mshtml/htmltextcont: Initialize value (Coverity).
[wine] / dlls / rpcrt4 / rpc_message.c
1 /*
2  * RPC messages
3  *
4  * Copyright 2001-2002 Ove Kåven, TransGaming Technologies
5  * Copyright 2004 Filip Navara
6  * Copyright 2006 CodeWeavers
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public
10  * License as published by the Free Software Foundation; either
11  * version 2.1 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public
19  * License along with this library; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #include <stdarg.h>
24 #include <stdio.h>
25 #include <string.h>
26
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30
31 #include "rpc.h"
32 #include "rpcndr.h"
33 #include "rpcdcep.h"
34
35 #include "wine/debug.h"
36
37 #include "rpc_binding.h"
38 #include "rpc_defs.h"
39 #include "rpc_message.h"
40 #include "ncastatus.h"
41
42 WINE_DEFAULT_DEBUG_CHANNEL(rpc);
43
44 /* note: the DCE/RPC spec says the alignment amount should be 4, but
45  * MS/RPC servers seem to always use 16 */
46 #define AUTH_ALIGNMENT 16
47
48 /* gets the amount needed to round a value up to the specified alignment */
49 #define ROUND_UP_AMOUNT(value, alignment) \
50     (((alignment) - (((value) % (alignment)))) % (alignment))
51 #define ROUND_UP(value, alignment) (((value) + ((alignment) - 1)) & ~((alignment)-1))
52
53 enum secure_packet_direction
54 {
55   SECURE_PACKET_SEND,
56   SECURE_PACKET_RECEIVE
57 };
58
59 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg);
60
61 static DWORD RPCRT4_GetHeaderSize(const RpcPktHdr *Header)
62 {
63   static const DWORD header_sizes[] = {
64     sizeof(Header->request), 0, sizeof(Header->response),
65     sizeof(Header->fault), 0, 0, 0, 0, 0, 0, 0, sizeof(Header->bind),
66     sizeof(Header->bind_ack), sizeof(Header->bind_nack),
67     0, 0, 0, 0, 0
68   };
69   ULONG ret = 0;
70   
71   if (Header->common.ptype < sizeof(header_sizes) / sizeof(header_sizes[0])) {
72     ret = header_sizes[Header->common.ptype];
73     if (ret == 0)
74       FIXME("unhandled packet type\n");
75     if (Header->common.flags & RPC_FLG_OBJECT_UUID)
76       ret += sizeof(UUID);
77   } else {
78     TRACE("invalid packet type\n");
79   }
80
81   return ret;
82 }
83
84 static int packet_has_body(const RpcPktHdr *Header)
85 {
86     return (Header->common.ptype == PKT_FAULT) ||
87            (Header->common.ptype == PKT_REQUEST) ||
88            (Header->common.ptype == PKT_RESPONSE);
89 }
90
91 static int packet_has_auth_verifier(const RpcPktHdr *Header)
92 {
93     return !(Header->common.ptype == PKT_BIND_NACK) &&
94            !(Header->common.ptype == PKT_SHUTDOWN);
95 }
96
97 static VOID RPCRT4_BuildCommonHeader(RpcPktHdr *Header, unsigned char PacketType,
98                               unsigned long DataRepresentation)
99 {
100   Header->common.rpc_ver = RPC_VER_MAJOR;
101   Header->common.rpc_ver_minor = RPC_VER_MINOR;
102   Header->common.ptype = PacketType;
103   Header->common.drep[0] = LOBYTE(LOWORD(DataRepresentation));
104   Header->common.drep[1] = HIBYTE(LOWORD(DataRepresentation));
105   Header->common.drep[2] = LOBYTE(HIWORD(DataRepresentation));
106   Header->common.drep[3] = HIBYTE(HIWORD(DataRepresentation));
107   Header->common.auth_len = 0;
108   Header->common.call_id = 1;
109   Header->common.flags = 0;
110   /* Flags and fragment length are computed in RPCRT4_Send. */
111 }                              
112
113 static RpcPktHdr *RPCRT4_BuildRequestHeader(unsigned long DataRepresentation,
114                                      unsigned long BufferLength,
115                                      unsigned short ProcNum,
116                                      UUID *ObjectUuid)
117 {
118   RpcPktHdr *header;
119   BOOL has_object;
120   RPC_STATUS status;
121
122   has_object = (ObjectUuid != NULL && !UuidIsNil(ObjectUuid, &status));
123   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
124                      sizeof(header->request) + (has_object ? sizeof(UUID) : 0));
125   if (header == NULL) {
126     return NULL;
127   }
128
129   RPCRT4_BuildCommonHeader(header, PKT_REQUEST, DataRepresentation);
130   header->common.frag_len = sizeof(header->request);
131   header->request.alloc_hint = BufferLength;
132   header->request.context_id = 0;
133   header->request.opnum = ProcNum;
134   if (has_object) {
135     header->common.flags |= RPC_FLG_OBJECT_UUID;
136     header->common.frag_len += sizeof(UUID);
137     memcpy(&header->request + 1, ObjectUuid, sizeof(UUID));
138   }
139
140   return header;
141 }
142
143 RpcPktHdr *RPCRT4_BuildResponseHeader(unsigned long DataRepresentation,
144                                       unsigned long BufferLength)
145 {
146   RpcPktHdr *header;
147
148   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->response));
149   if (header == NULL) {
150     return NULL;
151   }
152
153   RPCRT4_BuildCommonHeader(header, PKT_RESPONSE, DataRepresentation);
154   header->common.frag_len = sizeof(header->response);
155   header->response.alloc_hint = BufferLength;
156
157   return header;
158 }
159
160 RpcPktHdr *RPCRT4_BuildFaultHeader(unsigned long DataRepresentation,
161                                    RPC_STATUS Status)
162 {
163   RpcPktHdr *header;
164
165   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->fault));
166   if (header == NULL) {
167     return NULL;
168   }
169
170   RPCRT4_BuildCommonHeader(header, PKT_FAULT, DataRepresentation);
171   header->common.frag_len = sizeof(header->fault);
