level, + SENDER_IS_ACCEPTOR, + &schannel_chk, + prs_data_p(current_pdu)+RPC_HEADER_LEN+RPC_HDR_RESP_LEN, + data_len)) { + DEBUG(3,("cli_pipe_verify_schannel: failed to decode PDU " + "Connection to %s.\n", + rpccli_pipe_txt(debug_ctx(), cli))); + return NT_STATUS_INVALID_PARAMETER; + } + + /* The sequence number gets incremented on both send and receive. */ + schannel_auth->seq_num++; + + /* + * Return the current pointer to the data offset. + */ + + if(!prs_set_offset(current_pdu, save_offset)) { + DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n", + (unsigned int)save_offset )); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* + * Remember the padding length. We must remove it from the real data + * stream once the sign/seal is done. + */ + + *p_ss_padding_len = auth_info.auth_pad_len; + + return NT_STATUS_OK; +} + +/**************************************************************************** + Do the authentication checks on an incoming pdu. Check sign and unseal etc. + ****************************************************************************/ + +static NTSTATUS cli_pipe_validate_rpc_response(struct rpc_pipe_client *cli, RPC_HDR *prhdr, + prs_struct *current_pdu, + uint8 *p_ss_padding_len) +{ + NTSTATUS ret = NT_STATUS_OK; + + /* Paranioa checks for auth_len. */ + if (prhdr->auth_len) { + if (prhdr->auth_len > prhdr->frag_len) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (prhdr->auth_len + (unsigned int)RPC_HDR_AUTH_LEN < prhdr->auth_len || + prhdr->auth_len + (unsigned int)RPC_HDR_AUTH_LEN < (unsigned int)RPC_HDR_AUTH_LEN) { + /* Integer wrap attempt. */ + return NT_STATUS_INVALID_PARAMETER; + } + } + + /* + * Now we have a complete RPC request PDU fragment, try and verify any auth data. + */ + + switch(cli->auth->auth_type) { + case PIPE_AUTH_TYPE_NONE: + if (prhdr->auth_len) { + DEBUG(3, ("cli_pipe_validate_rpc_response: " + "Connection to %s - got non-zero " + "auth len %u.\n", + rpccli_pipe_txt(debug_ctx(), cli), + (unsigned int)prhdr->auth_len )); + return NT_STATUS_INVALID_PARAMETER; + } + break; + + case PIPE_AUTH_TYPE_NTLMSSP: + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + ret = cli_pipe_verify_ntlmssp(cli, prhdr, current_pdu, p_ss_padding_len); + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + break; + + case PIPE_AUTH_TYPE_SCHANNEL: + ret = cli_pipe_verify_schannel(cli, prhdr, current_pdu, p_ss_padding_len); + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + break; + + case PIPE_AUTH_TYPE_KRB5: + case PIPE_AUTH_TYPE_SPNEGO_KRB5: + default: + DEBUG(3, ("cli_pipe_validate_rpc_response: Connection " + "to %s - unknown internal auth type %u.\n", + rpccli_pipe_txt(debug_ctx(), cli), + cli->auth->auth_type )); + return NT_STATUS_INVALID_INFO_CLASS; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + Do basic authentication checks on an incoming pdu. + ****************************************************************************/ + +static NTSTATUS cli_pipe_validate_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *prhdr, + prs_struct *current_pdu, + uint8 expected_pkt_type, + char **ppdata, + uint32 *pdata_len, + prs_struct *return_data) +{ + + NTSTATUS ret = NT_STATUS_OK; + uint32 current_pdu_len = prs_data_size(current_pdu); + + if (current_pdu_len != prhdr->frag_len) { + DEBUG(5,("cli_pipe_validate_current_pdu: incorrect pdu length %u, expected %u\n", + (unsigned int)current_pdu_len, (unsigned int)prhdr->frag_len )); + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Point the return values at the real data including the RPC + * header. Just in case the caller wants it. + */ + *ppdata = prs_data_p(current_pdu); + *pdata_len = current_pdu_len; + + /* Ensure we have the correct type. */ + switch (prhdr->pkt_type) { + case RPC_ALTCONTRESP: + case RPC_BINDACK: + + /* Alter context and bind ack share the same packet definitions. */ + break; + + + case RPC_RESPONSE: + { + RPC_HDR_RESP rhdr_resp; + uint8 ss_padding_len = 0; + + if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, current_pdu, 0)) { + DEBUG(5,("cli_pipe_validate_current_pdu: failed to unmarshal RPC_HDR_RESP.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* Here's where we deal with incoming sign/seal. */ + ret = cli_pipe_validate_rpc_response(cli, prhdr, + current_pdu, &ss_padding_len); + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + + /* Point the return values at the NDR data. Remember to remove any ss padding. */ + *ppdata = prs_data_p(current_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; + + if (current_pdu_len < RPC_HEADER_LEN + RPC_HDR_RESP_LEN + ss_padding_len) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + *pdata_len = current_pdu_len - RPC_HEADER_LEN - RPC_HDR_RESP_LEN - ss_padding_len; + + /* Remember to remove the auth footer. */ + if (prhdr->auth_len) { + /* We've already done integer wrap tests on auth_len in + cli_pipe_validate_rpc_response(). */ + if (*pdata_len < RPC_HDR_AUTH_LEN + prhdr->auth_len) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + *pdata_len -= (RPC_HDR_AUTH_LEN + prhdr->auth_len); + } + + DEBUG(10,("cli_pipe_validate_current_pdu: got pdu len %u, data_len %u, ss_len %u\n", + current_pdu_len, *pdata_len, ss_padding_len )); + + /* + * If this is the first reply, and the allocation hint is reasonably, try and + * set up the return_data parse_struct to the correct size. + */ + + if ((prs_data_size(return_data) == 0) && rhdr_resp.alloc_hint && (rhdr_resp.alloc_hint < 15*1024*1024)) { + if (!prs_set_buffer_size(return_data, rhdr_resp.alloc_hint)) { + DEBUG(0,("cli_pipe_validate_current_pdu: reply alloc hint %u " + "too large to allocate\n", + (unsigned int)rhdr_resp.alloc_hint )); + return NT_STATUS_NO_MEMORY; + } + } + + break; + } + + case RPC_BINDNACK: + DEBUG(1, ("cli_pipe_validate_current_pdu: Bind NACK " + "received from %s!\n", + rpccli_pipe_txt(debug_ctx(), cli))); + /* Use this for now... */ + return NT_STATUS_NETWORK_ACCESS_DENIED; + + case RPC_FAULT: + { + RPC_HDR_RESP rhdr_resp; + RPC_HDR_FAULT fault_resp; + + if(!smb_io_rpc_hdr_resp("rpc_hdr_resp", &rhdr_resp, current_pdu, 0)) { + DEBUG(5,("cli_pipe_validate_current_pdu: failed to unmarshal RPC_HDR_RESP.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if(!smb_io_rpc_hdr_fault("fault", &fault_resp, current_pdu, 0)) { + DEBUG(5,("cli_pipe_validate_current_pdu: failed to unmarshal RPC_HDR_FAULT.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + DEBUG(1, ("cli_pipe_validate_current_pdu: RPC fault " + "code %s received from %s!\n", + dcerpc_errstr(NT_STATUS_V(fault_resp.status)), + rpccli_pipe_txt(debug_ctx(), cli))); + if (NT_STATUS_IS_OK(fault_resp.status)) { + return NT_STATUS_UNSUCCESSFUL; + } else { + return fault_resp.status; + } + } + + default: + DEBUG(0, ("cli_pipe_validate_current_pdu: unknown packet type %u received " + "from %s!\n", + (unsigned int)prhdr->pkt_type, + rpccli_pipe_txt(debug_ctx(), cli))); + return NT_STATUS_INVALID_INFO_CLASS; + } + + if (prhdr->pkt_type != expected_pkt_type) { + DEBUG(3, ("cli_pipe_validate_current_pdu: Connection to %s " + "got an unexpected RPC packet type - %u, not %u\n", + rpccli_pipe_txt(debug_ctx(), cli), + prhdr->pkt_type, + expected_pkt_type)); + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* Do this just before return - we don't want to modify any rpc header + data before now as we may have needed to do cryptographic actions on + it before. */ + + if ((prhdr->pkt_type == RPC_BINDACK) && !(prhdr->flags & RPC_FLG_LAST)) { + DEBUG(5,("cli_pipe_validate_current_pdu: bug in server (AS/U?), " + "setting fragment first/last ON.\n")); + prhdr->flags |= RPC_FLG_FIRST|RPC_FLG_LAST; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + Ensure we eat the just processed pdu from the current_pdu prs_struct. + Normally the frag_len and buffer size will match, but on the first trans + reply there is a theoretical chance that buffer size > frag_len, so we must + deal with that. + ****************************************************************************/ + +static NTSTATUS cli_pipe_reset_current_pdu(struct rpc_pipe_client *cli, RPC_HDR *prhdr, prs_struct *current_pdu) +{ + uint32 current_pdu_len = prs_data_size(current_pdu); + + if (current_pdu_len < prhdr->frag_len) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + /* Common case. */ + if (current_pdu_len == (uint32)prhdr->frag_len) { + prs_mem_free(current_pdu); + prs_init_empty(current_pdu, prs_get_mem_context(current_pdu), UNMARSHALL); + /* Make current_pdu dynamic with no memory. */ + prs_give_memory(current_pdu, 0, 0, True); + return NT_STATUS_OK; + } + + /* + * Oh no ! More data in buffer than we processed in current pdu. + * Cheat. Move the data down and shrink the buffer. + */ + + memcpy(prs_data_p(current_pdu), prs_data_p(current_pdu) + prhdr->frag_len, + current_pdu_len - prhdr->frag_len); + + /* Remember to set the read offset back to zero. */ + prs_set_offset(current_pdu, 0); + + /* Shrink the buffer. */ + if (!prs_set_buffer_size(current_pdu, current_pdu_len - prhdr->frag_len)) { + return NT_STATUS_BUFFER_TOO_SMALL; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + Send data on an rpc pipe via trans. The prs_struct data must be the last + pdu fragment of an NDR data stream. + + Receive response data from an rpc pipe, which may be large... + + Read the first fragment: unfortunately have to use SMBtrans for the first + bit, then SMBreadX for subsequent bits. + + If first fragment received also wasn't the last fragment, continue + getting fragments until we _do_ receive the last fragment. + + Request/Response PDU's look like the following... + + |<------------------PDU len----------------------------------------------->| + |<-HDR_LEN-->|<--REQ LEN------>|.............|<-AUTH_HDRLEN->|<-AUTH_LEN-->| + + +------------+-----------------+-------------+---------------+-------------+ + | RPC HEADER | REQ/RESP HEADER | DATA ...... | AUTH_HDR | AUTH DATA | + +------------+-----------------+-------------+---------------+-------------+ + + Where the presence of the AUTH_HDR and AUTH DATA are dependent on the + signing & sealing being negotiated. + + ****************************************************************************/ + +static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli, + prs_struct *data, /* Outgoing pdu fragment, already formatted for send. */ + prs_struct *rbuf, /* Incoming reply - return as an NDR stream. */ + uint8 expected_pkt_type) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + char *rparam = NULL; + uint32 rparam_len = 0; + char *pdata = prs_data_p(data); + uint32 data_len = prs_offset(data); + char *prdata = NULL; + uint32 rdata_len = 0; + uint32 max_data = cli->max_xmit_frag ? cli->max_xmit_frag : RPC_MAX_PDU_FRAG_LEN; + uint32 current_rbuf_offset = 0; + prs_struct current_pdu; + +#ifdef DEVELOPER + /* Ensure we're not sending too much. */ + SMB_ASSERT(data_len <= max_data); +#endif + + /* Set up the current pdu parse struct. */ + prs_init_empty(¤t_pdu, prs_get_mem_context(rbuf), UNMARSHALL); + + DEBUG(5,("rpc_api_pipe: %s\n", rpccli_pipe_txt(debug_ctx(), cli))); + + switch (cli->transport_type) { + case NCACN_NP: { + uint16 setup[2]; + /* Create setup parameters - must be in native byte order. */ + setup[0] = TRANSACT_DCERPCCMD; + setup[1] = cli->trans.np.fnum; /* Pipe file handle. */ + + /* + * Send the last (or only) fragment of an RPC request. For + * small amounts of data (about 1024 bytes or so) the RPC + * request and response appears in a SMBtrans request and + * response. + */ + + if (!cli_api_pipe(cli->trans.np.cli, "\\PIPE\\", + setup, 2, 0, /* Setup, length, max */ + NULL, 0, 0, /* Params, length, max */ + pdata, data_len, max_data, /* data, length, + * max */ + &rparam, &rparam_len, /* return params, + * len */ + &prdata, &rdata_len)) /* return data, len */ + { + DEBUG(0, ("rpc_api_pipe: %s returned critical error. " + "Error was %s\n", + rpccli_pipe_txt(debug_ctx(), cli), + cli_errstr(cli->trans.np.cli))); + ret = cli_get_nt_error(cli->trans.np.cli); + SAFE_FREE(rparam); + SAFE_FREE(prdata); + goto err; + } + break; + } + case NCACN_IP_TCP: + case NCACN_UNIX_STREAM: + { + ssize_t nwritten, nread; + nwritten = write_data(cli->trans.sock.fd, pdata, data_len); + if (nwritten == -1) { + ret = map_nt_error_from_unix(errno); + DEBUG(0, ("rpc_api_pipe: write_data returned %s\n", + strerror(errno))); + goto err; + } + rparam = NULL; + prdata = SMB_MALLOC_ARRAY(char, 1); + if (prdata == NULL) { + return NT_STATUS_NO_MEMORY; + } + nread = sys_read(cli->trans.sock.fd, prdata, 1); + if (nread == 0) { + SAFE_FREE(prdata); + } + if (nread == -1) { + ret = NT_STATUS_END_OF_FILE; + goto err; + } + rdata_len = nread; + break; + } + default: + DEBUG(0, ("unknown transport type %d\n", + cli->transport_type)); + return NT_STATUS_INTERNAL_ERROR; + } + + /* Throw away returned params - we know we won't use them. */ + + SAFE_FREE(rparam); + + if (prdata == NULL) { + DEBUG(3,("rpc_api_pipe: %s failed to return data.\n", + rpccli_pipe_txt(debug_ctx(), cli))); + /* Yes - some calls can truely return no data... */ + prs_mem_free(¤t_pdu); + return NT_STATUS_OK; + } + + /* + * Give this memory as dynamic to the current pdu. + */ + + prs_give_memory(¤t_pdu, prdata, rdata_len, True); + + /* Ensure we can mess with the return prs_struct. */ + SMB_ASSERT(UNMARSHALLING(rbuf)); + SMB_ASSERT(prs_data_size(rbuf) == 0); + + /* Make rbuf dynamic with no memory. */ + prs_give_memory(rbuf, 0, 0, True); + + while(1) { + RPC_HDR rhdr; + char *ret_data = NULL; + uint32 ret_data_len = 0; + + /* Ensure we have enough data for a pdu. */ + ret = cli_pipe_get_current_pdu(cli, &rhdr, ¤t_pdu); + if (!NT_STATUS_IS_OK(ret)) { + goto err; + } + + /* We pass in rbuf here so if the alloc hint is set correctly + we can set the output size and avoid reallocs. */ + + ret = cli_pipe_validate_current_pdu(cli, &rhdr, ¤t_pdu, expected_pkt_type, + &ret_data, &ret_data_len, rbuf); + + DEBUG(10,("rpc_api_pipe: got PDU len of %u at offset %u\n", + prs_data_size(¤t_pdu), current_rbuf_offset )); + + if (!NT_STATUS_IS_OK(ret)) { + goto err; + } + + if ((rhdr.flags & RPC_FLG_FIRST)) { + if (rhdr.pack_type[0] == 0) { + /* Set the data type correctly for big-endian data on the first packet. */ + DEBUG(10,("rpc_api_pipe: On %s " + "PDU data format is big-endian.\n", + rpccli_pipe_txt(debug_ctx(), cli))); + + prs_set_endian_data(rbuf, RPC_BIG_ENDIAN); + } else { + /* Check endianness on subsequent packets. */ + if (current_pdu.bigendian_data != rbuf->bigendian_data) { + DEBUG(0,("rpc_api_pipe: Error : Endianness changed from %s to %s\n", + rbuf->bigendian_data ? "big" : "little", + current_pdu.bigendian_data ? "big" : "little" )); + ret = NT_STATUS_INVALID_PARAMETER; + goto err; + } + } + } + + /* Now copy the data portion out of the pdu into rbuf. */ + if (!prs_force_grow(rbuf, ret_data_len)) { + ret = NT_STATUS_NO_MEMORY; + goto err; + } + memcpy(prs_data_p(rbuf)+current_rbuf_offset, ret_data, (size_t)ret_data_len); + current_rbuf_offset += ret_data_len; + + /* See if we've finished with all the data in current_pdu yet ? */ + ret = cli_pipe_reset_current_pdu(cli, &rhdr, ¤t_pdu); + if (!NT_STATUS_IS_OK(ret)) { + goto err; + } + + if (rhdr.flags & RPC_FLG_LAST) { + break; /* We're done. */ + } + } + + DEBUG(10,("rpc_api_pipe: %s returned %u bytes.\n", + rpccli_pipe_txt(debug_ctx(), cli), + (unsigned int)prs_data_size(rbuf) )); + + prs_mem_free(¤t_pdu); + return NT_STATUS_OK; + + err: + + prs_mem_free(¤t_pdu); + prs_mem_free(rbuf); + return ret; +} + +/******************************************************************* + Creates krb5 auth bind. + ********************************************************************/ + +static NTSTATUS create_krb5_auth_bind_req( struct rpc_pipe_client *cli, + enum pipe_auth_level auth_level, + RPC_HDR_AUTH *pauth_out, + prs_struct *auth_data) +{ +#ifdef HAVE_KRB5 + int ret; + struct kerberos_auth_struct *a = cli->auth->a_u.kerberos_auth; + DATA_BLOB tkt = data_blob_null; + DATA_BLOB tkt_wrapped = data_blob_null; + + /* We may change the pad length before marshalling. */ + init_rpc_hdr_auth(pauth_out, RPC_KRB5_AUTH_TYPE, (int)auth_level, 0, 1); + + DEBUG(5, ("create_krb5_auth_bind_req: creating a service ticket for principal %s\n", + a->service_principal )); + + /* Create the ticket for the service principal and return it in a gss-api wrapped blob. */ + + ret = cli_krb5_get_ticket(a->service_principal, 0, &tkt, + &a->session_key, (uint32)AP_OPTS_MUTUAL_REQUIRED, NULL, NULL); + + if (ret) { + DEBUG(1,("create_krb5_auth_bind_req: cli_krb5_get_ticket for principal %s " + "failed with %s\n", + a->service_principal, + error_message(ret) )); + + data_blob_free(&tkt); + prs_mem_free(auth_data); + return NT_STATUS_INVALID_PARAMETER; + } + + /* wrap that up in a nice GSS-API wrapping */ + tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ); + + data_blob_free(&tkt); + + /* Auth len in the rpc header doesn't include auth_header. */ + if (!prs_copy_data_in(auth_data, (char *)tkt_wrapped.data, tkt_wrapped.length)) { + data_blob_free(&tkt_wrapped); + prs_mem_free(auth_data); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("create_krb5_auth_bind_req: Created krb5 GSS blob :\n")); + dump_data(5, tkt_wrapped.data, tkt_wrapped.length); + + data_blob_free(&tkt_wrapped); + return NT_STATUS_OK; +#else + return NT_STATUS_INVALID_PARAMETER; +#endif +} + +/******************************************************************* + Creates SPNEGO NTLMSSP auth bind. + ********************************************************************/ + +static NTSTATUS create_spnego_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, + enum pipe_auth_level auth_level, + RPC_HDR_AUTH *pauth_out, + prs_struct *auth_data) +{ + NTSTATUS nt_status; + DATA_BLOB null_blob = data_blob_null; + DATA_BLOB request = data_blob_null; + DATA_BLOB spnego_msg = data_blob_null; + + /* We may change the pad length before marshalling. */ + init_rpc_hdr_auth(pauth_out, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + + DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); + nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + null_blob, + &request); + + if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + data_blob_free(&request); + prs_mem_free(auth_data); + return nt_status; + } + + /* Wrap this in SPNEGO. */ + spnego_msg = gen_negTokenInit(OID_NTLMSSP, request); + + data_blob_free(&request); + + /* Auth len in the rpc header doesn't include auth_header. */ + if (!prs_copy_data_in(auth_data, (char *)spnego_msg.data, spnego_msg.length)) { + data_blob_free(&spnego_msg); + prs_mem_free(auth_data); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("create_spnego_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n")); + dump_data(5, spnego_msg.data, spnego_msg.length); + + data_blob_free(&spnego_msg); + return NT_STATUS_OK; +} + +/******************************************************************* + Creates NTLMSSP auth bind. + ********************************************************************/ + +static NTSTATUS create_ntlmssp_auth_rpc_bind_req( struct rpc_pipe_client *cli, + enum pipe_auth_level auth_level, + RPC_HDR_AUTH *pauth_out, + prs_struct *auth_data) +{ + NTSTATUS nt_status; + DATA_BLOB null_blob = data_blob_null; + DATA_BLOB request = data_blob_null; + + /* We may change the pad length before marshalling. */ + init_rpc_hdr_auth(pauth_out, RPC_NTLMSSP_AUTH_TYPE, (int)auth_level, 0, 1); + + DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: Processing NTLMSSP Negotiate\n")); + nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + null_blob, + &request); + + if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + data_blob_free(&request); + prs_mem_free(auth_data); + return nt_status; + } + + /* Auth len in the rpc header doesn't include auth_header. */ + if (!prs_copy_data_in(auth_data, (char *)request.data, request.length)) { + data_blob_free(&request); + prs_mem_free(auth_data); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(5, ("create_ntlmssp_auth_rpc_bind_req: NTLMSSP Negotiate:\n")); + dump_data(5, request.data, request.length); + + data_blob_free(&request); + return NT_STATUS_OK; +} + +/******************************************************************* + Creates schannel auth bind. + ********************************************************************/ + +static NTSTATUS create_schannel_auth_rpc_bind_req( struct rpc_pipe_client *cli, + enum pipe_auth_level auth_level, + RPC_HDR_AUTH *pauth_out, + prs_struct *auth_data) +{ + RPC_AUTH_SCHANNEL_NEG schannel_neg; + + /* We may change the pad length before marshalling. */ + init_rpc_hdr_auth(pauth_out, RPC_SCHANNEL_AUTH_TYPE, (int)auth_level, 0, 1); + + /* Use lp_workgroup() if domain not specified */ + + if (!cli->auth->domain || !cli->auth->domain[0]) { + cli->auth->domain = talloc_strdup(cli, lp_workgroup()); + if (cli->auth->domain == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + init_rpc_auth_schannel_neg(&schannel_neg, cli->auth->domain, + global_myname()); + + /* + * Now marshall the data into the auth parse_struct. + */ + + if(!smb_io_rpc_auth_schannel_neg("schannel_neg", + &schannel_neg, auth_data, 0)) { + DEBUG(0,("Failed to marshall RPC_AUTH_SCHANNEL_NEG.