Changeset 740 for vendor/current/source4/librpc

Timestamp:

Nov 14, 2012, 12:59:34 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to 3.6.0

Location:

vendor/current/source4/librpc

Files:

• config.mk (deleted)
• dcerpc.pc.in (modified) (1 diff)
• dcerpc_atsvc.pc.in (modified) (1 diff)
• dcerpc_samr.pc.in (modified) (1 diff)
• gen_ndr (added)
• gen_ndr/README (added)
• idl/irpc.idl (modified) (4 diffs)
• idl/notify.idl (deleted)
• idl/opendb.idl (modified) (1 diff)
• idl/s4_notify.idl (added)
• idl/server_id.idl (deleted)
• idl/server_id4.idl (added)
• idl/winbind.idl (modified) (3 diffs)
• idl/winsrepl.idl (modified) (2 diffs)
• idl/wscript_build (added)
• ndr/ndr_string.c (deleted)
• ndr/py_misc.c (modified) (1 diff)
• ndr/py_security.c (modified) (3 diffs)
• ndr/py_xattr.c (added)
• rpc/dcerpc.c (modified) (52 diffs)
• rpc/dcerpc.h (modified) (14 diffs)
• rpc/dcerpc.py (modified) (1 diff)
• rpc/dcerpc_auth.c (modified) (3 diffs)
• rpc/dcerpc_connect.c (modified) (10 diffs)
• rpc/dcerpc_schannel.c (modified) (12 diffs)
• rpc/dcerpc_secondary.c (modified) (2 diffs)
• rpc/dcerpc_smb.c (modified) (21 diffs)
• rpc/dcerpc_smb2.c (modified) (19 diffs)
• rpc/dcerpc_sock.c (modified) (28 diffs)
• rpc/dcerpc_util.c (modified) (19 diffs)
• rpc/pyrpc.c (modified) (10 diffs)
• rpc/pyrpc.h (modified) (2 diffs)
• rpc/pyrpc_util.c (added)
• rpc/pyrpc_util.h (added)
• tests/binding_string.c (modified) (3 diffs)
• tests/test_ndrdump.sh (deleted)
• wscript_build (added)

vendor/current/source4/librpc/dcerpc.pc.in

@@ -7 +7 @@
 Description: DCE/RPC client library
 Requires: ndr
-Version: 0.0.1
-Libs: -L${libdir} -ldcerpc 
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc
 Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1

vendor/current/source4/librpc/dcerpc_atsvc.pc.in

@@ -7 +7 @@
 Description: DCE/RPC client library - ATSVC
 Requires.private: dcerpc ndr
-Version: 0.0.1
-Libs: -L${libdir} -ldcerpc_atsvc
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc-atsvc
 Cflags: -I${includedir}  -DHAVE_IMMEDIATE_STRUCTURES=1

vendor/current/source4/librpc/dcerpc_samr.pc.in

@@ -7 +7 @@
 Description: DCE/RPC client library - SAMR
 Requires.private: dcerpc ndr
-Version: 0.0.1
-Libs: -L${libdir} -ldcerpc_samr 
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc-samr
 Cflags: -I${includedir}  -DHAVE_IMMEDIATE_STRUCTURES=1

vendor/current/source4/librpc/idl/irpc.idl

@@ -1 +1 @@
 #include "idl_types.h"
 
-import "misc.idl", "security.idl", "nbt.idl";
+import "misc.idl", "security.idl", "nbt.idl", "netlogon.idl";
 
 /*
@@ -15 +15 @@
         } irpc_flags;
 
+        typedef struct {
+                security_token *token;
+        } irpc_creds;
+
         typedef [public] struct {
                 GUID uuid;
@@ -22 +26 @@
                 irpc_flags flags;
                 NTSTATUS status;
+                [subcontext(4)] irpc_creds creds;
+                [flag(NDR_ALIGN8)] DATA_BLOB _pad;
         } irpc_header;
 
@@ -149 +155 @@
                 );
 
+        /******************************************************
+         management calls for the drepl server
+        ******************************************************/
+        /**
+         * Force dreplsrv to fefresh internal cache.
+         * @param partition_dn Partition to refresh cacheh for.
+         *                     If empy/NULL, refresh all partitions.
+         */
+        WERROR dreplsrv_refresh();
+
+        /*
+          called when role transfer is requested via LDAP
+        */
+        typedef [v1_enum] enum {
+               DREPL_SCHEMA_MASTER,
+               DREPL_RID_MASTER,
+               DREPL_INFRASTRUCTURE_MASTER,
+               DREPL_NAMING_MASTER,
+               DREPL_PDC_MASTER
+        } drepl_role_master;
+
+        WERROR drepl_takeFSMORole(
+                [in] drepl_role_master role
+                );
+
+        /*
+         * message to tell the drepl server to initiate a REPL_SECRET
+         * replication of a users secrets
+         */
+        void drepl_trigger_repl_secret(
+                [in] astring user_dn
+                );
+
+        /*
+          message to do RODC DNS updates via the dnsupdate task
+        */
+        NTSTATUS dnsupdate_RODC(
+                [in,unique] dom_sid *dom_sid,
+                [in,unique] [string,charset(UTF16)] uint16 *site_name,
+                [in] uint32 dns_ttl,
+                [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
+                );
 }

vendor/current/source4/librpc/idl/opendb.idl

@@ -8 +8 @@
 */
 
-import "server_id.idl";
+import "server_id4.idl";
 
 [

vendor/current/source4/librpc/idl/winbind.idl

@@ -5 +5 @@
 #include "idl_types.h"
 
-import "netlogon.idl", "lsa.idl", "security.idl";
+import "netlogon.idl", "lsa.idl", "security.idl", "idmap.idl";
 
 [
@@ -16 +16 @@
         typedef [switch_type(uint16)] union netr_LogonLevel netr_LogonLevel;
         typedef [switch_type(uint16)] union netr_Validation netr_Validation;
-
-        typedef enum {
-                ID_TYPE_NOT_SPECIFIED,
-                ID_TYPE_UID,
-                ID_TYPE_GID,
-                ID_TYPE_BOTH
-        } id_type;
-
-        typedef struct {
-                uint32 id;
-                id_type type;
-        } unixid;
-
-        typedef struct {
-                unixid *unixid;
-                dom_sid *sid;
-                NTSTATUS status;
-        } id_mapping;
 
         /* a call to get runtime informations */
@@ -63 +45 @@
                 [in]     winbind_get_idmap_level level,
                 [in]     uint32 count,
-                [in,out] [size_is(count)] id_mapping ids[]
+                [in,out] [size_is(count)] id_map ids[]
         );
 
+        NTSTATUS winbind_DsrUpdateReadOnlyServerDnsRecords(
+                [in,unique] [string,charset(UTF16)] uint16 *site_name,
+                [in] uint32 dns_ttl,
+                [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
+                );
 }

vendor/current/source4/librpc/idl/winsrepl.idl

@@ -12 +12 @@
 import "nbt.idl";
 
-interface wrepl
+[
+        uuid("915f5653-bac1-431c-97ee-9ffb34526921"),
+        helpstring("WINS Replication PDUs")
+] interface wrepl
 {
         const int WINS_REPLICATION_PORT = 42;
@@ -165 +168 @@
 
         typedef [flag(NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
-                [value(ndr_size_wrepl_packet(&packet, ndr->iconv_convenience, ndr->flags))] uint32 size;
+                [value(ndr_size_wrepl_packet(&packet, ndr->flags))] uint32 size;
                 wrepl_packet    packet;
         } wrepl_wrap;

vendor/current/source4/librpc/ndr/py_misc.c

@@ -62 +62 @@
 static int py_GUID_init(PyObject *self, PyObject *args, PyObject *kwargs)
 {
-        char *str = NULL;
+        PyObject *str = NULL;
         NTSTATUS status;
         struct GUID *guid = py_talloc_get_ptr(self);
         const char *kwnames[] = { "str", NULL };
 
-        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|s", discard_const_p(char *, kwnames), &str))
+        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|O", discard_const_p(char *, kwnames), &str))
                 return -1;
 
         if (str != NULL) {
-                status = GUID_from_string(str, guid);
+                DATA_BLOB guid_val;
+
+                if (!PyString_Check(str)) {
+                        PyErr_SetString(PyExc_TypeError, "Expected a string argument to GUID()");
+                        return -1;
+                }
+                guid_val.data = (uint8_t *)PyString_AsString(str);
+                guid_val.length = PyString_Size(str);
+                status = GUID_from_data_blob(&guid_val, guid);
                 if (!NT_STATUS_IS_OK(status)) {
                         PyErr_SetNTSTATUS(status);

vendor/current/source4/librpc/ndr/py_security.c

@@ -42 +42 @@
 }
 
+static PyObject *py_dom_sid_split(PyObject *py_self, PyObject *args)
+{
+        struct dom_sid *self = py_talloc_get_ptr(py_self);
+        struct dom_sid *domain_sid;
+        TALLOC_CTX *mem_ctx;
+        uint32_t rid;
+        NTSTATUS status;
+        PyObject *py_domain_sid;
+
+        mem_ctx = talloc_new(NULL);
+        if (mem_ctx == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+        }
+
+        status = dom_sid_split_rid(mem_ctx, self, &domain_sid, &rid);
+        if (!NT_STATUS_IS_OK(status)) {
+                PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
+                talloc_free(mem_ctx);
+                return NULL;
+        }
+
+        py_domain_sid = py_talloc_steal(&dom_sid_Type, domain_sid);
+        talloc_free(mem_ctx);
+        return Py_BuildValue("(OI)", py_domain_sid, rid);
+}
+
 static int py_dom_sid_cmp(PyObject *py_self, PyObject *py_other)
 {
@@ -87 +114 @@
 }
 
+static PyMethodDef py_dom_sid_extra_methods[] = {
+        { "split", (PyCFunction)py_dom_sid_split, METH_NOARGS,
+                "S.split() -> (domain_sid, rid)\n"
+                "Split a domain sid" },
+        { NULL }
+};
+
+
 static void py_dom_sid_patch(PyTypeObject *type)
 {
@@ -93 +128 @@
         type->tp_repr = py_dom_sid_repr;
         type->tp_compare = py_dom_sid_cmp;
+        PyType_AddMethods(type, py_dom_sid_extra_methods);
 }
 

vendor/current/source4/librpc/rpc/dcerpc.c

@@ -31 +31 @@
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "librpc/rpc/rpc_common.h"
+
+enum rpc_request_state {
+        RPC_REQUEST_QUEUED,
+        RPC_REQUEST_PENDING,
+        RPC_REQUEST_DONE
+};
+
+/*
+  handle for an async dcerpc request
+*/
+struct rpc_request {
+        struct rpc_request *next, *prev;
+        struct dcerpc_pipe *p;
+        NTSTATUS status;
+        uint32_t call_id;
+        enum rpc_request_state state;
+        DATA_BLOB payload;
+        uint32_t flags;
+        uint32_t fault_code;
+
+        /* this is used to distinguish bind and alter_context requests
+           from normal requests */
+        void (*recv_handler)(struct rpc_request *conn, 
+                             DATA_BLOB *blob, struct ncacn_packet *pkt);
+
+        const struct GUID *object;
+        uint16_t opnum;
+        DATA_BLOB request_data;
+        bool ignore_timeout;
+
+        /* use by the ndr level async recv call */
+        struct {
+                const struct ndr_interface_table *table;
+                uint32_t opnum;
+                void *struct_ptr;
+                TALLOC_CTX *mem_ctx;
+        } ndr;
+
+        struct {
+                void (*callback)(struct rpc_request *);
+                void *private_data;
+        } async;
+};
 
 _PUBLIC_ NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx)
@@ -37 +82 @@
 }
 
-static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status);
-static void dcerpc_ship_next_request(struct dcerpc_connection *c);
+static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status);
+static void dcerpc_ship_next_request(struct dcecli_connection *c);
+
+static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p,
+                                               const struct GUID *object,
+                                               uint16_t opnum,
+                                               DATA_BLOB *stub_data);
+static NTSTATUS dcerpc_request_recv(struct rpc_request *req,
+                                    TALLOC_CTX *mem_ctx,
+                                    DATA_BLOB *stub_data);
+static NTSTATUS dcerpc_ndr_validate_in(struct dcecli_connection *c,
+                                       TALLOC_CTX *mem_ctx,
+                                       DATA_BLOB blob,
+                                       size_t struct_size,
+                                       ndr_push_flags_fn_t ndr_push,
+                                       ndr_pull_flags_fn_t ndr_pull);
+static NTSTATUS dcerpc_ndr_validate_out(struct dcecli_connection *c,
+                                        struct ndr_pull *pull_in,
+                                        void *struct_ptr,
+                                        size_t struct_size,
+                                        ndr_push_flags_fn_t ndr_push,
+                                        ndr_pull_flags_fn_t ndr_pull,
+                                        ndr_print_function_t ndr_print);
 
 /* destroy a dcerpc connection */
-static int dcerpc_connection_destructor(struct dcerpc_connection *conn)
+static int dcerpc_connection_destructor(struct dcecli_connection *conn)
 {
         if (conn->dead) {
@@ -55 +121 @@
    the event context is optional
 */
-static struct dcerpc_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, 
-                                                 struct tevent_context *ev,
-                                                 struct smb_iconv_convenience *ic)
-{
-        struct dcerpc_connection *c;
-
-        c = talloc_zero(mem_ctx, struct dcerpc_connection);
+static struct dcecli_connection *dcerpc_connection_init(TALLOC_CTX *mem_ctx, 
+                                                 struct tevent_context *ev)
+{
+        struct dcecli_connection *c;
+
+        c = talloc_zero(mem_ctx, struct dcecli_connection);
         if (!c) {
                 return NULL;
         }
-
-        c->iconv_convenience = talloc_reference(c, ic);
 