172   header->fault.status = Status;
173
174   return header;
175 }
176
177 RpcPktHdr *RPCRT4_BuildBindHeader(unsigned long DataRepresentation,
178                                   unsigned short MaxTransmissionSize,
179                                   unsigned short MaxReceiveSize,
180                                   unsigned long  AssocGroupId,
181                                   const RPC_SYNTAX_IDENTIFIER *AbstractId,
182                                   const RPC_SYNTAX_IDENTIFIER *TransferId)
183 {
184   RpcPktHdr *header;
185
186   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind));
187   if (header == NULL) {
188     return NULL;
189   }
190
191   RPCRT4_BuildCommonHeader(header, PKT_BIND, DataRepresentation);
192   header->common.frag_len = sizeof(header->bind);
193   header->bind.max_tsize = MaxTransmissionSize;
194   header->bind.max_rsize = MaxReceiveSize;
195   header->bind.assoc_gid = AssocGroupId;
196   header->bind.num_elements = 1;
197   header->bind.num_syntaxes = 1;
198   memcpy(&header->bind.abstract, AbstractId, sizeof(RPC_SYNTAX_IDENTIFIER));
199   memcpy(&header->bind.transfer, TransferId, sizeof(RPC_SYNTAX_IDENTIFIER));
200
201   return header;
202 }
203
204 static RpcPktHdr *RPCRT4_BuildAuthHeader(unsigned long DataRepresentation)
205 {
206   RpcPktHdr *header;
207
208   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
209                      sizeof(header->common) + 12);
210   if (header == NULL)
211     return NULL;
212
213   RPCRT4_BuildCommonHeader(header, PKT_AUTH3, DataRepresentation);
214   header->common.frag_len = 0x14;
215   header->common.auth_len = 0;
216
217   return header;
218 }
219
220 RpcPktHdr *RPCRT4_BuildBindNackHeader(unsigned long DataRepresentation,
221                                       unsigned char RpcVersion,
222                                       unsigned char RpcVersionMinor)
223 {
224   RpcPktHdr *header;
225
226   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind_nack));
227   if (header == NULL) {
228     return NULL;
229   }
230
231   RPCRT4_BuildCommonHeader(header, PKT_BIND_NACK, DataRepresentation);
232   header->common.frag_len = sizeof(header->bind_nack);
233   header->bind_nack.reject_reason = REJECT_REASON_NOT_SPECIFIED;
234   header->bind_nack.protocols_count = 1;
235   header->bind_nack.protocols[0].rpc_ver = RpcVersion;
236   header->bind_nack.protocols[0].rpc_ver_minor = RpcVersionMinor;
237
238   return header;
239 }
240
241 RpcPktHdr *RPCRT4_BuildBindAckHeader(unsigned long DataRepresentation,
242                                      unsigned short MaxTransmissionSize,
243                                      unsigned short MaxReceiveSize,
244                                      LPCSTR ServerAddress,
245                                      unsigned long Result,
246                                      unsigned long Reason,
247                                      const RPC_SYNTAX_IDENTIFIER *TransferId)
248 {
249   RpcPktHdr *header;
250   unsigned long header_size;
251   RpcAddressString *server_address;
252   RpcResults *results;
253   RPC_SYNTAX_IDENTIFIER *transfer_id;
254
255   header_size = sizeof(header->bind_ack) +
256                 ROUND_UP(FIELD_OFFSET(RpcAddressString, string[strlen(ServerAddress) + 1]), 4) +
257                 sizeof(RpcResults) +
258                 sizeof(RPC_SYNTAX_IDENTIFIER);
259
260   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, header_size);
261   if (header == NULL) {
262     return NULL;
263   }
264
265   RPCRT4_BuildCommonHeader(header, PKT_BIND_ACK, DataRepresentation);
266   header->common.frag_len = header_size;
267   header->bind_ack.max_tsize = MaxTransmissionSize;
268   header->bind_ack.max_rsize = MaxReceiveSize;
269   server_address = (RpcAddressString*)(&header->bind_ack + 1);
270   server_address->length = strlen(ServerAddress) + 1;
271   strcpy(server_address->string, ServerAddress);
272   /* results is 4-byte aligned */
273   results = (RpcResults*)((ULONG_PTR)server_address + ROUND_UP(FIELD_OFFSET(RpcAddressString, string[server_address->length]), 4));
274   results->num_results = 1;
275   results->results[0].result = Result;
276   results->results[0].reason = Reason;
277   transfer_id = (RPC_SYNTAX_IDENTIFIER*)(results + 1);
278   memcpy(transfer_id, TransferId, sizeof(RPC_SYNTAX_IDENTIFIER));
279
280   return header;
281 }
282
283 VOID RPCRT4_FreeHeader(RpcPktHdr *Header)
284 {
285   HeapFree(GetProcessHeap(), 0, Header);
286 }
287
288 NCA_STATUS RPC2NCA_STATUS(RPC_STATUS status)
289 {
290     switch (status)
291     {
292     case ERROR_INVALID_HANDLE:              return NCA_S_FAULT_CONTEXT_MISMATCH;
293     case ERROR_OUTOFMEMORY:                 return NCA_S_FAULT_REMOTE_NO_MEMORY;
294     case RPC_S_NOT_LISTENING:               return NCA_S_SERVER_TOO_BUSY;
295     case RPC_S_UNKNOWN_IF:                  return NCA_S_UNK_IF;
296     case RPC_S_SERVER_TOO_BUSY:             return NCA_S_SERVER_TOO_BUSY;
297     case RPC_S_CALL_FAILED:                 return NCA_S_FAULT_UNSPEC;
298     case RPC_S_CALL_FAILED_DNE:             return NCA_S_MANAGER_NOT_ENTERED;
299     case RPC_S_PROTOCOL_ERROR:              return NCA_S_PROTO_ERROR;
300     case RPC_S_UNSUPPORTED_TYPE:            return NCA_S_UNSUPPORTED_TYPE;
301     case RPC_S_INVALID_TAG:                 return NCA_S_FAULT_INVALID_TAG;
302     case RPC_S_INVALID_BOUND:               return NCA_S_FAULT_INVALID_BOUND;
303     case RPC_S_PROCNUM_OUT_OF_RANGE:        return NCA_S_OP_RNG_ERROR;
