/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following definitions.
- dcerpc_iface_find_call
- ncacn_push_auth
- continue_epm_recv_binding
- continue_epm_map
- dcerpc_epm_map_binding_send
- dcerpc_epm_map_binding_recv
- dcerpc_epm_map_binding
- continue_auth_schannel
- continue_auth
- continue_auth_auto
- continue_ntlmssp_connection
- continue_spnego_after_wrong_pass
- continue_auth_none
- dcerpc_pipe_auth_send
- dcerpc_pipe_auth_recv
- dcerpc_pipe_auth
- dcerpc_generic_session_key
- dcerpc_fetch_session_key
- dcerpc_log_packet
- dcerpc_secondary_context
1 /*
2 Unix SMB/CIFS implementation.
3
4 dcerpc utility functions
5
6 Copyright (C) Andrew Tridgell 2003
7 Copyright (C) Jelmer Vernooij 2004
8 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
9 Copyright (C) Rafal Szczesniak 2006
10
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25 #include "includes.h"
26 #include "lib/events/events.h"
27 #include "libcli/composite/composite.h"
28 #include "librpc/gen_ndr/ndr_epmapper_c.h"
29 #include "librpc/gen_ndr/ndr_dcerpc.h"
30 #include "librpc/gen_ndr/ndr_misc.h"
31 #include "librpc/rpc/dcerpc_proto.h"
32 #include "auth/credentials/credentials.h"
33 #include "param/param.h"
34
35 /*
36 find a dcerpc call on an interface by name
37 */
38 const struct ndr_interface_call *dcerpc_iface_find_call(const struct ndr_interface_table *iface,
/* [<][>][^][v][top][bottom][index][help] */
39 const char *name)
40 {
41 int i;
42 for (i=0;i<iface->num_calls;i++) {
43 if (strcmp(iface->calls[i].name, name) == 0) {
44 return &iface->calls[i];
45 }
46 }
47 return NULL;
48 }
49
50 /*
51 push a ncacn_packet into a blob, potentially with auth info
52 */
53 NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
54 struct smb_iconv_convenience *iconv_convenience,
55 struct ncacn_packet *pkt,
56 struct dcerpc_auth *auth_info)
57 {
58 struct ndr_push *ndr;
59 enum ndr_err_code ndr_err;
60
61 ndr = ndr_push_init_ctx(mem_ctx, iconv_convenience);
62 if (!ndr) {
63 return NT_STATUS_NO_MEMORY;
64 }
65
66 if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
67 ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
68 }
69
70 if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
71 ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
72 }
73
74 if (auth_info) {
75 pkt->auth_length = auth_info->credentials.length;
76 } else {
77 pkt->auth_length = 0;
78 }
79
80 ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
81 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
82 return ndr_map_error2ntstatus(ndr_err);
83 }
84
85 if (auth_info) {
86 ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
87 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
88 return ndr_map_error2ntstatus(ndr_err);
89 }
90 }
91
92 *blob = ndr_push_blob(ndr);
93
94 /* fill in the frag length */
95 dcerpc_set_frag_length(blob, blob->length);
96
97 return NT_STATUS_OK;
98 }
99
100
101 struct epm_map_binding_state {
102 struct dcerpc_binding *binding;
103 const struct ndr_interface_table *table;
104 struct dcerpc_pipe *pipe;
105 struct policy_handle handle;
106 struct GUID guid;
107 struct epm_twr_t twr;
108 struct epm_twr_t *twr_r;
109 struct epm_Map r;
110 };
111
112
113 static void continue_epm_recv_binding(struct composite_context *ctx);
114 static void continue_epm_map(struct rpc_request *req);
115
116
117 /*
118 Stage 2 of epm_map_binding: Receive connected rpc pipe and send endpoint
119 mapping rpc request
120 */
121 static void continue_epm_recv_binding(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
122 {
123 struct rpc_request *map_req;
124
125 struct composite_context *c = talloc_get_type(ctx->async.private_data,
126 struct composite_context);
127 struct epm_map_binding_state *s = talloc_get_type(c->private_data,
128 struct epm_map_binding_state);
129