\n")); + prs_mem_free(auth_data); + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +/******************************************************************* + Creates the internals of a DCE/RPC bind request or alter context PDU. + ********************************************************************/ + +static NTSTATUS create_bind_or_alt_ctx_internal(enum RPC_PKT_TYPE pkt_type, + prs_struct *rpc_out, + uint32 rpc_call_id, + const RPC_IFACE *abstract, + const RPC_IFACE *transfer, + RPC_HDR_AUTH *phdr_auth, + prs_struct *pauth_info) +{ + RPC_HDR hdr; + RPC_HDR_RB hdr_rb; + RPC_CONTEXT rpc_ctx; + uint16 auth_len = prs_offset(pauth_info); + uint8 ss_padding_len = 0; + uint16 frag_len = 0; + + /* create the RPC context. */ + init_rpc_context(&rpc_ctx, 0 /* context id */, abstract, transfer); + + /* create the bind request RPC_HDR_RB */ + init_rpc_hdr_rb(&hdr_rb, RPC_MAX_PDU_FRAG_LEN, RPC_MAX_PDU_FRAG_LEN, 0x0, &rpc_ctx); + + /* Start building the frag length. */ + frag_len = RPC_HEADER_LEN + RPC_HDR_RB_LEN(&hdr_rb); + + /* Do we need to pad ? */ + if (auth_len) { + uint16 data_len = RPC_HEADER_LEN + RPC_HDR_RB_LEN(&hdr_rb); + if (data_len % 8) { + ss_padding_len = 8 - (data_len % 8); + phdr_auth->auth_pad_len = ss_padding_len; + } + frag_len += RPC_HDR_AUTH_LEN + auth_len + ss_padding_len; + } + + /* Create the request RPC_HDR */ + init_rpc_hdr(&hdr, pkt_type, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id, frag_len, auth_len); + + /* Marshall the RPC header */ + if(!smb_io_rpc_hdr("hdr" , &hdr, rpc_out, 0)) { + DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR.\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Marshall the bind request data */ + if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_out, 0)) { + DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR_RB.\n")); + return NT_STATUS_NO_MEMORY; + } + + /* + * Grow the outgoing buffer to store any auth info. + */ + + if(auth_len != 0) { + if (ss_padding_len) { + char pad[8]; + memset(pad, '\0', 8); + if (!prs_copy_data_in(rpc_out, pad, ss_padding_len)) { + DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall padding.\n")); + return NT_STATUS_NO_MEMORY; + } + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", phdr_auth, rpc_out, 0)) { + DEBUG(0,("create_bind_or_alt_ctx_internal: failed to marshall RPC_HDR_AUTH.\n")); + return NT_STATUS_NO_MEMORY; + } + + + if(!prs_append_prs_data( rpc_out, pauth_info)) { + DEBUG(0,("create_bind_or_alt_ctx_internal: failed to grow parse struct to add auth.\n")); + return NT_STATUS_NO_MEMORY; + } + } + + return NT_STATUS_OK; +} + +/******************************************************************* + Creates a DCE/RPC bind request. + ********************************************************************/ + +static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli, + prs_struct *rpc_out, + uint32 rpc_call_id, + const RPC_IFACE *abstract, + const RPC_IFACE *transfer, + enum pipe_auth_type auth_type, + enum pipe_auth_level auth_level) +{ + RPC_HDR_AUTH hdr_auth; + prs_struct auth_info; + NTSTATUS ret = NT_STATUS_OK; + + ZERO_STRUCT(hdr_auth); + if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL)) + return NT_STATUS_NO_MEMORY; + + switch (auth_type) { + case PIPE_AUTH_TYPE_SCHANNEL: + ret = create_schannel_auth_rpc_bind_req(cli, auth_level, &hdr_auth, &auth_info); + if (!NT_STATUS_IS_OK(ret)) { + prs_mem_free(&auth_info); + return ret; + } + break; + + case PIPE_AUTH_TYPE_NTLMSSP: + ret = create_ntlmssp_auth_rpc_bind_req(cli, auth_level, &hdr_auth, &auth_info); + if (!NT_STATUS_IS_OK(ret)) { + prs_mem_free(&auth_info); + return ret; + } + break; + + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + ret = create_spnego_ntlmssp_auth_rpc_bind_req(cli, auth_level, &hdr_auth, &auth_info); + if (!NT_STATUS_IS_OK(ret)) { + prs_mem_free(&auth_info); + return ret; + } + break; + + case PIPE_AUTH_TYPE_KRB5: + ret = create_krb5_auth_bind_req(cli, auth_level, &hdr_auth, &auth_info); + if (!NT_STATUS_IS_OK(ret)) { + prs_mem_free(&auth_info); + return ret; + } + break; + + case PIPE_AUTH_TYPE_NONE: + break; + + default: + /* "Can't" happen. */ + return NT_STATUS_INVALID_INFO_CLASS; + } + + ret = create_bind_or_alt_ctx_internal(RPC_BIND, + rpc_out, + rpc_call_id, + abstract, + transfer, + &hdr_auth, + &auth_info); + + prs_mem_free(&auth_info); + return ret; +} + +/******************************************************************* + Create and add the NTLMSSP sign/seal auth header and data. + ********************************************************************/ + +static NTSTATUS add_ntlmssp_auth_footer(struct rpc_pipe_client *cli, + RPC_HDR *phdr, + uint32 ss_padding_len, + prs_struct *outgoing_pdu) +{ + RPC_HDR_AUTH auth_info; + NTSTATUS status; + DATA_BLOB auth_blob = data_blob_null; + uint16 data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; + + if (!cli->auth->a_u.ntlmssp_state) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* Init and marshall the auth header. */ + init_rpc_hdr_auth(&auth_info, + map_pipe_auth_type_to_rpc_auth_type( + cli->auth->auth_type), + cli->auth->auth_level, + ss_padding_len, + 1 /* context id. */); + + if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) { + DEBUG(0,("add_ntlmssp_auth_footer: failed to marshall RPC_HDR_AUTH.\n")); + data_blob_free(&auth_blob); + return NT_STATUS_NO_MEMORY; + } + + switch (cli->auth->auth_level) { + case PIPE_AUTH_LEVEL_PRIVACY: + /* Data portion is encrypted. */ + status = ntlmssp_seal_packet(cli->auth->a_u.ntlmssp_state, + (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, + data_and_pad_len, + (unsigned char *)prs_data_p(outgoing_pdu), + (size_t)prs_offset(outgoing_pdu), + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { + data_blob_free(&auth_blob); + return status; + } + break; + + case PIPE_AUTH_LEVEL_INTEGRITY: + /* Data is signed. */ + status = ntlmssp_sign_packet(cli->auth->a_u.ntlmssp_state, + (unsigned char *)prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN, + data_and_pad_len, + (unsigned char *)prs_data_p(outgoing_pdu), + (size_t)prs_offset(outgoing_pdu), + &auth_blob); + if (!NT_STATUS_IS_OK(status)) { + data_blob_free(&auth_blob); + return status; + } + break; + + default: + /* Can't happen. */ + smb_panic("bad auth level"); + /* Notreached. */ + return NT_STATUS_INVALID_PARAMETER; + } + + /* Finally marshall the blob. */ + + if (!prs_copy_data_in(outgoing_pdu, (const char *)auth_blob.data, NTLMSSP_SIG_SIZE)) { + DEBUG(0,("add_ntlmssp_auth_footer: failed to add %u bytes auth blob.\n", + (unsigned int)NTLMSSP_SIG_SIZE)); + data_blob_free(&auth_blob); + return NT_STATUS_NO_MEMORY; + } + + data_blob_free(&auth_blob); + return NT_STATUS_OK; +} + +/******************************************************************* + Create and add the schannel sign/seal auth header and data. + ********************************************************************/ + +static NTSTATUS add_schannel_auth_footer(struct rpc_pipe_client *cli, + RPC_HDR *phdr, + uint32 ss_padding_len, + prs_struct *outgoing_pdu) +{ + RPC_HDR_AUTH auth_info; + RPC_AUTH_SCHANNEL_CHK verf; + struct schannel_auth_struct *sas = cli->auth->a_u.schannel_auth; + char *data_p = prs_data_p(outgoing_pdu) + RPC_HEADER_LEN + RPC_HDR_RESP_LEN; + size_t data_and_pad_len = prs_offset(outgoing_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; + + if (!sas) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* Init and marshall the auth header. */ + init_rpc_hdr_auth(&auth_info, + map_pipe_auth_type_to_rpc_auth_type(cli->auth->auth_type), + cli->auth->auth_level, + ss_padding_len, + 1 /* context id. */); + + if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, outgoing_pdu, 0)) { + DEBUG(0,("add_schannel_auth_footer: failed to marshall RPC_HDR_AUTH.\n")); + return NT_STATUS_NO_MEMORY; + } + + switch (cli->auth->auth_level) { + case PIPE_AUTH_LEVEL_PRIVACY: + case PIPE_AUTH_LEVEL_INTEGRITY: + DEBUG(10,("add_schannel_auth_footer: SCHANNEL seq_num=%d\n", + sas->seq_num)); + + schannel_encode(sas, + cli->auth->auth_level, + SENDER_IS_INITIATOR, + &verf, + data_p, + data_and_pad_len); + + sas->seq_num++; + break; + + default: + /* Can't happen. */ + smb_panic("bad auth level"); + /* Notreached. */ + return NT_STATUS_INVALID_PARAMETER; + } + + /* Finally marshall the blob. */ + smb_io_rpc_auth_schannel_chk("", + RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN, + &verf, + outgoing_pdu, + 0); + + return NT_STATUS_OK; +} + +/******************************************************************* + Calculate how much data we're going to send in this packet, also + work out any sign/seal padding length. + ********************************************************************/ + +static uint32 calculate_data_len_tosend(struct rpc_pipe_client *cli, + uint32 data_left, + uint16 *p_frag_len, + uint16 *p_auth_len, + uint32 *p_ss_padding) +{ + uint32 data_space, data_len; + + switch (cli->auth->auth_level) { + case PIPE_AUTH_LEVEL_NONE: + case PIPE_AUTH_LEVEL_CONNECT: + data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN; + data_len = MIN(data_space, data_left); + *p_ss_padding = 0; + *p_auth_len = 0; + *p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + data_len; + return data_len; + + case PIPE_AUTH_LEVEL_INTEGRITY: + case PIPE_AUTH_LEVEL_PRIVACY: + /* Treat the same for all authenticated rpc requests. */ + switch(cli->auth->auth_type) { + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + case PIPE_AUTH_TYPE_NTLMSSP: + *p_auth_len = NTLMSSP_SIG_SIZE; + break; + case PIPE_AUTH_TYPE_SCHANNEL: + *p_auth_len = RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN; + break; + default: + smb_panic("bad auth type"); + break; + } + + data_space = cli->max_xmit_frag - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - + RPC_HDR_AUTH_LEN - *p_auth_len; + + data_len = MIN(data_space, data_left); + if (data_len % 8) { + *p_ss_padding = 8 - (data_len % 8); + } + *p_frag_len = RPC_HEADER_LEN + RPC_HDR_REQ_LEN + /* Normal headers. */ + data_len + *p_ss_padding + /* data plus padding. */ + RPC_HDR_AUTH_LEN + *p_auth_len; /* Auth header and auth data. */ + return data_len; + + default: + smb_panic("bad auth level"); + /* Notreached. */ + return 0; + } +} + +/******************************************************************* + External interface. + Does an rpc request on a pipe. Incoming data is NDR encoded in in_data. + Reply is NDR encoded in out_data. Splits the data stream into RPC PDU's + and deals with signing/sealing details. + ********************************************************************/ + +NTSTATUS rpc_api_pipe_req(struct rpc_pipe_client *cli, + uint8 op_num, + prs_struct *in_data, + prs_struct *out_data) +{ + NTSTATUS ret; + uint32 data_left = prs_offset(in_data); + uint32 alloc_hint = prs_offset(in_data); + uint32 data_sent_thistime = 0; + uint32 current_data_offset = 0; + uint32 call_id = get_rpc_call_id(); + char pad[8]; + prs_struct outgoing_pdu; + + memset(pad, '\0', 8); + + if (cli->max_xmit_frag < RPC_HEADER_LEN + RPC_HDR_REQ_LEN + RPC_MAX_SIGN_SIZE) { + /* Server is screwed up ! */ + return NT_STATUS_INVALID_PARAMETER; + } + + if (!prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL)) + return NT_STATUS_NO_MEMORY; + + while (1) { + RPC_HDR hdr; + RPC_HDR_REQ hdr_req; + uint16 auth_len = 0; + uint16 frag_len = 0; + uint8 flags = 0; + uint32 ss_padding = 0; + ssize_t num_written; + + data_sent_thistime = calculate_data_len_tosend(cli, data_left, + &frag_len, &auth_len, &ss_padding); + + if (current_data_offset == 0) { + flags = RPC_FLG_FIRST; + } + + if (data_sent_thistime == data_left) { + flags |= RPC_FLG_LAST; + } + + /* Create and marshall the header and request header. */ + init_rpc_hdr(&hdr, RPC_REQUEST, flags, call_id, frag_len, auth_len); + + if(!smb_io_rpc_hdr("hdr ", &hdr, &outgoing_pdu, 0)) { + prs_mem_free(&outgoing_pdu); + return NT_STATUS_NO_MEMORY; + } + + /* Create the rpc request RPC_HDR_REQ */ + init_rpc_hdr_req(&hdr_req, alloc_hint, op_num); + + if(!smb_io_rpc_hdr_req("hdr_req", &hdr_req, &outgoing_pdu, 0)) { + prs_mem_free(&outgoing_pdu); + return NT_STATUS_NO_MEMORY; + } + + /* Copy in the data, plus any ss padding. */ + if (!prs_append_some_prs_data(&outgoing_pdu, in_data, current_data_offset, data_sent_thistime)) { + prs_mem_free(&outgoing_pdu); + return NT_STATUS_NO_MEMORY; + } + + /* Copy the sign/seal padding data. */ + if (ss_padding) { + if (!prs_copy_data_in(&outgoing_pdu, pad, ss_padding)) { + prs_mem_free(&outgoing_pdu); + return NT_STATUS_NO_MEMORY; + } + } + + /* Generate any auth sign/seal and add the auth footer. */ + if (auth_len) { + switch (cli->auth->auth_type) { + case PIPE_AUTH_TYPE_NONE: + break; + case PIPE_AUTH_TYPE_NTLMSSP: + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + ret = add_ntlmssp_auth_footer(cli, &hdr, ss_padding, &outgoing_pdu); + if (!NT_STATUS_IS_OK(ret)) { + prs_mem_free(&outgoing_pdu); + return ret; + } + break; + case PIPE_AUTH_TYPE_SCHANNEL: + ret = add_schannel_auth_footer(cli, &hdr, ss_padding, &outgoing_pdu); + if (!NT_STATUS_IS_OK(ret)) { + prs_mem_free(&outgoing_pdu); + return ret; + } + break; + default: + smb_panic("bad auth type"); + break; /* notreached */ + } + } + + /* Actually send the packet. */ + if (flags & RPC_FLG_LAST) { + /* Last packet - send the data, get the reply and return. */ + ret = rpc_api_pipe(cli, &outgoing_pdu, out_data, RPC_RESPONSE); + prs_mem_free(&outgoing_pdu); + + if ((DEBUGLEVEL >= 50) + && (cli->transport_type == NCACN_NP)) { + char *dump_name = NULL; + /* Also capture received data */ + if (asprintf(&dump_name, "%s/reply_%s_%d", + get_dyn_LOGFILEBASE(), + cli->trans.np.pipe_name, op_num) > 0) { + prs_dump(dump_name, op_num, out_data); + SAFE_FREE(dump_name); + } + } + + return ret; + } + + switch (cli->transport_type) { + case NCACN_NP: + num_written = cli_write(cli->trans.np.cli, + cli->trans.np.fnum, + 8, /* 8 means message mode. */ + prs_data_p(&outgoing_pdu), + (off_t)0, + (size_t)hdr.frag_len); + + if (num_written != hdr.frag_len) { + prs_mem_free(&outgoing_pdu); + return cli_get_nt_error(cli->trans.np.cli); + } + break; + case NCACN_IP_TCP: + case NCACN_UNIX_STREAM: + num_written = write_data( + cli->trans.sock.fd, + prs_data_p(&outgoing_pdu), + (size_t)hdr.frag_len); + if (num_written != hdr.frag_len) { + NTSTATUS status; + status = map_nt_error_from_unix(errno); + prs_mem_free(&outgoing_pdu); + return status; + } + break; + default: + DEBUG(0, ("unknown transport type %d\n", + cli->transport_type)); + return NT_STATUS_INTERNAL_ERROR; + } + + current_data_offset += data_sent_thistime; + data_left -= data_sent_thistime; + + /* Reset the marshalling position back to zero. */ + if (!prs_set_offset(&outgoing_pdu, 0)) { + prs_mem_free(&outgoing_pdu); + return NT_STATUS_NO_MEMORY; + } + } +} +#if 0 +/**************************************************************************** + Set the handle state. +****************************************************************************/ + +static bool rpc_pipe_set_hnd_state(struct rpc_pipe_client *cli, + const char *pipe_name, uint16 device_state) +{ + bool state_set = False; + char param[2]; + uint16 setup[2]; /* only need 2 uint16 setup parameters */ + char *rparam = NULL; + char *rdata = NULL; + uint32 rparam_len, rdata_len; + + if (pipe_name == NULL) + return False; + + DEBUG(5,("Set Handle state Pipe[%x]: %s - device state:%x\n", + cli->fnum, pipe_name, device_state)); + + /* create parameters: device state */ + SSVAL(param, 0, device_state); + + /* create setup parameters. */ + setup[0] = 0x0001; + setup[1] = cli->fnum; /* pipe file handle. got this from an SMBOpenX. */ + + /* send the data on \PIPE\ */ + if (cli_api_pipe(cli->cli, "\\PIPE\\", + setup, 2, 0, /* setup, length, max */ + param, 2, 0, /* param, length, max */ + NULL, 0, 1024, /* data, length, max */ + &rparam, &rparam_len, /* return param, length */ + &rdata, &rdata_len)) /* return data, length */ + { + DEBUG(5, ("Set Handle state: return OK\n")); + state_set = True; + } + + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return state_set; +} +#endif + +/**************************************************************************** + Check the rpc bind acknowledge response. +****************************************************************************/ + +static bool check_bind_response(RPC_HDR_BA *hdr_ba, const RPC_IFACE *transfer) +{ + if ( hdr_ba->addr.len == 0) { + DEBUG(4,("Ignoring length check -- ASU bug (server didn't fill in the pipe name correctly)")); + } + + /* check the transfer syntax */ + if ((hdr_ba->transfer.if_version != transfer->if_version) || + (memcmp(&hdr_ba->transfer.uuid, &transfer->uuid, sizeof(transfer->uuid)) !=0)) { + DEBUG(2,("bind_rpc_pipe: transfer syntax differs\n")); + return False; + } + + if (hdr_ba->res.num_results != 0x1 || hdr_ba->res.result != 0) { + DEBUG(2,("bind_rpc_pipe: bind denied results: %d reason: %x\n", + hdr_ba->res.num_results, hdr_ba->res.reason)); + } + + DEBUG(5,("check_bind_response: accepted!\n")); + return True; +} + +/******************************************************************* + Creates a DCE/RPC bind authentication response. + This is the packet that is sent back to the server once we + have received a BIND-ACK, to finish the third leg of + the authentication handshake. + ********************************************************************/ + +static NTSTATUS create_rpc_bind_auth3(struct rpc_pipe_client *cli, + uint32 rpc_call_id, + enum pipe_auth_type auth_type, + enum pipe_auth_level auth_level, + DATA_BLOB *pauth_blob, + prs_struct *rpc_out) +{ + RPC_HDR hdr; + RPC_HDR_AUTH hdr_auth; + uint32 pad = 0; + + /* Create the request RPC_HDR */ + init_rpc_hdr(&hdr, RPC_AUTH3, RPC_FLG_FIRST|RPC_FLG_LAST, rpc_call_id, + RPC_HEADER_LEN + 4 /* pad */ + RPC_HDR_AUTH_LEN + pauth_blob->length, + pauth_blob->length ); + + /* Marshall it. */ + if(!smb_io_rpc_hdr("hdr", &hdr, rpc_out, 0)) { + DEBUG(0,("create_rpc_bind_auth3: failed to marshall RPC_HDR.\n")); + return NT_STATUS_NO_MEMORY; + } + + /* + I'm puzzled about this - seems to violate the DCE RPC auth rules, + about padding - shouldn't this pad to length 8 ? JRA. + */ + + /* 4 bytes padding. */ + if (!prs_uint32("pad", rpc_out, 0, &pad)) { + DEBUG(0,("create_rpc_bind_auth3: failed to marshall 4 byte pad.\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Create the request RPC_HDR_AUTHA */ + init_rpc_hdr_auth(&hdr_auth, + map_pipe_auth_type_to_rpc_auth_type(auth_type), + auth_level, 0, 1); + + if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rpc_out, 0)) { + DEBUG(0,("create_rpc_bind_auth3: failed to marshall RPC_HDR_AUTHA.\n")); + return NT_STATUS_NO_MEMORY; + } + + /* + * Append the auth data to the outgoing buffer. + */ + + if(!prs_copy_data_in(rpc_out, (char *)pauth_blob->data, pauth_blob->length)) { + DEBUG(0,("create_rpc_bind_auth3: failed to marshall auth blob.\n")); + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + Create and send the third packet in an RPC auth. +****************************************************************************/ + +static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli, + RPC_HDR *phdr, + prs_struct *rbuf, + uint32 rpc_call_id, + enum pipe_auth_type auth_type, + enum pipe_auth_level auth_level) +{ + DATA_BLOB server_response = data_blob_null; + DATA_BLOB client_reply = data_blob_null; + RPC_HDR_AUTH hdr_auth; + NTSTATUS nt_status; + prs_struct rpc_out; + ssize_t ret; + + if (!phdr->auth_len || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* Process the returned NTLMSSP blob first. */ + if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) { + return NT_STATUS_INVALID_PARAMETER; + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* TODO - check auth_type/auth_level match. */ + + server_response = data_blob(NULL, phdr->auth_len); + prs_copy_data_out((char *)server_response.data, rbuf, phdr->auth_len); + + nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + server_response, + &client_reply); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n")); + data_blob_free(&server_response); + return nt_status; + } + + prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL); + + nt_status = create_rpc_bind_auth3(cli, rpc_call_id, + auth_type, auth_level, + &client_reply, &rpc_out); + + if (!NT_STATUS_IS_OK(nt_status)) { + prs_mem_free(&rpc_out); + data_blob_free(&client_reply); + data_blob_free(&server_response); + return nt_status; + } + + switch (cli->transport_type) { + case NCACN_NP: + /* 8 here is named pipe message mode. */ + ret = cli_write(cli->trans.np.cli, cli->trans.np.fnum, + 0x8, prs_data_p(&rpc_out), 0, + (size_t)prs_offset(&rpc_out)); + break; + + if (ret != (ssize_t)prs_offset(&rpc_out)) { + nt_status = cli_get_nt_error(cli->trans.np.cli); + } + case NCACN_IP_TCP: + case NCACN_UNIX_STREAM: + ret = write_data(cli->trans.sock.fd, prs_data_p(&rpc_out), + (size_t)prs_offset(&rpc_out)); + if (ret != (ssize_t)prs_offset(&rpc_out)) { + nt_status = map_nt_error_from_unix(errno); + } + break; + default: + DEBUG(0, ("unknown transport type %d\n", cli->transport_type)); + return NT_STATUS_INTERNAL_ERROR; + } + + if (ret != (ssize_t)prs_offset(&rpc_out)) { + DEBUG(0,("rpc_send_auth_auth3: write failed. Return was %s\n", + nt_errstr(nt_status))); + prs_mem_free(&rpc_out); + data_blob_free(&client_reply); + data_blob_free(&server_response); + return nt_status; + } + + DEBUG(5,("rpc_send_auth_auth3: %s sent auth3 response ok.