         c->event_ctx = ev;
@@ -90 +153 @@
 }
 
+struct dcerpc_bh_state {
+        struct dcerpc_pipe *p;
+};
+
+static bool dcerpc_bh_is_connected(struct dcerpc_binding_handle *h)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+
+        if (!hs->p) {
+                return false;
+        }
+
+        return true;
+}
+
+static uint32_t dcerpc_bh_set_timeout(struct dcerpc_binding_handle *h,
+                                      uint32_t timeout)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+        uint32_t old;
+
+        if (!hs->p) {
+                return DCERPC_REQUEST_TIMEOUT;
+        }
+
+        old = hs->p->request_timeout;
+        hs->p->request_timeout = timeout;
+
+        return old;
+}
+
+struct dcerpc_bh_raw_call_state {
+        struct dcerpc_binding_handle *h;
+        DATA_BLOB in_data;
+        DATA_BLOB out_data;
+        uint32_t out_flags;
+};
+
+static void dcerpc_bh_raw_call_done(struct rpc_request *subreq);
+
+static struct tevent_req *dcerpc_bh_raw_call_send(TALLOC_CTX *mem_ctx,
+                                                  struct tevent_context *ev,
+                                                  struct dcerpc_binding_handle *h,
+                                                  const struct GUID *object,
+                                                  uint32_t opnum,
+                                                  uint32_t in_flags,
+                                                  const uint8_t *in_data,
+                                                  size_t in_length)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+        struct tevent_req *req;
+        struct dcerpc_bh_raw_call_state *state;
+        bool ok;
+        struct rpc_request *subreq;
+
+        req = tevent_req_create(mem_ctx, &state,
+                                struct dcerpc_bh_raw_call_state);
+        if (req == NULL) {
+                return NULL;
+        }
+        state->h = h;
+        state->in_data.data = discard_const_p(uint8_t, in_data);
+        state->in_data.length = in_length;
+
+        ok = dcerpc_bh_is_connected(h);
+        if (!ok) {
+                tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+                return tevent_req_post(req, ev);
+        }
+
+        subreq = dcerpc_request_send(hs->p,
+                                     object,
+                                     opnum,
+                                     &state->in_data);
+        if (tevent_req_nomem(subreq, req)) {
+                return tevent_req_post(req, ev);
+        }
+        subreq->async.callback = dcerpc_bh_raw_call_done;
+        subreq->async.private_data = req;
+
+        return req;
+}
+
+static void dcerpc_bh_raw_call_done(struct rpc_request *subreq)
+{
+        struct tevent_req *req =
+                talloc_get_type_abort(subreq->async.private_data,
+                struct tevent_req);
+        struct dcerpc_bh_raw_call_state *state =
+                tevent_req_data(req,
+                struct dcerpc_bh_raw_call_state);
+        NTSTATUS status;
+        uint32_t fault_code;
+
+        state->out_flags = 0;
+        if (subreq->flags & DCERPC_PULL_BIGENDIAN) {
+                state->out_flags |= LIBNDR_FLAG_BIGENDIAN;
+        }
+
+        fault_code = subreq->fault_code;
+
+        status = dcerpc_request_recv(subreq, state, &state->out_data);
+        if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
+                status = dcerpc_fault_to_nt_status(fault_code);
+        }
+        if (!NT_STATUS_IS_OK(status)) {
+                tevent_req_nterror(req, status);
+                return;
+        }
+
+        tevent_req_done(req);
+}
+
+static NTSTATUS dcerpc_bh_raw_call_recv(struct tevent_req *req,
+                                        TALLOC_CTX *mem_ctx,
+                                        uint8_t **out_data,
+                                        size_t *out_length,
+                                        uint32_t *out_flags)
+{
+        struct dcerpc_bh_raw_call_state *state =
+                tevent_req_data(req,
+                struct dcerpc_bh_raw_call_state);
+        NTSTATUS status;
+
+        if (tevent_req_is_nterror(req, &status)) {
+                tevent_req_received(req);
+                return status;
+        }
+
+        *out_data = talloc_move(mem_ctx, &state->out_data.data);
+        *out_length = state->out_data.length;
+        *out_flags = state->out_flags;
+        tevent_req_received(req);
+        return NT_STATUS_OK;
+}
+
+struct dcerpc_bh_disconnect_state {
+        uint8_t _dummy;
+};
+
+static struct tevent_req *dcerpc_bh_disconnect_send(TALLOC_CTX *mem_ctx,
+                                                struct tevent_context *ev,
+                                                struct dcerpc_binding_handle *h)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+        struct tevent_req *req;
+        struct dcerpc_bh_disconnect_state *state;
+        bool ok;
+
+        req = tevent_req_create(mem_ctx, &state,
+                                struct dcerpc_bh_disconnect_state);
+        if (req == NULL) {
+                return NULL;
+        }
+
+        ok = dcerpc_bh_is_connected(h);
+        if (!ok) {
+                tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+                return tevent_req_post(req, ev);
+        }
+
+        /* TODO: do a real disconnect ... */
+        hs->p = NULL;
+
+        tevent_req_done(req);
+        return tevent_req_post(req, ev);
+}
+
+static NTSTATUS dcerpc_bh_disconnect_recv(struct tevent_req *req)
+{
+        NTSTATUS status;
+
+        if (tevent_req_is_nterror(req, &status)) {
+                tevent_req_received(req);
+                return status;
+        }
+
+        tevent_req_received(req);
+        return NT_STATUS_OK;
+}
+
+static bool dcerpc_bh_push_bigendian(struct dcerpc_binding_handle *h)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+
+        if (hs->p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
+                return true;
+        }
+
+        return false;
+}
+
+static bool dcerpc_bh_ref_alloc(struct dcerpc_binding_handle *h)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+
+        if (hs->p->conn->flags & DCERPC_NDR_REF_ALLOC) {
+                return true;
+        }
+
+        return false;
+}
+
+static bool dcerpc_bh_use_ndr64(struct dcerpc_binding_handle *h)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+
+        if (hs->p->conn->flags & DCERPC_NDR64) {
+                return true;
+        }
+
+        return false;
+}
+
+static void dcerpc_bh_do_ndr_print(struct dcerpc_binding_handle *h,
+                                   int ndr_flags,
+                                   const void *_struct_ptr,
+                                   const struct ndr_interface_call *call)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+        void *struct_ptr = discard_const(_struct_ptr);
+
+        if (ndr_flags & NDR_IN) {
+                if (hs->p->conn->flags & DCERPC_DEBUG_PRINT_IN) {
+                        ndr_print_function_debug(call->ndr_print,
+                                                 call->name,
+                                                 ndr_flags,
+                                                 struct_ptr);
+                }
+        }
+        if (ndr_flags & NDR_OUT) {
+                if (hs->p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
+                        ndr_print_function_debug(call->ndr_print,
+                                                 call->name,
+                                                 ndr_flags,
+                                                 struct_ptr);
+                }
+        }
+}
+
+static void dcerpc_bh_ndr_push_failed(struct dcerpc_binding_handle *h,
+                                      NTSTATUS error,
+                                      const void *struct_ptr,
+                                      const struct ndr_interface_call *call)
+{
+        DEBUG(2,("Unable to ndr_push structure for %s - %s\n",
+                 call->name, nt_errstr(error)));
+}
+
+static void dcerpc_bh_ndr_pull_failed(struct dcerpc_binding_handle *h,
+                                      NTSTATUS error,
+                                      const DATA_BLOB *blob,
+                                      const struct ndr_interface_call *call)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+        const uint32_t num_examples = 20;
+        uint32_t i;
+
+        DEBUG(2,("Unable to ndr_pull structure for %s - %s\n",
+                 call->name, nt_errstr(error)));
+
+        if (hs->p->conn->packet_log_dir == NULL) return;
+
+        for (i=0;i<num_examples;i++) {
+                char *name=NULL;
+                asprintf(&name, "%s/rpclog/%s-out.%d",
+                         hs->p->conn->packet_log_dir,
+                         call->name, i);
+                if (name == NULL) {
+                        return;
+                }
+                if (!file_exist(name)) {
+                        if (file_save(name, blob->data, blob->length)) {
+                                DEBUG(10,("Logged rpc packet to %s\n", name));
+                        }
+                        free(name);
+                        break;
+                }
+                free(name);
+        }
+}
+
+static NTSTATUS dcerpc_bh_ndr_validate_in(struct dcerpc_binding_handle *h,
+                                          TALLOC_CTX *mem_ctx,
+                                          const DATA_BLOB *blob,
+                                          const struct ndr_interface_call *call)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+
+        if (hs->p->conn->flags & DCERPC_DEBUG_VALIDATE_IN) {
+                NTSTATUS status;
+
+                status = dcerpc_ndr_validate_in(hs->p->conn,
+                                                mem_ctx,
+                                                *blob,
+                                                call->struct_size,
+                                                call->ndr_push,
+                                                call->ndr_pull);
+                if (!NT_STATUS_IS_OK(status)) {
+                        DEBUG(0,("Validation [in] failed for %s - %s\n",
+                                 call->name, nt_errstr(status)));
+                        return status;
+                }
+        }
+
+        DEBUG(10,("rpc request data:\n"));
+        dump_data(10, blob->data, blob->length);
+
+        return NT_STATUS_OK;
+}
+
+static NTSTATUS dcerpc_bh_ndr_validate_out(struct dcerpc_binding_handle *h,
+                                           struct ndr_pull *pull_in,
+                                           const void *_struct_ptr,
+                                           const struct ndr_interface_call *call)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+        void *struct_ptr = discard_const(_struct_ptr);
+
+        DEBUG(10,("rpc reply data:\n"));
+        dump_data(10, pull_in->data, pull_in->data_size);
+
+        if (pull_in->offset != pull_in->data_size) {
+                DEBUG(0,("Warning! ignoring %u unread bytes at ofs:%u (0x%08X) for %s!\n",
+                         pull_in->data_size - pull_in->offset,
+                         pull_in->offset, pull_in->offset,
+                         call->name));
+                /* we used to return NT_STATUS_INFO_LENGTH_MISMATCH here,
+                   but it turns out that early versions of NT
+                   (specifically NT3.1) add junk onto the end of rpc
+                   packets, so if we want to interoperate at all with
+                   those versions then we need to ignore this error */
+        }
+
+        if (hs->p->conn->flags & DCERPC_DEBUG_VALIDATE_OUT) {
+                NTSTATUS status;
+
+                status = dcerpc_ndr_validate_out(hs->p->conn,
+                                                 pull_in,
+                                                 struct_ptr,
+                                                 call->struct_size,
+                                                 call->ndr_push,
+                                                 call->ndr_pull,
+                                                 call->ndr_print);
+                if (!NT_STATUS_IS_OK(status)) {
+                        DEBUG(2,("Validation [out] failed for %s - %s\n",
+                                 call->name, nt_errstr(status)));
+                        return status;
+                }
+        }
+
+        return NT_STATUS_OK;
+}
+
+static const struct dcerpc_binding_handle_ops dcerpc_bh_ops = {
+        .name                   = "dcerpc",
+        .is_connected           = dcerpc_bh_is_connected,
+        .set_timeout            = dcerpc_bh_set_timeout,
+        .raw_call_send          = dcerpc_bh_raw_call_send,
+        .raw_call_recv          = dcerpc_bh_raw_call_recv,
+        .disconnect_send        = dcerpc_bh_disconnect_send,
+        .disconnect_recv        = dcerpc_bh_disconnect_recv,
+
+        .push_bigendian         = dcerpc_bh_push_bigendian,
+        .ref_alloc              = dcerpc_bh_ref_alloc,
+        .use_ndr64              = dcerpc_bh_use_ndr64,
+        .do_ndr_print           = dcerpc_bh_do_ndr_print,
+        .ndr_push_failed        = dcerpc_bh_ndr_push_failed,
+        .ndr_pull_failed        = dcerpc_bh_ndr_pull_failed,
+        .ndr_validate_in        = dcerpc_bh_ndr_validate_in,
+        .ndr_validate_out       = dcerpc_bh_ndr_validate_out,
+};
+
 /* initialise a dcerpc pipe. */
-_PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
-                                     struct smb_iconv_convenience *ic)
+struct dcerpc_binding_handle *dcerpc_pipe_binding_handle(struct dcerpc_pipe *p)
+{
+        struct dcerpc_binding_handle *h;
+        struct dcerpc_bh_state *hs;
+
+        h = dcerpc_binding_handle_create(p,
+                                         &dcerpc_bh_ops,
+                                         NULL,
+                                         NULL, /* TODO */
+                                         &hs,
+                                         struct dcerpc_bh_state,
+                                         __location__);
+        if (h == NULL) {
+                return NULL;
+        }
+        hs->p = p;
+
+        dcerpc_binding_handle_set_sync_ev(h, p->conn->event_ctx);
+
+        return h;
+}
+
+/* initialise a dcerpc pipe. */
+_PUBLIC_ struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev)
 {
         struct dcerpc_pipe *p;
 
-        p = talloc(mem_ctx, struct dcerpc_pipe);
+        p = talloc_zero(mem_ctx, struct dcerpc_pipe);
         if (!p) {
                 return NULL;
         }
 
-        p->conn = dcerpc_connection_init(p, ev, ic);
+        p->conn = dcerpc_connection_init(p, ev);
         if (p->conn == NULL) {
                 talloc_free(p);
@@ -119 +588 @@
         }
 
+        p->binding_handle = dcerpc_pipe_binding_handle(p);
+        if (p->binding_handle == NULL) {
+                talloc_free(p);
+                return NULL;
+        }
+
         return p;
 }
@@ -126 +601 @@
    choose the next call id to use
 */
-static uint32_t next_call_id(struct dcerpc_connection *c)
+static uint32_t next_call_id(struct dcecli_connection *c)
 {
         c->call_id++;
@@ -135 +610 @@
 }
 
-/* we need to be able to get/set the fragment length without doing a full
-   decode */
-void dcerpc_set_frag_length(DATA_BLOB *blob, uint16_t v)
-{
-        if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
-                SSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
-        } else {
-                RSSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET, v);
-        }
-}
-
-uint16_t dcerpc_get_frag_length(const DATA_BLOB *blob)
-{
-        if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
-                return SVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
-        } else {
-                return RSVAL(blob->data, DCERPC_FRAG_LEN_OFFSET);
-        }
-}
-
-void dcerpc_set_auth_length(DATA_BLOB *blob, uint16_t v)
-{
-        if (CVAL(blob->data,DCERPC_DREP_OFFSET) & DCERPC_DREP_LE) {
-                SSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
-        } else {
-                RSSVAL(blob->data, DCERPC_AUTH_LEN_OFFSET, v);
-        }
-}
-
-
 /**
   setup for a ndr pull, also setting up any flags from the binding string
 */
-static struct ndr_pull *ndr_pull_init_flags(struct dcerpc_connection *c, 
+static struct ndr_pull *ndr_pull_init_flags(struct dcecli_connection *c, 
                                             DATA_BLOB *blob, TALLOC_CTX *mem_ctx)
 {
-        struct ndr_pull *ndr = ndr_pull_init_blob(blob, mem_ctx, c->iconv_convenience);
+        struct ndr_pull *ndr = ndr_pull_init_blob(blob, mem_ctx);
 
         if (ndr == NULL) return ndr;
@@ -194 +639 @@
    input and output packets
 */
-static NTSTATUS ncacn_pull(struct dcerpc_connection *c, DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
+static NTSTATUS ncacn_pull(struct dcecli_connection *c, DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
                             struct ncacn_packet *pkt)
 {
@@ -220 +665 @@
    parse the authentication information on a dcerpc response packet
 */
-static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX *mem_ctx, 
+static NTSTATUS ncacn_pull_request_auth(struct dcecli_connection *c, TALLOC_CTX *mem_ctx, 
                                         DATA_BLOB *raw_packet,
                                         struct ncacn_packet *pkt)
 {
-        struct ndr_pull *ndr;
         NTSTATUS status;
         struct dcerpc_auth auth;
-        DATA_BLOB auth_blob;
-        enum ndr_err_code ndr_err;
+        uint32_t auth_length;
 
         if (!c->security_state.auth_info ||
@@ -255 +698 @@
         }
 
-        auth_blob.length = 8 + pkt->auth_length;
-
-        /* check for a valid length */
-        if (pkt->u.response.stub_and_verifier.length < auth_blob.length) {
-                return NT_STATUS_INFO_LENGTH_MISMATCH;
-        }
-
-        auth_blob.data = 
-                pkt->u.response.stub_and_verifier.data + 
-                pkt->u.response.stub_and_verifier.length - auth_blob.length;
-        pkt->u.response.stub_and_verifier.length -= auth_blob.length;
-
-        /* pull the auth structure */
-        ndr = ndr_pull_init_flags(c, &auth_blob, mem_ctx);
-        if (!ndr) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        if (!(pkt->drep[0] & DCERPC_DREP_LE)) {
-                ndr->flags |= LIBNDR_FLAG_BIGENDIAN;
-        }
-
-        ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth);
-        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                return ndr_map_error2ntstatus(ndr_err);
-        }
-        status = NT_STATUS_OK;
+        status = dcerpc_pull_auth_trailer(pkt, mem_ctx,
+                                          &pkt->u.response.stub_and_verifier,
+                                          &auth, &auth_length, false);
+        NT_STATUS_NOT_OK_RETURN(status);
+
+        pkt->u.response.stub_and_verifier.length -= auth_length;
 
