Changeset 988 for vendor/current/source4/librpc

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

Location:

vendor/current/source4/librpc

Files:

• dcerpc.pc.in (modified) (1 diff)
• dcerpc_atsvc.pc.in (deleted)
• idl-deps.pl (deleted)
• idl/irpc.idl (modified) (3 diffs)
• idl/nfs4acl.idl (deleted)
• idl/opendb.idl (modified) (1 diff)
• idl/s4_notify.idl (deleted)
• idl/sasl_helpers.idl (modified) (1 diff)
• idl/server_id4.idl (deleted)
• idl/winbind.idl (modified) (3 diffs)
• idl/winsif.idl (modified) (2 diffs)
• idl/winsrepl.idl (modified) (1 diff)
• idl/wscript_build (modified) (1 diff)
• ndr/py_auth.c (added)
• ndr/py_misc.c (modified) (8 diffs)
• ndr/py_security.c (modified) (30 diffs)
• ndr/py_xattr.c (modified) (2 diffs)
• rpc/dcerpc.c (modified) (64 diffs)
• rpc/dcerpc.h (modified) (17 diffs)
• rpc/dcerpc.py (modified) (1 diff)
• rpc/dcerpc_auth.c (modified) (18 diffs)
• rpc/dcerpc_connect.c (modified) (31 diffs)
• rpc/dcerpc_roh.c (added)
• rpc/dcerpc_roh.h (added)
• rpc/dcerpc_roh_channel_in.c (added)
• rpc/dcerpc_roh_channel_out.c (added)
• rpc/dcerpc_schannel.c (modified) (14 diffs)
• rpc/dcerpc_secondary.c (modified) (17 diffs)
• rpc/dcerpc_smb.c (modified) (5 diffs)
• rpc/dcerpc_smb2.c (deleted)
• rpc/dcerpc_sock.c (modified) (13 diffs)
• rpc/dcerpc_util.c (modified) (21 diffs)
• rpc/pyrpc.c (modified) (10 diffs)
• rpc/pyrpc.h (modified) (1 diff)
• rpc/pyrpc_util.c (modified) (13 diffs)
• rpc/pyrpc_util.h (modified) (1 diff)
• tests/binding_string.c (modified) (11 diffs)
• wscript_build (modified) (20 diffs)

vendor/current/source4/librpc/dcerpc.pc.in

@@ -8 +8 @@
 Requires: ndr
 Version: @PACKAGE_VERSION@
-Libs: @LIB_RPATH@ -L${libdir} -ldcerpc
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc -ldcerpc-binding
 Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1

vendor/current/source4/librpc/idl/irpc.idl

@@ -1 +1 @@
 #include "idl_types.h"
 
-import "misc.idl", "security.idl", "nbt.idl", "netlogon.idl";
+import "misc.idl", "security.idl", "nbt.idl", "netlogon.idl", "server_id.idl";
 
 /*
@@ -30 +30 @@
         } irpc_header;
 
+        typedef [public] struct {
+                utf8string name;
+                uint32 count;
+                [size_is(count)] server_id ids[*];
+        } irpc_name_record;
+
+        typedef [public] struct {
+                [size_is(num_records)] irpc_name_record *names[*];
+                uint32 num_records;
+        } irpc_name_records;
+
         /******************************************************
          uptime call - supported by all messaging servers
@@ -197 +208 @@
                 [in,out,ref] NL_DNS_NAME_INFO_ARRAY *dns_names
                 );
+
+        /******************************************************
+         * Management calls for the dns server
+         ******************************************************/
+        /**
+         * Force internal DNS server to reload the DNS zones.
+         *
+         * Called when zones are added or deleted through RPC
+         * or replicated by DRS.
+         */
+        NTSTATUS dnssrv_reload_dns_zones();
 }

vendor/current/source4/librpc/idl/opendb.idl

@@ -8 +8 @@
 */
 
-import "server_id4.idl";
+import "server_id.idl";
 
 [

vendor/current/source4/librpc/idl/sasl_helpers.idl

@@ -2 +2 @@
 
 [
+  uuid("7512b2f4-5f4f-11e4-bbe6-3c970e8d8226"),
+  version(1.0),
   pointer_default(unique),
   helpstring("SASL helpers")

vendor/current/source4/librpc/idl/winbind.idl

@@ -5 +5 @@
 #include "idl_types.h"
 
-import "netlogon.idl", "lsa.idl", "security.idl", "idmap.idl";
+import "netlogon.idl";
 
 [
-  uuid("245f3e6b-3c5d-6e21-3a2d-2a3d645b7221"),
+  uuid("b875118e-47a3-4210-b5f7-c240cce656b2"),
   version(1.0),
   pointer_default(unique)
@@ -16 +16 @@
         typedef [switch_type(uint16)] union netr_LogonLevel netr_LogonLevel;
         typedef [switch_type(uint16)] union netr_Validation netr_Validation;
-
-        /* a call to get runtime informations */
-        void winbind_information(/* TODO */);
-
-        /* 
-         * a call to trigger some internal events,
-         * for use in torture tests...
-         */
-        NTSTATUS winbind_remote_control(/* TODO */);
 
         /*
@@ -37 +28 @@
         );
 
-        typedef [v1_enum] enum {
-                WINBIND_IDMAP_LEVEL_SIDS_TO_XIDS        = 1,
-                WINBIND_IDMAP_LEVEL_XIDS_TO_SIDS        = 2
-        } winbind_get_idmap_level;
-
-        NTSTATUS winbind_get_idmap(
-                [in]     winbind_get_idmap_level level,
-                [in]     uint32 count,
-                [in,out] [size_is(count)] id_map ids[]
-        );
-
         NTSTATUS winbind_DsrUpdateReadOnlyServerDnsRecords(
                 [in,unique] [string,charset(UTF16)] uint16 *site_name,

vendor/current/source4/librpc/idl/winsif.idl

@@ -7 +7 @@
         version(1.0),
         helpstring("WINS Administration Interface1"),
+        helper("../libcli/nbt/libnbt.h"),
         pointer_default(unique)
 ] interface winsif
@@ -237 +238 @@
                 /*
                  * TODO: fix pidl to handles this completly correct...
-                 *       currently it gives a warning about a missing pointer
-                 *       and completely ignores the size_is(80).
+                 *       currently it gives a warning about a missing pointer.
                  */
                 [out,ref,string,charset(DOS),size_is(80)] uint8 *unc_name

vendor/current/source4/librpc/idl/winsrepl.idl

@@ -14 +14 @@
 [
         uuid("915f5653-bac1-431c-97ee-9ffb34526921"),
-        helpstring("WINS Replication PDUs")
+        helpstring("WINS Replication PDUs"),
+        helper("../libcli/nbt/libnbt.h")
 ] interface wrepl
 {

vendor/current/source4/librpc/idl/wscript_build

@@ -6 +6 @@
 
 bld.SAMBA_PIDL_LIST('PIDL',
-                    source='''irpc.idl nfs4acl.idl s4_notify.idl ntp_signd.idl
-                              opendb.idl sasl_helpers.idl server_id4.idl winbind.idl
+                    source='''irpc.idl ntp_signd.idl
+                              opendb.idl sasl_helpers.idl
                               winsif.idl winsrepl.idl winstation.idl''',
                     options="--includedir=%s --header --ndr-parser --client --python --server" % topinclude,

vendor/current/source4/librpc/ndr/py_misc.c

@@ -2 +2 @@
    Unix SMB/CIFS implementation.
    Samba utility functions
+
    Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
    
@@ -20 +21 @@
 #include "librpc/gen_ndr/misc.h"
 
-#ifndef Py_RETURN_NONE
-#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
-#endif
-
 static int py_GUID_cmp(PyObject *py_self, PyObject *py_other)
 {
         int ret;
-        struct GUID *self = py_talloc_get_ptr(py_self), *other;
-        other = py_talloc_get_ptr(py_other);
+        struct GUID *self = pytalloc_get_ptr(py_self), *other;
+        other = pytalloc_get_ptr(py_other);
         if (other == NULL)
                 return -1;
@@ -44 +41 @@
 static PyObject *py_GUID_str(PyObject *py_self)
 {
-        struct GUID *self = py_talloc_get_ptr(py_self);
+        struct GUID *self = pytalloc_get_ptr(py_self);
         char *str = GUID_string(NULL, self);
         PyObject *ret = PyString_FromString(str);
@@ -53 +50 @@
 static PyObject *py_GUID_repr(PyObject *py_self)
 {
-        struct GUID *self = py_talloc_get_ptr(py_self);
+        struct GUID *self = pytalloc_get_ptr(py_self);
         char *str = GUID_string(NULL, self);
         PyObject *ret = PyString_FromFormat("GUID('%s')", str);
@@ -64 +61 @@
         PyObject *str = NULL;
         NTSTATUS status;
-        struct GUID *guid = py_talloc_get_ptr(self);
+        struct GUID *guid = pytalloc_get_ptr(self);
         const char *kwnames[] = { "str", NULL };
 
@@ -103 +100 @@
         char *str = NULL;
         NTSTATUS status;
-        struct policy_handle *handle = py_talloc_get_ptr(self);
+        struct policy_handle *handle = pytalloc_get_ptr(self);
         const char *kwnames[] = { "uuid", "type", NULL };
 
@@ -122 +119 @@
 static PyObject *py_policy_handle_repr(PyObject *py_self)
 {
-        struct policy_handle *self = py_talloc_get_ptr(py_self);
+        struct policy_handle *self = pytalloc_get_ptr(py_self);
         char *uuid_str = GUID_string(NULL, &self->uuid);
         PyObject *ret = PyString_FromFormat("policy_handle(%d, '%s')", self->handle_type, uuid_str);
@@ -131 +128 @@
 static PyObject *py_policy_handle_str(PyObject *py_self)
 {
-        struct policy_handle *self = py_talloc_get_ptr(py_self);
+        struct policy_handle *self = pytalloc_get_ptr(py_self);
         char *uuid_str = GUID_string(NULL, &self->uuid);
         PyObject *ret = PyString_FromFormat("%d, %s", self->handle_type, uuid_str);

vendor/current/source4/librpc/ndr/py_security.c

@@ -2 +2 @@
    Unix SMB/CIFS implementation.
    Samba utility functions
-   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
+
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008-2010
    
    This program is free software; you can redistribute it and/or modify
@@ -20 +21 @@
 #include "libcli/security/security.h"
 
-#ifndef Py_RETURN_NONE
-#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
-#endif
-
 static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
 {
@@ -44 +41 @@
 static PyObject *py_dom_sid_split(PyObject *py_self, PyObject *args)
 {
-        struct dom_sid *self = py_talloc_get_ptr(py_self);
+        struct dom_sid *self = pytalloc_get_ptr(py_self);
         struct dom_sid *domain_sid;
         TALLOC_CTX *mem_ctx;
@@ -64 +61 @@
         }
 
-        py_domain_sid = py_talloc_steal(&dom_sid_Type, domain_sid);
+        py_domain_sid = pytalloc_steal(&dom_sid_Type, domain_sid);
         talloc_free(mem_ctx);
         return Py_BuildValue("(OI)", py_domain_sid, rid);
@@ -71 +68 @@
 static int py_dom_sid_cmp(PyObject *py_self, PyObject *py_other)
 {
-        struct dom_sid *self = py_talloc_get_ptr(py_self), *other;
-        other = py_talloc_get_ptr(py_other);
+        struct dom_sid *self = pytalloc_get_ptr(py_self), *other;
+        int val;
+
+        other = pytalloc_get_ptr(py_other);
         if (other == NULL)
                 return -1;
 
-        return dom_sid_compare(self, other);
+        val =  dom_sid_compare(self, other);
+        if (val > 0) {
+                return 1;
+        } else if (val < 0) {
+                return -1;
+        }
+        return 0;
 }
 
 static PyObject *py_dom_sid_str(PyObject *py_self)
 {
-        struct dom_sid *self = py_talloc_get_ptr(py_self);
+        struct dom_sid *self = pytalloc_get_ptr(py_self);
         char *str = dom_sid_string(NULL, self);
         PyObject *ret = PyString_FromString(str);
@@ -90 +95 @@
 static PyObject *py_dom_sid_repr(PyObject *py_self)
 {
-        struct dom_sid *self = py_talloc_get_ptr(py_self);
+        struct dom_sid *self = pytalloc_get_ptr(py_self);
         char *str = dom_sid_string(NULL, self);
         PyObject *ret = PyString_FromFormat("dom_sid('%s')", str);
@@ -100 +105 @@
 {
         char *str = NULL;
-        struct dom_sid *sid = py_talloc_get_ptr(self);
+        struct dom_sid *sid = pytalloc_get_ptr(self);
         const char *kwnames[] = { "str", NULL };
 
@@ -135 +140 @@
 static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args)
 {
-        struct security_descriptor *desc = py_talloc_get_ptr(self);
+        struct security_descriptor *desc = pytalloc_get_ptr(self);
         NTSTATUS status;
         struct security_ace *ace;
@@ -143 +148 @@
                 return NULL;
 
-        ace = py_talloc_get_ptr(py_ace);
+        ace = pytalloc_get_ptr(py_ace);
         status = security_descriptor_sacl_add(desc, ace);
         PyErr_NTSTATUS_IS_ERR_RAISE(status);
@@ -151 +156 @@
 static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args)
 {
-        struct security_descriptor *desc = py_talloc_get_ptr(self);
+        struct security_descriptor *desc = pytalloc_get_ptr(self);
         NTSTATUS status;
         struct security_ace *ace;
@@ -159 +164 @@
                 return NULL;
 
-        ace = py_talloc_get_ptr(py_ace);
+        ace = pytalloc_get_ptr(py_ace);
 
         status = security_descriptor_dacl_add(desc, ace);
@@ -168 +173 @@
 static PyObject *py_descriptor_dacl_del(PyObject *self, PyObject *args)
 {
-        struct security_descriptor *desc = py_talloc_get_ptr(self);
+        struct security_descriptor *desc = pytalloc_get_ptr(self);
         NTSTATUS status;
         struct dom_sid *sid;
@@ -176 +181 @@
                 return NULL;
 
-        sid = py_talloc_get_ptr(py_sid);
+        sid = pytalloc_get_ptr(py_sid);
         status = security_descriptor_dacl_del(desc, sid);
         PyErr_NTSTATUS_IS_ERR_RAISE(status);
@@ -184 +189 @@
 static PyObject *py_descriptor_sacl_del(PyObject *self, PyObject *args)
 {
-        struct security_descriptor *desc = py_talloc_get_ptr(self);
+        struct security_descriptor *desc = pytalloc_get_ptr(self);
         NTSTATUS status;
         struct dom_sid *sid;
@@ -192 +197 @@
                 return NULL;
 
-        sid = py_talloc_get_ptr(py_sid);
+        sid = pytalloc_get_ptr(py_sid);
         status = security_descriptor_sacl_del(desc, sid);
         PyErr_NTSTATUS_IS_ERR_RAISE(status);
@@ -200 +205 @@
 static PyObject *py_descriptor_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
 {
-        return py_talloc_steal(self, security_descriptor_initialise(NULL));
+        return pytalloc_steal(self, security_descriptor_initialise(NULL));
 }
 
@@ -213 +218 @@
                 return NULL;
 
-        sid = py_talloc_get_ptr(py_sid);
+        sid = pytalloc_get_ptr(py_sid);
 
         secdesc = sddl_decode(NULL, sddl, sid);
@@ -221 +226 @@
         }
 
-        return py_talloc_steal((PyTypeObject *)self, secdesc);
+        return pytalloc_steal((PyTypeObject *)self, secdesc);
 }
 
@@ -228 +233 @@
         struct dom_sid *sid;
         PyObject *py_sid = Py_None;
-        struct security_descriptor *desc = py_talloc_get_ptr(self);
+        struct security_descriptor *desc = pytalloc_get_ptr(self);
         char *text;
         PyObject *ret;
@@ -236 +241 @@
 
         if (py_sid != Py_None)
-                sid = py_talloc_get_ptr(py_sid);
+                sid = pytalloc_get_ptr(py_sid);
         else
                 sid = NULL;
@@ -278 +283 @@
         PyObject *py_sid;
         struct dom_sid *sid;
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
         if (!PyArg_ParseTuple(args, "O", &py_sid))
                 return NULL;
 
-        sid = py_talloc_get_ptr(py_sid);
+        sid = pytalloc_get_ptr(py_sid);
 
         return PyBool_FromLong(security_token_is_sid(token, sid));
@@ -291 +296 @@
         PyObject *py_sid;
         struct dom_sid *sid;
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
         if (!PyArg_ParseTuple(args, "O", &py_sid))
                 return NULL;
 
-        sid = py_talloc_get_ptr(py_sid);
+        sid = pytalloc_get_ptr(py_sid);
 
         return PyBool_FromLong(security_token_has_sid(token, sid));
@@ -302 +307 @@
 static PyObject *py_token_is_anonymous(PyObject *self)
 {
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
         
         return PyBool_FromLong(security_token_is_anonymous(token));
@@ -309 +314 @@
 static PyObject *py_token_is_system(PyObject *self)
 {
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
         
         return PyBool_FromLong(security_token_is_system(token));
@@ -316 +321 @@
 static PyObject *py_token_has_builtin_administrators(PyObject *self)
 {
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
         
         return PyBool_FromLong(security_token_has_builtin_administrators(token));
@@ -323 +328 @@
 static PyObject *py_token_has_nt_authenticated_users(PyObject *self)
 {
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
         
         return PyBool_FromLong(security_token_has_nt_authenticated_users(token));
@@ -331 +336 @@
 {
         int priv;
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
 
         if (!PyArg_ParseTuple(args, "i", &priv))
@@ -342 +347 @@
 {
         int priv;
-        struct security_token *token = py_talloc_get_ptr(self);
+        struct security_token *token = pytalloc_get_ptr(self);
 
         if (!PyArg_ParseTuple(args, "i", &priv))
@@ -353 +358 @@
 static PyObject *py_token_new(PyTypeObject *self, PyObject *args, PyObject *kwargs)
 {
-        return py_talloc_steal(self, security_token_initialise(NULL));
+        return pytalloc_steal(self, security_token_initialise(NULL));
 }       
 
@@ -415 +420 @@
         sid = dom_sid_parse_talloc(NULL, str);
         talloc_free(str);
-        ret = py_talloc_steal(&dom_sid_Type, sid);
+        ret = pytalloc_steal(&dom_sid_Type, sid);
         return ret;
 }

vendor/current/source4/librpc/ndr/py_xattr.c

@@ -19 +19 @@
 
 #include <Python.h>
-
-#ifndef Py_RETURN_NONE
-#define Py_RETURN_NONE return Py_INCREF(Py_None), Py_None
-#endif
 
 static void PyType_AddMethods(PyTypeObject *type, PyMethodDef *methods)
@@ -64 +60 @@
 static PyObject *py_ntacl_print(PyObject *self, PyObject *args)
 {
-        struct xattr_NTACL *ntacl = py_talloc_get_ptr(self);
+        struct xattr_NTACL *ntacl = pytalloc_get_ptr(self);
         struct ndr_print *pr;
         TALLOC_CTX *mem_ctx;

vendor/current/source4/librpc/rpc/dcerpc.c

@@ -22 +22 @@
 
 #include "includes.h"
+#include "system/filesys.h"
 #include "../lib/util/dlinklist.h"
 #include "lib/events/events.h"
@@ -28 +29 @@
 #include "librpc/gen_ndr/ndr_misc.h"
 #include "librpc/gen_ndr/ndr_dcerpc.h"
-#include "libcli/composite/composite.h"
 #include "auth/gensec/gensec.h"
 #include "param/param.h"
 #include "lib/util/tevent_ntstatus.h"
 #include "librpc/rpc/rpc_common.h"
+#include "lib/tsocket/tsocket.h"
+#include "libcli/smb/tstream_smbXcli_np.h"
+
 
 enum rpc_request_state {
@@ -62 +65 @@
         DATA_BLOB request_data;
         bool ignore_timeout;
-
-        /* use by the ndr level async recv call */
-        struct {
-                const struct ndr_interface_table *table;
-                uint32_t opnum;
-                void *struct_ptr;
-                TALLOC_CTX *mem_ctx;
-        } ndr;
+        bool wait_for_sync;
+        bool verify_bitmask1;
+        bool verify_pcontext;
 
         struct {
@@ -77 +75 @@
 };
 
-_PUBLIC_ NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx)
-{
-        return gensec_init(lp_ctx);
+_PUBLIC_ NTSTATUS dcerpc_init(void)
+{
+        return gensec_init();
 }
 
 static void dcerpc_connection_dead(struct dcecli_connection *conn, NTSTATUS status);
-static void dcerpc_ship_next_request(struct dcecli_connection *c);
-
-static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p,
+static void dcerpc_schedule_io_trigger(struct dcecli_connection *c);
+
+static struct rpc_request *dcerpc_request_send(TALLOC_CTX *mem_ctx,
+                                               struct dcerpc_pipe *p,
                                                const struct GUID *object,
                                                uint16_t opnum,
@@ -105 +104 @@
                                         ndr_pull_flags_fn_t ndr_pull,
                                         ndr_print_function_t ndr_print);
+static NTSTATUS dcerpc_shutdown_pipe(struct dcecli_connection *p, NTSTATUS status);
+static NTSTATUS dcerpc_send_request(struct dcecli_connection *p, DATA_BLOB *data,
+                             bool trigger_read);
+static NTSTATUS dcerpc_send_read(struct dcecli_connection *p);
 
 /* destroy a dcerpc connection */
@@ -139 +142 @@
 
         c->call_id = 1;
-        c->security_state.auth_info = NULL;
+        c->security_state.auth_type = DCERPC_AUTH_TYPE_NONE;
+        c->security_state.auth_level = DCERPC_AUTH_LEVEL_NONE;
+        c->security_state.auth_context_id = 0;
         c->security_state.session_key = dcerpc_generic_session_key;
         c->security_state.generic_state = NULL;
-        c->binding_string = NULL;
         c->flags = 0;
-        c->srv_max_xmit_frag = 0;
-        c->srv_max_recv_frag = 0;
+        /*
+         * Windows uses 5840 for ncacn_ip_tcp,
+         * so we also use it (for every transport)
+         * by default. But we give the transport
+         * the chance to overwrite it.
+         */
+        c->srv_max_xmit_frag = 5840;
+        c->srv_max_recv_frag = 5840;
         c->pending = NULL;
+
+        c->io_trigger = tevent_create_immediate(c);
+        if (c->io_trigger == NULL) {
+                talloc_free(c);
+                return NULL;
+        }
 
         talloc_set_destructor(c, dcerpc_connection_destructor);
@@ -166 +182 @@
         }
 
+        if (!hs->p->conn) {
+                return false;
+        }
+
+        if (hs->p->conn->dead) {
+                return false;
+        }
+
         return true;
 }
@@ -186 +210 @@
 }
 
+static void dcerpc_bh_auth_info(struct dcerpc_binding_handle *h,
+                                enum dcerpc_AuthType *auth_type,
+                                enum dcerpc_AuthLevel *auth_level)
+{
+        struct dcerpc_bh_state *hs = dcerpc_binding_handle_data(h,
+                                     struct dcerpc_bh_state);
+
+        if (hs->p == NULL) {
+                return;
+        }
+
+        if (hs->p->conn == NULL) {
+                return;
+        }
+
+        *auth_type = hs->p->conn->security_state.auth_type;
+        *auth_level = hs->p->conn->security_state.auth_level;
+}
+
 struct dcerpc_bh_raw_call_state {
+        struct tevent_context *ev;
         struct dcerpc_binding_handle *h;
         DATA_BLOB in_data;
@@ -216 +260 @@
                 return NULL;
         }
+        state->ev = ev;
         state->h = h;
         state->in_data.data = discard_const_p(uint8_t, in_data);
@@ -222 +267 @@
         ok = dcerpc_bh_is_connected(h);
         if (!ok) {
-                tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+                tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
                 return tevent_req_post(req, ev);
         }
 
-        subreq = dcerpc_request_send(hs->p,
+        subreq = dcerpc_request_send(state,
+                                     hs->p,
                                      object,
                                      opnum,
@@ -261 +307 @@
                 status = dcerpc_fault_to_nt_status(fault_code);
         }
+
+        /*
+         * We trigger the callback in the next event run
+         * because the code in this file might trigger
+         * multiple request callbacks from within a single
+         * while loop.
+         *
+         * In order to avoid segfaults from within
+         * dcerpc_connection_dead() we call
+         * tevent_req_defer_callback().
+         */
+        tevent_req_defer_callback(req, state->ev);
+
         if (!NT_STATUS_IS_OK(status)) {
                 tevent_req_nterror(req, status);
@@ -314 +373 @@
         ok = dcerpc_bh_is_connected(h);
         if (!ok) {
-                tevent_req_nterror(req, NT_STATUS_INVALID_CONNECTION);
+                tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED);
                 return tevent_req_post(req, ev);
         }
@@ -427 +486 @@
         for (i=0;i<num_examples;i++) {
                 char *name=NULL;
-                asprintf(&name, "%s/rpclog/%s-out.%d",
-                         hs->p->conn->packet_log_dir,
-                         call->name, i);
-                if (name == NULL) {
+                int ret;
+
+                ret = asprintf(&name, "%s/rpclog/%s-out.%d",
+                               hs->p->conn->packet_log_dir,
+                               call->name, i);
+                if (ret == -1) {
                         return;
                 }
@@ -522 +583 @@
         .is_connected           = dcerpc_bh_is_connected,
         .set_timeout            = dcerpc_bh_set_timeout,
+        .auth_info              = dcerpc_bh_auth_info,
         .raw_call_send          = dcerpc_bh_raw_call_send,
         .raw_call_recv          = dcerpc_bh_raw_call_recv,
@@ -645 +707 @@
         enum ndr_err_code ndr_err;
 
-        ndr = ndr_pull_init_flags(c, blob, mem_ctx);
+        ndr = ndr_pull_init_blob(blob, mem_ctx);
         if (!ndr) {
                 return NT_STATUS_NO_MEMORY;
@@ -654 +716 @@
         }
 
+        if (CVAL(blob->data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) {
+                ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+        }
+
         ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
+        TALLOC_FREE(ndr);
         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                 return ndr_map_error2ntstatus(ndr_err);
@@ -677 +744 @@
         uint32_t auth_length;
 
-        if (!c->security_state.auth_info ||
-            !c->security_state.generic_state) {
-                return NT_STATUS_OK;
-        }
-
-        switch (c->security_state.auth_info->auth_level) {
+        status = dcerpc_verify_ncacn_packet_header(pkt, DCERPC_PKT_RESPONSE,
+                                        pkt->u.response.stub_and_verifier.length,
+                                        0, /* required_flags */
+                                        DCERPC_PFC_FLAG_FIRST |
+                                        DCERPC_PFC_FLAG_LAST);
+        if (!NT_STATUS_IS_OK(status)) {
+                return status;
+        }
+
+        switch (c->security_state.auth_level) {
         case DCERPC_AUTH_LEVEL_PRIVACY:
         case DCERPC_AUTH_LEVEL_INTEGRITY:
@@ -717 +788 @@
         pkt->u.response.stub_and_verifier.length -= auth_length;
 
+        if (auth.auth_type != c->security_state.auth_type) {
+                return NT_STATUS_RPC_PROTOCOL_ERROR;
+        }
+
+        if (auth.auth_level != c->security_state.auth_level) {
+                return NT_STATUS_RPC_PROTOCOL_ERROR;
+        }
+
+        if (auth.auth_context_id != c->security_state.auth_context_id) {
+                return NT_STATUS_RPC_PROTOCOL_ERROR;
+        }
+
         /* check signature or unseal the packet */
-        switch (c->security_state.auth_info->auth_level) {
+        switch (c->security_state.auth_level) {
         case DCERPC_AUTH_LEVEL_PRIVACY:
                 status = gensec_unseal_packet(c->security_state.generic_state, 
-                                              mem_ctx, 
                                               raw_packet->data + DCERPC_REQUEST_LENGTH,
                                               pkt->u.response.stub_and_verifier.length, 
@@ -734 +816 @@
         case DCERPC_AUTH_LEVEL_INTEGRITY:
                 status = gensec_check_packet(c->security_state.generic_state, 
-                                             mem_ctx, 
                                              pkt->u.response.stub_and_verifier.data, 
                                              pkt->u.response.stub_and_verifier.length, 
@@ -776 +857 @@
         enum ndr_err_code ndr_err;
         size_t hdr_size = DCERPC_REQUEST_LENGTH;
-
-        /* non-signed packets are simpler */
-        if (sig_size == 0) {
-                return ncacn_push_auth(blob, mem_ctx, pkt, NULL);
-        }
-
-        switch (c->security_state.auth_info->auth_level) {
+        struct dcerpc_auth auth_info = {
+                .auth_type = c->security_state.auth_type,
+                .auth_level = c->security_state.auth_level,
+                .auth_context_id = c->security_state.auth_context_id,
+        };
+
+        switch (c->security_state.auth_level) {
         case DCERPC_AUTH_LEVEL_PRIVACY:
         case DCERPC_AUTH_LEVEL_INTEGRITY:
+                if (sig_size == 0) {
+                        return NT_STATUS_INTERNAL_ERROR;
+                }
                 break;
 
@@ -826 +910 @@
            whole packet, whereas w2k8 wants it relative to the start
            of the stub */
-        c->security_state.auth_info->auth_pad_length =
-                (16 - (pkt->u.request.stub_and_verifier.length & 15)) & 15;
-        ndr_err = ndr_push_zero(ndr, c->security_state.auth_info->auth_pad_length);
+        auth_info.auth_pad_length =
+                DCERPC_AUTH_PAD_LENGTH(pkt->u.request.stub_and_verifier.length);
+        ndr_err = ndr_push_zero(ndr, auth_info.auth_pad_length);
         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                 return ndr_map_error2ntstatus(ndr_err);
@@ -834 +918 @@
 
         payload_length = pkt->u.request.stub_and_verifier.length + 
-                c->security_state.auth_info->auth_pad_length;
-
-        /* we start without signature, it will appended later */
-        c->security_state.auth_info->credentials = data_blob(NULL,0);
+                auth_info.auth_pad_length;
 
         /* add the auth verifier */
-        ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, c->security_state.auth_info);
+        ndr_err = ndr_push_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth_info);
         if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                 return ndr_map_error2ntstatus(ndr_err);
@@ -858 +939 @@
 
         /* sign or seal the packet */
-        switch (c->security_state.auth_info->auth_level) {
+        switch (c->security_state.auth_level) {
         case DCERPC_AUTH_LEVEL_PRIVACY:
                 status = gensec_seal_packet(c->security_state.generic_state, 
@@ -898 +979 @@
                         (unsigned) creds2.length,
                         (unsigned) sig_size,
-                        (unsigned) c->security_state.auth_info->auth_pad_length,
+                        (unsigned) auth_info.auth_pad_length,
                         (unsigned) pkt->u.request.stub_and_verifier.length));
                 dcerpc_set_frag_length(blob, blob->length + creds2.length);
@@ -932 +1013 @@
   map a bind nak reason to a NTSTATUS
 */
-static NTSTATUS dcerpc_map_reason(uint16_t reason)
+static NTSTATUS dcerpc_map_nak_reason(enum dcerpc_bind_nak_reason reason)
 {
         switch (reason) {
-        case DCERPC_BIND_REASON_ASYNTAX:
+        case DCERPC_BIND_NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED:
+                return NT_STATUS_REVISION_MISMATCH;
+        case DCERPC_BIND_NAK_REASON_INVALID_AUTH_TYPE:
+                return NT_STATUS_INVALID_PARAMETER;
+        default:
+                break;
+        }
+        return NT_STATUS_UNSUCCESSFUL;
+}
+
+static NTSTATUS dcerpc_map_ack_reason(const struct dcerpc_ack_ctx *ack)
+{
+        if (ack == NULL) {
+                return NT_STATUS_RPC_PROTOCOL_ERROR;
+        }
+
+        switch (ack->result) {
+        case DCERPC_BIND_ACK_RESULT_NEGOTIATE_ACK:
+                /*
+                 * We have not asked for this...
+                 */
+                return NT_STATUS_RPC_PROTOCOL_ERROR;
+        default:
+                break;
+        }
+
+        switch (ack->reason.value) {
+        case DCERPC_BIND_ACK_REASON_ABSTRACT_SYNTAX_NOT_SUPPORTED:
                 return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
-        case DCERPC_BIND_REASON_INVALID_AUTH_TYPE:
-                return NT_STATUS_INVALID_PARAMETER;
+        case DCERPC_BIND_ACK_REASON_TRANSFER_SYNTAXES_NOT_SUPPORTED:
+                return NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX;
+        default:
+                break;
         }
         return NT_STATUS_UNSUCCESSFUL;
-}
-
-/*
-  a bind or alter context has failed
-*/
-static void dcerpc_composite_fail(struct rpc_request *req)
-{
-        struct composite_context *c = talloc_get_type(req->async.private_data, 
-                                                      struct composite_context);
-        composite_error(c, req->status);
 }
 
@@ -981 +1081 @@
         conn->dead = true;
 
-        if (conn->transport.shutdown_pipe) {
-                conn->transport.shutdown_pipe(conn, status);
-        }
+        TALLOC_FREE(conn->io_trigger);
+        conn->io_trigger_pending = false;
+
+        dcerpc_shutdown_pipe(conn, status);
 
         /* all pending requests get the error */
@@ -996 +1097 @@
         }       
 
+        /* all requests, which are not shipped */
+        while (conn->request_queue) {
+                struct rpc_request *req = conn->request_queue;
+                dcerpc_req_dequeue(req);
+                req->state = RPC_REQUEST_DONE;
+                req->status = status;
+                if (req->async.callback) {
+                        req->async.callback(req);
+                }
+        }
+
         talloc_set_destructor(conn, NULL);
         if (conn->free_skipped) {
@@ -1018 +1130 @@
         struct ncacn_packet pkt;
 