304     case RPC_X_SS_HANDLES_MISMATCH:         return NCA_S_FAULT_CONTEXT_MISMATCH;
305     case RPC_S_CALL_CANCELLED:              return NCA_S_FAULT_CANCEL;
306     case RPC_S_COMM_FAILURE:                return NCA_S_COMM_FAILURE;
307     case RPC_X_WRONG_PIPE_ORDER:            return NCA_S_FAULT_PIPE_ORDER;
308     case RPC_X_PIPE_CLOSED:                 return NCA_S_FAULT_PIPE_CLOSED;
309     case RPC_X_PIPE_DISCIPLINE_ERROR:       return NCA_S_FAULT_PIPE_DISCIPLINE;
310     case RPC_X_PIPE_EMPTY:                  return NCA_S_FAULT_PIPE_EMPTY;
311     case STATUS_FLOAT_DIVIDE_BY_ZERO:       return NCA_S_FAULT_FP_DIV_ZERO;
312     case STATUS_FLOAT_INVALID_OPERATION:    return NCA_S_FAULT_FP_ERROR;
313     case STATUS_FLOAT_OVERFLOW:             return NCA_S_FAULT_FP_OVERFLOW;
314     case STATUS_FLOAT_UNDERFLOW:            return NCA_S_FAULT_FP_UNDERFLOW;
315     case STATUS_INTEGER_DIVIDE_BY_ZERO:     return NCA_S_FAULT_INT_DIV_BY_ZERO;
316     case STATUS_INTEGER_OVERFLOW:           return NCA_S_FAULT_INT_OVERFLOW;
317     default:                                return status;
318     }
319 }
320
321 RPC_STATUS NCA2RPC_STATUS(NCA_STATUS status)
322 {
323     switch (status)
324     {
325     case NCA_S_COMM_FAILURE:            return RPC_S_COMM_FAILURE;
326     case NCA_S_OP_RNG_ERROR:            return RPC_S_PROCNUM_OUT_OF_RANGE;
327     case NCA_S_UNK_IF:                  return RPC_S_UNKNOWN_IF;
328     case NCA_S_YOU_CRASHED:             return RPC_S_CALL_FAILED;
329     case NCA_S_PROTO_ERROR:             return RPC_S_PROTOCOL_ERROR;
330     case NCA_S_OUT_ARGS_TOO_BIG:        return ERROR_NOT_ENOUGH_SERVER_MEMORY;
331     case NCA_S_SERVER_TOO_BUSY:         return RPC_S_SERVER_TOO_BUSY;
332     case NCA_S_UNSUPPORTED_TYPE:        return RPC_S_UNSUPPORTED_TYPE;
333     case NCA_S_FAULT_INT_DIV_BY_ZERO:   return RPC_S_ZERO_DIVIDE;
334     case NCA_S_FAULT_ADDR_ERROR:        return RPC_S_ADDRESS_ERROR;
335     case NCA_S_FAULT_FP_DIV_ZERO:       return RPC_S_FP_DIV_ZERO;
336     case NCA_S_FAULT_FP_UNDERFLOW:      return RPC_S_FP_UNDERFLOW;
337     case NCA_S_FAULT_FP_OVERFLOW:       return RPC_S_FP_OVERFLOW;
338     case NCA_S_FAULT_INVALID_TAG:       return RPC_S_INVALID_TAG;
339     case NCA_S_FAULT_INVALID_BOUND:     return RPC_S_INVALID_BOUND;
340     case NCA_S_RPC_VERSION_MISMATCH:    return RPC_S_PROTOCOL_ERROR;
341     case NCA_S_UNSPEC_REJECT:           return RPC_S_CALL_FAILED_DNE;
342     case NCA_S_BAD_ACTID:               return RPC_S_CALL_FAILED_DNE;
343     case NCA_S_WHO_ARE_YOU_FAILED:      return RPC_S_CALL_FAILED;
344     case NCA_S_MANAGER_NOT_ENTERED:     return RPC_S_CALL_FAILED_DNE;
345     case NCA_S_FAULT_CANCEL:            return RPC_S_CALL_CANCELLED;
346     case NCA_S_FAULT_ILL_INST:          return RPC_S_ADDRESS_ERROR;
347     case NCA_S_FAULT_FP_ERROR:          return RPC_S_FP_OVERFLOW;
348     case NCA_S_FAULT_INT_OVERFLOW:      return RPC_S_ADDRESS_ERROR;
349     case NCA_S_FAULT_UNSPEC:            return RPC_S_CALL_FAILED;
350     case NCA_S_FAULT_PIPE_EMPTY:        return RPC_X_PIPE_EMPTY;
351     case NCA_S_FAULT_PIPE_CLOSED:       return RPC_X_PIPE_CLOSED;
352     case NCA_S_FAULT_PIPE_ORDER:        return RPC_X_WRONG_PIPE_ORDER;
353     case NCA_S_FAULT_PIPE_DISCIPLINE:   return RPC_X_PIPE_DISCIPLINE_ERROR;
354     case NCA_S_FAULT_PIPE_COMM_ERROR:   return RPC_S_COMM_FAILURE;
355     case NCA_S_FAULT_PIPE_MEMORY:       return ERROR_OUTOFMEMORY;
356     case NCA_S_FAULT_CONTEXT_MISMATCH:  return ERROR_INVALID_HANDLE;
357     case NCA_S_FAULT_REMOTE_NO_MEMORY:  return ERROR_NOT_ENOUGH_SERVER_MEMORY;
358     default:                            return status;
359     }
360 }
361
362 static RPC_STATUS RPCRT4_SecurePacket(RpcConnection *Connection,
363     enum secure_packet_direction dir,
364     RpcPktHdr *hdr, unsigned int hdr_size,
365     unsigned char *stub_data, unsigned int stub_data_size,
366     RpcAuthVerifier *auth_hdr,
367     unsigned char *auth_value, unsigned int auth_value_size)
368 {
369     SecBufferDesc message;
370     SecBuffer buffers[4];
371     SECURITY_STATUS sec_status;
372
373     message.ulVersion = SECBUFFER_VERSION;
374     message.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
375     message.pBuffers = buffers;
376
377     buffers[0].cbBuffer = hdr_size;
378     buffers[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
379     buffers[0].pvBuffer = hdr;
380     buffers[1].cbBuffer = stub_data_size;
381     buffers[1].BufferType = SECBUFFER_DATA;
382     buffers[1].pvBuffer = stub_data;
383     buffers[2].cbBuffer = sizeof(*auth_hdr);
384     buffers[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
385     buffers[2].pvBuffer = auth_hdr;
386     buffers[3].cbBuffer = auth_value_size;
387     buffers[3].BufferType = SECBUFFER_TOKEN;
388     buffers[3].pvBuffer = auth_value;
389
390     if (dir == SECURE_PACKET_SEND)
391     {
392         if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
393         {
394             sec_status = EncryptMessage(&Connection->ctx, 0, &message, 0 /* FIXME */);
395             if (sec_status != SEC_E_OK)
396             {
397                 ERR("EncryptMessage failed with 0x%08x\n", sec_status);
398                 return RPC_S_SEC_PKG_ERROR;
399             }
400         }
401         else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
402         {
403             sec_status = MakeSignature(&Connection->ctx, 0, &message, 0 /* FIXME */);