         /* check signature or unseal the packet */
@@ -318 +740 @@
         }
         
-        /* remove the indicated amount of paddiing */
+        /* remove the indicated amount of padding */
         if (pkt->u.response.stub_and_verifier.length < auth.auth_pad_length) {
                 return NT_STATUS_INFO_LENGTH_MISMATCH;
@@ -331 +753 @@
    push a dcerpc request packet into a blob, possibly signing it.
 */
-static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, 
+static NTSTATUS ncacn_push_request_sign(struct dcecli_connection *c, 
                                          DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
                                          size_t sig_size,
@@ -345 +767 @@
         /* non-signed packets are simpler */
         if (sig_size == 0) {
-                return ncacn_push_auth(blob, mem_ctx, c->iconv_convenience, pkt, NULL);
+                return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
         }
 
@@ -355 +777 @@
         case DCERPC_AUTH_LEVEL_CONNECT:
                 /* TODO: let the gensec mech decide if it wants to generate a signature */
-                return ncacn_push_auth(blob, mem_ctx, c->iconv_convenience, pkt, NULL);
+                return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
 
         case DCERPC_AUTH_LEVEL_NONE:
-                return ncacn_push_auth(blob, mem_ctx, c->iconv_convenience, pkt, NULL);
+                return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
 
         default:
@@ -364 +786 @@
         }
 
-        ndr = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+        ndr = ndr_push_init_ctx(mem_ctx);
         if (!ndr) {
                 return NT_STATUS_NO_MEMORY;
@@ -386 +808 @@
                 return ndr_map_error2ntstatus(ndr_err);
         }
-        status = NT_STATUS_OK;
 
         /* pad to 16 byte multiple in the payload portion of the
-           packet. This matches what w2k3 does */
-        c->security_state.auth_info->auth_pad_length = 
+           packet. This matches what w2k3 does. Note that we can't use
+           ndr_push_align() as that is relative to the start of the
+           whole packet, whereas w2k8 wants it relative to the start
+           of the stub */
+        c->security_state.auth_info->auth_pad_length =
                 (16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
         ndr_err = ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
@@ -396 +820 @@
                 return ndr_map_error2ntstatus(ndr_err);
         }
-        status = NT_STATUS_OK;
 
         payload_length = pkt->u.request.stub_and_verifier.length + 
@@ -409 +832 @@
                 return ndr_map_error2ntstatus(ndr_err);
         }
-        status = NT_STATUS_OK;
 
         /* extract the whole packet as a blob */
@@ -457 +879 @@
 
         if (creds2.length != sig_size) {
-                DEBUG(0,("ncacn_push_request_sign: creds2.length[%u] != sig_size[%u] pad[%u] stub[%u]\n",
-                        creds2.length, (uint32_t)sig_size,
-                        c->security_state.auth_info->auth_pad_length,
-                        pkt->u.request.stub_and_verifier.length));
-                return NT_STATUS_INTERNAL_ERROR;
+                /* this means the sig_size estimate for the signature
+                   was incorrect. We have to correct the packet
+                   sizes. That means we could go over the max fragment
+                   length */
+                DEBUG(3,("ncacn_push_request_sign: creds2.length[%u] != sig_size[%u] pad[%u] stub[%u]\n",
+                        (unsigned) creds2.length,
+                        (unsigned) sig_size,
+                        (unsigned) c->security_state.auth_info->auth_pad_length,
+                        (unsigned) pkt->u.request.stub_and_verifier.length));
+                dcerpc_set_frag_length(blob, blob->length + creds2.length);
+                dcerpc_set_auth_length(blob, creds2.length);
         }
 
@@ -475 +903 @@
    fill in the fixed values in a dcerpc header 
 */
-static void init_ncacn_hdr(struct dcerpc_connection *c, struct ncacn_packet *pkt)
+static void init_ncacn_hdr(struct dcecli_connection *c, struct ncacn_packet *pkt)
 {
         pkt->rpc_vers = 5;
@@ -535 +963 @@
   mark the dcerpc connection dead. All outstanding requests get an error
 */
-static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status)
+static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status)
 {
         if (conn->dead) return;
@@ -566 +994 @@
   packets we need to handle
 */
-static void dcerpc_request_recv_data(struct dcerpc_connection *c, 
+static void dcerpc_request_recv_data(struct dcecli_connection *c, 
                                      DATA_BLOB *raw_packet, struct ncacn_packet *pkt);
 
@@ -574 +1002 @@
   dispatch to the appropriate handler
 */
-static void dcerpc_recv_data(struct dcerpc_connection *conn, DATA_BLOB *blob, NTSTATUS status)
+static void dcerpc_recv_data(struct dcecli_connection *conn, DATA_BLOB *blob, NTSTATUS status)
 {
         struct ncacn_packet pkt;
@@ -600 +1028 @@
 }
 
-
 /*
   Receive a bind reply from the transport
@@ -608 +1035 @@
 {
         struct composite_context *c;
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
 
         c = talloc_get_type(req->async.private_data, struct composite_context);
@@ -623 +1050 @@
             (pkt->u.bind_ack.num_results == 0) ||
             (pkt->u.bind_ack.ctx_list[0].result != 0)) {
+                req->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
                 composite_error(c, NT_STATUS_NET_WRITE_FAULT);
                 return;
@@ -643 +1071 @@
 
         /* the bind_ack might contain a reply set of credentials */
-        if (conn->security_state.auth_info &&
-            pkt->u.bind_ack.auth_info.length) {
-                enum ndr_err_code ndr_err;
-                ndr_err = ndr_pull_struct_blob(
-                        &pkt->u.bind_ack.auth_info, conn,
-                        NULL,
-                        conn->security_state.auth_info,
-                        (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
-                if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                        c->status = ndr_map_error2ntstatus(ndr_err);
-                        if (!composite_is_ok(c)) return;
+        if (conn->security_state.auth_info && pkt->u.bind_ack.auth_info.length) {
+                NTSTATUS status;
+                uint32_t auth_length;
+                status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.bind_ack.auth_info,
+                                                  conn->security_state.auth_info, &auth_length, true);
+                if (!NT_STATUS_IS_OK(status)) {
+                        composite_error(c, status);
+                        return;
                 }
         }
@@ -732 +1157 @@
 
         /* construct the NDR form of the packet */
-        c->status = ncacn_push_auth(&blob, c, p->conn->iconv_convenience, &pkt,
+        c->status = ncacn_push_auth(&blob, c, &pkt,
                                     p->conn->security_state.auth_info);
         if (!composite_is_ok(c)) return c;
@@ -791 +1216 @@
         pkt.call_id = next_call_id(p->conn);
         pkt.auth_length = 0;
-        pkt.u.auth3._pad = 0;
         pkt.u.auth3.auth_info = data_blob(NULL, 0);
 
@@ -804 +1228 @@
         /* construct the NDR form of the packet */
         status = ncacn_push_auth(&blob, mem_ctx,
-                                 p->conn->iconv_convenience,
                                  &pkt,
                                  p->conn->security_state.auth_info);
@@ -827 +1250 @@
   This function frees the data 
 */
-static void dcerpc_request_recv_data(struct dcerpc_connection *c, 
+static void dcerpc_request_recv_data(struct dcecli_connection *c, 
                                      DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
 {
         struct rpc_request *req;
-        uint_t length;
+        unsigned int length;
         NTSTATUS status = NT_STATUS_OK;
 
@@ -947 +1370 @@
                                                const struct GUID *object,
                                                uint16_t opnum,
-                                               bool async,
                                                DATA_BLOB *stub_data)
 {
@@ -966 +1388 @@
         req->flags = 0;
         req->fault_code = 0;
-        req->async_call = async;
         req->ignore_timeout = false;
         req->async.callback = NULL;
@@ -1007 +1428 @@
 */
 
-static void dcerpc_ship_next_request(struct dcerpc_connection *c)
+static void dcerpc_ship_next_request(struct dcecli_connection *c)
 {
         struct rpc_request *req;
@@ -1017 +1438 @@
         bool first_packet = true;
         size_t sig_size = 0;
+        bool need_async = false;
 
         req = c->request_queue;
@@ -1026 +1448 @@
         stub_data = &req->request_data;
 
-        if (!req->async_call && (c->pending != NULL)) {
-                return;
+        if (c->pending) {
+                need_async = true;
         }
 
@@ -1064 +1486 @@
                 pkt.u.request.object.object = *req->object;
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_OBJECT_UUID;
-                chunk_size -= ndr_size_GUID(req->object,NULL,0);
+                chunk_size -= ndr_size_GUID(req->object,0);
         }
 
@@ -1095 +1517 @@
                 }
 
-                if (last_frag && !req->async_call) {
+                if (last_frag && !need_async) {
                         do_trans = true;
                 }
@@ -1133 +1555 @@
   perform the receive side of a async dcerpc request
 */
-NTSTATUS dcerpc_request_recv(struct rpc_request *req,
-                             TALLOC_CTX *mem_ctx,
-                             DATA_BLOB *stub_data)
+static NTSTATUS dcerpc_request_recv(struct rpc_request *req,
+                                    TALLOC_CTX *mem_ctx,
+                                    DATA_BLOB *stub_data)
 {
         NTSTATUS status;
@@ -1158 +1580 @@
 
 /*
-  perform a full request/response pair on a dcerpc pipe
-*/
-NTSTATUS dcerpc_request(struct dcerpc_pipe *p, 
-                        struct GUID *object,
-                        uint16_t opnum,
-                        TALLOC_CTX *mem_ctx,
-                        DATA_BLOB *stub_data_in,
-                        DATA_BLOB *stub_data_out)
-{
-        struct rpc_request *req;
-
-        req = dcerpc_request_send(p, object, opnum, false, stub_data_in);
-        if (req == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        return dcerpc_request_recv(req, mem_ctx, stub_data_out);
-}
-
-
-/*
   this is a paranoid NDR validator. For every packet we push onto the wire
   we pull it back again, then push it again. Then we compare the raw NDR data
@@ -1184 +1585 @@
   we must have a bug in either the pull or push side of our code
 */
-static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_connection *c, 
+static NTSTATUS dcerpc_ndr_validate_in(struct dcecli_connection *c, 
                                        TALLOC_CTX *mem_ctx,
                                        DATA_BLOB blob,
@@ -1207 +1608 @@
         }
         pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+
+        if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+                pull->flags |= LIBNDR_FLAG_BIGENDIAN;
+        }
+
+        if (c->flags & DCERPC_NDR64) {
+                pull->flags |= LIBNDR_FLAG_NDR64;
+        }
 
         ndr_err = ndr_pull(pull, NDR_IN, st);
@@ -1217 +1626 @@
         }
 
-        push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+        push = ndr_push_init_ctx(mem_ctx);
         if (!push) {
                 return NT_STATUS_NO_MEMORY;
         }       
+
+        if (c->flags & DCERPC_PUSH_BIGENDIAN) {
+                push->flags |= LIBNDR_FLAG_BIGENDIAN;
+        }
+
+        if (c->flags & DCERPC_NDR64) {
+                push->flags |= LIBNDR_FLAG_NDR64;
+        }
 
         ndr_err = ndr_push(push, NDR_IN, st);
@@ -1253 +1670 @@
   bug in either the pull or push side of our code
 */
-static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_connection *c,
+static NTSTATUS dcerpc_ndr_validate_out(struct dcecli_connection *c,
                                         struct ndr_pull *pull_in,
                                         void *struct_ptr,
@@ -1275 +1692 @@
         memcpy(st, struct_ptr, struct_size);
 
-        push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+        push = ndr_push_init_ctx(mem_ctx);
         if (!push) {
                 return NT_STATUS_NO_MEMORY;
@@ -1306 +1723 @@
         }
 
-        push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
+        push = ndr_push_init_ctx(mem_ctx);
         if (!push) {
                 return NT_STATUS_NO_MEMORY;
@@ -1356 +1773 @@
 }
 