+        if (conn->dead) {
+                return;
+        }
+
         if (NT_STATUS_IS_OK(status) && blob->length == 0) {
                 status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
@@ -1035 +1151 @@
                 data_blob_free(blob);
                 dcerpc_connection_dead(conn, status);
+                return;
         }
 
         dcerpc_request_recv_data(conn, blob, &pkt);
-}
-
-/*
-  Receive a bind reply from the transport
-*/
-static void dcerpc_bind_recv_handler(struct rpc_request *req, 
-                                     DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
-{
-        struct composite_context *c;
-        struct dcecli_connection *conn;
-
-        c = talloc_get_type(req->async.private_data, struct composite_context);
-
-        if (pkt->ptype == DCERPC_PKT_BIND_NAK) {
-                DEBUG(2,("dcerpc: bind_nak reason %d\n",
-                         pkt->u.bind_nak.reject_reason));
-                composite_error(c, dcerpc_map_reason(pkt->u.bind_nak.
-                                                     reject_reason));
-                return;
-        }
-
-        if ((pkt->ptype != DCERPC_PKT_BIND_ACK) ||
-            (pkt->u.bind_ack.num_results == 0) ||
-            (pkt->u.bind_ack.ctx_list[0].result != 0)) {
-                req->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
-                composite_error(c, NT_STATUS_NET_WRITE_FAULT);
-                return;
-        }
-
-        conn = req->p->conn;
-
-        conn->srv_max_xmit_frag = pkt->u.bind_ack.max_xmit_frag;
-        conn->srv_max_recv_frag = pkt->u.bind_ack.max_recv_frag;
-
-        if ((req->p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) &&
-            (pkt->pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
-                conn->flags |= DCERPC_CONCURRENT_MULTIPLEX;
-        }
-
-        if ((req->p->binding->flags & DCERPC_HEADER_SIGNING) &&
-            (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) {
-                conn->flags |= DCERPC_HEADER_SIGNING;
-        }
-
-        /* the bind_ack might contain a reply set of credentials */
-        if (conn->security_state.auth_info && pkt->auth_length) {
-                NTSTATUS status;
-                uint32_t auth_length;
-                status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.bind_ack.auth_info,
-                                                  conn->security_state.auth_info, &auth_length, true);
-                if (!NT_STATUS_IS_OK(status)) {
-                        composite_error(c, status);
-                        return;
-                }
-        }
-
-        req->p->assoc_group_id = pkt->u.bind_ack.assoc_group_id;
-
-        composite_done(c);
 }
 
@@ -1120 +1178 @@
 }
 
-/*
-  send a async dcerpc bind request
-*/
-struct composite_context *dcerpc_bind_send(struct dcerpc_pipe *p,
-                                           TALLOC_CTX *mem_ctx,
-                                           const struct ndr_syntax_id *syntax,
-                                           const struct ndr_syntax_id *transfer_syntax)
-{
-        struct composite_context *c;
+struct dcerpc_bind_state {
+        struct tevent_context *ev;
+        struct dcerpc_pipe *p;
+};
+
+static void dcerpc_bind_fail_handler(struct rpc_request *subreq);
+static void dcerpc_bind_recv_handler(struct rpc_request *subreq,
+                                     DATA_BLOB *raw_packet,
+                                     struct ncacn_packet *pkt);
+
+struct tevent_req *dcerpc_bind_send(TALLOC_CTX *mem_ctx,
+                                    struct tevent_context *ev,
+                                    struct dcerpc_pipe *p,
+                                    const struct ndr_syntax_id *syntax,
+                                    const struct ndr_syntax_id *transfer_syntax)
+{
+        struct tevent_req *req;
+        struct dcerpc_bind_state *state;
         struct ncacn_packet pkt;
         DATA_BLOB blob;
-        struct rpc_request *req;
-
-        c = composite_create(mem_ctx,p->conn->event_ctx);
-        if (c == NULL) return NULL;
-
-        c->private_data = p;
+        NTSTATUS status;
+        struct rpc_request *subreq;
+        uint32_t flags;
+
+        req = tevent_req_create(mem_ctx, &state,
+                                struct dcerpc_bind_state);
+        if (req == NULL) {
+                return NULL;
+        }
+
+        state->ev = ev;
+        state->p = p;
 
         p->syntax = *syntax;
         p->transfer_syntax = *transfer_syntax;
+
+        flags = dcerpc_binding_get_flags(p->binding);
 
         init_ncacn_hdr(p->conn, &pkt);
@@ -1148 +1223 @@
         pkt.auth_length = 0;
 
-        if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
+        if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
         }
 
-        if (p->binding->flags & DCERPC_HEADER_SIGNING) {
+        if (p->conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) {
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
         }
 
-        pkt.u.bind.max_xmit_frag = 5840;
-        pkt.u.bind.max_recv_frag = 5840;
-        pkt.u.bind.assoc_group_id = p->binding->assoc_group_id;
+        pkt.u.bind.max_xmit_frag = p->conn->srv_max_xmit_frag;
+        pkt.u.bind.max_recv_frag = p->conn->srv_max_recv_frag;
+        pkt.u.bind.assoc_group_id = dcerpc_binding_get_assoc_group_id(p->binding);
         pkt.u.bind.num_contexts = 1;
         pkt.u.bind.ctx_list = talloc_array(mem_ctx, struct dcerpc_ctx_list, 1);
-        if (composite_nomem(pkt.u.bind.ctx_list, c)) return c;
+        if (tevent_req_nomem(pkt.u.bind.ctx_list, req)) {
+                return tevent_req_post(req, ev);
+        }
         pkt.u.bind.ctx_list[0].context_id = p->context_id;
         pkt.u.bind.ctx_list[0].num_transfer_syntaxes = 1;
@@ -1169 +1246 @@
 
         /* construct the NDR form of the packet */
-        c->status = ncacn_push_auth(&blob, c, &pkt,
-                                    p->conn->security_state.auth_info);
-        if (!composite_is_ok(c)) return c;
-
-        p->conn->transport.recv_data = dcerpc_recv_data;
+        status = ncacn_push_auth(&blob, state, &pkt,
+                                 p->conn->security_state.tmp_auth_info.out);
+        if (tevent_req_nterror(req, status)) {
+                return tevent_req_post(req, ev);
+        }
 
         /*
@@ -1179 +1256 @@
          * request queue as normal requests
          */
-        req = talloc_zero(c, struct rpc_request);
-        if (composite_nomem(req, c)) return c;
-
-        req->state = RPC_REQUEST_PENDING;
-        req->call_id = pkt.call_id;
-        req->async.private_data = c;
-        req->async.callback = dcerpc_composite_fail;
-        req->p = p;
-        req->recv_handler = dcerpc_bind_recv_handler;
-        DLIST_ADD_END(p->conn->pending, req, struct rpc_request *);
-        talloc_set_destructor(req, dcerpc_req_dequeue);
-
-        c->status = p->conn->transport.send_request(p->conn, &blob,
-                                                    true);
-        if (!composite_is_ok(c)) return c;
-
-        event_add_timed(c->event_ctx, req,
-                        timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
-                        dcerpc_timeout_handler, req);
-
-        return c;
-}
-
-/*
-  recv side of async dcerpc bind request
-*/
-NTSTATUS dcerpc_bind_recv(struct composite_context *ctx)
-{
-        NTSTATUS result = composite_wait(ctx);
-        talloc_free(ctx);
-        return result;
+        subreq = talloc_zero(state, struct rpc_request);
+        if (tevent_req_nomem(subreq, req)) {
+                return tevent_req_post(req, ev);
+        }
+
+        subreq->state = RPC_REQUEST_PENDING;
+        subreq->call_id = pkt.call_id;
+        subreq->async.private_data = req;
+        subreq->async.callback = dcerpc_bind_fail_handler;
+        subreq->p = p;
+        subreq->recv_handler = dcerpc_bind_recv_handler;
+        DLIST_ADD_END(p->conn->pending, subreq);
+        talloc_set_destructor(subreq, dcerpc_req_dequeue);
+
+        status = dcerpc_send_request(p->conn, &blob, true);
+        if (tevent_req_nterror(req, status)) {
+                return tevent_req_post(req, ev);
+        }
+
+        tevent_add_timer(ev, subreq,
+                         timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
+                         dcerpc_timeout_handler, subreq);
+
+        return req;
+}
+
+static void dcerpc_bind_fail_handler(struct rpc_request *subreq)
+{
+        struct tevent_req *req =
+                talloc_get_type_abort(subreq->async.private_data,
+                struct tevent_req);
+        struct dcerpc_bind_state *state =
+                tevent_req_data(req,
+                struct dcerpc_bind_state);
+        NTSTATUS status = subreq->status;
+
+        TALLOC_FREE(subreq);
+
+        /*
+         * We trigger the callback in the next event run
+         * because the code in this file might trigger
+         * multiple request callbacks from within a single
+         * while loop.
+         *
+         * In order to avoid segfaults from within
+         * dcerpc_connection_dead() we call
+         * tevent_req_defer_callback().
+         */
+        tevent_req_defer_callback(req, state->ev);
+
+        tevent_req_nterror(req, status);
+}
+
+static void dcerpc_bind_recv_handler(struct rpc_request *subreq,
+                                     DATA_BLOB *raw_packet,
+                                     struct ncacn_packet *pkt)
+{
+        struct tevent_req *req =
+                talloc_get_type_abort(subreq->async.private_data,
+                struct tevent_req);
+        struct dcerpc_bind_state *state =
+                tevent_req_data(req,
+                struct dcerpc_bind_state);
+        struct dcecli_connection *conn = state->p->conn;
+        struct dcecli_security *sec = &conn->security_state;
+        struct dcerpc_binding *b = NULL;
+        NTSTATUS status;
+        uint32_t flags;
+
+        /*
+         * Note that pkt is allocated under raw_packet->data,
+         * while raw_packet->data is a child of subreq.
+         */
+        talloc_steal(state, raw_packet->data);
+        TALLOC_FREE(subreq);
+
+        /*
+         * We trigger the callback in the next event run
+         * because the code in this file might trigger
+         * multiple request callbacks from within a single
+         * while loop.
+         *
+         * In order to avoid segfaults from within
+         * dcerpc_connection_dead() we call
+         * tevent_req_defer_callback().
+         */
+        tevent_req_defer_callback(req, state->ev);
+
+        if (pkt->ptype == DCERPC_PKT_BIND_NAK) {
+                status = dcerpc_map_nak_reason(pkt->u.bind_nak.reject_reason);
+
+                DEBUG(2,("dcerpc: bind_nak reason %d - %s\n",
+                         pkt->u.bind_nak.reject_reason, nt_errstr(status)));
+
+                tevent_req_nterror(req, status);
+                return;
+        }
+
+        status = dcerpc_verify_ncacn_packet_header(pkt,
+                                        DCERPC_PKT_BIND_ACK,
+                                        pkt->u.bind_ack.auth_info.length,
+                                        DCERPC_PFC_FLAG_FIRST |
+                                        DCERPC_PFC_FLAG_LAST,
+                                        DCERPC_PFC_FLAG_CONC_MPX |
+                                        DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN);
+        if (!NT_STATUS_IS_OK(status)) {
+                state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+                tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+
+        if (pkt->u.bind_ack.num_results != 1) {
+                state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+                tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+
+        if (pkt->u.bind_ack.ctx_list[0].result != 0) {
+                status = dcerpc_map_ack_reason(&pkt->u.bind_ack.ctx_list[0]);
+                DEBUG(2,("dcerpc: bind_ack failed - reason %d - %s\n",
+                         pkt->u.bind_ack.ctx_list[0].reason.value,
+                         nt_errstr(status)));
+                tevent_req_nterror(req, status);
+                return;
+        }
+
+        /*
+         * DCE-RPC 1.1 (c706) specifies
+         * CONST_MUST_RCV_FRAG_SIZE as 1432
+         */
+        if (pkt->u.bind_ack.max_xmit_frag < 1432) {
+                state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+                tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+        if (pkt->u.bind_ack.max_recv_frag < 1432) {
+                state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+                tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+        conn->srv_max_xmit_frag = MIN(conn->srv_max_xmit_frag,
+                                      pkt->u.bind_ack.max_xmit_frag);
+        conn->srv_max_recv_frag = MIN(conn->srv_max_recv_frag,
+                                      pkt->u.bind_ack.max_recv_frag);
+
+        flags = dcerpc_binding_get_flags(state->p->binding);
+
+        if ((flags & DCERPC_CONCURRENT_MULTIPLEX) &&
+            (pkt->pfc_flags & DCERPC_PFC_FLAG_CONC_MPX)) {
+                conn->flags |= DCERPC_CONCURRENT_MULTIPLEX;
+        }
+
+        if ((conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) &&
+            (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN)) {
+                conn->flags |= DCERPC_HEADER_SIGNING;
+        }
+
+        /* the bind_ack might contain a reply set of credentials */
+        if (pkt->auth_length != 0 && sec->tmp_auth_info.in != NULL) {
+                uint32_t auth_length;
+
+                status = dcerpc_pull_auth_trailer(pkt, sec->tmp_auth_info.mem,
+                                                  &pkt->u.bind_ack.auth_info,
+                                                  sec->tmp_auth_info.in,
+                                                  &auth_length, true);
+                if (tevent_req_nterror(req, status)) {
+                        return;
+                }
+        }
+
+        /*
+         * We're the owner of the binding, so we're allowed to modify it.
+         */
+        b = discard_const_p(struct dcerpc_binding, state->p->binding);
+        status = dcerpc_binding_set_assoc_group_id(b,
+                                                   pkt->u.bind_ack.assoc_group_id);
+        if (tevent_req_nterror(req, status)) {
+                return;
+        }
+
+        tevent_req_done(req);
+}
+
+NTSTATUS dcerpc_bind_recv(struct tevent_req *req)
+{
+        return tevent_req_simple_recv_ntstatus(req);
 }
 
@@ -1221 +1453 @@
         NTSTATUS status;
         DATA_BLOB blob;
+        uint32_t flags;
+
+        flags = dcerpc_binding_get_flags(p->binding);
 
         init_ncacn_hdr(p->conn, &pkt);
@@ -1230 +1465 @@
         pkt.u.auth3.auth_info = data_blob(NULL, 0);
 
-        if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
+        if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
         }
 
-        if (p->binding->flags & DCERPC_HEADER_SIGNING) {
-                pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
-        }
-
         /* construct the NDR form of the packet */
-        status = ncacn_push_auth(&blob, mem_ctx,
-                                 &pkt,
-                                 p->conn->security_state.auth_info);
+        status = ncacn_push_auth(&blob, mem_ctx, &pkt,
+                                 p->conn->security_state.tmp_auth_info.out);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
@@ -1247 +1477 @@
 
         /* send it on its way */
-        status = p->conn->transport.send_request(p->conn, &blob, false);
+        status = dcerpc_send_request(p->conn, &blob, false);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
@@ -1277 +1507 @@
           info out of step with the server
         */
-        if (c->security_state.auth_info && c->security_state.generic_state &&
-            pkt->ptype == DCERPC_PKT_RESPONSE) {
+        if (pkt->ptype == DCERPC_PKT_RESPONSE) {
                 status = ncacn_pull_request_auth(c, raw_packet->data, raw_packet, pkt);
         }
@@ -1306 +1535 @@
                 dcerpc_req_dequeue(req);
                 req->state = RPC_REQUEST_DONE;
+
+                /*
+                 * We have to look at shipping further requests before calling
+                 * the async function, that one might close the pipe
+                 */
+                dcerpc_schedule_io_trigger(c);
+
                 req->recv_handler(req, raw_packet, pkt);
                 return;
@@ -1311 +1547 @@
 
         if (pkt->ptype == DCERPC_PKT_FAULT) {
+                status = dcerpc_fault_to_nt_status(pkt->u.fault.status);
                 DEBUG(5,("rpc fault: %s\n", dcerpc_errstr(c, pkt->u.fault.status)));
+                if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
+                        dcerpc_connection_dead(c, status);
+                        return;
+                }
+                if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_SEC_PKG_ERROR)) {
+                        dcerpc_connection_dead(c, status);
+                        return;
+                }
                 req->fault_code = pkt->u.fault.status;
                 req->status = NT_STATUS_NET_WRITE_FAULT;
@@ -1320 +1565 @@
                 DEBUG(2,("Unexpected packet type %d in dcerpc response\n",
                          (int)pkt->ptype)); 
-                req->fault_code = DCERPC_FAULT_OTHER;
-                req->status = NT_STATUS_NET_WRITE_FAULT;
-                goto req_done;
+                dcerpc_connection_dead(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+                return;
         }
 
@@ -1328 +1572 @@
            this request accordingly */
         if (!NT_STATUS_IS_OK(status)) {
-                req->status = status;
-                goto req_done;
+                dcerpc_connection_dead(c, status);
+                return;
         }
 
         length = pkt->u.response.stub_and_verifier.length;
+
+        if (req->payload.length + length > DCERPC_NCACN_PAYLOAD_MAX_SIZE) {
+                DEBUG(2,("Unexpected total payload 0x%X > 0x%X dcerpc response\n",
+                         (unsigned)req->payload.length + length,
+                         DCERPC_NCACN_PAYLOAD_MAX_SIZE));
+                dcerpc_connection_dead(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+                return;
+        }
 
         if (length > 0) {
@@ -1349 +1601 @@
 
         if (!(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
-                c->transport.send_read(c);
-                return;
+                data_blob_free(raw_packet);
+                dcerpc_send_read(c);
+                return;
+        }
+
+        if (req->verify_bitmask1) {
+                req->p->conn->security_state.verified_bitmask1 = true;
+        }
+        if (req->verify_pcontext) {
+                req->p->verified_pcontext = true;
         }
 
@@ -1359 +1619 @@
         }
 
-
 req_done:
+        data_blob_free(raw_packet);
+
         /* we've got the full payload */
+        dcerpc_req_dequeue(req);
         req->state = RPC_REQUEST_DONE;
-        DLIST_REMOVE(c->pending, req);
-
-        if (c->request_queue != NULL) {
-                /* We have to look at shipping further requests before calling
-                 * the async function, that one might close the pipe */
-                dcerpc_ship_next_request(c);
-        }
+
+        /*
+         * We have to look at shipping further requests before calling
+         * the async function, that one might close the pipe
+         */
+        dcerpc_schedule_io_trigger(c);
 
         if (req->async.callback) {
@@ -1375 +1636 @@
         }
 }
+
+static NTSTATUS dcerpc_request_prepare_vt(struct rpc_request *req);
 
 /*
   perform the send side of a async dcerpc request
 */
-static struct rpc_request *dcerpc_request_send(struct dcerpc_pipe *p, 
+static struct rpc_request *dcerpc_request_send(TALLOC_CTX *mem_ctx,
+                                               struct dcerpc_pipe *p,
                                                const struct GUID *object,
                                                uint16_t opnum,
@@ -1385 +1649 @@
 {
         struct rpc_request *req;
-
-        p->conn->transport.recv_data = dcerpc_recv_data;
-
-        req = talloc(p, struct rpc_request);
+        NTSTATUS status;
+
+        req = talloc_zero(mem_ctx, struct rpc_request);
         if (req == NULL) {
                 return NULL;
@@ -1395 +1658 @@
         req->p = p;
         req->call_id = next_call_id(p->conn);
-        req->status = NT_STATUS_OK;
         req->state = RPC_REQUEST_QUEUED;
-        req->payload = data_blob(NULL, 0);
-        req->flags = 0;
-        req->fault_code = 0;
-        req->ignore_timeout = false;
-        req->async.callback = NULL;
-        req->async.private_data = NULL;
-        req->recv_handler = NULL;
 
         if (object != NULL) {
@@ -1411 +1666 @@
                         return NULL;
                 }
-        } else {
-                req->object = NULL;
         }
 
         req->opnum = opnum;
         req->request_data.length = stub_data->length;
-        req->request_data.data = talloc_reference(req, stub_data->data);
-        if (req->request_data.length && req->request_data.data == NULL) {
+        req->request_data.data = stub_data->data;
+
+        status = dcerpc_request_prepare_vt(req);
+        if (!NT_STATUS_IS_OK(status)) {
+                talloc_free(req);
                 return NULL;
         }
 
-        DLIST_ADD_END(p->conn->request_queue, req, struct rpc_request *);
+        DLIST_ADD_END(p->conn->request_queue, req);
         talloc_set_destructor(req, dcerpc_req_dequeue);
 
-        dcerpc_ship_next_request(p->conn);
+        dcerpc_schedule_io_trigger(p->conn);
 
         if (p->request_timeout) {
-                event_add_timed(dcerpc_event_context(p), req, 
+                tevent_add_timer(p->conn->event_ctx, req,
                                 timeval_current_ofs(p->request_timeout, 0), 
                                 dcerpc_timeout_handler, req);
@@ -1434 +1690 @@
 
         return req;
+}
+
+static NTSTATUS dcerpc_request_prepare_vt(struct rpc_request *req)
+{
+        struct dcecli_security *sec = &req->p->conn->security_state;
+        struct dcerpc_sec_verification_trailer *t;
+        struct dcerpc_sec_vt *c = NULL;
+        struct ndr_push *ndr = NULL;
+        enum ndr_err_code ndr_err;
+
+        if (sec->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
+                return NT_STATUS_OK;
+        }
+
+        t = talloc_zero(req, struct dcerpc_sec_verification_trailer);
+        if (t == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        if (!sec->verified_bitmask1) {
+                t->commands = talloc_realloc(t, t->commands,
+                                             struct dcerpc_sec_vt,
+                                             t->count.count + 1);
+                if (t->commands == NULL) {
+                        return NT_STATUS_NO_MEMORY;
+                }
+                c = &t->commands[t->count.count++];
+                ZERO_STRUCTP(c);
+
+                c->command = DCERPC_SEC_VT_COMMAND_BITMASK1;
+                if (req->p->conn->flags & DCERPC_PROPOSE_HEADER_SIGNING) {
+                        c->u.bitmask1 = DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING;
+                }
+                req->verify_bitmask1 = true;
+        }
+
+        if (!req->p->verified_pcontext) {
+                t->commands = talloc_realloc(t, t->commands,
+                                             struct dcerpc_sec_vt,
+                                             t->count.count + 1);
+                if (t->commands == NULL) {
+                        return NT_STATUS_NO_MEMORY;
+                }
+                c = &t->commands[t->count.count++];
+                ZERO_STRUCTP(c);
+
+                c->command = DCERPC_SEC_VT_COMMAND_PCONTEXT;
+                c->u.pcontext.abstract_syntax = req->p->syntax;
+                c->u.pcontext.transfer_syntax = req->p->transfer_syntax;
+
+                req->verify_pcontext = true;
+        }
+
+        if (!(req->p->conn->flags & DCERPC_HEADER_SIGNING)) {
+                t->commands = talloc_realloc(t, t->commands,
+                                             struct dcerpc_sec_vt,
+                                             t->count.count + 1);
+                if (t->commands == NULL) {
+                        return NT_STATUS_NO_MEMORY;
+                }
+                c = &t->commands[t->count.count++];
+                ZERO_STRUCTP(c);
+
+                c->command = DCERPC_SEC_VT_COMMAND_HEADER2;
+                c->u.header2.ptype = DCERPC_PKT_REQUEST;
+                if (req->p->conn->flags & DCERPC_PUSH_BIGENDIAN) {
+                        c->u.header2.drep[0] = 0;
+                } else {
+                        c->u.header2.drep[0] = DCERPC_DREP_LE;
+                }
+                c->u.header2.drep[1] = 0;
+                c->u.header2.drep[2] = 0;
+                c->u.header2.drep[3] = 0;
+                c->u.header2.call_id = req->call_id;
+                c->u.header2.context_id = req->p->context_id;
+                c->u.header2.opnum = req->opnum;
+        }
+
+        if (t->count.count == 0) {
+                TALLOC_FREE(t);
+                return NT_STATUS_OK;
+        }
+
+        c = &t->commands[t->count.count - 1];
+        c->command |= DCERPC_SEC_VT_COMMAND_END;
+
+        if (DEBUGLEVEL >= 10) {
+                NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t);
+        }
+
+        ndr = ndr_push_init_ctx(req);
+        if (ndr == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        /*
+         * for now we just copy and append
+         */
+
+        ndr_err = ndr_push_bytes(ndr, req->request_data.data,
+                                 req->request_data.length);
+        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                return ndr_map_error2ntstatus(ndr_err);
+        }
+
+        ndr_err = ndr_push_dcerpc_sec_verification_trailer(ndr,
+                                                NDR_SCALARS | NDR_BUFFERS,
+                                                t);
+        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                return ndr_map_error2ntstatus(ndr_err);
+        }
+        req->request_data = ndr_push_blob(ndr);
+
+        return NT_STATUS_OK;
 }
 
@@ -1451 +1821 @@
         size_t sig_size = 0;
         bool need_async = false;
+        bool can_async = true;
 
         req = c->request_queue;
@@ -1462 +1833 @@
         if (c->pending) {
                 need_async = true;
+        }
+
+        if (c->security_state.auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+                can_async = gensec_have_feature(c->security_state.generic_state,
+                                                GENSEC_FEATURE_ASYNC_REPLIES);
+        }
+
+        if (need_async && !can_async) {
+                req->wait_for_sync = true;
+                return;
         }
 
@@ -1476 +1857 @@
         chunk_size = p->conn->srv_max_recv_frag;
         chunk_size -= DCERPC_REQUEST_LENGTH;
-        if (c->security_state.auth_info &&
-            c->security_state.generic_state) {
+        if (c->security_state.auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+                size_t max_payload = chunk_size;
+
+                max_payload -= DCERPC_AUTH_TRAILER_LENGTH;
+                max_payload -= (max_payload % DCERPC_AUTH_PAD_ALIGNMENT);
+
                 sig_size = gensec_sig_size(c->security_state.generic_state,
-                                           p->conn->srv_max_recv_frag);
+                                           max_payload);
                 if (sig_size) {
                         chunk_size -= DCERPC_AUTH_TRAILER_LENGTH;
@@ -1485 +1870 @@
                 }
         }
-        chunk_size -= (chunk_size % 16);
+        chunk_size -= (chunk_size % DCERPC_AUTH_PAD_ALIGNMENT);
 
         pkt.ptype = DCERPC_PKT_REQUEST;
@@ -1491 +1876 @@
         pkt.auth_length = 0;
         pkt.pfc_flags = 0;
-        pkt.u.request.alloc_hint = remaining;
         pkt.u.request.context_id = p->context_id;
         pkt.u.request.opnum = req->opnum;
@@ -1518 +1902 @@
                 }
 
+                pkt.u.request.alloc_hint = remaining;
                 pkt.u.request.stub_and_verifier.data = stub_data->data + 
                         (stub_data->length - remaining);
@@ -1533 +1918 @@
                 }
 
-                req->status = p->conn->transport.send_request(p->conn, &blob, do_trans);
+                req->status = dcerpc_send_request(p->conn, &blob, do_trans);
                 if (!NT_STATUS_IS_OK(req->status)) {
                         req->state = RPC_REQUEST_DONE;
@@ -1541 +1926 @@
 
                 if (last_frag && !do_trans) {
-                        req->status = p->conn->transport.send_read(p->conn);
+                        req->status = dcerpc_send_read(p->conn);
                         if (!NT_STATUS_IS_OK(req->status)) {
                                 req->state = RPC_REQUEST_DONE;
@@ -1553 +1938 @@
 }
 
-/*
-  return the event context for a dcerpc pipe
-  used by callers who wish to operate asynchronously
-*/
-_PUBLIC_ struct tevent_context *dcerpc_event_context(struct dcerpc_pipe *p)
-{
-        return p->conn->event_ctx;
-}
-
-
+static void dcerpc_io_trigger(struct tevent_context *ctx,
+                              struct tevent_immediate *im,
+                              void *private_data)
+{
+        struct dcecli_connection *c =
+                talloc_get_type_abort(private_data,
+                struct dcecli_connection);
+
+        c->io_trigger_pending = false;
+
+        dcerpc_schedule_io_trigger(c);
+
+        dcerpc_ship_next_request(c);
+}
+
+static void dcerpc_schedule_io_trigger(struct dcecli_connection *c)
+{
+        if (c->dead) {
+                return;
+        }
+
+        if (c->request_queue == NULL) {
+                return;
+        }
+
+        if (c->request_queue->wait_for_sync && c->pending) {
+                return;
+        }
+
+        if (c->io_trigger_pending) {
+                return;
+        }
+
+        c->io_trigger_pending = true;
+
+        tevent_schedule_immediate(c->io_trigger,
+                                  c->event_ctx,
+                                  dcerpc_io_trigger,
+                                  c);
+}
 
 /*
@@ -1574 +1989 @@
 
         while (req->state != RPC_REQUEST_DONE) {
-                struct tevent_context *ctx = dcerpc_event_context(req->p);
-                if (event_loop_once(ctx) != 0) {
+                struct tevent_context *ctx = req->p->conn->event_ctx;
+                if (tevent_loop_once(ctx) != 0) {
                         return NT_STATUS_CONNECTION_DISCONNECTED;
                 }
@@ -1790 +2205 @@
 _PUBLIC_ const char *dcerpc_server_name(struct dcerpc_pipe *p)
 {
-        if (!p->conn->transport.target_hostname) {
-                if (!p->conn->transport.peer_name) {
-                        return "";
-                }
-                return p->conn->transport.peer_name(p->conn);
-        }
-        return p->conn->transport.target_hostname(p->conn);
+        return p->conn ? p->conn->server_name : NULL;
 }
 
@@ -1819 +2228 @@
 }
 
-/*
-  Receive an alter reply from the transport
-*/
-static void dcerpc_alter_recv_handler(struct rpc_request *req,
-                                      DATA_BLOB *raw_packet, struct ncacn_packet *pkt)
-{
-        struct composite_context *c;
-        struct dcerpc_pipe *recv_pipe;
-
-        c = talloc_get_type(req->async.private_data, struct composite_context);
-        recv_pipe = talloc_get_type(c->private_data, struct dcerpc_pipe);
-
-        if (pkt->ptype == DCERPC_PKT_ALTER_RESP &&
-            pkt->u.alter_resp.num_results == 1 &&
-            pkt->u.alter_resp.ctx_list[0].result != 0) {
-                DEBUG(2,("dcerpc: alter_resp failed - reason %d\n", 
-                         pkt->u.alter_resp.ctx_list[0].reason));
-                composite_error(c, dcerpc_map_reason(pkt->u.alter_resp.ctx_list[0].reason));
-                return;
-        }
-
-        if (pkt->ptype == DCERPC_PKT_FAULT) {
-                DEBUG(5,("rpc fault: %s\n", dcerpc_errstr(c, pkt->u.fault.status)));
-                recv_pipe->last_fault_code = pkt->u.fault.status;
-                composite_error(c, NT_STATUS_NET_WRITE_FAULT);
-                return;
-        }
-
-        if (pkt->ptype != DCERPC_PKT_ALTER_RESP ||
-            pkt->u.alter_resp.num_results == 0 ||
-            pkt->u.alter_resp.ctx_list[0].result != 0) {
-                recv_pipe->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
-                composite_error(c, NT_STATUS_NET_WRITE_FAULT);
-                return;
-        }
-
-        /* the alter_resp might contain a reply set of credentials */
-        if (recv_pipe->conn->security_state.auth_info && pkt->auth_length) {
-                struct dcecli_connection *conn = recv_pipe->conn;
-                NTSTATUS status;
-                uint32_t auth_length;
-                status = dcerpc_pull_auth_trailer(pkt, conn, &pkt->u.alter_resp.auth_info,
-                                                  conn->security_state.auth_info, &auth_length, true);
-                if (!NT_STATUS_IS_OK(status)) {
-                        composite_error(c, status);
-                        return;
-                }
-        }
-
-        composite_done(c);
-}
-
-/* 
-   send a dcerpc alter_context request
-*/
-struct composite_context *dcerpc_alter_context_send(struct dcerpc_pipe *p, 
-                                                    TALLOC_CTX *mem_ctx,
-                                                    const struct ndr_syntax_id *syntax,
-                                                    const struct ndr_syntax_id *transfer_syntax)
-{
-        struct composite_context *c;
+struct dcerpc_alter_context_state {
+        struct tevent_context *ev;
+        struct dcerpc_pipe *p;
+};
+
+static void dcerpc_alter_context_fail_handler(struct rpc_request *subreq);
+static void dcerpc_alter_context_recv_handler(struct rpc_request *req,
+                                              DATA_BLOB *raw_packet,
+                                              struct ncacn_packet *pkt);
+
+struct tevent_req *dcerpc_alter_context_send(TALLOC_CTX *mem_ctx,
+                                             struct tevent_context *ev,
+                                             struct dcerpc_pipe *p,
+                                             const struct ndr_syntax_id *syntax,
+                                             const struct ndr_syntax_id *transfer_syntax)
+{
+        struct tevent_req *req;
+        struct dcerpc_alter_context_state *state;
         struct ncacn_packet pkt;
         DATA_BLOB blob;
-        struct rpc_request *req;
-
-        c = composite_create(mem_ctx, p->conn->event_ctx);
-        if (c == NULL) return NULL;
-
-        c->private_data = p;
+        NTSTATUS status;
+        struct rpc_request *subreq;
+        uint32_t flags;
+
+        req = tevent_req_create(mem_ctx, &state,
+                                struct dcerpc_alter_context_state);
+        if (req == NULL) {
+                return NULL;
+        }
+
+        state->ev = ev;
+        state->p = p;
 
         p->syntax = *syntax;
         p->transfer_syntax = *transfer_syntax;
+
+        flags = dcerpc_binding_get_flags(p->binding);
 
         init_ncacn_hdr(p->conn, &pkt);
@@ -1899 +2273 @@
         pkt.auth_length = 0;
 
