]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/samba/CVE-preparation-v3-6.patch
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
samba: import RHEL security fixes.
[ipfire-2.x.git] / src / patches / samba / CVE-preparation-v3-6.patch
CommitLineData
77ecb239
AF		 1From 39a3fa39967faaf216be8e108ca57d07de1aa95a Mon Sep 17 00:00:00 2001
2From: Vadim Zhukov <persgray@gmail.com>
3Date: Sat, 25 May 2013 15:19:24 +0100
4Subject: [PATCH 01/41] pidl: Recent Perl warns about "defined(@var)"
5 constructs.
6
7Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
8
9Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
10Autobuild-Date(master): Sat May 25 18:10:53 CEST 2013 on sn-devel-104
11
12(cherry picked from commit 92254d09e0ee5a7d9d0cd91fe1803f54e64d9a5f)
13---
14 pidl/lib/Parse/Pidl/ODL.pm | 2 +-
15 pidl/pidl | 2 +-
16 2 files changed, 2 insertions(+), 2 deletions(-)
17
18Index: samba-3.6.23/pidl/lib/Parse/Pidl/ODL.pm
19===================================================================
20--- samba-3.6.23.orig/pidl/lib/Parse/Pidl/ODL.pm
21+++ samba-3.6.23/pidl/lib/Parse/Pidl/ODL.pm
22@@ -70,7 +70,7 @@ sub ODL2IDL
23 next;
24 }
25 my $podl = Parse::Pidl::IDL::parse_file($idl_path, $opt_incdirs);
26- if (defined(@$podl)) {
27+ if (defined($podl)) {
28 require Parse::Pidl::Typelist;
29 my $basename = basename($idl_path, ".idl");
30
31Index: samba-3.6.23/pidl/pidl
32===================================================================
33--- samba-3.6.23.orig/pidl/pidl
34+++ samba-3.6.23/pidl/pidl
35@@ -605,7 +605,7 @@ sub process_file($)
36 require Parse::Pidl::IDL;
37
38 $pidl = Parse::Pidl::IDL::parse_file($idl_file, \@opt_incdirs);
39- defined @$pidl || die "Failed to parse $idl_file";
40+ defined $pidl || die "Failed to parse $idl_file";
41 }
42
43 require Parse::Pidl::Typelist;
44Index: samba-3.6.23/source4/heimdal/cf/make-proto.pl
45===================================================================
46--- samba-3.6.23.orig/source4/heimdal/cf/make-proto.pl
47+++ samba-3.6.23/source4/heimdal/cf/make-proto.pl
48@@ -1,8 +1,8 @@
49 # Make prototypes from .c files
50 # $Id$
51
52-##use Getopt::Std;
53-require 'getopts.pl';
54+use Getopt::Std;
55+#require 'getopts.pl';
56
57 my $comment = 0;
58 my $if_0 = 0;
59@@ -12,7 +12,7 @@ my $debug = 0;
60 my $oproto = 1;
61 my $private_func_re = "^_";
62
63-Getopts('x:m:o:p:dqE:R:P:') || die "foo";
64+getopts('x:m:o:p:dqE:R:P:') || die "foo";
65
66 if($opt_d) {
67 $debug = 1;
68Index: samba-3.6.23/source3/Makefile-smbtorture4
69===================================================================
70--- samba-3.6.23.orig/source3/Makefile-smbtorture4
71+++ samba-3.6.23/source3/Makefile-smbtorture4
72@@ -6,7 +6,7 @@ SAMBA4_BINARIES="smbtorture,ndrdump"
73 samba4-configure:
74 @(cd .. && \
75 CFLAGS='' $(WAF) reconfigure || \
76- CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure )
77+ CFLAGS='' $(WAF) configure --enable-socket-wrapper --enable-nss-wrapper --enable-uid-wrapper --nonshared-binary=$(SAMBA4_BINARIES) --enable-auto-reconfigure --bundled-libraries=ALL --disable-gnutls )
78
79 .PHONY: samba4-configure
80
81Index: samba-3.6.23/source4/lib/ldb/wscript
82===================================================================
83--- samba-3.6.23.orig/source4/lib/ldb/wscript
84+++ samba-3.6.23/source4/lib/ldb/wscript
85@@ -135,9 +135,7 @@ def build(bld):
86 pc_files=ldb_pc_files,
87 vnum=VERSION,
88 private_library=private_library,
89- manpages='man/ldb.3',
90- abi_directory = 'ABI',
91- abi_match = abi_match)
92+ manpages='man/ldb.3')
93
94 # generate a include/ldb_version.h
95 t = bld.SAMBA_GENERATOR('ldb_version.h',
96Index: samba-3.6.23/source3/selftest/skip
97===================================================================
98--- samba-3.6.23.orig/source3/selftest/skip
99+++ samba-3.6.23/source3/selftest/skip
100@@ -22,3 +22,8 @@ samba3.*raw.ioctl
101 samba3.*raw.qfileinfo
102 samba3.*raw.qfsinfo
103 samba3.*raw.sfileinfo.base
104+# skip, don't work for badlock backports
105+samba3.posix_s3.raw.eas
106+samba3.posix_s3.raw.rename
107+samba3.posix_s3.raw.search
108+samba3.posix_s3.raw.streams
109Index: samba-3.6.23/librpc/ndr/ndr_ntlmssp.c
110===================================================================
111--- samba-3.6.23.orig/librpc/ndr/ndr_ntlmssp.c
112+++ samba-3.6.23/librpc/ndr/ndr_ntlmssp.c
113@@ -176,4 +176,20 @@ _PUBLIC_ void ndr_print_ntlmssp_Version(
114 }
115 }
116
117+_PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list,
118+ enum ntlmssp_AvId AvId)
119+{
120+ struct AV_PAIR *res = NULL;
121+ uint32_t i = 0;
122
123+ for (i = 0; i < av_list->count; i++) {
124+ if (av_list->pair[i].AvId != AvId) {
125+ continue;
126+ }
127+
128+ res = discard_const_p(struct AV_PAIR, &av_list->pair[i]);
129+ break;
130+ }
131+
132+ return res;
133+}
134Index: samba-3.6.23/librpc/ndr/ndr_ntlmssp.h
135===================================================================
136--- samba-3.6.23.orig/librpc/ndr/ndr_ntlmssp.h
137+++ samba-3.6.23/librpc/ndr/ndr_ntlmssp.h
138@@ -31,3 +31,5 @@ _PUBLIC_ void ndr_print_ntlmssp_lm_respo
139 bool ntlmv2);
140 _PUBLIC_ void ndr_print_ntlmssp_Version(struct ndr_print *ndr, const char *name, const union ntlmssp_Version *r);
141
142+_PUBLIC_ struct AV_PAIR *ndr_ntlmssp_find_av(const struct AV_PAIR_LIST *av_list,
143+ enum ntlmssp_AvId AvId);
144Index: samba-3.6.23/librpc/ABI/ndr-0.0.2.sigs
145===================================================================
146--- /dev/null
147+++ samba-3.6.23/librpc/ABI/ndr-0.0.2.sigs
148@@ -0,0 +1,247 @@
149+GUID_all_zero: bool (const struct GUID *)
150+GUID_compare: int (const struct GUID *, const struct GUID *)
151+GUID_equal: bool (const struct GUID *, const struct GUID *)
152+GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *)
153+GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *)
154+GUID_from_string: NTSTATUS (const char *, struct GUID *)
155+GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *)
156+GUID_random: struct GUID (void)
157+GUID_string: char *(TALLOC_CTX *, const struct GUID *)
158+GUID_string2: char *(TALLOC_CTX *, const struct GUID *)
159+GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *)
160+GUID_zero: struct GUID (void)
161+ndr_align_size: size_t (uint32_t, size_t)
162+ndr_charset_length: uint32_t (const void *, charset_t)
163+ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t)
164+ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t)
165+ndr_check_padding: void (struct ndr_pull *, size_t)
166+ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t)
167+ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t)
168+ndr_get_array_length: uint32_t (struct ndr_pull *, const void *)
169+ndr_get_array_size: uint32_t (struct ndr_pull *, const void *)
170+ndr_map_error2errno: int (enum ndr_err_code)
171+ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code)
172+ndr_map_error2string: const char *(enum ndr_err_code)
173+ndr_policy_handle_empty: bool (const struct policy_handle *)
174+ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *)
175+ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB)
176+ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *)
177+ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *)
178+ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS)
179+ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME)
180+ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME)
181+ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME)
182+ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR)
183+ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t)
184+ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t)
185+ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t)
186+ndr_print_bool: void (struct ndr_print *, const char *, const bool)
187+ndr_print_debug: void (ndr_print_fn_t, const char *, void *)
188+ndr_print_debug_helper: void (struct ndr_print *, const char *, ...)
189+ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *)
190+ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...)
191+ndr_print_dlong: void (struct ndr_print *, const char *, int64_t)
192+ndr_print_double: void (struct ndr_print *, const char *, double)
193+ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t)
194+ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *)
195+ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *)
196+ndr_print_get_switch_value: uint32_t (struct ndr_print *, const void *)
197+ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t)
198+ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t)
199+ndr_print_int16: void (struct ndr_print *, const char *, int16_t)
200+ndr_print_int32: void (struct ndr_print *, const char *, int32_t)
201+ndr_print_int3264: void (struct ndr_print *, const char *, int32_t)
202+ndr_print_int8: void (struct ndr_print *, const char *, int8_t)
203+ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *)
204+ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *)
205+ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *)
206+ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID)
207+ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType)
208+ndr_print_null: void (struct ndr_print *)
209+ndr_print_pointer: void (struct ndr_print *, const char *, void *)
210+ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *)
211+ndr_print_printf_helper: void (struct ndr_print *, const char *, ...)
212+ndr_print_ptr: void (struct ndr_print *, const char *, const void *)
213+ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t)
214+ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *)
215+ndr_print_string: void (struct ndr_print *, const char *, const char *)
216+ndr_print_string_array: void (struct ndr_print *, const char *, const char **)
217+ndr_print_string_helper: void (struct ndr_print *, const char *, ...)
218+ndr_print_struct: void (struct ndr_print *, const char *, const char *)
219+ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *)
220+ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t)
221+ndr_print_time_t: void (struct ndr_print *, const char *, time_t)
222+ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *)
223+ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *)
224+ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t)
225+ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t)
226+ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t)
227+ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t)
228+ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t)
229+ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t)
230+ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t)
231+ndr_print_union: void (struct ndr_print *, const char *, int, const char *)
232+ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *)
233+ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *)
234+ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *)
235+ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type)
236+ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *)
237+ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *)
238+ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *)
239+ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *)
240+ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *)
241+ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *)
242+ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *)
243+ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *)
244+ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t)
245+ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t)
246+ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *)
247+ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *)
248+ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t)
249+ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t)
250+ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t)
251+ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t)
252+ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *)
253+ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *)
254+ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
255+ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
256+ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
257+ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *)
258+ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, ...)
259+ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *)
260+ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *)
261+ndr_pull_get_switch_value: uint32_t (struct ndr_pull *, const void *)
262+ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *)
263+ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *)
264+ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *)
265+ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *)
266+ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *)
267+ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *)
268+ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **)
269+ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **)
270+ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *)
271+ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *)
272+ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *)
273+ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **)
274+ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *)
275+ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *)
276+ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t)
277+ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *)
278+ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *)
279+ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t)
280+ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t)
281+ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t)
282+ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *)
283+ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **)
284+ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***)
285+ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t)
286+ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t)
287+ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t)
288+ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t)
289+ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
290+ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *)
291+ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *)
292+ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *)
293+ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t)
294+ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *)
295+ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *)
296+ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *)
297+ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
298+ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
299+ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
300+ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
301+ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *)
302+ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t)
303+ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t)
304+ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t)
305+ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *)
306+ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *)
307+ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB)
308+ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *)
309+ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *)
310+ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS)
311+ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME)
312+ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME)
313+ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME)
314+ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR)
315+ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t)
316+ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t)
317+ndr_push_blob: DATA_BLOB (struct ndr_push *)
318+ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t)
319+ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t)
320+ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t)
321+ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double)
322+ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t)
323+ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t)
324+ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t)
325+ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t)
326+ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, ...)
327+ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t)
328+ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *)
329+ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *)
330+ndr_push_get_switch_value: uint32_t (struct ndr_push *, const void *)
331+ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t)
332+ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t)
333+ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *)
334+ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t)
335+ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t)
336+ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t)
337+ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *)
338+ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *)
339+ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *)
340+ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID)
341+ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType)
342+ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t)
343+ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *)
344+ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *)
345+ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *)
346+ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *)
347+ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *)
348+ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *)
349+ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t)
350+ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t)
351+ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t)
352+ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *)
353+ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *)
354+ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *)
355+ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *)
356+ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **)
357+ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t)
358+ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t)
359+ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t)
360+ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t)
361+ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t)
362+ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *)
363+ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *)
364+ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t)
365+ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t)
366+ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t)
367+ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t)
368+ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t)
369+ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t)
370+ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t)
371+ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t)
372+ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t)
373+ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t)
374+ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t)
375+ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *)
376+ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *)
377+ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type)
378+ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t)
379+ndr_set_flags: void (uint32_t *, uint32_t)
380+ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int)
381+ndr_size_GUID: size_t (const struct GUID *, int)
382+ndr_size_string: uint32_t (int, const char * const *, int)
383+ndr_size_string_array: size_t (const char **, uint32_t, int)
384+ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t)
385+ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t)
386+ndr_string_array_size: size_t (struct ndr_push *, const char *)
387+ndr_string_length: uint32_t (const void *, uint32_t)
388+ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *)
389+ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0
390+ndr_token_peek: uint32_t (struct ndr_token_list **, const void *)
391+ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *)
392+ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *, comparison_fn_t, bool)
393+ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list **, const void *, uint32_t)
394+ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2
395+ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1
396Index: samba-3.6.23/librpc/ndr/libndr.h
397===================================================================
398--- samba-3.6.23.orig/librpc/ndr/libndr.h
399+++ samba-3.6.23/librpc/ndr/libndr.h
400@@ -124,6 +124,20 @@ struct ndr_print {
401 #define LIBNDR_FLAG_STR_UTF8 (1<<12)
402 #define LIBNDR_STRING_FLAGS (0x7FFC)
403
404+/*
405+ * don't debug NDR_ERR_BUFSIZE failures,
406+ * as the available buffer might be incomplete.
407+ *
408+ * return NDR_ERR_INCOMPLETE_BUFFER instead.
409+ */
410+#define LIBNDR_FLAG_INCOMPLETE_BUFFER (1<<16)
411+
412+/*
413+ * This lets ndr_pull_subcontext_end() return
414+ * NDR_ERR_UNREAD_BYTES.
415+ */
416+#define LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES (1<<17)
417+
418 /* set if relative pointers should *not* be marshalled in reverse order */
419 #define LIBNDR_FLAG_NO_RELATIVE_REVERSE (1<<18)
420
421@@ -163,6 +177,7 @@ struct ndr_print {
422
423 /* useful macro for debugging */
424 #define NDR_PRINT_DEBUG(type, p) ndr_print_debug((ndr_print_fn_t)ndr_print_ ##type, #p, p)
425+#define NDR_PRINT_DEBUGC(dbgc_class, type, p) ndr_print_debugc(dbgc_class, (ndr_print_fn_t)ndr_print_ ##type, #p, p)
426 #define NDR_PRINT_UNION_DEBUG(type, level, p) ndr_print_union_debug((ndr_print_fn_t)ndr_print_ ##type, #p, level, p)
427 #define NDR_PRINT_FUNCTION_DEBUG(type, flags, p) ndr_print_function_debug((ndr_print_function_t)ndr_print_ ##type, #type, flags, p)
428 #define NDR_PRINT_BOTH_DEBUG(type, p) NDR_PRINT_FUNCTION_DEBUG(type, NDR_BOTH, p)
429@@ -199,7 +214,9 @@ enum ndr_err_code {
430 NDR_ERR_IPV6ADDRESS,
431 NDR_ERR_INVALID_POINTER,
432 NDR_ERR_UNREAD_BYTES,
433- NDR_ERR_NDR64
434+ NDR_ERR_NDR64,
435+ NDR_ERR_FLAGS,
436+ NDR_ERR_INCOMPLETE_BUFFER
437 };
438
439 #define NDR_ERR_CODE_IS_SUCCESS(x) (x == NDR_ERR_SUCCESS)
440@@ -217,20 +234,52 @@ enum ndr_compression_alg {
441
442 /*
443 flags passed to control parse flow
444+ These are deliberately in a different range to the NDR_IN/NDR_OUT
445+ flags to catch mixups
446 */
447-#define NDR_SCALARS 1
448-#define NDR_BUFFERS 2
449+#define NDR_SCALARS 0x100
450+#define NDR_BUFFERS 0x200
451
452 /*
453- flags passed to ndr_print_*()
454+ flags passed to ndr_print_*() and ndr pull/push for functions
455+ These are deliberately in a different range to the NDR_SCALARS/NDR_BUFFERS
456+ flags to catch mixups
457 */
458-#define NDR_IN 1
459-#define NDR_OUT 2
460-#define NDR_BOTH 3
461-#define NDR_SET_VALUES 4
462+#define NDR_IN 0x10
463+#define NDR_OUT 0x20
464+#define NDR_BOTH 0x30
465+#define NDR_SET_VALUES 0x40
466+
467+
468+#define NDR_PULL_CHECK_FLAGS(ndr, ndr_flags) do { \
469+ if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) { \
470+ return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid pull struct ndr_flags 0x%x", ndr_flags); \
471+ } \
472+} while (0)
473+
474+#define NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags) do { \
475+ if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) \
476+ return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid push struct ndr_flags 0x%x", ndr_flags); \
477+} while (0)
478+
479+#define NDR_PULL_CHECK_FN_FLAGS(ndr, flags) do { \
480+ if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) { \
481+ return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid fn pull flags 0x%x", flags); \
482+ } \
483+} while (0)
484+
485+#define NDR_PUSH_CHECK_FN_FLAGS(ndr, flags) do { \
486+ if ((flags) & ~(NDR_BOTH|NDR_SET_VALUES)) \
487+ return ndr_push_error(ndr, NDR_ERR_FLAGS, "Invalid fn push flags 0x%x", flags); \
488+} while (0)
489
490 #define NDR_PULL_NEED_BYTES(ndr, n) do { \
491 if (unlikely((n) > ndr->data_size || ndr->offset + (n) > ndr->data_size)) { \
492+ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \
493+ uint32_t _available = ndr->data_size - ndr->offset; \
494+ uint32_t _missing = n - _available; \
495+ ndr->relative_highest_offset = _missing; \
496+ } \
497 return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull bytes %u (%s)", (unsigned)n, __location__); \
498 } \
499 } while(0)
500@@ -247,6 +296,10 @@ enum ndr_compression_alg {
501 ndr->offset = (ndr->offset + (n-1)) & ~(n-1); \
502 } \
503 if (unlikely(ndr->offset > ndr->data_size)) { \
504+ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) { \
505+ uint32_t _missing = ndr->offset - ndr->data_size; \
506+ ndr->relative_highest_offset = _missing; \
507+ } \
508 return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "Pull align %u", (unsigned)n); \
509 } \
510 } while(0)
511@@ -402,6 +455,8 @@ void ndr_print_dom_sid0(struct ndr_print
512 size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags);
513 void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *guid);
514 bool ndr_syntax_id_equal(const struct ndr_syntax_id *i1, const struct ndr_syntax_id *i2);
515+char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id);
516+bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id);
517 enum ndr_err_code ndr_push_struct_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, const void *p, ndr_push_flags_fn_t fn);
518 enum ndr_err_code ndr_push_union_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, void *p, uint32_t level, ndr_push_flags_fn_t fn);
519 size_t ndr_size_struct(const void *p, int flags, ndr_push_flags_fn_t push);
520@@ -424,14 +479,18 @@ enum ndr_err_code ndr_pull_relative_ptr2
521 enum ndr_err_code ndr_pull_relative_ptr_short(struct ndr_pull *ndr, uint16_t *v);
522 size_t ndr_align_size(uint32_t offset, size_t n);
523 struct ndr_pull *ndr_pull_init_blob(const DATA_BLOB *blob, TALLOC_CTX *mem_ctx);
524+enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob);
525+enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr);
526 enum ndr_err_code ndr_pull_advance(struct ndr_pull *ndr, uint32_t size);
527 struct ndr_push *ndr_push_init_ctx(TALLOC_CTX *mem_ctx);
528 DATA_BLOB ndr_push_blob(struct ndr_push *ndr);
529 enum ndr_err_code ndr_push_expand(struct ndr_push *ndr, uint32_t extra_size);
530 void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
531+void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
532 void ndr_print_printf_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
533 void ndr_print_string_helper(struct ndr_print *ndr, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
534 void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr);
535+void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr);
536 void ndr_print_union_debug(ndr_print_fn_t fn, const char *name, uint32_t level, void *ptr);
537 void ndr_print_function_debug(ndr_print_function_t fn, const char *name, int flags, void *ptr);
538 char *ndr_print_struct_string(TALLOC_CTX *mem_ctx, ndr_print_fn_t fn, const char *name, void *ptr);
539Index: samba-3.6.23/librpc/ndr/ndr.c
540===================================================================
541--- samba-3.6.23.orig/librpc/ndr/ndr.c
542+++ samba-3.6.23/librpc/ndr/ndr.c
543@@ -77,6 +77,111 @@ _PUBLIC_ struct ndr_pull *ndr_pull_init_
544 return ndr;
545 }
546
547+_PUBLIC_ enum ndr_err_code ndr_pull_append(struct ndr_pull *ndr, DATA_BLOB *blob)
548+{
549+ enum ndr_err_code ndr_err;
550+ DATA_BLOB b;
551+ uint32_t append = 0;
552+ bool ok;
553+
554+ if (blob->length == 0) {
555+ return NDR_ERR_SUCCESS;
556+ }
557+
558+ ndr_err = ndr_token_retrieve(&ndr->array_size_list, ndr, &append);
559+ if (ndr_err == NDR_ERR_TOKEN) {
560+ append = 0;
561+ ndr_err = NDR_ERR_SUCCESS;
562+ }
563+ NDR_CHECK(ndr_err);
564+
565+ if (ndr->data_size == 0) {
566+ ndr->data = NULL;
567+ append = UINT32_MAX;
568+ }
569+
570+ if (append == UINT32_MAX) {
571+ /*
572+ * append == UINT32_MAX means that
573+ * ndr->data is either NULL or a valid
574+ * talloc child of ndr, which means
575+ * we can use data_blob_append() without
576+ * data_blob_talloc() of the existing callers data
577+ */
578+ b = data_blob_const(ndr->data, ndr->data_size);
579+ } else {
580+ b = data_blob_talloc(ndr, ndr->data, ndr->data_size);
581+ if (b.data == NULL) {
582+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__);
583+ }
584+ }
585+
586+ ok = data_blob_append(ndr, &b, blob->data, blob->length);
587+ if (!ok) {
588+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__);
589+ }
590+
591+ ndr->data = b.data;
592+ ndr->data_size = b.length;
593+
594+ return ndr_token_store(ndr, &ndr->array_size_list, ndr, UINT32_MAX);
595+}
596+
597+_PUBLIC_ enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr)
598+{
599+ uint32_t skip = 0;
600+ uint32_t append = 0;
601+
602+ if (ndr->relative_base_offset != 0) {
603+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE,
604+ "%s", __location__);
605+ }
606+ if (ndr->relative_highest_offset != 0) {
607+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE,
608+ "%s", __location__);
609+ }
610+ if (ndr->relative_list != NULL) {
611+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE,
612+ "%s", __location__);
613+ }
614+ if (ndr->relative_base_list != NULL) {
615+ return ndr_pull_error(ndr, NDR_ERR_RELATIVE,
616+ "%s", __location__);
617+ }
618+
619+ /*
620+ * we need to keep up to 7 bytes
621+ * in order to get the aligment right.
622+ */
623+ skip = ndr->offset & 0xFFFFFFF8;
624+
625+ if (skip == 0) {
626+ return NDR_ERR_SUCCESS;
627+ }
628+
629+ ndr->offset -= skip;
630+ ndr->data_size -= skip;
631+
632+ append = ndr_token_peek(&ndr->array_size_list, ndr);
633+ if (append != UINT32_MAX) {
634+ /*
635+ * here we assume, that ndr->data is not a
636+ * talloc child of ndr.
637+ */
638+ ndr->data += skip;
639+ return NDR_ERR_SUCCESS;
640+ }
641+
642+ memmove(ndr->data, ndr->data + skip, ndr->data_size);
643+
644+ ndr->data = talloc_realloc(ndr, ndr->data, uint8_t, ndr->data_size);
645+ if (ndr->data_size != 0 && ndr->data == NULL) {
646+ return ndr_pull_error(ndr, NDR_ERR_ALLOC, "%s", __location__);
647+ }
648+
649+ return NDR_ERR_SUCCESS;
650+}
651+
652 /*
653 advance by 'size' bytes
654 */
655@@ -167,6 +272,38 @@ _PUBLIC_ enum ndr_err_code ndr_push_expa
656 return NDR_ERR_SUCCESS;
657 }
658
659+_PUBLIC_ void ndr_print_debugc_helper(struct ndr_print *ndr, const char *format, ...)
660+{
661+ va_list ap;
662+ char *s = NULL;
663+ uint32_t i;
664+ int ret;
665+ int dbgc_class;
666+
667+ va_start(ap, format);
668+ ret = vasprintf(&s, format, ap);
669+ va_end(ap);
670+
671+ if (ret == -1) {
672+ return;
673+ }
674+
675+ dbgc_class = *(int *)ndr->private_data;
676+
677+ if (ndr->no_newline) {
678+ DEBUGADDC(dbgc_class, 1,("%s", s));
679+ free(s);
680+ return;
681+ }
682+
683+ for (i=0;i<ndr->depth;i++) {
684+ DEBUGADDC(dbgc_class, 1,(" "));
685+ }
686+
687+ DEBUGADDC(dbgc_class, 1,("%s\n", s));
688+ free(s);
689+}
690+
691 _PUBLIC_ void ndr_print_debug_helper(struct ndr_print *ndr, const char *format, ...)
692 {
693 va_list ap;
694@@ -238,6 +375,25 @@ _PUBLIC_ void ndr_print_string_helper(st
695 }
696
697 /*
698+ a useful helper function for printing idl structures via DEBUGC()
699+*/
700+_PUBLIC_ void ndr_print_debugc(int dbgc_class, ndr_print_fn_t fn, const char *name, void *ptr)
701+{
702+ struct ndr_print *ndr;
703+
704+ DEBUGC(dbgc_class, 1,(" "));
705+
706+ ndr = talloc_zero(NULL, struct ndr_print);
707+ if (!ndr) return;
708+ ndr->private_data = &dbgc_class;
709+ ndr->print = ndr_print_debugc_helper;
710+ ndr->depth = 1;
711+ ndr->flags = 0;
712+ fn(ndr, name, ptr);
713+ talloc_free(ndr);
714+}
715+
716+/*
717 a useful helper function for printing idl structures via DEBUG()
718 */
719 _PUBLIC_ void ndr_print_debug(ndr_print_fn_t fn, const char *name, void *ptr)
720@@ -403,6 +559,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_erro
721 va_list ap;
722 int ret;
723
724+ if (ndr->flags & LIBNDR_FLAG_INCOMPLETE_BUFFER) {
725+ switch (ndr_err) {
726+ case NDR_ERR_BUFSIZE:
727+ return NDR_ERR_INCOMPLETE_BUFFER;
728+ default:
729+ break;
730+ }
731+ }
732+
733 va_start(ap, format);
734 ret = vasprintf(&s, format, ap);
735 va_end(ap);
736@@ -557,6 +722,23 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subc
737 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &reserved));
738 break;
739 }
740+ case 0xFFFFFFFF:
741+ /*
742+ * a shallow copy like subcontext
743+ * useful for DCERPC pipe chunks.
744+ */
745+ subndr = talloc_zero(ndr, struct ndr_pull);
746+ NDR_ERR_HAVE_NO_MEMORY(subndr);
747+
748+ subndr->flags = ndr->flags;
749+ subndr->current_mem_ctx = ndr->current_mem_ctx;
750+ subndr->data = ndr->data;
751+ subndr->offset = ndr->offset;
752+ subndr->data_size = ndr->data_size;
753+
754+ *_subndr = subndr;
755+ return NDR_ERR_SUCCESS;
756+
757 default:
758 return ndr_pull_error(ndr, NDR_ERR_SUBCONTEXT, "Bad subcontext (PULL) header_size %d",
759 (int)header_size);
760@@ -589,13 +771,35 @@ _PUBLIC_ enum ndr_err_code ndr_pull_subc
761 ssize_t size_is)
762 {
763 uint32_t advance;
764- if (size_is >= 0) {
765+ uint32_t highest_ofs;
766+
767+ if (header_size == 0xFFFFFFFF) {
768+ advance = subndr->offset - ndr->offset;
769+ } else if (size_is >= 0) {
770 advance = size_is;
771 } else if (header_size > 0) {
772 advance = subndr->data_size;
773 } else {
774 advance = subndr->offset;
775 }
776+
777+ if (subndr->offset > ndr->relative_highest_offset) {
778+ highest_ofs = subndr->offset;
779+ } else {
780+ highest_ofs = subndr->relative_highest_offset;
781+ }
782+ if (!(subndr->flags & LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES)) {
783+ /*
784+ * avoid an error unless SUBCONTEXT_NO_UNREAD_BYTES is specified
785+ */
786+ highest_ofs = advance;
787+ }
788+ if (highest_ofs < advance) {
789+ return ndr_pull_error(subndr, NDR_ERR_UNREAD_BYTES,
790+ "not all bytes consumed ofs[%u] advance[%u]",
791+ highest_ofs, advance);
792+ }
793+
794 NDR_CHECK(ndr_pull_advance(ndr, advance));
795 return NDR_ERR_SUCCESS;
796 }
797@@ -1440,6 +1644,7 @@ const static struct {
798 { NDR_ERR_INVALID_POINTER, "Invalid Pointer" },
799 { NDR_ERR_UNREAD_BYTES, "Unread Bytes" },
800 { NDR_ERR_NDR64, "NDR64 assertion error" },
801+ { NDR_ERR_INCOMPLETE_BUFFER, "Incomplete Buffer" },
802 { 0, NULL }
803 };
804
805Index: samba-3.6.23/librpc/idl/idl_types.h
806===================================================================
807--- samba-3.6.23.orig/librpc/idl/idl_types.h
808+++ samba-3.6.23/librpc/idl/idl_types.h
809@@ -47,3 +47,5 @@
810
811 #define NDR_RELATIVE_REVERSE LIBNDR_FLAG_RELATIVE_REVERSE
812 #define NDR_NO_RELATIVE_REVERSE LIBNDR_FLAG_NO_RELATIVE_REVERSE
813+
814+#define NDR_SUBCONTEXT_NO_UNREAD_BYTES LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES
815Index: samba-3.6.23/librpc/idl/dcerpc.idl
816===================================================================
817--- samba-3.6.23.orig/librpc/idl/dcerpc.idl
818+++ samba-3.6.23/librpc/idl/dcerpc.idl
819@@ -10,6 +10,8 @@
820 */
821 import "misc.idl";
822
823+cpp_quote("extern const uint8_t DCERPC_SEC_VT_MAGIC[8];")
824+
825 interface dcerpc
826 {
827 typedef struct {
828@@ -453,14 +455,21 @@ interface dcerpc
829 } dcerpc_payload;
830
831 /* pfc_flags values */
832- const uint8 DCERPC_PFC_FLAG_FIRST = 0x01; /* First fragment */
833- const uint8 DCERPC_PFC_FLAG_LAST = 0x02; /* Last fragment */
834- const uint8 DCERPC_PFC_FLAG_PENDING_CANCEL = 0x04; /* Cancel was pending at sender */
835- const uint8 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN = DCERPC_PFC_FLAG_PENDING_CANCEL; /* depends on the pdu type */
836- const uint8 DCERPC_PFC_FLAG_CONC_MPX = 0x10; /* supports concurrent multiplexing of a single connection. */
837- const uint8 DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20; /* on a fault it means the server hasn't done anything */
838- const uint8 DCERPC_PFC_FLAG_MAYBE = 0x40; /* `maybe' call semantics requested */
839- const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */
840+ typedef [bitmap8bit] bitmap {
841+ DCERPC_PFC_FLAG_FIRST = 0x01, /* First fragment */
842+ DCERPC_PFC_FLAG_LAST = 0x02, /* Last fragment */
843+ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING = 0x04, /* depends on the pdu type */
844+ DCERPC_PFC_FLAG_CONC_MPX = 0x10, /* supports concurrent multiplexing of a single connection. */
845+ DCERPC_PFC_FLAG_DID_NOT_EXECUTE = 0x20, /* on a fault it means the server hasn't done anything */
846+ DCERPC_PFC_FLAG_MAYBE = 0x40, /* `maybe' call semantics requested */
847+ DCERPC_PFC_FLAG_OBJECT_UUID = 0x80 /* on valid guid is in the optional object field */
848+ } dcerpc_pfc_flags;
849+
850+ /* Cancel was pending at sender */
851+ const int DCERPC_PFC_FLAG_PENDING_CANCEL =
852+ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING;
853+ const ist DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN =
854+ DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING;
855
856 /* these offsets are needed by the signing code */
857 const uint8 DCERPC_PFC_OFFSET = 3;
858@@ -468,6 +477,7 @@ interface dcerpc
859 const uint8 DCERPC_FRAG_LEN_OFFSET = 8;
860 const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
861 const uint8 DCERPC_CALL_ID_OFFSET = 12;
862+ const uint8 DCERPC_NCACN_PAYLOAD_OFFSET = 16;
863
864 /* little-endian flag */
865 const uint8 DCERPC_DREP_LE = 0x10;
866@@ -476,7 +486,7 @@ interface dcerpc
867 uint8 rpc_vers; /* RPC version */
868 uint8 rpc_vers_minor; /* Minor version */
869 dcerpc_pkt_type ptype; /* Packet type */
870- uint8 pfc_flags; /* Fragmentation flags */
871+ dcerpc_pfc_flags pfc_flags; /* Fragmentation flags */
872 uint8 drep[4]; /* NDR data representation */
873 uint16 frag_length; /* Total length of fragment */
874 uint16 auth_length; /* authenticator length */
875@@ -506,4 +516,69 @@ interface dcerpc
876 uint8 serial_low;
877 [switch_is(ptype)] dcerpc_payload u;
878 } ncadg_packet;
879+
880+ typedef [bitmap16bit] bitmap {
881+ DCERPC_SEC_VT_COMMAND_ENUM = 0x3FFF,
882+ DCERPC_SEC_VT_COMMAND_END = 0x4000,
883+ DCERPC_SEC_VT_MUST_PROCESS = 0x8000
884+ } dcerpc_sec_vt_command;
885+
886+ typedef [enum16bit] enum {
887+ DCERPC_SEC_VT_COMMAND_BITMASK1 = 0x0001,
888+ DCERPC_SEC_VT_COMMAND_PCONTEXT = 0x0002,
889+ DCERPC_SEC_VT_COMMAND_HEADER2 = 0x0003
890+ } dcerpc_sec_vt_command_enum;
891+
892+ typedef [bitmap32bit] bitmap {
893+ DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING = 0x00000001
894+ } dcerpc_sec_vt_bitmask1;
895+
896+ typedef struct {
897+ ndr_syntax_id abstract_syntax;
898+ ndr_syntax_id transfer_syntax;
899+ } dcerpc_sec_vt_pcontext;
900+
901+ typedef struct {
902+ dcerpc_pkt_type ptype; /* Packet type */
903+ [value(0)] uint8 reserved1;
904+ [value(0)] uint16 reserved2;
905+ uint8 drep[4]; /* NDR data representation */
906+ uint32 call_id; /* Call identifier */
907+ uint16 context_id;
908+ uint16 opnum;
909+ } dcerpc_sec_vt_header2;
910+
911+ typedef [switch_type(dcerpc_sec_vt_command_enum),nodiscriminant] union {
912+ [case(DCERPC_SEC_VT_COMMAND_BITMASK1)] dcerpc_sec_vt_bitmask1 bitmask1;
913+ [case(DCERPC_SEC_VT_COMMAND_PCONTEXT)] dcerpc_sec_vt_pcontext pcontext;
914+ [case(DCERPC_SEC_VT_COMMAND_HEADER2)] dcerpc_sec_vt_header2 header2;
915+ [default,flag(NDR_REMAINING)] DATA_BLOB _unknown;
916+ } dcerpc_sec_vt_union;
917+
918+ typedef struct {
919+ dcerpc_sec_vt_command command;
920+ [switch_is(command & DCERPC_SEC_VT_COMMAND_ENUM)]
921+ [subcontext(2),flag(NDR_SUBCONTEXT_NO_UNREAD_BYTES)]
922+ dcerpc_sec_vt_union u;
923+ } dcerpc_sec_vt;
924+
925+ typedef [public,nopush,nopull] struct {
926+ uint16 count;
927+ } dcerpc_sec_vt_count;
928+
929+ /*
930+ * We assume that the whole verification trailer fits into
931+ * the last 1024 bytes after the stub data.
932+ *
933+ * There're currently only 3 commands defined and each should
934+ * only be used once.