404             if (sec_status != SEC_E_OK)
405             {
406                 ERR("MakeSignature failed with 0x%08x\n", sec_status);
407                 return RPC_S_SEC_PKG_ERROR;
408             }
409         }
410     }
411     else if (dir == SECURE_PACKET_RECEIVE)
412     {
413         if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
414         {
415             sec_status = DecryptMessage(&Connection->ctx, &message, 0 /* FIXME */, 0);
416             if (sec_status != SEC_E_OK)
417             {
418                 ERR("EncryptMessage failed with 0x%08x\n", sec_status);
419                 return RPC_S_SEC_PKG_ERROR;
420             }
421         }
422         else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
423         {
424             sec_status = VerifySignature(&Connection->ctx, &message, 0 /* FIXME */, NULL);
425             if (sec_status != SEC_E_OK)
426             {
427                 ERR("VerifySignature failed with 0x%08x\n", sec_status);
428                 return RPC_S_SEC_PKG_ERROR;
429             }
430         }
431     }
432
433     return RPC_S_OK;
434 }
435          
436 /***********************************************************************
437  *           RPCRT4_SendAuth (internal)
438  * 
439  * Transmit a packet with authorization data over connection in acceptable fragments.
440  */
441 static RPC_STATUS RPCRT4_SendAuth(RpcConnection *Connection, RpcPktHdr *Header,
442                                   void *Buffer, unsigned int BufferLength,
443                                   const void *Auth, unsigned int AuthLength)
444 {
445   PUCHAR buffer_pos;
446   DWORD hdr_size;
447   LONG count;
448   unsigned char *pkt;
449   LONG alen;
450   RPC_STATUS status;
451
452   buffer_pos = Buffer;
453   /* The packet building functions save the packet header size, so we can use it. */
454   hdr_size = Header->common.frag_len;
455   if (AuthLength)
456     Header->common.auth_len = AuthLength;
457   else if (Connection->AuthInfo && packet_has_auth_verifier(Header))
458   {
459     if ((Connection->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(Header))
460       Header->common.auth_len = Connection->encryption_auth_len;
461     else
462       Header->common.auth_len = Connection->signature_auth_len;
463   }
464   else
465     Header->common.auth_len = 0;
466   Header->common.flags |= RPC_FLG_FIRST;
467   Header->common.flags &= ~RPC_FLG_LAST;
468
469   alen = RPC_AUTH_VERIFIER_LEN(&Header->common);
470
471   while (!(Header->common.flags & RPC_FLG_LAST)) {
472     unsigned char auth_pad_len = Header->common.auth_len ? ROUND_UP_AMOUNT(BufferLength, AUTH_ALIGNMENT) : 0;
473     unsigned int pkt_size = BufferLength + hdr_size + alen + auth_pad_len;
474
475     /* decide if we need to split the packet into fragments */
476    if (pkt_size <= Connection->MaxTransmissionSize) {
477      Header->common.flags |= RPC_FLG_LAST;
478      Header->common.frag_len = pkt_size;
479     } else {
480       auth_pad_len = 0;
481       /* make sure packet payload will be a multiple of 16 */
482       Header->common.frag_len =
483         ((Connection->MaxTransmissionSize - hdr_size - alen) & ~(AUTH_ALIGNMENT-1)) +
484         hdr_size + alen;
485     }
486
487     pkt = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Header->common.frag_len);
488
489     memcpy(pkt, Header, hdr_size);
490
491     /* fragment consisted of header only and is the last one */
492     if (hdr_size == Header->common.frag_len)
493       goto write;
494
495     memcpy(pkt + hdr_size, buffer_pos, Header->common.frag_len - hdr_size - auth_pad_len - alen);
496
497     /* add the authorization info */
498     if (Connection->AuthInfo && packet_has_auth_verifier(Header))
499     {
500       RpcAuthVerifier *auth_hdr = (RpcAuthVerifier *)&pkt[Header->common.frag_len - alen];
501
502       auth_hdr->auth_type = Connection->AuthInfo->AuthnSvc;
503       auth_hdr->auth_level = Connection->AuthInfo->AuthnLevel;
504       auth_hdr->auth_pad_length = auth_pad_len;
505       auth_hdr->auth_reserved = 0;
506       /* a unique number... */
507       auth_hdr->auth_context_id = (unsigned long)Connection;
508
509       if (AuthLength)
510         memcpy(auth_hdr + 1, Auth, AuthLength);
511       else
512       {
513         status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_SEND,
514             (RpcPktHdr *)pkt, hdr_size,
515             pkt + hdr_size, Header->common.frag_len - hdr_size - alen,
516             auth_hdr,
517             (unsigned char *)(auth_hdr + 1), Header->common.auth_len);
518         if (status != RPC_S_OK)
519         {
520           HeapFree(GetProcessHeap(), 0, pkt);
521           return status;
522         }
523       }
524     }
525
526 write:
527     count = rpcrt4_conn_write(Connection, pkt, Header->common.frag_len);
528     HeapFree(GetProcessHeap(), 0, pkt);
529     if (count<0) {
530       WARN("rpcrt4_conn_write failed (auth)\n");
531       return RPC_S_PROTOCOL_ERROR;
532     }
533
534     buffer_pos += Header->common.frag_len - hdr_size - alen - auth_pad_len;
535     BufferLength -= Header->common.frag_len - hdr_size - alen - auth_pad_len;
536     Header->common.flags &= ~RPC_FLG_FIRST;
537   }
538
539   return RPC_S_OK;
540 }
541
542 /***********************************************************************
543  *           RPCRT4_ClientAuthorize (internal)
544  *
545  * Authorize a client connection. A NULL in param signifies a new connection.