-        if (p->binding->flags & DCERPC_CONCURRENT_MULTIPLEX) {
+        if (flags & DCERPC_CONCURRENT_MULTIPLEX) {
                 pkt.pfc_flags |= DCERPC_PFC_FLAG_CONC_MPX;
         }
 
-        if (p->binding->flags & DCERPC_HEADER_SIGNING) {
-                pkt.pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN;
-        }
-
-        pkt.u.alter.max_xmit_frag = 5840;
-        pkt.u.alter.max_recv_frag = 5840;
-        pkt.u.alter.assoc_group_id = p->binding->assoc_group_id;
+        pkt.u.alter.max_xmit_frag = p->conn->srv_max_xmit_frag;
+        pkt.u.alter.max_recv_frag = p->conn->srv_max_recv_frag;
+        pkt.u.alter.assoc_group_id = dcerpc_binding_get_assoc_group_id(p->binding);
         pkt.u.alter.num_contexts = 1;
-        pkt.u.alter.ctx_list = talloc_array(c, struct dcerpc_ctx_list, 1);
-        if (composite_nomem(pkt.u.alter.ctx_list, c)) return c;
+        pkt.u.alter.ctx_list = talloc_array(state, struct dcerpc_ctx_list, 1);
+        if (tevent_req_nomem(pkt.u.alter.ctx_list, req)) {
+                return tevent_req_post(req, ev);
+        }
         pkt.u.alter.ctx_list[0].context_id = p->context_id;
         pkt.u.alter.ctx_list[0].num_transfer_syntaxes = 1;
@@ -1920 +2292 @@
 
         /* construct the NDR form of the packet */
-        c->status = ncacn_push_auth(&blob, mem_ctx, &pkt,
-                                    p->conn->security_state.auth_info);
-        if (!composite_is_ok(c)) return c;
-
-        p->conn->transport.recv_data = dcerpc_recv_data;
+        status = ncacn_push_auth(&blob, state, &pkt,
+                                 p->conn->security_state.tmp_auth_info.out);
+        if (tevent_req_nterror(req, status)) {
+                return tevent_req_post(req, ev);
+        }
 
         /*
@@ -1930 +2302 @@
          * request queue as normal requests
          */
-        req = talloc_zero(c, struct rpc_request);
-        if (composite_nomem(req, c)) return c;
-
-        req->state = RPC_REQUEST_PENDING;
-        req->call_id = pkt.call_id;
-        req->async.private_data = c;
-        req->async.callback = dcerpc_composite_fail;
-        req->p = p;
-        req->recv_handler = dcerpc_alter_recv_handler;
-        DLIST_ADD_END(p->conn->pending, req, struct rpc_request *);
-        talloc_set_destructor(req, dcerpc_req_dequeue);
-
-        c->status = p->conn->transport.send_request(p->conn, &blob, true);
-        if (!composite_is_ok(c)) return c;
-
-        event_add_timed(c->event_ctx, req,
-                        timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
-                        dcerpc_timeout_handler, req);
-
-        return c;
-}
-
-NTSTATUS dcerpc_alter_context_recv(struct composite_context *ctx)
-{
-        NTSTATUS result = composite_wait(ctx);
-        talloc_free(ctx);
-        return result;
+        subreq = talloc_zero(state, struct rpc_request);
+        if (tevent_req_nomem(subreq, req)) {
+                return tevent_req_post(req, ev);
+        }
+
+        subreq->state = RPC_REQUEST_PENDING;
+        subreq->call_id = pkt.call_id;
+        subreq->async.private_data = req;
+        subreq->async.callback = dcerpc_alter_context_fail_handler;
+        subreq->p = p;
+        subreq->recv_handler = dcerpc_alter_context_recv_handler;
+        DLIST_ADD_END(p->conn->pending, subreq);
+        talloc_set_destructor(subreq, dcerpc_req_dequeue);
+
+        status = dcerpc_send_request(p->conn, &blob, true);
+        if (tevent_req_nterror(req, status)) {
+                return tevent_req_post(req, ev);
+        }
+
+        tevent_add_timer(ev, subreq,
+                         timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
+                         dcerpc_timeout_handler, subreq);
+
+        return req;
+}
+
+static void dcerpc_alter_context_fail_handler(struct rpc_request *subreq)
+{
+        struct tevent_req *req =
+                talloc_get_type_abort(subreq->async.private_data,
+                struct tevent_req);
+        struct dcerpc_alter_context_state *state =
+                tevent_req_data(req,
+                struct dcerpc_alter_context_state);
+        NTSTATUS status = subreq->status;
+
+        TALLOC_FREE(subreq);
+
+        /*
+         * We trigger the callback in the next event run
+         * because the code in this file might trigger
+         * multiple request callbacks from within a single
+         * while loop.
+         *
+         * In order to avoid segfaults from within
+         * dcerpc_connection_dead() we call
+         * tevent_req_defer_callback().
+         */
+        tevent_req_defer_callback(req, state->ev);
+
+        tevent_req_nterror(req, status);
+}
+
+static void dcerpc_alter_context_recv_handler(struct rpc_request *subreq,
+                                              DATA_BLOB *raw_packet,
+                                              struct ncacn_packet *pkt)
+{
+        struct tevent_req *req =
+                talloc_get_type_abort(subreq->async.private_data,
+                struct tevent_req);
+        struct dcerpc_alter_context_state *state =
+                tevent_req_data(req,
+                struct dcerpc_alter_context_state);
+        struct dcecli_connection *conn = state->p->conn;
+        struct dcecli_security *sec = &conn->security_state;
+        NTSTATUS status;
+
+        /*
+         * Note that pkt is allocated under raw_packet->data,
+         * while raw_packet->data is a child of subreq.
+         */
+        talloc_steal(state, raw_packet->data);
+        TALLOC_FREE(subreq);
+
+        /*
+         * We trigger the callback in the next event run
+         * because the code in this file might trigger
+         * multiple request callbacks from within a single
+         * while loop.
+         *
+         * In order to avoid segfaults from within
+         * dcerpc_connection_dead() we call
+         * tevent_req_defer_callback().
+         */
+        tevent_req_defer_callback(req, state->ev);
+
+        if (pkt->ptype == DCERPC_PKT_FAULT) {
+                DEBUG(5,("dcerpc: alter_resp - rpc fault: %s\n",
+                         dcerpc_errstr(state, pkt->u.fault.status)));
+                if (pkt->u.fault.status == DCERPC_FAULT_ACCESS_DENIED) {
+                        state->p->last_fault_code = pkt->u.fault.status;
+                        tevent_req_nterror(req, NT_STATUS_LOGON_FAILURE);
+                } else if (pkt->u.fault.status == DCERPC_FAULT_SEC_PKG_ERROR) {
+                        state->p->last_fault_code = pkt->u.fault.status;
+                        tevent_req_nterror(req, NT_STATUS_LOGON_FAILURE);
+                } else {
+                        state->p->last_fault_code = pkt->u.fault.status;
+                        status = dcerpc_fault_to_nt_status(pkt->u.fault.status);
+                        tevent_req_nterror(req, status);
+                }
+                return;
+        }
+
+        status = dcerpc_verify_ncacn_packet_header(pkt,
+                                        DCERPC_PKT_ALTER_RESP,
+                                        pkt->u.alter_resp.auth_info.length,
+                                        DCERPC_PFC_FLAG_FIRST |
+                                        DCERPC_PFC_FLAG_LAST,
+                                        DCERPC_PFC_FLAG_CONC_MPX |
+                                        DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN);
+        if (!NT_STATUS_IS_OK(status)) {
+                state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+                tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+
+        if (pkt->u.alter_resp.num_results != 1) {
+                state->p->last_fault_code = DCERPC_NCA_S_PROTO_ERROR;
+                tevent_req_nterror(req, NT_STATUS_NET_WRITE_FAULT);
+                return;
+        }
+
+        if (pkt->u.alter_resp.ctx_list[0].result != 0) {
+                status = dcerpc_map_ack_reason(&pkt->u.alter_resp.ctx_list[0]);
+                DEBUG(2,("dcerpc: alter_resp failed - reason %d - %s\n",
+                         pkt->u.alter_resp.ctx_list[0].reason.value,
+                         nt_errstr(status)));
+                tevent_req_nterror(req, status);
+                return;
+        }
+
+        /* the alter_resp might contain a reply set of credentials */
+        if (pkt->auth_length != 0 && sec->tmp_auth_info.in != NULL) {
+                uint32_t auth_length;
+
+                status = dcerpc_pull_auth_trailer(pkt, sec->tmp_auth_info.mem,
+                                                  &pkt->u.alter_resp.auth_info,
+                                                  sec->tmp_auth_info.in,
+                                                  &auth_length, true);
+                if (tevent_req_nterror(req, status)) {
+                        return;
+                }
+        }
+
+        tevent_req_done(req);
+}
+
+NTSTATUS dcerpc_alter_context_recv(struct tevent_req *req)
+{
+        return tevent_req_simple_recv_ntstatus(req);
 }
 
@@ -1967 +2462 @@
                               const struct ndr_syntax_id *transfer_syntax)
 {
-        struct composite_context *creq;
-        creq = dcerpc_alter_context_send(p, mem_ctx, syntax, transfer_syntax);
-        return dcerpc_alter_context_recv(creq);
-}
-
+        struct tevent_req *subreq;
+        struct tevent_context *ev = p->conn->event_ctx;
+        bool ok;
+
+        /* TODO: create a new event context here */
+
+        subreq = dcerpc_alter_context_send(mem_ctx, ev,
+                                           p, syntax, transfer_syntax);
+        if (subreq == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        ok = tevent_req_poll(subreq, ev);
+        if (!ok) {
+                NTSTATUS status;
+                status = map_nt_error_from_unix_common(errno);
+                return status;
+        }
+
+        return dcerpc_alter_context_recv(subreq);
+}
+
+static void dcerpc_transport_dead(struct dcecli_connection *c, NTSTATUS status)
+{
+        if (c->transport.stream == NULL) {
+                return;
+        }
+
+        tevent_queue_stop(c->transport.write_queue);
+        TALLOC_FREE(c->transport.read_subreq);
+        TALLOC_FREE(c->transport.stream);
+
+        if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
+                status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
+        }
+
+        if (NT_STATUS_EQUAL(NT_STATUS_OK, status)) {
+                status = NT_STATUS_END_OF_FILE;
+        }
+
+        dcerpc_recv_data(c, NULL, status);
+}
+
+
+/*
+   shutdown SMB pipe connection
+*/
+struct dcerpc_shutdown_pipe_state {
+        struct dcecli_connection *c;
+        NTSTATUS status;
+};
+
+static void dcerpc_shutdown_pipe_done(struct tevent_req *subreq);
+
+static NTSTATUS dcerpc_shutdown_pipe(struct dcecli_connection *c, NTSTATUS status)
+{
+        struct dcerpc_shutdown_pipe_state *state;
+        struct tevent_req *subreq;
+
+        if (c->transport.stream == NULL) {
+                return NT_STATUS_OK;
+        }
+
+        state = talloc_zero(c, struct dcerpc_shutdown_pipe_state);
+        if (state == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+        state->c = c;
+        state->status = status;
+
+        subreq = tstream_disconnect_send(state, c->event_ctx, c->transport.stream);
+        if (subreq == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+        tevent_req_set_callback(subreq, dcerpc_shutdown_pipe_done, state);
+
+        return status;
+}
+
+static void dcerpc_shutdown_pipe_done(struct tevent_req *subreq)
+{
+        struct dcerpc_shutdown_pipe_state *state =
+                tevent_req_callback_data(subreq, struct dcerpc_shutdown_pipe_state);
+        struct dcecli_connection *c = state->c;
+        NTSTATUS status = state->status;
+        int error;
+
+        /*
+         * here we ignore the return values...
+         */
+        tstream_disconnect_recv(subreq, &error);
+        TALLOC_FREE(subreq);
+
+        TALLOC_FREE(state);
+
+        dcerpc_transport_dead(c, status);
+}
+
+
+
+struct dcerpc_send_read_state {
+        struct dcecli_connection *p;
+};
+
+static int dcerpc_send_read_state_destructor(struct dcerpc_send_read_state *state)
+{
+        struct dcecli_connection *p = state->p;
+
+        p->transport.read_subreq = NULL;
+
+        return 0;
+}
+
+static void dcerpc_send_read_done(struct tevent_req *subreq);
+
+static NTSTATUS dcerpc_send_read(struct dcecli_connection *p)
+{
+        struct dcerpc_send_read_state *state;
+
+        if (p->transport.read_subreq != NULL) {
+                p->transport.pending_reads++;
+                return NT_STATUS_OK;
+        }
+
+        state = talloc_zero(p, struct dcerpc_send_read_state);
+        if (state == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+        state->p = p;
+
+        talloc_set_destructor(state, dcerpc_send_read_state_destructor);
+
+        p->transport.read_subreq = dcerpc_read_ncacn_packet_send(state,
+                                                          p->event_ctx,
+                                                          p->transport.stream);
+        if (p->transport.read_subreq == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+        tevent_req_set_callback(p->transport.read_subreq, dcerpc_send_read_done, state);
+
+        return NT_STATUS_OK;
+}
+
+static void dcerpc_send_read_done(struct tevent_req *subreq)
+{
+        struct dcerpc_send_read_state *state =
+                tevent_req_callback_data(subreq,
+                                         struct dcerpc_send_read_state);
+        struct dcecli_connection *p = state->p;
+        NTSTATUS status;
+        struct ncacn_packet *pkt;
+        DATA_BLOB blob;
+
+        status = dcerpc_read_ncacn_packet_recv(subreq, state,
+                                               &pkt, &blob);
+        TALLOC_FREE(subreq);
+        if (!NT_STATUS_IS_OK(status)) {
+                TALLOC_FREE(state);
+                dcerpc_transport_dead(p, status);
+                return;
+        }
+
+        /*
+         * here we steal into thet connection context,
+         * but p->transport.recv_data() will steal or free it again
+         */
+        talloc_steal(p, blob.data);
+        TALLOC_FREE(state);
+
+        if (p->transport.pending_reads > 0) {
+                p->transport.pending_reads--;
+
+                status = dcerpc_send_read(p);
+                if (!NT_STATUS_IS_OK(status)) {
+                        dcerpc_transport_dead(p, status);
+                        return;
+                }
+        }
+
+        dcerpc_recv_data(p, &blob, NT_STATUS_OK);
+}
+
+struct dcerpc_send_request_state {
+        struct dcecli_connection *p;
+        DATA_BLOB blob;
+        struct iovec iov;
+};
+
+static int dcerpc_send_request_state_destructor(struct dcerpc_send_request_state *state)
+{
+        struct dcecli_connection *p = state->p;
+
+        p->transport.read_subreq = NULL;
+
+        return 0;
+}
+
+static void dcerpc_send_request_wait_done(struct tevent_req *subreq);
+static void dcerpc_send_request_done(struct tevent_req *subreq);
+
+static NTSTATUS dcerpc_send_request(struct dcecli_connection *p, DATA_BLOB *data,
+                                    bool trigger_read)
+{
+        struct dcerpc_send_request_state *state;
+        struct tevent_req *subreq;
+        bool use_trans = trigger_read;
+
+        if (p->transport.stream == NULL) {
+                return NT_STATUS_CONNECTION_DISCONNECTED;
+        }
+
+        state = talloc_zero(p, struct dcerpc_send_request_state);
+        if (state == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+        state->p = p;
+
+        state->blob = data_blob_talloc(state, data->data, data->length);
+        if (state->blob.data == NULL) {
+                TALLOC_FREE(state);
+                return NT_STATUS_NO_MEMORY;
+        }
+        state->iov.iov_base = (void *)state->blob.data;
+        state->iov.iov_len = state->blob.length;
+
+        if (p->transport.read_subreq != NULL) {
+                use_trans = false;
+        }
+
+        if (!tstream_is_smbXcli_np(p->transport.stream)) {
+                use_trans = false;
+        }
+
+        if (use_trans) {
+                /*
+                 * we need to block reads until our write is
+                 * the next in the write queue.
+                 */
+                p->transport.read_subreq = tevent_queue_wait_send(state, p->event_ctx,
+                                                             p->transport.write_queue);
+                if (p->transport.read_subreq == NULL) {
+                        TALLOC_FREE(state);
+                        return NT_STATUS_NO_MEMORY;
+                }
+                tevent_req_set_callback(p->transport.read_subreq,
+                                        dcerpc_send_request_wait_done,
+                                        state);
+
+                talloc_set_destructor(state, dcerpc_send_request_state_destructor);
+
+                trigger_read = false;
+        }
+
+        subreq = tstream_writev_queue_send(state, p->event_ctx,
+                                           p->transport.stream,
+                                           p->transport.write_queue,
+                                           &state->iov, 1);
+        if (subreq == NULL) {
+                TALLOC_FREE(state);
+                return NT_STATUS_NO_MEMORY;
+        }
+        tevent_req_set_callback(subreq, dcerpc_send_request_done, state);
+
+        if (trigger_read) {
+                dcerpc_send_read(p);
+        }
+
+        return NT_STATUS_OK;
+}
+
+static void dcerpc_send_request_wait_done(struct tevent_req *subreq)
+{
+        struct dcerpc_send_request_state *state =
+                tevent_req_callback_data(subreq,
+                struct dcerpc_send_request_state);
+        struct dcecli_connection *p = state->p;
+        NTSTATUS status;
+        bool ok;
+
+        p->transport.read_subreq = NULL;
+        talloc_set_destructor(state, NULL);
+
+        ok = tevent_queue_wait_recv(subreq);
+        if (!ok) {
+                TALLOC_FREE(state);
+                dcerpc_transport_dead(p, NT_STATUS_NO_MEMORY);
+                return;
+        }
+
+        if (tevent_queue_length(p->transport.write_queue) <= 2) {
+                status = tstream_smbXcli_np_use_trans(p->transport.stream);
+                if (!NT_STATUS_IS_OK(status)) {
+                        TALLOC_FREE(state);
+                        dcerpc_transport_dead(p, status);
+                        return;
+                }
+        }
+
+        /* we free subreq after tstream_cli_np_use_trans */
+        TALLOC_FREE(subreq);
+
+        dcerpc_send_read(p);
+}
+
+static void dcerpc_send_request_done(struct tevent_req *subreq)
+{
+        struct dcerpc_send_request_state *state =
+                tevent_req_callback_data(subreq,
+                struct dcerpc_send_request_state);
+        int ret;
+        int error;
+
+        ret = tstream_writev_queue_recv(subreq, &error);
+        TALLOC_FREE(subreq);
+        if (ret == -1) {
+                struct dcecli_connection *p = state->p;
+                NTSTATUS status = map_nt_error_from_unix_common(error);
+
+                TALLOC_FREE(state);
+                dcerpc_transport_dead(p, status);
+                return;
+        }
+
+        TALLOC_FREE(state);
+}

vendor/current/source4/librpc/rpc/dcerpc.h

@@ -37 +37 @@
 struct dcerpc_binding_handle;
 struct tstream_context;
+struct ndr_interface_table;
+struct resolve_context;
 
 /*
@@ -43 +45 @@
 struct dcecli_connection;
 struct gensec_settings;
+struct cli_credentials;
 struct dcecli_security {
-        struct dcerpc_auth *auth_info;
+        enum dcerpc_AuthType auth_type;
+        enum dcerpc_AuthLevel auth_level;
+        uint32_t auth_context_id;
+        struct {
+                struct dcerpc_auth *out;
+                struct dcerpc_auth *in;
+                TALLOC_CTX *mem;
+        } tmp_auth_info;
         struct gensec_security *generic_state;
 
         /* get the session key */
         NTSTATUS (*session_key)(struct dcecli_connection *, DATA_BLOB *);
+
+        bool verified_bitmask1;
+
 };
 
@@ -61 +74 @@
         uint32_t flags;
         struct dcecli_security security_state;
-        const char *binding_string;
         struct tevent_context *event_ctx;
+
+        struct tevent_immediate *io_trigger;
+        bool io_trigger_pending;
 
         /** Directory in which to save ndrdump-parseable files */
@@ -74 +89 @@
                 void *private_data;
 
-                NTSTATUS (*shutdown_pipe)(struct dcecli_connection *, NTSTATUS status);
-
-                const char *(*peer_name)(struct dcecli_connection *);
-
-                const char *(*target_hostname)(struct dcecli_connection *);
-
-                /* send a request to the server */
-                NTSTATUS (*send_request)(struct dcecli_connection *, DATA_BLOB *, bool trigger_read);
-
-                /* send a read request to the server */
-                NTSTATUS (*send_read)(struct dcecli_connection *);
-
-                /* a callback to the dcerpc code when a full fragment
-                   has been received */
-                void (*recv_data)(struct dcecli_connection *, DATA_BLOB *, NTSTATUS status);
+                struct tstream_context *stream;
+                /** to serialize write events */
+                struct tevent_queue *write_queue;
+                /** the current active read request if any */
+                struct tevent_req *read_subreq;
+                /** number of read requests other than the current active */
+                uint32_t pending_reads;
         } transport;
+
+        const char *server_name;
 
         /* Requests that have been sent, waiting for a reply */
@@ -109 +118 @@
         uint32_t context_id;
 
-        uint32_t assoc_group_id;
-
         struct ndr_syntax_id syntax;
         struct ndr_syntax_id transfer_syntax;
 
         struct dcecli_connection *conn;
-        struct dcerpc_binding *binding;
+        const struct dcerpc_binding *binding;
 
         /** the last fault code from a DCERPC fault */
@@ -122 +129 @@
         /** timeout for individual rpc requests, in seconds */
         uint32_t request_timeout;
+
+        /*
+         * Set for the timeout in dcerpc_pipe_connect_b_send(), to
+         * allow the timeout not to destory the stack during a nested
+         * event loop caused by gensec_update()
+         */
+        bool inhibit_timeout_processing;
+        bool timed_out;
+
+        bool verified_pcontext;
 };
 
@@ -127 +144 @@
 #define DCERPC_REQUEST_TIMEOUT 60
 
-
-struct dcerpc_pipe_connect {
-        struct dcerpc_pipe *pipe;
-        struct dcerpc_binding *binding;
-        const char *pipe_name;
-        const struct ndr_interface_table *interface;
-        struct cli_credentials *creds;
-        struct resolve_context *resolve_ctx;
-};
-
-
 struct epm_tower;
 struct epm_floor;
@@ -143 +149 @@
 struct smbcli_tree;
 struct smb2_tree;
+struct smbXcli_conn;
+struct smbXcli_session;
+struct smbXcli_tcon;
+struct roh_connection;
+struct tstream_tls_params;
 struct socket_address;
 
@@ -157 +168 @@
                               struct smbcli_tree *tree,
                               const char *pipe_name);
+NTSTATUS dcerpc_pipe_open_smb2(struct dcerpc_pipe *p,
+                               struct smb2_tree *tree,
+                               const char *pipe_name);
 NTSTATUS dcerpc_bind_auth_none(struct dcerpc_pipe *p,
                                const struct ndr_interface_table *table);
@@ -166 +180 @@
 
 struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx,
-                                                     struct dcerpc_binding *binding,
+                                                     const struct dcerpc_binding *binding,
                                                      const struct ndr_interface_table *table,
                                                      struct cli_credentials *credentials,
@@ -177 +191 @@
 NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
                                struct dcerpc_pipe **pp,
-                               struct dcerpc_binding *binding,
+                               const struct dcerpc_binding *binding,
                                const struct ndr_interface_table *table,
                                struct cli_credentials *credentials,
@@ -185 +199 @@
 NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
                           struct dcerpc_pipe **p, 
-                          struct dcerpc_binding *binding,
+                          const struct dcerpc_binding *binding,
                           const struct ndr_interface_table *table,
                           struct cli_credentials *credentials,
@@ -191 +205 @@
 NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p,
                                      struct dcerpc_pipe **p2,
-                                     struct dcerpc_binding *b);
+                                     const struct dcerpc_binding *b);
 NTSTATUS dcerpc_bind_auth_schannel(TALLOC_CTX *tmp_ctx, 
                                    struct dcerpc_pipe *p,
@@ -198 +212 @@
                                    struct loadparm_context *lp_ctx,
                                    uint8_t auth_level);
-struct tevent_context *dcerpc_event_context(struct dcerpc_pipe *p);
-NTSTATUS dcerpc_init(struct loadparm_context *lp_ctx);
-struct smbcli_tree *dcerpc_smb_tree(struct dcecli_connection *c);
-uint16_t dcerpc_smb_fnum(struct dcecli_connection *c);
+NTSTATUS dcerpc_init(void);
+struct composite_context *dcerpc_secondary_smb_send(struct dcecli_connection *c1,
+                                                    struct dcecli_connection *c2,
+                                                    const char *pipe_name);
+NTSTATUS dcerpc_secondary_smb_recv(struct composite_context *c);
 NTSTATUS dcerpc_secondary_context(struct dcerpc_pipe *p, 
                                   struct dcerpc_pipe **pp2,
@@ -229 +244 @@
                                 struct loadparm_context *lp_ctx);
 struct composite_context* dcerpc_secondary_auth_connection_send(struct dcerpc_pipe *p,
-                                                                struct dcerpc_binding *binding,
+                                                                const struct dcerpc_binding *binding,
                                                                 const struct ndr_interface_table *table,
                                                                 struct cli_credentials *credentials,
@@ -236 +251 @@
                                                TALLOC_CTX *mem_ctx,
                                                struct dcerpc_pipe **p);
+NTSTATUS dcerpc_secondary_auth_connection(struct dcerpc_pipe *p,
+                                        const struct dcerpc_binding *binding,
+                                        const struct ndr_interface_table *table,
+                                        struct cli_credentials *credentials,
+                                        struct loadparm_context *lp_ctx,
+                                        TALLOC_CTX *mem_ctx,
+                                        struct dcerpc_pipe **p2);
 
 struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
-                                                           struct dcerpc_binding *b);
+                                                           const struct dcerpc_binding *b);
 void dcerpc_log_packet(const char *lockdir, 
                        const struct ndr_interface_table *ndr,
@@ -244 +266 @@
                        const DATA_BLOB *pkt);
 
-
-enum dcerpc_transport_t dcerpc_transport_by_endpoint_protocol(int prot);
-
-const char *dcerpc_floor_get_rhs_data(TALLOC_CTX *mem_ctx, struct epm_floor *epm_floor);
-
 #endif /* __S4_DCERPC_H__ */

vendor/current/source4/librpc/rpc/dcerpc.py

@@ -1 @@
-#!/usr/bin/env python
-
 # Unix SMB/CIFS implementation.
 # Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2008
-#   
+#
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or
 # (at your option) any later version.
-#   
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
-#   
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

vendor/current/source4/librpc/rpc/dcerpc_auth.c

@@ -23 +23 @@
 
 #include "includes.h"
+#include <tevent.h>
 #include "libcli/composite/composite.h"
 #include "auth/gensec/gensec.h"
@@ -41 +42 @@
 
         if (pipe_flags & DCERPC_NDR64) {
-                *transfer_syntax = ndr64_transfer_syntax;
+                *transfer_syntax = ndr_transfer_syntax_ndr64;
         } else {
-                *transfer_syntax = ndr_transfer_syntax;
+                *transfer_syntax = ndr_transfer_syntax_ndr;
         }
 
@@ -53 +54 @@
   Send request to do a non-authenticated dcerpc bind
 */
+static void dcerpc_bind_auth_none_done(struct tevent_req *subreq);
+
 struct composite_context *dcerpc_bind_auth_none_send(TALLOC_CTX *mem_ctx,
                                                      struct dcerpc_pipe *p,
@@ -61 +64 @@
 
         struct composite_context *c;
+        struct tevent_req *subreq;
 
         c = composite_create(mem_ctx, p->conn->event_ctx);
@@ -74 +78 @@
         }
 
-        /* c was only allocated as a container for a possible error */
-        talloc_free(c);
-
-        return dcerpc_bind_send(p, mem_ctx, &syntax, &transfer_syntax);
-}
-
+        subreq = dcerpc_bind_send(mem_ctx, p->conn->event_ctx, p,
+                                  &syntax, &transfer_syntax);
+        if (composite_nomem(subreq, c)) return c;
+        tevent_req_set_callback(subreq, dcerpc_bind_auth_none_done, c);
+
+        return c;
+}
+
+static void dcerpc_bind_auth_none_done(struct tevent_req *subreq)
+{
+        struct composite_context *ctx =
+                tevent_req_callback_data(subreq,
+                struct composite_context);
+
+        ctx->status = dcerpc_bind_recv(subreq);
+        TALLOC_FREE(subreq);
+        if (!composite_is_ok(ctx)) return;
+
+        composite_done(ctx);
+}
 
 /*
@@ -86 +104 @@
 NTSTATUS dcerpc_bind_auth_none_recv(struct composite_context *ctx)
 {
-        return dcerpc_bind_recv(ctx);
+        NTSTATUS result = composite_wait(ctx);
+        TALLOC_FREE(ctx);
+        return result;
 }
 
@@ -105 +125 @@
 struct bind_auth_state {
         struct dcerpc_pipe *pipe;
-        DATA_BLOB credentials;
+        struct dcerpc_auth out_auth_info;
+        struct dcerpc_auth in_auth_info;
         bool more_processing;   /* Is there anything more to do after the
                                  * first bind itself received? */
 };
 
-static void bind_auth_recv_alter(struct composite_context *creq);
+static void bind_auth_recv_alter(struct tevent_req *subreq);
 
 static void bind_auth_next_step(struct composite_context *c)
@@ -116 +137 @@
         struct bind_auth_state *state;
         struct dcecli_security *sec;
-        struct composite_context *creq;
+        struct tevent_req *subreq;
         bool more_processing = false;
 
         state = talloc_get_type(c->private_data, struct bind_auth_state);
         sec = &state->pipe->conn->security_state;
+
+        if (state->in_auth_info.auth_type != sec->auth_type) {
+                composite_error(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+                return;
+        }
+
+        if (state->in_auth_info.auth_level != sec->auth_level) {
+                composite_error(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+                return;
+        }
+
+        if (state->in_auth_info.auth_context_id != sec->auth_context_id) {
+                composite_error(c, NT_STATUS_RPC_PROTOCOL_ERROR);
+                return;
+        }
+
+        state->out_auth_info = (struct dcerpc_auth) {
+                .auth_type = sec->auth_type,
+                .auth_level = sec->auth_level,
+                .auth_context_id = sec->auth_context_id,
+        };
 
         /* The status value here, from GENSEC is vital to the security
@@ -132 +174 @@
          */
 
-        c->status = gensec_update(sec->generic_state, state,
-                                  sec->auth_info->credentials,
-                                  &state->credentials);
-        data_blob_free(&sec->auth_info->credentials);
+        state->pipe->inhibit_timeout_processing = true;
+        state->pipe->timed_out = false;
+
+        c->status = gensec_update_ev(sec->generic_state, state,
+                                  state->pipe->conn->event_ctx,
+                                  state->in_auth_info.credentials,
+                                  &state->out_auth_info.credentials);
+        if (state->pipe->timed_out) {
+                composite_error(c, NT_STATUS_IO_TIMEOUT);
+                return;
+        }
+        state->pipe->inhibit_timeout_processing = false;
 
         if (NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -144 +194 @@
         if (!composite_is_ok(c)) return;
 
-        if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
-                gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
-        }
-
-        if (state->credentials.length == 0) {
+        if (state->out_auth_info.credentials.length == 0) {
                 composite_done(c);
                 return;
         }
 
-        sec->auth_info->credentials = state->credentials;
+        state->in_auth_info = (struct dcerpc_auth) {
+                .auth_type = DCERPC_AUTH_TYPE_NONE,
+        };
+        sec->tmp_auth_info.in = &state->in_auth_info;
+        sec->tmp_auth_info.mem = state;
+        sec->tmp_auth_info.out = &state->out_auth_info;
 
         if (!more_processing) {
                 /* NO reply expected, so just send it */
                 c->status = dcerpc_auth3(state->pipe, state);
-                data_blob_free(&state->credentials);
-                sec->auth_info->credentials = data_blob(NULL, 0);
                 if (!composite_is_ok(c)) return;
 
@@ -168 +217 @@
         /* We are demanding a reply, so use a request that will get us one */
 