935+ */
936+ const uint16 DCERPC_SEC_VT_MAX_SIZE = 1024;
937+
938+ typedef [public,flag(NDR_PAHEX)] struct {
939+ [flag(NDR_ALIGN4)] DATA_BLOB _pad;
940+ [value(DCERPC_SEC_VT_MAGIC)] uint8 magic[8];
941+ dcerpc_sec_vt_count count;
942+ dcerpc_sec_vt commands[count.count];
943+ } dcerpc_sec_verification_trailer;
944 }
945Index: samba-3.6.23/librpc/ndr/ndr_dcerpc.c
946===================================================================
947--- /dev/null
948+++ samba-3.6.23/librpc/ndr/ndr_dcerpc.c
949@@ -0,0 +1,187 @@
950+/*
951+ Unix SMB/CIFS implementation.
952+
953+ Manually parsed structures found in the DCERPC protocol
954+
955+ Copyright (C) Stefan Metzmacher 2014
956+ Copyright (C) Gregor Beck 2014
957+
958+ This program is free software; you can redistribute it and/or modify
959+ it under the terms of the GNU General Public License as published by
960+ the Free Software Foundation; either version 3 of the License, or
961+ (at your option) any later version.
962+
963+ This program is distributed in the hope that it will be useful,
964+ but WITHOUT ANY WARRANTY; without even the implied warranty of
965+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
966+ GNU General Public License for more details.
967+
968+ You should have received a copy of the GNU General Public License
969+ along with this program. If not, see <http://www.gnu.org/licenses/>.
970+*/
971+
972+#include "includes.h"
973+#include "librpc/gen_ndr/ndr_dcerpc.h"
974+
975+#include "librpc/gen_ndr/ndr_misc.h"
976+#include "lib/util/bitmap.h"
977+
978+const uint8_t DCERPC_SEC_VT_MAGIC[] = {0x8a,0xe3,0x13,0x71,0x02,0xf4,0x36,0x71};
979+
980+_PUBLIC_ enum ndr_err_code ndr_push_dcerpc_sec_vt_count(struct ndr_push *ndr, int ndr_flags, const struct dcerpc_sec_vt_count *r)
981+{
982+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
983+ /* nothing */
984+ return NDR_ERR_SUCCESS;
985+}
986+
987+_PUBLIC_ enum ndr_err_code ndr_pull_dcerpc_sec_vt_count(struct ndr_pull *ndr, int ndr_flags, struct dcerpc_sec_vt_count *r)
988+{
989+ uint32_t _saved_ofs = ndr->offset;
990+
991+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
992+
993+ if (!(ndr_flags & NDR_SCALARS)) {
994+ return NDR_ERR_SUCCESS;
995+ }
996+
997+ r->count = 0;
998+
999+ while (true) {
1000+ uint16_t command;
1001+ uint16_t length;
1002+
1003+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &command));
1004+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &length));
1005+ NDR_CHECK(ndr_pull_advance(ndr, length));
1006+
1007+ r->count += 1;
1008+
1009+ if (command & DCERPC_SEC_VT_COMMAND_END) {
1010+ break;
1011+ }
1012+ }
1013+
1014+ ndr->offset = _saved_ofs;
1015+ return NDR_ERR_SUCCESS;
1016+}
1017+
1018+_PUBLIC_ enum ndr_err_code ndr_pop_dcerpc_sec_verification_trailer(
1019+ struct ndr_pull *ndr, TALLOC_CTX *mem_ctx,
1020+ struct dcerpc_sec_verification_trailer **_r)
1021+{
1022+ enum ndr_err_code ndr_err;
1023+ uint32_t ofs;
1024+ uint32_t min_ofs = 0;
1025+ struct dcerpc_sec_verification_trailer *r;
1026+ DATA_BLOB sub_blob = data_blob_null;
1027+ struct ndr_pull *sub_ndr = NULL;
1028+ uint32_t remaining;
1029+
1030+ *_r = NULL;
1031+
1032+ r = talloc_zero(mem_ctx, struct dcerpc_sec_verification_trailer);
1033+ if (r == NULL) {
1034+ return NDR_ERR_ALLOC;
1035+ }
1036+
1037+ if (ndr->data_size < sizeof(DCERPC_SEC_VT_MAGIC)) {
1038+ /*
1039+ * we return with r->count = 0
1040+ */
1041+ *_r = r;
1042+ return NDR_ERR_SUCCESS;
1043+ }
1044+
1045+ ofs = ndr->data_size - sizeof(DCERPC_SEC_VT_MAGIC);
1046+ /* the magic is 4 byte aligned */
1047+ ofs &= ~3;
1048+
1049+ if (ofs > DCERPC_SEC_VT_MAX_SIZE) {
1050+ /*
1051+ * We just scan the last 1024 bytes.
1052+ */
1053+ min_ofs = ofs - DCERPC_SEC_VT_MAX_SIZE;
1054+ } else {
1055+ min_ofs = 0;
1056+ }
1057+
1058+ while (true) {
1059+ int ret;
1060+
1061+ ret = memcmp(&ndr->data[ofs],
1062+ DCERPC_SEC_VT_MAGIC,
1063+ sizeof(DCERPC_SEC_VT_MAGIC));
1064+ if (ret == 0) {
1065+ sub_blob = data_blob_const(&ndr->data[ofs],
1066+ ndr->data_size - ofs);
1067+ break;
1068+ }
1069+
1070+ if (ofs <= min_ofs) {
1071+ break;
1072+ }
1073+
1074+ ofs -= 4;
1075+ }
1076+
1077+ if (sub_blob.length == 0) {
1078+ /*
1079+ * we return with r->count = 0
1080+ */
1081+ *_r = r;
1082+ return NDR_ERR_SUCCESS;
1083+ }
1084+
1085+ sub_ndr = ndr_pull_init_blob(&sub_blob, r);
1086+ if (sub_ndr == NULL) {
1087+ TALLOC_FREE(r);
1088+ return NDR_ERR_ALLOC;
1089+ }
1090+
1091+ ndr_err = ndr_pull_dcerpc_sec_verification_trailer(sub_ndr,
1092+ NDR_SCALARS | NDR_BUFFERS,
1093+ r);
1094+ if (ndr_err == NDR_ERR_ALLOC) {
1095+ TALLOC_FREE(r);
1096+ return NDR_ERR_ALLOC;
1097+ }
1098+
1099+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1100+ goto ignore_error;
1101+ }
1102+
1103+ remaining = sub_ndr->data_size - sub_ndr->offset;
1104+ if (remaining > 16) {
1105+ /*
1106+ * we expect not more than 16 byte of additional
1107+ * padding after the verification trailer.
1108+ */
1109+ goto ignore_error;
1110+ }
1111+
1112+ /*
1113+ * We assume that we got a real verification trailer.
1114+ *
1115+ * We remove it from the available stub data.
1116+ */
1117+ ndr->data_size = ofs;
1118+
1119+ TALLOC_FREE(sub_ndr);
1120+
1121+ *_r = r;
1122+ return NDR_ERR_SUCCESS;
1123+
1124+ignore_error:
1125+ TALLOC_FREE(sub_ndr);
1126+ /*
1127+ * just ignore the error, it's likely
1128+ * that the magic we found belongs to
1129+ * the stub data.
1130+ *
1131+ * we return with r->count = 0
1132+ */
1133+ ZERO_STRUCTP(r);
1134+ *_r = r;
1135+ return NDR_ERR_SUCCESS;
1136+}
1137Index: samba-3.6.23/librpc/wscript_build
1138===================================================================
1139--- samba-3.6.23.orig/librpc/wscript_build
1140+++ samba-3.6.23/librpc/wscript_build
1141@@ -274,8 +274,9 @@ bld.SAMBA_SUBSYSTEM('NDR_COMPRESSION',
1142 )
1143
1144 bld.SAMBA_SUBSYSTEM('NDR_DCERPC',
1145- source='gen_ndr/ndr_dcerpc.c',
1146+ source='gen_ndr/ndr_dcerpc.c ndr/ndr_dcerpc.c',
1147 public_deps='ndr',
1148+ deps='bitmap',
1149 public_headers='gen_ndr/ndr_dcerpc.h gen_ndr/dcerpc.h',
1150 header_path= [ ('*gen_ndr*', 'gen_ndr') ],
1151 )
1152Index: samba-3.6.23/source3/Makefile.in
1153===================================================================
1154--- samba-3.6.23.orig/source3/Makefile.in
1155+++ samba-3.6.23/source3/Makefile.in
1156@@ -323,7 +323,8 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \
1157 ../librpc/ndr/uuid.o \
1158 librpc/ndr/util.o \
1159 librpc/gen_ndr/ndr_server_id.o \
1160- librpc/gen_ndr/ndr_dcerpc.o
1161+ librpc/gen_ndr/ndr_dcerpc.o \
1162+ ../librpc/ndr/ndr_dcerpc.o
1163
1164 LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \
1165 librpc/gen_ndr/ndr_lsa.o
1166@@ -454,7 +455,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ
1167 lib/username.o \
1168 ../libds/common/flag_mapping.o \
1169 lib/access.o lib/smbrun.o \
1170- lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \
1171+ ../lib/util/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \
1172 lib/wins_srv.o \
1173 lib/util_str.o lib/clobber.o lib/util_sid.o \
1174 lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \
1175@@ -988,7 +989,9 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(P
1176 $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \
1177 $(PASSCHANGE_OBJ) $(FNAME_UTIL_OBJ) \
1178 $(LIBCLI_SAMR_OBJ) \
1179- rpc_client/init_lsa.o
1180+ $(LIBCLI_NETLOGON_OBJ) \
1181+ rpc_client/init_lsa.o \
1182+ rpc_client/init_netlogon.o
1183
1184 STATUS_OBJ = utils/status.o utils/status_profile.o \
1185 $(LOCKING_OBJ) $(PARAM_OBJ) \
1186@@ -1004,7 +1007,9 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OB
1187 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \
1188 $(LIBMSRPC_GEN_OBJ) \
1189 $(LIBMSRPC_OBJ) \
1190- $(LIBCLI_SRVSVC_OBJ)
1191+ $(LIBCLI_SRVSVC_OBJ) \
1192+ $(LIBCLI_NETLOGON_OBJ) \
1193+ rpc_client/init_netlogon.o
1194
1195 TESTPARM_OBJ = utils/testparm.o \
1196 $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
1197@@ -1026,7 +1031,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASS
1198 $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \
1199 $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \
1200 $(LIBCLI_SAMR_OBJ) \
1201- rpc_client/init_lsa.o
1202+ $(LIBCLI_NETLOGON_OBJ) \
1203+ rpc_client/init_lsa.o \
1204+ rpc_client/init_netlogon.o
1205
1206 PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
1207 $(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
1208@@ -1099,7 +1106,9 @@ LIBSMBCLIENT_OBJ1 = $(LIBSMBCLIENT_OBJ0)
1209 $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
1210 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \
1211 $(LIBCLI_SRVSVC_OBJ) \
1212- $(LIBCLI_LSA_OBJ)
1213+ $(LIBCLI_LSA_OBJ) \
1214+ $(LIBCLI_NETLOGON_OBJ) \
1215+ rpc_client/init_netlogon.o
1216
1217 LIBSMBCLIENT_OBJ = $(LIBSMBCLIENT_OBJ1)
1218
1219@@ -1122,7 +1131,9 @@ CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ)
1220 $(READLINE_OBJ) $(POPT_LIB_OBJ) \
1221 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \
1222 $(DISPLAY_SEC_OBJ) \
1223- $(LIBCLI_SRVSVC_OBJ)
1224+ $(LIBCLI_SRVSVC_OBJ) \
1225+ $(LIBCLI_NETLOGON_OBJ) \
1226+ rpc_client/init_netlogon.o
1227
1228 LIBSMBCONF_OBJ = ../lib/smbconf/smbconf.o \
1229 ../lib/smbconf/smbconf_util.o \
1230@@ -1234,7 +1245,9 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PA
1231 @LIBWBCLIENT_STATIC@ \
1232 torture/wbc_async.o \
1233 ../nsswitch/wb_reqtrans.o \
1234- $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ)
1235+ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBCLI_ECHO_OBJ) \
1236+ $(LIBCLI_NETLOGON_OBJ) rpc_client/init_netlogon.o
1237+
1238
1239 MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
1240 $(LIB_NONSMBD_OBJ) \
1241@@ -1269,14 +1282,18 @@ SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_
1242 $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \
1243 $(PASSDB_OBJ) $(GROUPDB_OBJ) $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
1244 $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \
1245- $(LIBCLI_LSA_OBJ)
1246+ $(LIBCLI_LSA_OBJ) \
1247+ $(LIBCLI_NETLOGON_OBJ) \
1248+ rpc_client/init_netlogon.o
1249
1250 SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
1251 $(PARAM_OBJ) \
1252 $(LIB_NONSMBD_OBJ) \
1253 $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(POPT_LIB_OBJ) \
1254 $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \
1255- $(LIBCLI_LSA_OBJ)
1256+ $(LIBCLI_LSA_OBJ) \
1257+ $(LIBCLI_NETLOGON_OBJ) \
1258+ rpc_client/init_netlogon.o
1259
1260 EVTLOGADM_OBJ0 = utils/eventlogadm.o
1261
1262Index: samba-3.6.23/librpc/ndr/ndr_basic.c
1263===================================================================
1264--- samba-3.6.23.orig/librpc/ndr/ndr_basic.c
1265+++ samba-3.6.23/librpc/ndr/ndr_basic.c
1266@@ -61,6 +61,7 @@ _PUBLIC_ void ndr_check_padding(struct n
1267 */
1268 _PUBLIC_ enum ndr_err_code ndr_pull_int8(struct ndr_pull *ndr, int ndr_flags, int8_t *v)
1269 {
1270+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1271 NDR_PULL_NEED_BYTES(ndr, 1);
1272 *v = (int8_t)CVAL(ndr->data, ndr->offset);
1273 ndr->offset += 1;
1274@@ -72,6 +73,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int8
1275 */
1276 _PUBLIC_ enum ndr_err_code ndr_pull_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *v)
1277 {
1278+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1279 NDR_PULL_NEED_BYTES(ndr, 1);
1280 *v = CVAL(ndr->data, ndr->offset);
1281 ndr->offset += 1;
1282@@ -83,6 +85,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint
1283 */
1284 _PUBLIC_ enum ndr_err_code ndr_pull_int16(struct ndr_pull *ndr, int ndr_flags, int16_t *v)
1285 {
1286+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1287 NDR_PULL_ALIGN(ndr, 2);
1288 NDR_PULL_NEED_BYTES(ndr, 2);
1289 *v = (uint16_t)NDR_SVAL(ndr, ndr->offset);
1290@@ -95,6 +98,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int1
1291 */
1292 _PUBLIC_ enum ndr_err_code ndr_pull_uint16(struct ndr_pull *ndr, int ndr_flags, uint16_t *v)
1293 {
1294+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1295 NDR_PULL_ALIGN(ndr, 2);
1296 NDR_PULL_NEED_BYTES(ndr, 2);
1297 *v = NDR_SVAL(ndr, ndr->offset);
1298@@ -107,6 +111,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint
1299 */
1300 _PUBLIC_ enum ndr_err_code ndr_pull_uint1632(struct ndr_pull *ndr, int ndr_flags, uint16_t *v)
1301 {
1302+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1303 if (unlikely(ndr->flags & LIBNDR_FLAG_NDR64)) {
1304 uint32_t v32 = 0;
1305 enum ndr_err_code err = ndr_pull_uint32(ndr, ndr_flags, &v32);
1306@@ -125,6 +130,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint
1307 */
1308 _PUBLIC_ enum ndr_err_code ndr_pull_int32(struct ndr_pull *ndr, int ndr_flags, int32_t *v)
1309 {
1310+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1311 NDR_PULL_ALIGN(ndr, 4);
1312 NDR_PULL_NEED_BYTES(ndr, 4);
1313 *v = NDR_IVALS(ndr, ndr->offset);
1314@@ -137,6 +143,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_int3
1315 */
1316 _PUBLIC_ enum ndr_err_code ndr_pull_uint32(struct ndr_pull *ndr, int ndr_flags, uint32_t *v)
1317 {
1318+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1319 NDR_PULL_ALIGN(ndr, 4);
1320 NDR_PULL_NEED_BYTES(ndr, 4);
1321 *v = NDR_IVAL(ndr, ndr->offset);
1322@@ -151,6 +158,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint
1323 {
1324 uint64_t v64;
1325 enum ndr_err_code err;
1326+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1327 if (likely(!(ndr->flags & LIBNDR_FLAG_NDR64))) {
1328 return ndr_pull_uint32(ndr, ndr_flags, v);
1329 }
1330@@ -169,6 +177,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uint
1331 */
1332 _PUBLIC_ enum ndr_err_code ndr_pull_double(struct ndr_pull *ndr, int ndr_flags, double *v)
1333 {
1334+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1335 NDR_PULL_ALIGN(ndr, 8);
1336 NDR_PULL_NEED_BYTES(ndr, 8);
1337 memcpy(v, ndr->data+ndr->offset, 8);
1338@@ -217,6 +226,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ref_
1339 */
1340 _PUBLIC_ enum ndr_err_code ndr_pull_udlong(struct ndr_pull *ndr, int ndr_flags, uint64_t *v)
1341 {
1342+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1343 NDR_PULL_ALIGN(ndr, 4);
1344 NDR_PULL_NEED_BYTES(ndr, 8);
1345 *v = NDR_IVAL(ndr, ndr->offset);
1346@@ -230,6 +240,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_udlo
1347 */
1348 _PUBLIC_ enum ndr_err_code ndr_pull_udlongr(struct ndr_pull *ndr, int ndr_flags, uint64_t *v)
1349 {
1350+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1351 NDR_PULL_ALIGN(ndr, 4);
1352 NDR_PULL_NEED_BYTES(ndr, 8);
1353 *v = ((uint64_t)NDR_IVAL(ndr, ndr->offset)) << 32;
1354@@ -264,6 +275,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_hype
1355 _PUBLIC_ enum ndr_err_code ndr_pull_pointer(struct ndr_pull *ndr, int ndr_flags, void* *v)
1356 {
1357 uintptr_t h;
1358+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1359 NDR_PULL_ALIGN(ndr, sizeof(h));
1360 NDR_PULL_NEED_BYTES(ndr, sizeof(h));
1361 memcpy(&h, ndr->data+ndr->offset, sizeof(h));
1362@@ -278,6 +290,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_poin
1363 _PUBLIC_ enum ndr_err_code ndr_pull_NTSTATUS(struct ndr_pull *ndr, int ndr_flags, NTSTATUS *status)
1364 {
1365 uint32_t v;
1366+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1367 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
1368 *status = NT_STATUS(v);
1369 return NDR_ERR_SUCCESS;
1370@@ -302,6 +315,7 @@ _PUBLIC_ void ndr_print_NTSTATUS(struct
1371 _PUBLIC_ enum ndr_err_code ndr_pull_WERROR(struct ndr_pull *ndr, int ndr_flags, WERROR *status)
1372 {
1373 uint32_t v;
1374+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1375 NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
1376 *status = W_ERROR(v);
1377 return NDR_ERR_SUCCESS;
1378@@ -414,6 +428,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_byte
1379 */
1380 _PUBLIC_ enum ndr_err_code ndr_pull_array_uint8(struct ndr_pull *ndr, int ndr_flags, uint8_t *data, uint32_t n)
1381 {
1382+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1383 if (!(ndr_flags & NDR_SCALARS)) {
1384 return NDR_ERR_SUCCESS;
1385 }
1386@@ -425,6 +440,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_arra
1387 */
1388 _PUBLIC_ enum ndr_err_code ndr_push_int8(struct ndr_push *ndr, int ndr_flags, int8_t v)
1389 {
1390+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1391 NDR_PUSH_NEED_BYTES(ndr, 1);
1392 SCVAL(ndr->data, ndr->offset, (uint8_t)v);
1393 ndr->offset += 1;
1394@@ -436,6 +452,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int8
1395 */
1396 _PUBLIC_ enum ndr_err_code ndr_push_uint8(struct ndr_push *ndr, int ndr_flags, uint8_t v)
1397 {
1398+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1399 NDR_PUSH_NEED_BYTES(ndr, 1);
1400 SCVAL(ndr->data, ndr->offset, v);
1401 ndr->offset += 1;
1402@@ -447,6 +464,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint
1403 */
1404 _PUBLIC_ enum ndr_err_code ndr_push_int16(struct ndr_push *ndr, int ndr_flags, int16_t v)
1405 {
1406+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1407 NDR_PUSH_ALIGN(ndr, 2);
1408 NDR_PUSH_NEED_BYTES(ndr, 2);
1409 NDR_SSVAL(ndr, ndr->offset, (uint16_t)v);
1410@@ -459,6 +477,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int1
1411 */
1412 _PUBLIC_ enum ndr_err_code ndr_push_uint16(struct ndr_push *ndr, int ndr_flags, uint16_t v)
1413 {
1414+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1415 NDR_PUSH_ALIGN(ndr, 2);
1416 NDR_PUSH_NEED_BYTES(ndr, 2);
1417 NDR_SSVAL(ndr, ndr->offset, v);
1418@@ -482,6 +501,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint
1419 */
1420 _PUBLIC_ enum ndr_err_code ndr_push_int32(struct ndr_push *ndr, int ndr_flags, int32_t v)
1421 {
1422+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1423 NDR_PUSH_ALIGN(ndr, 4);
1424 NDR_PUSH_NEED_BYTES(ndr, 4);
1425 NDR_SIVALS(ndr, ndr->offset, v);
1426@@ -494,6 +514,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_int3
1427 */
1428 _PUBLIC_ enum ndr_err_code ndr_push_uint32(struct ndr_push *ndr, int ndr_flags, uint32_t v)
1429 {
1430+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1431 NDR_PUSH_ALIGN(ndr, 4);
1432 NDR_PUSH_NEED_BYTES(ndr, 4);
1433 NDR_SIVAL(ndr, ndr->offset, v);
1434@@ -517,6 +538,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_uint
1435 */
1436 _PUBLIC_ enum ndr_err_code ndr_push_udlong(struct ndr_push *ndr, int ndr_flags, uint64_t v)
1437 {
1438+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1439 NDR_PUSH_ALIGN(ndr, 4);
1440 NDR_PUSH_NEED_BYTES(ndr, 8);
1441 NDR_SIVAL(ndr, ndr->offset, (v & 0xFFFFFFFF));
1442@@ -530,6 +552,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_udlo
1443 */
1444 _PUBLIC_ enum ndr_err_code ndr_push_udlongr(struct ndr_push *ndr, int ndr_flags, uint64_t v)
1445 {
1446+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1447 NDR_PUSH_ALIGN(ndr, 4);
1448 NDR_PUSH_NEED_BYTES(ndr, 8);
1449 NDR_SIVAL(ndr, ndr->offset, (v>>32));
1450@@ -563,6 +586,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_hype
1451 */
1452 _PUBLIC_ enum ndr_err_code ndr_push_double(struct ndr_push *ndr, int ndr_flags, double v)
1453 {
1454+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1455 NDR_PUSH_ALIGN(ndr, 8);
1456 NDR_PUSH_NEED_BYTES(ndr, 8);
1457 memcpy(ndr->data+ndr->offset, &v, 8);
1458@@ -576,6 +600,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_doub
1459 _PUBLIC_ enum ndr_err_code ndr_push_pointer(struct ndr_push *ndr, int ndr_flags, void* v)
1460 {
1461 uintptr_t h = (intptr_t)v;
1462+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1463 NDR_PUSH_ALIGN(ndr, sizeof(h));
1464 NDR_PUSH_NEED_BYTES(ndr, sizeof(h));
1465 memcpy(ndr->data+ndr->offset, &h, sizeof(h));
1466@@ -686,6 +711,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_zero
1467 */
1468 _PUBLIC_ enum ndr_err_code ndr_push_array_uint8(struct ndr_push *ndr, int ndr_flags, const uint8_t *data, uint32_t n)
1469 {
1470+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1471 if (!(ndr_flags & NDR_SCALARS)) {
1472 return NDR_ERR_SUCCESS;
1473 }
1474@@ -738,6 +764,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_ref_
1475 */
1476 _PUBLIC_ enum ndr_err_code ndr_push_NTTIME(struct ndr_push *ndr, int ndr_flags, NTTIME t)
1477 {
1478+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1479 NDR_CHECK(ndr_push_udlong(ndr, ndr_flags, t));
1480 return NDR_ERR_SUCCESS;
1481 }
1482@@ -747,6 +774,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTTI
1483 */
1484 _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME(struct ndr_pull *ndr, int ndr_flags, NTTIME *t)
1485 {
1486+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1487 NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, t));
1488 return NDR_ERR_SUCCESS;
1489 }
1490@@ -756,6 +784,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI
1491 */
1492 _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_1sec(struct ndr_push *ndr, int ndr_flags, NTTIME t)
1493 {
1494+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1495 t /= 10000000;
1496 NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t));
1497 return NDR_ERR_SUCCESS;
1498@@ -766,6 +795,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_NTTI
1499 */
1500 _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_1sec(struct ndr_pull *ndr, int ndr_flags, NTTIME *t)
1501 {
1502+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1503 NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t));
1504 (*t) *= 10000000;
1505 return NDR_ERR_SUCCESS;
1506@@ -776,6 +806,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI
1507 */
1508 _PUBLIC_ enum ndr_err_code ndr_pull_NTTIME_hyper(struct ndr_pull *ndr, int ndr_flags, NTTIME *t)
1509 {
1510+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
1511 NDR_CHECK(ndr_pull_hyper(ndr, ndr_flags, t));
1512 return NDR_ERR_SUCCESS;
1513 }
1514@@ -785,6 +816,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_NTTI
1515 */
1516 _PUBLIC_ enum ndr_err_code ndr_push_NTTIME_hyper(struct ndr_push *ndr, int ndr_flags, NTTIME t)
1517 {
1518+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1519 NDR_CHECK(ndr_push_hyper(ndr, ndr_flags, t));
1520 return NDR_ERR_SUCCESS;
1521 }
1522@@ -814,6 +846,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_time
1523 */
1524 _PUBLIC_ enum ndr_err_code ndr_push_uid_t(struct ndr_push *ndr, int ndr_flags, uid_t u)
1525 {
1526+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1527 return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)u);
1528 }
1529
1530@@ -839,6 +872,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_uid_
1531 */
1532 _PUBLIC_ enum ndr_err_code ndr_push_gid_t(struct ndr_push *ndr, int ndr_flags, gid_t g)
1533 {
1534+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
1535 return ndr_push_hyper(ndr, NDR_SCALARS, (uint64_t)g);
1536 }
1537
1538Index: samba-3.6.23/source3/lib/bitmap.c
1539===================================================================
1540--- samba-3.6.23.orig/source3/lib/bitmap.c
1541+++ /dev/null
1542@@ -1,136 +0,0 @@
1543-/*
1544- Unix SMB/CIFS implementation.
1545- simple bitmap functions
1546- Copyright (C) Andrew Tridgell 1992-1998
1547-
1548- This program is free software; you can redistribute it and/or modify
1549- it under the terms of the GNU General Public License as published by
1550- the Free Software Foundation; either version 3 of the License, or
1551- (at your option) any later version.
1552-
1553- This program is distributed in the hope that it will be useful,
1554- but WITHOUT ANY WARRANTY; without even the implied warranty of
1555- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1556- GNU General Public License for more details.
1557-
1558- You should have received a copy of the GNU General Public License
1559- along with this program. If not, see <http://www.gnu.org/licenses/>.
1560-*/
1561-
1562-#include "includes.h"
1563-
1564-/* these functions provide a simple way to allocate integers from a
1565- pool without repetition */
1566-
1567-/****************************************************************************
1568-talloc a bitmap
1569-****************************************************************************/
1570-struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n)
1571-{
1572- struct bitmap *bm;
1573-
1574- bm = TALLOC_P(mem_ctx, struct bitmap);
1575-
1576- if (!bm) return NULL;
1577-
1578- bm->n = n;
1579- bm->b = TALLOC_ZERO_ARRAY(bm, uint32, (n+31)/32);
1580- if (!bm->b) {
1581- TALLOC_FREE(bm);
1582- return NULL;
1583- }
1584- return bm;
1585-}
1586-
1587-/****************************************************************************
1588-copy as much of the source bitmap as will fit in the destination bitmap.
1589-****************************************************************************/
1590-
1591-int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src)
1592-{
1593- int count = MIN(dst->n, src->n);
1594-
1595- SMB_ASSERT(dst->b != src->b);
1596- memcpy(dst->b, src->b, sizeof(uint32)*((count+31)/32));
1597-
1598- return count;
1599-}
1600-
1601-/****************************************************************************
1602-set a bit in a bitmap
1603-****************************************************************************/
1604-bool bitmap_set(struct bitmap *bm, unsigned i)
1605-{
1606- if (i >= bm->n) {
1607- DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n",
1608- i, bm->n));
1609- return False;
1610- }
1611- bm->b[i/32] |= (1<<(i%32));
1612- return True;
1613-}
1614-
1615-/****************************************************************************
1616-clear a bit in a bitmap
1617-****************************************************************************/
1618-bool bitmap_clear(struct bitmap *bm, unsigned i)
1619-{
1620- if (i >= bm->n) {
1621- DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n",
1622- i, bm->n));
1623- return False;
1624- }
1625- bm->b[i/32] &= ~(1<<(i%32));
1626- return True;
1627-}
1628-
1629-/****************************************************************************
1630-query a bit in a bitmap
1631-****************************************************************************/
1632-bool bitmap_query(struct bitmap *bm, unsigned i)
1633-{
1634- if (i >= bm->n) return False;
1635- if (bm->b[i/32] & (1<<(i%32))) {
1636- return True;
1637- }
1638- return False;
1639-}
1640-
1641-/****************************************************************************
1642-find a zero bit in a bitmap starting at the specified offset, with
1643-wraparound
1644-****************************************************************************/
1645-int bitmap_find(struct bitmap *bm, unsigned ofs)
1646-{
1647- unsigned int i, j;
1648-
1649- if (ofs > bm->n) ofs = 0;
1650-
1651- i = ofs;
1652- while (i < bm->n) {
1653- if (~(bm->b[i/32])) {
1654- j = i;
1655- do {
1656- if (!bitmap_query(bm, j)) return j;
1657- j++;
1658- } while (j & 31 && j < bm->n);
1659- }
1660- i += 32;
1661- i &= ~31;
1662- }
1663-
1664- i = 0;
1665- while (i < ofs) {
1666- if (~(bm->b[i/32])) {
1667- j = i;
1668- do {
1669- if (!bitmap_query(bm, j)) return j;
1670- j++;
1671- } while (j & 31 && j < bm->n);
1672- }
1673- i += 32;
1674- i &= ~31;
1675- }
1676-
1677- return -1;
1678-}
1679Index: samba-3.6.23/lib/util/bitmap.c
1680===================================================================
1681--- /dev/null
1682+++ samba-3.6.23/lib/util/bitmap.c
1683@@ -0,0 +1,137 @@
1684+/*
1685+ Unix SMB/CIFS implementation.
1686+ simple bitmap functions
1687+ Copyright (C) Andrew Tridgell 1992-1998
1688+
1689+ This program is free software; you can redistribute it and/or modify
1690+ it under the terms of the GNU General Public License as published by
1691+ the Free Software Foundation; either version 3 of the License, or
1692+ (at your option) any later version.
1693+
1694+ This program is distributed in the hope that it will be useful,
1695+ but WITHOUT ANY WARRANTY; without even the implied warranty of
1696+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1697+ GNU General Public License for more details.
1698+
1699+ You should have received a copy of the GNU General Public License
1700+ along with this program. If not, see <http://www.gnu.org/licenses/>.
1701+*/
1702+
1703+#include "includes.h"
1704+#include "lib/util/bitmap.h"
1705+
1706+/* these functions provide a simple way to allocate integers from a
1707+ pool without repetition */
1708+
1709+/****************************************************************************
1710+talloc a bitmap
1711+****************************************************************************/
1712+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n)
1713+{
1714+ struct bitmap *bm;
1715+
1716+ bm = talloc_zero(mem_ctx, struct bitmap);
1717+
1718+ if (!bm) return NULL;
1719+
1720+ bm->n = n;
1721+ bm->b = talloc_zero_array(bm, uint32_t, (n+31)/32);
1722+ if (!bm->b) {
1723+ TALLOC_FREE(bm);
1724+ return NULL;
1725+ }
1726+ return bm;
1727+}
1728+
1729+/****************************************************************************
1730+copy as much of the source bitmap as will fit in the destination bitmap.
1731+****************************************************************************/
1732+
1733+int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src)
1734+{
1735+ int count = MIN(dst->n, src->n);
1736+
1737+ SMB_ASSERT(dst->b != src->b);
1738+ memcpy(dst->b, src->b, sizeof(uint32_t)*((count+31)/32));
1739+
1740+ return count;
1741+}
1742+
1743+/****************************************************************************
1744+set a bit in a bitmap
1745+****************************************************************************/
1746+bool bitmap_set(struct bitmap *bm, unsigned i)
1747+{
1748+ if (i >= bm->n) {
1749+ DEBUG(0,("Setting invalid bitmap entry %d (of %d)\n",
1750+ i, bm->n));
1751+ return false;
1752+ }
1753+ bm->b[i/32] |= (1<<(i%32));
1754+ return true;
1755+}
1756+
1757+/****************************************************************************
1758+clear a bit in a bitmap
1759+****************************************************************************/
1760+bool bitmap_clear(struct bitmap *bm, unsigned i)
1761+{
1762+ if (i >= bm->n) {
1763+ DEBUG(0,("clearing invalid bitmap entry %d (of %d)\n",
1764+ i, bm->n));
1765+ return false;
1766+ }
1767+ bm->b[i/32] &= ~(1<<(i%32));
1768+ return true;
1769+}
1770+
1771+/****************************************************************************
1772+query a bit in a bitmap
1773+****************************************************************************/
1774+bool bitmap_query(struct bitmap *bm, unsigned i)
1775+{
1776+ if (i >= bm->n) return false;
1777+ if (bm->b[i/32] & (1<<(i%32))) {
1778+ return true;
1779+ }
1780+ return false;
1781+}
1782+
1783+/****************************************************************************
1784+find a zero bit in a bitmap starting at the specified offset, with
1785+wraparound
1786+****************************************************************************/
1787+int bitmap_find(struct bitmap *bm, unsigned ofs)
1788+{
1789+ unsigned int i, j;
1790+
1791+ if (ofs > bm->n) ofs = 0;
1792+
1793+ i = ofs;
1794+ while (i < bm->n) {
1795+ if (~(bm->b[i/32])) {
1796+ j = i;
1797+ do {
1798+ if (!bitmap_query(bm, j)) return j;
1799+ j++;
1800+ } while (j & 31 && j < bm->n);
1801+ }
1802+ i += 32;
1803+ i &= ~31;
1804+ }
1805+
1806+ i = 0;
1807+ while (i < ofs) {
1808+ if (~(bm->b[i/32])) {
1809+ j = i;
1810+ do {
1811+ if (!bitmap_query(bm, j)) return j;
1812+ j++;
1813+ } while (j & 31 && j < bm->n);
1814+ }
1815+ i += 32;
1816+ i &= ~31;
1817+ }
1818+
1819+ return -1;
1820+}
1821Index: samba-3.6.23/lib/util/bitmap.h
1822===================================================================
1823--- /dev/null
1824+++ samba-3.6.23/lib/util/bitmap.h
1825@@ -0,0 +1,32 @@
1826+/*
1827+ Unix SMB/CIFS implementation.
1828+ simple bitmap functions
1829+ Copyright (C) Andrew Tridgell 1992-1998
1830+
1831+ This program is free software; you can redistribute it and/or modify
1832+ it under the terms of the GNU General Public License as published by
1833+ the Free Software Foundation; either version 3 of the License, or
1834+ (at your option) any later version.
1835+
1836+ This program is distributed in the hope that it will be useful,
1837+ but WITHOUT ANY WARRANTY; without even the implied warranty of
1838+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1839+ GNU General Public License for more details.
1840+
1841+ You should have received a copy of the GNU General Public License
1842+ along with this program. If not, see <http://www.gnu.org/licenses/>.