130 /* receive result of rpc pipe connect request */
131 c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
132 if (!composite_is_ok(c)) return;
133
134 s->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
135
136 /* prepare requested binding parameters */
137 s->binding->object = s->table->syntax_id;
138
139 c->status = dcerpc_binding_build_tower(s->pipe, s->binding, &s->twr.tower);
140 if (!composite_is_ok(c)) return;
141
142 /* with some nice pretty paper around it of course */
143 s->r.in.object = &s->guid;
144 s->r.in.map_tower = &s->twr;
145 s->r.in.entry_handle = &s->handle;
146 s->r.in.max_towers = 1;
147 s->r.out.entry_handle = &s->handle;
148
149 /* send request for an endpoint mapping - a rpc request on connected pipe */
150 map_req = dcerpc_epm_Map_send(s->pipe, c, &s->r);
151 if (composite_nomem(map_req, c)) return;
152
153 composite_continue_rpc(c, map_req, continue_epm_map, c);
154 }
155
156
157 /*
158 Stage 3 of epm_map_binding: Receive endpoint mapping and provide binding details
159 */
160 static void continue_epm_map(struct rpc_request *req)
/* [<][>][^][v][top][bottom][index][help] */
161 {
162 struct composite_context *c = talloc_get_type(req->async.private_data,
163 struct composite_context);
164 struct epm_map_binding_state *s = talloc_get_type(c->private_data,
165 struct epm_map_binding_state);
166
167 /* receive result of a rpc request */
168 c->status = dcerpc_ndr_request_recv(req);
169 if (!composite_is_ok(c)) return;
170
171 /* check the details */
172 if (s->r.out.result != 0 || *s->r.out.num_towers != 1) {
173 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
174 return;
175 }
176
177 s->twr_r = s->r.out.towers[0].twr;
178 if (s->twr_r == NULL) {
179 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
180 return;
181 }
182
183 if (s->twr_r->tower.num_floors != s->twr.tower.num_floors ||
184 s->twr_r->tower.floors[3].lhs.protocol != s->twr.tower.floors[3].lhs.protocol) {
185 composite_error(c, NT_STATUS_PORT_UNREACHABLE);
186 return;
187 }
188
189 /* get received endpoint */
190 s->binding->endpoint = talloc_reference(s->binding,
191 dcerpc_floor_get_rhs_data(c, &s->twr_r->tower.floors[3]));
192 if (composite_nomem(s->binding->endpoint, c)) return;
193
194 composite_done(c);
195 }
196
197
198 /*
199 Request for endpoint mapping of dcerpc binding - try to request for endpoint
200 unless there is default one.
201 */
202 struct composite_context *dcerpc_epm_map_binding_send(TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
203 struct dcerpc_binding *binding,
204 const struct ndr_interface_table *table,
205 struct tevent_context *ev,
206 struct loadparm_context *lp_ctx)
207 {
208 struct composite_context *c;
209 struct epm_map_binding_state *s;
210 struct composite_context *pipe_connect_req;
211 struct cli_credentials *anon_creds;
212
213 NTSTATUS status;
214 struct dcerpc_binding *epmapper_binding;
215 int i;
216
217 if (ev == NULL) {
218 return NULL;
219 }
220
221 /* composite context allocation and setup */
222 c = composite_create(mem_ctx, ev);
223 if (c == NULL) {
224 return NULL;
225 }
226
227 s = talloc_zero(c, struct epm_map_binding_state);
228 if (composite_nomem(s, c)) return c;
229 c->private_data = s;
230
231 s->binding = binding;
232 s->table = table;
233
234 /* anonymous credentials for rpc connection used to get endpoint mapping */
235 anon_creds = cli_credentials_init(mem_ctx);
236 cli_credentials_set_anonymous(anon_creds);
237
238 /*
239 First, check if there is a default endpoint specified in the IDL
240 */
241 if (table != NULL) {
242 struct dcerpc_binding *default_binding;
243
244 /* Find one of the default pipes for this interface */
245 for (i = 0; i < table->endpoints->count; i++) {
246 status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
247
248 if (NT_STATUS_IS_OK(status)) {
249 if (binding->transport == NCA_UNKNOWN)