546  */
547 static RPC_STATUS RPCRT4_ClientAuthorize(RpcConnection *conn, SecBuffer *in,
548                                          SecBuffer *out)
549 {
550   SECURITY_STATUS r;
551   SecBufferDesc out_desc;
552   SecBufferDesc inp_desc;
553   SecPkgContext_Sizes secctx_sizes;
554   BOOL continue_needed;
555   ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
556                       ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE;
557
558   if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
559     context_req |= ISC_REQ_INTEGRITY;
560   else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
561     context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
562
563   out->BufferType = SECBUFFER_TOKEN;
564   out->cbBuffer = conn->AuthInfo->cbMaxToken;
565   out->pvBuffer = HeapAlloc(GetProcessHeap(), 0, out->cbBuffer);
566   if (!out->pvBuffer) return ERROR_OUTOFMEMORY;
567
568   out_desc.ulVersion = 0;
569   out_desc.cBuffers = 1;
570   out_desc.pBuffers = out;
571
572   inp_desc.cBuffers = 1;
573   inp_desc.pBuffers = in;
574   inp_desc.ulVersion = 0;
575
576   r = InitializeSecurityContextA(&conn->AuthInfo->cred, in ? &conn->ctx : NULL,
577         NULL, context_req, 0, SECURITY_NETWORK_DREP,
578         in ? &inp_desc : NULL, 0, &conn->ctx, &out_desc, &conn->attr,
579         &conn->exp);
580   if (FAILED(r))
581   {
582       WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
583       goto failed;
584   }
585
586   TRACE("r = 0x%08x, attr = 0x%08x\n", r, conn->attr);
587   continue_needed = ((r == SEC_I_CONTINUE_NEEDED) ||
588                      (r == SEC_I_COMPLETE_AND_CONTINUE));
589
590   if ((r == SEC_I_COMPLETE_NEEDED) || (r == SEC_I_COMPLETE_AND_CONTINUE))
591   {
592       TRACE("complete needed\n");
593       r = CompleteAuthToken(&conn->ctx, &out_desc);
594       if (FAILED(r))
595       {
596           WARN("CompleteAuthToken failed with error 0x%08x\n", r);
597           goto failed;
598       }
599   }
600
601   TRACE("cbBuffer = %ld\n", out->cbBuffer);
602
603   if (!continue_needed)
604   {
605       r = QueryContextAttributesA(&conn->ctx, SECPKG_ATTR_SIZES, &secctx_sizes);
606       if (FAILED(r))
607       {
608           WARN("QueryContextAttributes failed with error 0x%08x\n", r);
609           goto failed;
610       }
611       conn->signature_auth_len = secctx_sizes.cbMaxSignature;
612       conn->encryption_auth_len = secctx_sizes.cbSecurityTrailer;
613   }
614
615   return RPC_S_OK;
616
617 failed:
618   HeapFree(GetProcessHeap(), 0, out->pvBuffer);
619   out->pvBuffer = NULL;
620   return ERROR_ACCESS_DENIED; /* FIXME: is this correct? */
621 }
622
623 /***********************************************************************
624  *           RPCRT4_AuthorizeBinding (internal)
625  */
626 static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
627                                             BYTE *challenge, ULONG count)
628 {
629   SecBuffer inp, out;
630   RpcPktHdr *resp_hdr;
631   RPC_STATUS status;
632
633   TRACE("challenge %s, %d bytes\n", challenge, count);
634
635   inp.BufferType = SECBUFFER_TOKEN;
636   inp.pvBuffer = challenge;
637   inp.cbBuffer = count;
638
639   status = RPCRT4_ClientAuthorize(conn, &inp, &out);
640   if (status) return status;
641
642   resp_hdr = RPCRT4_BuildAuthHeader(NDR_LOCAL_DATA_REPRESENTATION);
643   if (!resp_hdr)
644     return E_OUTOFMEMORY;
645
646   status = RPCRT4_SendAuth(conn, resp_hdr, NULL, 0, out.pvBuffer, out.cbBuffer);
647
648   HeapFree(GetProcessHeap(), 0, out.pvBuffer);
649   RPCRT4_FreeHeader(resp_hdr);
650
651   return status;
652 }
653
654 /***********************************************************************
655  *           RPCRT4_Send (internal)
656  * 
657  * Transmit a packet over connection in acceptable fragments.
658  */
659 RPC_STATUS RPCRT4_Send(RpcConnection *Connection, RpcPktHdr *Header,
660                        void *Buffer, unsigned int BufferLength)
661 {
662   RPC_STATUS r;
663   SecBuffer out;
664
665   if (!Connection->AuthInfo || SecIsValidHandle(&Connection->ctx))
666   {
667     return RPCRT4_SendAuth(Connection, Header, Buffer, BufferLength, NULL, 0);
668   }
669
670   /* tack on a negotiate packet */
671   RPCRT4_ClientAuthorize(Connection, NULL, &out);
672   r = RPCRT4_SendAuth(Connection, Header, Buffer, BufferLength, out.pvBuffer, out.cbBuffer);
673   HeapFree(GetProcessHeap(), 0, out.pvBuffer);
674
675   return r;
676 }
677
678 /***********************************************************************
679  *           RPCRT4_Receive (internal)
680  * 
681  * Receive a packet from connection and merge the fragments.