1843+*/
1844+
1845+/* The following definitions come from lib/bitmap.c */
1846+
1847+struct bitmap {
1848+ uint32_t *b;
1849+ unsigned int n;
1850+};
1851+
1852+struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n);
1853+int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src);
1854+bool bitmap_set(struct bitmap *bm, unsigned i);
1855+bool bitmap_clear(struct bitmap *bm, unsigned i);
1856+bool bitmap_query(struct bitmap *bm, unsigned i);
1857+int bitmap_find(struct bitmap *bm, unsigned ofs);
1858Index: samba-3.6.23/lib/util/wscript_build
1859===================================================================
1860--- samba-3.6.23.orig/lib/util/wscript_build
1861+++ samba-3.6.23/lib/util/wscript_build
1862@@ -99,5 +99,11 @@ bld.SAMBA_LIBRARY('tdb-wrap',
1863 public_headers='tdb_wrap.h',
1864 private_library=True,
1865 local_include=False
1866- )
1867+ )
1868+
1869+bld.SAMBA_LIBRARY('bitmap',
1870+ source='bitmap.c',
1871+ deps='talloc samba-util',
1872+ local_include=False,
1873+ private_library=True)
1874
1875Index: samba-3.6.23/source3/include/proto.h
1876===================================================================
1877--- samba-3.6.23.orig/source3/include/proto.h
1878+++ samba-3.6.23/source3/include/proto.h
1879@@ -61,15 +61,6 @@ const char *audit_description_str(uint32
1880 bool get_audit_category_from_param(const char *param, uint32 *audit_category);
1881 const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32 policy);
1882
1883-/* The following definitions come from lib/bitmap.c */
1884-
1885-struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n);
1886-int bitmap_copy(struct bitmap * const dst, const struct bitmap * const src);
1887-bool bitmap_set(struct bitmap *bm, unsigned i);
1888-bool bitmap_clear(struct bitmap *bm, unsigned i);
1889-bool bitmap_query(struct bitmap *bm, unsigned i);
1890-int bitmap_find(struct bitmap *bm, unsigned ofs);
1891-
1892 /* The following definitions come from lib/charcnv.c */
1893
1894 char lp_failed_convert_char(void);
1895Index: samba-3.6.23/source3/include/smb.h
1896===================================================================
1897--- samba-3.6.23.orig/source3/include/smb.h
1898+++ samba-3.6.23/source3/include/smb.h
1899@@ -712,7 +712,6 @@ struct connections_data {
1900 uint32 unused_compatitibility_field;
1901 };
1902
1903-
1904 /* the following are used by loadparm for option lists */
1905 typedef enum {
1906 P_BOOL,P_BOOLREV,P_CHAR,P_INTEGER,P_OCTAL,P_LIST,
1907@@ -759,11 +758,6 @@ struct parm_struct {
1908 #define FLAG_META 0x8000 /* A meta directive - not a real parameter */
1909 #define FLAG_CMDLINE 0x10000 /* option has been overridden */
1910
1911-struct bitmap {
1912- uint32 *b;
1913- unsigned int n;
1914-};
1915-
1916 /* offsets into message for common items */
1917 #define smb_com 8
1918 #define smb_rcls 9
1919Index: samba-3.6.23/source3/modules/vfs_acl_common.c
1920===================================================================
1921--- samba-3.6.23.orig/source3/modules/vfs_acl_common.c
1922+++ samba-3.6.23/source3/modules/vfs_acl_common.c
1923@@ -23,6 +23,7 @@
1924 #include "system/filesys.h"
1925 #include "../libcli/security/security.h"
1926 #include "../librpc/gen_ndr/ndr_security.h"
1927+#include "../lib/util/bitmap.h"
1928
1929 static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
1930 DATA_BLOB *pblob,
1931Index: samba-3.6.23/source3/modules/vfs_full_audit.c
1932===================================================================
1933--- samba-3.6.23.orig/source3/modules/vfs_full_audit.c
1934+++ samba-3.6.23/source3/modules/vfs_full_audit.c
1935@@ -64,6 +64,7 @@
1936 #include "../librpc/gen_ndr/ndr_netlogon.h"
1937 #include "auth.h"
1938 #include "ntioctl.h"
1939+#include "lib/util/bitmap.h"
1940
1941 static int vfs_full_audit_debug_level = DBGC_VFS;
1942
1943Index: samba-3.6.23/source3/param/loadparm.c
1944===================================================================
1945--- samba-3.6.23.orig/source3/param/loadparm.c
1946+++ samba-3.6.23/source3/param/loadparm.c
1947@@ -64,6 +64,7 @@
1948 #include "smb_signing.h"
1949 #include "dbwrap.h"
1950 #include "smbldap.h"
1951+#include "../lib/util/bitmap.h"
1952
1953 #ifdef HAVE_SYS_SYSCTL_H
1954 #include <sys/sysctl.h>
1955Index: samba-3.6.23/source3/passdb/pdb_get_set.c
1956===================================================================
1957--- samba-3.6.23.orig/source3/passdb/pdb_get_set.c
1958+++ samba-3.6.23/source3/passdb/pdb_get_set.c
1959@@ -25,6 +25,7 @@
1960 #include "passdb.h"
1961 #include "../libcli/auth/libcli_auth.h"
1962 #include "../libcli/security/security.h"
1963+#include "../lib/util/bitmap.h"
1964
1965 #undef DBGC_CLASS
1966 #define DBGC_CLASS DBGC_PASSDB
1967Index: samba-3.6.23/source3/smbd/conn.c
1968===================================================================
1969--- samba-3.6.23.orig/source3/smbd/conn.c
1970+++ samba-3.6.23/source3/smbd/conn.c
1971@@ -23,6 +23,7 @@
1972 #include "smbd/smbd.h"
1973 #include "smbd/globals.h"
1974 #include "rpc_server/rpc_ncacn_np.h"
1975+#include "lib/util/bitmap.h"
1976
1977 /* The connections bitmap is expanded in increments of BITMAP_BLOCK_SZ. The
1978 * maximum size of the bitmap is the largest positive integer, but you will hit
1979Index: samba-3.6.23/source3/smbd/dir.c
1980===================================================================
1981--- samba-3.6.23.orig/source3/smbd/dir.c
1982+++ samba-3.6.23/source3/smbd/dir.c
1983@@ -23,6 +23,7 @@
1984 #include "smbd/smbd.h"
1985 #include "smbd/globals.h"
1986 #include "libcli/security/security.h"
1987+#include "lib/util/bitmap.h"
1988
1989 /*
1990 This module implements directory related functions for Samba.
1991Index: samba-3.6.23/source3/smbd/files.c
1992===================================================================
1993--- samba-3.6.23.orig/source3/smbd/files.c
1994+++ samba-3.6.23/source3/smbd/files.c
1995@@ -22,6 +22,7 @@
1996 #include "smbd/globals.h"
1997 #include "libcli/security/security.h"
1998 #include "util_tdb.h"
1999+#include "lib/util/bitmap.h"
2000
2001 #define VALID_FNUM(fnum) (((fnum) >= 0) && ((fnum) < real_max_open_files))
2002
2003Index: samba-3.6.23/source3/smbd/smb2_server.c
2004===================================================================
2005--- samba-3.6.23.orig/source3/smbd/smb2_server.c
2006+++ samba-3.6.23/source3/smbd/smb2_server.c
2007@@ -26,6 +26,7 @@
2008 #include "../lib/tsocket/tsocket.h"
2009 #include "../lib/util/tevent_ntstatus.h"
2010 #include "smbprofile.h"
2011+#include "../lib/util/bitmap.h"
2012
2013 #define OUTVEC_ALLOC_SIZE (SMB2_HDR_BODY + 9)
2014
2015Index: samba-3.6.23/source3/rpc_client/cli_pipe.c
2016===================================================================
2017--- samba-3.6.23.orig/source3/rpc_client/cli_pipe.c
2018+++ samba-3.6.23/source3/rpc_client/cli_pipe.c
2019@@ -28,6 +28,7 @@
2020 #include "../libcli/auth/ntlmssp.h"
2021 #include "ntlmssp_wrap.h"
2022 #include "librpc/gen_ndr/ndr_dcerpc.h"
2023+#include "librpc/gen_ndr/ndr_netlogon_c.h"
2024 #include "librpc/rpc/dcerpc.h"
2025 #include "librpc/crypto/gse.h"
2026 #include "librpc/crypto/spnego.h"
2027@@ -399,6 +400,7 @@ static NTSTATUS cli_pipe_validate_curren
2028 struct ncacn_packet *pkt,
2029 DATA_BLOB *pdu,
2030 uint8_t expected_pkt_type,
2031+ uint32_t call_id,
2032 DATA_BLOB *rdata,
2033 DATA_BLOB *reply_pdu)
2034 {
2035@@ -497,7 +499,7 @@ static NTSTATUS cli_pipe_validate_curren
2036 "from %s!\n",
2037 (unsigned int)pkt->ptype,
2038 rpccli_pipe_txt(talloc_tos(), cli)));
2039- return NT_STATUS_INVALID_INFO_CLASS;
2040+ return NT_STATUS_RPC_PROTOCOL_ERROR;
2041 }
2042
2043 if (pkt->ptype != expected_pkt_type) {
2044@@ -505,7 +507,15 @@ static NTSTATUS cli_pipe_validate_curren
2045 "RPC packet type - %u, not %u\n",
2046 rpccli_pipe_txt(talloc_tos(), cli),
2047 pkt->ptype, expected_pkt_type));
2048- return NT_STATUS_INVALID_INFO_CLASS;
2049+ return NT_STATUS_RPC_PROTOCOL_ERROR;
2050+ }
2051+
2052+ if (pkt->call_id != call_id) {
2053+ DEBUG(3, (__location__ ": Connection to %s got an unexpected "
2054+ "RPC call_id - %u, not %u\n",
2055+ rpccli_pipe_txt(talloc_tos(), cli),
2056+ pkt->call_id, call_id));
2057+ return NT_STATUS_RPC_PROTOCOL_ERROR;
2058 }
2059
2060 /* Do this just before return - we don't want to modify any rpc header
2061@@ -898,6 +908,7 @@ static void rpc_api_pipe_got_pdu(struct
2062 state->cli, state->pkt,
2063 &state->incoming_frag,
2064 state->expected_pkt_type,
2065+ state->call_id,
2066 &rdata,
2067 &state->reply_pdu);
2068
2069@@ -1269,12 +1280,17 @@ struct rpc_api_pipe_req_state {
2070 uint32_t call_id;
2071 DATA_BLOB *req_data;
2072 uint32_t req_data_sent;
2073+ DATA_BLOB req_trailer;
2074+ uint32_t req_trailer_sent;
2075+ bool verify_bitmask1;
2076+ bool verify_pcontext;
2077 DATA_BLOB rpc_out;
2078 DATA_BLOB reply_pdu;
2079 };
2080
2081 static void rpc_api_pipe_req_write_done(struct tevent_req *subreq);
2082 static void rpc_api_pipe_req_done(struct tevent_req *subreq);
2083+static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state);
2084 static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
2085 bool *is_last_frag);
2086
2087@@ -1310,6 +1326,11 @@ struct tevent_req *rpc_api_pipe_req_send
2088 goto post_status;
2089 }
2090
2091+ status = prepare_verification_trailer(state);
2092+ if (!NT_STATUS_IS_OK(status)) {
2093+ goto post_status;
2094+ }
2095+
2096 status = prepare_next_frag(state, &is_last_frag);
2097 if (!NT_STATUS_IS_OK(status)) {
2098 goto post_status;
2099@@ -1344,25 +1365,161 @@ struct tevent_req *rpc_api_pipe_req_send
2100 return NULL;
2101 }
2102
2103+static NTSTATUS prepare_verification_trailer(struct rpc_api_pipe_req_state *state)
2104+{
2105+ struct pipe_auth_data *a = state->cli->auth;
2106+ struct dcerpc_sec_verification_trailer *t;
2107+ struct dcerpc_sec_vt *c = NULL;
2108+ struct ndr_push *ndr = NULL;
2109+ enum ndr_err_code ndr_err;
2110+ size_t align = 0;
2111+ size_t pad = 0;
2112+
2113+ if (a == NULL) {
2114+ return NT_STATUS_OK;
2115+ }
2116+
2117+ if (a->auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) {
2118+ return NT_STATUS_OK;
2119+ }
2120+
2121+ t = talloc_zero(state, struct dcerpc_sec_verification_trailer);
2122+ if (t == NULL) {
2123+ return NT_STATUS_NO_MEMORY;
2124+ }
2125+
2126+ if (!a->verified_bitmask1) {
2127+ t->commands = talloc_realloc(t, t->commands,
2128+ struct dcerpc_sec_vt,
2129+ t->count.count + 1);
2130+ if (t->commands == NULL) {
2131+ return NT_STATUS_NO_MEMORY;
2132+ }
2133+ c = &t->commands[t->count.count++];
2134+ ZERO_STRUCTP(c);
2135+
2136+ c->command = DCERPC_SEC_VT_COMMAND_BITMASK1;
2137+ state->verify_bitmask1 = true;
2138+ }
2139+
2140+ if (!state->cli->verified_pcontext) {
2141+ t->commands = talloc_realloc(t, t->commands,
2142+ struct dcerpc_sec_vt,
2143+ t->count.count + 1);
2144+ if (t->commands == NULL) {
2145+ return NT_STATUS_NO_MEMORY;
2146+ }
2147+ c = &t->commands[t->count.count++];
2148+ ZERO_STRUCTP(c);
2149+
2150+ c->command = DCERPC_SEC_VT_COMMAND_PCONTEXT;
2151+ c->u.pcontext.abstract_syntax = state->cli->abstract_syntax;
2152+ c->u.pcontext.transfer_syntax = state->cli->transfer_syntax;
2153+
2154+ state->verify_pcontext = true;
2155+ }
2156+
2157+ if (true) { /* We do not support header signing */
2158+ t->commands = talloc_realloc(t, t->commands,
2159+ struct dcerpc_sec_vt,
2160+ t->count.count + 1);
2161+ if (t->commands == NULL) {
2162+ return NT_STATUS_NO_MEMORY;
2163+ }
2164+ c = &t->commands[t->count.count++];
2165+ ZERO_STRUCTP(c);
2166+
2167+ c->command = DCERPC_SEC_VT_COMMAND_HEADER2;
2168+ c->u.header2.ptype = DCERPC_PKT_REQUEST;
2169+ c->u.header2.drep[0] = DCERPC_DREP_LE;
2170+ c->u.header2.drep[1] = 0;
2171+ c->u.header2.drep[2] = 0;
2172+ c->u.header2.drep[3] = 0;
2173+ c->u.header2.call_id = state->call_id;
2174+ c->u.header2.context_id = 0;
2175+ c->u.header2.opnum = state->op_num;
2176+ }
2177+
2178+ if (t->count.count == 0) {
2179+ TALLOC_FREE(t);
2180+ return NT_STATUS_OK;
2181+ }
2182+
2183+ c = &t->commands[t->count.count - 1];
2184+ c->command |= DCERPC_SEC_VT_COMMAND_END;
2185+
2186+ if (DEBUGLEVEL >= 10) {
2187+ NDR_PRINT_DEBUG(dcerpc_sec_verification_trailer, t);
2188+ }
2189+
2190+ ndr = ndr_push_init_ctx(state);
2191+ if (ndr == NULL) {
2192+ return NT_STATUS_NO_MEMORY;
2193+ }
2194+
2195+ ndr_err = ndr_push_dcerpc_sec_verification_trailer(ndr,
2196+ NDR_SCALARS | NDR_BUFFERS,
2197+ t);
2198+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
2199+ return ndr_map_error2ntstatus(ndr_err);
2200+ }
2201+ state->req_trailer = ndr_push_blob(ndr);
2202+
2203+ align = state->req_data->length & 0x3;
2204+ if (align > 0) {
2205+ pad = 4 - align;
2206+ }
2207+ if (pad > 0) {
2208+ bool ok;
2209+ uint8_t *p;
2210+ const uint8_t zeros[4] = { 0, };
2211+
2212+ ok = data_blob_append(ndr, &state->req_trailer, zeros, pad);
2213+ if (!ok) {
2214+ return NT_STATUS_NO_MEMORY;
2215+ }
2216+
2217+ /* move the padding to the start */
2218+ p = state->req_trailer.data;
2219+ memmove(p + pad, p, state->req_trailer.length - pad);
2220+ memset(p, 0, pad);
2221+ }
2222+
2223+ return NT_STATUS_OK;
2224+}
2225+
2226 static NTSTATUS prepare_next_frag(struct rpc_api_pipe_req_state *state,
2227 bool *is_last_frag)
2228 {
2229- size_t data_sent_thistime;
2230 size_t auth_len;
2231 size_t frag_len;
2232 uint8_t flags = 0;
2233 size_t pad_len;
2234 size_t data_left;
2235+ size_t data_thistime;
2236+ size_t trailer_left;
2237+ size_t trailer_thistime = 0;
2238+ size_t total_left;
2239+ size_t total_thistime;
2240 NTSTATUS status;
2241+ bool ok;
2242 union dcerpc_payload u;
2243
2244 data_left = state->req_data->length - state->req_data_sent;
2245+ trailer_left = state->req_trailer.length - state->req_trailer_sent;
2246+ total_left = data_left + trailer_left;
2247+ if ((total_left < data_left) || (total_left < trailer_left)) {
2248+ /*
2249+ * overflow
2250+ */
2251+ return NT_STATUS_INVALID_PARAMETER_MIX;
2252+ }
2253
2254 status = dcerpc_guess_sizes(state->cli->auth,
2255- DCERPC_REQUEST_LENGTH, data_left,
2256+ DCERPC_REQUEST_LENGTH, total_left,
2257 state->cli->max_xmit_frag,
2258 CLIENT_NDR_PADDING_SIZE,
2259- &data_sent_thistime,
2260+ &total_thistime,
2261 &frag_len, &auth_len, &pad_len);
2262 if (!NT_STATUS_IS_OK(status)) {
2263 return status;
2264@@ -1372,15 +1529,20 @@ static NTSTATUS prepare_next_frag(struct
2265 flags = DCERPC_PFC_FLAG_FIRST;
2266 }
2267
2268- if (data_sent_thistime == data_left) {
2269+ if (total_thistime == total_left) {
2270 flags |= DCERPC_PFC_FLAG_LAST;
2271 }
2272
2273+ data_thistime = MIN(total_thistime, data_left);
2274+ if (data_thistime < total_thistime) {
2275+ trailer_thistime = total_thistime - data_thistime;
2276+ }
2277+
2278 data_blob_free(&state->rpc_out);
2279
2280 ZERO_STRUCT(u.request);
2281
2282- u.request.alloc_hint = state->req_data->length;
2283+ u.request.alloc_hint = total_left;
2284 u.request.context_id = 0;
2285 u.request.opnum = state->op_num;
2286
2287@@ -1400,11 +1562,26 @@ static NTSTATUS prepare_next_frag(struct
2288 * at this stage */
2289 dcerpc_set_frag_length(&state->rpc_out, frag_len);
2290
2291- /* Copy in the data. */
2292- if (!data_blob_append(NULL, &state->rpc_out,
2293+ if (data_thistime > 0) {
2294+ /* Copy in the data. */
2295+ ok = data_blob_append(NULL, &state->rpc_out,
2296 state->req_data->data + state->req_data_sent,
2297- data_sent_thistime)) {
2298- return NT_STATUS_NO_MEMORY;
2299+ data_thistime);
2300+ if (!ok) {
2301+ return NT_STATUS_NO_MEMORY;
2302+ }
2303+ state->req_data_sent += data_thistime;
2304+ }
2305+
2306+ if (trailer_thistime > 0) {
2307+ /* Copy in the verification trailer. */
2308+ ok = data_blob_append(NULL, &state->rpc_out,
2309+ state->req_trailer.data + state->req_trailer_sent,
2310+ trailer_thistime);
2311+ if (!ok) {
2312+ return NT_STATUS_NO_MEMORY;
2313+ }
2314+ state->req_trailer_sent += trailer_thistime;
2315 }
2316
2317 switch (state->cli->auth->auth_level) {
2318@@ -1424,7 +1601,6 @@ static NTSTATUS prepare_next_frag(struct
2319 return NT_STATUS_INVALID_PARAMETER;
2320 }
2321
2322- state->req_data_sent += data_sent_thistime;
2323 *is_last_frag = ((flags & DCERPC_PFC_FLAG_LAST) != 0);
2324
2325 return status;
2326@@ -1488,6 +1664,20 @@ static void rpc_api_pipe_req_done(struct
2327 tevent_req_nterror(req, status);
2328 return;
2329 }
2330+
2331+ if (state->cli->auth == NULL) {
2332+ tevent_req_done(req);
2333+ return;
2334+ }
2335+
2336+ if (state->verify_bitmask1) {
2337+ state->cli->auth->verified_bitmask1 = true;
2338+ }
2339+
2340+ if (state->verify_pcontext) {
2341+ state->cli->verified_pcontext = true;
2342+ }
2343+
2344 tevent_req_done(req);
2345 }
2346
2347@@ -1647,9 +1837,15 @@ struct rpc_pipe_bind_state {
2348 DATA_BLOB rpc_out;
2349 bool auth3;
2350 uint32_t rpc_call_id;
2351+ struct netr_Authenticator auth;
2352+ struct netr_Authenticator return_auth;
2353+ struct netlogon_creds_CredentialState *creds;
2354+ union netr_Capabilities capabilities;
2355+ struct netr_LogonGetCapabilities r;
2356 };
2357
2358 static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq);
2359+static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req);
2360 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
2361 struct rpc_pipe_bind_state *state,
2362 DATA_BLOB *credentials);
2363@@ -1753,11 +1949,14 @@ static void rpc_pipe_bind_step_one_done(
2364
2365 case DCERPC_AUTH_TYPE_NONE:
2366 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM:
2367- case DCERPC_AUTH_TYPE_SCHANNEL:
2368 /* Bind complete. */
2369 tevent_req_done(req);
2370 return;
2371
2372+ case DCERPC_AUTH_TYPE_SCHANNEL:
2373+ rpc_pipe_bind_step_two_trigger(req);
2374+ return;
2375+
2376 case DCERPC_AUTH_TYPE_NTLMSSP:
2377 case DCERPC_AUTH_TYPE_SPNEGO:
2378 case DCERPC_AUTH_TYPE_KRB5:
2379@@ -1869,6 +2068,153 @@ err_out:
2380 tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
2381 }
2382
2383+static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq);
2384+
2385+static void rpc_pipe_bind_step_two_trigger(struct tevent_req *req)
2386+{
2387+ struct rpc_pipe_bind_state *state =
2388+ tevent_req_data(req,
2389+ struct rpc_pipe_bind_state);
2390+ struct dcerpc_binding_handle *b = state->cli->binding_handle;
2391+ struct schannel_state *schannel_auth =
2392+ talloc_get_type_abort(state->cli->auth->auth_ctx,
2393+ struct schannel_state);
2394+ struct tevent_req *subreq;
2395+
2396+ if (schannel_auth == NULL ||
2397+ !ndr_syntax_id_equal(&state->cli->abstract_syntax,
2398+ &ndr_table_netlogon.syntax_id)) {
2399+ tevent_req_done(req);
2400+ return;
2401+ }
2402+
2403+ ZERO_STRUCT(state->return_auth);
2404+
2405+ state->creds = netlogon_creds_copy(state, schannel_auth->creds);
2406+ if (state->creds == NULL) {
2407+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
2408+ return;
2409+ }
2410+
2411+ netlogon_creds_client_authenticator(state->creds, &state->auth);
2412+
2413+ state->r.in.server_name = state->cli->srv_name_slash;
2414+ state->r.in.computer_name = state->creds->computer_name;
2415+ state->r.in.credential = &state->auth;
2416+ state->r.in.query_level = 1;
2417+ state->r.in.return_authenticator = &state->return_auth;
2418+
2419+ state->r.out.capabilities = &state->capabilities;
2420+ state->r.out.return_authenticator = &state->return_auth;
2421+
2422+ subreq = dcerpc_netr_LogonGetCapabilities_r_send(talloc_tos(),
2423+ state->ev,
2424+ b,
2425+ &state->r);
2426+ if (subreq == NULL) {
2427+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
2428+ return;
2429+ }
2430+
2431+ tevent_req_set_callback(subreq, rpc_pipe_bind_step_two_done, req);
2432+ return;
2433+}
2434+
2435+static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
2436+{
2437+ struct tevent_req *req =
2438+ tevent_req_callback_data(subreq,
2439+ struct tevent_req);
2440+ struct rpc_pipe_bind_state *state =
2441+ tevent_req_data(req,
2442+ struct rpc_pipe_bind_state);
2443+ struct schannel_state *schannel_auth =
2444+ talloc_get_type_abort(state->cli->auth->auth_ctx,
2445+ struct schannel_state);
2446+ NTSTATUS status;
2447+
2448+ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
2449+ TALLOC_FREE(subreq);
2450+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
2451+ if (state->cli->dc->negotiate_flags &
2452+ NETLOGON_NEG_SUPPORTS_AES) {
2453+ DEBUG(5, ("AES is not supported and the error was %s\n",
2454+ nt_errstr(status)));
2455+ tevent_req_nterror(req,
2456+ NT_STATUS_INVALID_NETWORK_RESPONSE);
2457+ return;
2458+ }
2459+
2460+ /* This is probably NT */
2461+ DEBUG(5, ("We are checking against an NT - %s\n",
2462+ nt_errstr(status)));
2463+ tevent_req_done(req);
2464+ return;
2465+ } else if (!NT_STATUS_IS_OK(status)) {
2466+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
2467+ nt_errstr(status)));
2468+ tevent_req_nterror(req, status);
2469+ return;
2470+ }
2471+
2472+ if (NT_STATUS_EQUAL(state->r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
2473+ if (state->creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
2474+ /* This means AES isn't supported. */
2475+ DEBUG(5, ("AES is not supported and the error was %s\n",
2476+ nt_errstr(state->r.out.result)));
2477+ tevent_req_nterror(req,
2478+ NT_STATUS_INVALID_NETWORK_RESPONSE);
2479+ return;
2480+ }
2481+
2482+ /* This is probably an old Samba version */
2483+ DEBUG(5, ("We are checking against an old Samba version - %s\n",
2484+ nt_errstr(state->r.out.result)));
2485+ tevent_req_done(req);
2486+ return;
2487+ }
2488+
2489+ /* We need to check the credential state here, cause win2k3 and earlier
2490+ * returns NT_STATUS_NOT_IMPLEMENTED */
2491+ if (!netlogon_creds_client_check(state->creds,
2492+ &state->r.out.return_authenticator->cred)) {
2493+ /*
2494+ * Server replied with bad credential. Fail.
2495+ */
2496+ DEBUG(0,("rpc_pipe_bind_step_two_done: server %s "
2497+ "replied with bad credential\n",
2498+ state->cli->desthost));
2499+ tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL);
2500+ return;
2501+ }
2502+
2503+ TALLOC_FREE(schannel_auth->creds);
2504+ schannel_auth->creds = talloc_steal(state->cli, state->creds);
2505+
2506+ if (!NT_STATUS_IS_OK(state->r.out.result)) {
2507+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
2508+ nt_errstr(state->r.out.result)));
2509+ tevent_req_nterror(req, state->r.out.result);
2510+ return;
2511+ }
2512+
2513+ if (state->creds->negotiate_flags !=
2514+ state->r.out.capabilities->server_capabilities) {
2515+ DEBUG(0, ("The client capabilities don't match the server "
2516+ "capabilities: local[0x%08X] remote[0x%08X]\n",
2517+ state->creds->negotiate_flags,
2518+ state->capabilities.server_capabilities));
2519+ tevent_req_nterror(req,
2520+ NT_STATUS_INVALID_NETWORK_RESPONSE);
2521+ return;
2522+ }
2523+
2524+ /* TODO: Add downgrade dectection. */
2525+
2526+ tevent_req_done(req);
2527+ return;
2528+}
2529+
2530 static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
2531 struct rpc_pipe_bind_state *state,
2532 DATA_BLOB *auth_token)
2533Index: samba-3.6.23/source3/librpc/rpc/dcerpc.h
2534===================================================================
2535--- samba-3.6.23.orig/source3/librpc/rpc/dcerpc.h
2536+++ samba-3.6.23/source3/librpc/rpc/dcerpc.h
2537@@ -39,6 +39,7 @@ struct NL_AUTH_MESSAGE;
2538 struct pipe_auth_data {
2539 enum dcerpc_AuthType auth_type;
2540 enum dcerpc_AuthLevel auth_level;
2541+ bool verified_bitmask1;
2542
2543 void *auth_ctx;
2544
2545Index: samba-3.6.23/source3/rpc_client/rpc_client.h
2546===================================================================
2547--- samba-3.6.23.orig/source3/rpc_client/rpc_client.h
2548+++ samba-3.6.23/source3/rpc_client/rpc_client.h
2549@@ -39,6 +39,7 @@ struct rpc_pipe_client {
2550
2551 struct ndr_syntax_id abstract_syntax;
2552 struct ndr_syntax_id transfer_syntax;
2553+ bool verified_pcontext;
2554
2555 char *desthost;
2556 char *srv_name_slash;
2557Index: samba-3.6.23/librpc/ndr/ndr_dcerpc.h
2558===================================================================
2559--- /dev/null
2560+++ samba-3.6.23/librpc/ndr/ndr_dcerpc.h
2561@@ -0,0 +1,25 @@
2562+/*
2563+ Unix SMB/CIFS implementation.
2564+
2565+ Manually parsed structures found in the DCERPC protocol
2566+
2567+ Copyright (C) Stefan Metzmacher 2014
2568+ Copyright (C) Gregor Beck 2014
2569+
2570+ This program is free software; you can redistribute it and/or modify
2571+ it under the terms of the GNU General Public License as published by
2572+ the Free Software Foundation; either version 3 of the License, or
2573+ (at your option) any later version.
2574+
2575+ This program is distributed in the hope that it will be useful,
2576+ but WITHOUT ANY WARRANTY; without even the implied warranty of
2577+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2578+ GNU General Public License for more details.
2579+
2580+ You should have received a copy of the GNU General Public License
2581+ along with this program. If not, see <http://www.gnu.org/licenses/>.
2582+*/
2583+
2584+enum ndr_err_code ndr_pop_dcerpc_sec_verification_trailer(
2585+ struct ndr_pull *ndr, TALLOC_CTX *mem_ctx,
2586+ struct dcerpc_sec_verification_trailer **_r);
2587Index: samba-3.6.23/librpc/ABI/ndr-0.0.3.sigs
2588===================================================================
2589--- /dev/null
2590+++ samba-3.6.23/librpc/ABI/ndr-0.0.3.sigs
2591@@ -0,0 +1,251 @@
2592+GUID_all_zero: bool (const struct GUID *)
2593+GUID_compare: int (const struct GUID *, const struct GUID *)
2594+GUID_equal: bool (const struct GUID *, const struct GUID *)
2595+GUID_from_data_blob: NTSTATUS (const DATA_BLOB *, struct GUID *)
2596+GUID_from_ndr_blob: NTSTATUS (const DATA_BLOB *, struct GUID *)
2597+GUID_from_string: NTSTATUS (const char *, struct GUID *)
2598+GUID_hexstring: char *(TALLOC_CTX *, const struct GUID *)
2599+GUID_random: struct GUID (void)
2600+GUID_string: char *(TALLOC_CTX *, const struct GUID *)
2601+GUID_string2: char *(TALLOC_CTX *, const struct GUID *)
2602+GUID_to_ndr_blob: NTSTATUS (const struct GUID *, TALLOC_CTX *, DATA_BLOB *)
2603+GUID_zero: struct GUID (void)
2604+ndr_align_size: size_t (uint32_t, size_t)
2605+ndr_charset_length: uint32_t (const void *, charset_t)
2606+ndr_check_array_length: enum ndr_err_code (struct ndr_pull *, void *, uint32_t)
2607+ndr_check_array_size: enum ndr_err_code (struct ndr_pull *, void *, uint32_t)
2608+ndr_check_padding: void (struct ndr_pull *, size_t)
2609+ndr_check_pipe_chunk_trailer: enum ndr_err_code (struct ndr_pull *, int, uint32_t)
2610+ndr_check_string_terminator: enum ndr_err_code (struct ndr_pull *, uint32_t, uint32_t)
2611+ndr_get_array_length: uint32_t (struct ndr_pull *, const void *)
2612+ndr_get_array_size: uint32_t (struct ndr_pull *, const void *)
2613+ndr_map_error2errno: int (enum ndr_err_code)
2614+ndr_map_error2ntstatus: NTSTATUS (enum ndr_err_code)
2615+ndr_map_error2string: const char *(enum ndr_err_code)
2616+ndr_policy_handle_empty: bool (const struct policy_handle *)
2617+ndr_policy_handle_equal: bool (const struct policy_handle *, const struct policy_handle *)
2618+ndr_print_DATA_BLOB: void (struct ndr_print *, const char *, DATA_BLOB)
2619+ndr_print_GUID: void (struct ndr_print *, const char *, const struct GUID *)
2620+ndr_print_KRB5_EDATA_NTSTATUS: void (struct ndr_print *, const char *, const struct KRB5_EDATA_NTSTATUS *)
2621+ndr_print_NTSTATUS: void (struct ndr_print *, const char *, NTSTATUS)
2622+ndr_print_NTTIME: void (struct ndr_print *, const char *, NTTIME)
2623+ndr_print_NTTIME_1sec: void (struct ndr_print *, const char *, NTTIME)
2624+ndr_print_NTTIME_hyper: void (struct ndr_print *, const char *, NTTIME)
2625+ndr_print_WERROR: void (struct ndr_print *, const char *, WERROR)
2626+ndr_print_array_uint8: void (struct ndr_print *, const char *, const uint8_t *, uint32_t)
2627+ndr_print_bad_level: void (struct ndr_print *, const char *, uint16_t)
2628+ndr_print_bitmap_flag: void (struct ndr_print *, size_t, const char *, uint32_t, uint32_t)
2629+ndr_print_bool: void (struct ndr_print *, const char *, const bool)
2630+ndr_print_debug: void (ndr_print_fn_t, const char *, void *)
2631+ndr_print_debug_helper: void (struct ndr_print *, const char *, ...)
2632+ndr_print_debugc: void (int, ndr_print_fn_t, const char *, void *)
2633+ndr_print_debugc_helper: void (struct ndr_print *, const char *, ...)
2634+ndr_print_dlong: void (struct ndr_print *, const char *, int64_t)
2635+ndr_print_double: void (struct ndr_print *, const char *, double)
2636+ndr_print_enum: void (struct ndr_print *, const char *, const char *, const char *, uint32_t)
2637+ndr_print_function_debug: void (ndr_print_function_t, const char *, int, void *)
2638+ndr_print_function_string: char *(TALLOC_CTX *, ndr_print_function_t, const char *, int, void *)
2639+ndr_print_get_switch_value: uint32_t (struct ndr_print *, const void *)
2640+ndr_print_gid_t: void (struct ndr_print *, const char *, gid_t)
2641+ndr_print_hyper: void (struct ndr_print *, const char *, uint64_t)
2642+ndr_print_int16: void (struct ndr_print *, const char *, int16_t)
2643+ndr_print_int32: void (struct ndr_print *, const char *, int32_t)
2644+ndr_print_int3264: void (struct ndr_print *, const char *, int32_t)
2645+ndr_print_int8: void (struct ndr_print *, const char *, int8_t)
2646+ndr_print_ipv4address: void (struct ndr_print *, const char *, const char *)
2647+ndr_print_ipv6address: void (struct ndr_print *, const char *, const char *)
2648+ndr_print_ndr_syntax_id: void (struct ndr_print *, const char *, const struct ndr_syntax_id *)
2649+ndr_print_netr_SamDatabaseID: void (struct ndr_print *, const char *, enum netr_SamDatabaseID)
2650+ndr_print_netr_SchannelType: void (struct ndr_print *, const char *, enum netr_SchannelType)
2651+ndr_print_null: void (struct ndr_print *)
2652+ndr_print_pointer: void (struct ndr_print *, const char *, void *)
2653+ndr_print_policy_handle: void (struct ndr_print *, const char *, const struct policy_handle *)
2654+ndr_print_printf_helper: void (struct ndr_print *, const char *, ...)
2655+ndr_print_ptr: void (struct ndr_print *, const char *, const void *)
2656+ndr_print_set_switch_value: enum ndr_err_code (struct ndr_print *, const void *, uint32_t)
2657+ndr_print_sockaddr_storage: void (struct ndr_print *, const char *, const struct sockaddr_storage *)
2658+ndr_print_string: void (struct ndr_print *, const char *, const char *)
2659+ndr_print_string_array: void (struct ndr_print *, const char *, const char **)
2660+ndr_print_string_helper: void (struct ndr_print *, const char *, ...)