-
-/**
- send a rpc request given a dcerpc_call structure 
- */
-struct rpc_request *dcerpc_ndr_request_send(struct dcerpc_pipe *p,
-                                            const struct GUID *object,
-                                            const struct ndr_interface_table *table,
-                                            uint32_t opnum,
-                                            bool async,
-                                            TALLOC_CTX *mem_ctx,
-                                            void *r)
-{
-        const struct ndr_interface_call *call;
-        struct ndr_push *push;
-        NTSTATUS status;
-        DATA_BLOB request;
-        struct rpc_request *req;
-        enum ndr_err_code ndr_err;
-
-        call = &table->calls[opnum];
-
-        /* setup for a ndr_push_* call */
-        push = ndr_push_init_ctx(mem_ctx, p->conn->iconv_convenience);
-        if (!push) {
-                return NULL;
-        }
-
-        if (p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
-                push->flags |= LIBNDR_FLAG_BIGENDIAN;
-        }
-
-        if (p->conn->flags & DCERPC_NDR64) {
-                push->flags |= LIBNDR_FLAG_NDR64;
-        }
-
-        /* push the structure into a blob */
-        ndr_err = call->ndr_push(push, NDR_IN, r);
-        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                status = ndr_map_error2ntstatus(ndr_err);
-                DEBUG(2,("Unable to ndr_push structure in dcerpc_ndr_request_send - %s\n",
-                         nt_errstr(status)));
-                talloc_free(push);
-                return NULL;
-        }
-
-        /* retrieve the blob */
-        request = ndr_push_blob(push);
-
-        if (p->conn->flags & DCERPC_DEBUG_VALIDATE_IN) {
-                status = dcerpc_ndr_validate_in(p->conn, push, request, call->struct_size, 
-                                                call->ndr_push, call->ndr_pull);
-                if (!NT_STATUS_IS_OK(status)) {
-                        DEBUG(2,("Validation failed in dcerpc_ndr_request_send - %s\n",
-                                 nt_errstr(status)));
-                        talloc_free(push);
-                        return NULL;
-                }
-        }
-
-        DEBUG(10,("rpc request data:\n"));
-        dump_data(10, request.data, request.length);
-
-        /* make the actual dcerpc request */
-        req = dcerpc_request_send(p, object, opnum, async, &request);
-
-        if (req != NULL) {
-                req->ndr.table = table;
-                req->ndr.opnum = opnum;
-                req->ndr.struct_ptr = r;
-                req->ndr.mem_ctx = mem_ctx;
-        }
-
-        talloc_free(push);
-
-        return req;
-}
-
-/*
-  receive the answer from a dcerpc_ndr_request_send()
-*/
-_PUBLIC_ NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req)
-{
-        struct dcerpc_pipe *p = req->p;
-        NTSTATUS status;
-        DATA_BLOB response;
-        struct ndr_pull *pull;
-        uint_t flags;
-        TALLOC_CTX *mem_ctx = req->ndr.mem_ctx;
-        void *r = req->ndr.struct_ptr;
-        uint32_t opnum = req->ndr.opnum;
-        const struct ndr_interface_table *table = req->ndr.table;
-        const struct ndr_interface_call *call = &table->calls[opnum];
-        enum ndr_err_code ndr_err;
-
-        /* make sure the recv code doesn't free the request, as we
-           need to grab the flags element before it is freed */
-        if (talloc_reference(p, req) == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        status = dcerpc_request_recv(req, mem_ctx, &response);
-        if (!NT_STATUS_IS_OK(status)) {
-                talloc_unlink(p, req);
-                return status;
-        }
-
-        flags = req->flags;
-
-        /* prepare for ndr_pull_* */
-        pull = ndr_pull_init_flags(p->conn, &response, mem_ctx);
-        if (!pull) {
-                talloc_unlink(p, req);
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        if (pull->data) {
-                pull->data = talloc_steal(pull, pull->data);
-        }
-        talloc_unlink(p, req);
-
-        if (flags & DCERPC_PULL_BIGENDIAN) {
-                pull->flags |= LIBNDR_FLAG_BIGENDIAN;
-        }
-
-        DEBUG(10,("rpc reply data:\n"));
-        dump_data(10, pull->data, pull->data_size);
-
-        /* pull the structure from the blob */
-        ndr_err = call->ndr_pull(pull, NDR_OUT, r);
-        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                status = ndr_map_error2ntstatus(ndr_err);
-                dcerpc_log_packet(p->conn->packet_log_dir,
-                                                  table, opnum, NDR_OUT, 
-                                                  &response);
-                return status;
-        }
-
-        if (p->conn->flags & DCERPC_DEBUG_VALIDATE_OUT) {
-                status = dcerpc_ndr_validate_out(p->conn, pull, r, call->struct_size, 
-                                                 call->ndr_push, call->ndr_pull, 
-                                                 call->ndr_print);
-                if (!NT_STATUS_IS_OK(status)) {
-                        dcerpc_log_packet(p->conn->packet_log_dir, 
-                                                          table, opnum, NDR_OUT, 
-                                  &response);
-                        return status;
-                }
-        }
-
-        if (pull->offset != pull->data_size) {
-                DEBUG(0,("Warning! ignoring %d unread bytes in rpc packet!\n", 
-                         pull->data_size - pull->offset));
-                /* we used to return NT_STATUS_INFO_LENGTH_MISMATCH here,
-                   but it turns out that early versions of NT
-                   (specifically NT3.1) add junk onto the end of rpc
-                   packets, so if we want to interoperate at all with
-                   those versions then we need to ignore this error */
-        }
-
-        /* TODO: make pull context independent from the output mem_ctx and free the pull context */
-
-        return NT_STATUS_OK;
-}
-
-
-/*
-  a useful helper function for synchronous rpc requests 
-
-  this can be used when you have ndr push/pull functions in the
-  standard format
-*/
-_PUBLIC_ NTSTATUS dcerpc_ndr_request(struct dcerpc_pipe *p,
-                            const struct GUID *object,
-                            const struct ndr_interface_table *table,
-                            uint32_t opnum, 
-                            TALLOC_CTX *mem_ctx, 
-                            void *r)
-{
-        struct rpc_request *req;
-
-        req = dcerpc_ndr_request_send(p, object, table, opnum, false, mem_ctx, r);
-        if (req == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        return dcerpc_ndr_request_recv(req);
-}
-
-
 /*
   a useful function for retrieving the server name we connected to
@@ -1563 +1791 @@
   get the dcerpc auth_level for a open connection
 */
-uint32_t dcerpc_auth_level(struct dcerpc_connection *c) 
+uint32_t dcerpc_auth_level(struct dcecli_connection *c) 
 {
         uint8_t auth_level;
@@ -1600 +1828 @@
         }
 
+        if (pkt->ptype == DCERPC_PKT_FAULT) {
+                DEBUG(5,("rpc fault: %s\n", dcerpc_errstr(c, pkt->u.fault.status)));
+                recv_pipe->last_fault_code = pkt->u.fault.status;
+                composite_error(c, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+
         if (pkt->ptype != DCERPC_PKT_ALTER_RESP ||
             pkt->u.alter_resp.num_results == 0 ||
             pkt->u.alter_resp.ctx_list[0].result != 0) {
+                recv_pipe->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
                 composite_error(c, NT_STATUS_NET_WRITE_FAULT);
                 return;
@@ -1610 +1846 @@
         if (recv_pipe->conn->security_state.auth_info &&
             pkt->u.alter_resp.auth_info.length) {
-                enum ndr_err_code ndr_err;
-                ndr_err = ndr_pull_struct_blob(
-                        &pkt->u.alter_resp.auth_info, recv_pipe,
-                        NULL,
-                        recv_pipe->conn->security_state.auth_info,
-                        (ndr_pull_flags_fn_t)ndr_pull_dcerpc_auth);
-                if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-                        c->status = ndr_map_error2ntstatus(ndr_err);
-                        if (!composite_is_ok(c)) return;
+                struct dcecli_connection *conn = recv_pipe->conn;
+                NTSTATUS status;
+                uint32_t auth_length;
+                status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.alter_resp.auth_info,
+                                                  conn->security_state.auth_info, &auth_length, true);
+                if (!NT_STATUS_IS_OK(status)) {
+                        composite_error(c, status);
+                        return;
                 }
         }
@@ -1674 +1909 @@
 
         /* construct the NDR form of the packet */
-        c->status = ncacn_push_auth(&blob, mem_ctx, p->conn->iconv_convenience, &pkt,
+        c->status = ncacn_push_auth(&blob, mem_ctx, &pkt,
                                     p->conn->security_state.auth_info);
         if (!composite_is_ok(c)) return c;
@@ -1725 +1960 @@
         return dcerpc_alter_context_recv(creq);
 }
+

vendor/current/source4/librpc/rpc/dcerpc.h

@@ -25 +25 @@
  * the so version number. */
 
-#ifndef __DCERPC_H__
-#define __DCERPC_H__
+#ifndef __S4_DCERPC_H__
+#define __S4_DCERPC_H__
 
 #include "../lib/util/data_blob.h"
 #include "librpc/gen_ndr/dcerpc.h"
 #include "../librpc/ndr/libndr.h"
-
-enum dcerpc_transport_t {
-        NCA_UNKNOWN, NCACN_NP, NCACN_IP_TCP, NCACN_IP_UDP, NCACN_VNS_IPC, 
-        NCACN_VNS_SPP, NCACN_AT_DSP, NCADG_AT_DDP, NCALRPC, NCACN_UNIX_STREAM, 
-        NCADG_UNIX_DGRAM, NCACN_HTTP, NCADG_IPX, NCACN_SPX };
+#include "../librpc/rpc/rpc_common.h"
+
+struct tevent_context;
+struct tevent_req;
+struct dcerpc_binding_handle;
+struct tstream_context;
 
 /*
   this defines a generic security context for signed/sealed dcerpc pipes.
 */
-struct dcerpc_connection;
+struct dcecli_connection;
 struct gensec_settings;
-struct dcerpc_security {
+struct dcecli_security {
         struct dcerpc_auth *auth_info;
         struct gensec_security *generic_state;
 
         /* get the session key */
-        NTSTATUS (*session_key)(struct dcerpc_connection *, DATA_BLOB *);
+        NTSTATUS (*session_key)(struct dcecli_connection *, DATA_BLOB *);
 };
 
@@ -53 +54 @@
   this holds the information that is not specific to a particular rpc context_id
 */
-struct dcerpc_connection {
+struct rpc_request;
+struct dcecli_connection {
         uint32_t call_id;
         uint32_t srv_max_xmit_frag;
         uint32_t srv_max_recv_frag;
         uint32_t flags;
-        struct dcerpc_security security_state;
+        struct dcecli_security security_state;
         const char *binding_string;
         struct tevent_context *event_ctx;
-        struct smb_iconv_convenience *iconv_convenience;
 
         /** Directory in which to save ndrdump-parseable files */
@@ -73 +74 @@
                 void *private_data;
 
-                NTSTATUS (*shutdown_pipe)(struct dcerpc_connection *, NTSTATUS status);
-
-                const char *(*peer_name)(struct dcerpc_connection *);
-
-                const char *(*target_hostname)(struct dcerpc_connection *);
+                NTSTATUS (*shutdown_pipe)(struct dcecli_connection *, NTSTATUS status);
+
+                const char *(*peer_name)(struct dcecli_connection *);
+
+                const char *(*target_hostname)(struct dcecli_connection *);
 
                 /* send a request to the server */
-                NTSTATUS (*send_request)(struct dcerpc_connection *, DATA_BLOB *, bool trigger_read);
+                NTSTATUS (*send_request)(struct dcecli_connection *, DATA_BLOB *, bool trigger_read);
 
                 /* send a read request to the server */
-                NTSTATUS (*send_read)(struct dcerpc_connection *);
+                NTSTATUS (*send_read)(struct dcecli_connection *);
 
                 /* a callback to the dcerpc code when a full fragment
                    has been received */
-                void (*recv_data)(struct dcerpc_connection *, DATA_BLOB *, NTSTATUS status);
+                void (*recv_data)(struct dcecli_connection *, DATA_BLOB *, NTSTATUS status);
         } transport;
 
@@ -104 +105 @@
 */
 struct dcerpc_pipe {
+        struct dcerpc_binding_handle *binding_handle;
+
         uint32_t context_id;
 
@@ -111 +114 @@
         struct ndr_syntax_id transfer_syntax;
 
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
         struct dcerpc_binding *binding;
 
@@ -123 +126 @@
 /* default timeout for all rpc requests, in seconds */
 #define DCERPC_REQUEST_TIMEOUT 60
-
-
-/* dcerpc pipe flags */
-#define DCERPC_DEBUG_PRINT_IN          (1<<0)
-#define DCERPC_DEBUG_PRINT_OUT         (1<<1)
-#define DCERPC_DEBUG_PRINT_BOTH (DCERPC_DEBUG_PRINT_IN | DCERPC_DEBUG_PRINT_OUT)
-
-#define DCERPC_DEBUG_VALIDATE_IN       (1<<2)
-#define DCERPC_DEBUG_VALIDATE_OUT      (1<<3)
-#define DCERPC_DEBUG_VALIDATE_BOTH (DCERPC_DEBUG_VALIDATE_IN | DCERPC_DEBUG_VALIDATE_OUT)
-
-#define DCERPC_CONNECT                 (1<<4)
-#define DCERPC_SIGN                    (1<<5)
-#define DCERPC_SEAL                    (1<<6)
-
-#define DCERPC_PUSH_BIGENDIAN          (1<<7)
-#define DCERPC_PULL_BIGENDIAN          (1<<8)
-
-#define DCERPC_SCHANNEL                (1<<9)
-
-#define DCERPC_ANON_FALLBACK           (1<<10)
-
-/* use a 128 bit session key */
-#define DCERPC_SCHANNEL_128            (1<<12)
-
-/* check incoming pad bytes */
-#define DCERPC_DEBUG_PAD_CHECK         (1<<13)
-
-/* set LIBNDR_FLAG_REF_ALLOC flag when decoding NDR */
-#define DCERPC_NDR_REF_ALLOC           (1<<14)
-
-#define DCERPC_AUTH_OPTIONS    (DCERPC_SEAL|DCERPC_SIGN|DCERPC_SCHANNEL|DCERPC_AUTH_SPNEGO|DCERPC_AUTH_KRB5|DCERPC_AUTH_NTLM)
-
-/* select spnego auth */
-#define DCERPC_AUTH_SPNEGO             (1<<15)
-
-/* select krb5 auth */
-#define DCERPC_AUTH_KRB5               (1<<16)
-
-#define DCERPC_SMB2                    (1<<17)
-
-/* select NTLM auth */
-#define DCERPC_AUTH_NTLM               (1<<18)
-
-/* this triggers the DCERPC_PFC_FLAG_CONC_MPX flag in the bind request */
-#define DCERPC_CONCURRENT_MULTIPLEX     (1<<19)
-
-/* this triggers the DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag in the bind request */
-#define DCERPC_HEADER_SIGNING          (1<<20)
-
-/* use NDR64 transport */
-#define DCERPC_NDR64                   (1<<21)
-
-/* this describes a binding to a particular transport/pipe */
-struct dcerpc_binding {
-        enum dcerpc_transport_t transport;
-        struct ndr_syntax_id object;
-        const char *host;
-        const char *target_hostname;
-        const char *endpoint;
-        const char **options;
-        uint32_t flags;
-        uint32_t assoc_group_id;
-};
 
 
@@ -199 +138 @@
 
 
-enum rpc_request_state {
-        RPC_REQUEST_QUEUED,
-        RPC_REQUEST_PENDING,
-        RPC_REQUEST_DONE
-};
-
-/*
-  handle for an async dcerpc request
-*/
-struct rpc_request {
-        struct rpc_request *next, *prev;
-        struct dcerpc_pipe *p;
-        NTSTATUS status;
-        uint32_t call_id;
-        enum rpc_request_state state;
-        DATA_BLOB payload;
-        uint32_t flags;
-        uint32_t fault_code;
-
-        /* this is used to distinguish bind and alter_context requests
-           from normal requests */
-        void (*recv_handler)(struct rpc_request *conn, 
-                             DATA_BLOB *blob, struct ncacn_packet *pkt);
-
-        const struct GUID *object;
-        uint16_t opnum;
-        DATA_BLOB request_data;
-        bool async_call;
-        bool ignore_timeout;
-
-        /* use by the ndr level async recv call */
-        struct {
-                const struct ndr_interface_table *table;
-                uint32_t opnum;
-                void *struct_ptr;
-                TALLOC_CTX *mem_ctx;
-        } ndr;
-
-        struct {
-                void (*callback)(struct rpc_request *);
-                void *private_data;
-        } async;
-};
-
 struct epm_tower;
 struct epm_floor;
@@ -257 +152 @@
                              struct tevent_context *ev,
                              struct loadparm_context *lp_ctx);
-NTSTATUS dcerpc_ndr_request_recv(struct rpc_request *req);
-struct rpc_request *dcerpc_ndr_request_send(struct dcerpc_pipe *p,
-                                                const struct GUID *object,
-                                                const struct ndr_interface_table *table,
-                                                uint32_t opnum, 
-                                                bool async,
-                                                TALLOC_CTX *mem_ctx, 
-                                                void *r);
 const char *dcerpc_server_name(struct dcerpc_pipe *p);
-struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
-                                     struct smb_iconv_convenience *ic);
+struct dcerpc_pipe *dcerpc_pipe_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev);
 NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p,
                               struct smbcli_tree *tree,
@@ -278 +164 @@
 NTSTATUS dcerpc_secondary_connection_recv(struct composite_context *c,
                                           struct dcerpc_pipe **p2);
-NTSTATUS dcerpc_parse_binding(TALLOC_CTX *mem_ctx, const char *s, struct dcerpc_binding **b_out);
 
 struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx,
@@ -297 +182 @@
                                struct tevent_context *ev,
                                struct loadparm_context *lp_ctx);
-const char *dcerpc_errstr(TALLOC_CTX *mem_ctx, uint32_t fault_code);
 
 NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
@@ -305 +189 @@
                           struct cli_credentials *credentials,
                           struct loadparm_context *lp_ctx);
-char *dcerpc_binding_string(TALLOC_CTX *mem_ctx, const struct dcerpc_binding *b);
 NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p,
                                      struct dcerpc_pipe **p2,
@@ -317 +200 @@
 struct tevent_context *dcerpc_event_context(struct dcerpc_pipe *p);
 NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx);
-struct smbcli_tree *dcerpc_smb_tree(struct dcerpc_connection *c);
-uint16_t dcerpc_smb_fnum(struct dcerpc_connection *c);
+struct smbcli_tree *dcerpc_smb_tree(struct dcecli_connection *c);
+uint16_t dcerpc_smb_fnum(struct dcecli_connection *c);
 NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, 
                                   struct dcerpc_pipe **pp2,
@@ -357 +240 @@
                                                            struct dcerpc_binding *b);
 void dcerpc_log_packet(const char *lockdir, 
-                                           const struct ndr_interface_table *ndr,
-                                           uint32_t opnum, uint32_t flags, 
-                                           DATA_BLOB *pkt);
-NTSTATUS dcerpc_binding_build_tower(TALLOC_CTX *mem_ctx,
-                                    const struct dcerpc_binding *binding,
-                                    struct epm_tower *tower);
-
-NTSTATUS dcerpc_floor_get_lhs_data(const struct epm_floor *epm_floor, struct ndr_syntax_id *syntax);
-
-enum dcerpc_transport_t dcerpc_transport_by_tower(const struct epm_tower *tower);
-const char *derpc_transport_string_by_transport(enum dcerpc_transport_t t);
-
-NTSTATUS dcerpc_ndr_request(struct dcerpc_pipe *p,
-                            const struct GUID *object,
-                            const struct ndr_interface_table *table,
-                            uint32_t opnum, 
-                            TALLOC_CTX *mem_ctx, 
-                            void *r);
-
-NTSTATUS dcerpc_binding_from_tower(TALLOC_CTX *mem_ctx, 
-                                   struct epm_tower *tower, 
-                                   struct dcerpc_binding **b_out);
-
-NTSTATUS dcerpc_request(struct dcerpc_pipe *p, 
-                        struct GUID *object,
-                        uint16_t opnum,
-                        TALLOC_CTX *mem_ctx,
-                        DATA_BLOB *stub_data_in,
-                        DATA_BLOB *stub_data_out);
-
-typedef NTSTATUS (*dcerpc_call_fn) (struct dcerpc_pipe *, TALLOC_CTX *, void *);
+                       const struct ndr_interface_table *ndr,
+                       uint32_t opnum, uint32_t flags,
+                       const DATA_BLOB *pkt);
+
 
 enum dcerpc_transport_t dcerpc_transport_by_endpoint_protocol(int prot);
@@ -393 +249 @@
 const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor);
 
-#endif /* __DCERPC_H__ */
+#endif /* __S4_DCERPC_H__ */

vendor/current/source4/librpc/rpc/dcerpc.py

@@ -1 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 
 # Unix SMB/CIFS implementation.

vendor/current/source4/librpc/rpc/dcerpc_auth.c

@@ -115 +115 @@
 {
         struct bind_auth_state *state;
-        struct dcerpc_security *sec;
+        struct dcecli_security *sec;
         struct composite_context *creq;
         bool more_processing = false;
@@ -234 +234 @@
         struct composite_context *c, *creq;
         struct bind_auth_state *state;
-        struct dcerpc_security *sec;
+        struct dcecli_security *sec;
 
         struct ndr_syntax_id syntax, transfer_syntax;
@@ -293 +293 @@
         }
 
+        if (p->binding && p->binding->target_principal) {
+                c->status = gensec_set_target_principal(sec->generic_state,
+                                                        p->binding->target_principal);
+                if (!NT_STATUS_IS_OK(c->status)) {
+                        DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
+                                  p->binding->target_principal, nt_errstr(c->status)));
+                        composite_error(c, c->status);
+                        return c;
+                }
+        }
+
         c->status = gensec_start_mech_by_authtype(sec->generic_state,
                                                   auth_type, auth_level);

vendor/current/source4/librpc/rpc/dcerpc_connect.c

@@ -112 +112 @@
            remote rpc server */
         conn->in.dest_host              = s->io.binding->host;
-        conn->in.dest_ports                  = lp_smb_ports(lp_ctx);
+        conn->in.dest_ports                  = lpcfg_smb_ports(lp_ctx);
         if (s->io.binding->target_hostname == NULL)
                 conn->in.called_name = "*SMBSERVER"; /* FIXME: This is invalid */
         else
                 conn->in.called_name            = s->io.binding->target_hostname;
-        conn->in.socket_options         = lp_socket_options(lp_ctx);
+        conn->in.socket_options         = lpcfg_socket_options(lp_ctx);
         conn->in.service                = "IPC$";
         conn->in.service_type           = NULL;
-        conn->in.workgroup              = lp_workgroup(lp_ctx);
-        conn->in.gensec_settings = lp_gensec_settings(conn, lp_ctx);
-        conn->in.iconv_convenience = lp_iconv_convenience(lp_ctx);
-
-        lp_smbcli_options(lp_ctx, &conn->in.options);
-        lp_smbcli_session_options(lp_ctx, &conn->in.session_options);
+        conn->in.workgroup              = lpcfg_workgroup(lp_ctx);
+        conn->in.gensec_settings = lpcfg_gensec_settings(conn, lp_ctx);
+
+        lpcfg_smbcli_options(lp_ctx, &conn->in.options);
+        lpcfg_smbcli_session_options(lp_ctx, &conn->in.session_options);
 
         /*
@@ -246 +245 @@
         }
 
-        lp_smbcli_options(lp_ctx, &options);
+        lpcfg_smbcli_options(lp_ctx, &options);
 
         /* send smb2 connect request */
         conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, 
-                        lp_parm_string_list(mem_ctx, lp_ctx, NULL, "smb2", "ports", NULL),
+                        lpcfg_parm_string_list(mem_ctx, lp_ctx, NULL, "smb2", "ports", NULL),
                                         "IPC$", 
                                      s->io.resolve_ctx,
@@ -256 +255 @@
                                      c->event_ctx,
                                      &options,
-                                         lp_socket_options(lp_ctx),
-                                         lp_gensec_settings(mem_ctx, lp_ctx)
+                                         lpcfg_socket_options(lp_ctx),
+                                         lpcfg_gensec_settings(mem_ctx, lp_ctx)
                                          );
         composite_continue(c, conn_req, continue_smb2_connect, c);
@@ -278 +277 @@
 struct pipe_ip_tcp_state {
         struct dcerpc_pipe_connect io;
+        const char *localaddr;
         const char *host;
         const char *target_hostname;
@@ -321 +321 @@
         /* store input parameters in state structure */
         s->io               = *io;
+        s->localaddr        = talloc_reference(c, io->binding->localaddress);
         s->host             = talloc_reference(c, io->binding->host);
         s->target_hostname  = talloc_reference(c, io->binding->target_hostname);
@@ -327 +328 @@
 
         /* send pipe open request on tcp/ip */
-        pipe_req = dcerpc_pipe_open_tcp_send(s->io.pipe->conn, s->host, s->target_hostname, 
+        pipe_req = dcerpc_pipe_open_tcp_send(s->io.pipe->conn, s->localaddr, s->host, s->target_hostname,
                                              s->port, io->resolve_ctx);
         composite_continue(c, pipe_req, continue_pipe_open_ncacn_ip_tcp, c);
@@ -464 +465 @@
 
         /* send pipe open request */
-        pipe_req = dcerpc_pipe_open_pipe_send(s->io.pipe->conn, lp_ncalrpc_dir(lp_ctx), 
+        pipe_req = dcerpc_pipe_open_pipe_send(s->io.pipe->conn, lpcfg_ncalrpc_dir(lp_ctx),
                                               s->io.binding->endpoint);
         composite_continue(c, pipe_req, continue_pipe_open_ncalrpc, c);
@@ -516 +517 @@
         if (!composite_is_ok(c)) return;
 
-        DEBUG(2,("Mapped to DCERPC endpoint %s\n", s->binding->endpoint));
+        DEBUG(4,("Mapped to DCERPC endpoint %s\n", s->binding->endpoint));
         
         continue_connect(c, s);
@@ -539 +540 @@
         pc.pipe         = s->pipe;
         pc.binding      = s->binding;
+        pc.pipe_name    = NULL;
         pc.interface    = s->table;
         pc.creds        = s->credentials;
-        pc.resolve_ctx  = lp_resolve_context(s->lp_ctx);
+        pc.resolve_ctx  = lpcfg_resolve_context(s->lp_ctx);
 
         /* connect dcerpc pipe depending on required transport */
@@ -744 +746 @@
 
         /* initialise dcerpc pipe structure */
-        s->pipe = dcerpc_pipe_init(c, ev, lp_iconv_convenience(lp_ctx));
+        s->pipe = dcerpc_pipe_init(c, ev);
         if (composite_nomem(s->pipe, c)) return c;
 
         if (DEBUGLEVEL >= 10)
-                s->pipe->conn->packet_log_dir = lp_lockdir(lp_ctx);
+                s->pipe->conn->packet_log_dir = lpcfg_lockdir(lp_ctx);
 
         /* store parameters in state structure */

vendor/current/source4/librpc/rpc/dcerpc_schannel.c

@@ -23 +23 @@
 
 #include "includes.h"
+#include <tevent.h>
 #include "auth/auth.h"
 #include "libcli/composite/composite.h"
@@ -50 +51 @@
 static void continue_secondary_connection(struct composite_context *ctx);
 static void continue_bind_auth_none(struct composite_context *ctx);
-static void continue_srv_challenge(struct rpc_request *req);
-static void continue_srv_auth2(struct rpc_request *req);
+static void continue_srv_challenge(struct tevent_req *subreq);
+static void continue_srv_auth2(struct tevent_req *subreq);
 
 
@@ -120 +121 @@
         struct composite_context *c;
         struct schannel_key_state *s;
-        struct rpc_request *srv_challenge_req;
+        struct tevent_req *subreq;
 
         c = talloc_get_type(ctx->async.private_data, struct composite_context);
@@ -141 +142 @@
           request a netlogon challenge - a rpc request over opened secondary pipe
         */
-        srv_challenge_req = dcerpc_netr_ServerReqChallenge_send(s->pipe2, c, &s->r);
-        if (composite_nomem(srv_challenge_req, c)) return;
-
-        composite_continue_rpc(c, srv_challenge_req, continue_srv_challenge, c);
+        subreq = dcerpc_netr_ServerReqChallenge_r_send(s, c->event_ctx,
+                                                       s->pipe2->binding_handle,
+                                                       &s->r);
+        if (composite_nomem(subreq, c)) return;
+
+        tevent_req_set_callback(subreq, continue_srv_challenge, c);
 }
 
@@ -152 +155 @@
   on the netlogon pipe
 */
-static void continue_srv_challenge(struct rpc_request *req)
-{
-        struct composite_context *c;
-        struct schannel_key_state *s;
-        struct rpc_request *srv_auth2_req;
-
-        c = talloc_get_type(req->async.private_data, struct composite_context);
+static void continue_srv_challenge(struct tevent_req *subreq)
+{
+        struct composite_context *c;
+        struct schannel_key_state *s;
+
+        c = tevent_req_callback_data(subreq, struct composite_context);
         s = talloc_get_type(c->private_data, struct schannel_key_state);
 
         /* receive rpc request result - netlogon challenge */
-        c->status = dcerpc_ndr_request_recv(req);
+        c->status = dcerpc_netr_ServerReqChallenge_r_recv(subreq, s);
+        TALLOC_FREE(subreq);
         if (!composite_is_ok(c)) return;
 
@@ -190 +193 @@
           authenticate on the netlogon pipe - a rpc request over secondary pipe
         */
-        srv_auth2_req = dcerpc_netr_ServerAuthenticate2_send(s->pipe2, c, &s->a);
-        if (composite_nomem(srv_auth2_req, c)) return;
-
-        composite_continue_rpc(c, srv_auth2_req, continue_srv_auth2, c);
+        subreq = dcerpc_netr_ServerAuthenticate2_r_send(s, c->event_ctx,
+                                                        s->pipe2->binding_handle,
+                                                        &s->a);
+        if (composite_nomem(subreq, c)) return;
+
+        tevent_req_set_callback(subreq, continue_srv_auth2, c);
 }
 
@@ -201 +206 @@
   received credentials
 */
-static void continue_srv_auth2(struct rpc_request *req)
-{
-        struct composite_context *c;
-        struct schannel_key_state *s;
-
-        c = talloc_get_type(req->async.private_data, struct composite_context);
+static void continue_srv_auth2(struct tevent_req *subreq)
+{
+        struct composite_context *c;
+        struct schannel_key_state *s;
+
+        c = tevent_req_callback_data(subreq, struct composite_context);
         s = talloc_get_type(c->private_data, struct schannel_key_state);
 
         /* receive rpc request result - auth2 credentials */ 
-        c->status = dcerpc_ndr_request_recv(req);
+        c->status = dcerpc_netr_ServerAuthenticate2_r_recv(subreq, s);
+        TALLOC_FREE(subreq);
         if (!composite_is_ok(c)) return;
 
@@ -238 +244 @@
         struct schannel_key_state *s;
         struct composite_context *epm_map_req;
+        enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials);
         
         /* composite context allocation and setup */
@@ -253 +260 @@
         /* allocate credentials */
         /* type of authentication depends on schannel type */
-        if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
+        if (schannel_type == SEC_CHAN_RODC) {
+                s->negotiate_flags = NETLOGON_NEG_AUTH2_RODC_FLAGS;
+        } else if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
                 s->negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
         } else {
@@ -260 +269 @@
 
         /* allocate binding structure */
-        s->binding = talloc(c, struct dcerpc_binding);
+        s->binding = talloc_zero(c, struct dcerpc_binding);
         if (composite_nomem(s->binding, c)) return c;
 
@@ -312 +321 @@
         struct auth_schannel_state *s = talloc_get_type(c->private_data,
                                                         struct auth_schannel_state);
+        NTSTATUS status;
 
         /* receive schannel key */
-        c->status = dcerpc_schannel_key_recv(ctx);
+        status = c->status = dcerpc_schannel_key_recv(ctx);
         if (!composite_is_ok(c)) {
-                DEBUG(1, ("Failed to setup credentials for account %s: %s\n",
-                          cli_credentials_get_username(s->credentials), nt_errstr(c->status)));
+                DEBUG(1, ("Failed to setup credentials: %s\n", nt_errstr(status)));
                 return;
         }
@@ -323 +332 @@
         /* send bind auth request with received creds */
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, 
-                                         lp_gensec_settings(c, s->lp_ctx),
+                                         lpcfg_gensec_settings(c, s->lp_ctx),
                                          DCERPC_AUTH_TYPE_SCHANNEL, s->auth_level,
                                          NULL);

vendor/current/source4/librpc/rpc/dcerpc_secondary.c

@@ -74 +74 @@
 
         /* initialise second dcerpc pipe based on primary pipe's event context */
-        s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx, s->pipe->conn->iconv_convenience);
+        s->pipe2 = dcerpc_pipe_init(c, s->pipe->conn->event_ctx);
         if (composite_nomem(s->pipe2, c)) return c;
 