-        creq = dcerpc_alter_context_send(state->pipe, state,
-                                         &state->pipe->syntax,
-                                         &state->pipe->transfer_syntax);
-        data_blob_free(&state->credentials);
-        sec->auth_info->credentials = data_blob(NULL, 0);
-        if (composite_nomem(creq, c)) return;
-
-        composite_continue(c, creq, bind_auth_recv_alter, c);
-}
-
-
-static void bind_auth_recv_alter(struct composite_context *creq)
-{
-        struct composite_context *c = talloc_get_type(creq->async.private_data,
-                                                      struct composite_context);
-
-        c->status = dcerpc_alter_context_recv(creq);
-        if (!composite_is_ok(c)) return;
-
-        bind_auth_next_step(c);
-}
-
-
-static void bind_auth_recv_bindreply(struct composite_context *creq)
-{
-        struct composite_context *c = talloc_get_type(creq->async.private_data,
-                                                      struct composite_context);
+        subreq = dcerpc_alter_context_send(state, state->pipe->conn->event_ctx,
+                                           state->pipe,
+                                           &state->pipe->syntax,
+                                           &state->pipe->transfer_syntax);
+        if (composite_nomem(subreq, c)) return;
+        tevent_req_set_callback(subreq, bind_auth_recv_alter, c);
+}
+
+
+static void bind_auth_recv_alter(struct tevent_req *subreq)
+{
+        struct composite_context *c =
+                tevent_req_callback_data(subreq,
+                struct composite_context);
         struct bind_auth_state *state = talloc_get_type(c->private_data,
                                                         struct bind_auth_state);
-
-        c->status = dcerpc_bind_recv(creq);
+        struct dcecli_security *sec = &state->pipe->conn->security_state;
+
+        ZERO_STRUCT(sec->tmp_auth_info);
+
+        c->status = dcerpc_alter_context_recv(subreq);
+        TALLOC_FREE(subreq);
         if (!composite_is_ok(c)) return;
+
+        bind_auth_next_step(c);
+}
+
+
+static void bind_auth_recv_bindreply(struct tevent_req *subreq)
+{
+        struct composite_context *c =
+                tevent_req_callback_data(subreq,
+                struct composite_context);
+        struct bind_auth_state *state = talloc_get_type(c->private_data,
+                                                        struct bind_auth_state);
+        struct dcecli_security *sec = &state->pipe->conn->security_state;
+
+        ZERO_STRUCT(sec->tmp_auth_info);
+
+        c->status = dcerpc_bind_recv(subreq);
+        TALLOC_FREE(subreq);
+        if (!composite_is_ok(c)) return;
+
+        if (state->pipe->conn->flags & DCERPC_HEADER_SIGNING) {
+                gensec_want_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER);
+        }
 
         if (!state->more_processing) {
@@ -232 +295 @@
                                                 const char *service)
 {
-        struct composite_context *c, *creq;
+        struct composite_context *c;
         struct bind_auth_state *state;
         struct dcecli_security *sec;
-
+        struct tevent_req *subreq;
         struct ndr_syntax_id syntax, transfer_syntax;
+        const char *target_principal = NULL;
 
         /* composite context allocation and setup */
@@ -256 +320 @@
 
         c->status = gensec_client_start(p, &sec->generic_state,
-                                        p->conn->event_ctx,
                                         gensec_settings);
         if (!NT_STATUS_IS_OK(c->status)) {
@@ -274 +337 @@
 
         c->status = gensec_set_target_hostname(sec->generic_state,
-                                               p->conn->transport.target_hostname(p->conn));
+                                               dcerpc_server_name(p));
         if (!NT_STATUS_IS_OK(c->status)) {
                 DEBUG(1, ("Failed to set GENSEC target hostname: %s\n", 
@@ -293 +356 @@
         }
 
-        if (p->binding && p->binding->target_principal) {
+        if (p->binding != NULL) {
+                target_principal = dcerpc_binding_get_string_option(p->binding,
+                                                        "target_principal");
+        }
+        if (target_principal != NULL) {
                 c->status = gensec_set_target_principal(sec->generic_state,
-                                                        p->binding->target_principal);
+                                                        target_principal);
                 if (!NT_STATUS_IS_OK(c->status)) {
                         DEBUG(1, ("Failed to set GENSEC target principal to %s: %s\n",
-                                  p->binding->target_principal, nt_errstr(c->status)));
+                                  target_principal, nt_errstr(c->status)));
                         composite_error(c, c->status);
                         return c;
@@ -314 +381 @@
         }
 
-        sec->auth_info = talloc(p, struct dcerpc_auth);
-        if (composite_nomem(sec->auth_info, c)) return c;
-
-        sec->auth_info->auth_type = auth_type;
-        sec->auth_info->auth_level = auth_level,
-        sec->auth_info->auth_pad_length = 0;
-        sec->auth_info->auth_reserved = 0;
-        sec->auth_info->auth_context_id = random();
-        sec->auth_info->credentials = data_blob(NULL, 0);
+        sec->auth_type = auth_type;
+        sec->auth_level = auth_level,
+        /*
+         * We use auth_context_id = 1 as some older
+         * Samba versions (<= 4.2.3) use that value hardcoded
+         * in a response.
+         */
+        sec->auth_context_id = 1;
+
+        state->out_auth_info = (struct dcerpc_auth) {
+                .auth_type = sec->auth_type,
+                .auth_level = sec->auth_level,
+                .auth_context_id = sec->auth_context_id,
+        };
 
         /* The status value here, from GENSEC is vital to the security
@@ -334 +406 @@
          */
 
-        c->status = gensec_update(sec->generic_state, state,
-                                  sec->auth_info->credentials,
-                                  &state->credentials);
+        state->pipe->inhibit_timeout_processing = true;
+        state->pipe->timed_out = false;
+        c->status = gensec_update_ev(sec->generic_state, state,
+                                  p->conn->event_ctx,
+                                  data_blob_null,
+                                  &state->out_auth_info.credentials);
+        if (state->pipe->timed_out) {
+                composite_error(c, NT_STATUS_IO_TIMEOUT);
+                return c;
+        }
+        state->pipe->inhibit_timeout_processing = false;
+
         if (!NT_STATUS_IS_OK(c->status) &&
             !NT_STATUS_EQUAL(c->status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -346 +427 @@
                                                  NT_STATUS_MORE_PROCESSING_REQUIRED);
 
-        if (state->credentials.length == 0) {
+        if (state->out_auth_info.credentials.length == 0) {
                 composite_done(c);
                 return c;
         }
 
-        sec->auth_info->credentials = state->credentials;
+        if (gensec_have_feature(sec->generic_state, GENSEC_FEATURE_SIGN_PKT_HEADER)) {
+                if (sec->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
+                        state->pipe->conn->flags |= DCERPC_PROPOSE_HEADER_SIGNING;
+                }
+        }
+
+        state->in_auth_info = (struct dcerpc_auth) {
+                .auth_type = DCERPC_AUTH_TYPE_NONE,
+        };
+        sec->tmp_auth_info.in = &state->in_auth_info;
+        sec->tmp_auth_info.mem = state;
+        sec->tmp_auth_info.out = &state->out_auth_info;
 
         /* The first request always is a dcerpc_bind. The subsequent ones
          * depend on gensec results */
-        creq = dcerpc_bind_send(p, state, &syntax, &transfer_syntax);
-        data_blob_free(&state->credentials);
-        sec->auth_info->credentials = data_blob(NULL, 0);
-        if (composite_nomem(creq, c)) return c;
-
-        composite_continue(c, creq, bind_auth_recv_bindreply, c);
+        subreq = dcerpc_bind_send(state, p->conn->event_ctx, p,
+                                  &syntax, &transfer_syntax);
+        if (composite_nomem(subreq, c)) return c;
+        tevent_req_set_callback(subreq, bind_auth_recv_bindreply, c);
+
         return c;
 }

vendor/current/source4/librpc/rpc/dcerpc_connect.c

@@ -30 +30 @@
 #include "libcli/smb2/smb2.h"
 #include "libcli/smb2/smb2_calls.h"
+#include "libcli/smb/smbXcli_base.h"
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_proto.h"
@@ -36 +37 @@
 #include "libcli/resolve/resolve.h"
 
+struct dcerpc_pipe_connect {
+        struct dcecli_connection *conn;
+        struct dcerpc_binding *binding;
+        const struct ndr_interface_table *interface;
+        struct cli_credentials *creds;
+        struct resolve_context *resolve_ctx;
+        struct {
+                const char *dir;
+        } ncalrpc;
+        struct {
+                struct smbXcli_conn *conn;
+                struct smbXcli_session *session;
+                struct smbXcli_tcon *tcon;
+                const char *pipe_name;
+        } smb;
+};
 
 struct pipe_np_smb_state {
         struct smb_composite_connect conn;
-        struct smbcli_tree *tree;
         struct dcerpc_pipe_connect io;
 };
@@ -59 +75 @@
 }
 
+static void continue_smb_open(struct composite_context *c);
 
 /*
@@ -65 +82 @@
 static void continue_smb_connect(struct composite_context *ctx)
 {
-        struct composite_context *open_ctx;
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
                                                       struct composite_context);
         struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
                                                       struct pipe_np_smb_state);
-        
+        struct smbcli_tree *t;
+
         /* receive result of smb connect request */
-        c->status = smb_composite_connect_recv(ctx, c);
-        if (!composite_is_ok(c)) return;
+        c->status = smb_composite_connect_recv(ctx, s->io.conn);
+        if (!composite_is_ok(c)) return;
+
+        t = s->conn.out.tree;
 
         /* prepare named pipe open parameters */
-        s->tree         = s->conn.out.tree;
-        s->io.pipe_name = s->io.binding->endpoint;
+        s->io.smb.conn = t->session->transport->conn;
+        s->io.smb.session = t->session->smbXcli;
+        s->io.smb.tcon = t->smbXcli;
+        smb1cli_tcon_set_id(s->io.smb.tcon, t->tid);
+        s->io.smb.pipe_name = dcerpc_binding_get_string_option(s->io.binding,
+                                                               "endpoint");
+
+        continue_smb_open(c);
+}
+
+static void continue_smb_open(struct composite_context *c)
+{
+        struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
+                                                      struct pipe_np_smb_state);
+        struct composite_context *open_ctx;
 
         /* send named pipe open request */
-        open_ctx = dcerpc_pipe_open_smb_send(s->io.pipe, s->tree, s->io.pipe_name);
+        open_ctx = dcerpc_pipe_open_smb_send(s->io.conn,
+                                             s->io.smb.conn,
+                                             s->io.smb.session,
+                                             s->io.smb.tcon,
+                                             DCERPC_REQUEST_TIMEOUT * 1000,
+                                             s->io.smb.pipe_name);
         if (composite_nomem(open_ctx, c)) return;
 
@@ -97 +134 @@
         struct composite_context *conn_req;
         struct smb_composite_connect *conn;
+        uint32_t flags;
 
         /* composite context allocation and setup */
-        c = composite_create(mem_ctx, io->pipe->conn->event_ctx);
+        c = composite_create(mem_ctx, io->conn->event_ctx);
         if (c == NULL) return NULL;
 
@@ -109 +147 @@
         conn   = &s->conn;
 
+        if (smbXcli_conn_is_connected(s->io.smb.conn)) {
+                continue_smb_open(c);
+                return c;
+        }
+
         /* prepare smb connection parameters: we're connecting to IPC$ share on
            remote rpc server */
-        conn->in.dest_host              = s->io.binding->host;
-        conn->in.dest_ports                  = lpcfg_smb_ports(lp_ctx);
-        if (s->io.binding->target_hostname == NULL)
-                conn->in.called_name = "*SMBSERVER"; /* FIXME: This is invalid */
-        else
-                conn->in.called_name            = s->io.binding->target_hostname;
+        conn->in.dest_host = dcerpc_binding_get_string_option(s->io.binding, "host");
+        conn->in.dest_ports = lpcfg_smb_ports(lp_ctx);
+        conn->in.called_name =
+                dcerpc_binding_get_string_option(s->io.binding, "target_hostname");
+        if (conn->in.called_name == NULL) {
+                conn->in.called_name = "*SMBSERVER";
+        }
         conn->in.socket_options         = lpcfg_socket_options(lp_ctx);
         conn->in.service                = "IPC$";
@@ -133 +177 @@
          */
         s->conn.in.credentials = s->io.creds;
-        if (s->io.binding->flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) {
+        flags = dcerpc_binding_get_flags(s->io.binding);
+        if (flags & (DCERPC_SCHANNEL|DCERPC_ANON_FALLBACK)) {
                 conn->in.fallback_to_anonymous  = true;
         } else {
@@ -139 +184 @@
         }
 
+        conn->in.options.min_protocol = PROTOCOL_NT1;
+        conn->in.options.max_protocol = PROTOCOL_NT1;
+
+        conn->in.options.signing = lpcfg_client_ipc_signing(lp_ctx);
+
         /* send smb connect request */
-        conn_req = smb_composite_connect_send(conn, s->io.pipe->conn, 
+        conn_req = smb_composite_connect_send(conn, s->io.conn,
                                               s->io.resolve_ctx,
-                                              s->io.pipe->conn->event_ctx);
+                                              c->event_ctx);
         if (composite_nomem(conn_req, c)) return c;
 
@@ -161 +211 @@
 }
 
-
-struct pipe_np_smb2_state {
-        struct smb2_tree *tree;
-        struct dcerpc_pipe_connect io;
-};
-
-
-/*
-  Stage 3 of ncacn_np_smb: Named pipe opened (or not)
-*/
-static void continue_pipe_open_smb2(struct composite_context *ctx)
-{
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-
-        /* receive result of named pipe open request on smb2 */
-        c->status = dcerpc_pipe_open_smb2_recv(ctx);
-        if (!composite_is_ok(c)) return;
-
-        composite_done(c);
-}
-
-
 /*
   Stage 2 of ncacn_np_smb2: Open a named pipe after successful smb2 connection
 */
-static void continue_smb2_connect(struct composite_context *ctx)
-{
-        struct composite_context *open_req;
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-        struct pipe_np_smb2_state *s = talloc_get_type(c->private_data,
-                                                       struct pipe_np_smb2_state);
+static void continue_smb2_connect(struct tevent_req *subreq)
+{
+        struct composite_context *c =
+                tevent_req_callback_data(subreq,
+                struct composite_context);
+        struct pipe_np_smb_state *s = talloc_get_type(c->private_data,
+                                                      struct pipe_np_smb_state);
+        struct smb2_tree *t;
 
         /* receive result of smb2 connect request */
-        c->status = smb2_connect_recv(ctx, c, &s->tree);
-        if (!composite_is_ok(c)) return;
-
-        /* prepare named pipe open parameters */
-        s->io.pipe_name = s->io.binding->endpoint;
-
-        /* send named pipe open request */
-        open_req = dcerpc_pipe_open_smb2_send(s->io.pipe, s->tree, s->io.pipe_name);
-        if (composite_nomem(open_req, c)) return;
-
-        composite_continue(c, open_req, continue_pipe_open_smb2, c);
+        c->status = smb2_connect_recv(subreq, s->io.conn, &t);
+        TALLOC_FREE(subreq);
+        if (!composite_is_ok(c)) return;
+
+        s->io.smb.conn = t->session->transport->conn;
+        s->io.smb.session = t->session->smbXcli;
+        s->io.smb.tcon = t->smbXcli;
+        s->io.smb.pipe_name = dcerpc_binding_get_string_option(s->io.binding,
+                                                               "endpoint");
+
+        continue_smb_open(c);
 }
 
@@ -220 +248 @@
 {
         struct composite_context *c;
-        struct pipe_np_smb2_state *s;
-        struct composite_context *conn_req;
+        struct pipe_np_smb_state *s;
+        struct tevent_req *subreq;
         struct smbcli_options options;
+        const char *host;
+        uint32_t flags;
 
         /* composite context allocation and setup */
-        c = composite_create(mem_ctx, io->pipe->conn->event_ctx);
+        c = composite_create(mem_ctx, io->conn->event_ctx);
         if (c == NULL) return NULL;
 
-        s = talloc_zero(c, struct pipe_np_smb2_state);
+        s = talloc_zero(c, struct pipe_np_smb_state);
         if (composite_nomem(s, c)) return c;
         c->private_data = s;
 
         s->io = *io;
+
+        if (smbXcli_conn_is_connected(s->io.smb.conn)) {
+                continue_smb_open(c);
+                return c;
+        }
+
+        host = dcerpc_binding_get_string_option(s->io.binding, "host");
+        flags = dcerpc_binding_get_flags(s->io.binding);
 
         /*
@@ -238 +276 @@
          * schannel connection
          */
-        if (s->io.binding->flags & DCERPC_SCHANNEL) {
-                s->io.creds = cli_credentials_init(mem_ctx);
+        if (flags & DCERPC_SCHANNEL) {
+                s->io.creds = cli_credentials_init_anon(mem_ctx);
                 if (composite_nomem(s->io.creds, c)) return c;
-
-                cli_credentials_guess(s->io.creds, lp_ctx);
         }
 
         lpcfg_smbcli_options(lp_ctx, &options);
 
+        options.min_protocol = lpcfg_client_ipc_min_protocol(lp_ctx);
+        if (options.min_protocol < PROTOCOL_SMB2_02) {
+                options.min_protocol = PROTOCOL_SMB2_02;
+        }
+        options.max_protocol = lpcfg_client_ipc_max_protocol(lp_ctx);
+        if (options.max_protocol < PROTOCOL_SMB2_02) {
+                options.max_protocol = PROTOCOL_SMB2_02;
+        }
+
+        options.signing = lpcfg_client_ipc_signing(lp_ctx);
+
         /* send smb2 connect request */
-        conn_req = smb2_connect_send(mem_ctx, s->io.binding->host, 
+        subreq = smb2_connect_send(s, c->event_ctx,
+                        host,
                         lpcfg_parm_string_list(mem_ctx, lp_ctx, NULL, "smb2", "ports", NULL),
-                                        "IPC$", 
-                                     s->io.resolve_ctx,
-                                     s->io.creds,
-                                     c->event_ctx,
-                                     &options,
-                                         lpcfg_socket_options(lp_ctx),
-                                         lpcfg_gensec_settings(mem_ctx, lp_ctx)
-                                         );
-        composite_continue(c, conn_req, continue_smb2_connect, c);
+                        "IPC$",
+                        s->io.resolve_ctx,
+                        s->io.creds,
+                        0, /* previous_session_id */
+                        &options,
+                        lpcfg_socket_options(lp_ctx),
+                        lpcfg_gensec_settings(mem_ctx, lp_ctx));
+        if (composite_nomem(subreq, c)) return c;
+        tevent_req_set_callback(subreq, continue_smb2_connect, c);
         return c;
 }
@@ -291 +339 @@
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
                                                       struct composite_context);
+        struct pipe_ip_tcp_state *s = talloc_get_type(c->private_data,
+                                                      struct pipe_ip_tcp_state);
+        char *localaddr = NULL;
+        char *remoteaddr = NULL;
 
         /* receive result of named pipe open request on tcp/ip */
-        c->status = dcerpc_pipe_open_tcp_recv(ctx);
+        c->status = dcerpc_pipe_open_tcp_recv(ctx, s, &localaddr, &remoteaddr);
+        if (!composite_is_ok(c)) return;
+
+        c->status = dcerpc_binding_set_string_option(s->io.binding,
+                                                     "localaddress",
+                                                     localaddr);
+        if (!composite_is_ok(c)) return;
+
+        c->status = dcerpc_binding_set_string_option(s->io.binding,
+                                                     "host",
+                                                     remoteaddr);
         if (!composite_is_ok(c)) return;
 
@@ -310 +372 @@
         struct pipe_ip_tcp_state *s;
         struct composite_context *pipe_req;
+        const char *endpoint;
 
         /* composite context allocation and setup */
-        c = composite_create(mem_ctx, io->pipe->conn->event_ctx);
+        c = composite_create(mem_ctx, io->conn->event_ctx);
         if (c == NULL) return NULL;
 
@@ -320 +383 @@
 
         /* store input parameters in state structure */
-        s->io               = *io;
-        s->localaddr        = talloc_reference(c, io->binding->localaddress);
-        s->host             = talloc_reference(c, io->binding->host);
-        s->target_hostname  = talloc_reference(c, io->binding->target_hostname);
-                             /* port number is a binding endpoint here */
-        s->port             = atoi(io->binding->endpoint);   
+        s->io = *io;
+        s->localaddr = dcerpc_binding_get_string_option(io->binding,
+                                                        "localaddress");
+        s->host = dcerpc_binding_get_string_option(io->binding, "host");
+        s->target_hostname = dcerpc_binding_get_string_option(io->binding,
+                                                              "target_hostname");
+        endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
+        /* port number is a binding endpoint here */
+        if (endpoint != NULL) {
+                s->port = atoi(endpoint);
+        }
+
+        if (s->port == 0) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                return c;
+        }
 
         /* send pipe open request on tcp/ip */
-        pipe_req = dcerpc_pipe_open_tcp_send(s->io.pipe->conn, s->localaddr, s->host, s->target_hostname,
+        pipe_req = dcerpc_pipe_open_tcp_send(s->io.conn, s->localaddr, s->host, s->target_hostname,
                                              s->port, io->resolve_ctx);
         composite_continue(c, pipe_req, continue_pipe_open_ncacn_ip_tcp, c);
@@ -347 +420 @@
 
 
+struct pipe_http_state {
+        struct dcerpc_pipe_connect io;
+        const char *localaddr;
+        const char *rpc_server;
+        uint32_t rpc_server_port;
+        char *rpc_proxy;
+        uint32_t rpc_proxy_port;
+        char *http_proxy;
+        uint32_t http_proxy_port;
+        bool use_tls;
+        bool use_proxy;
+        bool use_ntlm;
+        struct loadparm_context *lp_ctx;
+};
+
+/*
+  Stage 2 of ncacn_http: rpc pipe opened (or not)
+ */
+static void continue_pipe_open_ncacn_http(struct tevent_req *subreq)
+{
+        struct composite_context *c = NULL;
+        struct pipe_http_state *s = NULL;
+        struct tstream_context *stream = NULL;
+        struct tevent_queue *queue = NULL;
+
+        c = tevent_req_callback_data(subreq, struct composite_context);
+        s = talloc_get_type(c->private_data, struct pipe_http_state);
+
+        /* receive result of RoH connect request */
+        c->status = dcerpc_pipe_open_roh_recv(subreq, s->io.conn,
+                                              &stream, &queue);
+        TALLOC_FREE(subreq);
+        if (!composite_is_ok(c)) return;
+
+        s->io.conn->transport.transport = NCACN_HTTP;
+        s->io.conn->transport.stream = stream;
+        s->io.conn->transport.write_queue = queue;
+        s->io.conn->transport.pending_reads = 0;
+
+        composite_done(c);
+}
+
+/*
+  Initiate async open of a rpc connection to a rpc pipe using HTTP transport,
+  and using the binding structure to determine the endpoint and options
+*/
+static struct composite_context* dcerpc_pipe_connect_ncacn_http_send(
+                TALLOC_CTX *mem_ctx, struct dcerpc_pipe_connect *io,
+                struct loadparm_context *lp_ctx)
+{
+        struct composite_context *c;
+        struct pipe_http_state *s;
+        struct tevent_req *subreq;
+        const char *endpoint;
+        const char *use_proxy;
+        char *proxy;
+        char *port;
+        const char *opt;
+
+        /* composite context allocation and setup */
+        c = composite_create(mem_ctx, io->conn->event_ctx);
+        if (c == NULL) return NULL;
+
+        s = talloc_zero(c, struct pipe_http_state);
+        if (composite_nomem(s, c)) return c;
+        c->private_data = s;
+
+        /* store input parameters in state structure */
+        s->lp_ctx       = lp_ctx;
+        s->io           = *io;
+        s->localaddr    = dcerpc_binding_get_string_option(io->binding,
+                                                        "localaddress");
+        /* RPC server and port (the endpoint) */
+        s->rpc_server = dcerpc_binding_get_string_option(io->binding, "host");
+        endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
+        if (endpoint == NULL) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                return c;
+        }
+        s->rpc_server_port = atoi(endpoint);
+        if (s->rpc_server_port == 0) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                return c;
+        }
+
+        /* Use TLS */
+        opt = dcerpc_binding_get_string_option(io->binding, "HttpUseTls");
+        if (opt) {
+                if (strcasecmp(opt, "true") == 0) {
+                        s->use_tls = true;
+                } else if (strcasecmp(opt, "false") == 0) {
+                        s->use_tls = false;
+                } else {
+                        composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                        return c;
+                }
+        } else {
+                s->use_tls = true;
+        }
+
+        /* RPC Proxy */
+        proxy = port = talloc_strdup(s, dcerpc_binding_get_string_option(
+                        io->binding, "RpcProxy"));
+        s->rpc_proxy  = strsep(&port, ":");
+        if (proxy && port) {
+                s->rpc_proxy_port = atoi(port);
+        } else {
+                s->rpc_proxy_port = s->use_tls ? 443 : 80;
+        }
+        if (s->rpc_proxy == NULL) {
+                s->rpc_proxy = talloc_strdup(s, s->rpc_server);
+                if (composite_nomem(s->rpc_proxy, c)) return c;
+        }
+
+        /* HTTP Proxy */
+        proxy = port = talloc_strdup(s, dcerpc_binding_get_string_option(
+                        io->binding, "HttpProxy"));
+        s->http_proxy = strsep(&port, ":");
+        if (proxy && port) {
+                s->http_proxy_port = atoi(port);
+        } else {
+                s->http_proxy_port = s->use_tls ? 443 : 80;
+        }
+
+        /* Use local proxy */
+        use_proxy = dcerpc_binding_get_string_option(io->binding,
+                                                 "HttpConnectOption");
+        if (use_proxy && strcasecmp(use_proxy, "UseHttpProxy")) {
+                s->use_proxy = true;
+        }
+
+        /* If use local proxy set, the http proxy should be provided */
+        if (s->use_proxy && !s->http_proxy) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                return c;
+        }
+
+        /* Check which HTTP authentication method to use */
+        opt = dcerpc_binding_get_string_option(io->binding, "HttpAuthOption");
+        if (opt) {
+                if (strcasecmp(opt, "basic") == 0) {
+                        s->use_ntlm = false;
+                } else if (strcasecmp(opt, "ntlm") == 0) {
+                        s->use_ntlm = true;
+                } else {
+                        composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                        return c;
+                }
+        } else {
+                s->use_ntlm = true;
+        }
+
+        subreq = dcerpc_pipe_open_roh_send(s->io.conn, s->localaddr,
+                                           s->rpc_server, s->rpc_server_port,
+                                           s->rpc_proxy, s->rpc_proxy_port,
+                                           s->http_proxy, s->http_proxy_port,
+                                           s->use_tls, s->use_proxy,
+                                           s->io.creds, io->resolve_ctx,
+                                           s->lp_ctx, s->use_ntlm);
+        if (composite_nomem(subreq, c)) return c;
+
+        tevent_req_set_callback(subreq, continue_pipe_open_ncacn_http, c);
+        return c;
+}
+
+static NTSTATUS dcerpc_pipe_connect_ncacn_http_recv(struct composite_context *c)
+{
+        return composite_wait_free(c);
+}
+
+
 struct pipe_unix_state {
         struct dcerpc_pipe_connect io;
@@ -381 +625 @@
 
         /* composite context allocation and setup */
-        c = composite_create(mem_ctx, io->pipe->conn->event_ctx);
+        c = composite_create(mem_ctx, io->conn->event_ctx);
         if (c == NULL) return NULL;
 
@@ -391 +635 @@
            also, verify whether biding endpoint is not null */
         s->io = *io;
-        
-        if (!io->binding->endpoint) {
-                DEBUG(0, ("Path to unix socket not specified\n"));
-                composite_error(c, NT_STATUS_INVALID_PARAMETER);
+
+        s->path = dcerpc_binding_get_string_option(io->binding, "endpoint");
+        if (s->path == NULL) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
                 return c;
         }
 
-        s->path  = talloc_strdup(c, io->binding->endpoint);  /* path is a binding endpoint here */
-        if (composite_nomem(s->path, c)) return c;
-
         /* send pipe open request on unix socket */
-        pipe_req = dcerpc_pipe_open_unix_stream_send(s->io.pipe->conn, s->path);
+        pipe_req = dcerpc_pipe_open_unix_stream_send(s->io.conn, s->path);
         composite_continue(c, pipe_req, continue_pipe_open_ncacn_unix_stream, c);
         return c;
@@ -447 +688 @@
 */
 static struct composite_context* dcerpc_pipe_connect_ncalrpc_send(TALLOC_CTX *mem_ctx,
-                                                                  struct dcerpc_pipe_connect *io, struct loadparm_context *lp_ctx)
+                                                                  struct dcerpc_pipe_connect *io)
 {
         struct composite_context *c;
         struct pipe_ncalrpc_state *s;
         struct composite_context *pipe_req;
+        const char *endpoint;
 
         /* composite context allocation and setup */
-        c = composite_create(mem_ctx, io->pipe->conn->event_ctx);
+        c = composite_create(mem_ctx, io->conn->event_ctx);
         if (c == NULL) return NULL;
 
@@ -464 +706 @@
         s->io  = *io;
 
+        endpoint = dcerpc_binding_get_string_option(io->binding, "endpoint");
+        if (endpoint == NULL) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                return c;
+        }
+
         /* send pipe open request */
-        pipe_req = dcerpc_pipe_open_pipe_send(s->io.pipe->conn, lpcfg_ncalrpc_dir(lp_ctx),
-                                              s->io.binding->endpoint);
+        pipe_req = dcerpc_pipe_open_pipe_send(s->io.conn,
+                                              s->io.ncalrpc.dir,
+                                              endpoint);
         composite_continue(c, pipe_req, continue_pipe_open_ncalrpc, c);
         return c;
@@ -498 +747 @@
 static void continue_pipe_connect_ncacn_np_smb(struct composite_context *ctx);
 static void continue_pipe_connect_ncacn_ip_tcp(struct composite_context *ctx);
+static void continue_pipe_connect_ncacn_http(struct composite_context *ctx);
 static void continue_pipe_connect_ncacn_unix(struct composite_context *ctx);
 static void continue_pipe_connect_ncalrpc(struct composite_context *ctx);
@@ -513 +763 @@
         struct pipe_connect_state *s = talloc_get_type(c->private_data,
                                                        struct pipe_connect_state);
-        
+        const char *endpoint;
+
         c->status = dcerpc_epm_map_binding_recv(ctx);
         if (!composite_is_ok(c)) return;
 
-        DEBUG(4,("Mapped to DCERPC endpoint %s\n", s->binding->endpoint));
-        
+        endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+        DEBUG(4,("Mapped to DCERPC endpoint %s\n", endpoint));
+
         continue_connect(c, s);
 }
@@ -534 +786 @@
         struct composite_context *ncacn_np_smb_req;
         struct composite_context *ncacn_ip_tcp_req;
+        struct composite_context *ncacn_http_req;
         struct composite_context *ncacn_unix_req;
         struct composite_context *ncalrpc_req;
+        enum dcerpc_transport_t transport;
+        enum protocol_types min_ipc_protocol;
+        uint32_t flags;
 
         /* dcerpc pipe connect input parameters */
-        pc.pipe         = s->pipe;
+        ZERO_STRUCT(pc);
+        pc.conn         = s->pipe->conn;
         pc.binding      = s->binding;
-        pc.pipe_name    = NULL;
         pc.interface    = s->table;
         pc.creds        = s->credentials;
         pc.resolve_ctx  = lpcfg_resolve_context(s->lp_ctx);
 
+        transport = dcerpc_binding_get_transport(s->binding);
+        flags = dcerpc_binding_get_flags(s->binding);
+
+        min_ipc_protocol = lpcfg_client_ipc_min_protocol(s->lp_ctx);
+        if (min_ipc_protocol >= PROTOCOL_SMB2_02) {
+                flags |= DCERPC_SMB2;
+        }
+
         /* connect dcerpc pipe depending on required transport */
-        switch (s->binding->transport) {
+        switch (transport) {
         case NCACN_NP:
-                if (pc.binding->flags & DCERPC_SMB2) {
+                if (flags & DCERPC_SMB2) {
                         /* new varient of SMB a.k.a. SMB2 */
                         ncacn_np_smb2_req = dcerpc_pipe_connect_ncacn_np_smb2_send(c, &pc, s->lp_ctx);
@@ -567 +831 @@
                 return;
 
+        case NCACN_HTTP:
+                ncacn_http_req = dcerpc_pipe_connect_ncacn_http_send(c, &pc, s->lp_ctx);
+                composite_continue(c, ncacn_http_req, continue_pipe_connect_ncacn_http, c);
+                return;
+
         case NCACN_UNIX_STREAM:
                 ncacn_unix_req = dcerpc_pipe_connect_ncacn_unix_stream_send(c, &pc);
@@ -573 +842 @@
 
         case NCALRPC:
-                ncalrpc_req = dcerpc_pipe_connect_ncalrpc_send(c, &pc, s->lp_ctx);
+                pc.ncalrpc.dir = lpcfg_ncalrpc_dir(s->lp_ctx);
+                c->status = dcerpc_binding_set_string_option(s->binding, "ncalrpc_dir",
+                                                             pc.ncalrpc.dir);
+                if (!composite_is_ok(c)) return;
+                ncalrpc_req = dcerpc_pipe_connect_ncalrpc_send(c, &pc);
                 composite_continue(c, ncalrpc_req, continue_pipe_connect_ncalrpc, c);
                 return;
@@ -631 +904 @@
 
         c->status = dcerpc_pipe_connect_ncacn_ip_tcp_recv(ctx);
+        if (!composite_is_ok(c)) return;
+
+        continue_pipe_connect(c, s);
+}
+
+
+/*
+  Stage 3 of pipe_connect_b: Receive result of pipe connect request on http
+*/
+static void continue_pipe_connect_ncacn_http(struct composite_context *ctx)
+{
+        struct composite_context *c = talloc_get_type(ctx->async.private_data,
+                                                      struct composite_context);
+        struct pipe_connect_state *s = talloc_get_type(c->private_data,
+                                                       struct pipe_connect_state);
+
+        c->status = dcerpc_pipe_connect_ncacn_http_recv(ctx);
         if (!composite_is_ok(c)) return;
 
@@ -679 +969 @@
         struct composite_context *auth_bind_req;
 
-        s->pipe->binding = s->binding;
-        if (!talloc_reference(s->pipe, s->binding)) {
-                composite_error(c, NT_STATUS_NO_MEMORY);
+        s->pipe->binding = dcerpc_binding_dup(s->pipe, s->binding);
+        if (composite_nomem(s->pipe->binding, c)) {
                 return;
         }
@@ -714 +1003 @@
                                            struct timeval t, void *private_data)
 {
-        struct composite_context *c = talloc_get_type(private_data, struct composite_context);
-        composite_error(c, NT_STATUS_IO_TIMEOUT);
+        struct composite_context *c = talloc_get_type_abort(private_data,
+                                                      struct composite_context);
+        struct pipe_connect_state *s = talloc_get_type_abort(c->private_data, struct pipe_connect_state);
+        if (!s->pipe->inhibit_timeout_processing) {
+                composite_error(c, NT_STATUS_IO_TIMEOUT);
+        } else {
+                s->pipe->timed_out = true;
+        }
 }
 