2661+ndr_print_struct: void (struct ndr_print *, const char *, const char *)
2662+ndr_print_struct_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, void *)
2663+ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t)
2664+ndr_print_time_t: void (struct ndr_print *, const char *, time_t)
2665+ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *)
2666+ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *)
2667+ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t)
2668+ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t)
2669+ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t)
2670+ndr_print_uint16: void (struct ndr_print *, const char *, uint16_t)
2671+ndr_print_uint32: void (struct ndr_print *, const char *, uint32_t)
2672+ndr_print_uint3264: void (struct ndr_print *, const char *, uint32_t)
2673+ndr_print_uint8: void (struct ndr_print *, const char *, uint8_t)
2674+ndr_print_union: void (struct ndr_print *, const char *, int, const char *)
2675+ndr_print_union_debug: void (ndr_print_fn_t, const char *, uint32_t, void *)
2676+ndr_print_union_string: char *(TALLOC_CTX *, ndr_print_fn_t, const char *, uint32_t, void *)
2677+ndr_print_winreg_Data: void (struct ndr_print *, const char *, const union winreg_Data *)
2678+ndr_print_winreg_Type: void (struct ndr_print *, const char *, enum winreg_Type)
2679+ndr_pull_DATA_BLOB: enum ndr_err_code (struct ndr_pull *, int, DATA_BLOB *)
2680+ndr_pull_GUID: enum ndr_err_code (struct ndr_pull *, int, struct GUID *)
2681+ndr_pull_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, struct KRB5_EDATA_NTSTATUS *)
2682+ndr_pull_NTSTATUS: enum ndr_err_code (struct ndr_pull *, int, NTSTATUS *)
2683+ndr_pull_NTTIME: enum ndr_err_code (struct ndr_pull *, int, NTTIME *)
2684+ndr_pull_NTTIME_1sec: enum ndr_err_code (struct ndr_pull *, int, NTTIME *)
2685+ndr_pull_NTTIME_hyper: enum ndr_err_code (struct ndr_pull *, int, NTTIME *)
2686+ndr_pull_WERROR: enum ndr_err_code (struct ndr_pull *, int, WERROR *)
2687+ndr_pull_advance: enum ndr_err_code (struct ndr_pull *, uint32_t)
2688+ndr_pull_align: enum ndr_err_code (struct ndr_pull *, size_t)
2689+ndr_pull_append: enum ndr_err_code (struct ndr_pull *, DATA_BLOB *)
2690+ndr_pull_array_length: enum ndr_err_code (struct ndr_pull *, const void *)
2691+ndr_pull_array_size: enum ndr_err_code (struct ndr_pull *, const void *)
2692+ndr_pull_array_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *, uint32_t)
2693+ndr_pull_bytes: enum ndr_err_code (struct ndr_pull *, uint8_t *, uint32_t)
2694+ndr_pull_charset: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t)
2695+ndr_pull_charset_to_null: enum ndr_err_code (struct ndr_pull *, int, const char **, uint32_t, uint8_t, charset_t)
2696+ndr_pull_dlong: enum ndr_err_code (struct ndr_pull *, int, int64_t *)
2697+ndr_pull_double: enum ndr_err_code (struct ndr_pull *, int, double *)
2698+ndr_pull_enum_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
2699+ndr_pull_enum_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
2700+ndr_pull_enum_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
2701+ndr_pull_enum_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *)
2702+ndr_pull_error: enum ndr_err_code (struct ndr_pull *, enum ndr_err_code, const char *, ...)
2703+ndr_pull_generic_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *)
2704+ndr_pull_get_relative_base_offset: uint32_t (struct ndr_pull *)
2705+ndr_pull_get_switch_value: uint32_t (struct ndr_pull *, const void *)
2706+ndr_pull_gid_t: enum ndr_err_code (struct ndr_pull *, int, gid_t *)
2707+ndr_pull_hyper: enum ndr_err_code (struct ndr_pull *, int, uint64_t *)
2708+ndr_pull_init_blob: struct ndr_pull *(const DATA_BLOB *, TALLOC_CTX *)
2709+ndr_pull_int16: enum ndr_err_code (struct ndr_pull *, int, int16_t *)
2710+ndr_pull_int32: enum ndr_err_code (struct ndr_pull *, int, int32_t *)
2711+ndr_pull_int8: enum ndr_err_code (struct ndr_pull *, int, int8_t *)
2712+ndr_pull_ipv4address: enum ndr_err_code (struct ndr_pull *, int, const char **)
2713+ndr_pull_ipv6address: enum ndr_err_code (struct ndr_pull *, int, const char **)
2714+ndr_pull_ndr_syntax_id: enum ndr_err_code (struct ndr_pull *, int, struct ndr_syntax_id *)
2715+ndr_pull_netr_SamDatabaseID: enum ndr_err_code (struct ndr_pull *, int, enum netr_SamDatabaseID *)
2716+ndr_pull_netr_SchannelType: enum ndr_err_code (struct ndr_pull *, int, enum netr_SchannelType *)
2717+ndr_pull_pointer: enum ndr_err_code (struct ndr_pull *, int, void **)
2718+ndr_pull_policy_handle: enum ndr_err_code (struct ndr_pull *, int, struct policy_handle *)
2719+ndr_pull_pop: enum ndr_err_code (struct ndr_pull *)
2720+ndr_pull_ref_ptr: enum ndr_err_code (struct ndr_pull *, uint32_t *)
2721+ndr_pull_relative_ptr1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t)
2722+ndr_pull_relative_ptr2: enum ndr_err_code (struct ndr_pull *, const void *)
2723+ndr_pull_relative_ptr_short: enum ndr_err_code (struct ndr_pull *, uint16_t *)
2724+ndr_pull_restore_relative_base_offset: void (struct ndr_pull *, uint32_t)
2725+ndr_pull_set_switch_value: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t)
2726+ndr_pull_setup_relative_base_offset1: enum ndr_err_code (struct ndr_pull *, const void *, uint32_t)
2727+ndr_pull_setup_relative_base_offset2: enum ndr_err_code (struct ndr_pull *, const void *)
2728+ndr_pull_string: enum ndr_err_code (struct ndr_pull *, int, const char **)
2729+ndr_pull_string_array: enum ndr_err_code (struct ndr_pull *, int, const char ***)
2730+ndr_pull_struct_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t)
2731+ndr_pull_struct_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, ndr_pull_flags_fn_t)
2732+ndr_pull_subcontext_end: enum ndr_err_code (struct ndr_pull *, struct ndr_pull *, size_t, ssize_t)
2733+ndr_pull_subcontext_start: enum ndr_err_code (struct ndr_pull *, struct ndr_pull **, size_t, ssize_t)
2734+ndr_pull_svcctl_ServerType: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
2735+ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, int, time_t *)
2736+ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, int, struct timespec *)
2737+ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, int, struct timeval *)
2738+ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t)
2739+ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, int, uint64_t *)
2740+ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, int, uint64_t *)
2741+ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, int, uid_t *)
2742+ndr_pull_uint16: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
2743+ndr_pull_uint1632: enum ndr_err_code (struct ndr_pull *, int, uint16_t *)
2744+ndr_pull_uint32: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
2745+ndr_pull_uint3264: enum ndr_err_code (struct ndr_pull *, int, uint32_t *)
2746+ndr_pull_uint8: enum ndr_err_code (struct ndr_pull *, int, uint8_t *)
2747+ndr_pull_union_align: enum ndr_err_code (struct ndr_pull *, size_t)
2748+ndr_pull_union_blob: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t)
2749+ndr_pull_union_blob_all: enum ndr_err_code (const DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_pull_flags_fn_t)
2750+ndr_pull_winreg_Data: enum ndr_err_code (struct ndr_pull *, int, union winreg_Data *)
2751+ndr_pull_winreg_Type: enum ndr_err_code (struct ndr_pull *, int, enum winreg_Type *)
2752+ndr_push_DATA_BLOB: enum ndr_err_code (struct ndr_push *, int, DATA_BLOB)
2753+ndr_push_GUID: enum ndr_err_code (struct ndr_push *, int, const struct GUID *)
2754+ndr_push_KRB5_EDATA_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, const struct KRB5_EDATA_NTSTATUS *)
2755+ndr_push_NTSTATUS: enum ndr_err_code (struct ndr_push *, int, NTSTATUS)
2756+ndr_push_NTTIME: enum ndr_err_code (struct ndr_push *, int, NTTIME)
2757+ndr_push_NTTIME_1sec: enum ndr_err_code (struct ndr_push *, int, NTTIME)
2758+ndr_push_NTTIME_hyper: enum ndr_err_code (struct ndr_push *, int, NTTIME)
2759+ndr_push_WERROR: enum ndr_err_code (struct ndr_push *, int, WERROR)
2760+ndr_push_align: enum ndr_err_code (struct ndr_push *, size_t)
2761+ndr_push_array_uint8: enum ndr_err_code (struct ndr_push *, int, const uint8_t *, uint32_t)
2762+ndr_push_blob: DATA_BLOB (struct ndr_push *)
2763+ndr_push_bytes: enum ndr_err_code (struct ndr_push *, const uint8_t *, uint32_t)
2764+ndr_push_charset: enum ndr_err_code (struct ndr_push *, int, const char *, uint32_t, uint8_t, charset_t)
2765+ndr_push_dlong: enum ndr_err_code (struct ndr_push *, int, int64_t)
2766+ndr_push_double: enum ndr_err_code (struct ndr_push *, int, double)
2767+ndr_push_enum_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t)
2768+ndr_push_enum_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t)
2769+ndr_push_enum_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t)
2770+ndr_push_enum_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t)
2771+ndr_push_error: enum ndr_err_code (struct ndr_push *, enum ndr_err_code, const char *, ...)
2772+ndr_push_expand: enum ndr_err_code (struct ndr_push *, uint32_t)
2773+ndr_push_full_ptr: enum ndr_err_code (struct ndr_push *, const void *)
2774+ndr_push_get_relative_base_offset: uint32_t (struct ndr_push *)
2775+ndr_push_get_switch_value: uint32_t (struct ndr_push *, const void *)
2776+ndr_push_gid_t: enum ndr_err_code (struct ndr_push *, int, gid_t)
2777+ndr_push_hyper: enum ndr_err_code (struct ndr_push *, int, uint64_t)
2778+ndr_push_init_ctx: struct ndr_push *(TALLOC_CTX *)
2779+ndr_push_int16: enum ndr_err_code (struct ndr_push *, int, int16_t)
2780+ndr_push_int32: enum ndr_err_code (struct ndr_push *, int, int32_t)
2781+ndr_push_int8: enum ndr_err_code (struct ndr_push *, int, int8_t)
2782+ndr_push_ipv4address: enum ndr_err_code (struct ndr_push *, int, const char *)
2783+ndr_push_ipv6address: enum ndr_err_code (struct ndr_push *, int, const char *)
2784+ndr_push_ndr_syntax_id: enum ndr_err_code (struct ndr_push *, int, const struct ndr_syntax_id *)
2785+ndr_push_netr_SamDatabaseID: enum ndr_err_code (struct ndr_push *, int, enum netr_SamDatabaseID)
2786+ndr_push_netr_SchannelType: enum ndr_err_code (struct ndr_push *, int, enum netr_SchannelType)
2787+ndr_push_pipe_chunk_trailer: enum ndr_err_code (struct ndr_push *, int, uint32_t)
2788+ndr_push_pointer: enum ndr_err_code (struct ndr_push *, int, void *)
2789+ndr_push_policy_handle: enum ndr_err_code (struct ndr_push *, int, const struct policy_handle *)
2790+ndr_push_ref_ptr: enum ndr_err_code (struct ndr_push *)
2791+ndr_push_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *)
2792+ndr_push_relative_ptr2_end: enum ndr_err_code (struct ndr_push *, const void *)
2793+ndr_push_relative_ptr2_start: enum ndr_err_code (struct ndr_push *, const void *)
2794+ndr_push_restore_relative_base_offset: void (struct ndr_push *, uint32_t)
2795+ndr_push_set_switch_value: enum ndr_err_code (struct ndr_push *, const void *, uint32_t)
2796+ndr_push_setup_relative_base_offset1: enum ndr_err_code (struct ndr_push *, const void *, uint32_t)
2797+ndr_push_setup_relative_base_offset2: enum ndr_err_code (struct ndr_push *, const void *)
2798+ndr_push_short_relative_ptr1: enum ndr_err_code (struct ndr_push *, const void *)
2799+ndr_push_short_relative_ptr2: enum ndr_err_code (struct ndr_push *, const void *)
2800+ndr_push_string: enum ndr_err_code (struct ndr_push *, int, const char *)
2801+ndr_push_string_array: enum ndr_err_code (struct ndr_push *, int, const char **)
2802+ndr_push_struct_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, const void *, ndr_push_flags_fn_t)
2803+ndr_push_subcontext_end: enum ndr_err_code (struct ndr_push *, struct ndr_push *, size_t, ssize_t)
2804+ndr_push_subcontext_start: enum ndr_err_code (struct ndr_push *, struct ndr_push **, size_t, ssize_t)
2805+ndr_push_svcctl_ServerType: enum ndr_err_code (struct ndr_push *, int, uint32_t)
2806+ndr_push_time_t: enum ndr_err_code (struct ndr_push *, int, time_t)
2807+ndr_push_timespec: enum ndr_err_code (struct ndr_push *, int, const struct timespec *)
2808+ndr_push_timeval: enum ndr_err_code (struct ndr_push *, int, const struct timeval *)
2809+ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t)
2810+ndr_push_udlong: enum ndr_err_code (struct ndr_push *, int, uint64_t)
2811+ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, int, uint64_t)
2812+ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, int, uid_t)
2813+ndr_push_uint16: enum ndr_err_code (struct ndr_push *, int, uint16_t)
2814+ndr_push_uint1632: enum ndr_err_code (struct ndr_push *, int, uint16_t)
2815+ndr_push_uint32: enum ndr_err_code (struct ndr_push *, int, uint32_t)
2816+ndr_push_uint3264: enum ndr_err_code (struct ndr_push *, int, uint32_t)
2817+ndr_push_uint8: enum ndr_err_code (struct ndr_push *, int, uint8_t)
2818+ndr_push_union_align: enum ndr_err_code (struct ndr_push *, size_t)
2819+ndr_push_union_blob: enum ndr_err_code (DATA_BLOB *, TALLOC_CTX *, void *, uint32_t, ndr_push_flags_fn_t)
2820+ndr_push_unique_ptr: enum ndr_err_code (struct ndr_push *, const void *)
2821+ndr_push_winreg_Data: enum ndr_err_code (struct ndr_push *, int, const union winreg_Data *)
2822+ndr_push_winreg_Type: enum ndr_err_code (struct ndr_push *, int, enum winreg_Type)
2823+ndr_push_zero: enum ndr_err_code (struct ndr_push *, uint32_t)
2824+ndr_set_flags: void (uint32_t *, uint32_t)
2825+ndr_size_DATA_BLOB: uint32_t (int, const DATA_BLOB *, int)
2826+ndr_size_GUID: size_t (const struct GUID *, int)
2827+ndr_size_string: uint32_t (int, const char * const *, int)
2828+ndr_size_string_array: size_t (const char **, uint32_t, int)
2829+ndr_size_struct: size_t (const void *, int, ndr_push_flags_fn_t)
2830+ndr_size_union: size_t (const void *, int, uint32_t, ndr_push_flags_fn_t)
2831+ndr_string_array_size: size_t (struct ndr_push *, const char *)
2832+ndr_string_length: uint32_t (const void *, uint32_t)
2833+ndr_syntax_id_equal: bool (const struct ndr_syntax_id *, const struct ndr_syntax_id *)
2834+ndr_syntax_id_from_string: bool (const char *, struct ndr_syntax_id *)
2835+ndr_syntax_id_null: uuid = {time_low = 0, time_mid = 0, time_hi_and_version = 0, clock_seq = "\000", node = "\000\000\000\000\000"}, if_version = 0
2836+ndr_syntax_id_to_string: char *(TALLOC_CTX *, const struct ndr_syntax_id *)
2837+ndr_token_peek: uint32_t (struct ndr_token_list **, const void *)
2838+ndr_token_retrieve: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *)
2839+ndr_token_retrieve_cmp_fn: enum ndr_err_code (struct ndr_token_list **, const void *, uint32_t *, comparison_fn_t, bool)
2840+ndr_token_store: enum ndr_err_code (TALLOC_CTX *, struct ndr_token_list **, const void *, uint32_t)
2841+ndr_transfer_syntax_ndr: uuid = {time_low = 2324192516, time_mid = 7403, time_hi_and_version = 4553, clock_seq = "\237\350", node = "\b\000+\020H`"}, if_version = 2
2842+ndr_transfer_syntax_ndr64: uuid = {time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066"}, if_version = 1
2843Index: samba-3.6.23/librpc/ndr/ndr_misc.c
2844===================================================================
2845--- samba-3.6.23.orig/librpc/ndr/ndr_misc.c
2846+++ samba-3.6.23/librpc/ndr/ndr_misc.c
2847@@ -35,3 +35,50 @@ bool ndr_syntax_id_equal(const struct nd
2848 return GUID_equal(&i1->uuid, &i2->uuid)
2849 && (i1->if_version == i2->if_version);
2850 }
2851+
2852+_PUBLIC_ char *ndr_syntax_id_to_string(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *id)
2853+{
2854+ return talloc_asprintf(mem_ctx,
2855+ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x",
2856+ id->uuid.time_low, id->uuid.time_mid,
2857+ id->uuid.time_hi_and_version,
2858+ id->uuid.clock_seq[0],
2859+ id->uuid.clock_seq[1],
2860+ id->uuid.node[0], id->uuid.node[1],
2861+ id->uuid.node[2], id->uuid.node[3],
2862+ id->uuid.node[4], id->uuid.node[5],
2863+ (unsigned)id->if_version);
2864+}
2865+
2866+_PUBLIC_ bool ndr_syntax_id_from_string(const char *s, struct ndr_syntax_id *id)
2867+{
2868+ int ret;
2869+ size_t i;
2870+ uint32_t time_low;
2871+ uint32_t time_mid, time_hi_and_version;
2872+ uint32_t clock_seq[2];
2873+ uint32_t node[6];
2874+ uint32_t if_version;
2875+
2876+ ret = sscanf(s,
2877+ "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x/0x%08x",
2878+ &time_low, &time_mid, &time_hi_and_version,
2879+ &clock_seq[0], &clock_seq[1],
2880+ &node[0], &node[1], &node[2], &node[3], &node[4], &node[5],
2881+ &if_version);
2882+ if (ret != 12) {
2883+ return false;
2884+ }
2885+
2886+ id->uuid.time_low = time_low;
2887+ id->uuid.time_mid = time_mid;
2888+ id->uuid.time_hi_and_version = time_hi_and_version;
2889+ id->uuid.clock_seq[0] = clock_seq[0];
2890+ id->uuid.clock_seq[1] = clock_seq[1];
2891+ for (i=0; i<6; i++) {
2892+ id->uuid.node[i] = node[i];
2893+ }
2894+ id->if_version = if_version;
2895+
2896+ return true;
2897+}
2898Index: samba-3.6.23/librpc/rpc/dcerpc_util.c
2899===================================================================
2900--- samba-3.6.23.orig/librpc/rpc/dcerpc_util.c
2901+++ samba-3.6.23/librpc/rpc/dcerpc_util.c
2902@@ -27,6 +27,7 @@
2903 #include "librpc/rpc/dcerpc.h"
2904 #include "librpc/gen_ndr/ndr_dcerpc.h"
2905 #include "rpc_common.h"
2906+#include "lib/util/bitmap.h"
2907
2908 /* we need to be able to get/set the fragment length without doing a full
2909 decode */
2910@@ -341,3 +342,194 @@ NTSTATUS dcerpc_read_ncacn_packet_recv(s
2911 tevent_req_received(req);
2912 return NT_STATUS_OK;
2913 }
2914+
2915+struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt)
2916+{
2917+ struct dcerpc_sec_vt_header2 ret;
2918+
2919+ ZERO_STRUCT(ret);
2920+ ret.ptype = pkt->ptype;
2921+ memcpy(&ret.drep, pkt->drep, sizeof(ret.drep));
2922+ ret.call_id = pkt->call_id;
2923+
2924+ switch (pkt->ptype) {
2925+ case DCERPC_PKT_REQUEST:
2926+ ret.context_id = pkt->u.request.context_id;
2927+ ret.opnum = pkt->u.request.opnum;
2928+ break;
2929+
2930+ case DCERPC_PKT_RESPONSE:
2931+ ret.context_id = pkt->u.response.context_id;
2932+ break;
2933+
2934+ case DCERPC_PKT_FAULT:
2935+ ret.context_id = pkt->u.fault.context_id;
2936+ break;
2937+
2938+ default:
2939+ break;
2940+ }
2941+
2942+ return ret;
2943+}
2944+
2945+bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1,
2946+ const struct dcerpc_sec_vt_header2 *v2)
2947+{
2948+ if (v1->ptype != v2->ptype) {
2949+ return false;
2950+ }
2951+
2952+ if (memcmp(v1->drep, v2->drep, sizeof(v1->drep)) != 0) {
2953+ return false;
2954+ }
2955+
2956+ if (v1->call_id != v2->call_id) {
2957+ return false;
2958+ }
2959+
2960+ if (v1->context_id != v2->context_id) {
2961+ return false;
2962+ }
2963+
2964+ if (v1->opnum != v2->opnum) {
2965+ return false;
2966+ }
2967+
2968+ return true;
2969+}
2970+
2971+static bool dcerpc_sec_vt_is_valid(const struct dcerpc_sec_verification_trailer *r)
2972+{
2973+ bool ret = false;
2974+ TALLOC_CTX *frame = talloc_stackframe();
2975+ struct bitmap *commands_seen;
2976+ int i;
2977+
2978+ if (r->count.count == 0) {
2979+ ret = true;
2980+ goto done;
2981+ }
2982+
2983+ if (memcmp(r->magic, DCERPC_SEC_VT_MAGIC, sizeof(r->magic)) != 0) {
2984+ goto done;
2985+ }
2986+
2987+ commands_seen = bitmap_talloc(frame, DCERPC_SEC_VT_COMMAND_ENUM + 1);
2988+ if (commands_seen == NULL) {
2989+ goto done;
2990+ }
2991+
2992+ for (i=0; i < r->count.count; i++) {
2993+ enum dcerpc_sec_vt_command_enum cmd =
2994+ r->commands[i].command & DCERPC_SEC_VT_COMMAND_ENUM;
2995+
2996+ if (bitmap_query(commands_seen, cmd)) {
2997+ /* Each command must appear at most once. */
2998+ goto done;
2999+ }
3000+ bitmap_set(commands_seen, cmd);
3001+
3002+ switch (cmd) {
3003+ case DCERPC_SEC_VT_COMMAND_BITMASK1:
3004+ case DCERPC_SEC_VT_COMMAND_PCONTEXT:
3005+ case DCERPC_SEC_VT_COMMAND_HEADER2:
3006+ break;
3007+ default:
3008+ if ((r->commands[i].u._unknown.length % 4) != 0) {
3009+ goto done;
3010+ }
3011+ break;
3012+ }
3013+ }
3014+ ret = true;
3015+done:
3016+ TALLOC_FREE(frame);
3017+ return ret;
3018+}
3019+
3020+#define CHECK(msg, ok) \
3021+do { \
3022+ if (!ok) { \
3023+ DEBUG(10, ("SEC_VT check %s failed\n", msg)); \
3024+ return false; \
3025+ } \
3026+} while(0)
3027+
3028+#define CHECK_SYNTAX(msg, s1, s2) \
3029+do { \
3030+ if (!ndr_syntax_id_equal(&s1, &s2)) { \
3031+ TALLOC_CTX *frame = talloc_stackframe(); \
3032+ DEBUG(10, ("SEC_VT check %s failed: %s vs. %s\n", msg, \
3033+ ndr_syntax_id_to_string(frame, &s1), \
3034+ ndr_syntax_id_to_string(frame, &s1))); \
3035+ TALLOC_FREE(frame); \
3036+ return false; \
3037+ } \
3038+} while(0)
3039+
3040+
3041+bool dcerpc_sec_verification_trailer_check(
3042+ const struct dcerpc_sec_verification_trailer *vt,
3043+ const uint32_t *bitmask1,
3044+ const struct dcerpc_sec_vt_pcontext *pcontext,
3045+ const struct dcerpc_sec_vt_header2 *header2)
3046+{
3047+ size_t i;
3048+
3049+ if (!dcerpc_sec_vt_is_valid(vt)) {
3050+ return false;
3051+ }
3052+
3053+ for (i=0; i < vt->count.count; i++) {
3054+ struct dcerpc_sec_vt *c = &vt->commands[i];
3055+
3056+ switch (c->command & DCERPC_SEC_VT_COMMAND_ENUM) {
3057+ case DCERPC_SEC_VT_COMMAND_BITMASK1:
3058+ if (bitmask1 == NULL) {
3059+ CHECK("Bitmask1 must_process_command",
3060+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS));
3061+ break;
3062+ }
3063+
3064+ if (c->u.bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING) {
3065+ CHECK("Bitmask1 client_header_signing",
3066+ *bitmask1 & DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING);
3067+ }
3068+ break;
3069+
3070+ case DCERPC_SEC_VT_COMMAND_PCONTEXT:
3071+ if (pcontext == NULL) {
3072+ CHECK("Pcontext must_process_command",
3073+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS));
3074+ break;
3075+ }
3076+
3077+ CHECK_SYNTAX("Pcontect abstract_syntax",
3078+ pcontext->abstract_syntax,
3079+ c->u.pcontext.abstract_syntax);
3080+ CHECK_SYNTAX("Pcontext transfer_syntax",
3081+ pcontext->transfer_syntax,
3082+ c->u.pcontext.transfer_syntax);
3083+ break;
3084+
3085+ case DCERPC_SEC_VT_COMMAND_HEADER2: {
3086+ if (header2 == NULL) {
3087+ CHECK("Header2 must_process_command",
3088+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS));
3089+ break;
3090+ }
3091+
3092+ CHECK("Header2", dcerpc_sec_vt_header2_equal(header2, &c->u.header2));
3093+ break;
3094+ }
3095+
3096+ default:
3097+ CHECK("Unknown must_process_command",
3098+ !(c->command & DCERPC_SEC_VT_MUST_PROCESS));
3099+ break;
3100+ }
3101+ }
3102+
3103+ return true;
3104+}
3105Index: samba-3.6.23/librpc/rpc/rpc_common.h
3106===================================================================
3107--- samba-3.6.23.orig/librpc/rpc/rpc_common.h
3108+++ samba-3.6.23/librpc/rpc/rpc_common.h
3109@@ -296,4 +296,45 @@ NTSTATUS dcerpc_binding_handle_call(stru
3110 TALLOC_CTX *r_mem,
3111 void *r_ptr);
3112
3113+/**
3114+ * Extract header information from a ncacn_packet
3115+ * as a dcerpc_sec_vt_header2 as used by the security verification trailer.
3116+ *
3117+ * @param[in] pkt a packet
3118+ *
3119+ * @return a dcerpc_sec_vt_header2
3120+ */
3121+struct dcerpc_sec_vt_header2 dcerpc_sec_vt_header2_from_ncacn_packet(const struct ncacn_packet *pkt);
3122+
3123+
3124+/**
3125+ * Test if two dcerpc_sec_vt_header2 structures are equal
3126+ * without consideration of reserved fields.
3127+ *
3128+ * @param v1 a pointer to a dcerpc_sec_vt_header2 structure
3129+ * @param v2 a pointer to a dcerpc_sec_vt_header2 structure
3130+ *
3131+ * @retval true if *v1 equals *v2
3132+ */
3133+bool dcerpc_sec_vt_header2_equal(const struct dcerpc_sec_vt_header2 *v1,
3134+ const struct dcerpc_sec_vt_header2 *v2);
3135+
3136+/**
3137+ * Check for consistency of the security verification trailer with the PDU header.
3138+ * See <a href="http://msdn.microsoft.com/en-us/library/cc243559.aspx">MS-RPCE 2.2.2.13</a>.
3139+ * A check with an empty trailer succeeds.
3140+ *
3141+ * @param[in] vt a pointer to the security verification trailer.
3142+ * @param[in] bitmask1 which flags were negotiated on the connection.
3143+ * @param[in] pcontext the syntaxes negotiatied for the presentation context.
3144+ * @param[in] header2 some fields from the PDU header.
3145+ *
3146+ * @retval true on success.