250 binding->transport = default_binding->transport;
251 if (default_binding->transport == binding->transport &&
252 default_binding->endpoint) {
253 binding->endpoint = talloc_reference(binding, default_binding->endpoint);
254 talloc_free(default_binding);
255
256 composite_done(c);
257 return c;
258
259 } else {
260 talloc_free(default_binding);
261 }
262 }
263 }
264 }
265
266 epmapper_binding = talloc_zero(c, struct dcerpc_binding);
267 if (composite_nomem(epmapper_binding, c)) return c;
268
269 /* basic endpoint mapping data */
270 epmapper_binding->transport = binding->transport;
271 epmapper_binding->host = talloc_reference(epmapper_binding, binding->host);
272 epmapper_binding->target_hostname = epmapper_binding->host;
273 epmapper_binding->options = NULL;
274 epmapper_binding->flags = 0;
275 epmapper_binding->assoc_group_id = 0;
276 epmapper_binding->endpoint = NULL;
277
278 /* initiate rpc pipe connection */
279 pipe_connect_req = dcerpc_pipe_connect_b_send(c, epmapper_binding,
280 &ndr_table_epmapper,
281 anon_creds, c->event_ctx,
282 lp_ctx);
283 if (composite_nomem(pipe_connect_req, c)) return c;
284
285 composite_continue(c, pipe_connect_req, continue_epm_recv_binding, c);
286 return c;
287 }
288
289
290 /*
291 Receive result of endpoint mapping request
292 */
293 NTSTATUS dcerpc_epm_map_binding_recv(struct composite_context *c)
/* [<][>][^][v][top][bottom][index][help] */
294 {
295 NTSTATUS status = composite_wait(c);
296
297 talloc_free(c);
298 return status;
299 }
300
301
302 /*
303 Get endpoint mapping for rpc connection
304 */
305 _PUBLIC_ NTSTATUS dcerpc_epm_map_binding(TALLOC_CTX *mem_ctx, struct dcerpc_binding *binding,
/* [<][>][^][v][top][bottom][index][help] */
306 const struct ndr_interface_table *table, struct tevent_context *ev,
307 struct loadparm_context *lp_ctx)
308 {
309 struct composite_context *c;
310
311 c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, ev, lp_ctx);
312 return dcerpc_epm_map_binding_recv(c);
313 }
314
315
316 struct pipe_auth_state {
317 struct dcerpc_pipe *pipe;
318 struct dcerpc_binding *binding;
319 const struct ndr_interface_table *table;
320 struct loadparm_context *lp_ctx;
321 struct cli_credentials *credentials;
322 };
323
324
325 static void continue_auth_schannel(struct composite_context *ctx);
326 static void continue_auth(struct composite_context *ctx);
327 static void continue_auth_none(struct composite_context *ctx);
328 static void continue_ntlmssp_connection(struct composite_context *ctx);
329 static void continue_spnego_after_wrong_pass(struct composite_context *ctx);
330
331
332 /*
333 Stage 2 of pipe_auth: Receive result of schannel bind request
334 */
335 static void continue_auth_schannel(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
336 {
337 struct composite_context *c = talloc_get_type(ctx->async.private_data,
338 struct composite_context);
339
340 c->status = dcerpc_bind_auth_schannel_recv(ctx);
341 if (!composite_is_ok(c)) return;
342
343 composite_done(c);
344 }
345
346
347 /*
348 Stage 2 of pipe_auth: Receive result of authenticated bind request
349 */
350 static void continue_auth(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
351 {
352 struct composite_context *c = talloc_get_type(ctx->async.private_data,
353 struct composite_context);
354
355 c->status = dcerpc_bind_auth_recv(ctx);
356 if (!composite_is_ok(c)) return;
357
358 composite_done(c);
359 }
360 /*
361 Stage 2 of pipe_auth: Receive result of authenticated bind request, but handle fallbacks:
362 SPNEGO -> NTLMSSP
363 */
364 static void continue_auth_auto(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
365 {
366 struct composite_context *c = talloc_get_type(ctx->async.private_data,
367 struct composite_context);
368 struct pipe_auth_state *s = talloc_get_type(c->private_data, struct pipe_auth_state);