\n", + rpccli_pipe_txt(debug_ctx(), cli))); + + prs_mem_free(&rpc_out); + data_blob_free(&client_reply); + data_blob_free(&server_response); + return NT_STATUS_OK; +} + +/******************************************************************* + Creates a DCE/RPC bind alter context authentication request which + may contain a spnego auth blobl + ********************************************************************/ + +static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, + const RPC_IFACE *abstract, + const RPC_IFACE *transfer, + enum pipe_auth_level auth_level, + const DATA_BLOB *pauth_blob, /* spnego auth blob already created. */ + prs_struct *rpc_out) +{ + RPC_HDR_AUTH hdr_auth; + prs_struct auth_info; + NTSTATUS ret = NT_STATUS_OK; + + ZERO_STRUCT(hdr_auth); + if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL)) + return NT_STATUS_NO_MEMORY; + + /* We may change the pad length before marshalling. */ + init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); + + if (pauth_blob->length) { + if (!prs_copy_data_in(&auth_info, (const char *)pauth_blob->data, pauth_blob->length)) { + prs_mem_free(&auth_info); + return NT_STATUS_NO_MEMORY; + } + } + + ret = create_bind_or_alt_ctx_internal(RPC_ALTCONT, + rpc_out, + rpc_call_id, + abstract, + transfer, + &hdr_auth, + &auth_info); + prs_mem_free(&auth_info); + return ret; +} + +/******************************************************************* + Third leg of the SPNEGO bind mechanism - sends alter context PDU + and gets a response. + ********************************************************************/ + +static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli, + RPC_HDR *phdr, + prs_struct *rbuf, + uint32 rpc_call_id, + const RPC_IFACE *abstract, + const RPC_IFACE *transfer, + enum pipe_auth_type auth_type, + enum pipe_auth_level auth_level) +{ + DATA_BLOB server_spnego_response = data_blob_null; + DATA_BLOB server_ntlm_response = data_blob_null; + DATA_BLOB client_reply = data_blob_null; + DATA_BLOB tmp_blob = data_blob_null; + RPC_HDR_AUTH hdr_auth; + NTSTATUS nt_status; + prs_struct rpc_out; + + if (!phdr->auth_len || (phdr->frag_len < phdr->auth_len + RPC_HDR_AUTH_LEN)) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* Process the returned NTLMSSP blob first. */ + if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) { + return NT_STATUS_INVALID_PARAMETER; + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) { + return NT_STATUS_INVALID_PARAMETER; + } + + server_spnego_response = data_blob(NULL, phdr->auth_len); + prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len); + + /* The server might give us back two challenges - tmp_blob is for the second. */ + if (!spnego_parse_challenge(server_spnego_response, &server_ntlm_response, &tmp_blob)) { + data_blob_free(&server_spnego_response); + data_blob_free(&server_ntlm_response); + data_blob_free(&tmp_blob); + return NT_STATUS_INVALID_PARAMETER; + } + + /* We're finished with the server spnego response and the tmp_blob. */ + data_blob_free(&server_spnego_response); + data_blob_free(&tmp_blob); + + nt_status = ntlmssp_update(cli->auth->a_u.ntlmssp_state, + server_ntlm_response, + &client_reply); + + /* Finished with the server_ntlm response */ + data_blob_free(&server_ntlm_response); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("rpc_finish_spnego_ntlmssp_bind: NTLMSSP update using server blob failed.\n")); + data_blob_free(&client_reply); + return nt_status; + } + + /* SPNEGO wrap the client reply. */ + tmp_blob = spnego_gen_auth(client_reply); + data_blob_free(&client_reply); + client_reply = tmp_blob; + tmp_blob = data_blob_null; /* Ensure it's safe to free this just in case. */ + + /* Now prepare the alter context pdu. */ + prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL); + + nt_status = create_rpc_alter_context(rpc_call_id, + abstract, + transfer, + auth_level, + &client_reply, + &rpc_out); + + data_blob_free(&client_reply); + + if (!NT_STATUS_IS_OK(nt_status)) { + prs_mem_free(&rpc_out); + return nt_status; + } + + /* Initialize the returning data struct. */ + prs_mem_free(rbuf); + prs_init_empty(rbuf, talloc_tos(), UNMARSHALL); + + nt_status = rpc_api_pipe(cli, &rpc_out, rbuf, RPC_ALTCONTRESP); + if (!NT_STATUS_IS_OK(nt_status)) { + prs_mem_free(&rpc_out); + return nt_status; + } + + prs_mem_free(&rpc_out); + + /* Get the auth blob from the reply. */ + if(!smb_io_rpc_hdr("rpc_hdr ", phdr, rbuf, 0)) { + DEBUG(0,("rpc_finish_spnego_ntlmssp_bind: Failed to unmarshall RPC_HDR.\n")); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if (!prs_set_offset(rbuf, phdr->frag_len - phdr->auth_len - RPC_HDR_AUTH_LEN)) { + return NT_STATUS_INVALID_PARAMETER; + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", &hdr_auth, rbuf, 0)) { + return NT_STATUS_INVALID_PARAMETER; + } + + server_spnego_response = data_blob(NULL, phdr->auth_len); + prs_copy_data_out((char *)server_spnego_response.data, rbuf, phdr->auth_len); + + /* Check we got a valid auth response. */ + if (!spnego_parse_auth_response(server_spnego_response, NT_STATUS_OK, OID_NTLMSSP, &tmp_blob)) { + data_blob_free(&server_spnego_response); + data_blob_free(&tmp_blob); + return NT_STATUS_INVALID_PARAMETER; + } + + data_blob_free(&server_spnego_response); + data_blob_free(&tmp_blob); + + DEBUG(5,("rpc_finish_spnego_ntlmssp_bind: alter context request to " + "%s.\n", rpccli_pipe_txt(debug_ctx(), cli))); + + return NT_STATUS_OK; +} + +/**************************************************************************** + Do an rpc bind. +****************************************************************************/ + +NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli, + struct cli_pipe_auth_data *auth) +{ + RPC_HDR hdr; + RPC_HDR_BA hdr_ba; + prs_struct rpc_out; + prs_struct rbuf; + uint32 rpc_call_id; + NTSTATUS status; + + DEBUG(5,("Bind RPC Pipe: %s auth_type %u, auth_level %u\n", + rpccli_pipe_txt(debug_ctx(), cli), + (unsigned int)auth->auth_type, + (unsigned int)auth->auth_level )); + + cli->auth = talloc_move(cli, &auth); + + prs_init_empty(&rpc_out, talloc_tos(), MARSHALL); + + rpc_call_id = get_rpc_call_id(); + + /* Marshall the outgoing data. */ + status = create_rpc_bind_req(cli, &rpc_out, rpc_call_id, + &cli->abstract_syntax, + &cli->transfer_syntax, + cli->auth->auth_type, + cli->auth->auth_level); + + if (!NT_STATUS_IS_OK(status)) { + prs_mem_free(&rpc_out); + return status; + } + + /* Initialize the incoming data struct. */ + prs_init_empty(&rbuf, talloc_tos(), UNMARSHALL); + + /* send data on \PIPE\. receive a response */ + status = rpc_api_pipe(cli, &rpc_out, &rbuf, RPC_BINDACK); + if (!NT_STATUS_IS_OK(status)) { + prs_mem_free(&rpc_out); + return status; + } + + prs_mem_free(&rpc_out); + + DEBUG(3,("rpc_pipe_bind: %s bind request returned ok.\n", + rpccli_pipe_txt(debug_ctx(), cli))); + + /* Unmarshall the RPC header */ + if(!smb_io_rpc_hdr("hdr" , &hdr, &rbuf, 0)) { + DEBUG(0,("rpc_pipe_bind: failed to unmarshall RPC_HDR.\n")); + prs_mem_free(&rbuf); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if(!smb_io_rpc_hdr_ba("", &hdr_ba, &rbuf, 0)) { + DEBUG(0,("rpc_pipe_bind: Failed to unmarshall RPC_HDR_BA.\n")); + prs_mem_free(&rbuf); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + if(!check_bind_response(&hdr_ba, &cli->transfer_syntax)) { + DEBUG(2,("rpc_pipe_bind: check_bind_response failed.\n")); + prs_mem_free(&rbuf); + return NT_STATUS_BUFFER_TOO_SMALL; + } + + cli->max_xmit_frag = hdr_ba.bba.max_tsize; + cli->max_recv_frag = hdr_ba.bba.max_rsize; + + /* For authenticated binds we may need to do 3 or 4 leg binds. */ + switch(cli->auth->auth_type) { + + case PIPE_AUTH_TYPE_NONE: + case PIPE_AUTH_TYPE_SCHANNEL: + /* Bind complete. */ + break; + + case PIPE_AUTH_TYPE_NTLMSSP: + /* Need to send AUTH3 packet - no reply. */ + status = rpc_finish_auth3_bind( + cli, &hdr, &rbuf, rpc_call_id, + cli->auth->auth_type, + cli->auth->auth_level); + if (!NT_STATUS_IS_OK(status)) { + prs_mem_free(&rbuf); + return status; + } + break; + + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + /* Need to send alter context request and reply. */ + status = rpc_finish_spnego_ntlmssp_bind( + cli, &hdr, &rbuf, rpc_call_id, + &cli->abstract_syntax, &cli->transfer_syntax, + cli->auth->auth_type, cli->auth->auth_level); + if (!NT_STATUS_IS_OK(status)) { + prs_mem_free(&rbuf); + return status; + } + break; + + case PIPE_AUTH_TYPE_KRB5: + /* */ + + default: + DEBUG(0,("cli_finish_bind_auth: unknown auth type " + "%u\n", (unsigned int)cli->auth->auth_type)); + prs_mem_free(&rbuf); + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* For NTLMSSP ensure the server gave us the auth_level we wanted. */ + if (cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP + || cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) { + if (cli->auth->auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN)) { + DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP signing and server refused.\n")); + prs_mem_free(&rbuf); + return NT_STATUS_INVALID_PARAMETER; + } + } + if (cli->auth->auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + if (!(cli->auth->a_u.ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL)) { + DEBUG(0,("cli_finish_bind_auth: requested NTLMSSSP sealing and server refused.\n")); + prs_mem_free(&rbuf); + return NT_STATUS_INVALID_PARAMETER; + } + } + } + + prs_mem_free(&rbuf); + return NT_STATUS_OK; +} + +unsigned int rpccli_set_timeout(struct rpc_pipe_client *cli, + unsigned int timeout) +{ + return cli_set_timeout(cli->trans.np.cli, timeout); +} + +bool rpccli_get_pwd_hash(struct rpc_pipe_client *cli, uint8_t nt_hash[16]) +{ + if ((cli->auth->auth_type == PIPE_AUTH_TYPE_NTLMSSP) + || (cli->auth->auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP)) { + memcpy(nt_hash, cli->auth->a_u.ntlmssp_state->nt_hash, 16); + return true; + } + + if (cli->transport_type == NCACN_NP) { + E_md4hash(cli->trans.np.cli->pwd.password, nt_hash); + return true; + } + + return false; +} + +struct cli_state *rpc_pipe_np_smb_conn(struct rpc_pipe_client *p) +{ + if (p->transport_type == NCACN_NP) { + return p->trans.np.cli; + } + return NULL; +} + +static int rpc_pipe_destructor(struct rpc_pipe_client *p) +{ + if (p->transport_type == NCACN_NP) { + bool ret; + ret = cli_close(p->trans.np.cli, p->trans.np.fnum); + if (!ret) { + DEBUG(1, ("rpc_pipe_destructor: cli_close failed on " + "pipe %s. Error was %s\n", + rpccli_pipe_txt(debug_ctx(), p), + cli_errstr(p->trans.np.cli))); + } + + DEBUG(10, ("rpc_pipe_destructor: closed %s\n", + rpccli_pipe_txt(debug_ctx(), p))); + + DLIST_REMOVE(p->trans.np.cli->pipe_list, p); + return ret ? -1 : 0; + } + + return -1; +} + +NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx, + struct cli_pipe_auth_data **presult) +{ + struct cli_pipe_auth_data *result; + + result = talloc(mem_ctx, struct cli_pipe_auth_data); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->auth_type = PIPE_AUTH_TYPE_NONE; + result->auth_level = PIPE_AUTH_LEVEL_NONE; + + result->user_name = talloc_strdup(result, ""); + result->domain = talloc_strdup(result, ""); + if ((result->user_name == NULL) || (result->domain == NULL)) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + + *presult = result; + return NT_STATUS_OK; +} + +static int cli_auth_ntlmssp_data_destructor(struct cli_pipe_auth_data *auth) +{ + ntlmssp_end(&auth->a_u.ntlmssp_state); + return 0; +} + +NTSTATUS rpccli_ntlmssp_bind_data(TALLOC_CTX *mem_ctx, + enum pipe_auth_type auth_type, + enum pipe_auth_level auth_level, + const char *domain, + const char *username, + const char *password, + struct cli_pipe_auth_data **presult) +{ + struct cli_pipe_auth_data *result; + NTSTATUS status; + + result = talloc(mem_ctx, struct cli_pipe_auth_data); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->auth_type = auth_type; + result->auth_level = auth_level; + + result->user_name = talloc_strdup(result, username); + result->domain = talloc_strdup(result, domain); + if ((result->user_name == NULL) || (result->domain == NULL)) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + status = ntlmssp_client_start(&result->a_u.ntlmssp_state); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + talloc_set_destructor(result, cli_auth_ntlmssp_data_destructor); + + status = ntlmssp_set_username(result->a_u.ntlmssp_state, username); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + status = ntlmssp_set_domain(result->a_u.ntlmssp_state, domain); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + status = ntlmssp_set_password(result->a_u.ntlmssp_state, password); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + + /* + * Turn off sign+seal to allow selected auth level to turn it back on. + */ + result->a_u.ntlmssp_state->neg_flags &= + ~(NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL); + + if (auth_level == PIPE_AUTH_LEVEL_INTEGRITY) { + result->a_u.ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN; + } else if (auth_level == PIPE_AUTH_LEVEL_PRIVACY) { + result->a_u.ntlmssp_state->neg_flags + |= NTLMSSP_NEGOTIATE_SEAL | NTLMSSP_NEGOTIATE_SIGN; + } + + *presult = result; + return NT_STATUS_OK; + + fail: + TALLOC_FREE(result); + return status; +} + +NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, + enum pipe_auth_level auth_level, + const uint8_t sess_key[16], + struct cli_pipe_auth_data **presult) +{ + struct cli_pipe_auth_data *result; + + result = talloc(mem_ctx, struct cli_pipe_auth_data); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->auth_type = PIPE_AUTH_TYPE_SCHANNEL; + result->auth_level = auth_level; + + result->user_name = talloc_strdup(result, ""); + result->domain = talloc_strdup(result, domain); + if ((result->user_name == NULL) || (result->domain == NULL)) { + goto fail; + } + + result->a_u.schannel_auth = talloc(result, + struct schannel_auth_struct); + if (result->a_u.schannel_auth == NULL) { + goto fail; + } + + memcpy(result->a_u.schannel_auth->sess_key, sess_key, + sizeof(result->a_u.schannel_auth->sess_key)); + result->a_u.schannel_auth->seq_num = 0; + + *presult = result; + return NT_STATUS_OK; + + fail: + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; +} + +#ifdef HAVE_KRB5 +static int cli_auth_kerberos_data_destructor(struct kerberos_auth_struct *auth) +{ + data_blob_free(&auth->session_key); + return 0; +} +#endif + +NTSTATUS rpccli_kerberos_bind_data(TALLOC_CTX *mem_ctx, + enum pipe_auth_level auth_level, + const char *service_princ, + const char *username, + const char *password, + struct cli_pipe_auth_data **presult) +{ +#ifdef HAVE_KRB5 + struct cli_pipe_auth_data *result; + + if ((username != NULL) && (password != NULL)) { + int ret = kerberos_kinit_password(username, password, 0, NULL); + if (ret != 0) { + return NT_STATUS_ACCESS_DENIED; + } + } + + result = talloc(mem_ctx, struct cli_pipe_auth_data); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->auth_type = PIPE_AUTH_TYPE_KRB5; + result->auth_level = auth_level; + + /* + * Username / domain need fixing! + */ + result->user_name = talloc_strdup(result, ""); + result->domain = talloc_strdup(result, ""); + if ((result->user_name == NULL) || (result->domain == NULL)) { + goto fail; + } + + result->a_u.kerberos_auth = TALLOC_ZERO_P( + result, struct kerberos_auth_struct); + if (result->a_u.kerberos_auth == NULL) { + goto fail; + } + talloc_set_destructor(result->a_u.kerberos_auth, + cli_auth_kerberos_data_destructor); + + result->a_u.kerberos_auth->service_principal = talloc_strdup( + result, service_princ); + if (result->a_u.kerberos_auth->service_principal == NULL) { + goto fail; + } + + *presult = result; + return NT_STATUS_OK; + + fail: + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; +#else + return NT_STATUS_NOT_SUPPORTED; +#endif +} + +static int rpc_pipe_sock_destructor(struct rpc_pipe_client *p) +{ + close(p->trans.sock.fd); + return 0; +} + +/** + * Create an rpc pipe client struct, connecting to a tcp port. + */ +static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host, + uint16_t port, + const struct ndr_syntax_id *abstract_syntax, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *result; + struct sockaddr_storage addr; + NTSTATUS status; + + result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->transport_type = NCACN_IP_TCP; + + result->abstract_syntax = *abstract_syntax; + result->transfer_syntax = ndr_transfer_syntax; + + result->desthost = talloc_strdup(result, host); + result->srv_name_slash = talloc_asprintf_strupper_m( + result, "\\\\%s", result->desthost); + if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN; + result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN; + + if (!resolve_name(host, &addr, 0)) { + status = NT_STATUS_NOT_FOUND; + goto fail; + } + + result->trans.sock.fd = open_socket_out(SOCK_STREAM, &addr, port, 60); + if (result->trans.sock.fd == -1) { + status = map_nt_error_from_unix(errno); + goto fail; + } + + talloc_set_destructor(result, rpc_pipe_sock_destructor); + + *presult = result; + return NT_STATUS_OK; + + fail: + TALLOC_FREE(result); + return status; +} + +/** + * Determine the tcp port on which a dcerpc interface is listening + * for the ncacn_ip_tcp transport via the endpoint mapper of the + * target host. + */ +static NTSTATUS rpc_pipe_get_tcp_port(const char *host, + const struct ndr_syntax_id *abstract_syntax, + uint16_t *pport) +{ + NTSTATUS status; + struct rpc_pipe_client *epm_pipe = NULL; + struct cli_pipe_auth_data *auth = NULL; + struct dcerpc_binding *map_binding = NULL; + struct dcerpc_binding *res_binding = NULL; + struct epm_twr_t *map_tower = NULL; + struct epm_twr_t *res_towers = NULL; + struct policy_handle *entry_handle = NULL; + uint32_t num_towers = 0; + uint32_t max_towers = 1; + struct epm_twr_p_t towers; + TALLOC_CTX *tmp_ctx = talloc_stackframe(); + + if (pport == NULL) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + /* open the connection to the endpoint mapper */ + status = rpc_pipe_open_tcp_port(tmp_ctx, host, 135, + &ndr_table_epmapper.syntax_id, + &epm_pipe); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpccli_anon_bind_data(tmp_ctx, &auth); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpc_pipe_bind(epm_pipe, auth); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + /* create tower for asking the epmapper */ + + map_binding = TALLOC_ZERO_P(tmp_ctx, struct dcerpc_binding); + if (map_binding == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + map_binding->transport = NCACN_IP_TCP; + map_binding->object = *abstract_syntax; + map_binding->host = host; /* needed? */ + map_binding->endpoint = "0"; /* correct? needed? */ + + map_tower = TALLOC_ZERO_P(tmp_ctx, struct epm_twr_t); + if (map_tower == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + status = dcerpc_binding_build_tower(tmp_ctx, map_binding, + &(map_tower->tower)); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + /* allocate further parameters for the epm_Map call */ + + res_towers = TALLOC_ARRAY(tmp_ctx, struct epm_twr_t, max_towers); + if (res_towers == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + towers.twr = res_towers; + + entry_handle = TALLOC_ZERO_P(tmp_ctx, struct policy_handle); + if (entry_handle == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + /* ask the endpoint mapper for the port */ + + status = rpccli_epm_Map(epm_pipe, + tmp_ctx, + CONST_DISCARD(struct GUID *, + &(abstract_syntax->uuid)), + map_tower, + entry_handle, + max_towers, + &num_towers, + &towers); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (num_towers != 1) { + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* extract the port from the answer */ + + status = dcerpc_binding_from_tower(tmp_ctx, + &(towers.twr->tower), + &res_binding); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + /* are further checks here necessary? */ + if (res_binding->transport != NCACN_IP_TCP) { + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + *pport = (uint16_t)atoi(res_binding->endpoint); + +done: + TALLOC_FREE(tmp_ctx); + return status; +} + +/** + * Create a rpc pipe client struct, connecting to a host via tcp. + * The port is determined by asking the endpoint mapper on the given + * host. + */ +NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host, + const struct ndr_syntax_id *abstract_syntax, + struct rpc_pipe_client **presult) +{ + NTSTATUS status; + uint16_t port = 0; + + *presult = NULL; + + status = rpc_pipe_get_tcp_port(host, abstract_syntax, &port); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpc_pipe_open_tcp_port(mem_ctx, host, port, + abstract_syntax, presult); + +done: + return status; +} + +/******************************************************************** + Create a rpc pipe client struct, connecting to a unix domain socket + ********************************************************************/ +NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, + const struct ndr_syntax_id *abstract_syntax, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *result; + struct sockaddr_un addr; + NTSTATUS status; + + result = talloc_zero(mem_ctx, struct rpc_pipe_client); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->transport_type = NCACN_UNIX_STREAM; + + result->abstract_syntax = *abstract_syntax; + result->transfer_syntax = ndr_transfer_syntax; + + result->desthost = get_myname(result); + result->srv_name_slash = talloc_asprintf_strupper_m( + result, "\\\\%s", result->desthost); + if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + result->max_xmit_frag = RPC_MAX_PDU_FRAG_LEN; + result->max_recv_frag = RPC_MAX_PDU_FRAG_LEN; + + result->trans.sock.fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (result->trans.sock.fd == -1) { + status = map_nt_error_from_unix(errno); + goto fail; + } + + talloc_set_destructor(result, rpc_pipe_sock_destructor); + + ZERO_STRUCT(addr); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path)); + + if (sys_connect(result->trans.sock.fd, + (struct sockaddr *)&addr) == -1) { + DEBUG(0, ("connect(%s) failed: %s\n", socket_path, + strerror(errno))); + close(result->trans.sock.fd); + return map_nt_error_from_unix(errno); + } + + *presult = result; + return NT_STATUS_OK; + + fail: + TALLOC_FREE(result); + return status; +} + + +/**************************************************************************** + Open a named pipe over SMB to a remote server. + * + * CAVEAT CALLER OF THIS FUNCTION: + * The returned rpc_pipe_client saves a copy of the cli_state cli pointer, + * so be sure that this function is called AFTER any structure (vs pointer) + * assignment of the cli. In particular, libsmbclient does structure + * assignments of cli, which invalidates the data in the returned + * rpc_pipe_client if this function is called before the structure assignment + * of cli. + * + ****************************************************************************/ + +static NTSTATUS rpc_pipe_open_np(struct cli_state *cli, + const struct ndr_syntax_id *abstract_syntax, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *result; + int fnum; + + /* sanity check to protect against crashes */ + + if ( !cli ) { + return NT_STATUS_INVALID_HANDLE; + } + + result = TALLOC_ZERO_P(NULL, struct rpc_pipe_client); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + + result->transport_type = NCACN_NP; + + result->trans.np.pipe_name = cli_get_pipe_name_from_iface( + result, cli, abstract_syntax); + if (result->trans.np.pipe_name == NULL) { + DEBUG(1, ("Could not find pipe for interface\n")); + TALLOC_FREE(result); + return NT_STATUS_INVALID_PARAMETER; + } + + result->trans.np.cli = cli; + result->abstract_syntax = *abstract_syntax; + result->transfer_syntax = ndr_transfer_syntax; + result->desthost = talloc_strdup(result, cli->desthost); + result->srv_name_slash = talloc_asprintf_strupper_m( + result, "\\\\%s", result->desthost); + + if ((result->desthost == NULL) || (result->srv_name_slash == NULL)) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + + fnum = cli_nt_create(cli, result->trans.np.pipe_name, + DESIRED_ACCESS_PIPE); + if (fnum == -1) { + DEBUG(1,("rpc_pipe_open_np: cli_nt_create failed on pipe %s " + "to machine %s. Error was %s\n", + result->trans.np.pipe_name, cli->desthost, + cli_errstr(cli))); + TALLOC_FREE(result); + return cli_get_nt_error(cli); + } + + result->trans.np.fnum = fnum; + + DLIST_ADD(cli->pipe_list, result); + talloc_set_destructor(result, rpc_pipe_destructor); + + *presult = result; + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a pipe to a remote server. + ****************************************************************************/ + +static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli, + const struct ndr_syntax_id *interface, + struct rpc_pipe_client **presult) +{ + if (ndr_syntax_id_equal(interface, &ndr_table_drsuapi.syntax_id)) { + /* + * We should have a better way to figure out this drsuapi + * speciality... + */ + return rpc_pipe_open_tcp(NULL, cli->desthost, interface, + presult); + } + + return rpc_pipe_open_np(cli, interface, presult); +} + +/**************************************************************************** + Open a named pipe to an SMB server and bind anonymously. + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_noauth(struct cli_state *cli, + const struct ndr_syntax_id *interface, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *result; + struct cli_pipe_auth_data *auth; + NTSTATUS status; + + status = cli_rpc_pipe_open(cli, interface, &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_anon_bind_data(result, &auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("rpccli_anon_bind_data returned %s\n", + nt_errstr(status))); + TALLOC_FREE(result); + return status; + } + + /* + * This is a bit of an abstraction violation due to the fact that an + * anonymous bind on an authenticated SMB inherits the user/domain + * from the enclosing SMB creds + */ + + TALLOC_FREE(auth->user_name); + TALLOC_FREE(auth->domain); + + auth->user_name = talloc_strdup(auth, cli->user_name); + auth->domain = talloc_strdup(auth, cli->domain); + + if ((auth->user_name == NULL) || (auth->domain == NULL)) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + + status = rpc_pipe_bind(result, auth); + if (!NT_STATUS_IS_OK(status)) { + int lvl = 0; + if (ndr_syntax_id_equal(interface, + &ndr_table_dssetup.syntax_id)) { + /* non AD domains just don't have this pipe, avoid + * level 0 statement in that case - gd */ + lvl = 3; + } + DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe " + "%s failed with error %s\n", + cli_get_pipe_name_from_iface(debug_ctx(), cli, + interface), + nt_errstr(status) )); + TALLOC_FREE(result); + return status; + } + + DEBUG(10,("cli_rpc_pipe_open_noauth: opened pipe %s to machine " + "%s and bound anonymously.\n", result->trans.np.pipe_name, + cli->desthost )); + + *presult = result; + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a named pipe to an SMB server and bind using NTLMSSP or SPNEGO NTLMSSP + ****************************************************************************/ + +static NTSTATUS cli_rpc_pipe_open_ntlmssp_internal(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_type auth_type, + enum pipe_auth_level auth_level, + const char *domain, + const char *username, + const char *password, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *result; + struct cli_pipe_auth_data *auth; + NTSTATUS status; + + status = cli_rpc_pipe_open(cli, interface, &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_ntlmssp_bind_data( + result, auth_type, auth_level, domain, username, + cli->pwd.null_pwd ? NULL : password, &auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("rpccli_ntlmssp_bind_data returned %s\n", + nt_errstr(status))); + goto err; + } + + status = rpc_pipe_bind(result, auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error %s\n", + nt_errstr(status) )); + goto err; + } + + DEBUG(10,("cli_rpc_pipe_open_ntlmssp_internal: opened pipe %s to " + "machine %s and bound NTLMSSP as user %s\\%s.\n", + result->trans.np.pipe_name, cli->desthost, + domain, username )); + + *presult = result; + return NT_STATUS_OK; + + err: + + TALLOC_FREE(result); + return status; +} + +/**************************************************************************** + External interface. + Open a named pipe to an SMB server and bind using NTLMSSP (bind type 10) + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_ntlmssp(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_level auth_level, + const char *domain, + const char *username, + const char *password, + struct rpc_pipe_client **presult) +{ + return cli_rpc_pipe_open_ntlmssp_internal(cli, + interface, + PIPE_AUTH_TYPE_NTLMSSP, + auth_level, + domain, + username, + password, + presult); +} + +/**************************************************************************** + External interface. + Open a named pipe to an SMB server and bind using spnego NTLMSSP (bind type 9) + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_spnego_ntlmssp(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_level auth_level, + const char *domain, + const char *username, + const char *password, + struct rpc_pipe_client **presult) +{ + return cli_rpc_pipe_open_ntlmssp_internal(cli, + interface, + PIPE_AUTH_TYPE_SPNEGO_NTLMSSP, + auth_level, + domain, + username, + password, + presult); +} + +/**************************************************************************** + Get a the schannel session key out of an already opened netlogon pipe. + ****************************************************************************/ +static NTSTATUS get_schannel_session_key_common(struct rpc_pipe_client *netlogon_pipe, + struct cli_state *cli, + const char *domain, + uint32 *pneg_flags) +{ + uint32 sec_chan_type = 0; + unsigned char machine_pwd[16]; + const char *machine_account; + NTSTATUS status; + + /* Get the machine account credentials from secrets.tdb. */ + if (!get_trust_pw_hash(domain, machine_pwd, &machine_account, + &sec_chan_type)) + { + DEBUG(0, ("get_schannel_session_key: could not fetch " + "trust account password for domain '%s'\n", + domain)); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + + status = rpccli_netlogon_setup_creds(netlogon_pipe, + cli->desthost, /* server name */ + domain, /* domain */ + global_myname(), /* client name */ + machine_account, /* machine account name */ + machine_pwd, + sec_chan_type, + pneg_flags); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("get_schannel_session_key_common: " + "rpccli_netlogon_setup_creds failed with result %s " + "to server %s, domain %s, machine account %s.\n", + nt_errstr(status), cli->desthost, domain, + machine_account )); + return status; + } + + if (((*pneg_flags) & NETLOGON_NEG_SCHANNEL) == 0) { + DEBUG(3, ("get_schannel_session_key: Server %s did not offer schannel\n", + cli->desthost)); + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + + return NT_STATUS_OK;; +} + +/**************************************************************************** + Open a netlogon pipe and get the schannel session key. + Now exposed to external callers. + ****************************************************************************/ + + +NTSTATUS get_schannel_session_key(struct cli_state *cli, + const char *domain, + uint32 *pneg_flags, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *netlogon_pipe = NULL; + NTSTATUS status; + + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, + &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = get_schannel_session_key_common(netlogon_pipe, cli, domain, + pneg_flags); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(netlogon_pipe); + return status; + } + + *presult = netlogon_pipe; + return NT_STATUS_OK; +} + +/**************************************************************************** + External interface. + Open a named pipe to an SMB server and bind using schannel (bind type 68) + using session_key. sign and seal. + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_level auth_level, + const char *domain, + const struct dcinfo *pdc, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *result; + struct cli_pipe_auth_data *auth; + NTSTATUS status; + + status = cli_rpc_pipe_open(cli, interface, &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_schannel_bind_data(result, domain, auth_level, + pdc->sess_key, &auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("rpccli_schannel_bind_data returned %s\n", + nt_errstr(status))); + TALLOC_FREE(result); + return status; + } + + status = rpc_pipe_bind(result, auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("cli_rpc_pipe_open_schannel_with_key: " + "cli_rpc_pipe_bind failed with error %s\n", + nt_errstr(status) )); + TALLOC_FREE(result); + return status; + } + + /* + * The credentials on a new netlogon pipe are the ones we are passed + * in - copy them over. + */ + result->dc = (struct dcinfo *)talloc_memdup(result, pdc, sizeof(*pdc)); + if (result->dc == NULL) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + + DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s " + "for domain %s " + "and bound using schannel.\n", + result->trans.np.pipe_name, cli->desthost, domain )); + + *presult = result; + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a named pipe to an SMB server and bind using schannel (bind type 68). + Fetch the session key ourselves using a temporary netlogon pipe. This + version uses an ntlmssp auth bound netlogon pipe to get the key. + ****************************************************************************/ + +static NTSTATUS get_schannel_session_key_auth_ntlmssp(struct cli_state *cli, + const char *domain, + const char *username, + const char *password, + uint32 *pneg_flags, + struct rpc_pipe_client **presult) +{ + struct rpc_pipe_client *netlogon_pipe = NULL; + NTSTATUS status; + + status = cli_rpc_pipe_open_spnego_ntlmssp( + cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, + domain, username, password, &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = get_schannel_session_key_common(netlogon_pipe, cli, domain, + pneg_flags); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(netlogon_pipe); + return status; + } + + *presult = netlogon_pipe; + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a named pipe to an SMB server and bind using schannel (bind type 68). + Fetch the session key ourselves using a temporary netlogon pipe. This version + uses an ntlmssp bind to get the session key. + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_level auth_level, + const char *domain, + const char *username, + const char *password, + struct rpc_pipe_client **presult) +{ + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + struct rpc_pipe_client *netlogon_pipe = NULL; + struct rpc_pipe_client *result = NULL; + NTSTATUS status; + + status = get_schannel_session_key_auth_ntlmssp( + cli, domain, username, password, &neg_flags, &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("cli_rpc_pipe_open_ntlmssp_auth_schannel: failed to get schannel session " + "key from server %s for domain %s.\n", + cli->desthost, domain )); + return status; + } + + status = cli_rpc_pipe_open_schannel_with_key( + cli, interface, auth_level, domain, netlogon_pipe->dc, + &result); + + /* Now we've bound using the session key we can close the netlog pipe. */ + TALLOC_FREE(netlogon_pipe); + + if (NT_STATUS_IS_OK(status)) { + *presult = result; + } + return status; +} + +/**************************************************************************** + Open a named pipe to an SMB server and bind using schannel (bind type 68). + Fetch the session key ourselves using a temporary netlogon pipe. + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_schannel(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_level auth_level, + const char *domain, + struct rpc_pipe_client **presult) +{ + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + struct rpc_pipe_client *netlogon_pipe = NULL; + struct rpc_pipe_client *result = NULL; + NTSTATUS status; + + status = get_schannel_session_key(cli, domain, &neg_flags, + &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("cli_rpc_pipe_open_schannel: failed to get schannel session " + "key from server %s for domain %s.\n", + cli->desthost, domain )); + return status; + } + + status = cli_rpc_pipe_open_schannel_with_key( + cli, interface, auth_level, domain, netlogon_pipe->dc, + &result); + + /* Now we've bound using the session key we can close the netlog pipe. */ + TALLOC_FREE(netlogon_pipe); + + if (NT_STATUS_IS_OK(status)) { + *presult = result; + } + + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a named pipe to an SMB server and bind using krb5 (bind type 16). + The idea is this can be called with service_princ, username and password all + NULL so long as the caller has a TGT. + ****************************************************************************/ + +NTSTATUS cli_rpc_pipe_open_krb5(struct cli_state *cli, + const struct ndr_syntax_id *interface, + enum pipe_auth_level auth_level, + const char *service_princ, + const char *username, + const char *password, + struct rpc_pipe_client **presult) +{ +#ifdef HAVE_KRB5 + struct rpc_pipe_client *result; + struct cli_pipe_auth_data *auth; + NTSTATUS status; + + status = cli_rpc_pipe_open(cli, interface, &result); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_kerberos_bind_data(result, auth_level, service_princ, + username, password, &auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("rpccli_kerberos_bind_data returned %s\n", + nt_errstr(status))); + TALLOC_FREE(result); + return status; + } + + status = rpc_pipe_bind(result, auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("cli_rpc_pipe_open_krb5: cli_rpc_pipe_bind failed " + "with error %s\n", nt_errstr(status))); + TALLOC_FREE(result); + return status; + } + + *presult = result; + return NT_STATUS_OK; +#else + DEBUG(0,("cli_rpc_pipe_open_krb5: kerberos not found at compile time.\n")); + return NT_STATUS_NOT_IMPLEMENTED; +#endif +} + +NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, + struct rpc_pipe_client *cli, + DATA_BLOB *session_key) +{ + if (!session_key || !cli) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!cli->auth) { + return NT_STATUS_INVALID_PARAMETER; + } + + switch (cli->auth->auth_type) { + case PIPE_AUTH_TYPE_SCHANNEL: + *session_key = data_blob_talloc(mem_ctx, + cli->auth->a_u.schannel_auth->sess_key, 16); + break; + case PIPE_AUTH_TYPE_NTLMSSP: + case PIPE_AUTH_TYPE_SPNEGO_NTLMSSP: + *session_key = data_blob_talloc(mem_ctx, + cli->auth->a_u.ntlmssp_state->session_key.data, + cli->auth->a_u.ntlmssp_state->session_key.length); + break; + case PIPE_AUTH_TYPE_KRB5: + case PIPE_AUTH_TYPE_SPNEGO_KRB5: + *session_key = data_blob_talloc(mem_ctx, + cli->auth->a_u.kerberos_auth->session_key.data, + cli->auth->a_u.kerberos_auth->session_key.length); + break; + case PIPE_AUTH_TYPE_NONE: + default: + return NT_STATUS_NO_USER_SESSION_KEY; + } + + return NT_STATUS_OK; +} diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c new file mode 100644 index 0000000000..ba98e25d63 --- /dev/null +++ b/source3/rpc_client/cli_reg.c @@ -0,0 +1,79 @@ +/* + Unix SMB/CIFS implementation. + RPC Pipe client + + Copyright (C) Gerald (Jerry) Carter 2005-2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "rpc_client.h" + +/******************************************************************* + connect to a registry hive root (open a registry policy) +*******************************************************************/ + +NTSTATUS rpccli_winreg_Connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + uint32 reg_type, uint32 access_mask, + POLICY_HND *reg_hnd) +{ + ZERO_STRUCTP(reg_hnd); + + switch (reg_type) + { + case HKEY_CLASSES_ROOT: + return rpccli_winreg_OpenHKCR( cli, mem_ctx, NULL, + access_mask, reg_hnd, NULL); + + case HKEY_LOCAL_MACHINE: + return rpccli_winreg_OpenHKLM( cli, mem_ctx, NULL, + access_mask, reg_hnd, NULL); + + case HKEY_USERS: + return rpccli_winreg_OpenHKU( cli, mem_ctx, NULL, + access_mask, reg_hnd, NULL); + + case HKEY_CURRENT_USER: + return rpccli_winreg_OpenHKCU( cli, mem_ctx, NULL, + access_mask, reg_hnd, NULL); + + case HKEY_PERFORMANCE_DATA: + return rpccli_winreg_OpenHKPD( cli, mem_ctx, NULL, + access_mask, reg_hnd, NULL); + + default: + /* fall through to end of function */ + break; + } + + return NT_STATUS_INVALID_PARAMETER; +} + +/******************************************************************* + Fill in a REGVAL_BUFFER for the data given a REGISTRY_VALUE + *******************************************************************/ + +uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ) +{ + uint32 real_size = 0; + + if ( !buf2 || !val ) + return 0; + + real_size = regval_size(val); + init_regval_buffer( buf2, (unsigned char*)regval_data_p(val), real_size ); + + return real_size; +} diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c new file mode 100644 index 0000000000..ed42d56a02 --- /dev/null +++ b/source3/rpc_client/cli_samr.c @@ -0,0 +1,324 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + Copyright (C) Tim Potter 2000-2001, + Copyright (C) Andrew Tridgell 1992-1997,2000, + Copyright (C) Rafal Szczesniak 2002. + Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +/* User change password */ + +NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + struct policy_handle *user_handle, + const char *newpassword, + const char *oldpassword) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6; + + uchar old_nt_hash[16]; + uchar old_lm_hash[16]; + uchar new_nt_hash[16]; + uchar new_lm_hash[16]; + + ZERO_STRUCT(old_nt_hash); + ZERO_STRUCT(old_lm_hash); + ZERO_STRUCT(new_nt_hash); + ZERO_STRUCT(new_lm_hash); + + DEBUG(10,("rpccli_samr_chgpasswd_user\n")); + + E_md4hash(oldpassword, old_nt_hash); + E_md4hash(newpassword, new_nt_hash); + + E_deshash(oldpassword, old_lm_hash); + E_deshash(newpassword, new_lm_hash); + + E_old_pw_hash(new_lm_hash, old_lm_hash, hash1.hash); + E_old_pw_hash(old_lm_hash, new_lm_hash, hash2.hash); + E_old_pw_hash(new_nt_hash, old_nt_hash, hash3.hash); + E_old_pw_hash(old_nt_hash, new_nt_hash, hash4.hash); + E_old_pw_hash(old_lm_hash, new_nt_hash, hash5.hash); + E_old_pw_hash(old_nt_hash, new_lm_hash, hash6.hash); + + result = rpccli_samr_ChangePasswordUser(cli, mem_ctx, + user_handle, + true, + &hash1, + &hash2, + true, + &hash3, + &hash4, + true, + &hash5, + true, + &hash6); + + return result; +} + + +/* User change password */ + +NTSTATUS rpccli_samr_chgpasswd_user2(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lanman_hash_enc; + + uchar old_nt_hash[16]; + uchar old_lanman_hash[16]; + uchar new_nt_hash[16]; + uchar new_lanman_hash[16]; + struct lsa_String server, account; + + DEBUG(10,("rpccli_samr_chgpasswd_user2\n")); + + init_lsa_String(&server, cli->srv_name_slash); + init_lsa_String(&account, username); + + /* Calculate the MD4 hash (NT compatible) of the password */ + E_md4hash(oldpassword, old_nt_hash); + E_md4hash(newpassword, new_nt_hash); + + if (lp_client_lanman_auth() && + E_deshash(newpassword, new_lanman_hash) && + E_deshash(oldpassword, old_lanman_hash)) { + /* E_deshash returns false for 'long' passwords (> 14 + DOS chars). This allows us to match Win2k, which + does not store a LM hash for these passwords (which + would reduce the effective password length to 14) */ + + encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); + + SamOEMhash(new_lm_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); + } else { + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_lanman_hash_enc); + } + + encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); + + SamOEMhash(new_nt_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); + + result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lanman_hash_enc); + + return result; +} + +/* User change password given blobs */ + +NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + DATA_BLOB new_nt_password_blob, + DATA_BLOB old_nt_hash_enc_blob, + DATA_BLOB new_lm_password_blob, + DATA_BLOB old_lm_hash_enc_blob) +{ + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lm_hash_enc; + struct lsa_String server, account; + + DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n")); + + init_lsa_String(&server, cli->srv_name_slash); + init_lsa_String(&account, username); + + memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); + memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); + memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); + memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); + + result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lm_hash_enc); + return result; +} + + +/* change password 3 */ + +NTSTATUS rpccli_samr_chgpasswd_user3(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const char *username, + const char *newpassword, + const char *oldpassword, + struct samr_DomInfo1 **dominfo1, + struct samr_ChangeReject **reject) +{ + NTSTATUS status; + + struct samr_CryptPassword new_nt_password; + struct samr_CryptPassword new_lm_password; + struct samr_Password old_nt_hash_enc; + struct samr_Password old_lanman_hash_enc; + + uchar old_nt_hash[16]; + uchar old_lanman_hash[16]; + uchar new_nt_hash[16]; + uchar new_lanman_hash[16]; + + struct lsa_String server, account; + + DEBUG(10,("rpccli_samr_chgpasswd_user3\n")); + + init_lsa_String(&server, cli->srv_name_slash); + init_lsa_String(&account, username); + + /* Calculate the MD4 hash (NT compatible) of the password */ + E_md4hash(oldpassword, old_nt_hash); + E_md4hash(newpassword, new_nt_hash); + + if (lp_client_lanman_auth() && + E_deshash(newpassword, new_lanman_hash) && + E_deshash(oldpassword, old_lanman_hash)) { + /* E_deshash returns false for 'long' passwords (> 14 + DOS chars). This allows us to match Win2k, which + does not store a LM hash for these passwords (which + would reduce the effective password length to 14) */ + + encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE); + + SamOEMhash(new_lm_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash); + } else { + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_lanman_hash_enc); + } + + encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE); + + SamOEMhash(new_nt_password.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash); + + status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx, + &server, + &account, + &new_nt_password, + &old_nt_hash_enc, + true, + &new_lm_password, + &old_lanman_hash_enc, + NULL, + dominfo1, + reject); + return status; +} + +/* This function returns the bizzare set of (max_entries, max_size) required + for the QueryDisplayInfo RPC to actually work against a domain controller + with large (10k and higher) numbers of users. These values were + obtained by inspection using ethereal and NT4 running User Manager. */ + +void get_query_dispinfo_params(int loop_count, uint32 *max_entries, + uint32 *max_size) +{ + switch(loop_count) { + case 0: + *max_entries = 512; + *max_size = 16383; + break; + case 1: + *max_entries = 1024; + *max_size = 32766; + break; + case 2: + *max_entries = 2048; + *max_size = 65532; + break; + case 3: + *max_entries = 4096; + *max_size = 131064; + break; + default: /* loop_count >= 4 */ + *max_entries = 4096; + *max_size = 131071; + break; + } +} + +NTSTATUS rpccli_try_samr_connects(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + uint32_t access_mask, + POLICY_HND *connect_pol) +{ + NTSTATUS status; + union samr_ConnectInfo info_in, info_out; + struct samr_ConnectInfo1 info1; + uint32_t lvl_out = 0; + + ZERO_STRUCT(info1); + + info1.client_version = SAMR_CONNECT_W2K; + info_in.info1 = info1; + + status = rpccli_samr_Connect5(cli, mem_ctx, + cli->srv_name_slash, + access_mask, + 1, + &info_in, + &lvl_out, + &info_out, + connect_pol); + if (NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_samr_Connect4(cli, mem_ctx, + cli->srv_name_slash, + SAMR_CONNECT_W2K, + access_mask, + connect_pol); + if (NT_STATUS_IS_OK(status)) { + return status; + } + + status = rpccli_samr_Connect2(cli, mem_ctx, + cli->srv_name_slash, + access_mask, + connect_pol); + return status; +} + diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c new file mode 100644 index 0000000000..69cee6c8e8 --- /dev/null +++ b/source3/rpc_client/cli_spoolss.c @@ -0,0 +1,2052 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + + Copyright (C) Gerald Carter 2001-2005, + Copyright (C) Tim Potter 2000-2002, + Copyright (C) Andrew Tridgell 1994-2000, + Copyright (C) Jean-Francois Micouleau 1999-2000. + Copyright (C) Jeremy Allison 2005. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "rpc_client.h" + +/********************************************************************* + Decode various spoolss rpc's and info levels + ********************************************************************/ + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_info_0(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PRINTER_INFO_0 **info) +{ + uint32 i; + PRINTER_INFO_0 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_0, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_0)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + if (!smb_io_printer_info_0("", buffer, &inf[i], 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_info_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PRINTER_INFO_1 **info) +{ + uint32 i; + PRINTER_INFO_1 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_1, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_1)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + if (!smb_io_printer_info_1("", buffer, &inf[i], 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_info_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PRINTER_INFO_2 **info) +{ + uint32 i; + PRINTER_INFO_2 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_2, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_2)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + /* a little initialization as we go */ + inf[i].secdesc = NULL; + if (!smb_io_printer_info_2("", buffer, &inf[i], 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_info_3(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PRINTER_INFO_3 **info) +{ + uint32 i; + PRINTER_INFO_3 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_3, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_3)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + inf[i].secdesc = NULL; + if (!smb_io_printer_info_3("", buffer, &inf[i], 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_info_7(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PRINTER_INFO_7 **info) +{ + uint32 i; + PRINTER_INFO_7 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_7, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_7)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + if (!smb_io_printer_info_7("", buffer, &inf[i], 0)) { + return False; + } + } + + *info=inf; + return True; +} + + +/********************************************************************** +**********************************************************************/ + +static bool decode_port_info_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PORT_INFO_1 **info) +{ + uint32 i; + PORT_INFO_1 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_1, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PORT_INFO_1)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs, 0); + + for (i=0; i<returned; i++) { + if (!smb_io_port_info_1("", buffer, &(inf[i]), 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_port_info_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, PORT_INFO_2 **info) +{ + uint32 i; + PORT_INFO_2 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_2, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PORT_INFO_2)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs, 0); + + for (i=0; i<returned; i++) { + if (!smb_io_port_info_2("", buffer, &(inf[i]), 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_driver_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, DRIVER_INFO_1 **info) +{ + uint32 i; + DRIVER_INFO_1 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_1, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(DRIVER_INFO_1)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + if (!smb_io_printer_driver_info_1("", buffer, &(inf[i]), 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_driver_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, DRIVER_INFO_2 **info) +{ + uint32 i; + DRIVER_INFO_2 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_2, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(DRIVER_INFO_2)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + if (!smb_io_printer_driver_info_2("", buffer, &(inf[i]), 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printer_driver_3(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, DRIVER_INFO_3 **info) +{ + uint32 i; + DRIVER_INFO_3 *inf; + + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_3, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(DRIVER_INFO_3)); + } else { + inf = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i=0; i<returned; i++) { + if (!smb_io_printer_driver_info_3("", buffer, &(inf[i]), 0)) { + return False; + } + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_printerdriverdir_1 (TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 returned, DRIVER_DIRECTORY_1 **info +) +{ + DRIVER_DIRECTORY_1 *inf; + + inf=TALLOC_P(mem_ctx, DRIVER_DIRECTORY_1); + if (!inf) { + return False; + } + memset(inf, 0, sizeof(DRIVER_DIRECTORY_1)); + + prs_set_offset(&buffer->prs, 0); + + if (!smb_io_driverdir_1("", buffer, inf, 0)) { + return False; + } + + *info=inf; + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_jobs_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 num_jobs, JOB_INFO_1 **jobs) +{ + uint32 i; + + if (num_jobs) { + *jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_1, num_jobs); + if (*jobs == NULL) { + return False; + } + } else { + *jobs = NULL; + } + prs_set_offset(&buffer->prs,0); + + for (i = 0; i < num_jobs; i++) { + if (!smb_io_job_info_1("", buffer, &((*jobs)[i]), 0)) { + return False; + } + } + + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_jobs_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 num_jobs, JOB_INFO_2 **jobs) +{ + uint32 i; + + if (num_jobs) { + *jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_2, num_jobs); + if (*jobs == NULL) { + return False; + } + } else { + *jobs = NULL; + } + prs_set_offset(&buffer->prs,0); + + for (i = 0; i < num_jobs; i++) { + if (!smb_io_job_info_2("", buffer, &((*jobs)[i]), 0)) { + return False; + } + } + + return True; +} + +/********************************************************************** +**********************************************************************/ + +static bool decode_forms_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, + uint32 num_forms, FORM_1 **forms) +{ + int i; + + if (num_forms) { + *forms = TALLOC_ARRAY(mem_ctx, FORM_1, num_forms); + if (*forms == NULL) { + return False; + } + } else { + *forms = NULL; + } + + prs_set_offset(&buffer->prs,0); + + for (i = 0; i < num_forms; i++) { + if (!smb_io_form_1("", buffer, &((*forms)[i]), 0)) { + return False; + } + } + + return True; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_open_printer_ex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + const char *printername, const char *datatype, uint32 access_required, + const char *station, const char *username, POLICY_HND *pol) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_OPEN_PRINTER_EX in; + SPOOL_R_OPEN_PRINTER_EX out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_open_printer_ex( &in, printername, datatype, + access_required, station, username ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_OPENPRINTEREX, + in, out, + qbuf, rbuf, + spoolss_io_q_open_printer_ex, + spoolss_io_r_open_printer_ex, + WERR_GENERAL_FAILURE ); + + memcpy( pol, &out.handle, sizeof(POLICY_HND) ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_close_printer(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_CLOSEPRINTER in; + SPOOL_R_CLOSEPRINTER out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_closeprinter( &in, pol ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_CLOSEPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_closeprinter, + spoolss_io_r_closeprinter, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + char *name, uint32 flags, uint32 level, + uint32 *num_printers, PRINTER_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPRINTERS in; + SPOOL_R_ENUMPRINTERS out; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinters, + spoolss_io_r_enumprinters, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinters, + spoolss_io_r_enumprinters, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + switch (level) { + case 0: + if (!decode_printer_info_0(mem_ctx, out.buffer, out.returned, &ctr->printers_0)) { + return WERR_GENERAL_FAILURE; + } + break; + case 1: + if (!decode_printer_info_1(mem_ctx, out.buffer, out.returned, &ctr->printers_1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_printer_info_2(mem_ctx, out.buffer, out.returned, &ctr->printers_2)) { + return WERR_GENERAL_FAILURE; + } + break; + case 3: + if (!decode_printer_info_3(mem_ctx, out.buffer, out.returned, &ctr->printers_3)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + *num_printers = out.returned; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + uint32 level, uint32 *num_ports, PORT_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPORTS in; + SPOOL_R_ENUMPORTS out; + RPC_BUFFER buffer; + fstring server; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper_m(server); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumports( &in, server, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumports, + spoolss_io_r_enumports, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumports( &in, server, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumports, + spoolss_io_r_enumports, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + switch (level) { + case 1: + if (!decode_port_info_1(mem_ctx, out.buffer, out.returned, &ctr->port.info_1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_port_info_2(mem_ctx, out.buffer, out.returned, &ctr->port.info_2)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + *num_ports = out.returned; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 level, + PRINTER_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTER in; + SPOOL_R_GETPRINTER out; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + /* Initialise input parameters */ + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinter, + spoolss_io_r_getprinter, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinter, + spoolss_io_r_getprinter, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + switch (level) { + case 0: + if (!decode_printer_info_0(mem_ctx, out.buffer, 1, &ctr->printers_0)) { + return WERR_GENERAL_FAILURE; + } + break; + case 1: + if (!decode_printer_info_1(mem_ctx, out.buffer, 1, &ctr->printers_1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_printer_info_2(mem_ctx, out.buffer, 1, &ctr->printers_2)) { + return WERR_GENERAL_FAILURE; + } + break; + case 3: + if (!decode_printer_info_3(mem_ctx, out.buffer, 1, &ctr->printers_3)) { + return WERR_GENERAL_FAILURE; + } + break; + case 7: + if (!decode_printer_info_7(mem_ctx, out.buffer, 1, &ctr->printers_7)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_setprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 level, + PRINTER_INFO_CTR *ctr, uint32 command) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETPRINTER in; + SPOOL_R_SETPRINTER out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_setprinter( mem_ctx, &in, pol, level, ctr, command ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_SETPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_setprinter, + spoolss_io_r_setprinter, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 level, + const char *env, int version, PRINTER_DRIVER_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTERDRIVER2 in; + SPOOL_R_GETPRINTERDRIVER2 out; + RPC_BUFFER buffer; + fstring server; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + fstrcpy(server, cli->desthost); + strupper_m(server); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprinterdriver2( &in, pol, env, level, + version, 2, &buffer, offered); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDRIVER2, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdriver2, + spoolss_io_r_getprinterdriver2, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprinterdriver2( &in, pol, env, level, + version, 2, &buffer, offered); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDRIVER2, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdriver2, + spoolss_io_r_getprinterdriver2, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + switch (level) { + case 1: + if (!decode_printer_driver_1(mem_ctx, out.buffer, 1, &ctr->info1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_printer_driver_2(mem_ctx, out.buffer, 1, &ctr->info2)) { + return WERR_GENERAL_FAILURE; + } + break; + case 3: + if (!decode_printer_driver_3(mem_ctx, out.buffer, 1, &ctr->info3)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + uint32 level, const char *env, + uint32 *num_drivers, + PRINTER_DRIVER_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPRINTERDRIVERS in; + SPOOL_R_ENUMPRINTERDRIVERS out; + RPC_BUFFER buffer; + fstring server; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper_m(server); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumprinterdrivers( &in, server, env, level, + &buffer, offered); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERDRIVERS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterdrivers, + spoolss_io_r_enumprinterdrivers, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumprinterdrivers( &in, server, env, level, + &buffer, offered); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERDRIVERS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterdrivers, + spoolss_io_r_enumprinterdrivers, + WERR_GENERAL_FAILURE ); + } + + *num_drivers = out.returned; + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + if ( out.returned ) { + + switch (level) { + case 1: + if (!decode_printer_driver_1(mem_ctx, out.buffer, out.returned, &ctr->info1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_printer_driver_2(mem_ctx, out.buffer, out.returned, &ctr->info2)) { + return WERR_GENERAL_FAILURE; + } + break; + case 3: + if (!decode_printer_driver_3(mem_ctx, out.buffer, out.returned, &ctr->info3)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + } + + return out.status; +} + + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + uint32 level, char *env, + DRIVER_DIRECTORY_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTERDRIVERDIR in; + SPOOL_R_GETPRINTERDRIVERDIR out; + RPC_BUFFER buffer; + fstring server; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper_m(server); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprinterdriverdir( &in, server, env, level, + &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDRIVERDIRECTORY, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdriverdir, + spoolss_io_r_getprinterdriverdir, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprinterdriverdir( &in, server, env, level, + &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDRIVERDIRECTORY, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdriverdir, + spoolss_io_r_getprinterdriverdir, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + if (!decode_printerdriverdir_1(mem_ctx, out.buffer, 1, &ctr->info1)) { + return WERR_GENERAL_FAILURE; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_addprinterdriver (struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, uint32 level, + PRINTER_DRIVER_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ADDPRINTERDRIVER in; + SPOOL_R_ADDPRINTERDRIVER out; + fstring server; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper_m(server); + + make_spoolss_q_addprinterdriver( mem_ctx, &in, server, level, ctr ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ADDPRINTERDRIVER, + in, out, + qbuf, rbuf, + spoolss_io_q_addprinterdriver, + spoolss_io_r_addprinterdriver, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_addprinterex (struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + uint32 