682  */
683 RPC_STATUS RPCRT4_Receive(RpcConnection *Connection, RpcPktHdr **Header,
684                           PRPC_MESSAGE pMsg)
685 {
686   RPC_STATUS status;
687   DWORD hdr_length;
688   LONG dwRead;
689   unsigned short first_flag;
690   unsigned long data_length;
691   unsigned long buffer_length;
692   unsigned long auth_length;
693   unsigned char *auth_data = NULL;
694   RpcPktCommonHdr common_hdr;
695
696   *Header = NULL;
697
698   TRACE("(%p, %p, %p)\n", Connection, Header, pMsg);
699
700   /* read packet common header */
701   dwRead = rpcrt4_conn_read(Connection, &common_hdr, sizeof(common_hdr));
702   if (dwRead != sizeof(common_hdr)) {
703     WARN("Short read of header, %d bytes\n", dwRead);
704     status = RPC_S_PROTOCOL_ERROR;
705     goto fail;
706   }
707
708   /* verify if the header really makes sense */
709   if (common_hdr.rpc_ver != RPC_VER_MAJOR ||
710       common_hdr.rpc_ver_minor != RPC_VER_MINOR) {
711     WARN("unhandled packet version\n");
712     status = RPC_S_PROTOCOL_ERROR;
713     goto fail;
714   }
715
716   hdr_length = RPCRT4_GetHeaderSize((RpcPktHdr*)&common_hdr);
717   if (hdr_length == 0) {
718     WARN("header length == 0\n");
719     status = RPC_S_PROTOCOL_ERROR;
720     goto fail;
721   }
722
723   *Header = HeapAlloc(GetProcessHeap(), 0, hdr_length);
724   memcpy(*Header, &common_hdr, sizeof(common_hdr));
725
726   /* read the rest of packet header */
727   dwRead = rpcrt4_conn_read(Connection, &(*Header)->common + 1, hdr_length - sizeof(common_hdr));
728   if (dwRead != hdr_length - sizeof(common_hdr)) {
729     WARN("bad header length, %d bytes, hdr_length %d\n", dwRead, hdr_length);
730     status = RPC_S_PROTOCOL_ERROR;
731     goto fail;
732   }
733
734   /* read packet body */
735   switch (common_hdr.ptype) {
736   case PKT_RESPONSE:
737     pMsg->BufferLength = (*Header)->response.alloc_hint;
738     break;
739   case PKT_REQUEST:
740     pMsg->BufferLength = (*Header)->request.alloc_hint;
741     break;
742   default:
743     pMsg->BufferLength = common_hdr.frag_len - hdr_length - RPC_AUTH_VERIFIER_LEN(&common_hdr);
744   }
745
746   TRACE("buffer length = %u\n", pMsg->BufferLength);
747
748   status = I_RpcGetBuffer(pMsg);
749   if (status != RPC_S_OK) goto fail;
750
751   first_flag = RPC_FLG_FIRST;
752   auth_length = common_hdr.auth_len;
753   if (auth_length) {
754     auth_data = HeapAlloc(GetProcessHeap(), 0, RPC_AUTH_VERIFIER_LEN(&common_hdr));
755     if (!auth_data) {
756       status = RPC_S_PROTOCOL_ERROR;
757       goto fail;
758     }
759   }
760   buffer_length = 0;
761   while (TRUE)
762   {
763     unsigned int header_auth_len = RPC_AUTH_VERIFIER_LEN(&(*Header)->common);
764
765     /* verify header fields */
766
767     if (((*Header)->common.frag_len < hdr_length) ||
768         ((*Header)->common.frag_len - hdr_length < header_auth_len)) {
769       WARN("frag_len %d too small for hdr_length %d and auth_len %d\n",
770         (*Header)->common.frag_len, hdr_length, header_auth_len);
771       status = RPC_S_PROTOCOL_ERROR;
772       goto fail;
773     }
774
775     if ((*Header)->common.auth_len != auth_length) {
776       WARN("auth_len header field changed from %ld to %d\n",
777         auth_length, (*Header)->common.auth_len);
778       status = RPC_S_PROTOCOL_ERROR;
779       goto fail;
780     }
781
782     if (((*Header)->common.flags & RPC_FLG_FIRST) != first_flag) {
783       TRACE("invalid packet flags\n");
784       status = RPC_S_PROTOCOL_ERROR;
785       goto fail;
786     }
787
788     data_length = (*Header)->common.frag_len - hdr_length - header_auth_len;
789     if (data_length + buffer_length > pMsg->BufferLength) {
790       TRACE("allocation hint exceeded, new buffer length = %ld\n",
791         data_length + buffer_length);
792       pMsg->BufferLength = data_length + buffer_length;
793       status = I_RpcReAllocateBuffer(pMsg);
794       if (status != RPC_S_OK) goto fail;
795     }
796
797     if (data_length == 0) dwRead = 0; else
798     dwRead = rpcrt4_conn_read(Connection,
799         (unsigned char *)pMsg->Buffer + buffer_length, data_length);
800     if (dwRead != data_length) {
801       WARN("bad data length, %d/%ld\n", dwRead, data_length);
802       status = RPC_S_PROTOCOL_ERROR;
803       goto fail;
804     }
805
806     if (header_auth_len) {
807       if (header_auth_len < sizeof(RpcAuthVerifier)) {
808         WARN("bad auth verifier length %d\n", header_auth_len);
809         status = RPC_S_PROTOCOL_ERROR;
810         goto fail;
811       }
812
813       /* FIXME: we should accumulate authentication data for the bind,
814        * bind_ack, alter_context and alter_context_response if necessary.