@@ -103 +103 @@
 
                 pipe_tcp_req = dcerpc_pipe_open_tcp_send(s->pipe2->conn,
+                                                         s->binding->localaddress,
                                                          s->peer_addr->addr,
                                                          s->binding->target_hostname,

vendor/current/source4/librpc/rpc/dcerpc_smb.c

@@ -26 +26 @@
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/rpc_common.h"
 
 /* transport private information used by SMB pipe transport */
@@ -39 +40 @@
   tell the dcerpc layer that the transport is dead
 */
-static void pipe_dead(struct dcerpc_connection *c, NTSTATUS status)
+static void pipe_dead(struct dcecli_connection *c, NTSTATUS status)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -67 +68 @@
 */
 struct smb_read_state {
-        struct dcerpc_connection *c;
+        struct dcecli_connection *c;
         struct smbcli_request *req;
         size_t received;
@@ -110 +111 @@
         if (frag_length <= state->received) {
                 DATA_BLOB data = state->data;
-                struct dcerpc_connection *c = state->c;
+                struct dcecli_connection *c = state->c;
                 data.length = state->received;
                 talloc_steal(state->c, data.data);
@@ -141 +142 @@
   data in the read buffer
 */
-static NTSTATUS send_read_request_continue(struct dcerpc_connection *c, DATA_BLOB *blob)
+static NTSTATUS send_read_request_continue(struct dcecli_connection *c, DATA_BLOB *blob)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -197 +198 @@
   trigger a read request from the server
 */
-static NTSTATUS send_read_request(struct dcerpc_connection *c)
+static NTSTATUS send_read_request(struct dcecli_connection *c)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -212 +213 @@
 */
 struct smb_trans_state {
-        struct dcerpc_connection *c;
+        struct dcecli_connection *c;
         struct smbcli_request *req;
         struct smb_trans2 *trans;
@@ -223 +224 @@
 {
         struct smb_trans_state *state = (struct smb_trans_state *)req->async.private_data;
-        struct dcerpc_connection *c = state->c;
+        struct dcecli_connection *c = state->c;
         NTSTATUS status;
 
@@ -249 +250 @@
   send a SMBtrans style request
 */
-static NTSTATUS smb_send_trans_request(struct dcerpc_connection *c, DATA_BLOB *blob)
+static NTSTATUS smb_send_trans_request(struct dcecli_connection *c, DATA_BLOB *blob)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -306 +307 @@
 static void smb_write_callback(struct smbcli_request *req)
 {
-        struct dcerpc_connection *c = (struct dcerpc_connection *)req->async.private_data;
+        struct dcecli_connection *c = (struct dcecli_connection *)req->async.private_data;
 
         if (!NT_STATUS_IS_OK(req->status)) {
@@ -319 +320 @@
    send a packet to the server
 */
-static NTSTATUS smb_send_request(struct dcerpc_connection *c, DATA_BLOB *blob, 
+static NTSTATUS smb_send_request(struct dcecli_connection *c, DATA_BLOB *blob, 
                                  bool trigger_read)
 {
@@ -370 +371 @@
    shutdown SMB pipe connection
 */
-static NTSTATUS smb_shutdown_pipe(struct dcerpc_connection *c, NTSTATUS status)
+static NTSTATUS smb_shutdown_pipe(struct dcecli_connection *c, NTSTATUS status)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -397 +398 @@
   return SMB server name (called name)
 */
-static const char *smb_peer_name(struct dcerpc_connection *c)
+static const char *smb_peer_name(struct dcecli_connection *c)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -407 +408 @@
   return remote name we make the actual connection (good for kerberos) 
 */
-static const char *smb_target_hostname(struct dcerpc_connection *c)
+static const char *smb_target_hostname(struct dcecli_connection *c)
 {
         struct smb_private *smb = talloc_get_type(c->transport.private_data, struct smb_private);
@@ -417 +418 @@
   fetch the user session key 
 */
-static NTSTATUS smb_session_key(struct dcerpc_connection *c, DATA_BLOB *session_key)
+static NTSTATUS smb_session_key(struct dcecli_connection *c, DATA_BLOB *session_key)
 {
         struct smb_private *smb = (struct smb_private *)c->transport.private_data;
@@ -431 +432 @@
 struct pipe_open_smb_state {
         union smb_open *open;
-        struct dcerpc_connection *c;
+        struct dcecli_connection *c;
         struct smbcli_tree *tree;
         struct composite_context *ctx;
@@ -445 +446 @@
         struct pipe_open_smb_state *state;
         struct smbcli_request *req;
-        struct dcerpc_connection *c = p->conn;
+        struct dcecli_connection *c = p->conn;
 
         /* if we don't have a binding on this pipe yet, then create one */
@@ -477 +478 @@
         state->open->ntcreatex.level = RAW_OPEN_NTCREATEX;
         state->open->ntcreatex.in.flags = 0;
-        state->open->ntcreatex.in.root_fid = 0;
+        state->open->ntcreatex.in.root_fid.fnum = 0;
         state->open->ntcreatex.in.access_mask = 
                 SEC_STD_READ_CONTROL |
@@ -515 +516 @@
                                             struct pipe_open_smb_state);
         struct composite_context *ctx = state->ctx;
-        struct dcerpc_connection *c = state->c;
+        struct dcecli_connection *c = state->c;
         struct smb_private *smb;
         
@@ -571 +572 @@
   return the SMB tree used for a dcerpc over SMB pipe
 */
-_PUBLIC_ struct smbcli_tree *dcerpc_smb_tree(struct dcerpc_connection *c)
+_PUBLIC_ struct smbcli_tree *dcerpc_smb_tree(struct dcecli_connection *c)
 {
         struct smb_private *smb;
@@ -586 +587 @@
   return the SMB fnum used for a dcerpc over SMB pipe (hack for torture operations)
 */
-_PUBLIC_ uint16_t dcerpc_smb_fnum(struct dcerpc_connection *c)
+_PUBLIC_ uint16_t dcerpc_smb_fnum(struct dcecli_connection *c)
 {
         struct smb_private *smb;

vendor/current/source4/librpc/rpc/dcerpc_smb2.c

@@ -28 +28 @@
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_proto.h"
+#include "librpc/rpc/rpc_common.h"
 
 /* transport private information used by SMB2 pipe transport */
@@ -41 +42 @@
   tell the dcerpc layer that the transport is dead
 */
-static void pipe_dead(struct dcerpc_connection *c, NTSTATUS status)
+static void pipe_dead(struct dcecli_connection *c, NTSTATUS status)
 {
         struct smb2_private *smb = (struct smb2_private *)c->transport.private_data;
@@ -69 +70 @@
 */
 struct smb2_read_state {
-        struct dcerpc_connection *c;
+        struct dcecli_connection *c;
         DATA_BLOB data;
 };
@@ -113 +114 @@
         if (frag_length <= state->data.length) {
                 DATA_BLOB data = state->data;
-                struct dcerpc_connection *c = state->c;
+                struct dcecli_connection *c = state->c;
                 talloc_steal(c, data.data);
                 talloc_free(state);
@@ -145 +146 @@
   data in the read buffer
 */
-static NTSTATUS send_read_request_continue(struct dcerpc_connection *c, DATA_BLOB *blob)
+static NTSTATUS send_read_request_continue(struct dcecli_connection *c, DATA_BLOB *blob)
 {
         struct smb2_private *smb = (struct smb2_private *)c->transport.private_data;
@@ -190 +191 @@
   trigger a read request from the server
 */
-static NTSTATUS send_read_request(struct dcerpc_connection *c)
+static NTSTATUS send_read_request(struct dcecli_connection *c)
 {
         struct smb2_private *smb = (struct smb2_private *)c->transport.private_data;
@@ -205 +206 @@
 */
 struct smb2_trans_state {
-        struct dcerpc_connection *c;
+        struct dcecli_connection *c;
 };
 
@@ -215 +216 @@
         struct smb2_trans_state *state = talloc_get_type(req->async.private_data,
                                                         struct smb2_trans_state);
-        struct dcerpc_connection *c = state->c;
+        struct dcecli_connection *c = state->c;
         NTSTATUS status;
         struct smb2_ioctl io;
@@ -241 +242 @@
   send a SMBtrans style request, using a named pipe read_write fsctl
 */
-static NTSTATUS smb2_send_trans_request(struct dcerpc_connection *c, DATA_BLOB *blob)
+static NTSTATUS smb2_send_trans_request(struct dcecli_connection *c, DATA_BLOB *blob)
 {
         struct smb2_private *smb = talloc_get_type(c->transport.private_data,
@@ -282 +283 @@
 static void smb2_write_callback(struct smb2_request *req)
 {
-        struct dcerpc_connection *c = (struct dcerpc_connection *)req->async.private_data;
+        struct dcecli_connection *c = (struct dcecli_connection *)req->async.private_data;
 
         if (!NT_STATUS_IS_OK(req->status)) {
@@ -295 +296 @@
    send a packet to the server
 */
-static NTSTATUS smb2_send_request(struct dcerpc_connection *c, DATA_BLOB *blob, 
+static NTSTATUS smb2_send_request(struct dcecli_connection *c, DATA_BLOB *blob, 
                                   bool trigger_read)
 {
@@ -333 +334 @@
    shutdown SMB pipe connection
 */
-static NTSTATUS smb2_shutdown_pipe(struct dcerpc_connection *c, NTSTATUS status)
+static NTSTATUS smb2_shutdown_pipe(struct dcecli_connection *c, NTSTATUS status)
 {
         struct smb2_private *smb = (struct smb2_private *)c->transport.private_data;
@@ -358 +359 @@
   return SMB server name
 */
-static const char *smb2_peer_name(struct dcerpc_connection *c)
+static const char *smb2_peer_name(struct dcecli_connection *c)
 {
         struct smb2_private *smb = talloc_get_type(c->transport.private_data,
@@ -368 +369 @@
   return remote name we make the actual connection (good for kerberos) 
 */
-static const char *smb2_target_hostname(struct dcerpc_connection *c)
+static const char *smb2_target_hostname(struct dcecli_connection *c)
 {
         struct smb2_private *smb = talloc_get_type(c->transport.private_data, 
@@ -378 +379 @@
   fetch the user session key 
 */
-static NTSTATUS smb2_session_key(struct dcerpc_connection *c, DATA_BLOB *session_key)
+static NTSTATUS smb2_session_key(struct dcecli_connection *c, DATA_BLOB *session_key)
 {
         struct smb2_private *smb = talloc_get_type(c->transport.private_data,
@@ -390 +391 @@
 
 struct pipe_open_smb2_state {
-        struct dcerpc_connection *c;
+        struct dcecli_connection *c;
         struct composite_context *ctx;
 };
@@ -404 +405 @@
         struct smb2_create io;
         struct smb2_request *req;
-        struct dcerpc_connection *c = p->conn;
+        struct dcecli_connection *c = p->conn;
 
         ctx = composite_create(c, c->event_ctx);
@@ -453 +454 @@
                                 struct pipe_open_smb2_state);
         struct composite_context *ctx = state->ctx;
-        struct dcerpc_connection *c = state->c;
+        struct dcecli_connection *c = state->c;
         struct smb2_tree *tree = req->tree;
         struct smb2_private *smb;
@@ -510 +511 @@
   return the SMB2 tree used for a dcerpc over SMB2 pipe
 */
-struct smb2_tree *dcerpc_smb2_tree(struct dcerpc_connection *c)
+struct smb2_tree *dcerpc_smb2_tree(struct dcecli_connection *c)
 {
         struct smb2_private *smb = talloc_get_type(c->transport.private_data,

vendor/current/source4/librpc/rpc/dcerpc_sock.c

@@ -30 +30 @@
 #include "librpc/rpc/dcerpc_proto.h"
 #include "libcli/resolve/resolve.h"
+#include "librpc/rpc/rpc_common.h"
 
 /* transport private information used by general socket pipe transports */
@@ -47 +48 @@
   mark the socket dead
 */
-static void sock_dead(struct dcerpc_connection *p, NTSTATUS status)
+static void sock_dead(struct dcecli_connection *p, NTSTATUS status)
 {
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;
@@ -88 +89 @@
 static void sock_error_handler(void *private_data, NTSTATUS status)
 {
-        struct dcerpc_connection *p = talloc_get_type(private_data,
-                                                      struct dcerpc_connection);
+        struct dcecli_connection *p = talloc_get_type(private_data,
+                                                      struct dcecli_connection);
         sock_dead(p, status);
 }
@@ -113 +114 @@
 static NTSTATUS sock_process_recv(void *private_data, DATA_BLOB blob)
 {
-        struct dcerpc_connection *p = talloc_get_type(private_data,
-                                                      struct dcerpc_connection);
+        struct dcecli_connection *p = talloc_get_type(private_data,
+                                                      struct dcecli_connection);
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;
         sock->pending_reads--;
@@ -130 +131 @@
                             uint16_t flags, void *private_data)
 {
-        struct dcerpc_connection *p = talloc_get_type(private_data,
-                                                      struct dcerpc_connection);
+        struct dcecli_connection *p = talloc_get_type(private_data,
+                                                      struct dcecli_connection);
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;
 
@@ -151 +152 @@
    initiate a read request - not needed for dcerpc sockets
 */
-static NTSTATUS sock_send_read(struct dcerpc_connection *p)
+static NTSTATUS sock_send_read(struct dcecli_connection *p)
 {
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;
@@ -164 +165 @@
    send an initial pdu in a multi-pdu sequence
 */
-static NTSTATUS sock_send_request(struct dcerpc_connection *p, DATA_BLOB *data, 
+static NTSTATUS sock_send_request(struct dcecli_connection *p, DATA_BLOB *data, 
                                   bool trigger_read)
 {
@@ -195 +196 @@
    shutdown sock pipe connection
 */
-static NTSTATUS sock_shutdown_pipe(struct dcerpc_connection *p, NTSTATUS status)
+static NTSTATUS sock_shutdown_pipe(struct dcecli_connection *p, NTSTATUS status)
 {
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;
@@ -209 +210 @@
   return sock server name
 */
-static const char *sock_peer_name(struct dcerpc_connection *p)
+static const char *sock_peer_name(struct dcecli_connection *p)
 {
         struct sock_private *sock = talloc_get_type(p->transport.private_data, struct sock_private);
@@ -218 +219 @@
   return remote name we make the actual connection (good for kerberos) 
 */
-static const char *sock_target_hostname(struct dcerpc_connection *p)
+static const char *sock_target_hostname(struct dcecli_connection *p)
 {
         struct sock_private *sock = talloc_get_type(p->transport.private_data, struct sock_private);
@@ -226 +227 @@
 
 struct pipe_open_socket_state {
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
         struct socket_context *socket_ctx;
         struct sock_private *sock;
+        struct socket_address *localaddr;
         struct socket_address *server;
         const char *target_hostname;
@@ -237 +239 @@
 static void continue_socket_connect(struct composite_context *ctx)
 {
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
         struct sock_private *sock;
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
@@ -305 +307 @@
 
 static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ctx,
-                                                       struct dcerpc_connection *cn,
+                                                       struct dcecli_connection *cn,
+                                                       struct socket_address *localaddr,
                                                        struct socket_address *server,
                                                        const char *target_hostname,
@@ -324 +327 @@
         s->conn      = cn;
         s->transport = transport;
+        if (localaddr) {
+                s->localaddr = talloc_reference(c, localaddr);
+                if (composite_nomem(s->localaddr, c)) return c;
+        }
         s->server    = talloc_reference(c, server);
         if (composite_nomem(s->server, c)) return c;
@@ -338 +345 @@
         s->sock->path = talloc_reference(s->sock, full_path);
 