3147+ */
3148+bool dcerpc_sec_verification_trailer_check(
3149+ const struct dcerpc_sec_verification_trailer *vt,
3150+ const uint32_t *bitmask1,
3151+ const struct dcerpc_sec_vt_pcontext *pcontext,
3152+ const struct dcerpc_sec_vt_header2 *header2);
3153+
3154 #endif /* __DEFAULT_LIBRPC_RPCCOMMON_H__ */
3155Index: samba-3.6.23/source4/torture/ndr/ndr.c
3156===================================================================
3157--- samba-3.6.23.orig/source4/torture/ndr/ndr.c
3158+++ samba-3.6.23/source4/torture/ndr/ndr.c
3159@@ -29,40 +29,65 @@ struct ndr_pull_test_data {
3160 DATA_BLOB data_context;
3161 size_t struct_size;
3162 ndr_pull_flags_fn_t pull_fn;
3163+ ndr_push_flags_fn_t push_fn;
3164 int ndr_flags;
3165+ int flags;
3166 };
3167
3168-static bool wrap_ndr_pull_test(struct torture_context *tctx,
3169- struct torture_tcase *tcase,
3170- struct torture_test *test)
3171+static bool wrap_ndr_pullpush_test(struct torture_context *tctx,
3172+ struct torture_tcase *tcase,
3173+ struct torture_test *test)
3174 {
3175 bool (*check_fn) (struct torture_context *ctx, void *data) = test->fn;
3176 const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
3177- void *ds = talloc_zero_size(tctx, data->struct_size);
3178 struct ndr_pull *ndr = ndr_pull_init_blob(&(data->data), tctx);
3179+ void *ds = talloc_zero_size(ndr, data->struct_size);
3180+ bool ret;
3181+ uint32_t highest_ofs;
3182+
3183+ ndr->flags |= data->flags;
3184
3185 ndr->flags |= LIBNDR_FLAG_REF_ALLOC;
3186
3187 torture_assert_ndr_success(tctx, data->pull_fn(ndr, data->ndr_flags, ds),
3188 "pulling");
3189
3190- torture_assert(tctx, ndr->offset == ndr->data_size,
3191+ if (ndr->offset > ndr->relative_highest_offset) {
3192+ highest_ofs = ndr->offset;
3193+ } else {
3194+ highest_ofs = ndr->relative_highest_offset;
3195+ }
3196+
3197+ torture_assert(tctx, highest_ofs == ndr->data_size,
3198 talloc_asprintf(tctx,
3199- "%d unread bytes", ndr->data_size - ndr->offset));
3200+ "%d unread bytes", ndr->data_size - highest_ofs));
3201
3202- if (check_fn != NULL)
3203- return check_fn(tctx, ds);
3204- else
3205- return true;
3206+ if (check_fn != NULL) {
3207+ ret = check_fn(tctx, ds);
3208+ } else {
3209+ ret = true;
3210+ }
3211+
3212+ if (data->push_fn != NULL) {
3213+ DATA_BLOB outblob;
3214+ torture_assert_ndr_success(tctx, ndr_push_struct_blob(&outblob, ndr, ds, data->push_fn), "pushing");
3215+ torture_assert_data_blob_equal(tctx, outblob, data->data, "ndr push compare");
3216+ }
3217+
3218+ talloc_free(ndr);
3219+ return ret;
3220 }
3221
3222-_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test(
3223- struct torture_suite *suite,
3224- const char *name, ndr_pull_flags_fn_t pull_fn,
3225- DATA_BLOB db,
3226- size_t struct_size,
3227- int ndr_flags,
3228- bool (*check_fn) (struct torture_context *ctx, void *data))
3229+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test(
3230+ struct torture_suite *suite,
3231+ const char *name,
3232+ ndr_pull_flags_fn_t pull_fn,
3233+ ndr_push_flags_fn_t push_fn,
3234+ DATA_BLOB db,
3235+ size_t struct_size,
3236+ int ndr_flags,
3237+ int flags,
3238+ bool (*check_fn) (struct torture_context *ctx, void *data))
3239 {
3240 struct torture_test *test;
3241 struct torture_tcase *tcase;
3242@@ -74,12 +99,16 @@ _PUBLIC_ struct torture_test *_torture_s
3243
3244 test->name = talloc_strdup(test, name);
3245 test->description = NULL;
3246- test->run = wrap_ndr_pull_test;
3247+ test->run = wrap_ndr_pullpush_test;
3248+
3249 data = talloc(test, struct ndr_pull_test_data);
3250 data->data = db;
3251 data->ndr_flags = ndr_flags;
3252+ data->flags = flags;
3253 data->struct_size = struct_size;
3254 data->pull_fn = pull_fn;
3255+ data->push_fn = push_fn;
3256+
3257 test->data = data;
3258 test->fn = check_fn;
3259 test->dangerous = false;
3260@@ -89,6 +118,7 @@ _PUBLIC_ struct torture_test *_torture_s
3261 return test;
3262 }
3263
3264+
3265 static bool wrap_ndr_inout_pull_test(struct torture_context *tctx,
3266 struct torture_tcase *tcase,
3267 struct torture_test *test)
3268@@ -97,6 +127,7 @@ static bool wrap_ndr_inout_pull_test(str
3269 const struct ndr_pull_test_data *data = (const struct ndr_pull_test_data *)test->data;
3270 void *ds = talloc_zero_size(tctx, data->struct_size);
3271 struct ndr_pull *ndr;
3272+ uint32_t highest_ofs;
3273
3274 /* handle NDR_IN context */
3275
3276@@ -109,8 +140,14 @@ static bool wrap_ndr_inout_pull_test(str
3277 data->pull_fn(ndr, NDR_IN, ds),
3278 "ndr pull of context failed");
3279
3280- torture_assert(tctx, ndr->offset == ndr->data_size,
3281- talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset));
3282+ if (ndr->offset > ndr->relative_highest_offset) {
3283+ highest_ofs = ndr->offset;
3284+ } else {
3285+ highest_ofs = ndr->relative_highest_offset;
3286+ }
3287+
3288+ torture_assert(tctx, highest_ofs == ndr->data_size,
3289+ talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs));
3290
3291 talloc_free(ndr);
3292
3293@@ -125,8 +162,14 @@ static bool wrap_ndr_inout_pull_test(str
3294 data->pull_fn(ndr, NDR_OUT, ds),
3295 "ndr pull failed");
3296
3297- torture_assert(tctx, ndr->offset == ndr->data_size,
3298- talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - ndr->offset));
3299+ if (ndr->offset > ndr->relative_highest_offset) {
3300+ highest_ofs = ndr->offset;
3301+ } else {
3302+ highest_ofs = ndr->relative_highest_offset;
3303+ }
3304+
3305+ torture_assert(tctx, highest_ofs == ndr->data_size,
3306+ talloc_asprintf(tctx, "%d unread bytes", ndr->data_size - highest_ofs));
3307
3308 talloc_free(ndr);
3309
3310Index: samba-3.6.23/source4/torture/ndr/ndr.h
3311===================================================================
3312--- samba-3.6.23.orig/source4/torture/ndr/ndr.h
3313+++ samba-3.6.23/source4/torture/ndr/ndr.h
3314@@ -24,12 +24,15 @@
3315 #include "librpc/ndr/libndr.h"
3316 #include "libcli/security/security.h"
3317
3318-_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_test(
3319+_PUBLIC_ struct torture_test *_torture_suite_add_ndr_pullpush_test(
3320 struct torture_suite *suite,
3321- const char *name, ndr_pull_flags_fn_t fn,
3322+ const char *name,
3323+ ndr_pull_flags_fn_t pull_fn,
3324+ ndr_push_flags_fn_t push_fn,
3325 DATA_BLOB db,
3326 size_t struct_size,
3327 int ndr_flags,
3328+ int flags,
3329 bool (*check_fn) (struct torture_context *, void *data));
3330
3331 _PUBLIC_ struct torture_test *_torture_suite_add_ndr_pull_inout_test(
3332@@ -41,20 +44,32 @@ _PUBLIC_ struct torture_test *_torture_s
3333 bool (*check_fn) (struct torture_context *ctx, void *data));
3334
3335 #define torture_suite_add_ndr_pull_test(suite,name,data,check_fn) \
3336- _torture_suite_add_ndr_pull_test(suite, #name, \
3337- (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \
3338- sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, (bool (*) (struct torture_context *, void *)) check_fn);
3339+ _torture_suite_add_ndr_pullpush_test(suite, #name, \
3340+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \
3341+ sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn);
3342
3343 #define torture_suite_add_ndr_pull_fn_test(suite,name,data,flags,check_fn) \
3344- _torture_suite_add_ndr_pull_test(suite, #name "_" #flags, \
3345- (ndr_pull_flags_fn_t)ndr_pull_ ## name, data_blob_talloc(suite, data, sizeof(data)), \
3346- sizeof(struct name), flags, (bool (*) (struct torture_context *, void *)) check_fn);
3347+ _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags, \
3348+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \
3349+ sizeof(struct name), flags, 0, (bool (*) (struct torture_context *, void *)) check_fn);
3350+
3351+#define torture_suite_add_ndr_pull_fn_test_flags(suite,name,data,flags,flags2,check_fn) \
3352+ _torture_suite_add_ndr_pullpush_test(suite, #name "_" #flags "_" #flags2, \
3353+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, NULL, data_blob_const(data, sizeof(data)), \
3354+ sizeof(struct name), flags, flags2, (bool (*) (struct torture_context *, void *)) check_fn);
3355+
3356+#define torture_suite_add_ndr_pullpush_test(suite,name,data_blob,check_fn) \
3357+ _torture_suite_add_ndr_pullpush_test(suite, #name, \
3358+ (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
3359+ (ndr_push_flags_fn_t)ndr_push_ ## name, \
3360+ data_blob, \
3361+ sizeof(struct name), NDR_SCALARS|NDR_BUFFERS, 0, (bool (*) (struct torture_context *, void *)) check_fn);
3362
3363 #define torture_suite_add_ndr_pull_io_test(suite,name,data_in,data_out,check_fn_out) \
3364 _torture_suite_add_ndr_pull_inout_test(suite, #name "_INOUT", \
3365 (ndr_pull_flags_fn_t)ndr_pull_ ## name, \
3366- data_blob_talloc(suite, data_in, sizeof(data_in)), \
3367- data_blob_talloc(suite, data_out, sizeof(data_out)), \
3368+ data_blob_const(data_in, sizeof(data_in)), \
3369+ data_blob_const(data_out, sizeof(data_out)), \
3370 sizeof(struct name), \
3371 (bool (*) (struct torture_context *, void *)) check_fn_out);
3372
3373Index: samba-3.6.23/source4/torture/ndr/dfsblob.c
3374===================================================================
3375--- samba-3.6.23.orig/source4/torture/ndr/dfsblob.c
3376+++ samba-3.6.23/source4/torture/ndr/dfsblob.c
3377@@ -74,11 +74,11 @@ struct torture_suite *ndr_dfsblob_suite(
3378 {
3379 struct torture_suite *suite = torture_suite_create(ctx, "dfsblob");
3380
3381- torture_suite_add_ndr_pull_fn_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NDR_IN, NULL);
3382+ torture_suite_add_ndr_pull_test(suite, dfs_GetDFSReferral_in, dfs_get_ref_in, NULL);
3383
3384- torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out2, NDR_BUFFERS|NDR_SCALARS, NULL);
3385+ torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out2, NULL);
3386
3387- torture_suite_add_ndr_pull_fn_test(suite, dfs_referral_resp, dfs_get_ref_out, NDR_BUFFERS|NDR_SCALARS,dfs_referral_out_check);
3388+ torture_suite_add_ndr_pull_test(suite, dfs_referral_resp, dfs_get_ref_out,dfs_referral_out_check);
3389
3390 return suite;
3391 }
3392Index: samba-3.6.23/source4/torture/ndr/nbt.c
3393===================================================================
3394--- samba-3.6.23.orig/source4/torture/ndr/nbt.c
3395+++ samba-3.6.23/source4/torture/ndr/nbt.c
3396@@ -62,9 +62,9 @@ struct torture_suite *ndr_nbt_suite(TALL
3397 {
3398 struct torture_suite *suite = torture_suite_create(ctx, "nbt");
3399
3400- torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, NDR_IN, netlogon_logon_request_req_check);
3401+ torture_suite_add_ndr_pull_test(suite, nbt_netlogon_packet, netlogon_logon_request_req_data, netlogon_logon_request_req_check);
3402
3403- torture_suite_add_ndr_pull_fn_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, NDR_IN, netlogon_logon_request_resp_check);
3404+ torture_suite_add_ndr_pull_test(suite, nbt_netlogon_response2, netlogon_logon_request_resp_data, netlogon_logon_request_resp_check);
3405
3406 return suite;
3407 }
3408Index: samba-3.6.23/source4/torture/ndr/ntlmssp.c
3409===================================================================
3410--- samba-3.6.23.orig/source4/torture/ndr/ntlmssp.c
3411+++ samba-3.6.23/source4/torture/ndr/ntlmssp.c
3412@@ -111,9 +111,10 @@ struct torture_suite *ndr_ntlmssp_suite(
3413 {
3414 struct torture_suite *suite = torture_suite_create(ctx, "ntlmssp");
3415
3416- torture_suite_add_ndr_pull_fn_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, NDR_IN, ntlmssp_NEGOTIATE_MESSAGE_check);
3417- /* torture_suite_add_ndr_pull_fn_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, NDR_IN, ntlmssp_CHALLENGE_MESSAGE_check);
3418- torture_suite_add_ndr_pull_fn_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, NDR_IN, ntlmssp_AUTHENTICATE_MESSAGE_check); */
3419-
3420+ torture_suite_add_ndr_pull_test(suite, NEGOTIATE_MESSAGE, ntlmssp_NEGOTIATE_MESSAGE_data, ntlmssp_NEGOTIATE_MESSAGE_check);
3421+#if 0
3422+ torture_suite_add_ndr_pull_test(suite, CHALLENGE_MESSAGE, ntlmssp_CHALLENGE_MESSAGE_data, ntlmssp_CHALLENGE_MESSAGE_check);
3423+ torture_suite_add_ndr_pull_test(suite, AUTHENTICATE_MESSAGE, ntlmssp_AUTHENTICATE_MESSAGE_data, ntlmssp_AUTHENTICATE_MESSAGE_check);
3424+#endif
3425 return suite;
3426 }
3427Index: samba-3.6.23/source4/torture/ndr/drsblobs.c
3428===================================================================
3429--- samba-3.6.23.orig/source4/torture/ndr/drsblobs.c
3430+++ samba-3.6.23/source4/torture/ndr/drsblobs.c
3431@@ -115,6 +115,34 @@ static const uint8_t trust_domain_passwo
3432 0x38, 0x00, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00
3433 };
3434
3435+/* these are taken from the trust objects of a w2k8r2 forest, with a
3436+ * trust relationship between the forest parent and a child domain
3437+ */
3438+static const char *trustAuthIncoming =
3439+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H"
3440+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+"
3441+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ"
3442+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/"
3443+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3"
3444+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu"
3445+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF"
3446+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ"
3447+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7"
3448+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA==";
3449+
3450+static const char *trustAuthOutgoing =
3451+"AQAAAAwAAAAcAQAASuQ+RXJdzAECAAAAAAEAAMOWL6UVfVKiJOUsGcT03H"
3452+"jHxr2ACsMMOV5ynM617Tp7idNC+c4egdqk4S9YEpvR2YvHmdZdymL6F7QKm8OkXazYZF2r/gZ/bI+"
3453+"jkWbsn4O8qyAc3OUKQRZwBbf+lxBW+vM4O3ZpUjz5BSKCcFQgM+MY91yVU8Nji3HNnvGnDquobFAZ"
3454+"hxjL+S1l5+QZgkfyfv5mQScGRbU1Lar1xg9G3JznUb7S6pvrBO2nwK8g+KZBfJy5UeULigDH4IWo/"
3455+"JmtaEGkKE2uiKIjdsEQd/uwnkouW26XzRc0ulfJnPFftGnT9KIcShPf7DLj/tstmQAAceRMFHJTY3"
3456+"PmxoowoK8HUyBK5D5Fcl3MAQIAAAAAAQAAw5YvpRV9UqIk5SwZxPTceMfGvYAKwww5XnKczrXtOnu"
3457+"J00L5zh6B2qThL1gSm9HZi8eZ1l3KYvoXtAqbw6RdrNhkXav+Bn9sj6ORZuyfg7yrIBzc5QpBFnAF"
3458+"t/6XEFb68zg7dmlSPPkFIoJwVCAz4xj3XJVTw2OLcc2e8acOq6hsUBmHGMv5LWXn5BmCR/J+/mZBJ"
3459+"wZFtTUtqvXGD0bcnOdRvtLqm+sE7afAryD4pkF8nLlR5QuKAMfghaj8ma1oQaQoTa6IoiN2wRB3+7"
3460+"CeSi5bbpfNFzS6V8mc8V+0adP0ohxKE9/sMuP+2y2ZAABx5EwUclNjc+bGijCgrwdTIA==";
3461+
3462+
3463 static bool trust_domain_passwords_check_in(struct torture_context *tctx,
3464 struct trustDomainPasswords *r)
3465 {
3466@@ -154,8 +182,20 @@ struct torture_suite *ndr_drsblobs_suite
3467 {
3468 struct torture_suite *suite = torture_suite_create(ctx, "drsblobs");
3469
3470- torture_suite_add_ndr_pull_fn_test(suite, ForestTrustInfo, forest_trust_info_data_out, NDR_IN, forest_trust_info_check_out);
3471- torture_suite_add_ndr_pull_fn_test(suite, trustDomainPasswords, trust_domain_passwords_in, NDR_IN, trust_domain_passwords_check_in);
3472+ torture_suite_add_ndr_pull_test(suite, ForestTrustInfo, forest_trust_info_data_out, forest_trust_info_check_out);
3473+ torture_suite_add_ndr_pull_test(suite, trustDomainPasswords, trust_domain_passwords_in, trust_domain_passwords_check_in);
3474+
3475+#if 0
3476+ torture_suite_add_ndr_pullpush_test(suite,
3477+ trustAuthInOutBlob,
3478+ base64_decode_data_blob_talloc(suite, trustAuthIncoming),
3479+ NULL);
3480+
3481+ torture_suite_add_ndr_pullpush_test(suite,
3482+ trustAuthInOutBlob,
3483+ base64_decode_data_blob_talloc(suite, trustAuthOutgoing),
3484+ NULL);
3485+#endif
3486
3487 return suite;
3488 }
3489Index: samba-3.6.23/source3/rpcclient/rpcclient.c
3490===================================================================
3491--- samba-3.6.23.orig/source3/rpcclient/rpcclient.c
3492+++ samba-3.6.23/source3/rpcclient/rpcclient.c
3493@@ -1021,6 +1021,10 @@ out_free:
3494 binding->transport = NCACN_NP;
3495 }
3496
3497+ if (binding->flags & DCERPC_CONNECT) {
3498+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
3499+ pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
3500+ }
3501 if (binding->flags & DCERPC_SIGN) {
3502 pipe_default_auth_level = DCERPC_AUTH_LEVEL_INTEGRITY;
3503 pipe_default_auth_type = DCERPC_AUTH_TYPE_NTLMSSP;
3504@@ -1034,12 +1038,6 @@ out_free:
3505 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
3506 }
3507 if (binding->flags & DCERPC_AUTH_NTLM) {
3508- /* If neither Integrity or Privacy are requested then
3509- * Use just Connect level */
3510- if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
3511- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
3512- }
3513-
3514 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
3515 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_NTLMSSP;
3516 } else {
3517@@ -1047,18 +1045,19 @@ out_free:
3518 }
3519 }
3520 if (binding->flags & DCERPC_AUTH_KRB5) {
3521- /* If neither Integrity or Privacy are requested then
3522- * Use just Connect level */
3523- if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
3524- pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
3525- }
3526-
3527 if (pipe_default_auth_type == DCERPC_AUTH_TYPE_SPNEGO) {
3528 pipe_default_auth_spnego_type = PIPE_AUTH_TYPE_SPNEGO_KRB5;
3529 } else {
3530 pipe_default_auth_type = DCERPC_AUTH_TYPE_KRB5;
3531 }
3532 }
3533+ if (pipe_default_auth_type != DCERPC_AUTH_TYPE_NONE) {
3534+ /* If neither Integrity or Privacy are requested then
3535+ * Use just Connect level */
3536+ if (pipe_default_auth_level == DCERPC_AUTH_LEVEL_NONE) {
3537+ pipe_default_auth_level = DCERPC_AUTH_LEVEL_CONNECT;
3538+ }
3539+ }
3540
3541 if (get_cmdline_auth_info_use_kerberos(rpcclient_auth_info)) {
3542 flags |= CLI_FULL_CONNECTION_USE_KERBEROS |
3543Index: samba-3.6.23/source3/script/tests/test_rpcclient.sh
3544===================================================================
3545--- /dev/null
3546+++ samba-3.6.23/source3/script/tests/test_rpcclient.sh
3547@@ -0,0 +1,19 @@
3548+#!/bin/sh
3549+
3550+if [ $# -lt 1 ]; then
3551+cat <<EOF
3552+Usage: test_rpcclient.sh ccache binding <rpcclient commands>
3553+EOF
3554+exit 1;
3555+fi
3556+
3557+KRB5CCNAME=$1
3558+shift 1
3559+export KRB5CCNAME
3560+ADDARGS="$*"
3561+
3562+incdir=`dirname $0`/../../../testprogs/blackbox
3563+. $incdir/subunit.sh
3564+testit "rpcclient" $VALGRIND $BINDIR/rpcclient -c 'getusername' $ADDARGS || failed=`expr $failed + 1`
3565+
3566+testok $0 $failed
3567Index: samba-3.6.23/source3/selftest/tests.py
3568===================================================================
3569--- samba-3.6.23.orig/source3/selftest/tests.py
3570+++ samba-3.6.23/source3/selftest/tests.py
3571@@ -208,7 +208,7 @@ if sub.returncode == 0:
3572 plansmbtorturetestsuite(t, "s3dc", '//$SERVER_IP/tmpcase -U$USERNAME%$PASSWORD')
3573
3574 test = 'rpc.lsa.lookupsids'
3575- auth_options = ["", "ntlm", "spnego" ]
3576+ auth_options = ["", "ntlm", "spnego", "spnego,ntlm" ]
3577 signseal_options = ["", ",connect", ",sign", ",seal"]
3578 smb_options = ["", ",smb2"]
3579 endianness_options = ["", ",bigendian"]
3580@@ -219,6 +219,9 @@ if sub.returncode == 0:
3581 binding_string = "ncacn_np:$SERVER_IP[%s%s%s%s]" % (a, s, z, e)
3582 options = binding_string + " -U$USERNAME%$PASSWORD"
3583 plansmbtorturetestsuite(test, "s3dc", options, 'over ncacn_np with [%s%s%s%s] ' % (a, s, z, e))
3584+ plantestsuite("samba3.blackbox.rpcclient over ncacn_np with [%s%s%s%s] " % (a, s, z, e), "s3dc:local", [os.path.join(samba3srcdir, "script/tests/test_rpcclient.sh"),
3585+ "none", options, configuration])
3586+
3587 for e in endianness_options:
3588 for a in auth_options:
3589 for s in signseal_options:
3590Index: samba-3.6.23/source4/torture/rpc/rpc.c
3591===================================================================
3592--- samba-3.6.23.orig/source4/torture/rpc/rpc.c
3593+++ samba-3.6.23/source4/torture/rpc/rpc.c
3594@@ -501,6 +501,7 @@ NTSTATUS torture_rpc_init(void)
3595 torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite));
3596 torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite));
3597 torture_suite_add_suite(suite, torture_rpc_samr_passwords_lockout(suite));
3598+ torture_suite_add_suite(suite, torture_rpc_samr_passwords_validate(suite));
3599 torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite));
3600 torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite));
3601 torture_suite_add_suite(suite, torture_rpc_epmapper(suite));
3602Index: samba-3.6.23/source4/torture/rpc/samr.c
3603===================================================================
3604--- samba-3.6.23.orig/source4/torture/rpc/samr.c
3605+++ samba-3.6.23/source4/torture/rpc/samr.c
3606@@ -7938,8 +7938,8 @@ static bool test_Connect(struct dcerpc_b
3607 }
3608
3609
3610-static bool test_samr_ValidatePassword(struct dcerpc_pipe *p,
3611- struct torture_context *tctx)
3612+static bool test_samr_ValidatePassword(struct torture_context *tctx,
3613+ struct dcerpc_pipe *p)
3614 {
3615 struct samr_ValidatePassword r;
3616 union samr_ValidatePasswordReq req;
3617@@ -7951,6 +7951,10 @@ static bool test_samr_ValidatePassword(s
3618
3619 torture_comment(tctx, "Testing samr_ValidatePassword\n");
3620
3621+ if (p->conn->transport.transport != NCACN_IP_TCP) {
3622+ torture_comment(tctx, "samr_ValidatePassword only should succeed over NCACN_IP_TCP!\n");
3623+ }
3624+
3625 ZERO_STRUCT(r);
3626 r.in.level = NetValidatePasswordReset;
3627 r.in.req = &req;
3628@@ -8074,8 +8078,6 @@ bool torture_rpc_samr_passwords(struct t
3629
3630 ret &= test_samr_handle_Close(b, torture, &ctx->handle);
3631
3632- ret &= test_samr_ValidatePassword(p, torture);
3633-
3634 return ret;
3635 }
3636
3637@@ -8370,4 +8372,15 @@ struct torture_suite *torture_rpc_samr_p
3638 return suite;
3639 }
3640
3641+struct torture_suite *torture_rpc_samr_passwords_validate(TALLOC_CTX *mem_ctx)
3642+{
3643+ struct torture_suite *suite = torture_suite_create(mem_ctx, "samr.passwords.validate");
3644+ struct torture_rpc_tcase *tcase;
3645+
3646+ tcase = torture_suite_add_rpc_iface_tcase(suite, "samr",
3647+ &ndr_table_samr);
3648+ torture_rpc_tcase_add_test(tcase, "validate",
3649+ test_samr_ValidatePassword);
3650
3651+ return suite;
3652+}
3653Index: samba-3.6.23/source3/rpc_server/srv_pipe.c
3654===================================================================
3655--- samba-3.6.23.orig/source3/rpc_server/srv_pipe.c
3656+++ samba-3.6.23/source3/rpc_server/srv_pipe.c
3657@@ -42,6 +42,7 @@
3658 #include "auth.h"
3659 #include "ntdomain.h"
3660 #include "rpc_server/srv_pipe.h"
3661+#include "../librpc/ndr/ndr_dcerpc.h"
3662
3663 #undef DBGC_CLASS
3664 #define DBGC_CLASS DBGC_RPC_SRV
3665@@ -202,7 +203,7 @@ bool create_next_pdu(struct pipes_struct
3666 * the pipe gets closed. JRA.
3667 */
3668 if (p->fault_state) {
3669- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
3670+ setup_fault_pdu(p, NT_STATUS(p->fault_state));
3671 return true;
3672 }
3673
3674@@ -336,7 +337,7 @@ static bool check_bind_req(struct pipes_
3675 struct pipe_rpc_fns *context_fns;
3676
3677 DEBUG(3,("check_bind_req for %s\n",
3678- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
3679+ get_pipe_name_from_syntax(talloc_tos(), abstract)));
3680
3681 /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
3682 if (rpc_srv_pipe_exists_by_id(abstract) &&
3683@@ -358,6 +359,7 @@ static bool check_bind_req(struct pipes_
3684 context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract);
3685 context_fns->cmds = rpc_srv_get_pipe_cmds(abstract);
3686 context_fns->context_id = context_id;
3687+ context_fns->syntax = *abstract;
3688
3689 /* add to the list of open contexts */
3690
3691@@ -1541,7 +1543,42 @@ static PIPE_RPC_FNS* find_pipe_fns_by_co
3692 }
3693
3694 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
3695- const struct api_struct *api_rpc_cmds, int n_cmds);
3696+ const struct api_struct *api_rpc_cmds, int n_cmds,
3697+ const struct ndr_syntax_id *syntax);
3698+
3699+static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
3700+ struct ncacn_packet *pkt,
3701+ struct pipe_rpc_fns *pipe_fns)
3702+{
3703+ TALLOC_CTX *frame = talloc_stackframe();
3704+ struct dcerpc_sec_verification_trailer *vt = NULL;
3705+ const uint32_t bitmask1 = 0;
3706+ const struct dcerpc_sec_vt_pcontext pcontext = {
3707+ .abstract_syntax = pipe_fns->syntax,
3708+ .transfer_syntax = ndr_transfer_syntax,
3709+ };
3710+ const struct dcerpc_sec_vt_header2 header2 =
3711+ dcerpc_sec_vt_header2_from_ncacn_packet(pkt);
3712+ struct ndr_pull *ndr;
3713+ enum ndr_err_code ndr_err;
3714+ bool ret = false;
3715+
3716+ ndr = ndr_pull_init_blob(&p->in_data.data, frame);
3717+ if (ndr == NULL) {
3718+ goto done;
3719+ }
3720+
3721+ ndr_err = ndr_pop_dcerpc_sec_verification_trailer(ndr, frame, &vt);
3722+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
3723+ goto done;
3724+ }
3725+
3726+ ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
3727+ &pcontext, &header2);
3728+done:
3729+ TALLOC_FREE(frame);
3730+ return ret;
3731+}
3732
3733 /****************************************************************************
3734 Find the correct RPC function to call for this request.
3735@@ -1552,46 +1589,53 @@ static bool api_rpcTNP(struct pipes_stru
3736 static bool api_pipe_request(struct pipes_struct *p,
3737 struct ncacn_packet *pkt)
3738 {
3739+ TALLOC_CTX *frame = talloc_stackframe();
3740 bool ret = False;
3741- bool changed_user = False;
3742 PIPE_RPC_FNS *pipe_fns;
3743
3744- if (p->pipe_bound &&
3745- ((p->auth.auth_type == DCERPC_AUTH_TYPE_NTLMSSP) ||
3746- (p->auth.auth_type == DCERPC_AUTH_TYPE_KRB5) ||
3747- (p->auth.auth_type == DCERPC_AUTH_TYPE_SPNEGO))) {
3748- if(!become_authenticated_pipe_user(p->session_info)) {
3749- data_blob_free(&p->out_data.rdata);
3750- return False;
3751- }
3752- changed_user = True;
3753+ if (!p->pipe_bound) {
3754+ DEBUG(1, ("Pipe not bound!\n"));
3755+ data_blob_free(&p->out_data.rdata);
3756+ TALLOC_FREE(frame);
3757+ return false;
3758 }
3759
3760- DEBUG(5, ("Requested \\PIPE\\%s\n",
3761- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
3762-
3763 /* get the set of RPC functions for this context */
3764
3765 pipe_fns = find_pipe_fns_by_context(p->contexts,
3766 pkt->u.request.context_id);
3767-
3768- if ( pipe_fns ) {
3769- TALLOC_CTX *frame = talloc_stackframe();
3770- ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds);
3771+ if (pipe_fns == NULL) {
3772+ DEBUG(0, ("No rpc function table associated with context "
3773+ "[%d]\n",
3774+ pkt->u.request.context_id));
3775+ data_blob_free(&p->out_data.rdata);
3776 TALLOC_FREE(frame);
3777+ return false;
3778 }
3779- else {
3780- DEBUG(0, ("No rpc function table associated with context "
3781- "[%d] on pipe [%s]\n",
3782- pkt->u.request.context_id,
3783- get_pipe_name_from_syntax(talloc_tos(),
3784- &p->syntax)));
3785+
3786+ DEBUG(5, ("Requested \\PIPE\\%s\n",
3787+ get_pipe_name_from_syntax(talloc_tos(), &pipe_fns->syntax)));
3788+
3789+ if (!srv_pipe_check_verification_trailer(p, pkt, pipe_fns)) {
3790+ DEBUG(1, ("srv_pipe_check_verification_trailer: failed\n"));
3791+ setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED));
3792+ data_blob_free(&p->out_data.rdata);
3793+ TALLOC_FREE(frame);
3794+ return true;
3795 }
3796
3797- if (changed_user) {
3798- unbecome_authenticated_pipe_user();
3799+ if (!become_authenticated_pipe_user(p->session_info)) {
3800+ DEBUG(1, ("Failed to become pipe user!\n"));
3801+ data_blob_free(&p->out_data.rdata);
3802+ TALLOC_FREE(frame);
3803+ return false;
3804 }
3805
3806+ ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds,
3807+ &pipe_fns->syntax);
3808+ unbecome_authenticated_pipe_user();
3809+
3810+ TALLOC_FREE(frame);
3811 return ret;
3812 }
3813
3814@@ -1600,20 +1644,21 @@ static bool api_pipe_request(struct pipe
3815 ********************************************************************/
3816
3817 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
3818- const struct api_struct *api_rpc_cmds, int n_cmds)
3819+ const struct api_struct *api_rpc_cmds, int n_cmds,
3820+ const struct ndr_syntax_id *syntax)
3821 {
3822 int fn_num;
3823 uint32_t offset1;
3824
3825 /* interpret the command */
3826 DEBUG(4,("api_rpcTNP: %s op 0x%x - ",
3827- get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
3828+ get_pipe_name_from_syntax(talloc_tos(), syntax),
3829 pkt->u.request.opnum));
3830
3831 if (DEBUGLEVEL >= 50) {
3832 fstring name;
3833 slprintf(name, sizeof(name)-1, "in_%s",
3834- get_pipe_name_from_syntax(talloc_tos(), &p->syntax));
3835+ get_pipe_name_from_syntax(talloc_tos(), syntax));
3836 dump_pdu_region(name, pkt->u.request.opnum,
3837 &p->in_data.data, 0,
3838 p->in_data.data.length);
3839@@ -1646,37 +1691,30 @@ static bool api_rpcTNP(struct pipes_stru
3840 /* do the actual command */
3841 if(!api_rpc_cmds[fn_num].fn(p)) {
3842 DEBUG(0,("api_rpcTNP: %s: %s failed.\n",
3843- get_pipe_name_from_syntax(talloc_tos(), &p->syntax),
3844+ get_pipe_name_from_syntax(talloc_tos(), syntax),
3845 api_rpc_cmds[fn_num].name));
3846 data_blob_free(&p->out_data.rdata);
3847 return False;
3848 }
3849
3850- if (p->bad_handle_fault_state) {
3851- DEBUG(4,("api_rpcTNP: bad handle fault return.\n"));
3852- p->bad_handle_fault_state = False;
3853- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_CONTEXT_MISMATCH));
3854- return True;
3855- }
3856-
3857- if (p->rng_fault_state) {
3858- DEBUG(4, ("api_rpcTNP: rng fault return\n"));
3859- p->rng_fault_state = False;
3860- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR));
3861- return True;
3862+ if (p->fault_state) {
3863+ DEBUG(4,("api_rpcTNP: fault(%d) return.\n", p->fault_state));
3864+ setup_fault_pdu(p, NT_STATUS(p->fault_state));
3865+ p->fault_state = 0;
3866+ return true;
3867 }
3868
3869 if (DEBUGLEVEL >= 50) {
3870 fstring name;
3871 slprintf(name, sizeof(name)-1, "out_%s",
3872- get_pipe_name_from_syntax(talloc_tos(), &p->syntax));
3873+ get_pipe_name_from_syntax(talloc_tos(), syntax));
3874 dump_pdu_region(name, pkt->u.request.opnum,
3875 &p->out_data.rdata, offset1,
3876 p->out_data.rdata.length);
3877 }
3878
3879 DEBUG(5,("api_rpcTNP: called %s successfully\n",
3880- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
3881+ get_pipe_name_from_syntax(talloc_tos(), syntax)));
3882
3883 /* Check for buffer underflow in rpc parsing */
3884 if ((DEBUGLEVEL >= 10) &&
3885@@ -1718,9 +1756,9 @@ void set_incoming_fault(struct pipes_str
3886 data_blob_free(&p->in_data.data);
3887 p->in_data.pdu_needed_len = 0;
3888 p->in_data.pdu.length = 0;
3889- p->fault_state = True;
3890- DEBUG(10, ("set_incoming_fault: Setting fault state on pipe %s\n",
3891- get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
3892+ p->fault_state = DCERPC_FAULT_CANT_PERFORM;
3893+
3894+ DEBUG(10, ("Setting fault state\n"));
3895 }
3896
3897 static NTSTATUS dcesrv_auth_request(struct pipe_auth_data *auth,
3898Index: samba-3.6.23/source3/include/ntdomain.h
3899===================================================================
3900--- samba-3.6.23.orig/source3/include/ntdomain.h
3901+++ samba-3.6.23/source3/include/ntdomain.h
3902@@ -87,6 +87,7 @@ typedef struct pipe_rpc_fns {
3903 const struct api_struct *cmds;
3904 int n_cmds;
3905 uint32 context_id;
3906+ struct ndr_syntax_id syntax;
3907
3908 } PIPE_RPC_FNS;
3909
3910@@ -134,22 +135,10 @@ struct pipes_struct {
3911 bool pipe_bound;
3912
3913 /*
3914- * Set to true when we should return fault PDU's for everything.
3915- */
3916-
3917- bool fault_state;
3918-
3919- /*
3920- * Set to true when we should return fault PDU's for a bad handle.
3921- */
3922-
3923- bool bad_handle_fault_state;
3924-
3925- /*
3926- * Set to true when the backend does not support a call.
3927+ * Set the DCERPC_FAULT to return.