815        * however, the details of how this is done is very sketchy in the
816        * DCE/RPC spec. for all other packet types that have authentication
817        * verifier data then it is just duplicated in all the fragments */
818       dwRead = rpcrt4_conn_read(Connection, auth_data, header_auth_len);
819       if (dwRead != header_auth_len) {
820         WARN("bad authentication data length, %d/%d\n", dwRead,
821           header_auth_len);
822         status = RPC_S_PROTOCOL_ERROR;
823         goto fail;
824       }
825
826       /* these packets are handled specially, not by the generic SecurePacket
827        * function */
828       if ((common_hdr.ptype != PKT_BIND) &&
829           (common_hdr.ptype != PKT_BIND_ACK) &&
830           (common_hdr.ptype != PKT_AUTH3))
831         status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_RECEIVE,
832             *Header, hdr_length,
833             (unsigned char *)pMsg->Buffer + buffer_length, data_length,
834             (RpcAuthVerifier *)auth_data,
835             (unsigned char *)auth_data + sizeof(RpcAuthVerifier),
836             header_auth_len - sizeof(RpcAuthVerifier));
837     }
838
839     buffer_length += data_length;
840     if (!((*Header)->common.flags & RPC_FLG_LAST)) {
841       TRACE("next header\n");
842
843       /* read the header of next packet */
844       dwRead = rpcrt4_conn_read(Connection, *Header, hdr_length);
845       if (dwRead != hdr_length) {
846         WARN("invalid packet header size (%d)\n", dwRead);
847         status = RPC_S_PROTOCOL_ERROR;
848         goto fail;
849       }
850
851       first_flag = 0;
852     } else {
853       break;
854     }
855   }
856   pMsg->BufferLength = buffer_length;
857
858   /* respond to authorization request */
859   if (common_hdr.ptype == PKT_BIND_ACK && auth_length > sizeof(RpcAuthVerifier))
860   {
861     status = RPCRT_AuthorizeConnection(Connection,
862                                        auth_data + sizeof(RpcAuthVerifier),
863                                        auth_length);
864     if (status)
865         goto fail;
866   }
867
868   /* success */
869   status = RPC_S_OK;
870
871 fail:
872   if (status != RPC_S_OK) {
873     RPCRT4_FreeHeader(*Header);
874     *Header = NULL;
875   }
876   HeapFree(GetProcessHeap(), 0, auth_data);
877   return status;
878 }
879
880 /***********************************************************************
881  *           I_RpcGetBuffer [RPCRT4.@]
882  *
883  * Allocates a buffer for use by I_RpcSend or I_RpcSendReceive and binds to the
884  * server interface.
885  *
886  * PARAMS
887  *  pMsg [I/O] RPC message information.
888  *
889  * RETURNS
890  *  Success: RPC_S_OK.
891  *  Failure: RPC_S_INVALID_BINDING if pMsg->Handle is invalid.
892  *           RPC_S_SERVER_UNAVAILABLE if unable to connect to server.
893  *           ERROR_OUTOFMEMORY if buffer allocation failed.
894  *
895  * NOTES
896  *  The pMsg->BufferLength field determines the size of the buffer to allocate,
897  *  in bytes.
898  *
899  *  Use I_RpcFreeBuffer() to unbind from the server and free the message buffer.
900  *
901  * SEE ALSO
902  *  I_RpcFreeBuffer(), I_RpcSend(), I_RpcReceive(), I_RpcSendReceive().
903  */
904 RPC_STATUS WINAPI I_RpcGetBuffer(PRPC_MESSAGE pMsg)
905 {
906   TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
907   /* FIXME: pfnAllocate? */
908   pMsg->Buffer = HeapAlloc(GetProcessHeap(), 0, pMsg->BufferLength);
909
910   TRACE("Buffer=%p\n", pMsg->Buffer);
911   /* FIXME: which errors to return? */
912   return pMsg->Buffer ? S_OK : E_OUTOFMEMORY;
913 }
914
915 /***********************************************************************
916  *           I_RpcReAllocateBuffer (internal)
917  */
918 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg)
919 {
920   TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
921   pMsg->Buffer = HeapReAlloc(GetProcessHeap(), 0, pMsg->Buffer, pMsg->BufferLength);
922
923   TRACE("Buffer=%p\n", pMsg->Buffer);
924   return pMsg->Buffer ? RPC_S_OK : RPC_S_OUT_OF_RESOURCES;
925 }
926
927 /***********************************************************************
928  *           I_RpcFreeBuffer [RPCRT4.@]
929  *
930  * Frees a buffer allocated by I_RpcGetBuffer or I_RpcReceive and unbinds from
931  * the server interface.
932  *
933  * PARAMS
934  *  pMsg [I/O] RPC message information.
935  *
936  * RETURNS
937  *  RPC_S_OK.
938  *
939  * SEE ALSO
940  *  I_RpcGetBuffer(), I_RpcReceive().
941  */
942 RPC_STATUS WINAPI I_RpcFreeBuffer(PRPC_MESSAGE pMsg)
943 {
944   TRACE("(%p) Buffer=%p\n", pMsg, pMsg->Buffer);
945   /* FIXME: pfnFree? */
946   HeapFree(GetProcessHeap(), 0, pMsg->Buffer);
947   pMsg->Buffer = NULL;
948   return S_OK;
949 }
950
951 /***********************************************************************
952  *           I_RpcSend [RPCRT4.@]
953  *
954  * Sends a message to the server.
955  *
956  * PARAMS
957  *  pMsg [I/O] RPC message information.
958  *
959  * RETURNS
960  *  Unknown.
961  *
962  * NOTES
963  *  The buffer must have been allocated with I_RpcGetBuffer().
964  *
965  * SEE ALSO
966  *  I_RpcGetBuffer(), I_RpcReceive(), I_RpcSendReceive().