-        conn_req = socket_connect_send(s->socket_ctx, NULL, s->server, 0, 
+        conn_req = socket_connect_send(s->socket_ctx, s->localaddr, s->server, 0,
                                        c->event_ctx);
         composite_continue(c, conn_req, continue_socket_connect, c);
@@ -358 +365 @@
         const char *address;
         uint32_t port;
+        struct socket_address *localaddr;
         struct socket_address *srvaddr;
         struct resolve_context *resolve_ctx;
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
 };
 
@@ -386 +394 @@
 
         /* resolve_nbt_name gives only ipv4 ... - send socket open request */
-        sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn,
+        sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
                                                      s->srvaddr, s->target_hostname,
                                                      NULL,
@@ -420 +428 @@
 
         /* try IPv4 if IPv6 fails */
-        sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, 
+        sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
                                                      s->srvaddr, s->target_hostname, 
                                                      NCACN_IP_TCP);
@@ -453 +461 @@
 }
 
-
 /*
   Send rpc pipe open request to given host:port using
   tcp/ip transport
 */
-struct composite_context* dcerpc_pipe_open_tcp_send(struct dcerpc_connection *conn,
+struct composite_context* dcerpc_pipe_open_tcp_send(struct dcecli_connection *conn,
+                                                    const char *localaddr,
                                                     const char *server,
                                                     const char *target_hostname,
@@ -487 +495 @@
         s->conn            = conn;
         s->resolve_ctx     = resolve_ctx;
+        if (localaddr) {
+                s->localaddr = socket_address_from_strings(s, "ip", localaddr, 0);
+                /* if there is no localaddr, we pass NULL for
+                   s->localaddr, which is handled by the socket libraries as
+                   meaning no local binding address specified */
+        }
 
         make_nbt_name_server(&name, server);
@@ -510 +524 @@
         const char *path;
         struct socket_address *srvaddr;
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
 };
 
@@ -536 +550 @@
   Send pipe open request on unix socket
 */
-struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcerpc_connection *conn,
+struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcecli_connection *conn,
                                                             const char *path)
 {
@@ -561 +575 @@
 
         /* send socket open request */
-        sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, 
+        sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL,
                                                      s->srvaddr, NULL,
                                                      s->path,
@@ -600 +614 @@
   Send pipe open request on ncalrpc
 */
-struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *conn,
+struct composite_context* dcerpc_pipe_open_pipe_send(struct dcecli_connection *conn,
                                                      const char *ncalrpc_dir,
                                                      const char *identifier)
@@ -632 +646 @@
 
         /* send socket open request */
-        sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, s->srvaddr, NULL, s->path, NCALRPC);
+        sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC);
         composite_continue(c, sock_np_req, continue_np_open_socket, c);
         return c;
@@ -653 +667 @@
   Open a rpc pipe on a named pipe - sync version
 */
-NTSTATUS dcerpc_pipe_open_pipe(struct dcerpc_connection *conn, const char *ncalrpc_dir, const char *identifier)
+NTSTATUS dcerpc_pipe_open_pipe(struct dcecli_connection *conn, const char *ncalrpc_dir, const char *identifier)
 {
         struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier);
@@ -659 +673 @@
 }
 
-const char *dcerpc_unix_socket_path(struct dcerpc_connection *p)
+const char *dcerpc_unix_socket_path(struct dcecli_connection *p)
 {
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;
@@ -665 +679 @@
 }
 
-struct socket_address *dcerpc_socket_peer_addr(struct dcerpc_connection *p, TALLOC_CTX *mem_ctx)
+struct socket_address *dcerpc_socket_peer_addr(struct dcecli_connection *p, TALLOC_CTX *mem_ctx)
 {
         struct sock_private *sock = (struct sock_private *)p->transport.private_data;

vendor/current/source4/librpc/rpc/dcerpc_util.c

@@ -32 +32 @@
 #include "auth/credentials/credentials.h"
 #include "param/param.h"
+#include "librpc/rpc/rpc_common.h"
 
 /*
@@ -52 +53 @@
 */
 NTSTATUS ncacn_push_auth(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, 
-                         struct smb_iconv_convenience *iconv_convenience,
-                          struct ncacn_packet *pkt,
-                          struct dcerpc_auth *auth_info)
+                         struct ncacn_packet *pkt,
+                         struct dcerpc_auth *auth_info)
 {
         struct ndr_push *ndr;
         enum ndr_err_code ndr_err;
 
-        ndr = ndr_push_init_ctx(mem_ctx, iconv_convenience);
+        ndr = ndr_push_init_ctx(mem_ctx);
         if (!ndr) {
                 return NT_STATUS_NO_MEMORY;
@@ -84 +84 @@
 
         if (auth_info) {
+#if 0
+                /* the s3 rpc server doesn't handle auth padding in
+                   bind requests. Use zero auth padding to keep us
+                   working with old servers */
+                uint32_t offset = ndr->offset;
+                ndr_err = ndr_push_align(ndr, 16);
+                if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                        return ndr_map_error2ntstatus(ndr_err);
+                }
+                auth_info->auth_pad_length = ndr->offset - offset;
+#else
+                auth_info->auth_pad_length = 0;
+#endif
                 ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, auth_info);
                 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -107 +120 @@
         struct epm_twr_t twr;
         struct epm_twr_t *twr_r;
+        uint32_t num_towers;
         struct epm_Map r;
 };
@@ -112 +126 @@
 
 static void continue_epm_recv_binding(struct composite_context *ctx);
-static void continue_epm_map(struct rpc_request *req);
+static void continue_epm_map(struct tevent_req *subreq);
 
 
@@ -121 +135 @@
 static void continue_epm_recv_binding(struct composite_context *ctx)
 {
-        struct rpc_request *map_req;
-
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
                                                       struct composite_context);
         struct epm_map_binding_state *s = talloc_get_type(c->private_data,
                                                           struct epm_map_binding_state);
+        struct tevent_req *subreq;
 
         /* receive result of rpc pipe connect request */
         c->status = dcerpc_pipe_connect_b_recv(ctx, c, &s->pipe);
         if (!composite_is_ok(c)) return;
-
-        s->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
 
         /* prepare requested binding parameters */
@@ -146 +157 @@
         s->r.in.max_towers    = 1;
         s->r.out.entry_handle = &s->handle;
+        s->r.out.num_towers   = &s->num_towers;
 
         /* send request for an endpoint mapping - a rpc request on connected pipe */
-        map_req = dcerpc_epm_Map_send(s->pipe, c, &s->r);
-        if (composite_nomem(map_req, c)) return;
-        
-        composite_continue_rpc(c, map_req, continue_epm_map, c);
+        subreq = dcerpc_epm_Map_r_send(s, c->event_ctx,
+                                       s->pipe->binding_handle,
+                                       &s->r);
+        if (composite_nomem(subreq, c)) return;
+        
+        tevent_req_set_callback(subreq, continue_epm_map, c);
 }
 
@@ -158 +172 @@
   Stage 3 of epm_map_binding: Receive endpoint mapping and provide binding details
 */
-static void continue_epm_map(struct rpc_request *req)
-{
-        struct composite_context *c = talloc_get_type(req->async.private_data,
-                                                      struct composite_context);
+static void continue_epm_map(struct tevent_req *subreq)
+{
+        struct composite_context *c = tevent_req_callback_data(subreq,
+                                      struct composite_context);
         struct epm_map_binding_state *s = talloc_get_type(c->private_data,
                                                           struct epm_map_binding_state);
 
         /* receive result of a rpc request */
-        c->status = dcerpc_ndr_request_recv(req);
+        c->status = dcerpc_epm_Map_r_recv(subreq, s);
+        TALLOC_FREE(subreq);
         if (!composite_is_ok(c)) return;
 
@@ -272 +287 @@
         epmapper_binding->target_hostname       = epmapper_binding->host;
         epmapper_binding->options               = NULL;
+        epmapper_binding->localaddress          = talloc_reference(epmapper_binding, binding->localaddress);
         epmapper_binding->flags                 = 0;
         epmapper_binding->assoc_group_id        = 0;
@@ -408 +424 @@
         struct composite_context *auth_req;
         struct dcerpc_pipe *p2;
+        void *pp;
 
         c = talloc_get_type(ctx->async.private_data, struct composite_context);
@@ -416 +433 @@
         if (!composite_is_ok(c)) return;
 
+
+        /* this is a rather strange situation. When
+           we come into the routine, s is a child of s->pipe, and
+           when we created p2 above, it also became a child of
+           s->pipe.
+
+           Now we want p2 to be a parent of s->pipe, and we want s to
+           be a parent of both of them! If we don't do this very
+           carefully we end up creating a talloc loop
+        */
+
+        /* we need the new contexts to hang off the same context
+           that s->pipe is on, but the only way to get that is
+           via talloc_parent() */
+        pp = talloc_parent(s->pipe);
+
+        /* promote s to be at the top */
+        talloc_steal(pp, s);
+
+        /* and put p2 under s */
         talloc_steal(s, p2);
+
+        /* now put s->pipe under p2 */
         talloc_steal(p2, s->pipe);
+
         s->pipe = p2;
 
@@ -423 +463 @@
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
                                          s->credentials, 
-                                         lp_gensec_settings(c, s->lp_ctx),
+                                         lpcfg_gensec_settings(c, s->lp_ctx),
                                          DCERPC_AUTH_TYPE_NTLMSSP,
                                          dcerpc_auth_level(s->pipe->conn),
@@ -456 +496 @@
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
                                          s->credentials, 
-                                         lp_gensec_settings(c, s->lp_ctx), 
+                                         lpcfg_gensec_settings(c, s->lp_ctx),
                                          DCERPC_AUTH_TYPE_SPNEGO,
                                          dcerpc_auth_level(s->pipe->conn),
@@ -494 +534 @@
         struct composite_context *auth_req;
         struct composite_context *auth_none_req;
-        struct dcerpc_connection *conn;
+        struct dcecli_connection *conn;
         uint8_t auth_type;
 
@@ -581 +621 @@
                 auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
                                                  s->credentials, 
-                                                 lp_gensec_settings(c, s->lp_ctx), 
+                                                 lpcfg_gensec_settings(c, s->lp_ctx),
                                                  DCERPC_AUTH_TYPE_SPNEGO,
                                                  dcerpc_auth_level(conn),
@@ -591 +631 @@
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
                                          s->credentials, 
-                                         lp_gensec_settings(c, s->lp_ctx), 
+                                         lpcfg_gensec_settings(c, s->lp_ctx),
                                          auth_type,
                                          dcerpc_auth_level(conn),
@@ -648 +688 @@
 
 
-NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c,
+NTSTATUS dcerpc_generic_session_key(struct dcecli_connection *c,
                                     DATA_BLOB *session_key)
 {
@@ -684 +724 @@
 */
 _PUBLIC_ void dcerpc_log_packet(const char *lockdir,
-                                                                const struct ndr_interface_table *ndr,
-                       uint32_t opnum, uint32_t flags, 
-                       DATA_BLOB *pkt)
+                                const struct ndr_interface_table *ndr,
+                                uint32_t opnum, uint32_t flags,
+                                const DATA_BLOB *pkt)
 {
         const int num_examples = 20;
@@ -741 +781 @@
         p2->binding = talloc_reference(p2, p->binding);
 
+        p2->binding_handle = dcerpc_pipe_binding_handle(p2);
+        if (p2->binding_handle == NULL) {
+                talloc_free(p2);
+                return NT_STATUS_NO_MEMORY;
+        }
+
         status = dcerpc_alter_context(p2, p2, &p2->syntax, &p2->transfer_syntax);
         if (!NT_STATUS_IS_OK(status)) {

vendor/current/source4/librpc/rpc/pyrpc.c

@@ -3 +3 @@
    Samba utility functions
    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#include <Python.h>
 #include "includes.h"
-#include <Python.h>
 #include <structmember.h>
 #include "librpc/rpc/pyrpc.h"
-#include "librpc/rpc/dcerpc.h"
 #include "lib/events/events.h"
 #include "param/pyparam.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/pyrpc_util.h"
 #include "auth/credentials/pycredentials.h"
 
-#ifndef Py_RETURN_NONE
-#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
-#endif
-
-static PyObject *py_dcerpc_run_function(dcerpc_InterfaceObject *iface,
-                                        const struct PyNdrRpcMethodDef *md,
-                                        PyObject *args, PyObject *kwargs)
-{
-        TALLOC_CTX *mem_ctx;
-        NTSTATUS status;
-        void *r;
-        PyObject *result = Py_None;
-
-        if (md->pack_in_data == NULL || md->unpack_out_data == NULL) {
-                PyErr_SetString(PyExc_NotImplementedError, "No marshalling code available yet");
-                return NULL;
-        }
-
-        mem_ctx = talloc_new(NULL);
-        if (mem_ctx == NULL) {
-                PyErr_NoMemory();
-                return NULL;
-        }
-
-        r = talloc_zero_size(mem_ctx, md->table->calls[md->opnum].struct_size);
-        if (r == NULL) {
-                PyErr_NoMemory();
-                return NULL;
-        }
-
-        if (!md->pack_in_data(args, kwargs, r)) {
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
-        status = md->call(iface->pipe, mem_ctx, r);
-        if (NT_STATUS_IS_ERR(status)) {
-                PyErr_SetDCERPCStatus(iface->pipe, status);
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
-        result = md->unpack_out_data(r);
-
-        talloc_free(mem_ctx);
-        return result;
-}
-
-static PyObject *py_dcerpc_call_wrapper(PyObject *self, PyObject *args, void *wrapped, PyObject *kwargs)
-{       
-        dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)self;
-        const struct PyNdrRpcMethodDef *md = (const struct PyNdrRpcMethodDef *)wrapped;
-
-        return py_dcerpc_run_function(iface, md, args, kwargs);
-}
-
-
-bool PyInterface_AddNdrRpcMethods(PyTypeObject *ifacetype, const struct PyNdrRpcMethodDef *mds)
-{
-        int i;
-        for (i = 0; mds[i].name; i++) {
-                PyObject *ret;
-                struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1);
-
-                wb->name = discard_const_p(char, mds[i].name);
-                wb->flags = PyWrapperFlag_KEYWORDS;
-                wb->wrapper = (wrapperfunc)py_dcerpc_call_wrapper;
-                wb->doc = discard_const_p(char, mds[i].doc);
-                
-                ret = PyDescr_NewWrapper(ifacetype, wb, discard_const_p(void, &mds[i]));
-
-                PyDict_SetItemString(ifacetype->tp_dict, mds[i].name, 
-                                     (PyObject *)ret);
-        }
-
-        return true;
-}
+void initbase(void);
+
+staticforward PyTypeObject dcerpc_InterfaceType;
 
 static bool PyString_AsGUID(PyObject *object, struct GUID *uuid)
@@ -147 +74 @@
         PyErr_SetString(PyExc_TypeError, "Expected UUID or syntax id tuple");
         return false;
-}       
+}
 
 static PyObject *py_iface_server_name(PyObject *obj, void *closure)
@@ -153 +80 @@
         const char *server_name;
         dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
-        
+
         server_name = dcerpc_server_name(iface->pipe);
         if (server_name == NULL)
@@ -207 +134 @@
         { NULL }
 };
-
-void PyErr_SetDCERPCStatus(struct dcerpc_pipe *p, NTSTATUS status)
-{
-        if (p != NULL && NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
-                const char *errstr = dcerpc_errstr(NULL, p->last_fault_code);
-                PyErr_SetObject(PyExc_RuntimeError, 
-                        Py_BuildValue("(i,s)", p->last_fault_code,
-                                      errstr));
-        } else {
-                PyErr_SetNTSTATUS(status);
-        }
-}
 
 static PyObject *py_iface_request(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -232 +147 @@
         struct GUID object_guid;
         TALLOC_CTX *mem_ctx = talloc_new(NULL);
+        uint32_t out_flags = 0;
         const char *kwnames[] = { "opnum", "data", "object", NULL };
 
         if (!PyArg_ParseTupleAndKeywords(args, kwargs, "is#|O:request", 
                 discard_const_p(char *, kwnames), &opnum, &in_data, &in_length, &object)) {
+                talloc_free(mem_ctx);
                 return NULL;
         }
@@ -245 +162 @@
 
         if (object != NULL && !PyString_AsGUID(object, &object_guid)) {
-                return NULL;
-        }
-
-        status = dcerpc_request(iface->pipe, object?&object_guid:NULL,
-                                opnum, mem_ctx, &data_in, &data_out);
-
-        if (NT_STATUS_IS_ERR(status)) {
+                talloc_free(mem_ctx);
+                return NULL;
+        }
+
+        status = dcerpc_binding_handle_raw_call(iface->binding_handle,
+                                                object?&object_guid:NULL,
+                                                opnum,
+                                                0, /* in_flags */
+                                                data_in.data,
+                                                data_in.length,
+                                                mem_ctx,
+                                                &data_out.data,
+                                                &data_out.length,
+                                                &out_flags);
+        if (!NT_STATUS_IS_OK(status)) {
                 PyErr_SetDCERPCStatus(iface->pipe, status);
                 talloc_free(mem_ctx);
@@ -291 +216 @@
                                       &transfer_syntax);
 