3928 */
3929
3930- bool rng_fault_state;
3931+ int fault_state;
3932
3933 /*
3934 * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's
3935Index: samba-3.6.23/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
3936===================================================================
3937--- samba-3.6.23.orig/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
3938+++ samba-3.6.23/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
3939@@ -183,7 +183,7 @@ sub ParseFunction($$)
3940 );
3941
3942 pidl "";
3943- pidl "if (p->rng_fault_state) {";
3944+ pidl "if (p->fault_state) {";
3945 pidl "\ttalloc_free(r);";
3946 pidl "\t/* Return true here, srv_pipe_hnd.c will take care */";
3947 pidl "\treturn true;";
3948Index: samba-3.6.23/source3/rpc_server/dfs/srv_dfs_nt.c
3949===================================================================
3950--- samba-3.6.23.orig/source3/rpc_server/dfs/srv_dfs_nt.c
3951+++ samba-3.6.23/source3/rpc_server/dfs/srv_dfs_nt.c
3952@@ -411,125 +411,125 @@ WERROR _dfs_GetInfo(struct pipes_struct
3953 WERROR _dfs_SetInfo(struct pipes_struct *p, struct dfs_SetInfo *r)
3954 {
3955 /* FIXME: Implement your code here */
3956- p->rng_fault_state = True;
3957+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
3958 return WERR_NOT_SUPPORTED;
3959 }
3960
3961 WERROR _dfs_Rename(struct pipes_struct *p, struct dfs_Rename *r)
3962 {
3963 /* FIXME: Implement your code here */
3964- p->rng_fault_state = True;
3965+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
3966 return WERR_NOT_SUPPORTED;
3967 }
3968
3969 WERROR _dfs_Move(struct pipes_struct *p, struct dfs_Move *r)
3970 {
3971 /* FIXME: Implement your code here */
3972- p->rng_fault_state = True;
3973+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
3974 return WERR_NOT_SUPPORTED;
3975 }
3976
3977 WERROR _dfs_ManagerGetConfigInfo(struct pipes_struct *p, struct dfs_ManagerGetConfigInfo *r)
3978 {
3979 /* FIXME: Implement your code here */
3980- p->rng_fault_state = True;
3981+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
3982 return WERR_NOT_SUPPORTED;
3983 }
3984
3985 WERROR _dfs_ManagerSendSiteInfo(struct pipes_struct *p, struct dfs_ManagerSendSiteInfo *r)
3986 {
3987 /* FIXME: Implement your code here */
3988- p->rng_fault_state = True;
3989+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
3990 return WERR_NOT_SUPPORTED;
3991 }
3992
3993 WERROR _dfs_AddFtRoot(struct pipes_struct *p, struct dfs_AddFtRoot *r)
3994 {
3995 /* FIXME: Implement your code here */
3996- p->rng_fault_state = True;
3997+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
3998 return WERR_NOT_SUPPORTED;
3999 }
4000
4001 WERROR _dfs_RemoveFtRoot(struct pipes_struct *p, struct dfs_RemoveFtRoot *r)
4002 {
4003 /* FIXME: Implement your code here */
4004- p->rng_fault_state = True;
4005+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4006 return WERR_NOT_SUPPORTED;
4007 }
4008
4009 WERROR _dfs_AddStdRoot(struct pipes_struct *p, struct dfs_AddStdRoot *r)
4010 {
4011 /* FIXME: Implement your code here */
4012- p->rng_fault_state = True;
4013+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4014 return WERR_NOT_SUPPORTED;
4015 }
4016
4017 WERROR _dfs_RemoveStdRoot(struct pipes_struct *p, struct dfs_RemoveStdRoot *r)
4018 {
4019 /* FIXME: Implement your code here */
4020- p->rng_fault_state = True;
4021+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4022 return WERR_NOT_SUPPORTED;
4023 }
4024
4025 WERROR _dfs_ManagerInitialize(struct pipes_struct *p, struct dfs_ManagerInitialize *r)
4026 {
4027 /* FIXME: Implement your code here */
4028- p->rng_fault_state = True;
4029+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4030 return WERR_NOT_SUPPORTED;
4031 }
4032
4033 WERROR _dfs_AddStdRootForced(struct pipes_struct *p, struct dfs_AddStdRootForced *r)
4034 {
4035 /* FIXME: Implement your code here */
4036- p->rng_fault_state = True;
4037+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4038 return WERR_NOT_SUPPORTED;
4039 }
4040
4041 WERROR _dfs_GetDcAddress(struct pipes_struct *p, struct dfs_GetDcAddress *r)
4042 {
4043 /* FIXME: Implement your code here */
4044- p->rng_fault_state = True;
4045+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4046 return WERR_NOT_SUPPORTED;
4047 }
4048
4049 WERROR _dfs_SetDcAddress(struct pipes_struct *p, struct dfs_SetDcAddress *r)
4050 {
4051 /* FIXME: Implement your code here */
4052- p->rng_fault_state = True;
4053+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4054 return WERR_NOT_SUPPORTED;
4055 }
4056
4057 WERROR _dfs_FlushFtTable(struct pipes_struct *p, struct dfs_FlushFtTable *r)
4058 {
4059 /* FIXME: Implement your code here */
4060- p->rng_fault_state = True;
4061+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4062 return WERR_NOT_SUPPORTED;
4063 }
4064
4065 WERROR _dfs_Add2(struct pipes_struct *p, struct dfs_Add2 *r)
4066 {
4067 /* FIXME: Implement your code here */
4068- p->rng_fault_state = True;
4069+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4070 return WERR_NOT_SUPPORTED;
4071 }
4072
4073 WERROR _dfs_Remove2(struct pipes_struct *p, struct dfs_Remove2 *r)
4074 {
4075 /* FIXME: Implement your code here */
4076- p->rng_fault_state = True;
4077+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4078 return WERR_NOT_SUPPORTED;
4079 }
4080
4081 WERROR _dfs_EnumEx(struct pipes_struct *p, struct dfs_EnumEx *r)
4082 {
4083 /* FIXME: Implement your code here */
4084- p->rng_fault_state = True;
4085+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4086 return WERR_NOT_SUPPORTED;
4087 }
4088
4089 WERROR _dfs_SetInfo2(struct pipes_struct *p, struct dfs_SetInfo2 *r)
4090 {
4091 /* FIXME: Implement your code here */
4092- p->rng_fault_state = True;
4093+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4094 return WERR_NOT_SUPPORTED;
4095 }
4096Index: samba-3.6.23/source3/rpc_server/dssetup/srv_dssetup_nt.c
4097===================================================================
4098--- samba-3.6.23.orig/source3/rpc_server/dssetup/srv_dssetup_nt.c
4099+++ samba-3.6.23/source3/rpc_server/dssetup/srv_dssetup_nt.c
4100@@ -130,7 +130,7 @@ WERROR _dssetup_DsRoleGetPrimaryDomainIn
4101 WERROR _dssetup_DsRoleDnsNameToFlatName(struct pipes_struct *p,
4102 struct dssetup_DsRoleDnsNameToFlatName *r)
4103 {
4104- p->rng_fault_state = true;
4105+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4106 return WERR_NOT_SUPPORTED;
4107 }
4108
4109@@ -140,7 +140,7 @@ WERROR _dssetup_DsRoleDnsNameToFlatName(
4110 WERROR _dssetup_DsRoleDcAsDc(struct pipes_struct *p,
4111 struct dssetup_DsRoleDcAsDc *r)
4112 {
4113- p->rng_fault_state = true;
4114+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4115 return WERR_NOT_SUPPORTED;
4116 }
4117
4118@@ -150,7 +150,7 @@ WERROR _dssetup_DsRoleDcAsDc(struct pipe
4119 WERROR _dssetup_DsRoleDcAsReplica(struct pipes_struct *p,
4120 struct dssetup_DsRoleDcAsReplica *r)
4121 {
4122- p->rng_fault_state = true;
4123+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4124 return WERR_NOT_SUPPORTED;
4125 }
4126
4127@@ -160,7 +160,7 @@ WERROR _dssetup_DsRoleDcAsReplica(struct
4128 WERROR _dssetup_DsRoleDemoteDc(struct pipes_struct *p,
4129 struct dssetup_DsRoleDemoteDc *r)
4130 {
4131- p->rng_fault_state = true;
4132+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4133 return WERR_NOT_SUPPORTED;
4134 }
4135
4136@@ -170,7 +170,7 @@ WERROR _dssetup_DsRoleDemoteDc(struct pi
4137 WERROR _dssetup_DsRoleGetDcOperationProgress(struct pipes_struct *p,
4138 struct dssetup_DsRoleGetDcOperationProgress *r)
4139 {
4140- p->rng_fault_state = true;
4141+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4142 return WERR_NOT_SUPPORTED;
4143 }
4144
4145@@ -180,7 +180,7 @@ WERROR _dssetup_DsRoleGetDcOperationProg
4146 WERROR _dssetup_DsRoleGetDcOperationResults(struct pipes_struct *p,
4147 struct dssetup_DsRoleGetDcOperationResults *r)
4148 {
4149- p->rng_fault_state = true;
4150+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4151 return WERR_NOT_SUPPORTED;
4152 }
4153
4154@@ -190,7 +190,7 @@ WERROR _dssetup_DsRoleGetDcOperationResu
4155 WERROR _dssetup_DsRoleCancel(struct pipes_struct *p,
4156 struct dssetup_DsRoleCancel *r)
4157 {
4158- p->rng_fault_state = true;
4159+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4160 return WERR_NOT_SUPPORTED;
4161 }
4162
4163@@ -200,7 +200,7 @@ WERROR _dssetup_DsRoleCancel(struct pipe
4164 WERROR _dssetup_DsRoleServerSaveStateForUpgrade(struct pipes_struct *p,
4165 struct dssetup_DsRoleServerSaveStateForUpgrade *r)
4166 {
4167- p->rng_fault_state = true;
4168+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4169 return WERR_NOT_SUPPORTED;
4170 }
4171
4172@@ -210,7 +210,7 @@ WERROR _dssetup_DsRoleServerSaveStateFor
4173 WERROR _dssetup_DsRoleUpgradeDownlevelServer(struct pipes_struct *p,
4174 struct dssetup_DsRoleUpgradeDownlevelServer *r)
4175 {
4176- p->rng_fault_state = true;
4177+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4178 return WERR_NOT_SUPPORTED;
4179 }
4180
4181@@ -220,6 +220,6 @@ WERROR _dssetup_DsRoleUpgradeDownlevelSe
4182 WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(struct pipes_struct *p,
4183 struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
4184 {
4185- p->rng_fault_state = true;
4186+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4187 return WERR_NOT_SUPPORTED;
4188 }
4189Index: samba-3.6.23/source3/rpc_server/echo/srv_echo_nt.c
4190===================================================================
4191--- samba-3.6.23.orig/source3/rpc_server/echo/srv_echo_nt.c
4192+++ samba-3.6.23/source3/rpc_server/echo/srv_echo_nt.c
4193@@ -87,13 +87,13 @@ void _echo_SourceData(struct pipes_struc
4194
4195 void _echo_TestCall(struct pipes_struct *p, struct echo_TestCall *r)
4196 {
4197- p->rng_fault_state = True;
4198+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4199 return;
4200 }
4201
4202 NTSTATUS _echo_TestCall2(struct pipes_struct *p, struct echo_TestCall2 *r)
4203 {
4204- p->rng_fault_state = True;
4205+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4206 return NT_STATUS_OK;
4207 }
4208
4209@@ -105,18 +105,18 @@ uint32 _echo_TestSleep(struct pipes_stru
4210
4211 void _echo_TestEnum(struct pipes_struct *p, struct echo_TestEnum *r)
4212 {
4213- p->rng_fault_state = True;
4214+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4215 return;
4216 }
4217
4218 void _echo_TestSurrounding(struct pipes_struct *p, struct echo_TestSurrounding *r)
4219 {
4220- p->rng_fault_state = True;
4221+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4222 return;
4223 }
4224
4225 uint16 _echo_TestDoublePointer(struct pipes_struct *p, struct echo_TestDoublePointer *r)
4226 {
4227- p->rng_fault_state = True;
4228+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4229 return 0;
4230 }
4231Index: samba-3.6.23/source3/rpc_server/epmapper/srv_epmapper.c
4232===================================================================
4233--- samba-3.6.23.orig/source3/rpc_server/epmapper/srv_epmapper.c
4234+++ samba-3.6.23/source3/rpc_server/epmapper/srv_epmapper.c
4235@@ -297,6 +297,7 @@ error_status_t _epm_Insert(struct pipes_
4236 /* If this is not a priviledged users, return */
4237 if (p->transport != NCALRPC ||
4238 !is_priviledged_pipe(p->session_info)) {
4239+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4240 return EPMAPPER_STATUS_CANT_PERFORM_OP;
4241 }
4242
4243@@ -433,6 +434,7 @@ error_status_t _epm_Delete(struct pipes_
4244 /* If this is not a priviledged users, return */
4245 if (p->transport != NCALRPC ||
4246 !is_priviledged_pipe(p->session_info)) {
4247+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4248 return EPMAPPER_STATUS_CANT_PERFORM_OP;
4249 }
4250
4251@@ -1096,7 +1098,7 @@ error_status_t _epm_LookupHandleFree(str
4252 error_status_t _epm_InqObject(struct pipes_struct *p,
4253 struct epm_InqObject *r)
4254 {
4255- p->rng_fault_state = true;
4256+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4257 return EPMAPPER_STATUS_CANT_PERFORM_OP;
4258 }
4259
4260@@ -1110,7 +1112,7 @@ error_status_t _epm_InqObject(struct pip
4261 error_status_t _epm_MgmtDelete(struct pipes_struct *p,
4262 struct epm_MgmtDelete *r)
4263 {
4264- p->rng_fault_state = true;
4265+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4266 return EPMAPPER_STATUS_CANT_PERFORM_OP;
4267 }
4268
4269@@ -1121,7 +1123,7 @@ error_status_t _epm_MgmtDelete(struct pi
4270 error_status_t _epm_MapAuth(struct pipes_struct *p,
4271 struct epm_MapAuth *r)
4272 {
4273- p->rng_fault_state = true;
4274+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4275 return EPMAPPER_STATUS_CANT_PERFORM_OP;
4276 }
4277
4278Index: samba-3.6.23/source3/rpc_server/eventlog/srv_eventlog_nt.c
4279===================================================================
4280--- samba-3.6.23.orig/source3/rpc_server/eventlog/srv_eventlog_nt.c
4281+++ samba-3.6.23/source3/rpc_server/eventlog/srv_eventlog_nt.c
4282@@ -695,7 +695,7 @@ NTSTATUS _eventlog_GetNumRecords(struct
4283
4284 NTSTATUS _eventlog_BackupEventLogW(struct pipes_struct *p, struct eventlog_BackupEventLogW *r)
4285 {
4286- p->rng_fault_state = True;
4287+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4288 return NT_STATUS_NOT_IMPLEMENTED;
4289 }
4290
4291@@ -838,104 +838,104 @@ NTSTATUS _eventlog_ReportEventW(struct p
4292 NTSTATUS _eventlog_DeregisterEventSource(struct pipes_struct *p,
4293 struct eventlog_DeregisterEventSource *r)
4294 {
4295- p->rng_fault_state = True;
4296+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4297 return NT_STATUS_NOT_IMPLEMENTED;
4298 }
4299
4300 NTSTATUS _eventlog_ChangeNotify(struct pipes_struct *p,
4301 struct eventlog_ChangeNotify *r)
4302 {
4303- p->rng_fault_state = True;
4304+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4305 return NT_STATUS_NOT_IMPLEMENTED;
4306 }
4307
4308 NTSTATUS _eventlog_RegisterEventSourceW(struct pipes_struct *p,
4309 struct eventlog_RegisterEventSourceW *r)
4310 {
4311- p->rng_fault_state = True;
4312+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4313 return NT_STATUS_NOT_IMPLEMENTED;
4314 }
4315
4316 NTSTATUS _eventlog_OpenBackupEventLogW(struct pipes_struct *p,
4317 struct eventlog_OpenBackupEventLogW *r)
4318 {
4319- p->rng_fault_state = True;
4320+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4321 return NT_STATUS_NOT_IMPLEMENTED;
4322 }
4323
4324 NTSTATUS _eventlog_ClearEventLogA(struct pipes_struct *p,
4325 struct eventlog_ClearEventLogA *r)
4326 {
4327- p->rng_fault_state = True;
4328+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4329 return NT_STATUS_NOT_IMPLEMENTED;
4330 }
4331
4332 NTSTATUS _eventlog_BackupEventLogA(struct pipes_struct *p,
4333 struct eventlog_BackupEventLogA *r)
4334 {
4335- p->rng_fault_state = True;
4336+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4337 return NT_STATUS_NOT_IMPLEMENTED;
4338 }
4339
4340 NTSTATUS _eventlog_OpenEventLogA(struct pipes_struct *p,
4341 struct eventlog_OpenEventLogA *r)
4342 {
4343- p->rng_fault_state = True;
4344+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4345 return NT_STATUS_NOT_IMPLEMENTED;
4346 }
4347
4348 NTSTATUS _eventlog_RegisterEventSourceA(struct pipes_struct *p,
4349 struct eventlog_RegisterEventSourceA *r)
4350 {
4351- p->rng_fault_state = True;
4352+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4353 return NT_STATUS_NOT_IMPLEMENTED;
4354 }
4355
4356 NTSTATUS _eventlog_OpenBackupEventLogA(struct pipes_struct *p,
4357 struct eventlog_OpenBackupEventLogA *r)
4358 {
4359- p->rng_fault_state = True;
4360+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4361 return NT_STATUS_NOT_IMPLEMENTED;
4362 }
4363
4364 NTSTATUS _eventlog_ReadEventLogA(struct pipes_struct *p,
4365 struct eventlog_ReadEventLogA *r)
4366 {
4367- p->rng_fault_state = True;
4368+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4369 return NT_STATUS_NOT_IMPLEMENTED;
4370 }
4371
4372 NTSTATUS _eventlog_ReportEventA(struct pipes_struct *p,
4373 struct eventlog_ReportEventA *r)
4374 {
4375- p->rng_fault_state = True;
4376+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4377 return NT_STATUS_NOT_IMPLEMENTED;
4378 }
4379
4380 NTSTATUS _eventlog_RegisterClusterSvc(struct pipes_struct *p,
4381 struct eventlog_RegisterClusterSvc *r)
4382 {
4383- p->rng_fault_state = True;
4384+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4385 return NT_STATUS_NOT_IMPLEMENTED;
4386 }
4387
4388 NTSTATUS _eventlog_DeregisterClusterSvc(struct pipes_struct *p,
4389 struct eventlog_DeregisterClusterSvc *r)
4390 {
4391- p->rng_fault_state = True;
4392+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4393 return NT_STATUS_NOT_IMPLEMENTED;
4394 }
4395
4396 NTSTATUS _eventlog_WriteClusterEvents(struct pipes_struct *p,
4397 struct eventlog_WriteClusterEvents *r)
4398 {
4399- p->rng_fault_state = True;
4400+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4401 return NT_STATUS_NOT_IMPLEMENTED;
4402 }
4403
4404 NTSTATUS _eventlog_ReportEventAndSourceW(struct pipes_struct *p,
4405 struct eventlog_ReportEventAndSourceW *r)
4406 {
4407- p->rng_fault_state = True;
4408+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4409 return NT_STATUS_NOT_IMPLEMENTED;
4410 }
4411Index: samba-3.6.23/source3/rpc_server/lsa/srv_lsa_nt.c
4412===================================================================
4413--- samba-3.6.23.orig/source3/rpc_server/lsa/srv_lsa_nt.c
4414+++ samba-3.6.23/source3/rpc_server/lsa/srv_lsa_nt.c
4415@@ -817,7 +817,7 @@ NTSTATUS _lsa_QueryInfoPolicy2(struct pi
4416 struct lsa_QueryInfoPolicy r;
4417
4418 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
4419- p->rng_fault_state = True;
4420+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4421 return NT_STATUS_NOT_IMPLEMENTED;
4422 }
4423
4424@@ -3210,88 +3210,88 @@ NTSTATUS _lsa_Delete(struct pipes_struct
4425
4426 NTSTATUS _lsa_SetSecObj(struct pipes_struct *p, struct lsa_SetSecObj *r)
4427 {
4428- p->rng_fault_state = True;
4429+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4430 return NT_STATUS_NOT_IMPLEMENTED;
4431 }
4432
4433 NTSTATUS _lsa_ChangePassword(struct pipes_struct *p,
4434 struct lsa_ChangePassword *r)
4435 {
4436- p->rng_fault_state = True;
4437+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4438 return NT_STATUS_NOT_IMPLEMENTED;
4439 }
4440
4441 NTSTATUS _lsa_SetInfoPolicy(struct pipes_struct *p, struct lsa_SetInfoPolicy *r)
4442 {
4443- p->rng_fault_state = True;
4444+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4445 return NT_STATUS_NOT_IMPLEMENTED;
4446 }
4447
4448 NTSTATUS _lsa_ClearAuditLog(struct pipes_struct *p, struct lsa_ClearAuditLog *r)
4449 {
4450- p->rng_fault_state = True;
4451+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4452 return NT_STATUS_NOT_IMPLEMENTED;
4453 }
4454
4455 NTSTATUS _lsa_GetQuotasForAccount(struct pipes_struct *p,
4456 struct lsa_GetQuotasForAccount *r)
4457 {
4458- p->rng_fault_state = True;
4459+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4460 return NT_STATUS_NOT_IMPLEMENTED;
4461 }
4462
4463 NTSTATUS _lsa_SetQuotasForAccount(struct pipes_struct *p,
4464 struct lsa_SetQuotasForAccount *r)
4465 {
4466- p->rng_fault_state = True;
4467+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4468 return NT_STATUS_NOT_IMPLEMENTED;
4469 }
4470
4471 NTSTATUS _lsa_SetInformationTrustedDomain(struct pipes_struct *p,
4472 struct lsa_SetInformationTrustedDomain *r)
4473 {
4474- p->rng_fault_state = True;
4475+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4476 return NT_STATUS_NOT_IMPLEMENTED;
4477 }
4478
4479 NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, struct lsa_QuerySecret *r)
4480 {
4481- p->rng_fault_state = True;
4482+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4483 return NT_STATUS_NOT_IMPLEMENTED;
4484 }
4485
4486 NTSTATUS _lsa_SetTrustedDomainInfo(struct pipes_struct *p,
4487 struct lsa_SetTrustedDomainInfo *r)
4488 {
4489- p->rng_fault_state = True;
4490+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4491 return NT_STATUS_NOT_IMPLEMENTED;
4492 }
4493
4494 NTSTATUS _lsa_StorePrivateData(struct pipes_struct *p,
4495 struct lsa_StorePrivateData *r)
4496 {
4497- p->rng_fault_state = True;
4498+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4499 return NT_STATUS_NOT_IMPLEMENTED;
4500 }
4501
4502 NTSTATUS _lsa_RetrievePrivateData(struct pipes_struct *p,
4503 struct lsa_RetrievePrivateData *r)
4504 {
4505- p->rng_fault_state = True;
4506+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4507 return NT_STATUS_NOT_IMPLEMENTED;
4508 }
4509
4510 NTSTATUS _lsa_SetInfoPolicy2(struct pipes_struct *p,
4511 struct lsa_SetInfoPolicy2 *r)
4512 {
4513- p->rng_fault_state = True;
4514+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4515 return NT_STATUS_NOT_IMPLEMENTED;
4516 }
4517
4518 NTSTATUS _lsa_SetTrustedDomainInfoByName(struct pipes_struct *p,
4519 struct lsa_SetTrustedDomainInfoByName *r)
4520 {
4521- p->rng_fault_state = True;
4522+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4523 return NT_STATUS_NOT_IMPLEMENTED;
4524 }
4525
4526@@ -3310,7 +3310,7 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struc
4527 * _lsa_EnumTrustedDomains() afterwards - gd */
4528
4529 if (!(pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX)) {
4530- p->rng_fault_state = True;
4531+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4532 return NT_STATUS_NOT_IMPLEMENTED;
4533 }
4534
4535@@ -3379,107 +3379,107 @@ NTSTATUS _lsa_EnumTrustedDomainsEx(struc
4536 NTSTATUS _lsa_QueryDomainInformationPolicy(struct pipes_struct *p,
4537 struct lsa_QueryDomainInformationPolicy *r)
4538 {
4539- p->rng_fault_state = True;
4540+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4541 return NT_STATUS_NOT_IMPLEMENTED;
4542 }
4543
4544 NTSTATUS _lsa_SetDomainInformationPolicy(struct pipes_struct *p,
4545 struct lsa_SetDomainInformationPolicy *r)
4546 {
4547- p->rng_fault_state = True;
4548+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4549 return NT_STATUS_NOT_IMPLEMENTED;
4550 }
4551
4552 NTSTATUS _lsa_TestCall(struct pipes_struct *p, struct lsa_TestCall *r)
4553 {
4554- p->rng_fault_state = True;
4555+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4556 return NT_STATUS_NOT_IMPLEMENTED;
4557 }
4558
4559 NTSTATUS _lsa_CREDRWRITE(struct pipes_struct *p, struct lsa_CREDRWRITE *r)
4560 {
4561- p->rng_fault_state = True;
4562+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4563 return NT_STATUS_NOT_IMPLEMENTED;
4564 }
4565
4566 NTSTATUS _lsa_CREDRREAD(struct pipes_struct *p, struct lsa_CREDRREAD *r)
4567 {
4568- p->rng_fault_state = True;
4569+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4570 return NT_STATUS_NOT_IMPLEMENTED;
4571 }
4572
4573 NTSTATUS _lsa_CREDRENUMERATE(struct pipes_struct *p, struct lsa_CREDRENUMERATE *r)
4574 {
4575- p->rng_fault_state = True;
4576+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4577 return NT_STATUS_NOT_IMPLEMENTED;
4578 }
4579
4580 NTSTATUS _lsa_CREDRWRITEDOMAINCREDENTIALS(struct pipes_struct *p,
4581 struct lsa_CREDRWRITEDOMAINCREDENTIALS *r)
4582 {
4583- p->rng_fault_state = True;
4584+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4585 return NT_STATUS_NOT_IMPLEMENTED;
4586 }
4587
4588 NTSTATUS _lsa_CREDRREADDOMAINCREDENTIALS(struct pipes_struct *p,
4589 struct lsa_CREDRREADDOMAINCREDENTIALS *r)
4590 {
4591- p->rng_fault_state = True;
4592+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4593 return NT_STATUS_NOT_IMPLEMENTED;
4594 }
4595
4596 NTSTATUS _lsa_CREDRDELETE(struct pipes_struct *p, struct lsa_CREDRDELETE *r)
4597 {
4598- p->rng_fault_state = True;
4599+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4600 return NT_STATUS_NOT_IMPLEMENTED;
4601 }
4602
4603 NTSTATUS _lsa_CREDRGETTARGETINFO(struct pipes_struct *p,
4604 struct lsa_CREDRGETTARGETINFO *r)
4605 {
4606- p->rng_fault_state = True;
4607+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4608 return NT_STATUS_NOT_IMPLEMENTED;
4609 }
4610
4611 NTSTATUS _lsa_CREDRPROFILELOADED(struct pipes_struct *p,
4612 struct lsa_CREDRPROFILELOADED *r)
4613 {
4614- p->rng_fault_state = True;
4615+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4616 return NT_STATUS_NOT_IMPLEMENTED;
4617 }
4618
4619 NTSTATUS _lsa_CREDRGETSESSIONTYPES(struct pipes_struct *p,
4620 struct lsa_CREDRGETSESSIONTYPES *r)
4621 {
4622- p->rng_fault_state = True;
4623+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4624 return NT_STATUS_NOT_IMPLEMENTED;
4625 }
4626
4627 NTSTATUS _lsa_LSARREGISTERAUDITEVENT(struct pipes_struct *p,
4628 struct lsa_LSARREGISTERAUDITEVENT *r)
4629 {
4630- p->rng_fault_state = True;
4631+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4632 return NT_STATUS_NOT_IMPLEMENTED;
4633 }
4634
4635 NTSTATUS _lsa_LSARGENAUDITEVENT(struct pipes_struct *p,
4636 struct lsa_LSARGENAUDITEVENT *r)
4637 {
4638- p->rng_fault_state = True;
4639+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4640 return NT_STATUS_NOT_IMPLEMENTED;
4641 }
4642
4643 NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(struct pipes_struct *p,
4644 struct lsa_LSARUNREGISTERAUDITEVENT *r)
4645 {
4646- p->rng_fault_state = True;
4647+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4648 return NT_STATUS_NOT_IMPLEMENTED;
4649 }
4650
4651 NTSTATUS _lsa_lsaRQueryForestTrustInformation(struct pipes_struct *p,
4652 struct lsa_lsaRQueryForestTrustInformation *r)
4653 {
4654- p->rng_fault_state = True;
4655+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4656 return NT_STATUS_NOT_IMPLEMENTED;
4657 }
4658
4659@@ -3992,34 +3992,34 @@ NTSTATUS _lsa_lsaRSetForestTrustInformat
4660 NTSTATUS _lsa_CREDRRENAME(struct pipes_struct *p,
4661 struct lsa_CREDRRENAME *r)
4662 {
4663- p->rng_fault_state = True;
4664+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4665 return NT_STATUS_NOT_IMPLEMENTED;
4666 }
4667
4668 NTSTATUS _lsa_LSAROPENPOLICYSCE(struct pipes_struct *p,
4669 struct lsa_LSAROPENPOLICYSCE *r)
4670 {
4671- p->rng_fault_state = True;
4672+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4673 return NT_STATUS_NOT_IMPLEMENTED;
4674 }
4675
4676 NTSTATUS _lsa_LSARADTREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p,
4677 struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE *r)
4678 {
4679- p->rng_fault_state = True;
4680+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4681 return NT_STATUS_NOT_IMPLEMENTED;
4682 }
4683
4684 NTSTATUS _lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(struct pipes_struct *p,
4685 struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE *r)
4686 {
4687- p->rng_fault_state = True;
4688+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4689 return NT_STATUS_NOT_IMPLEMENTED;
4690 }
4691
4692 NTSTATUS _lsa_LSARADTREPORTSECURITYEVENT(struct pipes_struct *p,
4693 struct lsa_LSARADTREPORTSECURITYEVENT *r)
4694 {
4695- p->rng_fault_state = True;
4696+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4697 return NT_STATUS_NOT_IMPLEMENTED;
4698 }
4699Index: samba-3.6.23/source3/rpc_server/netlogon/srv_netlog_nt.c
4700===================================================================
4701--- samba-3.6.23.orig/source3/rpc_server/netlogon/srv_netlog_nt.c
4702+++ samba-3.6.23/source3/rpc_server/netlogon/srv_netlog_nt.c
4703@@ -1789,7 +1789,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pi
4704 WERROR _netr_LogonUasLogon(struct pipes_struct *p,
4705 struct netr_LogonUasLogon *r)
4706 {
4707- p->rng_fault_state = true;
4708+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4709 return WERR_NOT_SUPPORTED;
4710 }
4711
4712@@ -1799,7 +1799,7 @@ WERROR _netr_LogonUasLogon(struct pipes_
4713 WERROR _netr_LogonUasLogoff(struct pipes_struct *p,
4714 struct netr_LogonUasLogoff *r)
4715 {
4716- p->rng_fault_state = true;
4717+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4718 return WERR_NOT_SUPPORTED;
4719 }
4720
4721@@ -1809,7 +1809,7 @@ WERROR _netr_LogonUasLogoff(struct pipes
4722 NTSTATUS _netr_DatabaseDeltas(struct pipes_struct *p,
4723 struct netr_DatabaseDeltas *r)
4724 {
4725- p->rng_fault_state = true;
4726+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4727 return NT_STATUS_NOT_IMPLEMENTED;
4728 }
4729
4730@@ -1819,7 +1819,7 @@ NTSTATUS _netr_DatabaseDeltas(struct pip
4731 NTSTATUS _netr_DatabaseSync(struct pipes_struct *p,
4732 struct netr_DatabaseSync *r)
4733 {
4734- p->rng_fault_state = true;
4735+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4736 return NT_STATUS_NOT_IMPLEMENTED;
4737 }
4738
4739@@ -1829,7 +1829,7 @@ NTSTATUS _netr_DatabaseSync(struct pipes
4740 NTSTATUS _netr_AccountDeltas(struct pipes_struct *p,
4741 struct netr_AccountDeltas *r)
4742 {
4743- p->rng_fault_state = true;
4744+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4745 return NT_STATUS_NOT_IMPLEMENTED;
4746 }
4747
4748@@ -1839,7 +1839,7 @@ NTSTATUS _netr_AccountDeltas(struct pipe
4749 NTSTATUS _netr_AccountSync(struct pipes_struct *p,
4750 struct netr_AccountSync *r)
4751 {
4752- p->rng_fault_state = true;
4753+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4754 return NT_STATUS_NOT_IMPLEMENTED;
4755 }
4756
4757@@ -1980,7 +1980,7 @@ WERROR _netr_GetAnyDCName(struct pipes_s
4758 NTSTATUS _netr_DatabaseSync2(struct pipes_struct *p,
4759 struct netr_DatabaseSync2 *r)
4760 {
4761- p->rng_fault_state = true;
4762+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4763 return NT_STATUS_NOT_IMPLEMENTED;
4764 }
4765
4766@@ -1990,7 +1990,7 @@ NTSTATUS _netr_DatabaseSync2(struct pipe
4767 NTSTATUS _netr_DatabaseRedo(struct pipes_struct *p,
4768 struct netr_DatabaseRedo *r)
4769 {
4770- p->rng_fault_state = true;
4771+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4772 return NT_STATUS_NOT_IMPLEMENTED;
4773 }
4774
4775@@ -2000,7 +2000,7 @@ NTSTATUS _netr_DatabaseRedo(struct pipes
4776 WERROR _netr_DsRGetDCName(struct pipes_struct *p,
4777 struct netr_DsRGetDCName *r)
4778 {
4779- p->rng_fault_state = true;
4780+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4781 return WERR_NOT_SUPPORTED;
4782 }
4783
4784@@ -2019,7 +2019,7 @@ NTSTATUS _netr_LogonGetCapabilities(stru
4785 WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p,
4786 struct netr_NETRLOGONSETSERVICEBITS *r)
4787 {
4788- p->rng_fault_state = true;
4789+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4790 return WERR_NOT_SUPPORTED;
4791 }
4792
4793@@ -2029,7 +2029,7 @@ WERROR _netr_NETRLOGONSETSERVICEBITS(str
4794 WERROR _netr_LogonGetTrustRid(struct pipes_struct *p,
4795 struct netr_LogonGetTrustRid *r)
4796 {
4797- p->rng_fault_state = true;
4798+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4799 return WERR_NOT_SUPPORTED;
4800 }
4801
4802@@ -2039,7 +2039,7 @@ WERROR _netr_LogonGetTrustRid(struct pip
4803 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p,
4804 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
4805 {
4806- p->rng_fault_state = true;
4807+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4808 return WERR_NOT_SUPPORTED;
4809 }
4810
4811@@ -2049,7 +2049,7 @@ WERROR _netr_NETRLOGONCOMPUTESERVERDIGES
4812 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p,
4813 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
4814 {
4815- p->rng_fault_state = true;
4816+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4817 return WERR_NOT_SUPPORTED;
4818 }
4819
4820@@ -2059,7 +2059,7 @@ WERROR _netr_NETRLOGONCOMPUTECLIENTDIGES
4821 WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p,
4822 struct netr_DsRGetDCNameEx *r)
4823 {
4824- p->rng_fault_state = true;
4825+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4826 return WERR_NOT_SUPPORTED;
4827 }
4828
4829@@ -2069,7 +2069,7 @@ WERROR _netr_DsRGetDCNameEx(struct pipes
4830 WERROR _netr_DsRGetSiteName(struct pipes_struct *p,
4831 struct netr_DsRGetSiteName *r)
4832 {
4833- p->rng_fault_state = true;
4834+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4835 return WERR_NOT_SUPPORTED;
4836 }
4837
4838@@ -2079,7 +2079,7 @@ WERROR _netr_DsRGetSiteName(struct pipes
4839 NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p,
4840 struct netr_LogonGetDomainInfo *r)
4841 {
4842- p->rng_fault_state = true;
4843+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4844 return NT_STATUS_NOT_IMPLEMENTED;
4845 }
4846
4847@@ -2089,7 +2089,7 @@ NTSTATUS _netr_LogonGetDomainInfo(struct
4848 WERROR _netr_ServerPasswordGet(struct pipes_struct *p,
4849 struct netr_ServerPasswordGet *r)
4850 {
4851- p->rng_fault_state = true;
4852+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4853 return WERR_NOT_SUPPORTED;
4854 }
4855
4856@@ -2099,7 +2099,7 @@ WERROR _netr_ServerPasswordGet(struct pi
4857 WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p,
4858 struct netr_NETRLOGONSENDTOSAM *r)
4859 {
4860- p->rng_fault_state = true;
4861+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4862 return WERR_NOT_SUPPORTED;
4863 }
4864
4865@@ -2109,7 +2109,7 @@ WERROR _netr_NETRLOGONSENDTOSAM(struct p
4866 WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p,
4867 struct netr_DsRAddressToSitenamesW *r)
4868 {
4869- p->rng_fault_state = true;
4870+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4871 return WERR_NOT_SUPPORTED;
4872 }
4873
4874@@ -2119,7 +2119,7 @@ WERROR _netr_DsRAddressToSitenamesW(stru
4875 WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p,
4876 struct netr_DsRGetDCNameEx2 *r)
4877 {
4878- p->rng_fault_state = true;
4879+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4880 return WERR_NOT_SUPPORTED;
4881 }
4882
4883@@ -2129,7 +2129,7 @@ WERROR _netr_DsRGetDCNameEx2(struct pipe
4884 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p,
4885 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
4886 {
4887- p->rng_fault_state = true;
4888+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4889 return WERR_NOT_SUPPORTED;
4890 }
4891
4892@@ -2139,7 +2139,7 @@ WERROR _netr_NETRLOGONGETTIMESERVICEPARE
4893 WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p,
4894 struct netr_NetrEnumerateTrustedDomainsEx *r)
4895 {
4896- p->rng_fault_state = true;
4897+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4898 return WERR_NOT_SUPPORTED;
4899 }
4900
4901@@ -2149,7 +2149,7 @@ WERROR _netr_NetrEnumerateTrustedDomains
4902 WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p,
4903 struct netr_DsRAddressToSitenamesExW *r)
4904 {
4905- p->rng_fault_state = true;
4906+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4907 return WERR_NOT_SUPPORTED;
4908 }
4909
4910@@ -2159,7 +2159,7 @@ WERROR _netr_DsRAddressToSitenamesExW(st
4911 WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p,
4912 struct netr_DsrGetDcSiteCoverageW *r)
4913 {
4914- p->rng_fault_state = true;
4915+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4916 return WERR_NOT_SUPPORTED;
4917 }
4918