369 struct composite_context *sec_conn_req;
370
371 c->status = dcerpc_bind_auth_recv(ctx);
372 if (NT_STATUS_EQUAL(c->status, NT_STATUS_INVALID_PARAMETER)) {
373 /*
374 * Retry with NTLMSSP auth as fallback
375 * send a request for secondary rpc connection
376 */
377 sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
378 s->binding);
379 composite_continue(c, sec_conn_req, continue_ntlmssp_connection, c);
380 return;
381 } else if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
382 if (cli_credentials_wrong_password(s->credentials)) {
383 /*
384 * Retry SPNEGO with a better password
385 * send a request for secondary rpc connection
386 */
387 sec_conn_req = dcerpc_secondary_connection_send(s->pipe,
388 s->binding);
389 composite_continue(c, sec_conn_req, continue_spnego_after_wrong_pass, c);
390 return;
391 }
392 }
393
394 if (!composite_is_ok(c)) return;
395
396 composite_done(c);
397 }
398
399 /*
400 Stage 3 of pipe_auth (fallback to NTLMSSP case): Receive secondary
401 rpc connection (the first one can't be used any more, due to the
402 bind nak) and perform authenticated bind request
403 */
404 static void continue_ntlmssp_connection(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
405 {
406 struct composite_context *c;
407 struct pipe_auth_state *s;
408 struct composite_context *auth_req;
409 struct dcerpc_pipe *p2;
410
411 c = talloc_get_type(ctx->async.private_data, struct composite_context);
412 s = talloc_get_type(c->private_data, struct pipe_auth_state);
413
414 /* receive secondary rpc connection */
415 c->status = dcerpc_secondary_connection_recv(ctx, &p2);
416 if (!composite_is_ok(c)) return;
417
418 talloc_steal(s, p2);
419 talloc_steal(p2, s->pipe);
420 s->pipe = p2;
421
422 /* initiate a authenticated bind */
423 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
424 s->credentials,
425 lp_gensec_settings(c, s->lp_ctx),
426 DCERPC_AUTH_TYPE_NTLMSSP,
427 dcerpc_auth_level(s->pipe->conn),
428 s->table->authservices->names[0]);
429 composite_continue(c, auth_req, continue_auth, c);
430 }
431
432 /*
433 Stage 3 of pipe_auth (retry on wrong password): Receive secondary
434 rpc connection (the first one can't be used any more, due to the
435 bind nak) and perform authenticated bind request
436 */
437 static void continue_spnego_after_wrong_pass(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
438 {
439 struct composite_context *c;
440 struct pipe_auth_state *s;
441 struct composite_context *auth_req;
442 struct dcerpc_pipe *p2;
443
444 c = talloc_get_type(ctx->async.private_data, struct composite_context);
445 s = talloc_get_type(c->private_data, struct pipe_auth_state);
446
447 /* receive secondary rpc connection */
448 c->status = dcerpc_secondary_connection_recv(ctx, &p2);
449 if (!composite_is_ok(c)) return;
450
451 talloc_steal(s, p2);
452 talloc_steal(p2, s->pipe);
453 s->pipe = p2;
454
455 /* initiate a authenticated bind */
456 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
457 s->credentials,
458 lp_gensec_settings(c, s->lp_ctx),
459 DCERPC_AUTH_TYPE_SPNEGO,
460 dcerpc_auth_level(s->pipe->conn),
461 s->table->authservices->names[0]);
462 composite_continue(c, auth_req, continue_auth, c);
463 }
464
465
466 /*
467 Stage 2 of pipe_auth: Receive result of non-authenticated bind request
468 */
469 static void continue_auth_none(struct composite_context *ctx)
/* [<][>][^][v][top][bottom][index][help] */
470 {
471 struct composite_context *c = talloc_get_type(ctx->async.private_data,
472 struct composite_context);
473
474 c->status = dcerpc_bind_auth_none_recv(ctx);
475 if (!composite_is_ok(c)) return;
476
477 composite_done(c);
478 }
479
480
481 /*
482 Request to perform an authenticated bind if required. Authentication
483 is determined using credentials passed and binding flags.