-        if (NT_STATUS_IS_ERR(status)) {
+        if (!NT_STATUS_IS_OK(status)) {
                 PyErr_SetDCERPCStatus(iface->pipe, status);
                 return NULL;
@@ -299 +224 @@
 }
 
-PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs, const struct ndr_interface_table *table)
+static PyMethodDef dcerpc_interface_methods[] = {
+        { "request", (PyCFunction)py_iface_request, METH_VARARGS|METH_KEYWORDS, "S.request(opnum, data, object=None) -> data\nMake a raw request" },
+        { "alter_context", (PyCFunction)py_iface_alter_context, METH_VARARGS|METH_KEYWORDS, "S.alter_context(syntax)\nChange to a different interface" },
+        { NULL, NULL, 0, NULL },
+};
+
+static void dcerpc_interface_dealloc(PyObject* self)
+{
+        dcerpc_InterfaceObject *interface = (dcerpc_InterfaceObject *)self;
+        talloc_free(interface->mem_ctx);
+        self->ob_type->tp_free(self);
+}
+
+static PyObject *dcerpc_interface_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
 {
         dcerpc_InterfaceObject *ret;
@@ -305 +243 @@
         struct cli_credentials *credentials;
         struct loadparm_context *lp_ctx = NULL;
-        PyObject *py_lp_ctx = Py_None, *py_credentials = Py_None, *py_basis = Py_None;
-        TALLOC_CTX *mem_ctx = NULL;
+        PyObject *py_lp_ctx = Py_None, *py_credentials = Py_None;
+        TALLOC_CTX *mem_ctx;
         struct tevent_context *event_ctx;
         NTSTATUS status;
 
+        PyObject *syntax, *py_basis = Py_None;
         const char *kwnames[] = {
-                "binding", "lp_ctx", "credentials", "basis_connection", NULL
+                "binding", "syntax", "lp_ctx", "credentials", "basis_connection", NULL
         };
-
-        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|OOO:samr", discard_const_p(char *, kwnames), &binding_string, &py_lp_ctx, &py_credentials, &py_basis)) {
-                return NULL;
-        }
-
-        lp_ctx = lp_from_py_object(py_lp_ctx);
+        struct ndr_interface_table *table;
+
+        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|OOO:connect", discard_const_p(char *, kwnames), &binding_string, &syntax, &py_lp_ctx, &py_credentials, &py_basis)) {
+                return NULL;
+        }
+
+        mem_ctx = talloc_new(NULL);
+        if (mem_ctx == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+        }
+
+        lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
         if (lp_ctx == NULL) {
                 PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
-                return NULL;
-        }
-
-        status = dcerpc_init(lp_ctx);
-        if (!NT_STATUS_IS_OK(status)) {
-                PyErr_SetNTSTATUS(status);
-                return NULL;
-        }
+                talloc_free(mem_ctx);
+                return NULL;
+        }
+
         credentials = cli_credentials_from_py_object(py_credentials);
         if (credentials == NULL) {
                 PyErr_SetString(PyExc_TypeError, "Expected credentials");
+                talloc_free(mem_ctx);
                 return NULL;
         }
         ret = PyObject_New(dcerpc_InterfaceObject, type);
-
-        event_ctx = event_context_init(mem_ctx);
+        ret->mem_ctx = mem_ctx;
+
+        event_ctx = s4_event_context_init(ret->mem_ctx);
+
+        /* Create a dummy interface table struct. TODO: In the future, we should
+         * rather just allow connecting without requiring an interface table.
+         */
+
+        table = talloc_zero(ret->mem_ctx, struct ndr_interface_table);
+
+        if (table == NULL) {
+                PyErr_SetString(PyExc_MemoryError, "Allocating interface table");
+                talloc_free(mem_ctx);
+                return NULL;
+        }
+
+        if (!ndr_syntax_from_py_object(syntax, &table->syntax_id)) {
+                talloc_free(mem_ctx);
+                return NULL;
+        }
+
+        ret->pipe = NULL;
+        ret->binding_handle = NULL;
 
         if (py_basis != Py_None) {
@@ -347 +311 @@
                 }
 
-                base_pipe = ((dcerpc_InterfaceObject *)py_basis)->pipe;
+                base_pipe = talloc_reference(ret->mem_ctx, 
+                                         ((dcerpc_InterfaceObject *)py_basis)->pipe);
 
                 status = dcerpc_secondary_context(base_pipe, &ret->pipe, table);
+
+                ret->pipe = talloc_steal(ret->mem_ctx, ret->pipe);
         } else {
-                status = dcerpc_pipe_connect(NULL, &ret->pipe, binding_string, 
-                             table, credentials, event_ctx, lp_ctx);
-        }
-        if (NT_STATUS_IS_ERR(status)) {
-                PyErr_SetNTSTATUS(status);
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
+                status = dcerpc_pipe_connect(ret->mem_ctx, &ret->pipe, binding_string, 
+                             table, credentials, event_ctx, lp_ctx);
+        }
+
+        if (!NT_STATUS_IS_OK(status)) {
+                PyErr_SetDCERPCStatus(ret->pipe, status);
+                talloc_free(ret->mem_ctx);
+                return NULL;
+        }
         ret->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
+        ret->binding_handle = ret->pipe->binding_handle;
         return (PyObject *)ret;
 }
 
-static PyMethodDef dcerpc_interface_methods[] = {
-        { "request", (PyCFunction)py_iface_request, METH_VARARGS|METH_KEYWORDS, "S.request(opnum, data, object=None) -> data\nMake a raw request" },
-        { "alter_context", (PyCFunction)py_iface_alter_context, METH_VARARGS|METH_KEYWORDS, "S.alter_context(syntax)\nChange to a different interface" },
-        { NULL, NULL, 0, NULL },
-};
-
-
-static void dcerpc_interface_dealloc(PyObject* self)
-{
-        dcerpc_InterfaceObject *interface = (dcerpc_InterfaceObject *)self;
-        talloc_free(interface->pipe);
-        PyObject_Del(self);
-}
-
-static PyObject *dcerpc_interface_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
-{
-        dcerpc_InterfaceObject *ret;
-        const char *binding_string;
-        struct cli_credentials *credentials;
-        struct loadparm_context *lp_ctx = NULL;
-        PyObject *py_lp_ctx = Py_None, *py_credentials = Py_None;
-        TALLOC_CTX *mem_ctx = NULL;
-        struct tevent_context *event_ctx;
-        NTSTATUS status;
-
-        PyObject *syntax, *py_basis = Py_None;
-        const char *kwnames[] = {
-                "binding", "syntax", "lp_ctx", "credentials", "basis_connection", NULL
-        };
-        struct ndr_interface_table *table;
-
-        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|OOO:connect", discard_const_p(char *, kwnames), &binding_string, &syntax, &py_lp_ctx, &py_credentials, &py_basis)) {
-                return NULL;
-        }
-
-        lp_ctx = lp_from_py_object(py_lp_ctx);
-        if (lp_ctx == NULL) {
-                PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
-                return NULL;
-        }
-
-        credentials = cli_credentials_from_py_object(py_credentials);
-        if (credentials == NULL) {
-                PyErr_SetString(PyExc_TypeError, "Expected credentials");
-                return NULL;
-        }
-        ret = PyObject_New(dcerpc_InterfaceObject, &dcerpc_InterfaceType);
-
-        event_ctx = s4_event_context_init(mem_ctx);
-
-        /* Create a dummy interface table struct. TODO: In the future, we should rather just allow 
-         * connecting without requiring an interface table.
-         */
-
-        table = talloc_zero(mem_ctx, struct ndr_interface_table);
-
-        if (table == NULL) {
-                PyErr_SetString(PyExc_MemoryError, "Allocating interface table");
-                return NULL;
-        }
-
-        if (!ndr_syntax_from_py_object(syntax, &table->syntax_id)) {
-                return NULL;
-        }
-
-        ret->pipe = NULL;
-
-        if (py_basis != Py_None) {
-                struct dcerpc_pipe *base_pipe;
-
-                if (!PyObject_TypeCheck(py_basis, &dcerpc_InterfaceType)) {
-                        PyErr_SetString(PyExc_ValueError, "basis_connection must be a DCE/RPC connection");
-                        talloc_free(mem_ctx);
-                        return NULL;
-                }
-
-                base_pipe = ((dcerpc_InterfaceObject *)py_basis)->pipe;
-
-                status = dcerpc_secondary_context(base_pipe, &ret->pipe, 
-                                     table);
-                ret->pipe = talloc_steal(NULL, ret->pipe);
-        } else {
-                status = dcerpc_pipe_connect(NULL, &ret->pipe, binding_string, 
-                             table, credentials, event_ctx, lp_ctx);
-        }
-
-        if (NT_STATUS_IS_ERR(status)) {
-                PyErr_SetDCERPCStatus(ret->pipe, status);
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-        ret->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
-        return (PyObject *)ret;
-}
-
-PyTypeObject dcerpc_InterfaceType = {
+static PyTypeObject dcerpc_InterfaceType = {
         PyObject_HEAD_INIT(NULL) 0,
         .tp_name = "dcerpc.ClientConnection",

vendor/current/source4/librpc/rpc/pyrpc.h

@@ -22 +22 @@
 
 #include "libcli/util/pyerrors.h"
-#include "librpc/rpc/dcerpc.h"
+
+#ifndef Py_TYPE /* Py_TYPE is only available on Python > 2.6 */
+#define Py_TYPE(ob)             (((PyObject*)(ob))->ob_type)
+#endif
 
 #define PY_CHECK_TYPE(type, var, fail) \
         if (!PyObject_TypeCheck(var, type)) {\
-                PyErr_Format(PyExc_TypeError, "Expected type %s", (type)->tp_name); \
+                PyErr_Format(PyExc_TypeError, __location__ ": Expected type '%s' for '%s' of type '%s'", (type)->tp_name, #var, Py_TYPE(var)->tp_name); \
                 fail; \
         }
@@ -37 +40 @@
 #define dom_sid28_Check dom_sid_Check
 
-/* This macro is only provided by Python >= 2.3 */
-#ifndef PyAPI_DATA
-#   define PyAPI_DATA(RTYPE) extern RTYPE
-#endif
-
 typedef struct {
         PyObject_HEAD
+        TALLOC_CTX *mem_ctx;
         struct dcerpc_pipe *pipe;
+        struct dcerpc_binding_handle *binding_handle;
 } dcerpc_InterfaceObject;
 
-PyAPI_DATA(PyTypeObject) dcerpc_InterfaceType;
 
-#define PyErr_FromNdrError(err) Py_BuildValue("(is)", err, ndr_map_error2string(err))
-
-#define PyErr_SetNdrError(err) \
-                PyErr_SetObject(PyExc_RuntimeError, PyErr_FromNdrError(err))
-
-void PyErr_SetDCERPCStatus(struct dcerpc_pipe *pipe, NTSTATUS status);
-
-typedef bool (*py_data_pack_fn) (PyObject *args, PyObject *kwargs, void *r);
-typedef PyObject *(*py_data_unpack_fn) (void *r);
-
-struct PyNdrRpcMethodDef {
-        const char *name;
-        const char *doc;
-        dcerpc_call_fn call;
-        py_data_pack_fn pack_in_data;
-        py_data_unpack_fn unpack_out_data;
-        uint32_t opnum;
-        const struct ndr_interface_table *table;
-};
-
-bool PyInterface_AddNdrRpcMethods(PyTypeObject *object, const struct PyNdrRpcMethodDef *mds);
-PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs, const struct ndr_interface_table *table);
+/*
+  these prototypes should be generated by the python pidl backend, but
+  aren't yet. They are needed when one module that has python access
+  is accessed by another module
+ */
+union netr_LogonLevel *py_export_netr_LogonLevel(TALLOC_CTX *mem_ctx, int level, PyObject *in);
+union netr_Validation;
+PyObject *py_import_netr_Validation(TALLOC_CTX *mem_ctx, int level, union netr_Validation *in);
 
 #endif /* _PYRPC_H_ */

vendor/current/source4/librpc/tests/binding_string.c

@@ -25 +25 @@
 #include "librpc/rpc/dcerpc_proto.h"
 #include "torture/torture.h"
+#include "lib/util/util_net.h"
 
 static bool test_BindingString(struct torture_context *tctx,
@@ -128 +129 @@
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, 
                 "308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:$SERVER", &b), "parse");
+        torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER[,sign,localaddress=192.168.1.1]", &b), "parse");
+        torture_assert(tctx, b->transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
+        torture_assert(tctx, b->flags == (DCERPC_SIGN | DCERPC_LOCALADDRESS), "sign flag");
+        torture_assert_str_equal(tctx, b->localaddress, "192.168.1.1", "localaddress");
+        torture_assert_str_equal(tctx, "ncacn_ip_tcp:$SERVER[,sign,localaddress=192.168.1.1]",
+                                 dcerpc_binding_string(tctx, b), "back to string");
 
         return true;
@@ -156 +163 @@
 {
         int i;
-        struct torture_suite *suite = torture_suite_create(mem_ctx, "BINDING");
+        struct torture_suite *suite = torture_suite_create(mem_ctx, "binding");
 
         for (i = 0; i < ARRAY_SIZE(test_strings); i++) {