diff options
Diffstat (limited to 'source4/librpc')
-rw-r--r-- | source4/librpc/rpc/dcerpc.c | 8 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc.h | 17 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_auth.c | 8 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_connect.c | 12 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_schannel.c | 3 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_secondary.c | 3 | ||||
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 22 |
7 files changed, 50 insertions, 23 deletions
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index bd8e60d4bd..042745d74d 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -1457,8 +1457,9 @@ _PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) ndr_err = call->ndr_pull(pull, NDR_OUT, r); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); - dcerpc_log_packet(table, opnum, NDR_OUT, - &response); + dcerpc_log_packet(p->conn->packet_log_dir, + table, opnum, NDR_OUT, + &response); return status; } @@ -1467,7 +1468,8 @@ _PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req) call->ndr_push, call->ndr_pull, call->ndr_print); if (!NT_STATUS_IS_OK(status)) { - dcerpc_log_packet(table, opnum, NDR_OUT, + dcerpc_log_packet(p->conn->packet_log_dir, + table, opnum, NDR_OUT, &response); return status; } diff --git a/source4/librpc/rpc/dcerpc.h b/source4/librpc/rpc/dcerpc.h index cc8d3d1429..dfbe6ee7a6 100644 --- a/source4/librpc/rpc/dcerpc.h +++ b/source4/librpc/rpc/dcerpc.h @@ -40,6 +40,7 @@ enum dcerpc_transport_t { this defines a generic security context for signed/sealed dcerpc pipes. */ struct dcerpc_connection; +struct gensec_settings; struct dcerpc_security { struct dcerpc_auth *auth_info; struct gensec_security *generic_state; @@ -61,6 +62,9 @@ struct dcerpc_connection { struct event_context *event_ctx; struct smb_iconv_convenience *iconv_convenience; + /** Directory in which to save ndrdump-parseable files */ + const char *packet_log_dir; + bool dead; bool free_skipped; @@ -109,10 +113,10 @@ struct dcerpc_pipe { struct dcerpc_connection *conn; struct dcerpc_binding *binding; - /* the last fault code from a DCERPC fault */ + /** the last fault code from a DCERPC fault */ uint32_t last_fault_code; - /* timeout for individual rpc requests, in seconds */ + /** timeout for individual rpc requests, in seconds */ uint32_t request_timeout; }; @@ -319,7 +323,7 @@ NTSTATUS dcerpc_alter_context(struct dcerpc_pipe *p, NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct ndr_interface_table *table, struct cli_credentials *credentials, - struct loadparm_context *lp_ctx, + struct gensec_settings *gensec_settings, uint8_t auth_type, uint8_t auth_level, const char *service); struct composite_context* dcerpc_pipe_connect_send(TALLOC_CTX *parent_ctx, @@ -345,9 +349,10 @@ NTSTATUS dcerpc_secondary_auth_connection_recv(struct composite_context *c, struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p, struct dcerpc_binding *b); -void dcerpc_log_packet(const struct ndr_interface_table *ndr, - uint32_t opnum, uint32_t flags, - DATA_BLOB *pkt); +void dcerpc_log_packet(const char *lockdir, + const struct ndr_interface_table *ndr, + uint32_t opnum, uint32_t flags, + DATA_BLOB *pkt); NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding, struct epm_tower *tower); NTSTATUS dcerpc_floor_get_lhs_data(struct epm_floor *epm_floor, struct ndr_syntax_id *syntax); diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c index 2eced55967..7c9d04eeb4 100644 --- a/source4/librpc/rpc/dcerpc_auth.c +++ b/source4/librpc/rpc/dcerpc_auth.c @@ -222,7 +222,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, const struct ndr_interface_table *table, struct cli_credentials *credentials, - struct loadparm_context *lp_ctx, + struct gensec_settings *gensec_settings, uint8_t auth_type, uint8_t auth_level, const char *service) { @@ -251,7 +251,7 @@ struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, c->status = gensec_client_start(p, &sec->generic_state, p->conn->event_ctx, - lp_ctx); + gensec_settings); if (!NT_STATUS_IS_OK(c->status)) { DEBUG(1, ("Failed to start GENSEC client mode: %s\n", nt_errstr(c->status))); @@ -387,12 +387,12 @@ NTSTATUS dcerpc_bind_auth_recv(struct composite_context *creq) _PUBLIC_ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct ndr_interface_table *table, struct cli_credentials *credentials, - struct loadparm_context *lp_ctx, + struct gensec_settings *gensec_settings, uint8_t auth_type, uint8_t auth_level, const char *service) { struct composite_context *creq; - creq = dcerpc_bind_auth_send(p, p, table, credentials, lp_ctx, + creq = dcerpc_bind_auth_send(p, p, table, credentials, gensec_settings, auth_type, auth_level, service); return dcerpc_bind_auth_recv(creq); } diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 