level, PRINTER_INFO_CTR*ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ADDPRINTEREX in; + SPOOL_R_ADDPRINTEREX out; + fstring server, client, user; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(client, sizeof(fstring)-1, "\\\\%s", global_myname()); + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + + strupper_m(client); + strupper_m(server); + + fstrcpy (user, cli->auth->user_name); + + make_spoolss_q_addprinterex( mem_ctx, &in, server, client, + user, level, ctr); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ADDPRINTEREX, + in, out, + qbuf, rbuf, + spoolss_io_q_addprinterex, + spoolss_io_r_addprinterex, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_deleteprinterdriverex(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, const char *arch, + const char *driver, int version) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEPRINTERDRIVEREX in; + SPOOL_R_DELETEPRINTERDRIVEREX out; + fstring server; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper_m(server); + + make_spoolss_q_deleteprinterdriverex( mem_ctx, &in, server, arch, driver, version ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_DELETEPRINTERDRIVEREX, + in, out, + qbuf, rbuf, + spoolss_io_q_deleteprinterdriverex, + spoolss_io_r_deleteprinterdriverex, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_deleteprinterdriver (struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, const char *arch, + const char *driver) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEPRINTERDRIVER in; + SPOOL_R_DELETEPRINTERDRIVER out; + fstring server; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper_m(server); + + make_spoolss_q_deleteprinterdriver( mem_ctx, &in, server, arch, driver ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_DELETEPRINTERDRIVER, + in, out, + qbuf, rbuf, + spoolss_io_q_deleteprinterdriver, + spoolss_io_r_deleteprinterdriver, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + char *name, char *environment, + fstring procdir) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTPROCESSORDIRECTORY in; + SPOOL_R_GETPRINTPROCESSORDIRECTORY out; + int level = 1; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprintprocessordirectory( &in, name, + environment, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTPROCESSORDIRECTORY, + in, out, + qbuf, rbuf, + spoolss_io_q_getprintprocessordirectory, + spoolss_io_r_getprintprocessordirectory, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getprintprocessordirectory( &in, name, + environment, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTPROCESSORDIRECTORY, + in, out, + qbuf, rbuf, + spoolss_io_q_getprintprocessordirectory, + spoolss_io_r_getprintprocessordirectory, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + fstrcpy(procdir, "Not implemented!"); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_addform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *handle, uint32 level, FORM *form) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ADDFORM in; + SPOOL_R_ADDFORM out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_addform( &in, handle, level, form ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ADDFORM, + in, out, + qbuf, rbuf, + spoolss_io_q_addform, + spoolss_io_r_addform, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_setform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *handle, uint32 level, + const char *form_name, FORM *form) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETFORM in; + SPOOL_R_SETFORM out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_setform( &in, handle, level, form_name, form ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_SETFORM, + in, out, + qbuf, rbuf, + spoolss_io_q_setform, + spoolss_io_r_setform, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *handle, const char *formname, + uint32 level, FORM_1 *form) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETFORM in; + SPOOL_R_GETFORM out; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, + in, out, + qbuf, rbuf, + spoolss_io_q_getform, + spoolss_io_r_getform, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, + in, out, + qbuf, rbuf, + spoolss_io_q_getform, + spoolss_io_r_getform, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + if (!smb_io_form_1("", out.buffer, form, 0)) { + return WERR_GENERAL_FAILURE; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_deleteform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *handle, const char *form_name) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEFORM in; + SPOOL_R_DELETEFORM out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_deleteform( &in, handle, form_name ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_DELETEFORM, + in, out, + qbuf, rbuf, + spoolss_io_q_deleteform, + spoolss_io_r_deleteform, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *handle, int level, uint32 *num_forms, + FORM_1 **forms) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMFORMS in; + SPOOL_R_ENUMFORMS out; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumforms, + spoolss_io_r_enumforms, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumforms, + spoolss_io_r_enumforms, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + *num_forms = out.numofforms; + + if (!decode_forms_1(mem_ctx, out.buffer, *num_forms, forms)) { + return WERR_GENERAL_FAILURE; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 level, uint32 firstjob, + uint32 num_jobs, uint32 *returned, JOB_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMJOBS in; + SPOOL_R_ENUMJOBS out; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, + &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMJOBS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumjobs, + spoolss_io_r_enumjobs, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, + &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMJOBS, + in, out, + qbuf, rbuf, + spoolss_io_q_enumjobs, + spoolss_io_r_enumjobs, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + switch(level) { + case 1: + if (!decode_jobs_1(mem_ctx, out.buffer, out.returned, &ctr->job.job_info_1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_jobs_2(mem_ctx, out.buffer, out.returned, &ctr->job.job_info_2)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + DEBUG(3, ("unsupported info level %d", level)); + return WERR_UNKNOWN_LEVEL; + } + + *returned = out.returned; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_setjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 jobid, uint32 level, + uint32 command) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETJOB in; + SPOOL_R_SETJOB out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_setjob( &in, hnd, jobid, level, command ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_SETJOB, + in, out, + qbuf, rbuf, + spoolss_io_q_setjob, + spoolss_io_r_setjob, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 jobid, uint32 level, + JOB_INFO_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETJOB in; + SPOOL_R_GETJOB out; + RPC_BUFFER buffer; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, + in, out, + qbuf, rbuf, + spoolss_io_q_getjob, + spoolss_io_r_getjob, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_MORE_DATA ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + rpcbuf_init(&buffer, offered, mem_ctx); + make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, + in, out, + qbuf, rbuf, + spoolss_io_q_getjob, + spoolss_io_r_getjob, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + switch(level) { + case 1: + if (!decode_jobs_1(mem_ctx, out.buffer, 1, &ctr->job.job_info_1)) { + return WERR_GENERAL_FAILURE; + } + break; + case 2: + if (!decode_jobs_2(mem_ctx, out.buffer, 1, &ctr->job.job_info_2)) { + return WERR_GENERAL_FAILURE; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_startpageprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_STARTPAGEPRINTER in; + SPOOL_R_STARTPAGEPRINTER out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_startpageprinter( &in, hnd ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_STARTPAGEPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_startpageprinter, + spoolss_io_r_startpageprinter, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_endpageprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENDPAGEPRINTER in; + SPOOL_R_ENDPAGEPRINTER out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_endpageprinter( &in, hnd ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENDPAGEPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_endpageprinter, + spoolss_io_r_endpageprinter, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_startdocprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *docname, + char *outputfile, char *datatype, + uint32 *jobid) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_STARTDOCPRINTER in; + SPOOL_R_STARTDOCPRINTER out; + uint32 level = 1; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_startdocprinter( &in, hnd, level, docname, + outputfile, datatype ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_STARTDOCPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_startdocprinter, + spoolss_io_r_startdocprinter, + WERR_GENERAL_FAILURE ); + + *jobid = out.jobid; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enddocprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENDDOCPRINTER in; + SPOOL_R_ENDDOCPRINTER out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_enddocprinter( &in, hnd ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENDDOCPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_enddocprinter, + spoolss_io_r_enddocprinter, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, const char *valuename, + REGISTRY_VALUE *value) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTERDATA in; + SPOOL_R_GETPRINTERDATA out; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + make_spoolss_q_getprinterdata( &in, hnd, valuename, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDATA, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdata, + spoolss_io_r_getprinterdata, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_MORE_DATA ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_getprinterdata( &in, hnd, valuename, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDATA, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdata, + spoolss_io_r_getprinterdata, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + /* Return output parameters */ + + if (out.needed) { + value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed); + } else { + value->data_p = NULL; + } + value->type = out.type; + value->size = out.size; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_getprinterdataex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, const char *keyname, + const char *valuename, + REGISTRY_VALUE *value) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_GETPRINTERDATAEX in; + SPOOL_R_GETPRINTERDATAEX out; + uint32 offered = 0; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_getprinterdataex( &in, hnd, keyname, valuename, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDATAEX, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdataex, + spoolss_io_r_getprinterdataex, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_MORE_DATA ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_getprinterdataex( &in, hnd, keyname, valuename, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTERDATAEX, + in, out, + qbuf, rbuf, + spoolss_io_q_getprinterdataex, + spoolss_io_r_getprinterdataex, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + /* Return output parameters */ + + if (out.needed) { + value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed); + } else { + value->data_p = NULL; + } + value->type = out.type; + value->size = out.needed; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_setprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, REGISTRY_VALUE *value) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETPRINTERDATA in; + SPOOL_R_SETPRINTERDATA out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_setprinterdata( &in, hnd, value->valuename, + value->type, (char *)value->data_p, value->size); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_SETPRINTERDATA, + in, out, + qbuf, rbuf, + spoolss_io_q_setprinterdata, + spoolss_io_r_setprinterdata, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_setprinterdataex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *keyname, + REGISTRY_VALUE *value) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_SETPRINTERDATAEX in; + SPOOL_R_SETPRINTERDATAEX out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_setprinterdataex( &in, hnd, keyname, value->valuename, + value->type, (char *)value->data_p, value->size); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_SETPRINTERDATAEX, + in, out, + qbuf, rbuf, + spoolss_io_q_setprinterdataex, + spoolss_io_r_setprinterdataex, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enumprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 ndx, + uint32 value_offered, uint32 data_offered, + uint32 *value_needed, uint32 *data_needed, + REGISTRY_VALUE *value) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPRINTERDATA in; + SPOOL_R_ENUMPRINTERDATA out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_enumprinterdata( &in, hnd, ndx, value_offered, data_offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERDATA, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterdata, + spoolss_io_r_enumprinterdata, + WERR_GENERAL_FAILURE ); + + if ( value_needed ) + *value_needed = out.realvaluesize; + if ( data_needed ) + *data_needed = out.realdatasize; + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + if (value) { + rpcstr_pull(value->valuename, out.value, sizeof(value->valuename), -1, + STR_TERMINATE); + if (out.realdatasize) { + value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, + out.realdatasize); + } else { + value->data_p = NULL; + } + value->type = out.type; + value->size = out.realdatasize; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enumprinterdataex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, const char *keyname, + REGVAL_CTR *ctr) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPRINTERDATAEX in; + SPOOL_R_ENUMPRINTERDATAEX out; + int i; + uint32 offered; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + offered = 0; + make_spoolss_q_enumprinterdataex( &in, hnd, keyname, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERDATAEX, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterdataex, + spoolss_io_r_enumprinterdataex, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_MORE_DATA ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_enumprinterdataex( &in, hnd, keyname, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERDATAEX, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterdataex, + spoolss_io_r_enumprinterdataex, + WERR_GENERAL_FAILURE ); + } + + if (!W_ERROR_IS_OK(out.status)) + return out.status; + + for (i = 0; i < out.returned; i++) { + PRINTER_ENUM_VALUES *v = &out.ctr.values[i]; + fstring name; + + rpcstr_pull(name, v->valuename.buffer, sizeof(name), -1, + STR_TERMINATE); + regval_ctr_addvalue(ctr, name, v->type, (const char *)v->data, v->data_len); + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_writeprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, uint32 data_size, char *data, + uint32 *num_written) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_WRITEPRINTER in; + SPOOL_R_WRITEPRINTER out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_writeprinter( &in, hnd, data_size, data ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_WRITEPRINTER, + in, out, + qbuf, rbuf, + spoolss_io_q_writeprinter, + spoolss_io_r_writeprinter, + WERR_GENERAL_FAILURE ); + + if (num_written) + *num_written = out.buffer_written; + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_deleteprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *valuename) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEPRINTERDATA in; + SPOOL_R_DELETEPRINTERDATA out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_deleteprinterdata( &in, hnd, valuename ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_DELETEPRINTERDATA, + in, out, + qbuf, rbuf, + spoolss_io_q_deleteprinterdata, + spoolss_io_r_deleteprinterdata, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_deleteprinterdataex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *keyname, + char *valuename) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEPRINTERDATAEX in; + SPOOL_R_DELETEPRINTERDATAEX out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_deleteprinterdataex( &in, hnd, keyname, valuename ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_DELETEPRINTERDATAEX, + in, out, + qbuf, rbuf, + spoolss_io_q_deleteprinterdataex, + spoolss_io_r_deleteprinterdataex, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_enumprinterkey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, const char *keyname, + uint16 **keylist, uint32 *len) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ENUMPRINTERKEY in; + SPOOL_R_ENUMPRINTERKEY out; + uint32 offered = 0; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_enumprinterkey( &in, hnd, keyname, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERKEY, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterkey, + spoolss_io_r_enumprinterkey, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_MORE_DATA ) ) { + offered = out.needed; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_enumprinterkey( &in, hnd, keyname, offered ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERKEY, + in, out, + qbuf, rbuf, + spoolss_io_q_enumprinterkey, + spoolss_io_r_enumprinterkey, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + if (keylist) { + *keylist = SMB_MALLOC_ARRAY(uint16, out.keys.buf_len); + if (!*keylist) { + return WERR_NOMEM; + } + memcpy(*keylist, out.keys.buffer, out.keys.buf_len * 2); + if (len) + *len = out.keys.buf_len * 2; + } + + return out.status; +} + +/********************************************************************** +**********************************************************************/ + +WERROR rpccli_spoolss_deleteprinterkey(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hnd, char *keyname) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_DELETEPRINTERKEY in; + SPOOL_R_DELETEPRINTERKEY out; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + make_spoolss_q_deleteprinterkey( &in, hnd, keyname ); + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_DELETEPRINTERKEY, + in, out, + qbuf, rbuf, + spoolss_io_q_deleteprinterkey, + spoolss_io_r_deleteprinterkey, + WERR_GENERAL_FAILURE ); + + return out.status; +} + +/** @} **/ diff --git a/source3/rpc_client/cli_spoolss_notify.c b/source3/rpc_client/cli_spoolss_notify.c new file mode 100644 index 0000000000..5440f76248 --- /dev/null +++ b/source3/rpc_client/cli_spoolss_notify.c @@ -0,0 +1,218 @@ +/* + Unix SMB/CIFS implementation. + RPC pipe client + + Copyright (C) Gerald Carter 2001-2002, + Copyright (C) Tim Potter 2000-2002, + Copyright (C) Andrew Tridgell 1994-2000, + Copyright (C) Jean-Francois Micouleau 1999-2000. + Copyright (C) Jeremy Allison 2005. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + +/* + * SPOOLSS Client RPC's used by servers as the notification + * back channel. + */ + +/* Send a ReplyOpenPrinter request. This rpc is made by the printer + server to the printer client in response to a rffpcnex request. + The rrfpcnex request names a printer and a handle (the printerlocal + value) and this rpc establishes a back-channel over which printer + notifications are performed. */ + +WERROR rpccli_spoolss_reply_open_printer(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + const char *printer, uint32 printerlocal, uint32 type, + POLICY_HND *handle) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_REPLYOPENPRINTER q; + SPOOL_R_REPLYOPENPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + /* Initialise input parameters */ + + make_spoolss_q_replyopenprinter(&q, printer, printerlocal, type); + + /* Marshall data and send request */ + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_REPLYOPENPRINTER, + q, r, + qbuf, rbuf, + spoolss_io_q_replyopenprinter, + spoolss_io_r_replyopenprinter, + WERR_GENERAL_FAILURE ); + + /* Return result */ + + memcpy(handle, &r.handle, sizeof(r.handle)); + result = r.status; + + return result; +} + +/* Close a back-channel notification connection */ + +WERROR rpccli_spoolss_reply_close_printer(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *handle) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_REPLYCLOSEPRINTER q; + SPOOL_R_REPLYCLOSEPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + /* Initialise input parameters */ + + make_spoolss_q_reply_closeprinter(&q, handle); + + /* Marshall data and send request */ + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_REPLYCLOSEPRINTER, + q, r, + qbuf, rbuf, + spoolss_io_q_replycloseprinter, + spoolss_io_r_replycloseprinter, + WERR_GENERAL_FAILURE ); + + /* Return result */ + + result = r.status; + return result; +} + +/********************************************************************* + This SPOOLSS_ROUTERREPLYPRINTER function is used to send a change + notification event when the registration **did not** use + SPOOL_NOTIFY_OPTION_TYPE structure to specify the events to monitor. + Also see cli_spolss_reply_rrpcn() + *********************************************************************/ + +WERROR rpccli_spoolss_routerreplyprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 condition, uint32 change_id) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_ROUTERREPLYPRINTER q; + SPOOL_R_ROUTERREPLYPRINTER r; + WERROR result = W_ERROR(ERRgeneral); + + /* Initialise input parameters */ + + make_spoolss_q_routerreplyprinter(&q, pol, condition, change_id); + + /* Marshall data and send request */ + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ROUTERREPLYPRINTER, + q, r, + qbuf, rbuf, + spoolss_io_q_routerreplyprinter, + spoolss_io_r_routerreplyprinter, + WERR_GENERAL_FAILURE ); + + /* Return output parameters */ + + result = r.status; + return result; +} + +/********************************************************************* + This SPOOLSS_REPLY_RRPCN function is used to send a change + notification event when the registration **did** use + SPOOL_NOTIFY_OPTION_TYPE structure to specify the events to monitor + Also see cli_spoolss_routereplyprinter() + *********************************************************************/ + +WERROR rpccli_spoolss_rrpcn(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 notify_data_len, + SPOOL_NOTIFY_INFO_DATA *notify_data, + uint32 change_low, uint32 change_high) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_REPLY_RRPCN q; + SPOOL_R_REPLY_RRPCN r; + WERROR result = W_ERROR(ERRgeneral); + SPOOL_NOTIFY_INFO notify_info; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + ZERO_STRUCT(notify_info); + + /* Initialise input parameters */ + + notify_info.version = 0x2; + notify_info.flags = 0x00020000; /* ?? */ + notify_info.count = notify_data_len; + notify_info.data = notify_data; + + /* create and send a MSRPC command with api */ + /* store the parameters */ + + make_spoolss_q_reply_rrpcn(&q, pol, change_low, change_high, + ¬ify_info); + + /* Marshall data and send request */ + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_RRPCN, + q, r, + qbuf, rbuf, + spoolss_io_q_reply_rrpcn, + spoolss_io_r_reply_rrpcn, + WERR_GENERAL_FAILURE ); + + if (r.unknown0 == 0x00080000) + DEBUG(8,("cli_spoolss_reply_rrpcn: I think the spooler resonded that the notification was ignored.\n")); + else if ( r.unknown0 != 0x0 ) + DEBUG(8,("cli_spoolss_reply_rrpcn: unknown0 is non-zero [0x%x]\n", r.unknown0)); + + result = r.status; + return result; +} + +/********************************************************************* + *********************************************************************/ + +WERROR rpccli_spoolss_rffpcnex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *pol, uint32 flags, uint32 options, + const char *localmachine, uint32 printerlocal, + SPOOL_NOTIFY_OPTION *option) +{ + prs_struct qbuf, rbuf; + SPOOL_Q_RFFPCNEX q; + SPOOL_R_RFFPCNEX r; + WERROR result = W_ERROR(ERRgeneral); + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise input parameters */ + + make_spoolss_q_rffpcnex( + &q, pol, flags, options, localmachine, printerlocal, + option); + + /* Marshall data and send request */ + + CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_RFFPCNEX, + q, r, + qbuf, rbuf, + spoolss_io_q_rffpcnex, + spoolss_io_r_rffpcnex, + WERR_GENERAL_FAILURE ); + + result = r.status; + return result; +} diff --git a/source3/rpc_client/cli_svcctl.c b/source3/rpc_client/cli_svcctl.c new file mode 100644 index 0000000000..3c29dcdee8 --- /dev/null +++ b/source3/rpc_client/cli_svcctl.c @@ -0,0 +1,168 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Gerald Carter 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + + +#include "includes.h" +#include "rpc_client.h" + +/******************************************************************* +*******************************************************************/ + +WERROR rpccli_svcctl_enumerate_services( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hSCM, uint32 type, uint32 state, + uint32 *returned, ENUM_SERVICES_STATUS **service_array ) +{ + SVCCTL_Q_ENUM_SERVICES_STATUS in; + SVCCTL_R_ENUM_SERVICES_STATUS out; + prs_struct qbuf, rbuf; + uint32 resume = 0; + ENUM_SERVICES_STATUS *services; + int i; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + /* setup the request */ + + memcpy( &in.handle, hSCM, sizeof(POLICY_HND) ); + + in.type = type; + in.state = state; + in.resume = &resume; + + /* first time is to get the buffer size */ + in.buffer_size = 0; + + CLI_DO_RPC_WERR( cli, mem_ctx, &ndr_table_svcctl.syntax_id, SVCCTL_ENUM_SERVICES_STATUS_W, + in, out, + qbuf, rbuf, + svcctl_io_q_enum_services_status, + svcctl_io_r_enum_services_status, + WERR_GENERAL_FAILURE ); + + /* second time with correct buffer size...should be ok */ + + if ( W_ERROR_EQUAL( out.status, WERR_MORE_DATA ) ) { + in.buffer_size = out.needed; + + CLI_DO_RPC_WERR( cli, mem_ctx, &ndr_table_svcctl.syntax_id, + SVCCTL_ENUM_SERVICES_STATUS_W, + in, out, + qbuf, rbuf, + svcctl_io_q_enum_services_status, + svcctl_io_r_enum_services_status, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK(out.status) ) + return out.status; + + /* pull out the data */ + if (out.returned) { + if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) + return WERR_NOMEM; + } else { + services = NULL; + } + + for ( i=0; i<out.returned; i++ ) { + svcctl_io_enum_services_status( "", &services[i], &out.buffer, 0 ); + } + + *service_array = services; + *returned = out.returned; + + return out.status; +} + +/******************************************************************* +*******************************************************************/ + +WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *hService, SERVICE_CONFIG *config ) +{ + SVCCTL_Q_QUERY_SERVICE_CONFIG in; + SVCCTL_R_QUERY_SERVICE_CONFIG out; + prs_struct qbuf, rbuf; + + ZERO_STRUCT(in); + ZERO_STRUCT(out); + + memcpy( &in.handle, hService, sizeof(POLICY_HND) ); + in.buffer_size = 0; + + + CLI_DO_RPC_WERR( cli, mem_ctx, &ndr_table_svcctl.syntax_id, + SVCCTL_QUERY_SERVICE_CONFIG_W, + in, out, + qbuf, rbuf, + svcctl_io_q_query_service_config, + svcctl_io_r_query_service_config, + WERR_GENERAL_FAILURE ); + + if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) { + in.buffer_size = out.needed; + + CLI_DO_RPC_WERR( cli, mem_ctx, &ndr_table_svcctl.syntax_id, + SVCCTL_QUERY_SERVICE_CONFIG_W, + in, out, + qbuf, rbuf, + svcctl_io_q_query_service_config, + svcctl_io_r_query_service_config, + WERR_GENERAL_FAILURE ); + } + + if ( !W_ERROR_IS_OK( out.status ) ) + return out.status; + + memcpy( config, &out.config, sizeof(SERVICE_CONFIG) ); + + config->executablepath = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + config->loadordergroup = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + config->dependencies = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + config->startname = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + config->displayname = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + + if ( out.config.executablepath ) { + config->executablepath = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + copy_unistr2( config->executablepath, out.config.executablepath ); + } + + if ( out.config.loadordergroup ) { + config->loadordergroup = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + copy_unistr2( config->loadordergroup, out.config.loadordergroup ); + } + + if ( out.config.dependencies ) { + config->dependencies = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + copy_unistr2( config->dependencies, out.config.dependencies ); + } + + if ( out.config.startname ) { + config->startname = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + copy_unistr2( config->startname, out.config.startname ); + } + + if ( out.config.displayname ) { + config->displayname = TALLOC_ZERO_P( mem_ctx, UNISTR2 ); + copy_unistr2( config->displayname, out.config.displayname ); + } + + return out.status; +} diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c new file mode 100644 index 0000000000..9777f27629 --- /dev/null +++ b/source3/rpc_client/init_lsa.c @@ -0,0 +1,128 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; + name->size = 2 * strlen_m(s); + name->length = name->size; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_AsciiString(struct lsa_AsciiString *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_lsa_AsciiStringLarge(struct lsa_AsciiStringLarge *name, const char *s) +{ + name->string = s; +} + +/******************************************************************* + Inits an lsa_QosInfo structure. +********************************************************************/ + +void init_lsa_sec_qos(struct lsa_QosInfo *r, + uint32_t len, + uint16_t impersonation_level, + uint8_t context_mode, + uint8_t effective_only) +{ + DEBUG(5, ("init_lsa_sec_qos\n")); + + r->len = len; + r->impersonation_level = impersonation_level; + r->context_mode = context_mode; + r->effective_only = effective_only; +} + +/******************************************************************* + Inits an lsa_ObjectAttribute structure. +********************************************************************/ + +void init_lsa_obj_attr(struct lsa_ObjectAttribute *r, + uint32_t len, + uint8_t *root_dir, + const char *object_name, + uint32_t attributes, + struct security_descriptor *sec_desc, + struct lsa_QosInfo *sec_qos) +{ + DEBUG(5,("init_lsa_obj_attr\n")); + + r->len = len; + r->root_dir = root_dir; + r->object_name = object_name; + r->attributes = attributes; + r->sec_desc = sec_desc; + r->sec_qos = sec_qos; +} + +/******************************************************************* + Inits a lsa_TranslatedSid structure. +********************************************************************/ + +void init_lsa_translated_sid(struct lsa_TranslatedSid *r, + enum lsa_SidType sid_type, + uint32_t rid, + uint32_t sid_index) +{ + r->sid_type = sid_type; + r->rid = rid; + r->sid_index = sid_index; +} + +/******************************************************************* + Inits a lsa_TranslatedName2 structure. +********************************************************************/ + +void init_lsa_translated_name2(struct lsa_TranslatedName2 *r, + enum lsa_SidType sid_type, + const char *name, + uint32_t sid_index, + uint32_t unknown) +{ + r->sid_type = sid_type; + init_lsa_String(&r->name, name); + r->sid_index = sid_index; + r->unknown = unknown; +} diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c new file mode 100644 index 0000000000..61841953fc --- /dev/null +++ b/source3/rpc_client/init_netlogon.c @@ -0,0 +1,393 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_SamBaseInfo(struct netr_SamBaseInfo *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags) +{ + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->acct_expiry = acct_expiry; + r->last_password_change = last_password_change; + r->allow_password_change = allow_password_change; + r->force_password_change = force_password_change; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + r->logon_count = logon_count; + r->bad_password_count = bad_password_count; + r->rid = rid; + r->primary_gid = primary_gid; + r->groups = groups; + r->user_flags = user_flags; + r->key = key; + init_lsa_StringLarge(&r->logon_server, logon_server); + init_lsa_StringLarge(&r->domain, domain); + r->domain_sid = domain_sid; + r->LMSessKey = LMSessKey; + r->acct_flags = acct_flags; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_SamInfo3(struct netr_SamInfo3 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME acct_expiry, + NTTIME last_password_change, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *logon_script, + const char *profile_path, + const char *home_directory, + const char *home_drive, + uint16_t logon_count, + uint16_t bad_password_count, + uint32_t rid, + uint32_t primary_gid, + struct samr_RidWithAttributeArray groups, + uint32_t user_flags, + struct netr_UserSessionKey key, + const char *logon_server, + const char *domain, + struct dom_sid2 *domain_sid, + struct netr_LMSessionKey LMSessKey, + uint32_t acct_flags, + uint32_t sidcount, + struct netr_SidAttr *sids) +{ + init_netr_SamBaseInfo(&r->base, + last_logon, + last_logoff, + acct_expiry, + last_password_change, + allow_password_change, + force_password_change, + account_name, + full_name, + logon_script, + profile_path, + home_directory, + home_drive, + logon_count, + bad_password_count, + rid, + primary_gid, + groups, + user_flags, + key, + logon_server, + domain, + domain_sid, + LMSessKey, + acct_flags); + r->sidcount = sidcount; + r->sids = sids; +} + +/******************************************************************* + gets a domain user's groups from their already-calculated NT_USER_TOKEN + ********************************************************************/ + +static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + size_t num_sids, + const DOM_SID *sids, + int *numgroups, DOM_GID **pgids) +{ + int i; + + *numgroups=0; + *pgids = NULL; + + for (i=0; i<num_sids; i++) { + DOM_GID gid; + if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.g_rid)) { + continue; + } + gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| + SE_GROUP_ENABLED); + ADD_TO_ARRAY(mem_ctx, DOM_GID, gid, pgids, numgroups); + if (*pgids == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + return NT_STATUS_OK; +} + +/**************************************************************************** + inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must + already be initialized and is used as the talloc parent for its members. +*****************************************************************************/ + +NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, + uint8_t pipe_session_key[16], + struct netr_SamInfo3 *sam3) +{ + struct samu *sampw; + DOM_GID *gids = NULL; + const DOM_SID *user_sid = NULL; + const DOM_SID *group_sid = NULL; + DOM_SID domain_sid; + uint32 user_rid, group_rid; + NTSTATUS status; + + int num_gids = 0; + const char *my_name; + + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lm_session_key; + + NTTIME last_logon, last_logoff, acct_expiry, last_password_change; + NTTIME allow_password_change, force_password_change; + struct samr_RidWithAttributeArray groups; + int i; + struct dom_sid2 *sid = NULL; + + ZERO_STRUCT(user_session_key); + ZERO_STRUCT(lm_session_key); + + sampw = server_info->sam_account; + + user_sid = pdb_get_user_sid(sampw); + group_sid = pdb_get_group_sid(sampw); + + if ((user_sid == NULL) || (group_sid == NULL)) { + DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + sid_copy(&domain_sid, user_sid); + sid_split_rid(&domain_sid, &user_rid); + + sid = sid_dup_talloc(sam3, &domain_sid); + if (!sid) { + return NT_STATUS_NO_MEMORY; + } + + if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { + DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid " + "%s\n but group sid %s.\n" + "The conflicting domain portions are not " + "supported for NETLOGON calls\n", + pdb_get_domain(sampw), + pdb_get_username(sampw), + sid_string_dbg(user_sid), + sid_string_dbg(group_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + if(server_info->login_server) { + my_name = server_info->login_server; + } else { + my_name = global_myname(); + } + + status = nt_token_to_group_list(sam3, &domain_sid, + server_info->num_sids, + server_info->sids, + &num_gids, &gids); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (server_info->user_session_key.length) { + memcpy(user_session_key.key, + server_info->user_session_key.data, + MIN(sizeof(user_session_key.key), + server_info->user_session_key.length)); + SamOEMhash(user_session_key.key, pipe_session_key, 16); + } + if (server_info->lm_session_key.length) { + memcpy(lm_session_key.key, + server_info->lm_session_key.data, + MIN(sizeof(lm_session_key.key), + server_info->lm_session_key.length)); + SamOEMhash(lm_session_key.key, pipe_session_key, 8); + } + + groups.count = num_gids; + groups.rids = TALLOC_ARRAY(sam3, struct samr_RidWithAttribute, groups.count); + if (!groups.rids) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i < groups.count; i++) { + groups.rids[i].rid = gids[i].g_rid; + groups.rids[i].attributes = gids[i].attr; + } + + unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw)); + unix_to_nt_time(&last_logoff, get_time_t_max()); + unix_to_nt_time(&acct_expiry, get_time_t_max()); + unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw)); + unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw)); + unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw)); + + init_netr_SamInfo3(sam3, + last_logon, + last_logoff, + acct_expiry, + last_password_change, + allow_password_change, + force_password_change, + talloc_strdup(sam3, pdb_get_username(sampw)), + talloc_strdup(sam3, pdb_get_fullname(sampw)), + talloc_strdup(sam3, pdb_get_logon_script(sampw)), + talloc_strdup(sam3, pdb_get_profile_path(sampw)), + talloc_strdup(sam3, pdb_get_homedir(sampw)), + talloc_strdup(sam3, pdb_get_dir_drive(sampw)), + 0, /* logon_count */ + 0, /* bad_password_count */ + user_rid, + group_rid, + groups, + NETLOGON_EXTRA_SIDS, + user_session_key, + my_name, + talloc_strdup(sam3, pdb_get_domain(sampw)), + sid, + lm_session_key, + pdb_get_acct_ctrl(sampw), + 0, /* sidcount */ + NULL); /* struct netr_SidAttr *sids */ + ZERO_STRUCT(user_session_key); + ZERO_STRUCT(lm_session_key); + + return NT_STATUS_OK; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_IdentityInfo(struct netr_IdentityInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation) +{ + init_lsa_String(&r->domain_name, domain_name); + r->parameter_control = parameter_control; + r->logon_id_low = logon_id_low; + r->logon_id_high = logon_id_high; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->workstation, workstation); +} + +/******************************************************************* + inits a structure. + This is a network logon packet. The log_id parameters + are what an NT server would generate for LUID once the + user is logged on. I don't think we care about them. + + Note that this has no access to the NT and LM hashed passwords, + so it forwards the challenge, and the NT and LM responses (24 + bytes each) over the secure channel to the Domain controller + for it to say yea or nay. This is the preferred method of + checking for a logon as it doesn't export the password + hashes to anyone who has compromised the secure channel. JRA. + +********************************************************************/ + +void init_netr_NetworkInfo(struct netr_NetworkInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation, + uint8_t challenge[8], + struct netr_ChallengeResponse nt, + struct netr_ChallengeResponse lm) +{ + init_netr_IdentityInfo(&r->identity_info, + domain_name, + parameter_control, + logon_id_low, + logon_id_high, + account_name, + workstation); + memcpy(r->challenge, challenge, 8); + r->nt = nt; + r->lm = lm; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_netr_PasswordInfo(struct netr_PasswordInfo *r, + const char *domain_name, + uint32_t parameter_control, + uint32_t logon_id_low, + uint32_t logon_id_high, + const char *account_name, + const char *workstation, + struct samr_Password lmpassword, + struct samr_Password ntpassword) +{ + init_netr_IdentityInfo(&r->identity_info, + domain_name, + parameter_control, + logon_id_low, + logon_id_high, + account_name, + workstation); + r->lmpassword = lmpassword; + r->ntpassword = ntpassword; +} diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c new file mode 100644 index 0000000000..2e757531ce --- /dev/null +++ b/source3/rpc_client/init_samr.c @@ -0,0 +1,508 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo1(struct samr_DomInfo1 *r, + uint16_t min_password_length, + uint16_t password_history_length, + uint32_t password_properties, + int64_t max_password_age, + int64_t min_password_age) +{ + r->min_password_length = min_password_length; + r->password_history_length = password_history_length; + r->password_properties = password_properties; + r->max_password_age = max_password_age; + r->min_password_age = min_password_age; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo2(struct samr_DomInfo2 *r, + NTTIME force_logoff_time, + const char *comment, + const char *domain_name, + const char *primary, + uint64_t sequence_num, + uint32_t unknown2, + enum samr_Role role, + uint32_t unknown3, + uint32_t num_users, + uint32_t num_groups, + uint32_t num_aliases) +{ + r->force_logoff_time = force_logoff_time; + init_lsa_String(&r->comment, comment); + init_lsa_String(&r->domain_name, domain_name); + init_lsa_String(&r->primary, primary); + r->sequence_num = sequence_num; + r->unknown2 = unknown2; + r->role = role; + r->unknown3 = unknown3; + r->num_users = num_users; + r->num_groups = num_groups; + r->num_aliases = num_aliases; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo3(struct samr_DomInfo3 *r, + NTTIME force_logoff_time) +{ + r->force_logoff_time = force_logoff_time; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo4(struct samr_DomInfo4 *r, + const char *comment) +{ + init_lsa_String(&r->comment, comment); +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo5(struct samr_DomInfo5 *r, + const char *domain_name) +{ + init_lsa_String(&r->domain_name, domain_name); +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo6(struct samr_DomInfo6 *r, + const char *primary) +{ + init_lsa_String(&r->primary, primary); +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo7(struct samr_DomInfo7 *r, + enum samr_Role role) +{ + r->role = role; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo8(struct samr_DomInfo8 *r, + uint64_t sequence_num, + NTTIME domain_create_time) +{ + r->sequence_num = sequence_num; + r->domain_create_time = domain_create_time; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo9(struct samr_DomInfo9 *r, + uint32_t unknown) +{ + r->unknown = unknown; +} + +/******************************************************************* + inits a structure. +********************************************************************/ + +void init_samr_DomInfo12(struct samr_DomInfo12 *r, + uint64_t lockout_duration, + uint64_t lockout_window, + uint16_t lockout_threshold) +{ + r->lockout_duration = lockout_duration; + r->lockout_window = lockout_window; + r->lockout_threshold = lockout_threshold; +} + +/******************************************************************* + inits a samr_GroupInfoAll structure. +********************************************************************/ + +void init_samr_group_info1(struct samr_GroupInfoAll *r, + const char *name, + uint32_t attributes, + uint32_t num_members, + const char *description) +{ + DEBUG(5, ("init_samr_group_info1\n")); + + init_lsa_String(&r->name, name); + r->attributes = attributes; + r->num_members = num_members; + init_lsa_String(&r->description, description); +} + +/******************************************************************* + inits a lsa_String structure +********************************************************************/ + +void init_samr_group_info2(struct lsa_String *r, const char *group_name) +{ + DEBUG(5, ("init_samr_group_info2\n")); + + init_lsa_String(r, group_name); +} + +/******************************************************************* + inits a samr_GroupInfoAttributes structure. +********************************************************************/ + +void init_samr_group_info3(struct samr_GroupInfoAttributes *r, + uint32_t attributes) +{ + DEBUG(5, ("init_samr_group_info3\n")); + + r->attributes = attributes; +} + +/******************************************************************* + inits a lsa_String structure +********************************************************************/ + +void init_samr_group_info4(struct lsa_String *r, const char *description) +{ + DEBUG(5, ("init_samr_group_info4\n")); + + init_lsa_String(r, description); +} + +/******************************************************************* + inits a samr_GroupInfoAll structure. +********************************************************************/ + +void init_samr_group_info5(struct samr_GroupInfoAll *r, + const char *name, + uint32_t attributes, + uint32_t num_members, + const char *description) +{ + DEBUG(5, ("init_samr_group_info5\n")); + + init_lsa_String(&r->name, name); + r->attributes = attributes; + r->num_members = num_members; + init_lsa_String(&r->description, description); +} + +/******************************************************************* + inits a samr_AliasInfoAll structure. +********************************************************************/ + +void init_samr_alias_info1(struct samr_AliasInfoAll *r, + const char *name, + uint32_t num_members, + const char *description) +{ + DEBUG(5, ("init_samr_alias_info1\n")); + + init_lsa_String(&r->name, name); + r->num_members = num_members; + init_lsa_String(&r->description, description); +} + +/******************************************************************* +inits a lsa_String structure. +********************************************************************/ + +void init_samr_alias_info3(struct lsa_String *r, + const char *description) +{ + DEBUG(5, ("init_samr_alias_info3\n")); + + init_lsa_String(r, description); +} + +/******************************************************************* + inits a samr_UserInfo7 structure. +********************************************************************/ + +void init_samr_user_info7(struct samr_UserInfo7 *r, + const char *account_name) +{ + DEBUG(5, ("init_samr_user_info7\n")); + + init_lsa_String(&r->account_name, account_name); +} + +/******************************************************************* + inits a samr_UserInfo9 structure. +********************************************************************/ + +void init_samr_user_info9(struct samr_UserInfo9 *r, + uint32_t primary_gid) +{ + DEBUG(5, ("init_samr_user_info9\n")); + + r->primary_gid = primary_gid; +} + +/******************************************************************* + inits a SAM_USER_INFO_16 structure. +********************************************************************/ + +void init_samr_user_info16(struct samr_UserInfo16 *r, + uint32_t acct_flags) +{ + DEBUG(5, ("init_samr_user_info16\n")); + + r->acct_flags = acct_flags; +} + +/******************************************************************* + inits a samr_UserInfo18 structure. +********************************************************************/ + +void init_samr_user_info18(struct samr_UserInfo18 *r, + const uint8 lm_pwd[16], + const uint8 nt_pwd[16]) +{ + DEBUG(5, ("init_samr_user_info18\n")); + + r->lm_pwd_active = + memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false; + r->nt_pwd_active = + memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false; +} + +/******************************************************************* + inits a samr_UserInfo20 structure. +********************************************************************/ + +void init_samr_user_info20(struct samr_UserInfo20 *r, + struct lsa_BinaryString *parameters) +{ + r->parameters = *parameters; +} + +/************************************************************************* + inits a samr_UserInfo21 structure + *************************************************************************/ + +void init_samr_user_info21(struct samr_UserInfo21 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired) +{ + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->last_password_change = last_password_change; + r->acct_expiry = acct_expiry; + r->allow_password_change = allow_password_change; + r->force_password_change = force_password_change; + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->description, description); + init_lsa_String(&r->workstations, workstations); + init_lsa_String(&r->comment, comment); + r->parameters = *parameters; + r->rid = rid; + r->primary_gid = primary_gid; + r->acct_flags = acct_flags; + r->fields_present = fields_present; + r->logon_hours = logon_hours; + r->bad_password_count = bad_password_count; + r->logon_count = logon_count; + r->country_code = country_code; + r->code_page = code_page; + r->nt_password_set = nt_password_set; + r->lm_password_set = lm_password_set; + r->password_expired = password_expired; +} + +/************************************************************************* + init_samr_user_info23 + *************************************************************************/ + +void init_samr_user_info23(struct samr_UserInfo23 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + uint8_t data[516], + uint8_t pw_len) +{ + memset(r, '\0', sizeof(*r)); + init_samr_user_info21(&r->info, + last_logon, + last_logoff, + last_password_change, + acct_expiry, + allow_password_change, + force_password_change, + account_name, + full_name, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + comment, + parameters, + rid, + primary_gid, + acct_flags, + fields_present, + logon_hours, + bad_password_count, + logon_count, + country_code, + code_page, + nt_password_set, + lm_password_set, + password_expired); + + memcpy(r->password.data, data, sizeof(r->password.data)); +} + +/************************************************************************* + init_samr_user_info24 + *************************************************************************/ + +void init_samr_user_info24(struct samr_UserInfo24 *r, + uint8_t data[516], + uint8_t pw_len) +{ + DEBUG(10, ("init_samr_user_info24:\n")); + + memcpy(r->password.data, data, sizeof(r->password.data)); + r->pw_len = pw_len; +} + +/************************************************************************* + inits a samr_CryptPasswordEx structure + *************************************************************************/ + +void init_samr_CryptPasswordEx(const char *pwd, + DATA_BLOB *session_key, + struct samr_CryptPasswordEx *pwd_buf) +{ + /* samr_CryptPasswordEx */ + + uchar pwbuf[532]; + struct MD5Context md5_ctx; + uint8_t confounder[16]; + DATA_BLOB confounded_session_key = data_blob(NULL, 16); + + encode_pw_buffer(pwbuf, pwd, STR_UNICODE); + + generate_random_buffer((uint8_t *)confounder, 16); + + MD5Init(&md5_ctx); + MD5Update(&md5_ctx, confounder, 16); + MD5Update(&md5_ctx, session_key->data, + session_key->length); + MD5Final(confounded_session_key.data, &md5_ctx); + + SamOEMhashBlob(pwbuf, 516, &confounded_session_key); + memcpy(&pwbuf[516], confounder, 16); + + memcpy(pwd_buf->data, pwbuf, sizeof(pwbuf)); + data_blob_free(&confounded_session_key); +} + +/************************************************************************* + inits a samr_CryptPassword structure + *************************************************************************/ + +void init_samr_CryptPassword(const char *pwd, + DATA_BLOB *session_key, + struct samr_CryptPassword *pwd_buf) +{ + /* samr_CryptPassword */ + + encode_pw_buffer(pwd_buf->data, pwd, STR_UNICODE); + SamOEMhashBlob(pwd_buf->data, 516, session_key); +} diff --git a/source3/rpc_client/init_srvsvc.c b/source3/rpc_client/init_srvsvc.c new file mode 100644 index 0000000000..24beb1ace2 --- /dev/null +++ b/source3/rpc_client/init_srvsvc.c @@ -0,0 +1,402 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Guenther Deschner 2008. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" + +/******************************************************************* + inits a srvsvc_NetSrvInfo102 structure +********************************************************************/ + +void init_srvsvc_NetSrvInfo102(struct srvsvc_NetSrvInfo102 *r, + enum srvsvc_PlatformId platform_id, + const char *server_name, + uint32_t version_major, + uint32_t version_minor, + uint32_t server_type, + const char *comment, + uint32_t users, + uint32_t disc, + uint32_t hidden, + uint32_t announce, + uint32_t anndelta, + uint32_t licenses, + const char *userpath) +{ + r->platform_id = platform_id; + r->server_name = server_name; + r->version_major = version_major; + r->version_minor = version_minor; + r->server_type = server_type; + r->comment = comment; + r->users = users; + r->disc = disc; + r->hidden = hidden; + r->announce = announce; + r->anndelta = anndelta; + r->licenses = licenses; + r->userpath = userpath; +} + +/******************************************************************* + inits a srvsvc_NetSrvInfo101 structure +********************************************************************/ + +void init_srvsvc_NetSrvInfo101(struct srvsvc_NetSrvInfo101 *r, + enum srvsvc_PlatformId platform_id, + const char *server_name, + uint32_t version_major, + uint32_t version_minor, + uint32_t server_type, + const char *comment) +{ + r->platform_id = platform_id; + r->server_name = server_name; + r->version_major = version_major; + r->version_minor = version_minor; + r->server_type = server_type; + r->comment = comment; +} + +/******************************************************************* + inits a srvsvc_NetSrvInfo100 structure +********************************************************************/ + +void init_srvsvc_NetSrvInfo100(struct srvsvc_NetSrvInfo100 *r, + enum srvsvc_PlatformId platform_id, + const char *server_name) +{ + r->platform_id = platform_id; + r->server_name = server_name; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo0 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo0(struct srvsvc_NetShareInfo0 *r, + const char *name) +{ + r->name = name; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo1 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo1(struct srvsvc_NetShareInfo1 *r, + const char *name, + enum srvsvc_ShareType type, + const char *comment) +{ + r->name = name; + r->type = type; + r->comment = comment; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo2 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo2(struct srvsvc_NetShareInfo2 *r, + const char *name, + enum srvsvc_ShareType type, + const char *comment, + uint32_t permissions, + uint32_t max_users, + uint32_t current_users, + const char *path, + const char *password) +{ + r->name = name; + r->type = type; + r->comment = comment; + r->permissions = permissions; + r->max_users = max_users; + r->current_users = current_users; + r->path = path; + r->password = password; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo501 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo501(struct srvsvc_NetShareInfo501 *r, + const char *name, + enum srvsvc_ShareType type, + const char *comment, + uint32_t csc_policy) +{ + r->name = name; + r->type = type; + r->comment = comment; + r->csc_policy = csc_policy; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo502 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo502(struct srvsvc_NetShareInfo502 *r, + const char *name, + enum srvsvc_ShareType type, + const char *comment, + uint32_t permissions, + uint32_t max_users, + uint32_t current_users, + const char *path, + const char *password, + struct sec_desc_buf *sd_buf) +{ + r->name = name; + r->type = type; + r->comment = comment; + r->permissions = permissions; + r->max_users = max_users; + r->current_users = current_users; + r->path = path; + r->password = password; + r->sd_buf = *sd_buf; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo1004 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo1004(struct srvsvc_NetShareInfo1004 *r, + const char *comment) +{ + r->comment = comment; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo1005 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo1005(struct srvsvc_NetShareInfo1005 *r, + uint32_t dfs_flags) +{ + r->dfs_flags = dfs_flags; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo1006 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo1006(struct srvsvc_NetShareInfo1006 *r, + uint32_t max_users) +{ + r->max_users = max_users; +} + +/******************************************************************* + inits a srvsvc_NetShareInfo1007 structure +********************************************************************/ + +void init_srvsvc_NetShareInfo1007(struct srvsvc_NetShareInfo1007 *r, + uint32_t flags, + const char *alternate_directory_name) +{ + r->flags = flags; + r->alternate_directory_name = alternate_directory_name; +} + +/******************************************************************* + inits a srvsvc_NetRemoteTODInfo structure + ********************************************************************/ + +void init_srvsvc_NetRemoteTODInfo(struct srvsvc_NetRemoteTODInfo *r, + uint32_t elapsed, + uint32_t msecs, + uint32_t hours, + uint32_t mins, + uint32_t secs, + uint32_t hunds, + int32_t ttimezone, + uint32_t tinterval, + uint32_t day, + uint32_t month, + uint32_t year, + uint32_t weekday) +{ + r->elapsed = elapsed; + r->msecs = msecs; + r->hours = hours; + r->mins = mins; + r->secs = secs; + r->hunds = hunds; + r->timezone = ttimezone; + r->tinterval = tinterval; + r->day = day; + r->month = month; + r->year = year; + r->weekday = weekday; +} + +/******************************************************************* + inits a srvsvc_NetSessInfo0 structure + ********************************************************************/ + +void init_srvsvc_NetSessInfo0(struct srvsvc_NetSessInfo0 *r, + const char *client) +{ + r->client = client; +} + +/******************************************************************* + inits a srvsvc_NetSessInfo1 structure + ********************************************************************/ + +void init_srvsvc_NetSessInfo1(struct srvsvc_NetSessInfo1 *r, + const char *client, + const char *user, + uint32_t num_open, + uint32_t _time, + uint32_t idle_time, + uint32_t user_flags) +{ + r->client = client; + r->user = user; + r->num_open = num_open; + r->time = _time; + r->idle_time = idle_time; + r->user_flags = user_flags; +} + +/******************************************************************* + inits a srvsvc_NetSessInfo2 structure + ********************************************************************/ + +void init_srvsvc_NetSessInfo2(struct srvsvc_NetSessInfo2 *r, + const char *client, + const char *user, + uint32_t num_open, + uint32_t _time, + uint32_t idle_time, + uint32_t user_flags, + const char *client_type) +{ + r->client = client; + r->user = user; + r->num_open = num_open; + r->time = _time; + r->idle_time = idle_time; + r->user_flags = user_flags; + r->client_type = client_type; +} + +/******************************************************************* + inits a srvsvc_NetSessInfo10 structure + ********************************************************************/ + +void init_srvsvc_NetSessInfo10(struct srvsvc_NetSessInfo10 *r, + const char *client, + const char *user, + uint32_t _time, + uint32_t idle_time) +{ + r->client = client; + r->user = user; + r->time = _time; + r->idle_time = idle_time; +} + +/******************************************************************* + inits a srvsvc_NetSessInfo502 structure + ********************************************************************/ + +void init_srvsvc_NetSessInfo502(struct srvsvc_NetSessInfo502 *r, + const char *client, + const char *user, + uint32_t num_open, + uint32_t _time, + uint32_t idle_time, + uint32_t user_flags, + const char *client_type, + const char *transport) +{ + r->client = client; + r->user = user; + r->num_open = num_open; + r->time = _time; + r->idle_time = idle_time; + r->user_flags = user_flags; + r->client_type = client_type; + r->transport = transport; +} + +/******************************************************************* + inits a srvsvc_NetFileInfo2 structure + ********************************************************************/ + +void init_srvsvc_NetFileInfo2(struct srvsvc_NetFileInfo2 *r, + uint32_t fid) +{ + r->fid = fid; +} + +/******************************************************************* + inits a srvsvc_NetFileInfo3 structure + ********************************************************************/ + +void init_srvsvc_NetFileInfo3(struct srvsvc_NetFileInfo3 *r, + uint32_t fid, + uint32_t permissions, + uint32_t num_locks, + const char *path, + const char *user) +{ + r->fid = fid; + r->permissions = permissions; + r->num_locks = num_locks; + r->path = path; + r->user = user; +} + +/******************************************************************* + inits a srvsvc_NetConnInfo0 structure + ********************************************************************/ + +void init_srvsvc_NetConnInfo0(struct srvsvc_NetConnInfo0 *r, + uint32_t conn_id) +{ + r->conn_id = conn_id; +} + +/******************************************************************* + inits a srvsvc_NetConnInfo1 structure + ********************************************************************/ + +void init_srvsvc_NetConnInfo1(struct srvsvc_NetConnInfo1 *r, + uint32_t conn_id, + uint32_t conn_type, + uint32_t num_open, + uint32_t num_users, + uint32_t conn_time, + const char *user, + const char *share) +{ + r->conn_id = conn_id; + r->conn_type = conn_type; + r->num_open = num_open; + r->num_users = num_users; + r->conn_time = conn_time; + r->user = user; + r->share = share; +} diff --git a/source3/rpc_client/ndr.c b/source3/rpc_client/ndr.c new file mode 100644 index 0000000000..72a33137a6 --- /dev/null +++ b/source3/rpc_client/ndr.c @@ -0,0 +1,95 @@ +/* + Unix SMB/CIFS implementation. + + libndr interface + + Copyright (C) Jelmer Vernooij 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" + + +NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + const struct ndr_interface_table *table, + uint32 opnum, void *r) +{ + prs_struct q_ps, r_ps; + const struct ndr_interface_call *call; + struct ndr_pull *pull; + DATA_BLOB blob; + struct ndr_push *push; + NTSTATUS status; + enum ndr_err_code ndr_err; + + SMB_ASSERT(ndr_syntax_id_equal(&table->syntax_id, + &cli->abstract_syntax)); + SMB_ASSERT(table->num_calls > opnum); + + call = &table->calls[opnum]; + + push = ndr_push_init_ctx(mem_ctx); + if (!push) { + return NT_STATUS_NO_MEMORY; + } + + ndr_err = call->ndr_push(push, NDR_IN, r); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + blob = ndr_push_blob(push); + + if (!prs_init_data_blob(&q_ps, &blob, mem_ctx)) { + return NT_STATUS_NO_MEMORY; + } + + talloc_free(push); + + prs_init_empty( &r_ps, mem_ctx, UNMARSHALL ); + + status = rpc_api_pipe_req(cli, opnum, &q_ps, &r_ps); + + prs_mem_free( &q_ps ); + + if (!NT_STATUS_IS_OK(status)) { + prs_mem_free( &r_ps ); + return status; + } + + if (!prs_data_blob(&r_ps, &blob, mem_ctx)) { + prs_mem_free( &r_ps ); + return NT_STATUS_NO_MEMORY; + } + + prs_mem_free( &r_ps ); + + pull = ndr_pull_init_blob(&blob, mem_ctx); + if (pull == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* have the ndr parser alloc memory for us */ + pull->flags |= LIBNDR_FLAG_REF_ALLOC; + ndr_err = call->ndr_pull(pull, NDR_OUT, r); + talloc_free(pull); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + return NT_STATUS_OK; +} |