@@ -723 +1018 @@
 */
 _PUBLIC_ struct composite_context* dcerpc_pipe_connect_b_send(TALLOC_CTX *parent_ctx,
-                                                     struct dcerpc_binding *binding,
+                                                     const struct dcerpc_binding *binding,
                                                      const struct ndr_interface_table *table,
                                                      struct cli_credentials *credentials,
@@ -731 +1026 @@
         struct composite_context *c;
         struct pipe_connect_state *s;
-        struct tevent_context *new_ev = NULL;
+        enum dcerpc_transport_t transport;
+        const char *endpoint = NULL;
+        struct cli_credentials *epm_creds = NULL;
 
         /* composite context allocation and setup */
         c = composite_create(parent_ctx, ev);
         if (c == NULL) {
-                talloc_free(new_ev);
                 return NULL;
         }
-        talloc_steal(c, new_ev);
 
         s = talloc_zero(c, struct pipe_connect_state);
@@ -750 +1045 @@
 
         if (DEBUGLEVEL >= 10)
-                s->pipe->conn->packet_log_dir = lpcfg_lockdir(lp_ctx);
+                s->pipe->conn->packet_log_dir = lpcfg_lock_directory(lp_ctx);
 
         /* store parameters in state structure */
-        s->binding      = binding;
+        s->binding      = dcerpc_binding_dup(s, binding);
+        if (composite_nomem(s->binding, c)) return c;
         s->table        = table;
         s->credentials  = credentials;
         s->lp_ctx       = lp_ctx;
 
-        event_add_timed(c->event_ctx, c,
-                        timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
-                        dcerpc_connect_timeout_handler, c);
-        
-        switch (s->binding->transport) {
-        case NCA_UNKNOWN: {
+        s->pipe->timed_out = false;
+        s->pipe->inhibit_timeout_processing = false;
+
+        tevent_add_timer(c->event_ctx, c,
+                         timeval_current_ofs(DCERPC_REQUEST_TIMEOUT, 0),
+                         dcerpc_connect_timeout_handler, c);
+
+        transport = dcerpc_binding_get_transport(s->binding);
+
+        switch (transport) {
+        case NCACN_NP:
+        case NCACN_IP_TCP:
+        case NCALRPC:
+                endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+
+                /* anonymous credentials for rpc connection used to get endpoint mapping */
+                epm_creds = cli_credentials_init_anon(s);
+                if (composite_nomem(epm_creds, c)) return c;
+
+                break;
+        case NCACN_HTTP:
+                endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+                epm_creds = credentials;
+                break;
+        default:
+                break;
+        }
+
+        if (endpoint == NULL) {
                 struct composite_context *binding_req;
+
                 binding_req = dcerpc_epm_map_binding_send(c, s->binding, s->table,
+                                                          epm_creds,
                                                           s->pipe->conn->event_ctx,
                                                           s->lp_ctx);
                 composite_continue(c, binding_req, continue_map_binding, c);
                 return c;
-                }
-
-        case NCACN_NP:
-        case NCACN_IP_TCP:
-        case NCALRPC:
-                if (!s->binding->endpoint) {
-                        struct composite_context *binding_req;
-                        binding_req = dcerpc_epm_map_binding_send(c, s->binding, s->table,
-                                                                  s->pipe->conn->event_ctx,
-                                                                  s->lp_ctx);
-                        composite_continue(c, binding_req, continue_map_binding, c);
-                        return c;
-                }
-
-        default:
-                break;
         }
 
@@ -820 +1125 @@
 _PUBLIC_ NTSTATUS dcerpc_pipe_connect_b(TALLOC_CTX *parent_ctx,
                                struct dcerpc_pipe **pp,
-                               struct dcerpc_binding *binding,
+                               const struct dcerpc_binding *binding,
                                const struct ndr_interface_table *table,
                                struct cli_credentials *credentials,

vendor/current/source4/librpc/rpc/dcerpc_schannel.c

@@ -37 +37 @@
         struct dcerpc_pipe *pipe2;
         struct dcerpc_binding *binding;
+        bool dcerpc_schannel_auto;
         struct cli_credentials *credentials;
         struct netlogon_creds_CredentialState *creds;
-        uint32_t negotiate_flags;
+        uint32_t local_negotiate_flags;
+        uint32_t remote_negotiate_flags;
         struct netr_Credential credentials1;
         struct netr_Credential credentials2;
@@ -53 +55 @@
 static void continue_srv_challenge(struct tevent_req *subreq);
 static void continue_srv_auth2(struct tevent_req *subreq);
+static void continue_get_capabilities(struct tevent_req *subreq);
 
 
@@ -177 +180 @@
                 cli_credentials_get_secure_channel_type(s->credentials);
         s->a.in.computer_name    = cli_credentials_get_workstation(s->credentials);
-        s->a.in.negotiate_flags  = &s->negotiate_flags;
+        s->a.in.negotiate_flags  = &s->local_negotiate_flags;
         s->a.in.credentials      = &s->credentials3;
-        s->a.out.negotiate_flags = &s->negotiate_flags;
+        s->a.out.negotiate_flags = &s->remote_negotiate_flags;
         s->a.out.return_credentials     = &s->credentials3;
 
@@ -185 +188 @@
                                               s->a.in.account_name, 
                                               s->a.in.computer_name,
+                                              s->a.in.secure_channel_type,
                                               &s->credentials1, &s->credentials2,
-                                              s->mach_pwd, &s->credentials3, s->negotiate_flags);
+                                              s->mach_pwd, &s->credentials3,
+                                              s->local_negotiate_flags);
         if (composite_nomem(s->creds, c)) {
                 return;
@@ -219 +224 @@
         if (!composite_is_ok(c)) return;
 
+        if (!NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED) &&
+            !NT_STATUS_IS_OK(s->a.out.result)) {
+                composite_error(c, s->a.out.result);
+                return;
+        }
+
+        /*
+         * Strong keys could be unsupported (NT4) or disables. So retry with the
+         * flags returned by the server. - asn
+         */
+        if (NT_STATUS_EQUAL(s->a.out.result, NT_STATUS_ACCESS_DENIED)) {
+                uint32_t lf = s->local_negotiate_flags;
+                const char *ln = NULL;
+                uint32_t rf = s->remote_negotiate_flags;
+                const char *rn = NULL;
+
+                if (!s->dcerpc_schannel_auto) {
+                        composite_error(c, s->a.out.result);
+                        return;
+                }
+                s->dcerpc_schannel_auto = false;
+
+                if (lf & NETLOGON_NEG_SUPPORTS_AES)  {
+                        ln = "aes";
+                        if (rf & NETLOGON_NEG_SUPPORTS_AES) {
+                                composite_error(c, s->a.out.result);
+                                return;
+                        }
+                } else if (lf & NETLOGON_NEG_STRONG_KEYS) {
+                        ln = "strong";
+                        if (rf & NETLOGON_NEG_STRONG_KEYS) {
+                                composite_error(c, s->a.out.result);
+                                return;
+                        }
+                } else {
+                        ln = "des";
+                }
+
+                if (rf & NETLOGON_NEG_SUPPORTS_AES)  {
+                        rn = "aes";
+                } else if (rf & NETLOGON_NEG_STRONG_KEYS) {
+                        rn = "strong";
+                } else {
+                        rn = "des";
+                }
+
+                DEBUG(3, ("Server doesn't support %s keys, downgrade to %s"
+                          "and retry! local[0x%08X] remote[0x%08X]\n",
+                          ln, rn, lf, rf));
+
+                s->local_negotiate_flags = s->remote_negotiate_flags;
+
+                generate_random_buffer(s->credentials1.data,
+                                       sizeof(s->credentials1.data));
+
+                subreq = dcerpc_netr_ServerReqChallenge_r_send(s,
+                                                               c->event_ctx,
+                                                               s->pipe2->binding_handle,
+                                                               &s->r);
+                if (composite_nomem(subreq, c)) return;
+
+                tevent_req_set_callback(subreq, continue_srv_challenge, c);
+                return;
+        }
+
+        s->creds->negotiate_flags = s->remote_negotiate_flags;
+
         /* verify credentials */
         if (!netlogon_creds_client_check(s->creds, s->a.out.return_credentials)) {
@@ -225 +297 @@
         }
 
-        /* setup current netlogon credentials */
-        cli_credentials_set_netlogon_creds(s->credentials, s->creds);
-
         composite_done(c);
 }
-
 
 /*
@@ -236 +304 @@
   on a secondary pipe
 */
-struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
+static struct composite_context *dcerpc_schannel_key_send(TALLOC_CTX *mem_ctx,
                                                    struct dcerpc_pipe *p,
                                                    struct cli_credentials *credentials,
@@ -245 +313 @@
         struct composite_context *epm_map_req;
         enum netr_SchannelType schannel_type = cli_credentials_get_secure_channel_type(credentials);
-        
+        struct cli_credentials *epm_creds = NULL;
+
         /* composite context allocation and setup */
         c = composite_create(mem_ctx, p->conn->event_ctx);
@@ -257 +326 @@
         s->pipe        = p;
         s->credentials = credentials;
+        s->local_negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
 
         /* allocate credentials */
+        if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
+                s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+        }
+        if (s->pipe->conn->flags & DCERPC_SCHANNEL_AES) {
+                s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+                s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
+        }
+        if (s->pipe->conn->flags & DCERPC_SCHANNEL_AUTO) {
+                s->local_negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
+                s->local_negotiate_flags |= NETLOGON_NEG_SUPPORTS_AES;
+                s->dcerpc_schannel_auto = true;
+        }
+
         /* type of authentication depends on schannel type */
         if (schannel_type == SEC_CHAN_RODC) {
-                s->negotiate_flags = NETLOGON_NEG_AUTH2_RODC_FLAGS;
-        } else if (s->pipe->conn->flags & DCERPC_SCHANNEL_128) {
-                s->negotiate_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-        } else {
-                s->negotiate_flags = NETLOGON_NEG_AUTH2_FLAGS;
-        }
+                s->local_negotiate_flags |= NETLOGON_NEG_RODC_PASSTHROUGH;
+        }
+
+        epm_creds = cli_credentials_init_anon(s);
+        if (composite_nomem(epm_creds, c)) return c;
 
         /* allocate binding structure */
-        s->binding = talloc_zero(c, struct dcerpc_binding);
+        s->binding = dcerpc_binding_dup(s, s->pipe->binding);
         if (composite_nomem(s->binding, c)) return c;
-
-        *s->binding = *s->pipe->binding;
 
         /* request the netlogon endpoint mapping */
         epm_map_req = dcerpc_epm_map_binding_send(c, s->binding,
                                                   &ndr_table_netlogon,
+                                                  epm_creds,
                                                   s->pipe->conn->event_ctx,
                                                   lp_ctx);
@@ -289 +370 @@
   Receive result of schannel key request
  */
-NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c)
+static NTSTATUS dcerpc_schannel_key_recv(struct composite_context *c,
+                                TALLOC_CTX *mem_ctx,
+                                struct netlogon_creds_CredentialState **creds)
 {
         NTSTATUS status = composite_wait(c);
-        
+
+        if (NT_STATUS_IS_OK(status)) {
+                struct schannel_key_state *s =
+                        talloc_get_type_abort(c->private_data,
+                        struct schannel_key_state);
+                *creds = talloc_move(mem_ctx, &s->creds);
+        }
+
         talloc_free(c);
         return status;
@@ -304 +394 @@
         struct loadparm_context *lp_ctx;
         uint8_t auth_level;
+        struct netlogon_creds_CredentialState *creds_state;
+        struct netlogon_creds_CredentialState save_creds_state;
+        struct netr_Authenticator auth;
+        struct netr_Authenticator return_auth;
+        union netr_Capabilities capabilities;
+        struct netr_LogonGetCapabilities c;
 };
 
@@ -324 +420 @@
 
         /* receive schannel key */
-        status = c->status = dcerpc_schannel_key_recv(ctx);
+        status = c->status = dcerpc_schannel_key_recv(ctx, s, &s->creds_state);
         if (!composite_is_ok(c)) {
                 DEBUG(1, ("Failed to setup credentials: %s\n", nt_errstr(status)));
@@ -331 +427 @@
 
         /* send bind auth request with received creds */
+        cli_credentials_set_netlogon_creds(s->credentials, s->creds_state);
+
         auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table, s->credentials, 
                                          lpcfg_gensec_settings(c, s->lp_ctx),
@@ -349 +447 @@
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
                                                       struct composite_context);
+        struct auth_schannel_state *s = talloc_get_type(c->private_data,
+                                                        struct auth_schannel_state);
+        struct tevent_req *subreq;
 
         c->status = dcerpc_bind_auth_recv(ctx);
         if (!composite_is_ok(c)) return;
+
+        /* if we have a AES encrypted connection, verify the capabilities */
+        if (ndr_syntax_id_equal(&s->table->syntax_id,
+                                &ndr_table_netlogon.syntax_id)) {
+                ZERO_STRUCT(s->return_auth);
+
+                s->save_creds_state = *s->creds_state;
+                netlogon_creds_client_authenticator(&s->save_creds_state, &s->auth);
+
+                s->c.in.server_name = talloc_asprintf(c,
+                                                      "\\\\%s",
+                                                      dcerpc_server_name(s->pipe));
+                if (composite_nomem(s->c.in.server_name, c)) return;
+                s->c.in.computer_name         = cli_credentials_get_workstation(s->credentials);
+                s->c.in.credential            = &s->auth;
+                s->c.in.return_authenticator  = &s->return_auth;
+                s->c.in.query_level           = 1;
+
+                s->c.out.capabilities         = &s->capabilities;
+                s->c.out.return_authenticator = &s->return_auth;
+
+                DEBUG(5, ("We established a AES connection, verifying logon "
+                          "capabilities\n"));
+
+                subreq = dcerpc_netr_LogonGetCapabilities_r_send(s,
+                                                                 c->event_ctx,
+                                                                 s->pipe->binding_handle,
+                                                                 &s->c);
+                if (composite_nomem(subreq, c)) return;
+
+                tevent_req_set_callback(subreq, continue_get_capabilities, c);
+                return;
+        }
+
+        composite_done(c);
+}
+
+/*
+  Stage 4 of auth_schannel: Get the Logon Capablities and verify them.
+*/
+static void continue_get_capabilities(struct tevent_req *subreq)
+{
+        struct composite_context *c;
+        struct auth_schannel_state *s;
+
+        c = tevent_req_callback_data(subreq, struct composite_context);
+        s = talloc_get_type(c->private_data, struct auth_schannel_state);
+
+        /* receive rpc request result */
+        c->status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, s);
+        TALLOC_FREE(subreq);
+        if (NT_STATUS_EQUAL(c->status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+                if (s->creds_state->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+                        composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                        return;
+                } else {
+                        /* This is probably NT */
+                        composite_done(c);
+                        return;
+                }
+        } else if (!composite_is_ok(c)) {
+                return;
+        }
+
+        if (NT_STATUS_EQUAL(s->c.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
+                if (s->creds_state->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+                        /* This means AES isn't supported. */
+                        composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                        return;
+                }
+
+                /* This is probably an old Samba version */
+                composite_done(c);
+                return;
+        }
+
+        /* verify credentials */
+        if (!netlogon_creds_client_check(&s->save_creds_state,
+                                         &s->c.out.return_authenticator->cred)) {
+                composite_error(c, NT_STATUS_UNSUCCESSFUL);
+                return;
+        }
+
+        *s->creds_state = s->save_creds_state;
+        cli_credentials_set_netlogon_creds(s->credentials, s->creds_state);
+
+        if (!NT_STATUS_IS_OK(s->c.out.result)) {
+                composite_error(c, s->c.out.result);
+                return;
+        }
+
+        /* compare capabilities */
+        if (s->creds_state->negotiate_flags != s->capabilities.server_capabilities) {
+                DEBUG(2, ("The client capabilities don't match the server "
+                          "capabilities: local[0x%08X] remote[0x%08X]\n",
+                          s->creds_state->negotiate_flags,
+                          s->capabilities.server_capabilities));
+                composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+                return;
+        }
+
+        /* TODO: Add downgrade dectection. */
 
         composite_done(c);

vendor/current/source4/librpc/rpc/dcerpc_secondary.c

@@ -32 +32 @@
 #include "param/param.h"
 #include "libcli/resolve/resolve.h"
-#include "lib/socket/socket.h"
+#include "lib/util/util_net.h"
 
 struct sec_conn_state {
@@ -38 +38 @@
         struct dcerpc_pipe *pipe2;
         struct dcerpc_binding *binding;
-        struct smbcli_tree *tree;
-        struct socket_address *peer_addr;
 };
 
@@ -45 +43 @@
 static void continue_open_smb(struct composite_context *ctx);
 static void continue_open_tcp(struct composite_context *ctx);
-static void continue_open_pipe(struct composite_context *ctx);
+static void continue_open_ncalrpc(struct composite_context *ctx);
+static void continue_open_ncacn_unix(struct composite_context *ctx);
 static void continue_pipe_open(struct composite_context *c);
 
@@ -54 +53 @@
 */
 _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerpc_pipe *p,
-                                                           struct dcerpc_binding *b)
+                                                        const struct dcerpc_binding *b)
 {
         struct composite_context *c;
@@ -60 +59 @@
         struct composite_context *pipe_smb_req;
         struct composite_context *pipe_tcp_req;
+        const char *localaddress = NULL;
         struct composite_context *pipe_ncalrpc_req;
-        
+        const char *ncalrpc_dir = NULL;
+        struct composite_context *pipe_unix_req;
+        const char *host;
+        const char *target_hostname;
+        const char *endpoint;
+
         /* composite context allocation and setup */
         c = composite_create(p, p->conn->event_ctx);
@@ -71 +76 @@
 
         s->pipe     = p;
-        s->binding  = b;
+        s->binding  = dcerpc_binding_dup(s, b);
+        if (composite_nomem(s->binding, c)) return c;
 
         /* initialise second dcerpc pipe based on primary pipe's event context */
@@ -80 +86 @@
                 s->pipe2->conn->packet_log_dir = s->pipe->conn->packet_log_dir;
 
+        host = dcerpc_binding_get_string_option(s->binding, "host");
+        if (host == NULL) {
+                /*
+                 * We may fallback to the host of the given connection
+                 */
+                host = dcerpc_binding_get_string_option(s->pipe->binding,
+                                                        "host");
+        }
+        target_hostname = dcerpc_binding_get_string_option(s->binding, "target_hostname");
+        if (target_hostname == NULL) {
+                /*
+                 * We may fallback to the target_hostname of the given connection
+                 */
+                target_hostname = dcerpc_binding_get_string_option(s->pipe->binding,
+                                                                   "target_hostname");
+        }
+        endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+        if (endpoint == NULL) {
+                /*
+                 * We may fallback to the endpoint of the given connection
+                 */
+                endpoint = dcerpc_binding_get_string_option(s->pipe->binding, "endpoint");
+        }
+        if (endpoint == NULL) {
+                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                return c;
+        }
+
         /* open second dcerpc pipe using the same transport as for primary pipe */
         switch (s->pipe->conn->transport.transport) {
         case NCACN_NP:
-                /* get smb tree of primary dcerpc pipe opened on smb */
-                s->tree = dcerpc_smb_tree(s->pipe->conn);
-                if (!s->tree) {
-                        composite_error(c, NT_STATUS_INVALID_PARAMETER);
+                pipe_smb_req = dcerpc_secondary_smb_send(s->pipe->conn,
+                                                         s->pipe2->conn,
+                                                         endpoint);
+                composite_continue(c, pipe_smb_req, continue_open_smb, c);
+                return c;
+
+        case NCACN_IP_TCP:
+                if (host == NULL) {
+                        composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
                         return c;
                 }
 
-                pipe_smb_req = dcerpc_pipe_open_smb_send(s->pipe2, s->tree,
-                                                         s->binding->endpoint);
-                composite_continue(c, pipe_smb_req, continue_open_smb, c);
-                return c;
-
-        case NCACN_IP_TCP:
-                s->peer_addr = dcerpc_socket_peer_addr(s->pipe->conn, s);
-                if (!s->peer_addr) {
-                        composite_error(c, NT_STATUS_INVALID_PARAMETER);
-                        return c;
+                if (!is_ipaddress(host)) {
+                        /*
+                         * We may fallback to the host of the given connection
+                         */
+                        host = dcerpc_binding_get_string_option(s->pipe->binding,
+                                                                "host");
+                        if (host == NULL) {
+                                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                                return c;
+                        }
+                        if (!is_ipaddress(host)) {
+                                composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                                return c;
+                        }
                 }
 
+                localaddress = dcerpc_binding_get_string_option(s->binding,
+                                                                "localaddress");
+                if (localaddress == NULL) {
+                        /*
+                         * We may fallback to the localaddress of the given connection
+                         */
+                        localaddress = dcerpc_binding_get_string_option(s->pipe->binding,
+                                                                        "localaddress");
+                }
+
                 pipe_tcp_req = dcerpc_pipe_open_tcp_send(s->pipe2->conn,
-                                                         s->binding->localaddress,
-                                                         s->peer_addr->addr,
-                                                         s->binding->target_hostname,
-                                                         atoi(s->binding->endpoint),
+                                                         localaddress,
+                                                         host,
+                                                         target_hostname,
+                                                         atoi(endpoint),
                                                          resolve_context_init(s));
                 composite_continue(c, pipe_tcp_req, continue_open_tcp, c);
@@ -112 +165 @@
 
         case NCALRPC:
+                ncalrpc_dir = dcerpc_binding_get_string_option(s->binding,
+                                                               "ncalrpc_dir");
+                if (ncalrpc_dir == NULL) {
+                        ncalrpc_dir = dcerpc_binding_get_string_option(s->pipe->binding,
+                                                                "ncalrpc_dir");
+                }
+                if (ncalrpc_dir == NULL) {
+                        composite_error(c, NT_STATUS_INVALID_PARAMETER_MIX);
+                        return c;
+                }
+
+                pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn,
+                                                              ncalrpc_dir,
+                                                              endpoint);
+                composite_continue(c, pipe_ncalrpc_req, continue_open_ncalrpc, c);
+                return c;
+
         case NCACN_UNIX_STREAM:
-                pipe_ncalrpc_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn, 
-                                                              dcerpc_unix_socket_path(s->pipe->conn));
-                composite_continue(c, pipe_ncalrpc_req, continue_open_pipe, c);
+                pipe_unix_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn,
+                                                                  endpoint);
+                composite_continue(c, pipe_unix_req, continue_open_ncacn_unix, c);
                 return c;
 
@@ -135 +205 @@
                                                       struct composite_context);
         
-        c->status = dcerpc_pipe_open_smb_recv(ctx);
+        c->status = dcerpc_secondary_smb_recv(ctx);
         if (!composite_is_ok(c)) return;
 
@@ -149 +219 @@
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
                                                       struct composite_context);
-        
-        c->status = dcerpc_pipe_open_tcp_recv(ctx);
+        struct sec_conn_state *s = talloc_get_type_abort(c->private_data,
+                                                         struct sec_conn_state);
+        char *localaddr = NULL;
+        char *remoteaddr = NULL;
+
+        c->status = dcerpc_pipe_open_tcp_recv(ctx, s, &localaddr, &remoteaddr);
+        if (!composite_is_ok(c)) return;
+
+        c->status = dcerpc_binding_set_string_option(s->binding,
+                                                     "localaddress",
+                                                     localaddr);
+        if (!composite_is_ok(c)) return;
+
+        c->status = dcerpc_binding_set_string_option(s->binding,
+                                                     "host",
+                                                     remoteaddr);
         if (!composite_is_ok(c)) return;
 
@@ -156 +240 @@
 }
 
-
 /*
   Stage 2 of secondary_connection: Receive result of pipe open request on ncalrpc
 */
-static void continue_open_pipe(struct composite_context *ctx)
+static void continue_open_ncalrpc(struct composite_context *ctx)
 {
         struct composite_context *c = talloc_get_type(ctx->async.private_data,
@@ -171 +254 @@
 }
 
+/*
+  Stage 2 of secondary_connection: Receive result of pipe open request on ncacn_unix
+*/
+static void continue_open_ncacn_unix(struct composite_context *ctx)
+{
+        struct composite_context *c = talloc_get_type(ctx->async.private_data,
+                                                      struct composite_context);
+
+        c->status = dcerpc_pipe_open_unix_stream_recv(ctx);
+        if (!composite_is_ok(c)) return;
+
+        continue_pipe_open(c);
+}
+
 
 /*
@@ -183 +280 @@
 
         s->pipe2->conn->flags = s->pipe->conn->flags;
-        s->pipe2->binding     = s->binding;
-        if (!talloc_reference(s->pipe2, s->binding)) {
-                composite_error(c, NT_STATUS_NO_MEMORY);
+        s->pipe2->binding     = dcerpc_binding_dup(s->pipe2, s->binding);
+        if (composite_nomem(s->pipe2->binding, c)) {
                 return;
         }
@@ -222 +318 @@
 _PUBLIC_ NTSTATUS dcerpc_secondary_connection(struct dcerpc_pipe *p,
                                      struct dcerpc_pipe **p2,
-                                     struct dcerpc_binding *b)
+                                     const struct dcerpc_binding *b)
 {
         struct composite_context *c;
@@ -238 +334 @@
 struct sec_auth_conn_state {
         struct dcerpc_pipe *pipe2;
-        struct dcerpc_binding *binding;
+        const struct dcerpc_binding *binding;
         const struct ndr_interface_table *table;
         struct cli_credentials *credentials;
@@ -249 +345 @@
 
 _PUBLIC_ struct composite_context* dcerpc_secondary_auth_connection_send(struct dcerpc_pipe *p,
-                                                                struct dcerpc_binding *binding,
+                                                                const struct dcerpc_binding *binding,
                                                                 const struct ndr_interface_table *table,
                                                                 struct cli_credentials *credentials,
@@ -336 +432 @@
         return status;
 }
+
+_PUBLIC_ NTSTATUS dcerpc_secondary_auth_connection(struct dcerpc_pipe *p,
+                                        const struct dcerpc_binding *binding,
+                                        const struct ndr_interface_table *table,
+                                        struct cli_credentials *credentials,
+                                        struct loadparm_context *lp_ctx,
+                                        TALLOC_CTX *mem_ctx,
+                                        struct dcerpc_pipe **p2)
+{
+        struct composite_context *c;
+
+        c = dcerpc_secondary_auth_connection_send(p, binding, table,
+                                                  credentials, lp_ctx);
+        return dcerpc_secondary_auth_connection_recv(c, mem_ctx, p2);
+}

vendor/current/source4/librpc/rpc/dcerpc_smb.c

@@ -22 +22 @@
 
 #include "includes.h"
+#include "system/filesys.h"
+#include <tevent.h>
+#include "lib/tsocket/tsocket.h"
+#include "libcli/smb/smb_constants.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "libcli/smb/tstream_smbXcli_np.h"
 #include "libcli/raw/libcliraw.h"
-#include "libcli/composite/composite.h"
+#include "libcli/smb2/smb2.h"
 #include "librpc/rpc/dcerpc.h"
 #include "librpc/rpc/dcerpc_proto.h"
-#include "librpc/rpc/rpc_common.h"
+#include "libcli/composite/composite.h"
 
 /* transport private information used by SMB pipe transport */
 struct smb_private {
-        uint16_t fnum;
-        struct smbcli_tree *tree;
-        const char *server_name;
-        bool dead;
+        DATA_BLOB session_key;
+
+        /*
+         * these are needed to open a secondary connection
+         */
+        struct smbXcli_conn *conn;
+        struct smbXcli_session *session;
+        struct smbXcli_tcon *tcon;
+        uint32_t timeout_msec;
 };
-
-
-/*
-  tell the dcerpc layer that the transport is dead
-*/
-static void pipe_dead(struct dcecli_connection *c, NTSTATUS status)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-
-        if (smb->dead) {
-                return;
-        }
-
-        smb->dead = true;
-
-        if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
-                status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
-        }
-
-        if (NT_STATUS_EQUAL(NT_STATUS_OK, status)) {
-                status = NT_STATUS_END_OF_FILE;
-        }
-
-        if (c->transport.recv_data) {
-                c->transport.recv_data(c, NULL, status);
-        }
-}
-
-
-/* 
-   this holds the state of an in-flight call
-*/
-struct smb_read_state {
-        struct dcecli_connection *c;
-        struct smbcli_request *req;
-        size_t received;
-        DATA_BLOB data;
-        union smb_read *io;
-};
-
-/*
-  called when a read request has completed
-*/
-static void smb_read_callback(struct smbcli_request *req)
-{
-        struct smb_private *smb;
-        struct smb_read_state *state;
-        union smb_read *io;
-        uint16_t frag_length;
-        NTSTATUS status;
-
-        state = talloc_get_type(req->async.private_data, struct smb_read_state);
-        smb = talloc_get_type(state->c->transport.private_data, struct smb_private);
-        io = state->io;
-
-        status = smb_raw_read_recv(state->req, io);
-        if (NT_STATUS_IS_ERR(status)) {
-                pipe_dead(state->c, status);
-                talloc_free(state);
-                return;
-        }
-
-        state->received += io->readx.out.nread;
-
-        if (state->received < 16) {
-                DEBUG(0,("dcerpc_smb: short packet (length %d) in read callback!\n",
-                         (int)state->received));
-                pipe_dead(state->c, NT_STATUS_INFO_LENGTH_MISMATCH);
-                talloc_free(state);
-                return;
-        }
-
-        frag_length = dcerpc_get_frag_length(&state->data);
-
-        if (frag_length <= state->received) {
-                DATA_BLOB data = state->data;
-                struct dcecli_connection *c = state->c;
-                data.length = state->received;
-                talloc_steal(state->c, data.data);
-                talloc_free(state);
-                c->transport.recv_data(c, &data, NT_STATUS_OK);
-                return;
-        }
-
-        /* initiate another read request, as we only got part of a fragment */
-        state->data.data = talloc_realloc(state, state->data.data, uint8_t, frag_length);
-
-        io->readx.in.mincnt = MIN(state->c->srv_max_xmit_frag, 
-                                  frag_length - state->received);
-        io->readx.in.maxcnt = io->readx.in.mincnt;
-        io->readx.out.data = state->data.data + state->received;
-
-        state->req = smb_raw_read_send(smb->tree, io);
-        if (state->req == NULL) {
-                pipe_dead(state->c, NT_STATUS_NO_MEMORY);
-                talloc_free(state);
-                return;
-        }
-
-        state->req->async.fn = smb_read_callback;
-        state->req->async.private_data = state;
-}
-
-/*
-  trigger a read request from the server, possibly with some initial
-  data in the read buffer
-*/
-static NTSTATUS send_read_request_continue(struct dcecli_connection *c, DATA_BLOB *blob)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-        union smb_read *io;
-        struct smb_read_state *state;
-        struct smbcli_request *req;
-
-        state = talloc(smb, struct smb_read_state);
-        if (state == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        state->c = c;
-        if (blob == NULL) {
-                state->received = 0;
-                state->data = data_blob_talloc(state, NULL, 0x2000);
-        } else {
-                uint32_t frag_length = blob->length>=16?
-                        dcerpc_get_frag_length(blob):0x2000;
-
-                if (frag_length < state->data.length) {
-                        talloc_free(state);
-                        return NT_STATUS_RPC_PROTOCOL_ERROR;
-                }
-
-                state->received = blob->length;
-                state->data = data_blob_talloc(state, NULL, frag_length);
-                if (!state->data.data) {
-                        talloc_free(state);
-                        return NT_STATUS_NO_MEMORY;
-                }
-                memcpy(state->data.data, blob->data, blob->length);
-        }
-
-        state->io = talloc(state, union smb_read);
-
-        io = state->io;
-        io->generic.level = RAW_READ_READX;
-        io->readx.in.file.fnum = smb->fnum;
-        io->readx.in.mincnt = state->data.length - state->received;
-        io->readx.in.maxcnt = io->readx.in.mincnt;
-        io->readx.in.offset = 0;
-        io->readx.in.remaining = 0;
-        io->readx.in.read_for_execute = false;
-        io->readx.out.data = state->data.data + state->received;
-        req = smb_raw_read_send(smb->tree, io);
-        if (req == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        req->async.fn = smb_read_callback;
-        req->async.private_data = state;
-
-        state->req = req;
-
-        return NT_STATUS_OK;
-}
-
-
-/*
-  trigger a read request from the server
-*/
-static NTSTATUS send_read_request(struct dcecli_connection *c)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-
-        if (smb->dead) {
-                return NT_STATUS_CONNECTION_DISCONNECTED;
-        }
-
-        return send_read_request_continue(c, NULL);
-}
-
-/* 
-   this holds the state of an in-flight trans call
-*/
-struct smb_trans_state {
-        struct dcecli_connection *c;
-        struct smbcli_request *req;
-        struct smb_trans2 *trans;
-};
-
-/*
-  called when a trans request has completed
-*/
-static void smb_trans_callback(struct smbcli_request *req)
-{
-        struct smb_trans_state *state = (struct smb_trans_state *)req->async.private_data;
-        struct dcecli_connection *c = state->c;
-        NTSTATUS status;
-
-        status = smb_raw_trans_recv(req, state, state->trans);
-
-        if (NT_STATUS_IS_ERR(status)) {
-                pipe_dead(c, status);
-                return;
-        }
-
-        if (!NT_STATUS_EQUAL(status, STATUS_BUFFER_OVERFLOW)) {
-                DATA_BLOB data = state->trans->out.data;
-                talloc_steal(c, data.data);
-                talloc_free(state);
-                c->transport.recv_data(c, &data, NT_STATUS_OK);
-                return;
-        }
-
-        /* there is more to receive - setup a readx */
-        send_read_request_continue(c, &state->trans->out.data);
-        talloc_free(state);
-}
-
-/*
-  send a SMBtrans style request
-*/
-static NTSTATUS smb_send_trans_request(struct dcecli_connection *c, DATA_BLOB *blob)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-        struct smb_trans2 *trans;
-        uint16_t setup[2];
-        struct smb_trans_state *state;
-        uint16_t max_data;
-
-        state = talloc(smb, struct smb_trans_state);
-        if (state == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        state->c = c;
-        state->trans = talloc(state, struct smb_trans2);
-        trans = state->trans;
-
-        trans->in.data = *blob;
-        trans->in.params = data_blob(NULL, 0);
-        
-        setup[0] = TRANSACT_DCERPCCMD;
-        setup[1] = smb->fnum;
-
-        if (c->srv_max_xmit_frag > 0) {
-                max_data = MIN(UINT16_MAX, c->srv_max_xmit_frag);
-        } else {
-                max_data = UINT16_MAX;
-        }
-
-        trans->in.max_param = 0;
-        trans->in.max_data = max_data;
-        trans->in.max_setup = 0;
-        trans->in.setup_count = 2;
-        trans->in.flags = 0;
-        trans->in.timeout = 0;
-        trans->in.setup = setup;
-        trans->in.trans_name = "\\PIPE\\";
-
-        state->req = smb_raw_trans_send(smb->tree, trans);
-        if (state->req == NULL) {
-                talloc_free(state);
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        state->req->async.fn = smb_trans_callback;
-        state->req->async.private_data = state;
-
-        talloc_steal(state, state->req);
-
-        return NT_STATUS_OK;
-}
-
-/*
-  called when a write request has completed
-*/
-static void smb_write_callback(struct smbcli_request *req)
-{
-        struct dcecli_connection *c = (struct dcecli_connection *)req->async.private_data;
-
-        if (!NT_STATUS_IS_OK(req->status)) {
-                DEBUG(0,("dcerpc_smb: write callback error\n"));
-                pipe_dead(c, req->status);
-        }
-
-        smbcli_request_destroy(req);
-}
-
-/* 
-   send a packet to the server
-*/
-static NTSTATUS smb_send_request(struct dcecli_connection *c, DATA_BLOB *blob, 
-                                 bool trigger_read)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-        union smb_write io;
-        struct smbcli_request *req;
-
-        if (!smb || smb->dead) {
-                return NT_STATUS_CONNECTION_DISCONNECTED;
-        }
-
-        if (trigger_read) {
-                return smb_send_trans_request(c, blob);
-        }
-
-        io.generic.level = RAW_WRITE_WRITEX;
-        io.writex.in.file.fnum = smb->fnum;
-        io.writex.in.offset = 0;
-        io.writex.in.wmode = PIPE_START_MESSAGE;
-        io.writex.in.remaining = blob->length;
-        io.writex.in.count = blob->length;
-        io.writex.in.data = blob->data;
-
-        /* we must not timeout at the smb level for rpc requests, as otherwise
-           signing/sealing can be messed up */
-        smb->tree->session->transport->options.request_timeout = 0;
-
-        req = smb_raw_write_send(smb->tree, &io);
-        if (req == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        req->async.fn = smb_write_callback;
-        req->async.private_data = c;
-
-        if (trigger_read) {
-                send_read_request(c);
-        }
-
-        return NT_STATUS_OK;
-}
-
-
-static void free_request(struct smbcli_request *req)
-{
-        talloc_free(req);
-}
-
-/* 
-   shutdown SMB pipe connection
-*/
-static NTSTATUS smb_shutdown_pipe(struct dcecli_connection *c, NTSTATUS status)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-        union smb_close io;
-        struct smbcli_request *req;
-
-        /* maybe we're still starting up */
-        if (!smb) return status;
-
-        io.close.level = RAW_CLOSE_CLOSE;
-        io.close.in.file.fnum = smb->fnum;
-        io.close.in.write_time = 0;
-        req = smb_raw_close_send(smb->tree, &io);
-        if (req != NULL) {
-                /* we don't care if this fails, so just free it if it succeeds */
-                req->async.fn = free_request;
-        }
-
-        talloc_free(smb);
-        c->transport.private_data = NULL;
-
-        return status;
-}
-
-/*
-  return SMB server name (called name)
-*/
-static const char *smb_peer_name(struct dcecli_connection *c)
-{
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
-        if (smb == NULL) return "";
-        return smb->server_name;
-}
-
-/*
-  return remote name we make the actual connection (good for kerberos) 
-*/
-static const char *smb_target_hostname(struct dcecli_connection *c)
-{
-        struct smb_private *smb = talloc_get_type(c->transport.private_data, struct smb_private);
-        if (smb == NULL) return "";
-        return smb->tree->session->transport->socket->hostname;
-}
 