484 */
485 struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p,
/* [<][>][^][v][top][bottom][index][help] */
486 struct dcerpc_binding *binding,
487 const struct ndr_interface_table *table,
488 struct cli_credentials *credentials,
489 struct loadparm_context *lp_ctx)
490 {
491 struct composite_context *c;
492 struct pipe_auth_state *s;
493 struct composite_context *auth_schannel_req;
494 struct composite_context *auth_req;
495 struct composite_context *auth_none_req;
496 struct dcerpc_connection *conn;
497 uint8_t auth_type;
498
499 /* composite context allocation and setup */
500 c = composite_create(p, p->conn->event_ctx);
501 if (c == NULL) return NULL;
502
503 s = talloc_zero(c, struct pipe_auth_state);
504 if (composite_nomem(s, c)) return c;
505 c->private_data = s;
506
507 /* store parameters in state structure */
508 s->binding = binding;
509 s->table = table;
510 s->credentials = credentials;
511 s->pipe = p;
512 s->lp_ctx = lp_ctx;
513
514 conn = s->pipe->conn;
515 conn->flags = binding->flags;
516
517 /* remember the binding string for possible secondary connections */
518 conn->binding_string = dcerpc_binding_string(p, binding);
519
520 if (cli_credentials_is_anonymous(s->credentials)) {
521 auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
522 composite_continue(c, auth_none_req, continue_auth_none, c);
523 return c;
524 }
525
526 if ((binding->flags & DCERPC_SCHANNEL) &&
527 !cli_credentials_get_netlogon_creds(s->credentials)) {
528 /* If we don't already have netlogon credentials for
529 * the schannel bind, then we have to get these
530 * first */
531 auth_schannel_req = dcerpc_bind_auth_schannel_send(c, s->pipe, s->table,
532 s->credentials, s->lp_ctx,
533 dcerpc_auth_level(conn));
534 composite_continue(c, auth_schannel_req, continue_auth_schannel, c);
535 return c;
536 }
537
538 /*
539 * we rely on the already authenticated CIFS connection
540 * if not doing sign or seal
541 */
542 if (conn->transport.transport == NCACN_NP &&
543 !(s->binding->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
544 auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
545 composite_continue(c, auth_none_req, continue_auth_none, c);
546 return c;
547 }
548
549
550 /* Perform an authenticated DCE-RPC bind
551 */
552 if (!(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
553 /*
554 we are doing an authenticated connection,
555 but not using sign or seal. We must force
556 the CONNECT dcerpc auth type as a NONE auth
557 type doesn't allow authentication
558 information to be passed.
559 */
560 conn->flags |= DCERPC_CONNECT;
561 }
562
563 if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
564 auth_type = DCERPC_AUTH_TYPE_SPNEGO;
565
566 } else if (s->binding->flags & DCERPC_AUTH_KRB5) {
567 auth_type = DCERPC_AUTH_TYPE_KRB5;
568
569 } else if (s->binding->flags & DCERPC_SCHANNEL) {
570 auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
571
572 } else if (s->binding->flags & DCERPC_AUTH_NTLM) {
573 auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
574
575 } else {
576 /* try SPNEGO with fallback to NTLMSSP */
577 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
578 s->credentials,
579 lp_gensec_settings(c, s->lp_ctx),
580 DCERPC_AUTH_TYPE_SPNEGO,
581 dcerpc_auth_level(conn),
582 s->table->authservices->names[0]);
583 composite_continue(c, auth_req, continue_auth_auto, c);
584 return c;
585 }
586
587 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
588 s->credentials,
589 lp_gensec_settings(c, s->lp_ctx),
590 auth_type,
591 dcerpc_auth_level(conn),
592 s->table->authservices->names[0]);
593 composite_continue(c, auth_req, continue_auth, c);
594 return c;
595 }
596
597
598 /*
599 Receive result of authenticated bind request on dcerpc pipe
600
601 This returns *p, which may be different to the one originally
602 supllied, as it rebinds to a new pipe due to authentication fallback
603
604 */
605 NTSTATUS dcerpc_pipe_auth_recv(struct composite_context *c, TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