9583fcdc02..8d03f9cde3 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -116,6 +116,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT conn->in.called_name = "*SMBSERVER"; /* FIXME: This is invalid */ else conn->in.called_name = s->io.binding->target_hostname; + conn->in.socket_options = lp_socket_options(lp_ctx); conn->in.service = "IPC$"; conn->in.service_type = NULL; conn->in.workgroup = lp_workgroup(lp_ctx); @@ -247,11 +248,15 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb2_send( lp_smbcli_options(lp_ctx, &options); /* send smb2 connect request */ - conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, "IPC$", + conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, + lp_parm_string_list(mem_ctx, lp_ctx, NULL, "smb2", "ports", NULL), + "IPC$", s->io.resolve_ctx, s->io.creds, c->event_ctx, - &options); + &options, + lp_socket_options(lp_ctx) + ); composite_continue(c, conn_req, continue_smb2_connect, c); return c; } @@ -740,6 +745,9 @@ _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent s->pipe = dcerpc_pipe_init(c, ev, lp_iconv_convenience(lp_ctx)); if (composite_nomem(s->pipe, c)) return c; + if (DEBUGLEVEL >= 10) + s->pipe->conn->packet_log_dir = lp_lockdir(lp_ctx); + /* store parameters in state structure */ s->binding = binding; s->table = table; diff --git a/source4/librpc/rpc/dcerpc_schannel.c b/source4/librpc/rpc/dcerpc_schannel.c index 13bbc3d51f..e3add82bf2 100644 --- a/source4/librpc/rpc/dcerpc_schannel.c +++ b/source4/librpc/rpc/dcerpc_schannel.c @@ -29,6 +29,7 @@ #include "librpc/gen_ndr/ndr_netlogon_c.h" #include "auth/credentials/credentials.h" #include "librpc/rpc/dcerpc_proto.h" +#include "param/param.h" struct schannel_key_state { struct dcerpc_pipe *pipe; @@ -319,7 +320,7 @@ static void continue_schannel_key(struct composite_context *ctx) /* send bind auth request with received creds */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, - s->lp_ctx, + lp_gensec_settings(c, s->lp_ctx), DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level, NULL); if (composite_nomem(auth_req, c)) return; diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c index b4d5d05b61..8ac235c67c 100644 --- a/source4/librpc/rpc/dcerpc_secondary.c +++ b/source4/librpc/rpc/dcerpc_secondary.c @@ -75,6 +75,9 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx, s->pipe->conn->iconv_convenience); if (composite_nomem(s->pipe2, c)) return c; + if (DEBUGLEVEL >= 10) + s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir; + /* open second dcerpc pipe using the same transport as for primary pipe */ switch (s->pipe->conn->transport.transport) { case NCACN_NP: diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 32646e85b0..1847b20ee7 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -421,7 +421,8 @@ static void continue_ntlmssp_connection(struct composite_context *ctx) /* initiate a authenticated bind */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), DCERPC_AUTH_TYPE_NTLMSSP, dcerpc_auth_level(s->pipe->conn), s->table->authservices->names[0]); @@ -453,7 +454,9 @@ static void continue_spnego_after_wrong_pass(struct composite_context *ctx) /* initiate a authenticated bind */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), + DCERPC_AUTH_TYPE_SPNEGO, dcerpc_auth_level(s->pipe->conn), s->table->authservices->names[0]); composite_continue(c, auth_req, continue_auth, c); @@ -572,7 +575,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, } else { /* try SPNEGO with fallback to NTLMSSP */ auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, DCERPC_AUTH_TYPE_SPNEGO, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), + DCERPC_AUTH_TYPE_SPNEGO, dcerpc_auth_level(conn), s->table->authservices->names[0]); composite_continue(c, auth_req, continue_auth_auto, c); @@ -580,7 +585,9 @@ struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, } auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, - s->credentials, s->lp_ctx, auth_type, + s->credentials, + lp_gensec_settings(c, s->lp_ctx), + auth_type, dcerpc_auth_level(conn), s->table->authservices->names[0]); composite_continue(c, auth_req, continue_auth, c); @@ -671,19 +678,20 @@ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, this triggers on a debug level of >= 10 */ -_PUBLIC_ void dcerpc_log_packet(const struct ndr_interface_table *ndr, +_PUBLIC_ void dcerpc_log_packet(const char *lockdir, + const struct ndr_interface_table *ndr, uint32_t opnum, uint32_t flags, DATA_BLOB *pkt) { const int num_examples = 20; int i; - if (DEBUGLEVEL < 10) return; + if (lockdir == NULL) return; for (i=0;i<num_examples;i++) { char *name=NULL; asprintf(&name, "%s/rpclog/%s-%u.%d.%s", - lp_lockdir(global_loadparm), ndr->name, opnum, i, + lockdir, ndr->name, opnum, i, (flags&NDR_IN)?"in":"out"); if (name == NULL) { return; |