 /*
@@ -426 +52 @@
 static NTSTATUS smb_session_key(struct dcecli_connection *c, DATA_BLOB *session_key)
 {
-        struct smb_private *smb = (struct smb_private *)c->transport.private_data;
+        struct smb_private *smb = talloc_get_type_abort(
+                c->transport.private_data, struct smb_private);
 
         if (smb == NULL) return NT_STATUS_CONNECTION_DISCONNECTED;
-        if (smb->tree->session->user_session_key.data) {
-                *session_key = smb->tree->session->user_session_key;
-                return NT_STATUS_OK;
-        }
-        return NT_STATUS_NO_USER_SESSION_KEY;
-}
-
-struct pipe_open_smb_state {
-        union smb_open *open;
+
+        if (smb->session_key.length == 0) {
+                return NT_STATUS_NO_USER_SESSION_KEY;
+        }
+
+        *session_key = smb->session_key;
+        return NT_STATUS_OK;
+}
+
+struct dcerpc_pipe_open_smb_state {
         struct dcecli_connection *c;
-        struct smbcli_tree *tree;
-        struct composite_context *ctx;
+        struct composite_context *ctx;
+
+        const char *fname;
+
+        struct smb_private *smb;
 };
 
-static void pipe_open_recv(struct smbcli_request *req);
-
-struct composite_context *dcerpc_pipe_open_smb_send(struct dcerpc_pipe *p, 
-                                                    struct smbcli_tree *tree,
-                                                    const char *pipe_name)
-{
-        struct composite_context *ctx;
-        struct pipe_open_smb_state *state;
-        struct smbcli_request *req;
-        struct dcecli_connection *c = p->conn;
-
-        /* if we don't have a binding on this pipe yet, then create one */
-        if (p->binding == NULL) {
-                NTSTATUS status;
-                char *s;
-                SMB_ASSERT(tree->session->transport->socket->hostname != NULL);
-                s = talloc_asprintf(p, "ncacn_np:%s", tree->session->transport->socket->hostname);
-                if (s == NULL) return NULL;
-                status = dcerpc_parse_binding(p, s, &p->binding);
-                talloc_free(s);
-                if (!NT_STATUS_IS_OK(status)) {
-                        return NULL;
-                }
-        }
+static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq);
+
+struct composite_context *dcerpc_pipe_open_smb_send(struct dcecli_connection *c,
+                                                struct smbXcli_conn *conn,
+                                                struct smbXcli_session *session,
+                                                struct smbXcli_tcon *tcon,
+                                                uint32_t timeout_msec,
+                                                const char *pipe_name)
+{
+        struct composite_context *ctx;
+        struct dcerpc_pipe_open_smb_state *state;
+        uint16_t pid = 0;
+        struct tevent_req *subreq;
 
         ctx = composite_create(c, c->event_ctx);
         if (ctx == NULL) return NULL;
 
-        state = talloc(ctx, struct pipe_open_smb_state);
+        state = talloc(ctx, struct dcerpc_pipe_open_smb_state);
         if (composite_nomem(state, ctx)) return ctx;
         ctx->private_data = state;
 
         state->c = c;
-        state->tree = tree;
         state->ctx = ctx;
-
-        state->open = talloc(state, union smb_open);
-        if (composite_nomem(state->open, ctx)) return ctx;
-
-        state->open->ntcreatex.level = RAW_OPEN_NTCREATEX;
-        state->open->ntcreatex.in.flags = 0;
-        state->open->ntcreatex.in.root_fid.fnum = 0;
-        state->open->ntcreatex.in.access_mask = 
-                SEC_STD_READ_CONTROL |
-                SEC_FILE_WRITE_ATTRIBUTE |
-                SEC_FILE_WRITE_EA |
-                SEC_FILE_READ_DATA |
-                SEC_FILE_WRITE_DATA;
-        state->open->ntcreatex.in.file_attr = 0;
-        state->open->ntcreatex.in.alloc_size = 0;
-        state->open->ntcreatex.in.share_access = 
-                NTCREATEX_SHARE_ACCESS_READ |
-                NTCREATEX_SHARE_ACCESS_WRITE;
-        state->open->ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
-        state->open->ntcreatex.in.create_options = 0;
-        state->open->ntcreatex.in.impersonation =
-                NTCREATEX_IMPERSONATION_IMPERSONATION;
-        state->open->ntcreatex.in.security_flags = 0;
 
         if ((strncasecmp(pipe_name, "/pipe/", 6) == 0) || 
@@ -506 +102 @@
                 pipe_name += 6;
         }
-        state->open->ntcreatex.in.fname =
-                (pipe_name[0] == '\\') ?
-                talloc_strdup(state->open, pipe_name) :
-                talloc_asprintf(state->open, "\\%s", pipe_name);
-        if (composite_nomem(state->open->ntcreatex.in.fname, ctx)) return ctx;
-
-        req = smb_raw_open_send(tree, state->open);
-        composite_continue_smb(ctx, req, pipe_open_recv, state);
+        if ((strncasecmp(pipe_name, "/", 1) == 0) ||
+            (strncasecmp(pipe_name, "\\", 1) == 0)) {
+                pipe_name += 1;
+        }
+        state->fname = talloc_strdup(state, pipe_name);
+        if (composite_nomem(state->fname, ctx)) return ctx;
+
+        state->smb = talloc_zero(state, struct smb_private);
+        if (composite_nomem(state->smb, ctx)) return ctx;
+
+        state->smb->conn = conn;
+        state->smb->session = session;
+        state->smb->tcon = tcon;
+        state->smb->timeout_msec = timeout_msec;
+
+        state->c->server_name = strupper_talloc(state->c,
+                smbXcli_conn_remote_name(conn));
+        if (composite_nomem(state->c->server_name, ctx)) return ctx;
+
+        ctx->status = smbXcli_session_application_key(session,
+                                                      state->smb,
+                                                      &state->smb->session_key);
+        if (NT_STATUS_EQUAL(ctx->status, NT_STATUS_NO_USER_SESSION_KEY)) {
+                state->smb->session_key = data_blob_null;
+                ctx->status = NT_STATUS_OK;
+        }
+        if (!composite_is_ok(ctx)) return ctx;
+
+        subreq = tstream_smbXcli_np_open_send(state, c->event_ctx,
+                                              conn, session, tcon, pid,
+                                              timeout_msec, state->fname);
+        if (composite_nomem(subreq, ctx)) return ctx;
+        tevent_req_set_callback(subreq, dcerpc_pipe_open_smb_done, state);
+
         return ctx;
 }
 
-static void pipe_open_recv(struct smbcli_request *req)
-{
-        struct pipe_open_smb_state *state = talloc_get_type(req->async.private_data,
-                                            struct pipe_open_smb_state);
+static void dcerpc_pipe_open_smb_done(struct tevent_req *subreq)
+{
+        struct dcerpc_pipe_open_smb_state *state =
+                tevent_req_callback_data(subreq,
+                struct dcerpc_pipe_open_smb_state);
         struct composite_context *ctx = state->ctx;
         struct dcecli_connection *c = state->c;
-        struct smb_private *smb;
-        
-        ctx->status = smb_raw_open_recv(req, state, state->open);
+
+        ctx->status = tstream_smbXcli_np_open_recv(subreq,
+                                                   state->smb,
+                                                   &state->c->transport.stream);
+        TALLOC_FREE(subreq);
         if (!composite_is_ok(ctx)) return;
+
+        state->c->transport.write_queue =
+                tevent_queue_create(state->c, "dcerpc_smb write queue");
+        if (composite_nomem(state->c->transport.write_queue, ctx)) return;
 
         /*
@@ -533 +162 @@
         c->transport.transport       = NCACN_NP;
         c->transport.private_data    = NULL;
-        c->transport.shutdown_pipe   = smb_shutdown_pipe;
-        c->transport.peer_name       = smb_peer_name;
-        c->transport.target_hostname = smb_target_hostname;
-
-        c->transport.send_request    = smb_send_request;
-        c->transport.send_read       = send_read_request;
-        c->transport.recv_data       = NULL;
-        
+
+        /*
+         * Windows uses 4280 for ncacn_np,
+         * so we also use it, this is what our
+         * tstream_smbXcli_np code relies on.
+         */
+        c->srv_max_xmit_frag = 4280;
+        c->srv_max_recv_frag = 4280;
+
         /* Over-ride the default session key with the SMB session key */
         c->security_state.session_key = smb_session_key;
 
-        smb = talloc(c, struct smb_private);
-        if (composite_nomem(smb, ctx)) return;
-
-        smb->fnum       = state->open->ntcreatex.out.file.fnum;
-        smb->tree       = talloc_reference(smb, state->tree);
-        smb->server_name= strupper_talloc(smb,
-                          state->tree->session->transport->called.name);
-        if (composite_nomem(smb->server_name, ctx)) return;
-        smb->dead       = false;
-
-        c->transport.private_data = smb;
+        c->transport.private_data = talloc_move(c, &state->smb);
 
         composite_done(ctx);
@@ -567 +187 @@
 
 _PUBLIC_ NTSTATUS dcerpc_pipe_open_smb(struct dcerpc_pipe *p,
-                              struct smbcli_tree *tree,
+                              struct smbcli_tree *t,
                               const char *pipe_name)
 {
-        struct composite_context *ctx = dcerpc_pipe_open_smb_send(p, tree,
-                                                                  pipe_name);
+        struct smbXcli_conn *conn;
+        struct smbXcli_session *session;
+        struct smbXcli_tcon *tcon;
+        struct composite_context *ctx;
+
+        conn = t->session->transport->conn;
+        session = t->session->smbXcli;
+        tcon = t->smbXcli;
+        smb1cli_tcon_set_id(tcon, t->tid);
+
+        /* if we don't have a binding on this pipe yet, then create one */
+        if (p->binding == NULL) {
+                struct dcerpc_binding *b;
+                NTSTATUS status;
+                const char *r = smbXcli_conn_remote_name(conn);
+                char *str;
+                SMB_ASSERT(r != NULL);
+                str = talloc_asprintf(p, "ncacn_np:%s", r);
+                if (str == NULL) {
+                        return NT_STATUS_NO_MEMORY;
+                }
+                status = dcerpc_parse_binding(p, str, &b);
+                talloc_free(str);
+                if (!NT_STATUS_IS_OK(status)) {
+                        return status;
+                }
+                p->binding = b;
+        }
+
+        ctx = dcerpc_pipe_open_smb_send(p->conn,
+                                        conn, session, tcon,
+                                        DCERPC_REQUEST_TIMEOUT * 1000,
+                                        pipe_name);
+        if (ctx == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
         return dcerpc_pipe_open_smb_recv(ctx);
 }
 
-/*
-  return the SMB tree used for a dcerpc over SMB pipe
-*/
-_PUBLIC_ struct smbcli_tree *dcerpc_smb_tree(struct dcecli_connection *c)
+_PUBLIC_ NTSTATUS dcerpc_pipe_open_smb2(struct dcerpc_pipe *p,
+                              struct smb2_tree *t,
+                              const char *pipe_name)
+{
+        struct smbXcli_conn *conn;
+        struct smbXcli_session *session;
+        struct smbXcli_tcon *tcon;
+        struct composite_context *ctx;
+
+        conn = t->session->transport->conn;
+        session = t->session->smbXcli;
+        tcon = t->smbXcli;
+
+        /* if we don't have a binding on this pipe yet, then create one */
+        if (p->binding == NULL) {
+                struct dcerpc_binding *b;
+                NTSTATUS status;
+                const char *r = smbXcli_conn_remote_name(conn);
+                char *str;
+                SMB_ASSERT(r != NULL);
+                str = talloc_asprintf(p, "ncacn_np:%s", r);
+                if (str == NULL) {
+                        return NT_STATUS_NO_MEMORY;
+                }
+                status = dcerpc_parse_binding(p, str, &b);
+                talloc_free(str);
+                if (!NT_STATUS_IS_OK(status)) {
+                        return status;
+                }
+                p->binding = b;
+        }
+
+        ctx = dcerpc_pipe_open_smb_send(p->conn,
+                                        conn, session, tcon,
+                                        DCERPC_REQUEST_TIMEOUT * 1000,
+                                        pipe_name);
+        if (ctx == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+
+        return dcerpc_pipe_open_smb_recv(ctx);
+}
+
+struct composite_context *dcerpc_secondary_smb_send(struct dcecli_connection *c1,
+                                                    struct dcecli_connection *c2,
+                                                    const char *pipe_name)
 {
         struct smb_private *smb;
 
-        if (c->transport.transport != NCACN_NP) return NULL;
-
-        smb = talloc_get_type(c->transport.private_data, struct smb_private);
+        if (c1->transport.transport != NCACN_NP) return NULL;
+
+        smb = talloc_get_type(c1->transport.private_data, struct smb_private);
         if (!smb) return NULL;
 
-        return smb->tree;
-}
-
-/*
-  return the SMB fnum used for a dcerpc over SMB pipe (hack for torture operations)
-*/
-_PUBLIC_ uint16_t dcerpc_smb_fnum(struct dcecli_connection *c)
-{
-        struct smb_private *smb;
-
-        if (c->transport.transport != NCACN_NP) return 0;
-
-        smb = talloc_get_type(c->transport.private_data, struct smb_private);
-        if (!smb) return 0;
-
-        return smb->fnum;
-}
+        return dcerpc_pipe_open_smb_send(c2,
+                                         smb->conn,
+                                         smb->session,
+                                         smb->tcon,
+                                         smb->timeout_msec,
+                                         pipe_name);
+}
+
+NTSTATUS dcerpc_secondary_smb_recv(struct composite_context *c)
+{
+        return dcerpc_pipe_open_smb_recv(c);
+}

vendor/current/source4/librpc/rpc/dcerpc_sock.c

@@ -23 +23 @@
 
 #include "includes.h"
+#include "system/filesys.h"
 #include "lib/events/events.h"
 #include "lib/socket/socket.h"
-#include "lib/stream/packet.h"
+#include "lib/tsocket/tsocket.h"
 #include "libcli/composite/composite.h"
 #include "librpc/rpc/dcerpc.h"
@@ -32 +33 @@
 #include "librpc/rpc/rpc_common.h"
 
-/* transport private information used by general socket pipe transports */
-struct sock_private {
-        struct tevent_fd *fde;
-        struct socket_context *sock;
-        char *server_name;
-
-        struct packet_context *packet;
-        uint32_t pending_reads;
-
-        const char *path; /* For ncacn_unix_sock and ncalrpc */
-};
-
-
-/*
-  mark the socket dead
-*/
-static void sock_dead(struct dcecli_connection *p, NTSTATUS status)
-{
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-
-        if (!sock) return;
-
-        if (sock->packet) {
-                packet_recv_disable(sock->packet);
-                packet_set_fde(sock->packet, NULL);
-                packet_set_socket(sock->packet, NULL);
-        }
-
-        if (sock->fde) {
-                talloc_free(sock->fde);
-                sock->fde = NULL;
-        }
-
-        if (sock->sock) {
-                talloc_free(sock->sock);
-                sock->sock = NULL;
-        }
-
-        if (NT_STATUS_EQUAL(NT_STATUS_UNSUCCESSFUL, status)) {
-                status = NT_STATUS_UNEXPECTED_NETWORK_ERROR;
-        }
-
-        if (NT_STATUS_EQUAL(NT_STATUS_OK, status)) {
-                status = NT_STATUS_END_OF_FILE;
-        }
-
-        if (p->transport.recv_data) {
-                p->transport.recv_data(p, NULL, status);
-        }
-}
-
-
-/*
-  handle socket recv errors
-*/
-static void sock_error_handler(void *private_data, NTSTATUS status)
-{
-        struct dcecli_connection *p = talloc_get_type(private_data,
-                                                      struct dcecli_connection);
-        sock_dead(p, status);
-}
-
-/*
-  check if a blob is a complete packet
-*/
-static NTSTATUS sock_complete_packet(void *private_data, DATA_BLOB blob, size_t *size)
-{
-        if (blob.length < DCERPC_FRAG_LEN_OFFSET+2) {
-                return STATUS_MORE_ENTRIES;
-        }
-        *size = dcerpc_get_frag_length(&blob);
-        if (*size < blob.length) {
-                /*
-                 * something is wrong, let the caller deal with it
-                 */
-                *size = blob.length;
-        }
-        if (*size > blob.length) {
-                return STATUS_MORE_ENTRIES;
-        }
-        return NT_STATUS_OK;
-}
-
-/*
-  process recv requests
-*/
-static NTSTATUS sock_process_recv(void *private_data, DATA_BLOB blob)
-{
-        struct dcecli_connection *p = talloc_get_type(private_data,
-                                                      struct dcecli_connection);
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-        sock->pending_reads--;
-        if (sock->pending_reads == 0) {
-                packet_recv_disable(sock->packet);
-        }
-        p->transport.recv_data(p, &blob, NT_STATUS_OK);
-        return NT_STATUS_OK;
-}
-
-/*
-  called when a IO is triggered by the events system
-*/
-static void sock_io_handler(struct tevent_context *ev, struct tevent_fd *fde, 
-                            uint16_t flags, void *private_data)
-{
-        struct dcecli_connection *p = talloc_get_type(private_data,
-                                                      struct dcecli_connection);
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-
-        if (flags & EVENT_FD_WRITE) {
-                packet_queue_run(sock->packet);
-                return;
-        }
-
-        if (sock->sock == NULL) {
-                return;
-        }
-
-        if (flags & EVENT_FD_READ) {
-                packet_recv(sock->packet);
-        }
-}
-
-/* 
-   initiate a read request - not needed for dcerpc sockets
-*/
-static NTSTATUS sock_send_read(struct dcecli_connection *p)
-{
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-        sock->pending_reads++;
-        if (sock->pending_reads == 1) {
-                packet_recv_enable(sock->packet);
-        }
-        return NT_STATUS_OK;
-}
-
-/* 
-   send an initial pdu in a multi-pdu sequence
-*/
-static NTSTATUS sock_send_request(struct dcecli_connection *p, DATA_BLOB *data, 
-                                  bool trigger_read)
-{
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-        DATA_BLOB blob;
-        NTSTATUS status;
-
-        if (sock->sock == NULL) {
-                return NT_STATUS_CONNECTION_DISCONNECTED;
-        }
-
-        blob = data_blob_talloc(sock->packet, data->data, data->length);
-        if (blob.data == NULL) {
-                return NT_STATUS_NO_MEMORY;
-        }
-
-        status = packet_send(sock->packet, blob);
-        if (!NT_STATUS_IS_OK(status)) {
-                return status;
-        }
-
-        if (trigger_read) {
-                sock_send_read(p);
-        }
-
-        return NT_STATUS_OK;
-}
-
-/* 
-   shutdown sock pipe connection
-*/
-static NTSTATUS sock_shutdown_pipe(struct dcecli_connection *p, NTSTATUS status)
-{
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-
-        if (sock && sock->sock) {
-                sock_dead(p, status);
-        }
-
-        return status;
-}
-
-/*
-  return sock server name
-*/
-static const char *sock_peer_name(struct dcecli_connection *p)
-{
-        struct sock_private *sock = talloc_get_type(p->transport.private_data, struct sock_private);
-        return sock->server_name;
-}
-
-/*
-  return remote name we make the actual connection (good for kerberos) 
-*/
-static const char *sock_target_hostname(struct dcecli_connection *p)
-{
-        struct sock_private *sock = talloc_get_type(p->transport.private_data, struct sock_private);
-        return sock->server_name;
-}
-
-
 struct pipe_open_socket_state {
         struct dcecli_connection *conn;
         struct socket_context *socket_ctx;
-        struct sock_private *sock;
         struct socket_address *localaddr;
         struct socket_address *server;
         const char *target_hostname;
         enum dcerpc_transport_t transport;
+        struct socket_address *client;
 };
 
@@ -246 +47 @@
 {
         struct dcecli_connection *conn;
-        struct sock_private *sock;
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-        struct pipe_open_socket_state *s = talloc_get_type(c->private_data,
-                                                           struct pipe_open_socket_state);
+        struct composite_context *c = talloc_get_type_abort(
+                ctx->async.private_data, struct composite_context);
+        struct pipe_open_socket_state *s = talloc_get_type_abort(
+                c->private_data, struct pipe_open_socket_state);
+        int rc;
+        int sock_fd;
 
         /* make it easier to write a function calls */
         conn = s->conn;
-        sock = s->sock;
 
         c->status = socket_connect_recv(ctx);
@@ -265 +66 @@
         }
 
+        s->client = socket_get_my_addr(s->socket_ctx, s);
+        if (s->client == NULL) {
+                TALLOC_FREE(s->socket_ctx);
+                composite_error(c, NT_STATUS_NO_MEMORY);
+                return;
+        }
+        sock_fd = socket_get_fd(s->socket_ctx);
+        socket_set_flags(s->socket_ctx, SOCKET_FLAG_NOCLOSE);
+        TALLOC_FREE(s->socket_ctx);
+
         /*
           fill in the transport methods
@@ -271 +82 @@
         conn->transport.private_data    = NULL;
 
-        conn->transport.send_request    = sock_send_request;
-        conn->transport.send_read       = sock_send_read;
-        conn->transport.recv_data       = NULL;
-
-        conn->transport.shutdown_pipe   = sock_shutdown_pipe;
-        conn->transport.peer_name       = sock_peer_name;
-        conn->transport.target_hostname = sock_target_hostname;
-
-        sock->sock          = s->socket_ctx;
-        sock->pending_reads = 0;
-        sock->server_name   = strupper_talloc(sock, s->target_hostname);
-
-        sock->fde = event_add_fd(conn->event_ctx, sock->sock, socket_get_fd(sock->sock),
-                                 EVENT_FD_READ, sock_io_handler, conn);
-        
-        conn->transport.private_data = sock;
-
-        sock->packet = packet_init(sock);
-        if (sock->packet == NULL) {
+        /*
+         * Windows uses 5840 for ncacn_ip_tcp,
+         * so we also use it (for every transport which uses bsd sockets)
+         */
+        conn->srv_max_xmit_frag = 5840;
+        conn->srv_max_recv_frag = 5840;
+
+        conn->transport.pending_reads = 0;
+        conn->server_name   = strupper_talloc(conn, s->target_hostname);
+
+        rc = tstream_bsd_existing_socket(conn, sock_fd,
+                                         &conn->transport.stream);
+        if (rc < 0) {
+                close(sock_fd);
                 composite_error(c, NT_STATUS_NO_MEMORY);
-                talloc_free(sock);
                 return;
         }
 
-        packet_set_private(sock->packet, conn);
-        packet_set_socket(sock->packet, sock->sock);
-        packet_set_callback(sock->packet, sock_process_recv);
-        packet_set_full_request(sock->packet, sock_complete_packet);
-        packet_set_error_handler(sock->packet, sock_error_handler);
-        packet_set_event_context(sock->packet, conn->event_ctx);
-        packet_set_fde(sock->packet, sock->fde);
-        packet_set_serialise(sock->packet);
-        packet_set_initial_read(sock->packet, 16);
+        conn->transport.write_queue =
+                tevent_queue_create(conn, "dcerpc sock write queue");
+        if (conn->transport.write_queue == NULL) {
+                TALLOC_FREE(conn->transport.stream);
+                composite_error(c, NT_STATUS_NO_MEMORY);
+                return;
+        }
 
         /* ensure we don't get SIGPIPE */
@@ -334 +137 @@
         s->transport = transport;
         if (localaddr) {
-                s->localaddr = talloc_reference(c, localaddr);
+                s->localaddr = socket_address_copy(s, localaddr);
                 if (composite_nomem(s->localaddr, c)) return c;
         }
-        s->server    = talloc_reference(c, server);
+        s->server = socket_address_copy(s, server);
         if (composite_nomem(s->server, c)) return c;
-        s->target_hostname = talloc_reference(s, target_hostname);
-
-        s->sock = talloc(cn, struct sock_private);
-        if (composite_nomem(s->sock, c)) return c;
+        if (target_hostname) {
+                s->target_hostname = talloc_strdup(s, target_hostname);
+                if (composite_nomem(s->target_hostname, c)) return c;
+        }
 
         c->status = socket_create(server->family, SOCKET_TYPE_STREAM, &s->socket_ctx, 0);
         if (!composite_is_ok(c)) return c;
 
-        talloc_steal(s->sock, s->socket_ctx);
-
-        s->sock->path = talloc_reference(s->sock, full_path);
+        talloc_steal(s, s->socket_ctx);
 
         conn_req = socket_connect_send(s->socket_ctx, s->localaddr, s->server, 0,
@@ -357 +158 @@
 }
 
-
-static NTSTATUS dcerpc_pipe_open_socket_recv(struct composite_context *c)
+static NTSTATUS dcerpc_pipe_open_socket_recv(struct composite_context *c,
+                                             TALLOC_CTX *mem_ctx,
+                                             struct socket_address **localaddr)
 {
         NTSTATUS status = composite_wait(c);
+
+        if (NT_STATUS_IS_OK(status)) {
+                struct pipe_open_socket_state *s =
+                        talloc_get_type_abort(c->private_data,
+                        struct pipe_open_socket_state);
+
+                if (localaddr != NULL) {
+                        *localaddr = talloc_move(mem_ctx, &s->client);
+                }
+        }
 
         talloc_free(c);
@@ -369 +181 @@
         const char *server;
         const char *target_hostname;
-        const char *address;
+        const char **addresses;
+        uint32_t index;
         uint32_t port;
         struct socket_address *localaddr;
@@ -375 +188 @@
         struct resolve_context *resolve_ctx;
         struct dcecli_connection *conn;
+        char *local_address;
+        char *remote_address;
 };
 
 
-#if 0 /* disabled till we can resolve names to ipv6 addresses */
-static void continue_ipv6_open_socket(struct composite_context *ctx);
-#endif
-static void continue_ipv4_open_socket(struct composite_context *ctx);
+static void continue_ip_open_socket(struct composite_context *ctx);
 static void continue_ip_resolve_name(struct composite_context *ctx);
 
 static void continue_ip_resolve_name(struct composite_context *ctx)
 {
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-        struct pipe_tcp_state *s = talloc_get_type(c->private_data,
-                                                   struct pipe_tcp_state);
-        struct composite_context *sock_ipv4_req;
-
-        c->status = resolve_name_recv(ctx, s, &s->address);
+        struct composite_context *c = talloc_get_type_abort(
+                ctx->async.private_data, struct composite_context);
+        struct pipe_tcp_state *s = talloc_get_type_abort(
+                c->private_data, struct pipe_tcp_state);
+        struct composite_context *sock_ip_req;
+
+        c->status = resolve_name_multiple_recv(ctx, s, &s->addresses);
         if (!composite_is_ok(c)) return;
 
         /* prepare server address using host ip:port and transport name */
-        s->srvaddr = socket_address_from_strings(s->conn, "ipv4", s->address, s->port);
+        s->srvaddr = socket_address_from_strings(s->conn, "ip", s->addresses[s->index], s->port);
+        s->index++;
         if (composite_nomem(s->srvaddr, c)) return;
 
-        /* resolve_nbt_name gives only ipv4 ... - send socket open request */
-        sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
+        sock_ip_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
                                                      s->srvaddr, s->target_hostname,
                                                      NULL,
                                                      NCACN_IP_TCP);
-        composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c);
-}
+        composite_continue(c, sock_ip_req, continue_ip_open_socket, c);
+}
+
 