4919@@ -2169,7 +2169,7 @@ WERROR _netr_DsrGetDcSiteCoverageW(struc
4920 WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p,
4921 struct netr_DsrEnumerateDomainTrusts *r)
4922 {
4923- p->rng_fault_state = true;
4924+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4925 return WERR_NOT_SUPPORTED;
4926 }
4927
4928@@ -2179,7 +2179,7 @@ WERROR _netr_DsrEnumerateDomainTrusts(st
4929 WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p,
4930 struct netr_DsrDeregisterDNSHostRecords *r)
4931 {
4932- p->rng_fault_state = true;
4933+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4934 return WERR_NOT_SUPPORTED;
4935 }
4936
4937@@ -2189,7 +2189,7 @@ WERROR _netr_DsrDeregisterDNSHostRecords
4938 NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p,
4939 struct netr_ServerTrustPasswordsGet *r)
4940 {
4941- p->rng_fault_state = true;
4942+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4943 return NT_STATUS_NOT_IMPLEMENTED;
4944 }
4945
4946@@ -2199,7 +2199,7 @@ NTSTATUS _netr_ServerTrustPasswordsGet(s
4947 WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p,
4948 struct netr_DsRGetForestTrustInformation *r)
4949 {
4950- p->rng_fault_state = true;
4951+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4952 return WERR_NOT_SUPPORTED;
4953 }
4954
4955@@ -2478,7 +2478,7 @@ NTSTATUS _netr_ServerGetTrustInfo(struct
4956 NTSTATUS _netr_Unused47(struct pipes_struct *p,
4957 struct netr_Unused47 *r)
4958 {
4959- p->rng_fault_state = true;
4960+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4961 return NT_STATUS_NOT_IMPLEMENTED;
4962 }
4963
4964@@ -2488,6 +2488,6 @@ NTSTATUS _netr_Unused47(struct pipes_str
4965 NTSTATUS _netr_DsrUpdateReadOnlyServerDnsRecords(struct pipes_struct *p,
4966 struct netr_DsrUpdateReadOnlyServerDnsRecords *r)
4967 {
4968- p->rng_fault_state = true;
4969+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4970 return NT_STATUS_NOT_IMPLEMENTED;
4971 }
4972Index: samba-3.6.23/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c
4973===================================================================
4974--- samba-3.6.23.orig/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c
4975+++ samba-3.6.23/source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c
4976@@ -227,7 +227,7 @@ WERROR _PNP_HwProfFlags(struct pipes_str
4977 WERROR _PNP_Disconnect(struct pipes_struct *p,
4978 struct PNP_Disconnect *r)
4979 {
4980- p->rng_fault_state = true;
4981+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4982 return WERR_NOT_SUPPORTED;
4983 }
4984
4985@@ -237,7 +237,7 @@ WERROR _PNP_Disconnect(struct pipes_stru
4986 WERROR _PNP_Connect(struct pipes_struct *p,
4987 struct PNP_Connect *r)
4988 {
4989- p->rng_fault_state = true;
4990+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
4991 return WERR_NOT_SUPPORTED;
4992 }
4993
4994@@ -247,7 +247,7 @@ WERROR _PNP_Connect(struct pipes_struct
4995 WERROR _PNP_GetGlobalState(struct pipes_struct *p,
4996 struct PNP_GetGlobalState *r)
4997 {
4998- p->rng_fault_state = true;
4999+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5000 return WERR_NOT_SUPPORTED;
5001 }
5002
5003@@ -257,7 +257,7 @@ WERROR _PNP_GetGlobalState(struct pipes_
5004 WERROR _PNP_InitDetection(struct pipes_struct *p,
5005 struct PNP_InitDetection *r)
5006 {
5007- p->rng_fault_state = true;
5008+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5009 return WERR_NOT_SUPPORTED;
5010 }
5011
5012@@ -267,7 +267,7 @@ WERROR _PNP_InitDetection(struct pipes_s
5013 WERROR _PNP_ReportLogOn(struct pipes_struct *p,
5014 struct PNP_ReportLogOn *r)
5015 {
5016- p->rng_fault_state = true;
5017+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5018 return WERR_NOT_SUPPORTED;
5019 }
5020
5021@@ -277,7 +277,7 @@ WERROR _PNP_ReportLogOn(struct pipes_str
5022 WERROR _PNP_GetRootDeviceInstance(struct pipes_struct *p,
5023 struct PNP_GetRootDeviceInstance *r)
5024 {
5025- p->rng_fault_state = true;
5026+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5027 return WERR_NOT_SUPPORTED;
5028 }
5029
5030@@ -287,7 +287,7 @@ WERROR _PNP_GetRootDeviceInstance(struct
5031 WERROR _PNP_GetRelatedDeviceInstance(struct pipes_struct *p,
5032 struct PNP_GetRelatedDeviceInstance *r)
5033 {
5034- p->rng_fault_state = true;
5035+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5036 return WERR_NOT_SUPPORTED;
5037 }
5038
5039@@ -297,7 +297,7 @@ WERROR _PNP_GetRelatedDeviceInstance(str
5040 WERROR _PNP_EnumerateSubKeys(struct pipes_struct *p,
5041 struct PNP_EnumerateSubKeys *r)
5042 {
5043- p->rng_fault_state = true;
5044+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5045 return WERR_NOT_SUPPORTED;
5046 }
5047
5048@@ -307,7 +307,7 @@ WERROR _PNP_EnumerateSubKeys(struct pipe
5049 WERROR _PNP_GetDepth(struct pipes_struct *p,
5050 struct PNP_GetDepth *r)
5051 {
5052- p->rng_fault_state = true;
5053+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5054 return WERR_NOT_SUPPORTED;
5055 }
5056
5057@@ -317,7 +317,7 @@ WERROR _PNP_GetDepth(struct pipes_struct
5058 WERROR _PNP_SetDeviceRegProp(struct pipes_struct *p,
5059 struct PNP_SetDeviceRegProp *r)
5060 {
5061- p->rng_fault_state = true;
5062+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5063 return WERR_NOT_SUPPORTED;
5064 }
5065
5066@@ -327,7 +327,7 @@ WERROR _PNP_SetDeviceRegProp(struct pipe
5067 WERROR _PNP_GetClassInstance(struct pipes_struct *p,
5068 struct PNP_GetClassInstance *r)
5069 {
5070- p->rng_fault_state = true;
5071+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5072 return WERR_NOT_SUPPORTED;
5073 }
5074
5075@@ -337,7 +337,7 @@ WERROR _PNP_GetClassInstance(struct pipe
5076 WERROR _PNP_CreateKey(struct pipes_struct *p,
5077 struct PNP_CreateKey *r)
5078 {
5079- p->rng_fault_state = true;
5080+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5081 return WERR_NOT_SUPPORTED;
5082 }
5083
5084@@ -347,7 +347,7 @@ WERROR _PNP_CreateKey(struct pipes_struc
5085 WERROR _PNP_DeleteRegistryKey(struct pipes_struct *p,
5086 struct PNP_DeleteRegistryKey *r)
5087 {
5088- p->rng_fault_state = true;
5089+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5090 return WERR_NOT_SUPPORTED;
5091 }
5092
5093@@ -357,7 +357,7 @@ WERROR _PNP_DeleteRegistryKey(struct pip
5094 WERROR _PNP_GetClassCount(struct pipes_struct *p,
5095 struct PNP_GetClassCount *r)
5096 {
5097- p->rng_fault_state = true;
5098+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5099 return WERR_NOT_SUPPORTED;
5100 }
5101
5102@@ -367,7 +367,7 @@ WERROR _PNP_GetClassCount(struct pipes_s
5103 WERROR _PNP_GetClassName(struct pipes_struct *p,
5104 struct PNP_GetClassName *r)
5105 {
5106- p->rng_fault_state = true;
5107+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5108 return WERR_NOT_SUPPORTED;
5109 }
5110
5111@@ -377,7 +377,7 @@ WERROR _PNP_GetClassName(struct pipes_st
5112 WERROR _PNP_DeleteClassKey(struct pipes_struct *p,
5113 struct PNP_DeleteClassKey *r)
5114 {
5115- p->rng_fault_state = true;
5116+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5117 return WERR_NOT_SUPPORTED;
5118 }
5119
5120@@ -387,7 +387,7 @@ WERROR _PNP_DeleteClassKey(struct pipes_
5121 WERROR _PNP_GetInterfaceDeviceAlias(struct pipes_struct *p,
5122 struct PNP_GetInterfaceDeviceAlias *r)
5123 {
5124- p->rng_fault_state = true;
5125+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5126 return WERR_NOT_SUPPORTED;
5127 }
5128
5129@@ -397,7 +397,7 @@ WERROR _PNP_GetInterfaceDeviceAlias(stru
5130 WERROR _PNP_GetInterfaceDeviceList(struct pipes_struct *p,
5131 struct PNP_GetInterfaceDeviceList *r)
5132 {
5133- p->rng_fault_state = true;
5134+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5135 return WERR_NOT_SUPPORTED;
5136 }
5137
5138@@ -407,7 +407,7 @@ WERROR _PNP_GetInterfaceDeviceList(struc
5139 WERROR _PNP_GetInterfaceDeviceListSize(struct pipes_struct *p,
5140 struct PNP_GetInterfaceDeviceListSize *r)
5141 {
5142- p->rng_fault_state = true;
5143+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5144 return WERR_NOT_SUPPORTED;
5145 }
5146
5147@@ -417,7 +417,7 @@ WERROR _PNP_GetInterfaceDeviceListSize(s
5148 WERROR _PNP_RegisterDeviceClassAssociation(struct pipes_struct *p,
5149 struct PNP_RegisterDeviceClassAssociation *r)
5150 {
5151- p->rng_fault_state = true;
5152+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5153 return WERR_NOT_SUPPORTED;
5154 }
5155
5156@@ -427,7 +427,7 @@ WERROR _PNP_RegisterDeviceClassAssociati
5157 WERROR _PNP_UnregisterDeviceClassAssociation(struct pipes_struct *p,
5158 struct PNP_UnregisterDeviceClassAssociation *r)
5159 {
5160- p->rng_fault_state = true;
5161+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5162 return WERR_NOT_SUPPORTED;
5163 }
5164
5165@@ -437,7 +437,7 @@ WERROR _PNP_UnregisterDeviceClassAssocia
5166 WERROR _PNP_GetClassRegProp(struct pipes_struct *p,
5167 struct PNP_GetClassRegProp *r)
5168 {
5169- p->rng_fault_state = true;
5170+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5171 return WERR_NOT_SUPPORTED;
5172 }
5173
5174@@ -447,7 +447,7 @@ WERROR _PNP_GetClassRegProp(struct pipes
5175 WERROR _PNP_SetClassRegProp(struct pipes_struct *p,
5176 struct PNP_SetClassRegProp *r)
5177 {
5178- p->rng_fault_state = true;
5179+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5180 return WERR_NOT_SUPPORTED;
5181 }
5182
5183@@ -457,7 +457,7 @@ WERROR _PNP_SetClassRegProp(struct pipes
5184 WERROR _PNP_CreateDevInst(struct pipes_struct *p,
5185 struct PNP_CreateDevInst *r)
5186 {
5187- p->rng_fault_state = true;
5188+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5189 return WERR_NOT_SUPPORTED;
5190 }
5191
5192@@ -467,7 +467,7 @@ WERROR _PNP_CreateDevInst(struct pipes_s
5193 WERROR _PNP_DeviceInstanceAction(struct pipes_struct *p,
5194 struct PNP_DeviceInstanceAction *r)
5195 {
5196- p->rng_fault_state = true;
5197+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5198 return WERR_NOT_SUPPORTED;
5199 }
5200
5201@@ -477,7 +477,7 @@ WERROR _PNP_DeviceInstanceAction(struct
5202 WERROR _PNP_GetDeviceStatus(struct pipes_struct *p,
5203 struct PNP_GetDeviceStatus *r)
5204 {
5205- p->rng_fault_state = true;
5206+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5207 return WERR_NOT_SUPPORTED;
5208 }
5209
5210@@ -487,7 +487,7 @@ WERROR _PNP_GetDeviceStatus(struct pipes
5211 WERROR _PNP_SetDeviceProblem(struct pipes_struct *p,
5212 struct PNP_SetDeviceProblem *r)
5213 {
5214- p->rng_fault_state = true;
5215+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5216 return WERR_NOT_SUPPORTED;
5217 }
5218
5219@@ -497,7 +497,7 @@ WERROR _PNP_SetDeviceProblem(struct pipe
5220 WERROR _PNP_DisableDevInst(struct pipes_struct *p,
5221 struct PNP_DisableDevInst *r)
5222 {
5223- p->rng_fault_state = true;
5224+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5225 return WERR_NOT_SUPPORTED;
5226 }
5227
5228@@ -507,7 +507,7 @@ WERROR _PNP_DisableDevInst(struct pipes_
5229 WERROR _PNP_UninstallDevInst(struct pipes_struct *p,
5230 struct PNP_UninstallDevInst *r)
5231 {
5232- p->rng_fault_state = true;
5233+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5234 return WERR_NOT_SUPPORTED;
5235 }
5236
5237@@ -517,7 +517,7 @@ WERROR _PNP_UninstallDevInst(struct pipe
5238 WERROR _PNP_AddID(struct pipes_struct *p,
5239 struct PNP_AddID *r)
5240 {
5241- p->rng_fault_state = true;
5242+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5243 return WERR_NOT_SUPPORTED;
5244 }
5245
5246@@ -527,7 +527,7 @@ WERROR _PNP_AddID(struct pipes_struct *p
5247 WERROR _PNP_RegisterDriver(struct pipes_struct *p,
5248 struct PNP_RegisterDriver *r)
5249 {
5250- p->rng_fault_state = true;
5251+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5252 return WERR_NOT_SUPPORTED;
5253 }
5254
5255@@ -537,7 +537,7 @@ WERROR _PNP_RegisterDriver(struct pipes_
5256 WERROR _PNP_QueryRemove(struct pipes_struct *p,
5257 struct PNP_QueryRemove *r)
5258 {
5259- p->rng_fault_state = true;
5260+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5261 return WERR_NOT_SUPPORTED;
5262 }
5263
5264@@ -547,7 +547,7 @@ WERROR _PNP_QueryRemove(struct pipes_str
5265 WERROR _PNP_RequestDeviceEject(struct pipes_struct *p,
5266 struct PNP_RequestDeviceEject *r)
5267 {
5268- p->rng_fault_state = true;
5269+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5270 return WERR_NOT_SUPPORTED;
5271 }
5272
5273@@ -557,7 +557,7 @@ WERROR _PNP_RequestDeviceEject(struct pi
5274 WERROR _PNP_IsDockStationPresent(struct pipes_struct *p,
5275 struct PNP_IsDockStationPresent *r)
5276 {
5277- p->rng_fault_state = true;
5278+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5279 return WERR_NOT_SUPPORTED;
5280 }
5281
5282@@ -567,7 +567,7 @@ WERROR _PNP_IsDockStationPresent(struct
5283 WERROR _PNP_RequestEjectPC(struct pipes_struct *p,
5284 struct PNP_RequestEjectPC *r)
5285 {
5286- p->rng_fault_state = true;
5287+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5288 return WERR_NOT_SUPPORTED;
5289 }
5290
5291@@ -577,7 +577,7 @@ WERROR _PNP_RequestEjectPC(struct pipes_
5292 WERROR _PNP_AddEmptyLogConf(struct pipes_struct *p,
5293 struct PNP_AddEmptyLogConf *r)
5294 {
5295- p->rng_fault_state = true;
5296+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5297 return WERR_NOT_SUPPORTED;
5298 }
5299
5300@@ -587,7 +587,7 @@ WERROR _PNP_AddEmptyLogConf(struct pipes
5301 WERROR _PNP_FreeLogConf(struct pipes_struct *p,
5302 struct PNP_FreeLogConf *r)
5303 {
5304- p->rng_fault_state = true;
5305+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5306 return WERR_NOT_SUPPORTED;
5307 }
5308
5309@@ -597,7 +597,7 @@ WERROR _PNP_FreeLogConf(struct pipes_str
5310 WERROR _PNP_GetFirstLogConf(struct pipes_struct *p,
5311 struct PNP_GetFirstLogConf *r)
5312 {
5313- p->rng_fault_state = true;
5314+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5315 return WERR_NOT_SUPPORTED;
5316 }
5317
5318@@ -607,7 +607,7 @@ WERROR _PNP_GetFirstLogConf(struct pipes
5319 WERROR _PNP_GetNextLogConf(struct pipes_struct *p,
5320 struct PNP_GetNextLogConf *r)
5321 {
5322- p->rng_fault_state = true;
5323+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5324 return WERR_NOT_SUPPORTED;
5325 }
5326
5327@@ -617,7 +617,7 @@ WERROR _PNP_GetNextLogConf(struct pipes_
5328 WERROR _PNP_GetLogConfPriority(struct pipes_struct *p,
5329 struct PNP_GetLogConfPriority *r)
5330 {
5331- p->rng_fault_state = true;
5332+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5333 return WERR_NOT_SUPPORTED;
5334 }
5335
5336@@ -627,7 +627,7 @@ WERROR _PNP_GetLogConfPriority(struct pi
5337 WERROR _PNP_AddResDes(struct pipes_struct *p,
5338 struct PNP_AddResDes *r)
5339 {
5340- p->rng_fault_state = true;
5341+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5342 return WERR_NOT_SUPPORTED;
5343 }
5344
5345@@ -637,7 +637,7 @@ WERROR _PNP_AddResDes(struct pipes_struc
5346 WERROR _PNP_FreeResDes(struct pipes_struct *p,
5347 struct PNP_FreeResDes *r)
5348 {
5349- p->rng_fault_state = true;
5350+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5351 return WERR_NOT_SUPPORTED;
5352 }
5353
5354@@ -647,7 +647,7 @@ WERROR _PNP_FreeResDes(struct pipes_stru
5355 WERROR _PNP_GetNextResDes(struct pipes_struct *p,
5356 struct PNP_GetNextResDes *r)
5357 {
5358- p->rng_fault_state = true;
5359+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5360 return WERR_NOT_SUPPORTED;
5361 }
5362
5363@@ -657,7 +657,7 @@ WERROR _PNP_GetNextResDes(struct pipes_s
5364 WERROR _PNP_GetResDesData(struct pipes_struct *p,
5365 struct PNP_GetResDesData *r)
5366 {
5367- p->rng_fault_state = true;
5368+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5369 return WERR_NOT_SUPPORTED;
5370 }
5371
5372@@ -667,7 +667,7 @@ WERROR _PNP_GetResDesData(struct pipes_s
5373 WERROR _PNP_GetResDesDataSize(struct pipes_struct *p,
5374 struct PNP_GetResDesDataSize *r)
5375 {
5376- p->rng_fault_state = true;
5377+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5378 return WERR_NOT_SUPPORTED;
5379 }
5380
5381@@ -677,7 +677,7 @@ WERROR _PNP_GetResDesDataSize(struct pip
5382 WERROR _PNP_ModifyResDes(struct pipes_struct *p,
5383 struct PNP_ModifyResDes *r)
5384 {
5385- p->rng_fault_state = true;
5386+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5387 return WERR_NOT_SUPPORTED;
5388 }
5389
5390@@ -687,7 +687,7 @@ WERROR _PNP_ModifyResDes(struct pipes_st
5391 WERROR _PNP_DetectResourceLimit(struct pipes_struct *p,
5392 struct PNP_DetectResourceLimit *r)
5393 {
5394- p->rng_fault_state = true;
5395+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5396 return WERR_NOT_SUPPORTED;
5397 }
5398
5399@@ -697,7 +697,7 @@ WERROR _PNP_DetectResourceLimit(struct p
5400 WERROR _PNP_QueryResConfList(struct pipes_struct *p,
5401 struct PNP_QueryResConfList *r)
5402 {
5403- p->rng_fault_state = true;
5404+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5405 return WERR_NOT_SUPPORTED;
5406 }
5407
5408@@ -707,7 +707,7 @@ WERROR _PNP_QueryResConfList(struct pipe
5409 WERROR _PNP_SetHwProf(struct pipes_struct *p,
5410 struct PNP_SetHwProf *r)
5411 {
5412- p->rng_fault_state = true;
5413+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5414 return WERR_NOT_SUPPORTED;
5415 }
5416
5417@@ -717,7 +717,7 @@ WERROR _PNP_SetHwProf(struct pipes_struc
5418 WERROR _PNP_QueryArbitratorFreeData(struct pipes_struct *p,
5419 struct PNP_QueryArbitratorFreeData *r)
5420 {
5421- p->rng_fault_state = true;
5422+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5423 return WERR_NOT_SUPPORTED;
5424 }
5425
5426@@ -727,7 +727,7 @@ WERROR _PNP_QueryArbitratorFreeData(stru
5427 WERROR _PNP_QueryArbitratorFreeSize(struct pipes_struct *p,
5428 struct PNP_QueryArbitratorFreeSize *r)
5429 {
5430- p->rng_fault_state = true;
5431+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5432 return WERR_NOT_SUPPORTED;
5433 }
5434
5435@@ -737,7 +737,7 @@ WERROR _PNP_QueryArbitratorFreeSize(stru
5436 WERROR _PNP_RunDetection(struct pipes_struct *p,
5437 struct PNP_RunDetection *r)
5438 {
5439- p->rng_fault_state = true;
5440+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5441 return WERR_NOT_SUPPORTED;
5442 }
5443
5444@@ -747,7 +747,7 @@ WERROR _PNP_RunDetection(struct pipes_st
5445 WERROR _PNP_RegisterNotification(struct pipes_struct *p,
5446 struct PNP_RegisterNotification *r)
5447 {
5448- p->rng_fault_state = true;
5449+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5450 return WERR_NOT_SUPPORTED;
5451 }
5452
5453@@ -757,7 +757,7 @@ WERROR _PNP_RegisterNotification(struct
5454 WERROR _PNP_UnregisterNotification(struct pipes_struct *p,
5455 struct PNP_UnregisterNotification *r)
5456 {
5457- p->rng_fault_state = true;
5458+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5459 return WERR_NOT_SUPPORTED;
5460 }
5461
5462@@ -767,7 +767,7 @@ WERROR _PNP_UnregisterNotification(struc
5463 WERROR _PNP_GetCustomDevProp(struct pipes_struct *p,
5464 struct PNP_GetCustomDevProp *r)
5465 {
5466- p->rng_fault_state = true;
5467+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5468 return WERR_NOT_SUPPORTED;
5469 }
5470
5471@@ -777,7 +777,7 @@ WERROR _PNP_GetCustomDevProp(struct pipe
5472 WERROR _PNP_GetVersionInternal(struct pipes_struct *p,
5473 struct PNP_GetVersionInternal *r)
5474 {
5475- p->rng_fault_state = true;
5476+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5477 return WERR_NOT_SUPPORTED;
5478 }
5479
5480@@ -787,7 +787,7 @@ WERROR _PNP_GetVersionInternal(struct pi
5481 WERROR _PNP_GetBlockedDriverInfo(struct pipes_struct *p,
5482 struct PNP_GetBlockedDriverInfo *r)
5483 {
5484- p->rng_fault_state = true;
5485+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5486 return WERR_NOT_SUPPORTED;
5487 }
5488
5489@@ -797,6 +797,6 @@ WERROR _PNP_GetBlockedDriverInfo(struct
5490 WERROR _PNP_GetServerSideDeviceInstallFlags(struct pipes_struct *p,
5491 struct PNP_GetServerSideDeviceInstallFlags *r)
5492 {
5493- p->rng_fault_state = true;
5494+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5495 return WERR_NOT_SUPPORTED;
5496 }
5497Index: samba-3.6.23/source3/rpc_server/rpc_handles.c
5498===================================================================
5499--- samba-3.6.23.orig/source3/rpc_server/rpc_handles.c
5500+++ samba-3.6.23/source3/rpc_server/rpc_handles.c
5501@@ -242,7 +242,7 @@ static struct dcesrv_handle *find_policy
5502 DEBUG(4,("Policy not found: "));
5503 dump_data(4, (uint8_t *)hnd, sizeof(*hnd));
5504
5505- p->bad_handle_fault_state = true;
5506+ p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH;
5507
5508 return NULL;
5509 }
5510Index: samba-3.6.23/source3/rpc_server/rpc_ncacn_np.c
5511===================================================================
5512--- samba-3.6.23.orig/source3/rpc_server/rpc_ncacn_np.c
5513+++ samba-3.6.23/source3/rpc_server/rpc_ncacn_np.c
5514@@ -216,24 +216,13 @@ static NTSTATUS rpcint_dispatch(struct p
5515 }
5516
5517 if (p->fault_state) {
5518- p->fault_state = false;
5519- data_blob_free(&p->out_data.rdata);
5520- talloc_free_children(p->mem_ctx);
5521- return NT_STATUS_RPC_CALL_FAILED;
5522- }
5523-
5524- if (p->bad_handle_fault_state) {
5525- p->bad_handle_fault_state = false;
5526- data_blob_free(&p->out_data.rdata);
5527- talloc_free_children(p->mem_ctx);
5528- return NT_STATUS_RPC_SS_CONTEXT_MISMATCH;
5529- }
5530+ NTSTATUS status;
5531
5532- if (p->rng_fault_state) {
5533- p->rng_fault_state = false;
5534+ status = NT_STATUS(p->fault_state);
5535+ p->fault_state = 0;
5536 data_blob_free(&p->out_data.rdata);
5537 talloc_free_children(p->mem_ctx);
5538- return NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE;
5539+ return status;
5540 }
5541
5542 *out_data = p->out_data.rdata;
5543Index: samba-3.6.23/source3/rpc_server/samr/srv_samr_nt.c
5544===================================================================
5545--- samba-3.6.23.orig/source3/rpc_server/samr/srv_samr_nt.c
5546+++ samba-3.6.23/source3/rpc_server/samr/srv_samr_nt.c
5547@@ -6682,7 +6682,7 @@ NTSTATUS _samr_ValidatePassword(struct p
5548 NTSTATUS _samr_Shutdown(struct pipes_struct *p,
5549 struct samr_Shutdown *r)
5550 {
5551- p->rng_fault_state = true;
5552+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5553 return NT_STATUS_NOT_IMPLEMENTED;
5554 }
5555
5556@@ -6692,7 +6692,7 @@ NTSTATUS _samr_Shutdown(struct pipes_str
5557 NTSTATUS _samr_SetMemberAttributesOfGroup(struct pipes_struct *p,
5558 struct samr_SetMemberAttributesOfGroup *r)
5559 {
5560- p->rng_fault_state = true;
5561+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5562 return NT_STATUS_NOT_IMPLEMENTED;
5563 }
5564
5565@@ -6702,6 +6702,7 @@ NTSTATUS _samr_SetMemberAttributesOfGrou
5566 NTSTATUS _samr_TestPrivateFunctionsDomain(struct pipes_struct *p,
5567 struct samr_TestPrivateFunctionsDomain *r)
5568 {
5569+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5570 return NT_STATUS_NOT_IMPLEMENTED;
5571 }
5572
5573@@ -6711,6 +6712,7 @@ NTSTATUS _samr_TestPrivateFunctionsDomai
5574 NTSTATUS _samr_TestPrivateFunctionsUser(struct pipes_struct *p,
5575 struct samr_TestPrivateFunctionsUser *r)
5576 {
5577+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5578 return NT_STATUS_NOT_IMPLEMENTED;
5579 }
5580
5581@@ -6720,7 +6722,7 @@ NTSTATUS _samr_TestPrivateFunctionsUser(
5582 NTSTATUS _samr_AddMultipleMembersToAlias(struct pipes_struct *p,
5583 struct samr_AddMultipleMembersToAlias *r)
5584 {
5585- p->rng_fault_state = true;
5586+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5587 return NT_STATUS_NOT_IMPLEMENTED;
5588 }
5589
5590@@ -6730,7 +6732,7 @@ NTSTATUS _samr_AddMultipleMembersToAlias
5591 NTSTATUS _samr_RemoveMultipleMembersFromAlias(struct pipes_struct *p,
5592 struct samr_RemoveMultipleMembersFromAlias *r)
5593 {
5594- p->rng_fault_state = true;
5595+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5596 return NT_STATUS_NOT_IMPLEMENTED;
5597 }
5598
5599@@ -6740,7 +6742,7 @@ NTSTATUS _samr_RemoveMultipleMembersFrom
5600 NTSTATUS _samr_SetBootKeyInformation(struct pipes_struct *p,
5601 struct samr_SetBootKeyInformation *r)
5602 {
5603- p->rng_fault_state = true;
5604+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5605 return NT_STATUS_NOT_IMPLEMENTED;
5606 }
5607
5608@@ -6750,7 +6752,7 @@ NTSTATUS _samr_SetBootKeyInformation(str
5609 NTSTATUS _samr_GetBootKeyInformation(struct pipes_struct *p,
5610 struct samr_GetBootKeyInformation *r)
5611 {
5612- p->rng_fault_state = true;
5613+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5614 return NT_STATUS_NOT_IMPLEMENTED;
5615 }
5616
5617@@ -6760,6 +6762,6 @@ NTSTATUS _samr_GetBootKeyInformation(str
5618 NTSTATUS _samr_SetDsrmPassword(struct pipes_struct *p,
5619 struct samr_SetDsrmPassword *r)
5620 {
5621- p->rng_fault_state = true;
5622+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5623 return NT_STATUS_NOT_IMPLEMENTED;
5624 }
5625Index: samba-3.6.23/source3/rpc_server/spoolss/srv_spoolss_nt.c
5626===================================================================
5627--- samba-3.6.23.orig/source3/rpc_server/spoolss/srv_spoolss_nt.c
5628+++ samba-3.6.23/source3/rpc_server/spoolss/srv_spoolss_nt.c
5629@@ -10201,7 +10201,7 @@ WERROR _spoolss_AddPort(struct pipes_str
5630 WERROR _spoolss_GetPrinterDriver(struct pipes_struct *p,
5631 struct spoolss_GetPrinterDriver *r)
5632 {
5633- p->rng_fault_state = true;
5634+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5635 return WERR_NOT_SUPPORTED;
5636 }
5637
5638@@ -10212,7 +10212,7 @@ WERROR _spoolss_GetPrinterDriver(struct
5639 WERROR _spoolss_ReadPrinter(struct pipes_struct *p,
5640 struct spoolss_ReadPrinter *r)
5641 {
5642- p->rng_fault_state = true;
5643+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5644 return WERR_NOT_SUPPORTED;
5645 }
5646
5647@@ -10223,7 +10223,7 @@ WERROR _spoolss_ReadPrinter(struct pipes
5648 WERROR _spoolss_WaitForPrinterChange(struct pipes_struct *p,
5649 struct spoolss_WaitForPrinterChange *r)
5650 {
5651- p->rng_fault_state = true;
5652+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5653 return WERR_NOT_SUPPORTED;
5654 }
5655
5656@@ -10234,7 +10234,7 @@ WERROR _spoolss_WaitForPrinterChange(str
5657 WERROR _spoolss_ConfigurePort(struct pipes_struct *p,
5658 struct spoolss_ConfigurePort *r)
5659 {
5660- p->rng_fault_state = true;
5661+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5662 return WERR_NOT_SUPPORTED;
5663 }
5664
5665@@ -10245,7 +10245,7 @@ WERROR _spoolss_ConfigurePort(struct pip
5666 WERROR _spoolss_DeletePort(struct pipes_struct *p,
5667 struct spoolss_DeletePort *r)
5668 {
5669- p->rng_fault_state = true;
5670+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5671 return WERR_NOT_SUPPORTED;
5672 }
5673
5674@@ -10256,7 +10256,7 @@ WERROR _spoolss_DeletePort(struct pipes_
5675 WERROR _spoolss_CreatePrinterIC(struct pipes_struct *p,
5676 struct spoolss_CreatePrinterIC *r)
5677 {
5678- p->rng_fault_state = true;
5679+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5680 return WERR_NOT_SUPPORTED;
5681 }
5682
5683@@ -10267,7 +10267,7 @@ WERROR _spoolss_CreatePrinterIC(struct p
5684 WERROR _spoolss_PlayGDIScriptOnPrinterIC(struct pipes_struct *p,
5685 struct spoolss_PlayGDIScriptOnPrinterIC *r)
5686 {
5687- p->rng_fault_state = true;
5688+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5689 return WERR_NOT_SUPPORTED;
5690 }
5691
5692@@ -10278,7 +10278,7 @@ WERROR _spoolss_PlayGDIScriptOnPrinterIC
5693 WERROR _spoolss_DeletePrinterIC(struct pipes_struct *p,
5694 struct spoolss_DeletePrinterIC *r)
5695 {
5696- p->rng_fault_state = true;
5697+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5698 return WERR_NOT_SUPPORTED;
5699 }
5700
5701@@ -10289,7 +10289,7 @@ WERROR _spoolss_DeletePrinterIC(struct p
5702 WERROR _spoolss_AddPrinterConnection(struct pipes_struct *p,
5703 struct spoolss_AddPrinterConnection *r)
5704 {
5705- p->rng_fault_state = true;
5706+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5707 return WERR_NOT_SUPPORTED;
5708 }
5709
5710@@ -10300,7 +10300,7 @@ WERROR _spoolss_AddPrinterConnection(str
5711 WERROR _spoolss_DeletePrinterConnection(struct pipes_struct *p,
5712 struct spoolss_DeletePrinterConnection *r)
5713 {
5714- p->rng_fault_state = true;
5715+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5716 return WERR_NOT_SUPPORTED;
5717 }
5718
5719@@ -10311,7 +10311,7 @@ WERROR _spoolss_DeletePrinterConnection(
5720 WERROR _spoolss_PrinterMessageBox(struct pipes_struct *p,
5721 struct spoolss_PrinterMessageBox *r)
5722 {
5723- p->rng_fault_state = true;
5724+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5725 return WERR_NOT_SUPPORTED;
5726 }
5727
5728@@ -10322,7 +10322,7 @@ WERROR _spoolss_PrinterMessageBox(struct
5729 WERROR _spoolss_AddMonitor(struct pipes_struct *p,
5730 struct spoolss_AddMonitor *r)
5731 {
5732- p->rng_fault_state = true;
5733+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5734 return WERR_NOT_SUPPORTED;
5735 }
5736
5737@@ -10333,7 +10333,7 @@ WERROR _spoolss_AddMonitor(struct pipes_
5738 WERROR _spoolss_DeleteMonitor(struct pipes_struct *p,
5739 struct spoolss_DeleteMonitor *r)
5740 {
5741- p->rng_fault_state = true;
5742+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5743 return WERR_NOT_SUPPORTED;
5744 }
5745
5746@@ -10344,7 +10344,7 @@ WERROR _spoolss_DeleteMonitor(struct pip
5747 WERROR _spoolss_DeletePrintProcessor(struct pipes_struct *p,
5748 struct spoolss_DeletePrintProcessor *r)
5749 {
5750- p->rng_fault_state = true;
5751+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5752 return WERR_NOT_SUPPORTED;
5753 }
5754
5755@@ -10355,7 +10355,7 @@ WERROR _spoolss_DeletePrintProcessor(str
5756 WERROR _spoolss_AddPrintProvidor(struct pipes_struct *p,
5757 struct spoolss_AddPrintProvidor *r)
5758 {
5759- p->rng_fault_state = true;
5760+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5761 return WERR_NOT_SUPPORTED;
5762 }
5763
5764@@ -10366,7 +10366,7 @@ WERROR _spoolss_AddPrintProvidor(struct
5765 WERROR _spoolss_DeletePrintProvidor(struct pipes_struct *p,
5766 struct spoolss_DeletePrintProvidor *r)
5767 {
5768- p->rng_fault_state = true;
5769+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5770 return WERR_NOT_SUPPORTED;
5771 }
5772
5773@@ -10377,7 +10377,7 @@ WERROR _spoolss_DeletePrintProvidor(stru
5774 WERROR _spoolss_FindFirstPrinterChangeNotification(struct pipes_struct *p,
5775 struct spoolss_FindFirstPrinterChangeNotification *r)
5776 {
5777- p->rng_fault_state = true;
5778+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5779 return WERR_NOT_SUPPORTED;
5780 }
5781
5782@@ -10388,7 +10388,7 @@ WERROR _spoolss_FindFirstPrinterChangeNo
5783 WERROR _spoolss_FindNextPrinterChangeNotification(struct pipes_struct *p,
5784 struct spoolss_FindNextPrinterChangeNotification *r)
5785 {
5786- p->rng_fault_state = true;
5787+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5788 return WERR_NOT_SUPPORTED;
5789 }
5790
5791@@ -10399,7 +10399,7 @@ WERROR _spoolss_FindNextPrinterChangeNot
5792 WERROR _spoolss_RouterFindFirstPrinterChangeNotificationOld(struct pipes_struct *p,
5793 struct spoolss_RouterFindFirstPrinterChangeNotificationOld *r)
5794 {
5795- p->rng_fault_state = true;
5796+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5797 return WERR_NOT_SUPPORTED;
5798 }
5799
5800@@ -10410,7 +10410,7 @@ WERROR _spoolss_RouterFindFirstPrinterCh
5801 WERROR _spoolss_ReplyOpenPrinter(struct pipes_struct *p,
5802 struct spoolss_ReplyOpenPrinter *r)
5803 {
5804- p->rng_fault_state = true;
5805+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5806 return WERR_NOT_SUPPORTED;
5807 }
5808
5809@@ -10421,7 +10421,7 @@ WERROR _spoolss_ReplyOpenPrinter(struct
5810 WERROR _spoolss_RouterReplyPrinter(struct pipes_struct *p,
5811 struct spoolss_RouterReplyPrinter *r)
5812 {
5813- p->rng_fault_state = true;
5814+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5815 return WERR_NOT_SUPPORTED;
5816 }
5817
5818@@ -10432,7 +10432,7 @@ WERROR _spoolss_RouterReplyPrinter(struc
5819 WERROR _spoolss_ReplyClosePrinter(struct pipes_struct *p,
5820 struct spoolss_ReplyClosePrinter *r)
5821 {
5822- p->rng_fault_state = true;
5823+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5824 return WERR_NOT_SUPPORTED;
5825 }
5826
5827@@ -10443,7 +10443,7 @@ WERROR _spoolss_ReplyClosePrinter(struct
5828 WERROR _spoolss_AddPortEx(struct pipes_struct *p,
5829 struct spoolss_AddPortEx *r)
5830 {
5831- p->rng_fault_state = true;
5832+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5833 return WERR_NOT_SUPPORTED;
5834 }
5835
5836@@ -10454,7 +10454,7 @@ WERROR _spoolss_AddPortEx(struct pipes_s
5837 WERROR _spoolss_RouterFindFirstPrinterChangeNotification(struct pipes_struct *p,
5838 struct spoolss_RouterFindFirstPrinterChangeNotification *r)
5839 {
5840- p->rng_fault_state = true;
5841+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5842 return WERR_NOT_SUPPORTED;
5843 }
5844
5845@@ -10465,7 +10465,7 @@ WERROR _spoolss_RouterFindFirstPrinterCh
5846 WERROR _spoolss_SpoolerInit(struct pipes_struct *p,
5847 struct spoolss_SpoolerInit *r)
5848 {
5849- p->rng_fault_state = true;
5850+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5851 return WERR_NOT_SUPPORTED;
5852 }
5853
5854@@ -10476,7 +10476,7 @@ WERROR _spoolss_SpoolerInit(struct pipes
5855 WERROR _spoolss_ResetPrinterEx(struct pipes_struct *p,
5856 struct spoolss_ResetPrinterEx *r)
5857 {
5858- p->rng_fault_state = true;
5859+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5860 return WERR_NOT_SUPPORTED;
5861 }
5862
5863@@ -10487,7 +10487,7 @@ WERROR _spoolss_ResetPrinterEx(struct pi
5864 WERROR _spoolss_RouterReplyPrinterEx(struct pipes_struct *p,
5865 struct spoolss_RouterReplyPrinterEx *r)
5866 {
5867- p->rng_fault_state = true;
5868+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5869 return WERR_NOT_SUPPORTED;
5870 }
5871
5872@@ -10498,7 +10498,7 @@ WERROR _spoolss_RouterReplyPrinterEx(str
5873 WERROR _spoolss_44(struct pipes_struct *p,
5874 struct spoolss_44 *r)
5875 {
5876- p->rng_fault_state = true;
5877+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5878 return WERR_NOT_SUPPORTED;
5879 }
5880
5881@@ -10509,7 +10509,7 @@ WERROR _spoolss_44(struct pipes_struct *
5882 WERROR _spoolss_SetPort(struct pipes_struct *p,
5883 struct spoolss_SetPort *r)
5884 {
5885- p->rng_fault_state = true;
5886+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5887 return WERR_NOT_SUPPORTED;
5888 }
5889
5890@@ -10520,7 +10520,7 @@ WERROR _spoolss_SetPort(struct pipes_str
5891 WERROR _spoolss_4a(struct pipes_struct *p,
5892 struct spoolss_4a *r)
5893 {
5894- p->rng_fault_state = true;
5895+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5896 return WERR_NOT_SUPPORTED;
5897 }
5898
5899@@ -10531,7 +10531,7 @@ WERROR _spoolss_4a(struct pipes_struct *
5900 WERROR _spoolss_4b(struct pipes_struct *p,
5901 struct spoolss_4b *r)
5902 {
5903- p->rng_fault_state = true;
5904+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5905 return WERR_NOT_SUPPORTED;
5906 }
5907