606 struct dcerpc_pipe **p)
607 {
608 NTSTATUS status;
609
610 struct pipe_auth_state *s = talloc_get_type(c->private_data,
611 struct pipe_auth_state);
612 status = composite_wait(c);
613 if (!NT_STATUS_IS_OK(status)) {
614 char *uuid_str = GUID_string(s->pipe, &s->table->syntax_id.uuid);
615 DEBUG(0, ("Failed to bind to uuid %s - %s\n", uuid_str, nt_errstr(status)));
616 talloc_free(uuid_str);
617 } else {
618 talloc_steal(mem_ctx, s->pipe);
619 *p = s->pipe;
620 }
621
622 talloc_free(c);
623 return status;
624 }
625
626
627 /*
628 Perform an authenticated bind if needed - sync version
629
630 This may change *p, as it rebinds to a new pipe due to authentication fallback
631 */
632 _PUBLIC_ NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
/* [<][>][^][v][top][bottom][index][help] */
633 struct dcerpc_pipe **p,
634 struct dcerpc_binding *binding,
635 const struct ndr_interface_table *table,
636 struct cli_credentials *credentials,
637 struct loadparm_context *lp_ctx)
638 {
639 struct composite_context *c;
640
641 c = dcerpc_pipe_auth_send(*p, binding, table, credentials, lp_ctx);
642 return dcerpc_pipe_auth_recv(c, mem_ctx, p);
643 }
644
645
646 NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c,
/* [<][>][^][v][top][bottom][index][help] */
647 DATA_BLOB *session_key)
648 {
649 /* this took quite a few CPU cycles to find ... */
650 session_key->data = discard_const_p(unsigned char, "SystemLibraryDTC");
651 session_key->length = 16;
652 return NT_STATUS_OK;
653 }
654
655 /*
656 fetch the user session key - may be default (above) or the SMB session key
657
658 The key is always truncated to 16 bytes
659 */
660 _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
/* [<][>][^][v][top][bottom][index][help] */
661 DATA_BLOB *session_key)
662 {
663 NTSTATUS status;
664 status = p->conn->security_state.session_key(p->conn, session_key);
665 if (!NT_STATUS_IS_OK(status)) {
666 return status;
667 }
668
669 session_key->length = MIN(session_key->length, 16);
670
671 return NT_STATUS_OK;
672 }
673
674
675 /*
676 log a rpc packet in a format suitable for ndrdump. This is especially useful
677 for sealed packets, where ethereal cannot easily see the contents
678
679 this triggers on a debug level of >= 10
680 */
681 _PUBLIC_ void dcerpc_log_packet(const char *lockdir,
/* [<][>][^][v][top][bottom][index][help] */
682 const struct ndr_interface_table *ndr,
683 uint32_t opnum, uint32_t flags,
684 DATA_BLOB *pkt)
685 {
686 const int num_examples = 20;
687 int i;
688
689 if (lockdir == NULL) return;
690
691 for (i=0;i<num_examples;i++) {
692 char *name=NULL;
693 asprintf(&name, "%s/rpclog/%s-%u.%d.%s",
694 lockdir, ndr->name, opnum, i,
695 (flags&NDR_IN)?"in":"out");
696 if (name == NULL) {
697 return;
698 }
699 if (!file_exist(name)) {
700 if (file_save(name, pkt->data, pkt->length)) {
701 DEBUG(10,("Logged rpc packet to %s\n", name));
702 }
703 free(name);
704 break;
705 }
706 free(name);
707 }
708 }
709
710
711
712 /*
713 create a secondary context from a primary connection
714
715 this uses dcerpc_alter_context() to create a new dcerpc context_id
716 */
717 _PUBLIC_ NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p,
/* [<][>][^][v][top][bottom][index][help] */
718 struct dcerpc_pipe **pp2,
719 const struct ndr_interface_table *table)
720 {
721 NTSTATUS status;
722 struct dcerpc_pipe *p2;
723
724 p2 = talloc_zero(p, struct dcerpc_pipe);
725 if (p2 == NULL) {
726 return NT_STATUS_NO_MEMORY;
727 }
728 p2->conn = talloc_reference(p2, p->conn);
729 p2->request_timeout = p->request_timeout;
730
731 p2->context_id = ++p->conn->next_context_id;
732
733 p2->syntax = table->syntax_id;
734
735 p2->transfer_syntax = ndr_transfer_syntax;
736
737 p2->binding = talloc_reference(p2, p->binding);
738
739 status = dcerpc_alter_context(p2, p2, &p2->syntax, &p2->transfer_syntax);
740 if (!NT_STATUS_IS_OK(status)) {
741 talloc_free(p2);
742 return status;
743 }
744
745 *pp2 = p2;
746
747 return NT_STATUS_OK;
748 }