 /*
   Stage 2 of dcerpc_pipe_open_tcp_send: receive result of pipe open request
-  on IPv6 and send the request on IPv4 unless IPv6 transport succeeded.
-*/
-#if 0 /* disabled till we can resolve names to ipv6 addresses */
-static void continue_ipv6_open_socket(struct composite_context *ctx)
-{
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-        struct pipe_tcp_state *s = talloc_get_type(c->private_data,
-                                                   struct pipe_tcp_state);
-        struct composite_context *sock_ipv4_req;
-
-        /* receive result of socket open request */
-        c->status = dcerpc_pipe_open_socket_recv(ctx);
-        if (NT_STATUS_IS_OK(c->status)) {
-                composite_done(c);
-                return;
-        }
-
-        talloc_free(s->srvaddr);
-
-        /* prepare server address using host:ip and transport name */
-        s->srvaddr = socket_address_from_strings(s->conn, "ipv4", s->address, s->port);
-        if (composite_nomem(s->srvaddr, c)) return;
-
-        /* try IPv4 if IPv6 fails */
-        sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
-                                                     s->srvaddr, s->target_hostname, 
-                                                     NCACN_IP_TCP);
-        composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c);
-}
-#endif
-
-/*
-  Stage 2 of dcerpc_pipe_open_tcp_send: receive result of pipe open request
-  on IPv4 transport.
-*/
-static void continue_ipv4_open_socket(struct composite_context *ctx)
-{
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-        struct pipe_tcp_state *s = talloc_get_type(c->private_data,
-                                                   struct pipe_tcp_state);
-        
+  on IP transport.
+*/
+static void continue_ip_open_socket(struct composite_context *ctx)
+{
+        struct composite_context *c = talloc_get_type_abort(
+                ctx->async.private_data, struct composite_context);
+        struct pipe_tcp_state *s = talloc_get_type_abort(
+                c->private_data, struct pipe_tcp_state);
+        struct socket_address *localaddr = NULL;
+
         /* receive result socket open request */
-        c->status = dcerpc_pipe_open_socket_recv(ctx);
+        c->status = dcerpc_pipe_open_socket_recv(ctx, s, &localaddr);
         if (!NT_STATUS_IS_OK(c->status)) {
                 /* something went wrong... */
                 DEBUG(0, ("Failed to connect host %s (%s) on port %d - %s.\n",
-                          s->address, s->target_hostname, 
+                          s->addresses[s->index - 1], s->target_hostname,
                           s->port, nt_errstr(c->status)));
-
-                composite_error(c, c->status);
-                return;
-        }
+                if (s->addresses[s->index]) {
+                        struct composite_context *sock_ip_req;
+                        talloc_free(s->srvaddr);
+                        /* prepare server address using host ip:port and transport name */
+                        s->srvaddr = socket_address_from_strings(s->conn, "ip", s->addresses[s->index], s->port);
+                        s->index++;
+                        if (composite_nomem(s->srvaddr, c)) return;
+
+                        sock_ip_req = dcerpc_pipe_open_socket_send(c, s->conn, s->localaddr,
+                                                                s->srvaddr, s->target_hostname,
+                                                                NULL,
+                                                                NCACN_IP_TCP);
+                        composite_continue(c, sock_ip_req, continue_ip_open_socket, c);
+
+                        return;
+                } else {
+                        composite_error(c, c->status);
+                        return;
+                }
+        }
+
+        s->local_address = talloc_strdup(s, localaddr->addr);
+        if (composite_nomem(s->local_address, c)) return;
+        s->remote_address = talloc_strdup(s, s->addresses[s->index - 1]);
+        if (composite_nomem(s->remote_address, c)) return;
 
         composite_done(c);
@@ -517 +318 @@
   Receive result of pipe open request on tcp/ip
 */
-NTSTATUS dcerpc_pipe_open_tcp_recv(struct composite_context *c)
+NTSTATUS dcerpc_pipe_open_tcp_recv(struct composite_context *c,
+                                   TALLOC_CTX *mem_ctx,
+                                   char **localaddr,
+                                   char **remoteaddr)
 {
         NTSTATUS status;
         status = composite_wait(c);
+
+        if (NT_STATUS_IS_OK(status)) {
+                struct pipe_tcp_state *s = talloc_get_type_abort(
+                        c->private_data, struct pipe_tcp_state);
+
+                if (localaddr != NULL) {
+                        *localaddr = talloc_move(mem_ctx, &s->local_address);
+                }
+                if (remoteaddr != NULL) {
+                        *remoteaddr = talloc_move(mem_ctx, &s->remote_address);
+                }
+        }
 
         talloc_free(c);
@@ -540 +356 @@
 static void continue_unix_open_socket(struct composite_context *ctx)
 {
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-
-        c->status = dcerpc_pipe_open_socket_recv(ctx);
+        struct composite_context *c = talloc_get_type_abort(
+                ctx->async.private_data, struct composite_context);
+
+        c->status = dcerpc_pipe_open_socket_recv(ctx, NULL, NULL);
         if (NT_STATUS_IS_OK(c->status)) {
                 composite_done(c);
@@ -607 +423 @@
 static void continue_np_open_socket(struct composite_context *ctx)
 {
-        struct composite_context *c = talloc_get_type(ctx->async.private_data,
-                                                      struct composite_context);
-
-        c->status = dcerpc_pipe_open_socket_recv(ctx);
+        struct composite_context *c = talloc_get_type_abort(
+                ctx->async.private_data, struct composite_context);
+
+        c->status = dcerpc_pipe_open_socket_recv(ctx, NULL, NULL);
         if (!composite_is_ok(c)) return;
 
@@ -678 +494 @@
         return dcerpc_pipe_open_pipe_recv(c);
 }
-
-const char *dcerpc_unix_socket_path(struct dcecli_connection *p)
-{
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-        return sock->path;
-}
-
-struct socket_address *dcerpc_socket_peer_addr(struct dcecli_connection *p, TALLOC_CTX *mem_ctx)
-{
-        struct sock_private *sock = (struct sock_private *)p->transport.private_data;
-        return socket_get_peer_addr(sock->sock, mem_ctx);
-}
-

vendor/current/source4/librpc/rpc/dcerpc_util.c

@@ -31 +31 @@
 #include "librpc/rpc/dcerpc_proto.h"
 #include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
 #include "param/param.h"
 #include "librpc/rpc/rpc_common.h"
@@ -117 +118 @@
         struct dcerpc_pipe *pipe;
         struct policy_handle handle;
-        struct GUID guid;
+        struct GUID object;
         struct epm_twr_t twr;
         struct epm_twr_t *twr_r;
@@ -145 +146 @@
         if (!composite_is_ok(c)) return;
 
-        /* prepare requested binding parameters */
-        s->binding->object         = s->table->syntax_id;
-
         c->status = dcerpc_binding_build_tower(s->pipe, s->binding, &s->twr.tower);
         if (!composite_is_ok(c)) return;
         
         /* with some nice pretty paper around it of course */
-        s->r.in.object        = &s->guid;
+        s->r.in.object        = &s->object;
         s->r.in.map_tower     = &s->twr;
         s->r.in.entry_handle  = &s->handle;
@@ -178 +176 @@
         struct epm_map_binding_state *s = talloc_get_type(c->private_data,
                                                           struct epm_map_binding_state);
+        const char *endpoint;
 
         /* receive result of a rpc request */
@@ -203 +202 @@
 
         /* get received endpoint */
-        s->binding->endpoint = talloc_reference(s->binding,
-                                                dcerpc_floor_get_rhs_data(c, &s->twr_r->tower.floors[3]));
-        if (composite_nomem(s->binding->endpoint, c)) return;
+        endpoint = dcerpc_floor_get_rhs_data(s, &s->twr_r->tower.floors[3]);
+        if (composite_nomem(endpoint, c)) return;
+
+        c->status = dcerpc_binding_set_string_option(s->binding,
+                                                     "endpoint",
+                                                     endpoint);
+        if (!composite_is_ok(c)) {
+                return;
+        }
 
         composite_done(c);
@@ -218 +223 @@
                                                       struct dcerpc_binding *binding,
                                                       const struct ndr_interface_table *table,
+                                                      struct cli_credentials *creds,
                                                       struct tevent_context *ev,
                                                       struct loadparm_context *lp_ctx)
@@ -224 +230 @@
         struct epm_map_binding_state *s;
         struct composite_context *pipe_connect_req;
-        struct cli_credentials *anon_creds;
-
         NTSTATUS status;
         struct dcerpc_binding *epmapper_binding;
@@ -245 +249 @@
 
         s->binding = binding;
+        s->object  = dcerpc_binding_get_object(binding);
         s->table   = table;
 
-        /* anonymous credentials for rpc connection used to get endpoint mapping */
-        anon_creds = cli_credentials_init(mem_ctx);
-        cli_credentials_set_anonymous(anon_creds);
+        c->status = dcerpc_binding_set_abstract_syntax(binding,
+                                                       &table->syntax_id);
+        if (!composite_is_ok(c)) {
+                return c;
+        }
 
         /*
           First, check if there is a default endpoint specified in the IDL
         */
-        if (table != NULL) {
+        for (i = 0; i < table->endpoints->count; i++) {
                 struct dcerpc_binding *default_binding;
-
-                /* Find one of the default pipes for this interface */
-                for (i = 0; i < table->endpoints->count; i++) {
-                        status = dcerpc_parse_binding(mem_ctx, table->endpoints->names[i], &default_binding);
-
-                        if (NT_STATUS_IS_OK(status)) {
-                                if (binding->transport == NCA_UNKNOWN) 
-                                        binding->transport = default_binding->transport;
-                                if (default_binding->transport == binding->transport && 
-                                        default_binding->endpoint) {
-                                        binding->endpoint = talloc_reference(binding, default_binding->endpoint);
-                                        talloc_free(default_binding);
-
-                                        composite_done(c);
-                                        return c;
-
-                                } else {
-                                        talloc_free(default_binding);
-                                }
+                enum dcerpc_transport_t transport;
+                enum dcerpc_transport_t dtransport;
+                const char *dendpoint = NULL;
+
+                status = dcerpc_parse_binding(s,
+                                              table->endpoints->names[i],
+                                              &default_binding);
+                if (!NT_STATUS_IS_OK(status)) {
+                        continue;
+                }
+
+                transport = dcerpc_binding_get_transport(binding);
+                dtransport = dcerpc_binding_get_transport(default_binding);
+                if (transport == NCA_UNKNOWN) {
+                        c->status = dcerpc_binding_set_transport(binding,
+                                                                 dtransport);
+                        if (!composite_is_ok(c)) {
+                                return c;
                         }
-                }
-        }
-
-        epmapper_binding = talloc_zero(c, struct dcerpc_binding);
+                        transport = dtransport;
+                }
+
+                if (transport != dtransport) {
+                        TALLOC_FREE(default_binding);
+                        continue;
+                }
+
+                dendpoint = dcerpc_binding_get_string_option(default_binding,
+                                                             "endpoint");
+                if (dendpoint == NULL) {
+                        TALLOC_FREE(default_binding);
+                        continue;
+                }
+
+                c->status = dcerpc_binding_set_string_option(binding,
+                                                             "endpoint",
+                                                             dendpoint);
+                if (!composite_is_ok(c)) {
+                        return c;
+                }
+
+                TALLOC_FREE(default_binding);
+                composite_done(c);
+                return c;
+        }
+
+        epmapper_binding = dcerpc_binding_dup(s, binding);
         if (composite_nomem(epmapper_binding, c)) return c;
 
         /* basic endpoint mapping data */
-        epmapper_binding->transport             = binding->transport;
-        epmapper_binding->host                  = talloc_reference(epmapper_binding, binding->host);
-        epmapper_binding->target_hostname       = epmapper_binding->host;
-        epmapper_binding->options               = NULL;
-        epmapper_binding->localaddress          = talloc_reference(epmapper_binding, binding->localaddress);
-        epmapper_binding->flags                 = 0;
-        epmapper_binding->assoc_group_id        = 0;
-        epmapper_binding->endpoint              = NULL;
+        c->status = dcerpc_binding_set_string_option(epmapper_binding,
+                                                     "endpoint", NULL);
+        if (!composite_is_ok(c)) {
+                return c;
+        }
+        c->status = dcerpc_binding_set_flags(epmapper_binding, 0, UINT32_MAX);
+        if (!composite_is_ok(c)) {
+                return c;
+        }
+        c->status = dcerpc_binding_set_assoc_group_id(epmapper_binding, 0);
+        if (!composite_is_ok(c)) {
+                return c;
+        }
+        c->status = dcerpc_binding_set_object(epmapper_binding, GUID_zero());
+        if (!composite_is_ok(c)) {
+                return c;
+        }
 
         /* initiate rpc pipe connection */
-        pipe_connect_req = dcerpc_pipe_connect_b_send(c, epmapper_binding, 
+        pipe_connect_req = dcerpc_pipe_connect_b_send(s, epmapper_binding,
                                                       &ndr_table_epmapper,
-                                                      anon_creds, c->event_ctx,
+                                                      creds, c->event_ctx,
                                                       lp_ctx);
         if (composite_nomem(pipe_connect_req, c)) return c;
@@ -324 +363 @@
 {
         struct composite_context *c;
-
-        c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, ev, lp_ctx);
+        struct cli_credentials *epm_creds;
+
+        epm_creds = cli_credentials_init_anon(mem_ctx);
+        if (epm_creds == NULL) {
+                return NT_STATUS_NO_MEMORY;
+        }
+        c = dcerpc_epm_map_binding_send(mem_ctx, binding, table, epm_creds, ev, lp_ctx);
+        if (c == NULL) {
+                talloc_free(epm_creds);
+                return NT_STATUS_NO_MEMORY;
+        }
+        talloc_steal(c, epm_creds);
         return dcerpc_epm_map_binding_recv(c);
 }
@@ -332 +381 @@
 struct pipe_auth_state {
         struct dcerpc_pipe *pipe;
-        struct dcerpc_binding *binding;
+        const struct dcerpc_binding *binding;
         const struct ndr_interface_table *table;
         struct loadparm_context *lp_ctx;
         struct cli_credentials *credentials;
+        unsigned int logon_retries;
 };
 
@@ -395 +445 @@
                 composite_continue(c, sec_conn_req, continue_ntlmssp_connection, c);
                 return;
-        } else if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE)) {
-                if (cli_credentials_wrong_password(s->credentials)) {
+        } else if (NT_STATUS_EQUAL(c->status, NT_STATUS_LOGON_FAILURE) ||
+                   NT_STATUS_EQUAL(c->status, NT_STATUS_UNSUCCESSFUL)) {
+                /*
+                  try a second time on any error. We don't just do it
+                  on LOGON_FAILURE as some servers will give a
+                  NT_STATUS_UNSUCCESSFUL on a authentication error on RPC
+                 */
+                const char *principal;
+                const char *endpoint;
+
+                principal = gensec_get_target_principal(s->pipe->conn->security_state.generic_state);
+                if (principal == NULL) {
+                        const char *hostname = gensec_get_target_hostname(s->pipe->conn->security_state.generic_state);
+                        const char *service  = gensec_get_target_service(s->pipe->conn->security_state.generic_state);
+                        if (hostname != NULL && service != NULL) {
+                                principal = talloc_asprintf(c, "%s/%s", service, hostname);
+                        }
+                }
+
+                endpoint = dcerpc_binding_get_string_option(s->binding, "endpoint");
+
+                if ((cli_credentials_failed_kerberos_login(s->credentials, principal, &s->logon_retries) ||
+                     cli_credentials_wrong_password(s->credentials)) &&
+                    endpoint != NULL) {
                         /*
                          * Retry SPNEGO with a better password
@@ -524 +596 @@
 */
 struct composite_context *dcerpc_pipe_auth_send(struct dcerpc_pipe *p, 
-                                                struct dcerpc_binding *binding,
+                                                const struct dcerpc_binding *binding,
                                                 const struct ndr_interface_table *table,
                                                 struct cli_credentials *credentials,
@@ -553 +625 @@
 
         conn = s->pipe->conn;
-        conn->flags = binding->flags;
+        conn->flags = dcerpc_binding_get_flags(binding);
 
         if (DEBUGLVL(100)) {
                 conn->flags |= DCERPC_DEBUG_PRINT_BOTH;
         }
-        
-        /* remember the binding string for possible secondary connections */
-        conn->binding_string = dcerpc_binding_string(p, binding);
+
+        if (conn->transport.transport == NCALRPC) {
+                const char *v = dcerpc_binding_get_string_option(binding,
+                                                        "auth_type");
+
+                if (v != NULL && strcmp(v, "ncalrpc_as_system") == 0) {
+                        auth_req = dcerpc_bind_auth_send(c, s->pipe, s->table,
+                                                 s->credentials,
+                                                 lpcfg_gensec_settings(c, s->lp_ctx),
+                                                 DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM,
+                                                 DCERPC_AUTH_LEVEL_CONNECT,
+                                                 s->table->authservices->names[0]);
+                        composite_continue(c, auth_req, continue_auth, c);
+                        return c;
+                }
+        }
 
         if (cli_credentials_is_anonymous(s->credentials)) {
@@ -568 +653 @@
         }
 
-        if ((binding->flags & DCERPC_SCHANNEL) &&
+        if ((conn->flags & DCERPC_SCHANNEL) &&
             !cli_credentials_get_netlogon_creds(s->credentials)) {
                 /* If we don't already have netlogon credentials for
@@ -585 +670 @@
          */
         if (conn->transport.transport == NCACN_NP &&
-            !(s->binding->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
+            !(conn->flags & (DCERPC_SIGN|DCERPC_SEAL))) {
                 auth_none_req = dcerpc_bind_auth_none_send(c, s->pipe, s->table);
                 composite_continue(c, auth_none_req, continue_auth_none, c);
@@ -605 +690 @@
         }
 
-        if (s->binding->flags & DCERPC_AUTH_SPNEGO) {
+        if (conn->flags & DCERPC_AUTH_SPNEGO) {
                 auth_type = DCERPC_AUTH_TYPE_SPNEGO;
 
-        } else if (s->binding->flags & DCERPC_AUTH_KRB5) {
+        } else if (conn->flags & DCERPC_AUTH_KRB5) {
                 auth_type = DCERPC_AUTH_TYPE_KRB5;
 
-        } else if (s->binding->flags & DCERPC_SCHANNEL) {
+        } else if (conn->flags & DCERPC_SCHANNEL) {
                 auth_type = DCERPC_AUTH_TYPE_SCHANNEL;
 
-        } else if (s->binding->flags & DCERPC_AUTH_NTLM) {
+        } else if (conn->flags & DCERPC_AUTH_NTLM) {
                 auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
 
@@ -657 +742 @@
         if (!NT_STATUS_IS_OK(status)) {
                 char *uuid_str = GUID_string(s->pipe, &s->table->syntax_id.uuid);
-                DEBUG(0, ("Failed to bind to uuid %s - %s\n", uuid_str, nt_errstr(status)));
+                DEBUG(0, ("Failed to bind to uuid %s for %s %s\n", uuid_str,
+                          dcerpc_binding_string(uuid_str, s->binding), nt_errstr(status)));
                 talloc_free(uuid_str);
         } else {
@@ -676 +762 @@
 _PUBLIC_ NTSTATUS dcerpc_pipe_auth(TALLOC_CTX *mem_ctx,
                           struct dcerpc_pipe **p, 
-                          struct dcerpc_binding *binding,
+                          const struct dcerpc_binding *binding,
                           const struct ndr_interface_table *table,
                           struct cli_credentials *credentials,
@@ -691 +777 @@
                                     DATA_BLOB *session_key)
 {
+        *session_key = data_blob_null;
+
+        if (c != NULL) {
+                if (c->transport.transport != NCALRPC &&
+                    c->transport.transport != NCACN_UNIX_STREAM)
+                {
+                        return NT_STATUS_LOCAL_USER_SESSION_KEY;
+                }
+        }
+
         /* this took quite a few CPU cycles to find ... */
         session_key->data = discard_const_p(unsigned char, "SystemLibraryDTC");
@@ -735 +831 @@
         for (i=0;i<num_examples;i++) {
                 char *name=NULL;
-                asprintf(&name, "%s/rpclog/%s-%u.%d.%s", 
-                         lockdir, ndr->name, opnum, i,
-                         (flags&NDR_IN)?"in":"out");
-                if (name == NULL) {
+                int ret;
+                ret = asprintf(&name, "%s/rpclog/%s-%u.%d.%s",
+                               lockdir, ndr->name, opnum, i,
+                               (flags&NDR_IN)?"in":"out");
+                if (ret == -1) {
                         return;
                 }
@@ -779 +876 @@
         p2->transfer_syntax = p->transfer_syntax;
 
-        p2->binding = talloc_reference(p2, p->binding);
+        p2->binding = dcerpc_binding_dup(p2, p->binding);
+        if (p2->binding == NULL) {
+                talloc_free(p2);
+                return NT_STATUS_NO_MEMORY;
+        }
 
         p2->binding_handle = dcerpc_pipe_binding_handle(p2);

vendor/current/source4/librpc/rpc/pyrpc.c

@@ -27 +27 @@
 #include "librpc/rpc/pyrpc_util.h"
 #include "auth/credentials/pycredentials.h"
+#include "auth/gensec/gensec.h"
 
 void initbase(void);
 
-staticforward PyTypeObject dcerpc_InterfaceType;
+static PyTypeObject dcerpc_InterfaceType;
+
+static PyTypeObject *ndr_syntax_id_Type;
 
 static bool PyString_AsGUID(PyObject *object, struct GUID *uuid)
@@ -118 +121 @@
 }
 
+static PyObject *py_iface_session_key(PyObject *obj, void *closure)
+{
+        dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+        DATA_BLOB session_key;
+
+        NTSTATUS status = dcerpc_fetch_session_key(iface->pipe, &session_key);
+        PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+        return PyString_FromStringAndSize((const char *)session_key.data, session_key.length);
+}
+
+static PyObject *py_iface_user_session_key(PyObject *obj, void *closure)
+{
+        dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)obj;
+        TALLOC_CTX *mem_ctx;
+        NTSTATUS status;
+        struct gensec_security *security = NULL;
+        DATA_BLOB session_key = data_blob_null;
+        static PyObject *session_key_obj = NULL;
+
+        if (iface->pipe == NULL) {
+                PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+                return NULL;
+        }
+
+        if (iface->pipe->conn == NULL) {
+                PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+                return NULL;
+        }
+
+        if (iface->pipe->conn->security_state.generic_state == NULL) {
+                PyErr_SetNTSTATUS(NT_STATUS_NO_USER_SESSION_KEY);
+                return NULL;
+        }
+
+        security = iface->pipe->conn->security_state.generic_state;
+
+        mem_ctx = talloc_new(NULL);
+
+        status = gensec_session_key(security, mem_ctx, &session_key);
+        if (!NT_STATUS_IS_OK(status)) {
+                talloc_free(mem_ctx);
+                PyErr_SetNTSTATUS(status);
+                return NULL;
+        }
+
+        session_key_obj = PyString_FromStringAndSize((const char *)session_key.data,
+                                                     session_key.length);
+        talloc_free(mem_ctx);
+        return session_key_obj;
+}
+
 static PyGetSetDef dcerpc_interface_getsetters[] = {
         { discard_const_p(char, "server_name"), py_iface_server_name, NULL,
@@ -125 +180 @@
         { discard_const_p(char, "transfer_syntax"), py_iface_transfer_syntax, NULL, 
           discard_const_p(char, "syntax id of the transfersyntax") },
+        { discard_const_p(char, "session_key"), py_iface_session_key, NULL,
+          discard_const_p(char, "session key (as used for blob encryption on LSA and SAMR)") },
+        { discard_const_p(char, "user_session_key"), py_iface_user_session_key, NULL,
+          discard_const_p(char, "user_session key (as used for blob encryption on DRSUAPI)") },
         { NULL }
 };
@@ -142 +201 @@
         NTSTATUS status;
         char *in_data;
-        int in_length;
+        Py_ssize_t in_length;
         PyObject *ret;
         PyObject *object = NULL;
@@ -188 +247 @@
 }
 
-static PyObject *py_iface_alter_context(PyObject *self, PyObject *args, PyObject *kwargs)
-{
-        dcerpc_InterfaceObject *iface = (dcerpc_InterfaceObject *)self;
-        NTSTATUS status;
-        const char *kwnames[] = { "abstract_syntax", "transfer_syntax", NULL };
-        PyObject *py_abstract_syntax = Py_None, *py_transfer_syntax = Py_None;
-        struct ndr_syntax_id abstract_syntax, transfer_syntax;
-
-        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O|O:alter_context", 
-                discard_const_p(char *, kwnames), &py_abstract_syntax,
-                &py_transfer_syntax)) {
-                return NULL;
-        }
-
-        if (!ndr_syntax_from_py_object(py_abstract_syntax, &abstract_syntax))
-                return NULL;
-
-        if (py_transfer_syntax == Py_None) {
-                transfer_syntax = ndr_transfer_syntax;
-        } else {
-                if (!ndr_syntax_from_py_object(py_transfer_syntax, 
-                                               &transfer_syntax))
-                        return NULL;
-        }
-
-        status = dcerpc_alter_context(iface->pipe, iface->pipe, &abstract_syntax, 
-                                      &transfer_syntax);
-
-        if (!NT_STATUS_IS_OK(status)) {
-                PyErr_SetDCERPCStatus(iface->pipe, status);
-                return NULL;
-        }
-
-        Py_RETURN_NONE;
-}
-
 static PyMethodDef dcerpc_interface_methods[] = {
         { "request", (PyCFunction)py_iface_request, METH_VARARGS|METH_KEYWORDS, "S.request(opnum, data, object=None) -> data\nMake a raw request" },
-        { "alter_context", (PyCFunction)py_iface_alter_context, METH_VARARGS|METH_KEYWORDS, "S.alter_context(syntax)\nChange to a different interface" },
         { NULL, NULL, 0, NULL },
 };
@@ -233 +255 @@
 {
         dcerpc_InterfaceObject *interface = (dcerpc_InterfaceObject *)self;
-        talloc_free(interface->mem_ctx);
+        interface->binding_handle = NULL;
+        interface->pipe = NULL;
+        TALLOC_FREE(interface->mem_ctx);
         self->ob_type->tp_free(self);
 }
@@ -239 +263 @@
 static PyObject *dcerpc_interface_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
 {
-        dcerpc_InterfaceObject *ret;
-        const char *binding_string;
-        struct cli_credentials *credentials;
-        struct loadparm_context *lp_ctx = NULL;
-        PyObject *py_lp_ctx = Py_None, *py_credentials = Py_None;
-        TALLOC_CTX *mem_ctx;
-        struct tevent_context *event_ctx;
-        NTSTATUS status;
-
-        PyObject *syntax, *py_basis = Py_None;
+        PyObject *ret;
+        const char *binding_string = NULL;
+        PyObject *py_lp_ctx = Py_None;
+        PyObject *py_credentials = Py_None;
+        PyObject *syntax = Py_None;
+        PyObject *py_basis = Py_None;
         const char *kwnames[] = {
                 "binding", "syntax", "lp_ctx", "credentials", "basis_connection", NULL
         };
-        struct ndr_interface_table *table;
+        static struct ndr_interface_table dummy_table;
+        PyObject *args2 = Py_None;
+        PyObject *kwargs2 = Py_None;
 
         if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sO|OOO:connect", discard_const_p(char *, kwnames), &binding_string, &syntax, &py_lp_ctx, &py_credentials, &py_basis)) {
@@ -258 +280 @@
         }
 
-        mem_ctx = talloc_new(NULL);
-        if (mem_ctx == NULL) {
-                PyErr_NoMemory();
-                return NULL;
-        }
-
-        lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
-        if (lp_ctx == NULL) {
-                PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
-        credentials = cli_credentials_from_py_object(py_credentials);
-        if (credentials == NULL) {
-                PyErr_SetString(PyExc_TypeError, "Expected credentials");
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-        ret = PyObject_New(dcerpc_InterfaceObject, type);
-        ret->mem_ctx = mem_ctx;
-
-        event_ctx = s4_event_context_init(ret->mem_ctx);
-
-        /* Create a dummy interface table struct. TODO: In the future, we should
+        if (strncmp(binding_string, "irpc:", 5) == 0) {
+                PyErr_SetString(PyExc_ValueError, "irpc: transport not supported");
+                return NULL;
+        }
+
+        /*
+         * Fill a dummy interface table struct. TODO: In the future, we should
          * rather just allow connecting without requiring an interface table.
+         *
+         * We just fill the syntax during the connect, but keep the memory valid
+         * the whole time.
          */
-
-        table = talloc_zero(ret->mem_ctx, struct ndr_interface_table);
-
-        if (table == NULL) {
-                PyErr_SetString(PyExc_MemoryError, "Allocating interface table");
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
-        if (!ndr_syntax_from_py_object(syntax, &table->syntax_id)) {
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
-        ret->pipe = NULL;
-        ret->binding_handle = NULL;
-
-        if (py_basis != Py_None) {
-                struct dcerpc_pipe *base_pipe;
-
-                if (!PyObject_TypeCheck(py_basis, &dcerpc_InterfaceType)) {
-                        PyErr_SetString(PyExc_ValueError, "basis_connection must be a DCE/RPC connection");
-                        talloc_free(mem_ctx);
-                        return NULL;
-                }
-
-                base_pipe = talloc_reference(ret->mem_ctx, 
-                                         ((dcerpc_InterfaceObject *)py_basis)->pipe);
-
-                status = dcerpc_secondary_context(base_pipe, &ret->pipe, table);
-
-                ret->pipe = talloc_steal(ret->mem_ctx, ret->pipe);
-        } else {
-                status = dcerpc_pipe_connect(ret->mem_ctx, &ret->pipe, binding_string, 
-                             table, credentials, event_ctx, lp_ctx);
-        }
-
-        if (!NT_STATUS_IS_OK(status)) {
-                PyErr_SetDCERPCStatus(ret->pipe, status);
-                talloc_free(ret->mem_ctx);
-                return NULL;
-        }
-        ret->pipe->conn->flags |= DCERPC_NDR_REF_ALLOC;
-        ret->binding_handle = ret->pipe->binding_handle;
-        return (PyObject *)ret;
+        if (!ndr_syntax_from_py_object(syntax, &dummy_table.syntax_id)) {
+                return NULL;
+        }
+
+        args2 = Py_BuildValue("(s)", binding_string);
+        if (args2 == NULL) {
+                return NULL;
+        }
+
+        kwargs2 = Py_BuildValue("{s:O,s:O,s:O}",
+                                "lp_ctx", py_lp_ctx,
+                                "credentials", py_credentials,
+                                "basis_connection", py_basis);
+        if (kwargs2 == NULL) {
+                Py_DECREF(args2);
+                return NULL;
+        }
+
+        ret = py_dcerpc_interface_init_helper(type, args2, kwargs2, &dummy_table);
+        ZERO_STRUCT(dummy_table.syntax_id);
+        Py_DECREF(args2);
+        Py_DECREF(kwargs2);
+        return ret;
 }
 
@@ -350 +335 @@
 };
 
+static PyObject *py_transfer_syntax_ndr_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+        return py_dcerpc_syntax_init_helper(type, args, kwargs, &ndr_transfer_syntax_ndr);
+}
+
+static PyTypeObject py_transfer_syntax_ndr_SyntaxType = {
+        PyObject_HEAD_INIT(NULL) 0,
+        .tp_name = "base.transfer_syntax_ndr",
+        .tp_doc = "transfer_syntax_ndr()\n",
+        .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+        .tp_new = py_transfer_syntax_ndr_new,
+};
+
+static PyObject *py_transfer_syntax_ndr64_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+        return py_dcerpc_syntax_init_helper(type, args, kwargs, &ndr_transfer_syntax_ndr64);
+}
+
+static PyTypeObject py_transfer_syntax_ndr64_SyntaxType = {
+        PyObject_HEAD_INIT(NULL) 0,
+        .tp_name = "base.transfer_syntax_ndr64",
+        .tp_doc = "transfer_syntax_ndr64()\n",
+        .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+        .tp_new = py_transfer_syntax_ndr64_new,
+};
+
+static PyObject *py_bind_time_features_syntax_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+{
+        const char *kwnames[] = {
+                "features", NULL
+        };
+        unsigned long long features = 0;
+        struct ndr_syntax_id syntax;
+        PyObject *args2 = Py_None;
+        PyObject *kwargs2 = Py_None;
+
+        if (!PyArg_ParseTupleAndKeywords(args, kwargs, "K:features", discard_const_p(char *, kwnames), &features)) {
+                return NULL;
+        }
+
+        args2 = Py_BuildValue("()");
+        if (args2 == NULL) {
+                return NULL;
+        }
+
+        kwargs2 = Py_BuildValue("{}");
+        if (kwargs2 == NULL) {
+                Py_DECREF(args2);
+                return NULL;
+        }
+
+        syntax = dcerpc_construct_bind_time_features(features);
+
+        return py_dcerpc_syntax_init_helper(type, args2, kwargs2, &syntax);
+}
+
+static PyTypeObject py_bind_time_features_syntax_SyntaxType = {
+        PyObject_HEAD_INIT(NULL) 0,
+        .tp_name = "base.bind_time_features_syntax",
+        .tp_doc = "bind_time_features_syntax(features)\n",
+        .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+        .tp_new = py_bind_time_features_syntax_new,
+};
+
 void initbase(void)
 {
         PyObject *m;
+        PyObject *dep_samba_dcerpc_misc;
+
+        dep_samba_dcerpc_misc = PyImport_ImportModule("samba.dcerpc.misc");
+        if (dep_samba_dcerpc_misc == NULL)
+                return;
+
+        ndr_syntax_id_Type = (PyTypeObject *)PyObject_GetAttrString(dep_samba_dcerpc_misc, "ndr_syntax_id");
+        if (ndr_syntax_id_Type == NULL)
+                return;
+
+        py_transfer_syntax_ndr_SyntaxType.tp_base = ndr_syntax_id_Type;
+        py_transfer_syntax_ndr_SyntaxType.tp_basicsize = pytalloc_BaseObject_size();
+        py_transfer_syntax_ndr64_SyntaxType.tp_base = ndr_syntax_id_Type;
+        py_transfer_syntax_ndr64_SyntaxType.tp_basicsize = pytalloc_BaseObject_size();
+        py_bind_time_features_syntax_SyntaxType.tp_base = ndr_syntax_id_Type;
+        py_bind_time_features_syntax_SyntaxType.tp_basicsize = pytalloc_BaseObject_size();
 
         if (PyType_Ready(&dcerpc_InterfaceType) < 0)
+                return;
+
+        if (PyType_Ready(&py_transfer_syntax_ndr_SyntaxType) < 0)
+                return;
+        if (PyType_Ready(&py_transfer_syntax_ndr64_SyntaxType) < 0)
+                return;
+        if (PyType_Ready(&py_bind_time_features_syntax_SyntaxType) < 0)
                 return;
 
@@ -363 +435 @@
         Py_INCREF((PyObject *)&dcerpc_InterfaceType);
         PyModule_AddObject(m, "ClientConnection", (PyObject *)&dcerpc_InterfaceType);
-}
+
+        Py_INCREF((PyObject *)(void *)&py_transfer_syntax_ndr_SyntaxType);
+        PyModule_AddObject(m, "transfer_syntax_ndr", (PyObject *)(void *)&py_transfer_syntax_ndr_SyntaxType);
+        Py_INCREF((PyObject *)(void *)&py_transfer_syntax_ndr64_SyntaxType);
+        PyModule_AddObject(m, "transfer_syntax_ndr64", (PyObject *)(void *)&py_transfer_syntax_ndr64_SyntaxType);
+        Py_INCREF((PyObject *)(void *)&py_bind_time_features_syntax_SyntaxType);
+        PyModule_AddObject(m, "bind_time_features_syntax", (PyObject *)(void *)&py_bind_time_features_syntax_SyntaxType);
+}

vendor/current/source4/librpc/rpc/pyrpc.h

@@ -57 +57 @@
 PyObject *py_import_netr_Validation(TALLOC_CTX *mem_ctx, int level, union netr_Validation *in);
 