5908@@ -10542,7 +10542,7 @@ WERROR _spoolss_4b(struct pipes_struct *
5909 WERROR _spoolss_4c(struct pipes_struct *p,
5910 struct spoolss_4c *r)
5911 {
5912- p->rng_fault_state = true;
5913+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5914 return WERR_NOT_SUPPORTED;
5915 }
5916
5917@@ -10553,7 +10553,7 @@ WERROR _spoolss_4c(struct pipes_struct *
5918 WERROR _spoolss_53(struct pipes_struct *p,
5919 struct spoolss_53 *r)
5920 {
5921- p->rng_fault_state = true;
5922+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5923 return WERR_NOT_SUPPORTED;
5924 }
5925
5926@@ -10564,7 +10564,7 @@ WERROR _spoolss_53(struct pipes_struct *
5927 WERROR _spoolss_AddPerMachineConnection(struct pipes_struct *p,
5928 struct spoolss_AddPerMachineConnection *r)
5929 {
5930- p->rng_fault_state = true;
5931+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5932 return WERR_NOT_SUPPORTED;
5933 }
5934
5935@@ -10575,7 +10575,7 @@ WERROR _spoolss_AddPerMachineConnection(
5936 WERROR _spoolss_DeletePerMachineConnection(struct pipes_struct *p,
5937 struct spoolss_DeletePerMachineConnection *r)
5938 {
5939- p->rng_fault_state = true;
5940+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5941 return WERR_NOT_SUPPORTED;
5942 }
5943
5944@@ -10586,7 +10586,7 @@ WERROR _spoolss_DeletePerMachineConnecti
5945 WERROR _spoolss_EnumPerMachineConnections(struct pipes_struct *p,
5946 struct spoolss_EnumPerMachineConnections *r)
5947 {
5948- p->rng_fault_state = true;
5949+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5950 return WERR_NOT_SUPPORTED;
5951 }
5952
5953@@ -10597,7 +10597,7 @@ WERROR _spoolss_EnumPerMachineConnection
5954 WERROR _spoolss_5a(struct pipes_struct *p,
5955 struct spoolss_5a *r)
5956 {
5957- p->rng_fault_state = true;
5958+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5959 return WERR_NOT_SUPPORTED;
5960 }
5961
5962@@ -10608,7 +10608,7 @@ WERROR _spoolss_5a(struct pipes_struct *
5963 WERROR _spoolss_5b(struct pipes_struct *p,
5964 struct spoolss_5b *r)
5965 {
5966- p->rng_fault_state = true;
5967+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5968 return WERR_NOT_SUPPORTED;
5969 }
5970
5971@@ -10619,7 +10619,7 @@ WERROR _spoolss_5b(struct pipes_struct *
5972 WERROR _spoolss_5c(struct pipes_struct *p,
5973 struct spoolss_5c *r)
5974 {
5975- p->rng_fault_state = true;
5976+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5977 return WERR_NOT_SUPPORTED;
5978 }
5979
5980@@ -10630,7 +10630,7 @@ WERROR _spoolss_5c(struct pipes_struct *
5981 WERROR _spoolss_5d(struct pipes_struct *p,
5982 struct spoolss_5d *r)
5983 {
5984- p->rng_fault_state = true;
5985+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5986 return WERR_NOT_SUPPORTED;
5987 }
5988
5989@@ -10641,7 +10641,7 @@ WERROR _spoolss_5d(struct pipes_struct *
5990 WERROR _spoolss_5e(struct pipes_struct *p,
5991 struct spoolss_5e *r)
5992 {
5993- p->rng_fault_state = true;
5994+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
5995 return WERR_NOT_SUPPORTED;
5996 }
5997
5998@@ -10652,7 +10652,7 @@ WERROR _spoolss_5e(struct pipes_struct *
5999 WERROR _spoolss_5f(struct pipes_struct *p,
6000 struct spoolss_5f *r)
6001 {
6002- p->rng_fault_state = true;
6003+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6004 return WERR_NOT_SUPPORTED;
6005 }
6006
6007@@ -10663,7 +10663,7 @@ WERROR _spoolss_5f(struct pipes_struct *
6008 WERROR _spoolss_60(struct pipes_struct *p,
6009 struct spoolss_60 *r)
6010 {
6011- p->rng_fault_state = true;
6012+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6013 return WERR_NOT_SUPPORTED;
6014 }
6015
6016@@ -10674,7 +10674,7 @@ WERROR _spoolss_60(struct pipes_struct *
6017 WERROR _spoolss_61(struct pipes_struct *p,
6018 struct spoolss_61 *r)
6019 {
6020- p->rng_fault_state = true;
6021+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6022 return WERR_NOT_SUPPORTED;
6023 }
6024
6025@@ -10685,7 +10685,7 @@ WERROR _spoolss_61(struct pipes_struct *
6026 WERROR _spoolss_62(struct pipes_struct *p,
6027 struct spoolss_62 *r)
6028 {
6029- p->rng_fault_state = true;
6030+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6031 return WERR_NOT_SUPPORTED;
6032 }
6033
6034@@ -10696,7 +10696,7 @@ WERROR _spoolss_62(struct pipes_struct *
6035 WERROR _spoolss_63(struct pipes_struct *p,
6036 struct spoolss_63 *r)
6037 {
6038- p->rng_fault_state = true;
6039+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6040 return WERR_NOT_SUPPORTED;
6041 }
6042
6043@@ -10707,7 +10707,7 @@ WERROR _spoolss_63(struct pipes_struct *
6044 WERROR _spoolss_64(struct pipes_struct *p,
6045 struct spoolss_64 *r)
6046 {
6047- p->rng_fault_state = true;
6048+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6049 return WERR_NOT_SUPPORTED;
6050 }
6051
6052@@ -10718,7 +10718,7 @@ WERROR _spoolss_64(struct pipes_struct *
6053 WERROR _spoolss_65(struct pipes_struct *p,
6054 struct spoolss_65 *r)
6055 {
6056- p->rng_fault_state = true;
6057+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6058 return WERR_NOT_SUPPORTED;
6059 }
6060
6061@@ -10729,7 +10729,7 @@ WERROR _spoolss_65(struct pipes_struct *
6062 WERROR _spoolss_GetCorePrinterDrivers(struct pipes_struct *p,
6063 struct spoolss_GetCorePrinterDrivers *r)
6064 {
6065- p->rng_fault_state = true;
6066+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6067 return WERR_NOT_SUPPORTED;
6068 }
6069
6070@@ -10740,7 +10740,7 @@ WERROR _spoolss_GetCorePrinterDrivers(st
6071 WERROR _spoolss_67(struct pipes_struct *p,
6072 struct spoolss_67 *r)
6073 {
6074- p->rng_fault_state = true;
6075+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6076 return WERR_NOT_SUPPORTED;
6077 }
6078
6079@@ -10751,7 +10751,7 @@ WERROR _spoolss_67(struct pipes_struct *
6080 WERROR _spoolss_GetPrinterDriverPackagePath(struct pipes_struct *p,
6081 struct spoolss_GetPrinterDriverPackagePath *r)
6082 {
6083- p->rng_fault_state = true;
6084+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6085 return WERR_NOT_SUPPORTED;
6086 }
6087
6088@@ -10762,7 +10762,7 @@ WERROR _spoolss_GetPrinterDriverPackageP
6089 WERROR _spoolss_69(struct pipes_struct *p,
6090 struct spoolss_69 *r)
6091 {
6092- p->rng_fault_state = true;
6093+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6094 return WERR_NOT_SUPPORTED;
6095 }
6096
6097@@ -10773,7 +10773,7 @@ WERROR _spoolss_69(struct pipes_struct *
6098 WERROR _spoolss_6a(struct pipes_struct *p,
6099 struct spoolss_6a *r)
6100 {
6101- p->rng_fault_state = true;
6102+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6103 return WERR_NOT_SUPPORTED;
6104 }
6105
6106@@ -10784,7 +10784,7 @@ WERROR _spoolss_6a(struct pipes_struct *
6107 WERROR _spoolss_6b(struct pipes_struct *p,
6108 struct spoolss_6b *r)
6109 {
6110- p->rng_fault_state = true;
6111+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6112 return WERR_NOT_SUPPORTED;
6113 }
6114
6115@@ -10795,7 +10795,7 @@ WERROR _spoolss_6b(struct pipes_struct *
6116 WERROR _spoolss_6c(struct pipes_struct *p,
6117 struct spoolss_6c *r)
6118 {
6119- p->rng_fault_state = true;
6120+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6121 return WERR_NOT_SUPPORTED;
6122 }
6123
6124@@ -10806,6 +10806,6 @@ WERROR _spoolss_6c(struct pipes_struct *
6125 WERROR _spoolss_6d(struct pipes_struct *p,
6126 struct spoolss_6d *r)
6127 {
6128- p->rng_fault_state = true;
6129+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6130 return WERR_NOT_SUPPORTED;
6131 }
6132Index: samba-3.6.23/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
6133===================================================================
6134--- samba-3.6.23.orig/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
6135+++ samba-3.6.23/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
6136@@ -2549,244 +2549,244 @@ WERROR _srvsvc_NetFileClose(struct pipes
6137 WERROR _srvsvc_NetCharDevEnum(struct pipes_struct *p,
6138 struct srvsvc_NetCharDevEnum *r)
6139 {
6140- p->rng_fault_state = True;
6141+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6142 return WERR_NOT_SUPPORTED;
6143 }
6144
6145 WERROR _srvsvc_NetCharDevGetInfo(struct pipes_struct *p,
6146 struct srvsvc_NetCharDevGetInfo *r)
6147 {
6148- p->rng_fault_state = True;
6149+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6150 return WERR_NOT_SUPPORTED;
6151 }
6152
6153 WERROR _srvsvc_NetCharDevControl(struct pipes_struct *p,
6154 struct srvsvc_NetCharDevControl *r)
6155 {
6156- p->rng_fault_state = True;
6157+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6158 return WERR_NOT_SUPPORTED;
6159 }
6160
6161 WERROR _srvsvc_NetCharDevQEnum(struct pipes_struct *p,
6162 struct srvsvc_NetCharDevQEnum *r)
6163 {
6164- p->rng_fault_state = True;
6165+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6166 return WERR_NOT_SUPPORTED;
6167 }
6168
6169 WERROR _srvsvc_NetCharDevQGetInfo(struct pipes_struct *p,
6170 struct srvsvc_NetCharDevQGetInfo *r)
6171 {
6172- p->rng_fault_state = True;
6173+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6174 return WERR_NOT_SUPPORTED;
6175 }
6176
6177 WERROR _srvsvc_NetCharDevQSetInfo(struct pipes_struct *p,
6178 struct srvsvc_NetCharDevQSetInfo *r)
6179 {
6180- p->rng_fault_state = True;
6181+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6182 return WERR_NOT_SUPPORTED;
6183 }
6184
6185 WERROR _srvsvc_NetCharDevQPurge(struct pipes_struct *p,
6186 struct srvsvc_NetCharDevQPurge *r)
6187 {
6188- p->rng_fault_state = True;
6189+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6190 return WERR_NOT_SUPPORTED;
6191 }
6192
6193 WERROR _srvsvc_NetCharDevQPurgeSelf(struct pipes_struct *p,
6194 struct srvsvc_NetCharDevQPurgeSelf *r)
6195 {
6196- p->rng_fault_state = True;
6197+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6198 return WERR_NOT_SUPPORTED;
6199 }
6200
6201 WERROR _srvsvc_NetFileGetInfo(struct pipes_struct *p,
6202 struct srvsvc_NetFileGetInfo *r)
6203 {
6204- p->rng_fault_state = True;
6205+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6206 return WERR_NOT_SUPPORTED;
6207 }
6208
6209 WERROR _srvsvc_NetShareCheck(struct pipes_struct *p,
6210 struct srvsvc_NetShareCheck *r)
6211 {
6212- p->rng_fault_state = True;
6213+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6214 return WERR_NOT_SUPPORTED;
6215 }
6216
6217 WERROR _srvsvc_NetServerStatisticsGet(struct pipes_struct *p,
6218 struct srvsvc_NetServerStatisticsGet *r)
6219 {
6220- p->rng_fault_state = True;
6221+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6222 return WERR_NOT_SUPPORTED;
6223 }
6224
6225 WERROR _srvsvc_NetTransportAdd(struct pipes_struct *p,
6226 struct srvsvc_NetTransportAdd *r)
6227 {
6228- p->rng_fault_state = True;
6229+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6230 return WERR_NOT_SUPPORTED;
6231 }
6232
6233 WERROR _srvsvc_NetTransportEnum(struct pipes_struct *p,
6234 struct srvsvc_NetTransportEnum *r)
6235 {
6236- p->rng_fault_state = True;
6237+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6238 return WERR_NOT_SUPPORTED;
6239 }
6240
6241 WERROR _srvsvc_NetTransportDel(struct pipes_struct *p,
6242 struct srvsvc_NetTransportDel *r)
6243 {
6244- p->rng_fault_state = True;
6245+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6246 return WERR_NOT_SUPPORTED;
6247 }
6248
6249 WERROR _srvsvc_NetSetServiceBits(struct pipes_struct *p,
6250 struct srvsvc_NetSetServiceBits *r)
6251 {
6252- p->rng_fault_state = True;
6253+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6254 return WERR_NOT_SUPPORTED;
6255 }
6256
6257 WERROR _srvsvc_NetPathType(struct pipes_struct *p,
6258 struct srvsvc_NetPathType *r)
6259 {
6260- p->rng_fault_state = True;
6261+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6262 return WERR_NOT_SUPPORTED;
6263 }
6264
6265 WERROR _srvsvc_NetPathCanonicalize(struct pipes_struct *p,
6266 struct srvsvc_NetPathCanonicalize *r)
6267 {
6268- p->rng_fault_state = True;
6269+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6270 return WERR_NOT_SUPPORTED;
6271 }
6272
6273 WERROR _srvsvc_NetPathCompare(struct pipes_struct *p,
6274 struct srvsvc_NetPathCompare *r)
6275 {
6276- p->rng_fault_state = True;
6277+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6278 return WERR_NOT_SUPPORTED;
6279 }
6280
6281 WERROR _srvsvc_NETRPRNAMECANONICALIZE(struct pipes_struct *p,
6282 struct srvsvc_NETRPRNAMECANONICALIZE *r)
6283 {
6284- p->rng_fault_state = True;
6285+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6286 return WERR_NOT_SUPPORTED;
6287 }
6288
6289 WERROR _srvsvc_NetPRNameCompare(struct pipes_struct *p,
6290 struct srvsvc_NetPRNameCompare *r)
6291 {
6292- p->rng_fault_state = True;
6293+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6294 return WERR_NOT_SUPPORTED;
6295 }
6296
6297 WERROR _srvsvc_NetShareDelStart(struct pipes_struct *p,
6298 struct srvsvc_NetShareDelStart *r)
6299 {
6300- p->rng_fault_state = True;
6301+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6302 return WERR_NOT_SUPPORTED;
6303 }
6304
6305 WERROR _srvsvc_NetShareDelCommit(struct pipes_struct *p,
6306 struct srvsvc_NetShareDelCommit *r)
6307 {
6308- p->rng_fault_state = True;
6309+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6310 return WERR_NOT_SUPPORTED;
6311 }
6312
6313 WERROR _srvsvc_NetServerTransportAddEx(struct pipes_struct *p,
6314 struct srvsvc_NetServerTransportAddEx *r)
6315 {
6316- p->rng_fault_state = True;
6317+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6318 return WERR_NOT_SUPPORTED;
6319 }
6320
6321 WERROR _srvsvc_NetServerSetServiceBitsEx(struct pipes_struct *p,
6322 struct srvsvc_NetServerSetServiceBitsEx *r)
6323 {
6324- p->rng_fault_state = True;
6325+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6326 return WERR_NOT_SUPPORTED;
6327 }
6328
6329 WERROR _srvsvc_NETRDFSGETVERSION(struct pipes_struct *p,
6330 struct srvsvc_NETRDFSGETVERSION *r)
6331 {
6332- p->rng_fault_state = True;
6333+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6334 return WERR_NOT_SUPPORTED;
6335 }
6336
6337 WERROR _srvsvc_NETRDFSCREATELOCALPARTITION(struct pipes_struct *p,
6338 struct srvsvc_NETRDFSCREATELOCALPARTITION *r)
6339 {
6340- p->rng_fault_state = True;
6341+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6342 return WERR_NOT_SUPPORTED;
6343 }
6344
6345 WERROR _srvsvc_NETRDFSDELETELOCALPARTITION(struct pipes_struct *p,
6346 struct srvsvc_NETRDFSDELETELOCALPARTITION *r)
6347 {
6348- p->rng_fault_state = True;
6349+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6350 return WERR_NOT_SUPPORTED;
6351 }
6352
6353 WERROR _srvsvc_NETRDFSSETLOCALVOLUMESTATE(struct pipes_struct *p,
6354 struct srvsvc_NETRDFSSETLOCALVOLUMESTATE *r)
6355 {
6356- p->rng_fault_state = True;
6357+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6358 return WERR_NOT_SUPPORTED;
6359 }
6360
6361 WERROR _srvsvc_NETRDFSSETSERVERINFO(struct pipes_struct *p,
6362 struct srvsvc_NETRDFSSETSERVERINFO *r)
6363 {
6364- p->rng_fault_state = True;
6365+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6366 return WERR_NOT_SUPPORTED;
6367 }
6368
6369 WERROR _srvsvc_NETRDFSCREATEEXITPOINT(struct pipes_struct *p,
6370 struct srvsvc_NETRDFSCREATEEXITPOINT *r)
6371 {
6372- p->rng_fault_state = True;
6373+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6374 return WERR_NOT_SUPPORTED;
6375 }
6376
6377 WERROR _srvsvc_NETRDFSDELETEEXITPOINT(struct pipes_struct *p,
6378 struct srvsvc_NETRDFSDELETEEXITPOINT *r)
6379 {
6380- p->rng_fault_state = True;
6381+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6382 return WERR_NOT_SUPPORTED;
6383 }
6384
6385 WERROR _srvsvc_NETRDFSMODIFYPREFIX(struct pipes_struct *p,
6386 struct srvsvc_NETRDFSMODIFYPREFIX *r)
6387 {
6388- p->rng_fault_state = True;
6389+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6390 return WERR_NOT_SUPPORTED;
6391 }
6392
6393 WERROR _srvsvc_NETRDFSFIXLOCALVOLUME(struct pipes_struct *p,
6394 struct srvsvc_NETRDFSFIXLOCALVOLUME *r)
6395 {
6396- p->rng_fault_state = True;
6397+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6398 return WERR_NOT_SUPPORTED;
6399 }
6400
6401 WERROR _srvsvc_NETRDFSMANAGERREPORTSITEINFO(struct pipes_struct *p,
6402 struct srvsvc_NETRDFSMANAGERREPORTSITEINFO *r)
6403 {
6404- p->rng_fault_state = True;
6405+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6406 return WERR_NOT_SUPPORTED;
6407 }
6408
6409 WERROR _srvsvc_NETRSERVERTRANSPORTDELEX(struct pipes_struct *p,
6410 struct srvsvc_NETRSERVERTRANSPORTDELEX *r)
6411 {
6412- p->rng_fault_state = True;
6413+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6414 return WERR_NOT_SUPPORTED;
6415 }
6416Index: samba-3.6.23/source3/rpc_server/svcctl/srv_svcctl_nt.c
6417===================================================================
6418--- samba-3.6.23.orig/source3/rpc_server/svcctl/srv_svcctl_nt.c
6419+++ samba-3.6.23/source3/rpc_server/svcctl/srv_svcctl_nt.c
6420@@ -1004,195 +1004,195 @@ WERROR _svcctl_SetServiceObjectSecurity(
6421 WERROR _svcctl_DeleteService(struct pipes_struct *p,
6422 struct svcctl_DeleteService *r)
6423 {
6424- p->rng_fault_state = True;
6425+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6426 return WERR_NOT_SUPPORTED;
6427 }
6428
6429 WERROR _svcctl_SetServiceStatus(struct pipes_struct *p,
6430 struct svcctl_SetServiceStatus *r)
6431 {
6432- p->rng_fault_state = True;
6433+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6434 return WERR_NOT_SUPPORTED;
6435 }
6436
6437 WERROR _svcctl_NotifyBootConfigStatus(struct pipes_struct *p,
6438 struct svcctl_NotifyBootConfigStatus *r)
6439 {
6440- p->rng_fault_state = True;
6441+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6442 return WERR_NOT_SUPPORTED;
6443 }
6444
6445 WERROR _svcctl_SCSetServiceBitsW(struct pipes_struct *p,
6446 struct svcctl_SCSetServiceBitsW *r)
6447 {
6448- p->rng_fault_state = True;
6449+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6450 return WERR_NOT_SUPPORTED;
6451 }
6452
6453 WERROR _svcctl_ChangeServiceConfigW(struct pipes_struct *p,
6454 struct svcctl_ChangeServiceConfigW *r)
6455 {
6456- p->rng_fault_state = True;
6457+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6458 return WERR_NOT_SUPPORTED;
6459 }
6460
6461 WERROR _svcctl_CreateServiceW(struct pipes_struct *p,
6462 struct svcctl_CreateServiceW *r)
6463 {
6464- p->rng_fault_state = True;
6465+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6466 return WERR_NOT_SUPPORTED;
6467 }
6468
6469 WERROR _svcctl_QueryServiceLockStatusW(struct pipes_struct *p,
6470 struct svcctl_QueryServiceLockStatusW *r)
6471 {
6472- p->rng_fault_state = True;
6473+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6474 return WERR_NOT_SUPPORTED;
6475 }
6476
6477 WERROR _svcctl_GetServiceKeyNameW(struct pipes_struct *p,
6478 struct svcctl_GetServiceKeyNameW *r)
6479 {
6480- p->rng_fault_state = True;
6481+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6482 return WERR_NOT_SUPPORTED;
6483 }
6484
6485 WERROR _svcctl_SCSetServiceBitsA(struct pipes_struct *p,
6486 struct svcctl_SCSetServiceBitsA *r)
6487 {
6488- p->rng_fault_state = True;
6489+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6490 return WERR_NOT_SUPPORTED;
6491 }
6492
6493 WERROR _svcctl_ChangeServiceConfigA(struct pipes_struct *p,
6494 struct svcctl_ChangeServiceConfigA *r)
6495 {
6496- p->rng_fault_state = True;
6497+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6498 return WERR_NOT_SUPPORTED;
6499 }
6500
6501 WERROR _svcctl_CreateServiceA(struct pipes_struct *p,
6502 struct svcctl_CreateServiceA *r)
6503 {
6504- p->rng_fault_state = True;
6505+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6506 return WERR_NOT_SUPPORTED;
6507 }
6508
6509 WERROR _svcctl_EnumDependentServicesA(struct pipes_struct *p,
6510 struct svcctl_EnumDependentServicesA *r)
6511 {
6512- p->rng_fault_state = True;
6513+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6514 return WERR_NOT_SUPPORTED;
6515 }
6516
6517 WERROR _svcctl_EnumServicesStatusA(struct pipes_struct *p,
6518 struct svcctl_EnumServicesStatusA *r)
6519 {
6520- p->rng_fault_state = True;
6521+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6522 return WERR_NOT_SUPPORTED;
6523 }
6524
6525 WERROR _svcctl_OpenSCManagerA(struct pipes_struct *p,
6526 struct svcctl_OpenSCManagerA *r)
6527 {
6528- p->rng_fault_state = True;
6529+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6530 return WERR_NOT_SUPPORTED;
6531 }
6532
6533 WERROR _svcctl_OpenServiceA(struct pipes_struct *p,
6534 struct svcctl_OpenServiceA *r)
6535 {
6536- p->rng_fault_state = True;
6537+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6538 return WERR_NOT_SUPPORTED;
6539 }
6540
6541 WERROR _svcctl_QueryServiceConfigA(struct pipes_struct *p,
6542 struct svcctl_QueryServiceConfigA *r)
6543 {
6544- p->rng_fault_state = True;
6545+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6546 return WERR_NOT_SUPPORTED;
6547 }
6548
6549 WERROR _svcctl_QueryServiceLockStatusA(struct pipes_struct *p,
6550 struct svcctl_QueryServiceLockStatusA *r)
6551 {
6552- p->rng_fault_state = True;
6553+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6554 return WERR_NOT_SUPPORTED;
6555 }
6556
6557 WERROR _svcctl_StartServiceA(struct pipes_struct *p,
6558 struct svcctl_StartServiceA *r)
6559 {
6560- p->rng_fault_state = True;
6561+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6562 return WERR_NOT_SUPPORTED;
6563 }
6564
6565 WERROR _svcctl_GetServiceDisplayNameA(struct pipes_struct *p,
6566 struct svcctl_GetServiceDisplayNameA *r)
6567 {
6568- p->rng_fault_state = True;
6569+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6570 return WERR_NOT_SUPPORTED;
6571 }
6572
6573 WERROR _svcctl_GetServiceKeyNameA(struct pipes_struct *p,
6574 struct svcctl_GetServiceKeyNameA *r)
6575 {
6576- p->rng_fault_state = True;
6577+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6578 return WERR_NOT_SUPPORTED;
6579 }
6580
6581 WERROR _svcctl_GetCurrentGroupeStateW(struct pipes_struct *p,
6582 struct svcctl_GetCurrentGroupeStateW *r)
6583 {
6584- p->rng_fault_state = True;
6585+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6586 return WERR_NOT_SUPPORTED;
6587 }
6588
6589 WERROR _svcctl_EnumServiceGroupW(struct pipes_struct *p,
6590 struct svcctl_EnumServiceGroupW *r)
6591 {
6592- p->rng_fault_state = True;
6593+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6594 return WERR_NOT_SUPPORTED;
6595 }
6596
6597 WERROR _svcctl_ChangeServiceConfig2A(struct pipes_struct *p,
6598 struct svcctl_ChangeServiceConfig2A *r)
6599 {
6600- p->rng_fault_state = True;
6601+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6602 return WERR_NOT_SUPPORTED;
6603 }
6604
6605 WERROR _svcctl_ChangeServiceConfig2W(struct pipes_struct *p,
6606 struct svcctl_ChangeServiceConfig2W *r)
6607 {
6608- p->rng_fault_state = True;
6609+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6610 return WERR_NOT_SUPPORTED;
6611 }
6612
6613 WERROR _svcctl_QueryServiceConfig2A(struct pipes_struct *p,
6614 struct svcctl_QueryServiceConfig2A *r)
6615 {
6616- p->rng_fault_state = True;
6617+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6618 return WERR_NOT_SUPPORTED;
6619 }
6620
6621 WERROR _EnumServicesStatusExA(struct pipes_struct *p,
6622 struct EnumServicesStatusExA *r)
6623 {
6624- p->rng_fault_state = True;
6625+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6626 return WERR_NOT_SUPPORTED;
6627 }
6628
6629 WERROR _EnumServicesStatusExW(struct pipes_struct *p,
6630 struct EnumServicesStatusExW *r)
6631 {
6632- p->rng_fault_state = True;
6633+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6634 return WERR_NOT_SUPPORTED;
6635 }
6636
6637 WERROR _svcctl_SCSendTSMessage(struct pipes_struct *p,
6638 struct svcctl_SCSendTSMessage *r)
6639 {
6640- p->rng_fault_state = True;
6641+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6642 return WERR_NOT_SUPPORTED;
6643 }
6644Index: samba-3.6.23/source3/rpc_server/winreg/srv_winreg_nt.c
6645===================================================================
6646--- samba-3.6.23.orig/source3/rpc_server/winreg/srv_winreg_nt.c
6647+++ samba-3.6.23/source3/rpc_server/winreg/srv_winreg_nt.c
6648@@ -760,7 +760,7 @@ WERROR _winreg_SaveKeyEx(struct pipes_st
6649 /* fill in your code here if you think this call should
6650 do anything */
6651
6652- p->rng_fault_state = True;
6653+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6654 return WERR_NOT_SUPPORTED;
6655 }
6656
6657@@ -948,7 +948,7 @@ WERROR _winreg_UnLoadKey(struct pipes_st
6658 /* fill in your code here if you think this call should
6659 do anything */
6660
6661- p->rng_fault_state = True;
6662+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6663 return WERR_NOT_SUPPORTED;
6664 }
6665
6666@@ -962,7 +962,7 @@ WERROR _winreg_ReplaceKey(struct pipes_s
6667 /* fill in your code here if you think this call should
6668 do anything */
6669
6670- p->rng_fault_state = True;
6671+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6672 return WERR_NOT_SUPPORTED;
6673 }
6674
6675@@ -976,7 +976,7 @@ WERROR _winreg_LoadKey(struct pipes_stru
6676 /* fill in your code here if you think this call should
6677 do anything */
6678
6679- p->rng_fault_state = True;
6680+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6681 return WERR_NOT_SUPPORTED;
6682 }
6683
6684@@ -1139,6 +1139,6 @@ WERROR _winreg_DeleteKeyEx(struct pipes_
6685 /* fill in your code here if you think this call should
6686 do anything */
6687
6688- p->rng_fault_state = True;
6689+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6690 return WERR_NOT_SUPPORTED;
6691 }
6692Index: samba-3.6.23/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
6693===================================================================
6694--- samba-3.6.23.orig/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
6695+++ samba-3.6.23/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
6696@@ -405,7 +405,7 @@ WERROR _wkssvc_NetWkstaSetInfo(struct pi
6697 struct wkssvc_NetWkstaSetInfo *r)
6698 {
6699 /* FIXME: Add implementation code here */
6700- p->rng_fault_state = True;
6701+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6702 return WERR_NOT_SUPPORTED;
6703 }
6704
6705@@ -608,7 +608,7 @@ WERROR _wkssvc_NetrWkstaUserGetInfo(stru
6706 struct wkssvc_NetrWkstaUserGetInfo *r)
6707 {
6708 /* FIXME: Add implementation code here */
6709- p->rng_fault_state = True;
6710+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6711 return WERR_NOT_SUPPORTED;
6712 }
6713
6714@@ -619,7 +619,7 @@ WERROR _wkssvc_NetrWkstaUserSetInfo(stru
6715 struct wkssvc_NetrWkstaUserSetInfo *r)
6716 {
6717 /* FIXME: Add implementation code here */
6718- p->rng_fault_state = True;
6719+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6720 return WERR_NOT_SUPPORTED;
6721 }
6722
6723@@ -630,7 +630,7 @@ WERROR _wkssvc_NetWkstaTransportEnum(str
6724 struct wkssvc_NetWkstaTransportEnum *r)
6725 {
6726 /* FIXME: Add implementation code here */
6727- p->rng_fault_state = True;
6728+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6729 return WERR_NOT_SUPPORTED;
6730 }
6731
6732@@ -641,7 +641,7 @@ WERROR _wkssvc_NetrWkstaTransportAdd(str
6733 struct wkssvc_NetrWkstaTransportAdd *r)
6734 {
6735 /* FIXME: Add implementation code here */
6736- p->rng_fault_state = True;
6737+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6738 return WERR_NOT_SUPPORTED;
6739 }
6740
6741@@ -652,7 +652,7 @@ WERROR _wkssvc_NetrWkstaTransportDel(str
6742 struct wkssvc_NetrWkstaTransportDel *r)
6743 {
6744 /* FIXME: Add implementation code here */
6745- p->rng_fault_state = True;
6746+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6747 return WERR_NOT_SUPPORTED;
6748 }
6749
6750@@ -663,7 +663,7 @@ WERROR _wkssvc_NetrUseAdd(struct pipes_s
6751 struct wkssvc_NetrUseAdd *r)
6752 {
6753 /* FIXME: Add implementation code here */
6754- p->rng_fault_state = True;
6755+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6756 return WERR_NOT_SUPPORTED;
6757 }
6758
6759@@ -674,7 +674,7 @@ WERROR _wkssvc_NetrUseGetInfo(struct pip
6760 struct wkssvc_NetrUseGetInfo *r)
6761 {
6762 /* FIXME: Add implementation code here */
6763- p->rng_fault_state = True;
6764+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6765 return WERR_NOT_SUPPORTED;
6766 }
6767
6768@@ -685,7 +685,7 @@ WERROR _wkssvc_NetrUseDel(struct pipes_s
6769 struct wkssvc_NetrUseDel *r)
6770 {
6771 /* FIXME: Add implementation code here */
6772- p->rng_fault_state = True;
6773+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6774 return WERR_NOT_SUPPORTED;
6775 }
6776
6777@@ -696,7 +696,7 @@ WERROR _wkssvc_NetrUseEnum(struct pipes_
6778 struct wkssvc_NetrUseEnum *r)
6779 {
6780 /* FIXME: Add implementation code here */
6781- p->rng_fault_state = True;
6782+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6783 return WERR_NOT_SUPPORTED;
6784 }
6785
6786@@ -707,7 +707,7 @@ WERROR _wkssvc_NetrMessageBufferSend(str
6787 struct wkssvc_NetrMessageBufferSend *r)
6788 {
6789 /* FIXME: Add implementation code here */
6790- p->rng_fault_state = True;
6791+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6792 return WERR_NOT_SUPPORTED;
6793 }
6794
6795@@ -718,7 +718,7 @@ WERROR _wkssvc_NetrWorkstationStatistics
6796 struct wkssvc_NetrWorkstationStatisticsGet *r)
6797 {
6798 /* FIXME: Add implementation code here */
6799- p->rng_fault_state = True;
6800+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6801 return WERR_NOT_SUPPORTED;
6802 }
6803
6804@@ -729,7 +729,7 @@ WERROR _wkssvc_NetrLogonDomainNameAdd(st
6805 struct wkssvc_NetrLogonDomainNameAdd *r)
6806 {
6807 /* FIXME: Add implementation code here */
6808- p->rng_fault_state = True;
6809+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6810 return WERR_NOT_SUPPORTED;
6811 }
6812
6813@@ -740,7 +740,7 @@ WERROR _wkssvc_NetrLogonDomainNameDel(st
6814 struct wkssvc_NetrLogonDomainNameDel *r)
6815 {
6816 /* FIXME: Add implementation code here */
6817- p->rng_fault_state = True;
6818+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6819 return WERR_NOT_SUPPORTED;
6820 }
6821
6822@@ -751,7 +751,7 @@ WERROR _wkssvc_NetrJoinDomain(struct pip
6823 struct wkssvc_NetrJoinDomain *r)
6824 {
6825 /* FIXME: Add implementation code here */
6826- p->rng_fault_state = True;
6827+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6828 return WERR_NOT_SUPPORTED;
6829 }
6830
6831@@ -762,7 +762,7 @@ WERROR _wkssvc_NetrUnjoinDomain(struct p
6832 struct wkssvc_NetrUnjoinDomain *r)
6833 {
6834 /* FIXME: Add implementation code here */
6835- p->rng_fault_state = True;
6836+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6837 return WERR_NOT_SUPPORTED;
6838 }
6839
6840@@ -773,7 +773,7 @@ WERROR _wkssvc_NetrRenameMachineInDomain
6841 struct wkssvc_NetrRenameMachineInDomain *r)
6842 {
6843 /* FIXME: Add implementation code here */
6844- p->rng_fault_state = True;
6845+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6846 return WERR_NOT_SUPPORTED;
6847 }
6848
6849@@ -784,7 +784,7 @@ WERROR _wkssvc_NetrValidateName(struct p
6850 struct wkssvc_NetrValidateName *r)
6851 {
6852 /* FIXME: Add implementation code here */
6853- p->rng_fault_state = True;
6854+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6855 return WERR_NOT_SUPPORTED;
6856 }
6857
6858@@ -795,7 +795,7 @@ WERROR _wkssvc_NetrGetJoinInformation(st
6859 struct wkssvc_NetrGetJoinInformation *r)
6860 {
6861 /* FIXME: Add implementation code here */
6862- p->rng_fault_state = True;
6863+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6864 return WERR_NOT_SUPPORTED;
6865 }
6866
6867@@ -806,7 +806,7 @@ WERROR _wkssvc_NetrGetJoinableOus(struct
6868 struct wkssvc_NetrGetJoinableOus *r)
6869 {
6870 /* FIXME: Add implementation code here */
6871- p->rng_fault_state = True;
6872+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6873 return WERR_NOT_SUPPORTED;
6874 }
6875
6876@@ -962,6 +962,7 @@ WERROR _wkssvc_NetrRenameMachineInDomain
6877 struct wkssvc_NetrRenameMachineInDomain2 *r)
6878 {
6879 /* for now just return not supported */
6880+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6881 return WERR_NOT_SUPPORTED;
6882 }
6883
6884@@ -972,7 +973,7 @@ WERROR _wkssvc_NetrValidateName2(struct
6885 struct wkssvc_NetrValidateName2 *r)
6886 {
6887 /* FIXME: Add implementation code here */
6888- p->rng_fault_state = True;
6889+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6890 return WERR_NOT_SUPPORTED;
6891 }
6892
6893@@ -983,7 +984,7 @@ WERROR _wkssvc_NetrGetJoinableOus2(struc
6894 struct wkssvc_NetrGetJoinableOus2 *r)
6895 {
6896 /* FIXME: Add implementation code here */
6897- p->rng_fault_state = True;
6898+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6899 return WERR_NOT_SUPPORTED;
6900 }
6901
6902@@ -994,7 +995,7 @@ WERROR _wkssvc_NetrAddAlternateComputerN
6903 struct wkssvc_NetrAddAlternateComputerName *r)
6904 {
6905 /* FIXME: Add implementation code here */
6906- p->rng_fault_state = True;
6907+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6908 return WERR_NOT_SUPPORTED;
6909 }
6910
6911@@ -1005,7 +1006,7 @@ WERROR _wkssvc_NetrRemoveAlternateComput
6912 struct wkssvc_NetrRemoveAlternateComputerName *r)
6913 {
6914 /* FIXME: Add implementation code here */
6915- p->rng_fault_state = True;
6916+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6917 return WERR_NOT_SUPPORTED;
6918 }
6919
6920@@ -1016,7 +1017,7 @@ WERROR _wkssvc_NetrSetPrimaryComputernam
6921 struct wkssvc_NetrSetPrimaryComputername *r)
6922 {
6923 /* FIXME: Add implementation code here */
6924- p->rng_fault_state = True;
6925+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6926 return WERR_NOT_SUPPORTED;
6927 }
6928
6929@@ -1027,6 +1028,6 @@ WERROR _wkssvc_NetrEnumerateComputerName
6930 struct wkssvc_NetrEnumerateComputerNames *r)
6931 {
6932 /* FIXME: Add implementation code here */
6933- p->rng_fault_state = True;
6934+ p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
6935 return WERR_NOT_SUPPORTED;
6936 }
6937Index: samba-3.6.23/libcli/auth/smbencrypt.c
6938===================================================================
6939--- samba-3.6.23.orig/libcli/auth/smbencrypt.c
6940+++ samba-3.6.23/libcli/auth/smbencrypt.c
6941@@ -355,11 +355,18 @@ DATA_BLOB NTLMv2_generate_names_blob(TAL
6942 DATA_BLOB names_blob = data_blob_talloc(mem_ctx, NULL, 0);
6943
6944 /* Deliberately ignore return here.. */
6945- (void)msrpc_gen(mem_ctx, &names_blob,
6946- "aaa",
6947- MsvAvNbDomainName, domain,
6948- MsvAvNbComputerName, hostname,
6949- MsvAvEOL, "");
6950+ if (hostname != NULL) {
6951+ (void)msrpc_gen(mem_ctx, &names_blob,
6952+ "aaa",
6953+ MsvAvNbDomainName, domain,
6954+ MsvAvNbComputerName, hostname,
6955+ MsvAvEOL, "");
6956+ } else {
6957+ (void)msrpc_gen(mem_ctx, &names_blob,
6958+ "aa",
6959+ MsvAvNbDomainName, domain,
6960+ MsvAvEOL, "");
6961+ }
6962 return names_blob;
6963 }
6964
IPFire 2.x development tree