+union netr_CONTROL_DATA_INFORMATION *py_export_netr_CONTROL_DATA_INFORMATION(TALLOC_CTX *mem_ctx, int level, PyObject *in);
+union netr_CONTROL_QUERY_INFORMATION;
+PyObject *py_import_netr_CONTROL_QUERY_INFORMATION(TALLOC_CTX *mem_ctx, int level, union netr_CONTROL_QUERY_INFORMATION *in);
+
+#ifndef NDR_DCERPC_REQUEST_OBJECT_PRESENT
+#define NDR_DCERPC_REQUEST_OBJECT_PRESENT LIBNDR_FLAG_OBJECT_PRESENT
+#endif /* NDR_DCERPC_REQUEST_OBJECT_PRESENT */
+
 #endif /* _PYRPC_H_ */

vendor/current/source4/librpc/rpc/pyrpc_util.c

@@ -43 +43 @@
                 PyErr_Format(PyExc_RuntimeError, "Unable to import %s to check type %s",
                         module, type_name);
-                return NULL;
+                return false;
         }
 
@@ -51 +51 @@
                 PyErr_Format(PyExc_RuntimeError, "Unable to find type %s in module %s",
                         module, type_name);
-                return NULL;
+                return false;
         }
 
@@ -73 +73 @@
                                    struct dcerpc_binding_handle **binding_handle)
 {
-        struct messaging_context *msg;
-
-        msg = messaging_client_init(mem_ctx, lpcfg_messaging_path(mem_ctx, lp_ctx), event_ctx);
+        struct imessaging_context *msg;
+
+        msg = imessaging_client_init(mem_ctx, lp_ctx, event_ctx);
         NT_STATUS_HAVE_NO_MEMORY(msg);
 
@@ -84 +84 @@
         }
 
+        /*
+         * Note: this allows nested event loops to happen,
+         * but as there's no top level event loop it's not that critical.
+         */
+        dcerpc_binding_handle_set_sync_ev(*binding_handle, event_ctx);
+
         return NT_STATUS_OK;
 }
@@ -92 +98 @@
         dcerpc_InterfaceObject *ret;
         const char *binding_string;
-        struct cli_credentials *credentials;
-        struct loadparm_context *lp_ctx = NULL;
         PyObject *py_lp_ctx = Py_None, *py_credentials = Py_None, *py_basis = Py_None;
-        TALLOC_CTX *mem_ctx = NULL;
-        struct tevent_context *event_ctx;
         NTSTATUS status;
-
         const char *kwnames[] = {
                 "binding", "lp_ctx", "credentials", "basis_connection", NULL
@@ -107 +108 @@
         }
 
-        mem_ctx = talloc_new(NULL);
-        if (mem_ctx == NULL) {
-                PyErr_NoMemory();
-                return NULL;
-        }
-
-        lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx);
-        if (lp_ctx == NULL) {
-                PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
-                talloc_free(mem_ctx);
-                return NULL;
-        }
-
-        status = dcerpc_init(lp_ctx);
+        status = dcerpc_init();
         if (!NT_STATUS_IS_OK(status)) {
                 PyErr_SetNTSTATUS(status);
-                talloc_free(mem_ctx);
                 return NULL;
         }
 
         ret = PyObject_New(dcerpc_InterfaceObject, type);
-        ret->mem_ctx = mem_ctx;
-
-        event_ctx = s4_event_context_init(ret->mem_ctx);
+        ret->pipe = NULL;
+        ret->binding_handle = NULL;
+        ret->mem_ctx = talloc_new(NULL);
+        if (ret->mem_ctx == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+        }
 
         if (strncmp(binding_string, "irpc:", 5) == 0) {
-                ret->pipe = NULL;
+                struct tevent_context *event_ctx;
+                struct loadparm_context *lp_ctx;
+
+                event_ctx = s4_event_context_init(ret->mem_ctx);
+                if (event_ctx == NULL) {
+                        PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+
+                lp_ctx = lpcfg_from_py_object(event_ctx, py_lp_ctx);
+                if (lp_ctx == NULL) {
+                        PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+
                 status = pyrpc_irpc_connect(ret->mem_ctx, binding_string+5, table,
                                             event_ctx, lp_ctx, &ret->binding_handle);
+                if (!NT_STATUS_IS_OK(status)) {
+                        PyErr_SetNTSTATUS(status);
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
         } else if (py_basis != Py_None) {
                 struct dcerpc_pipe *base_pipe;
@@ -143 +155 @@
                 py_base = PyImport_ImportModule("samba.dcerpc.base");
                 if (py_base == NULL) {
-                        talloc_free(mem_ctx);
+                        TALLOC_FREE(ret->mem_ctx);
                         return NULL;
                 }
@@ -150 +162 @@
                 if (ClientConnection_Type == NULL) {
                         PyErr_SetNone(PyExc_TypeError);
-                        talloc_free(mem_ctx);
+                        TALLOC_FREE(ret->mem_ctx);
                         return NULL;
                 }
@@ -156 +168 @@
                 if (!PyObject_TypeCheck(py_basis, ClientConnection_Type)) {
                         PyErr_SetString(PyExc_TypeError, "basis_connection must be a DCE/RPC connection");
-                        talloc_free(mem_ctx);
-                        return NULL;
-                }
-
-                base_pipe = talloc_reference(mem_ctx, ((dcerpc_InterfaceObject *)py_basis)->pipe);
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+
+                base_pipe = talloc_reference(ret->mem_ctx,
+                                         ((dcerpc_InterfaceObject *)py_basis)->pipe);
+                if (base_pipe == NULL) {
+                        PyErr_NoMemory();
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
 
                 status = dcerpc_secondary_context(base_pipe, &ret->pipe, table);
+                if (!NT_STATUS_IS_OK(status)) {
+                        PyErr_SetNTSTATUS(status);
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
 
                 ret->pipe = talloc_steal(ret->mem_ctx, ret->pipe);
         } else {
+                struct tevent_context *event_ctx;
+                struct loadparm_context *lp_ctx;
+                struct cli_credentials *credentials;
+
+                event_ctx = s4_event_context_init(ret->mem_ctx);
+                if (event_ctx == NULL) {
+                        PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+
+                lp_ctx = lpcfg_from_py_object(event_ctx, py_lp_ctx);
+                if (lp_ctx == NULL) {
+                        PyErr_SetString(PyExc_TypeError, "Expected loadparm context");
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+
                 credentials = cli_credentials_from_py_object(py_credentials);
                 if (credentials == NULL) {
                         PyErr_SetString(PyExc_TypeError, "Expected credentials");
-                        talloc_free(mem_ctx);
-                        return NULL;
-                }
-                status = dcerpc_pipe_connect(event_ctx, &ret->pipe, binding_string,
-                             table, credentials, event_ctx, lp_ctx);
-        }
-        if (NT_STATUS_IS_ERR(status)) {
-                PyErr_SetNTSTATUS(status);
-                talloc_free(mem_ctx);
-                return NULL;
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+                status = dcerpc_pipe_connect(ret->mem_ctx, &ret->pipe, binding_string,
+                             table, credentials, event_ctx, lp_ctx);
+                if (!NT_STATUS_IS_OK(status)) {
+                        PyErr_SetNTSTATUS(status);
+                        TALLOC_FREE(ret->mem_ctx);
+                        return NULL;
+                }
+
+                /*
+                 * the event context is cached under the connection,
+                 * so let it be a child of it.
+                 */
+                talloc_steal(ret->pipe->conn, event_ctx);
         }
 
@@ -247 +294 @@
                 struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1);
 
+                if (wb == NULL) {
+                        return false;
+                }
                 wb->name = discard_const_p(char, mds[i].name);
                 wb->flags = PyWrapperFlag_KEYWORDS;
@@ -261 +311 @@
 }
 
+PyObject *py_dcerpc_syntax_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs,
+                                       const struct ndr_syntax_id *syntax)
+{
+        PyObject *ret;
+        struct ndr_syntax_id *obj;
+        const char *kwnames[] = { NULL };
+
+        if (!PyArg_ParseTupleAndKeywords(args, kwargs, ":abstract_syntax", discard_const_p(char *, kwnames))) {
+                return NULL;
+        }
+
+        ret = pytalloc_new(struct ndr_syntax_id, type);
+        if (ret == NULL) {
+                return NULL;
+        }
+
+        obj = (struct ndr_syntax_id *)pytalloc_get_ptr(ret);
+        *obj = *syntax;
+
+        return ret;
+}
+
 void PyErr_SetDCERPCStatus(struct dcerpc_pipe *p, NTSTATUS status)
 {
@@ -278 +350 @@
   r_ctx is the context that is a parent of r. It will be referenced by
   the resulting python object
+
+  This MUST only be used by objects that are based on pytalloc_Object
+  otherwise the pytalloc_reference_ex() will fail.
  */
 PyObject *py_return_ndr_struct(const char *module_name, const char *type_name,
@@ -299 +374 @@
         }
 
-        return py_talloc_reference_ex(py_type, r_ctx, r);
+        return pytalloc_reference_ex(py_type, r_ctx, r);
 }
 

vendor/current/source4/librpc/rpc/pyrpc_util.h

@@ -51 +51 @@
 PyObject *py_dcerpc_interface_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs, const struct ndr_interface_table *table);
 
+struct ndr_syntax_id;
+PyObject *py_dcerpc_syntax_init_helper(PyTypeObject *type, PyObject *args, PyObject *kwargs,
+                                       const struct ndr_syntax_id *syntax);
+
 PyObject *py_return_ndr_struct(const char *module_name, const char *type_name,
                                TALLOC_CTX *r_ctx, void *r);

vendor/current/source4/librpc/tests/binding_string.c

@@ -25 +25 @@
 #include "librpc/rpc/dcerpc_proto.h"
 #include "torture/torture.h"
+#include "torture/local/proto.h"
 #include "lib/util/util_net.h"
 
@@ -32 +33 @@
         const char *binding = test_data;
         struct dcerpc_binding *b, *b2;
-        const char *s, *s2;
+        char *s, *s2, *p;
         struct epm_tower tower;
         TALLOC_CTX *mem_ctx = tctx;
+        const char *host;
+        struct GUID object;
 
         /* Parse */
@@ -40 +43 @@
                 "Error parsing binding string");
 
+        object = dcerpc_binding_get_object(b);
+
         s = dcerpc_binding_string(mem_ctx, b);
         torture_assert(tctx, s != NULL, "Error converting binding back to string");
@@ -55 +60 @@
                             "Error generating binding from tower for original binding");
 
-        /* Compare to a stripped down version of the binding string because 
-         * the protocol tower doesn't contain the extra option data */
-        b->options = NULL;
-
-        b->flags = 0;
-        
+        /* The tower doesn't contain the object */
+        torture_assert_ntstatus_ok(tctx, dcerpc_binding_set_object(b2, object),
+                            "set object on tower binding");
+
         s = dcerpc_binding_string(mem_ctx, b);
         torture_assert(tctx, s != NULL, "Error converting binding back to string for (stripped down)"); 
 
+        /*
+         * Compare to a stripped down version of the binding string because
+         * the protocol tower doesn't contain the extra option data
+         *
+         * We remove all options except of the endpoint.
+         */
+        p = strchr(s, '[');
+        if (p != NULL) {
+                char *p2;
+
+                p2 = strchr(p + 1, ',');
+                if (p2 != NULL) {
+                        /*
+                         * We only look at the first option,
+                         * which might be the endpoint.
+                         */
+                        p2[0] = ']';
+                        p2[1] = '\0';
+                }
+
+                p2 = strchr(p + 1, '=');
+                if (p2 != NULL) {
+                        /*
+                         * It's not the endpoint, so remove the
+                         * whole option section.
+                         */
+                        *p = '\0';
+                }
+        }
+
         s2 = dcerpc_binding_string(mem_ctx, b2);
         torture_assert(tctx, s != NULL, "Error converting binding back to string"); 
 
-        if (is_ipaddress(b->host))
+        host = dcerpc_binding_get_string_option(b, "host");
+        if (host && is_ipaddress_v4(host)) {
                 torture_assert_casestr_equal(tctx, s, s2, "Mismatch while comparing original and from protocol tower generated binding strings");
+        }
 
         return true;
@@ -82 +117 @@
         "ncacn_ip_tcp:127.0.0.1[20]",
         "ncacn_ip_tcp:127.0.0.1[20,sign]",
-        "ncacn_ip_tcp:127.0.0.1[20,Security=Foobar,sign]",
+        "ncacn_ip_tcp:127.0.0.1[20,sign,Security=Foobar]",
         "ncacn_http:127.0.0.1",
         "ncacn_http:127.0.0.1[78]",
@@ -96 +131 @@
         "ncalrpc:[IDENTIFIER]",
         "ncacn_unix_stream:[/tmp/epmapper,sign]",
+        "ncacn_ip_tcp:127.0.0.1[75,target_hostname=port75.example.com,target_principal=host/port75.example.com]",
+        "ncacn_ip_tcp:127.0.0.1[75,connect,target_hostname=port75.example.com,target_principal=host/port75.example.com,assoc_group_id=0x01234567]",
+        "ncacn_ip_tcp:::",
+        "ncacn_ip_tcp:::[75]",
+        "ncacn_ip_tcp:FD00::5357:5F00",
+        "ncacn_ip_tcp:FD00::5357:5F00[75]",
+        "ncacn_ip_tcp:FD00::5357:5F00[,target_hostname=port75.example.com]",
+        "ncacn_ip_tcp:FD00::5357:5F00[75,target_hostname=port75.example.com]",
+        "ncacn_ip_tcp:fe80::5357:5F00%75",
+        "ncacn_ip_tcp:fe80::5357:5F00%75[75]",
+        "ncacn_ip_tcp:fe80::5357:5F00%75[,target_hostname=port75.example.com]",
+        "ncacn_ip_tcp:fe80::5357:5F00%75[75,target_hostname=port75.example.com]",
 };
 
@@ -102 +149 @@
         struct dcerpc_binding *b;
         struct GUID uuid;
+        struct GUID object;
+        struct ndr_syntax_id abstract;
+        enum dcerpc_transport_t transport;
+        const char *endpoint;
+        uint32_t flags;
 
         torture_assert_ntstatus_ok(tctx, 
@@ -108 +160 @@
 
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER", &b), "parse");
-        torture_assert(tctx, b->transport == NCACN_NP, "ncacn_np expected");
+        transport = dcerpc_binding_get_transport(b);
+        torture_assert(tctx, transport == NCACN_NP, "ncacn_np expected");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER", &b), "parse");
-        torture_assert(tctx, b->transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
+        transport = dcerpc_binding_get_transport(b);
+        torture_assert(tctx, transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[rpcecho]", &b), "parse");
-        torture_assert_str_equal(tctx, b->endpoint, "rpcecho", "endpoint");
+        endpoint = dcerpc_binding_get_string_option(b, "endpoint");
+        torture_assert_str_equal(tctx, endpoint, "rpcecho", "endpoint");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[/pipe/rpcecho]", &b), "parse");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[/pipe/rpcecho,sign,seal]", &b), "parse");
-        torture_assert(tctx, b->flags == DCERPC_SIGN+DCERPC_SEAL, "sign+seal flags");
-        torture_assert_str_equal(tctx, b->endpoint, "/pipe/rpcecho", "endpoint");
+        flags = dcerpc_binding_get_flags(b);
+        torture_assert(tctx, flags == DCERPC_SIGN+DCERPC_SEAL, "sign+seal flags");
+        endpoint = dcerpc_binding_get_string_option(b, "endpoint");
+        torture_assert_str_equal(tctx, endpoint, "/pipe/rpcecho", "endpoint");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_np:$SERVER[,sign]", &b), "parse");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER[,sign]", &b), "parse");
-        torture_assert(tctx, b->endpoint == NULL, "endpoint");
-        torture_assert(tctx, b->flags == DCERPC_SIGN, "sign flag");
+        endpoint = dcerpc_binding_get_string_option(b, "endpoint");
+        torture_assert(tctx, endpoint == NULL, "endpoint");
+        flags = dcerpc_binding_get_flags(b);
+        torture_assert(tctx, flags == DCERPC_SIGN, "sign flag");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncalrpc:", &b), "parse");
-        torture_assert(tctx, b->transport == NCALRPC, "ncalrpc expected");
+        transport = dcerpc_binding_get_transport(b);
+        torture_assert(tctx, transport == NCALRPC, "ncalrpc expected");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, 
                 "308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_np:$SERVER", &b), "parse");
-        torture_assert(tctx, GUID_equal(&b->object.uuid, &uuid), "object uuid");
-        torture_assert_int_equal(tctx, b->object.if_version, 0, "object version");
+        object = dcerpc_binding_get_object(b);
+        abstract = dcerpc_binding_get_abstract_syntax(b);
+        torture_assert(tctx, GUID_equal(&object, &uuid), "object uuid");
+        torture_assert(tctx, ndr_syntax_id_equal(&abstract, &ndr_syntax_id_null),
+                       "null abstract syntax");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, 
                 "308FB580-1EB2-11CA-923B-08002B1075A7@ncacn_ip_tcp:$SERVER", &b), "parse");
         torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx, "ncacn_ip_tcp:$SERVER[,sign,localaddress=192.168.1.1]", &b), "parse");
-        torture_assert(tctx, b->transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
-        torture_assert(tctx, b->flags == (DCERPC_SIGN | DCERPC_LOCALADDRESS), "sign flag");
-        torture_assert_str_equal(tctx, b->localaddress, "192.168.1.1", "localaddress");
+        transport = dcerpc_binding_get_transport(b);
+        torture_assert(tctx, transport == NCACN_IP_TCP, "ncacn_ip_tcp expected");
+        flags = dcerpc_binding_get_flags(b);
+        torture_assert(tctx, flags == DCERPC_SIGN, "sign flag");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "localaddress"),
+                                 "192.168.1.1", "localaddress");
         torture_assert_str_equal(tctx, "ncacn_ip_tcp:$SERVER[,sign,localaddress=192.168.1.1]",
                                  dcerpc_binding_string(tctx, b), "back to string");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+                                 "$SERVER", "host");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+                                 "$SERVER", "target_hostname");
+
+        torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx,
+                "ncacn_ip_tcp:$HOST[,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL]",
+                &b), "parse");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+                                 "$HOST", "host");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+                                 "$HOSTNAME", "target_hostname");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_principal"),
+                                 "$PRINCIPAL", "target_principal");
+        torture_assert_str_equal(tctx,
+                                 dcerpc_binding_string(tctx, b),
+                "ncacn_ip_tcp:$HOST[,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL]",
+                                 "back to string");
+
+        torture_assert_ntstatus_ok(tctx, dcerpc_parse_binding(tctx,
+                "ncacn_ip_tcp:$HOST[,connect,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL,assoc_group_id=0x01234567]",
+                &b), "parse");
+        flags = dcerpc_binding_get_flags(b);
+        torture_assert(tctx, flags == DCERPC_CONNECT, "connect flag");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "host"),
+                                 "$HOST", "host");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_hostname"),
+                                 "$HOSTNAME", "target_hostname");
+        torture_assert_str_equal(tctx, dcerpc_binding_get_string_option(b, "target_principal"),
+                                 "$PRINCIPAL", "target_principal");
+        torture_assert_int_equal(tctx, dcerpc_binding_get_assoc_group_id(b), 0x01234567,
+                                 "assoc_group_id");
+        torture_assert_str_equal(tctx,
+                                 dcerpc_binding_string(tctx, b),
+                "ncacn_ip_tcp:$HOST[,connect,target_hostname=$HOSTNAME,target_principal=$PRINCIPAL,assoc_group_id=0x01234567]",
+                                 "back to string");
 
         return true;
 }
 
-static bool test_no_transport(struct torture_context *tctx)
+static bool test_no_transport(struct torture_context *tctx, const void *test_data)
 {
-        const char *binding = "somehost";
+        const char *binding = test_data;
         struct dcerpc_binding *b;
+        enum dcerpc_transport_t transport;
         const char *s;
 
@@ -149 +252 @@
                 "Error parsing binding string");
 
-        torture_assert(tctx, b->transport == NCA_UNKNOWN, "invalid transport");
+        transport = dcerpc_binding_get_transport(b);
+        torture_assert(tctx, transport == NCA_UNKNOWN, "invalid transport");
 
         s = dcerpc_binding_string(tctx, b);
@@ -159 +263 @@
         return true;
 }
+
+static const char *test_no_strings[] = {
+        "port75.example.com",
+        "port75.example.com[75]",
+        "127.0.0.1",
+        "127.0.0.1[75]",
+        "127.0.0.1[,target_hostname=port75.example.com]",
+        "127.0.0.1[75,target_hostname=port75.example.com]",
+        "::",
+        "::[75]",
+        "::[,target_hostname=port75.example.com]",
+        "::[75,target_hostname=port75.example.com]",
+        "FD00::5357:5F00",
+        "FD00::5357:5F00[75]",
+        "FD00::5357:5F00[,target_hostname=port75.example.com]",
+        "FD00::5357:5F00[75,target_hostname=port75.example.com]",
+        "fe80::5357:5F00%75",
+        "fe80::5357:5F00%75[75]",
+        "fe80::5357:5F00%75[,target_hostname=port75.example.com]",
+        "fe80::5357:5F00%75[75,target_hostname=port75.example.com]",
+};
 
 struct torture_suite *torture_local_binding_string(TALLOC_CTX *mem_ctx)
@@ -171 +296 @@
         }
 
-        torture_suite_add_simple_test(suite, "no transport",test_no_transport);
+        for (i = 0; i < ARRAY_SIZE(test_no_strings); i++) {
+                torture_suite_add_simple_tcase_const(suite, test_no_strings[i],
+                                                     test_no_transport,
+                                                     test_no_strings[i]);
+        }
 
         torture_suite_add_simple_test(suite, "parsing results",

vendor/current/source4/librpc/wscript_build

@@ -5 +5 @@
 bld.RECURSE('idl')
 
-bld.SAMBA_SUBSYSTEM('NDR_SERVER_ID4',
-        source='gen_ndr/ndr_server_id4.c',
-        deps='ndr',
-        public_headers='gen_ndr/server_id4.h',
-        header_path='gen_ndr'
-        )
-
 
 bld.SAMBA_SUBSYSTEM('NDR_WINSTATION',
@@ -21 +14 @@
 bld.SAMBA_SUBSYSTEM('NDR_IRPC',
         source='gen_ndr/ndr_irpc.c',
-        public_deps='ndr NDR_SECURITY NDR_NBT'
+        public_deps='ndr NDR_SECURITY ndr_nbt'
         )
 
@@ -32 +25 @@
 
 
-bld.SAMBA_SUBSYSTEM('NDR_NFS4ACL',
-        source='gen_ndr/ndr_nfs4acl.c',
-        public_deps='ndr NDR_SECURITY'
-        )
-
-
-
 bld.SAMBA_SUBSYSTEM('NDR_WINSIF',
         source='gen_ndr/ndr_winsif.c',
@@ -51 +37 @@
 
 
-bld.SAMBA_SUBSYSTEM('NDR_NOTIFY',
-        source='gen_ndr/ndr_s4_notify.c',
-        public_deps='ndr NDR_SERVER_ID4'
-        )
-
-
 bld.SAMBA_SUBSYSTEM('NDR_NTP_SIGND',
         source='gen_ndr/ndr_ntp_signd.c',
@@ -65 +45 @@
 bld.SAMBA_SUBSYSTEM('NDR_WINSREPL',
         source='gen_ndr/ndr_winsrepl.c',
-        public_deps='ndr NDR_NBT'
-        )
-
-
-bld.SAMBA_SUBSYSTEM('NDR_WINBIND',
-        source='gen_ndr/ndr_winbind.c',
-        public_deps='NDR_IDMAP ndr ndr-standard'
-        )
+        public_deps='ndr ndr_nbt'
+        )
+
 
 # create a grouping library to consolidate our samba4 specific NDR code
 bld.SAMBA_LIBRARY('ndr-samba4',
         source=[],
-        deps='NDR_WINBIND NDR_IRPC NDR_NFS4ACL NDR_OPENDB NDR_NOTIFY ndr-table',
+        deps='NDR_WINBIND NDR_IRPC NDR_NFS4ACL NDR_OPENDB ndr-table',
         private_library=True,
         grouping_library=True
@@ -92 +67 @@
 
 bld.SAMBA_PIDL_TABLES('GEN_NDR_TABLES', 'gen_ndr/tables.c')
-
-if bld.env.enable_s3build:
-    s3_ndr = "NDR_WBINT"
-else:
-    s3_ndr = ""
 
 bld.SAMBA_SUBSYSTEM('ndr-table',
@@ -105 +75 @@
         NDR_OXIDRESOLVER NDR_REMACT NDR_WZCSVC
         NDR_BROWSER NDR_W32TIME NDR_SCERPC NDR_TRKWKS NDR_KEYSVC ndr-krb5pac
-        NDR_XATTR NDR_SCHANNEL NDR_ROT NDR_DRSBLOBS NDR_NBT NDR_WINSREPL
+        NDR_XATTR NDR_SCHANNEL NDR_ROT NDR_DRSBLOBS ndr_nbt NDR_WINSREPL
         NDR_SECURITY NDR_DNSSERVER NDR_WINSTATION NDR_IRPC NDR_OPENDB
         NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND NDR_FRSRPC NDR_FRSAPI
         NDR_FRSTRANS NDR_NFS4ACL NDR_NTP_SIGND NDR_DCOM NDR_WMI
         NDR_NAMED_PIPE_AUTH NDR_NTLMSSP NDR_DFSBLOBS NDR_DNSP
-        NDR_NTPRINTING NDR_DNS NDR_BACKUPKEY NDR_PREG ''' + s3_ndr,
+        NDR_NTPRINTING NDR_DNS NDR_BACKUPKEY NDR_PREG NDR_BKUPBLOBS NDR_FSCC
+        NDR_FRSBLOBS NDR_CLUSAPI''',
         depends_on='GEN_NDR_TABLES'
         )
@@ -119 +90 @@
         public_deps='dcerpc NDR_IRPC'
         )
-
-bld.SAMBA_SUBSYSTEM('RPC_NDR_WINBIND',
-        source='gen_ndr/ndr_winbind_c.c',
-        public_deps='dcerpc NDR_WINBIND'
-        )
-
 
 bld.SAMBA_LIBRARY('dcerpc-samr',
@@ -135 +100 @@
         )
 
-
-bld.SAMBA_LIBRARY('dcerpc-atsvc',
-        source='',
-        pc_files='dcerpc_atsvc.pc',
-        vnum='0.0.1',
-        public_deps='dcerpc ndr-standard RPC_NDR_ATSVC',
-        public_headers='../../librpc/gen_ndr/ndr_atsvc_c.h',
-        header_path='gen_ndr'
-        )
-
-
 bld.SAMBA_SUBSYSTEM('RPC_NDR_WINSIF',
         source='gen_ndr/ndr_winsif_c.c',
@@ -154 +108 @@
 bld.SAMBA_LIBRARY('dcerpc',
         source='''rpc/dcerpc.c rpc/dcerpc_auth.c rpc/dcerpc_schannel.c
-        rpc/dcerpc_util.c rpc/dcerpc_smb.c rpc/dcerpc_smb2.c rpc/dcerpc_sock.c
+        rpc/dcerpc_util.c rpc/dcerpc_smb.c rpc/dcerpc_sock.c
+        rpc/dcerpc_roh_channel_in.c rpc/dcerpc_roh_channel_out.c rpc/dcerpc_roh.c
         rpc/dcerpc_connect.c rpc/dcerpc_secondary.c''',
         pc_files='dcerpc.pc',
-        deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH LIBCLI_RAW LP_RESOLVE UTIL_TEVENT rpccommon',
+        deps='samba_socket LIBCLI_RESOLVE LIBCLI_SMB LIBCLI_SMB2 ndr NDR_DCERPC RPC_NDR_EPMAPPER NDR_SCHANNEL RPC_NDR_NETLOGON RPC_NDR_MGMT gensec LIBCLI_AUTH smbclient-raw LP_RESOLVE tevent-util dcerpc-binding param_options http',
         autoproto='rpc/dcerpc_proto.h',
-        public_deps='credentials tevent talloc',
-        public_headers='''rpc/dcerpc.h ../../librpc/gen_ndr/mgmt.h
-        ../../librpc/gen_ndr/ndr_mgmt.h ../../librpc/gen_ndr/ndr_mgmt_c.h
-        ../../librpc/gen_ndr/epmapper.h ../../librpc/gen_ndr/ndr_epmapper.h
-        ../../librpc/gen_ndr/ndr_epmapper_c.h ../../librpc/rpc/rpc_common.h''',
+        public_deps='samba-credentials tevent talloc',
+        public_headers='''rpc/dcerpc.h''',
         # It's very important to keep this form of construction
         # it force the sambawaf extension to put everything that match the first element
@@ -177 +129 @@
 bld.SAMBA_SUBSYSTEM('pyrpc_util',
         source='rpc/pyrpc_util.c',
-        public_deps='pytalloc-util pyparam_util dcerpc',
+        public_deps='pytalloc-util pyparam_util dcerpc MESSAGING',
         pyext=True,
         )
@@ -184 +136 @@
 bld.SAMBA_PYTHON('python_dcerpc',
         source='rpc/pyrpc.c',
-        public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG pyrpc_util',
+        public_deps='LIBCLI_SMB samba-util samba-hostconfig dcerpc-samr RPC_NDR_LSA DYNCONFIG pyrpc_util gensec',
         realname='samba/dcerpc/base.so'
         )
@@ -200 +152 @@
         )
 
+bld.SAMBA_PYTHON('python_dns',
+        source='../../librpc/gen_ndr/py_dns.c',
+        deps='NDR_DNS pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/dns.so'
+        )
+
+bld.SAMBA_PYTHON('python_auth',
+        source='../../librpc/gen_ndr/py_auth.c',
+        deps='NDR_AUTH pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/auth.so'
+        )
+
+bld.SAMBA_PYTHON('python_krb5pac',
+        source='../../librpc/gen_ndr/py_krb5pac.c',
+        deps='ndr-krb5pac pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/krb5pac.so'
+        )
 
 bld.SAMBA_PYTHON('python_winreg',
@@ -238 +207 @@
 bld.SAMBA_PYTHON('python_atsvc',
         source='../../librpc/gen_ndr/py_atsvc.c',
-        deps='dcerpc-atsvc pytalloc-util pyrpc_util',
+        deps='RPC_NDR_ATSVC pytalloc-util pyrpc_util',
         realname='samba/dcerpc/atsvc.so'
         )
@@ -245 +214 @@
 bld.SAMBA_PYTHON('python_dcerpc_nbt',
         source='../../librpc/gen_ndr/py_nbt.c',
-        deps='NDR_NBT RPC_NDR_NBT pytalloc-util pyrpc_util',
+        deps='ndr_nbt RPC_NDR_NBT pytalloc-util pyrpc_util',
         realname='samba/dcerpc/nbt.so'
         )
@@ -284 +253 @@
         )
 
+bld.SAMBA_PYTHON('python_dcerpc_dcerpc',
+        source='../../librpc/gen_ndr/py_dcerpc.c',
+        deps='NDR_DCERPC pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/dcerpc.so'
+        )
 
 bld.SAMBA_PYTHON('python_unixinfo',
@@ -298 +272 @@
         )
 
+bld.SAMBA_PYTHON('python_server_id',
+        source='../../librpc/gen_ndr/py_server_id.c',
+        deps='RPC_NDR_SERVER_ID pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/server_id.so'
+        )
+
 bld.SAMBA_PYTHON('python_winbind',
-        source='gen_ndr/py_winbind.c',
+        source='../../librpc/gen_ndr/py_winbind.c',
         deps='RPC_NDR_WINBIND pytalloc-util pyrpc_util python_netlogon',
         realname='samba/dcerpc/winbind.so'
@@ -331 +311 @@
 bld.SAMBA_PYTHON('python_dcerpc_dnsp',
         source='../../librpc/gen_ndr/py_dnsp.c',
-        deps='pytalloc-util pyrpc_util NDR_SECURITY RPC_NDR_DNSP',
+        deps='pytalloc-util pyrpc_util NDR_SECURITY NDR_DNSP',
         realname='samba/dcerpc/dnsp.so'
         )
@@ -342 +322 @@
         )
 
+bld.SAMBA_PYTHON('python_dcerpc_idmap',
+        source='../../librpc/gen_ndr/py_idmap.c',
+        deps='pytalloc-util pyrpc_util RPC_NDR_XATTR',
+        realname='samba/dcerpc/idmap.so'
+        )
+
 bld.SAMBA_PYTHON('python_netlogon',
         source='../../librpc/gen_ndr/py_netlogon.c',
@@ -348 +334 @@
         )
 
+bld.SAMBA_PYTHON('python_dnsserver',
+        source='../../librpc/gen_ndr/py_dnsserver.c',
+        deps='RPC_NDR_DNSSERVER pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/dnsserver.so'
+        )
+
+bld.SAMBA_PYTHON('python_dcerpc_smb_acl',
+        source='../../librpc/gen_ndr/py_smb_acl.c',
+        deps='pytalloc-util pyrpc_util',
+        realname='samba/dcerpc/smb_acl.so'
+        )
+
 bld.SAMBA_SCRIPT('python_dcerpc_init',
                  pattern='rpc/dcerpc.py',