967  */
968 RPC_STATUS WINAPI I_RpcSend(PRPC_MESSAGE pMsg)
969 {
970   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
971   RpcConnection* conn;
972   RPC_CLIENT_INTERFACE* cif = NULL;
973   RPC_STATUS status;
974   RpcPktHdr *hdr;
975
976   TRACE("(%p)\n", pMsg);
977   if (!bind || bind->server) return RPC_S_INVALID_BINDING;
978
979   cif = pMsg->RpcInterfaceInformation;
980   if (!cif) return RPC_S_INTERFACE_NOT_FOUND; /* ? */
981
982   if (!bind->Endpoint || !bind->Endpoint[0])
983   {
984     TRACE("automatically resolving partially bound binding\n");
985     status = RpcEpResolveBinding(bind, cif);
986     if (status != RPC_S_OK) return status;
987   }
988
989   status = RPCRT4_OpenBinding(bind, &conn, &cif->TransferSyntax,
990                               &cif->InterfaceId);
991   if (status != RPC_S_OK) return status;
992
993   hdr = RPCRT4_BuildRequestHeader(pMsg->DataRepresentation,
994                                   pMsg->BufferLength, pMsg->ProcNum,
995                                   &bind->ObjectUuid);
996   if (!hdr)
997   {
998     RPCRT4_CloseBinding(bind, conn);
999     return ERROR_OUTOFMEMORY;
1000   }
1001   hdr->common.call_id = conn->NextCallId++;
1002
1003   status = RPCRT4_Send(conn, hdr, pMsg->Buffer, pMsg->BufferLength);
1004
1005   RPCRT4_FreeHeader(hdr);
1006
1007   /* save the connection, so the response can be read from it */
1008   pMsg->ReservedForRuntime = conn;
1009   return status;
1010 }
1011
1012 /* is this status something that the server can't recover from? */
1013 static inline BOOL is_hard_error(RPC_STATUS status)
1014 {
1015     switch (status)
1016     {
1017     case 0: /* user-defined fault */
1018     case ERROR_ACCESS_DENIED:
1019     case ERROR_INVALID_PARAMETER:
1020     case RPC_S_PROTOCOL_ERROR:
1021     case RPC_S_CALL_FAILED:
1022     case RPC_S_CALL_FAILED_DNE:
1023     case RPC_S_SEC_PKG_ERROR:
1024         return TRUE;
1025     default:
1026         return FALSE;
1027     }
1028 }
1029
1030 /***********************************************************************
1031  *           I_RpcReceive [RPCRT4.@]
1032  */
1033 RPC_STATUS WINAPI I_RpcReceive(PRPC_MESSAGE pMsg)
1034 {
1035   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1036   RpcConnection* conn;
1037   RPC_CLIENT_INTERFACE* cif = NULL;
1038   RPC_SERVER_INTERFACE* sif = NULL;
1039   RPC_STATUS status;
1040   RpcPktHdr *hdr = NULL;
1041
1042   TRACE("(%p)\n", pMsg);
1043   if (!bind) return RPC_S_INVALID_BINDING;
1044
1045   if (pMsg->ReservedForRuntime) {
1046     conn = pMsg->ReservedForRuntime;
1047     pMsg->ReservedForRuntime = NULL;
1048   } else {
1049     if (bind->server) {
1050       sif = pMsg->RpcInterfaceInformation;
1051       if (!sif) return RPC_S_INTERFACE_NOT_FOUND; /* ? */
1052       status = RPCRT4_OpenBinding(bind, &conn, &sif->TransferSyntax,
1053                                   &sif->InterfaceId);
1054     } else {
1055       cif = pMsg->RpcInterfaceInformation;
1056       if (!cif) return RPC_S_INTERFACE_NOT_FOUND; /* ? */
1057
1058       if (!bind->Endpoint || !bind->Endpoint[0])
1059       {
1060         TRACE("automatically resolving partially bound binding\n");
1061         status = RpcEpResolveBinding(bind, cif);
1062         if (status != RPC_S_OK) return status;
1063       }
1064
1065       status = RPCRT4_OpenBinding(bind, &conn, &cif->TransferSyntax,
1066                                   &cif->InterfaceId);
1067     }
1068     if (status != RPC_S_OK) return status;
1069   }
1070
1071   status = RPCRT4_Receive(conn, &hdr, pMsg);
1072   if (status != RPC_S_OK) {
1073     WARN("receive failed with error %lx\n", status);
1074     goto fail;
1075   }
1076
1077   switch (hdr->common.ptype) {
1078   case PKT_RESPONSE:
1079     if (bind->server) {
1080         status = RPC_S_PROTOCOL_ERROR;
1081         goto fail;
1082     }
1083     break;
1084   case PKT_REQUEST:
1085     if (!bind->server) {
1086         status = RPC_S_PROTOCOL_ERROR;
1087         goto fail;
1088     }
1089     break;
1090   case PKT_FAULT:
1091     ERR ("we got fault packet with status 0x%lx\n", hdr->fault.status);
1092     status = NCA2RPC_STATUS(hdr->fault.status);
1093     if (is_hard_error(status))
1094         goto fail;
1095     break;
1096   default:
1097     WARN("bad packet type %d\n", hdr->common.ptype);
1098     status = RPC_S_PROTOCOL_ERROR;
1099     goto fail;
1100   }
1101
1102   /* success */
1103   RPCRT4_CloseBinding(bind, conn);
1104   RPCRT4_FreeHeader(hdr);
1105   return status;
1106
1107 fail:
1108   RPCRT4_FreeHeader(hdr);
1109   RPCRT4_DestroyConnection(conn);
1110   return status;
1111 }
1112
1113 /***********************************************************************
1114  *           I_RpcSendReceive [RPCRT4.@]
1115  *
1116  * Sends a message to the server and receives the response.
1117  *
1118  * PARAMS
1119  *  pMsg [I/O] RPC message information.
1120  *
1121  * RETURNS
1122  *  Success: RPC_S_OK.
1123  *  Failure: Any error code.
1124  *
1125  * NOTES
1126  *  The buffer must have been allocated with I_RpcGetBuffer().
1127  *
1128  * SEE ALSO
1129  *  I_RpcGetBuffer(), I_RpcSend(), I_RpcReceive().
1130  */
1131 RPC_STATUS WINAPI I_RpcSendReceive(PRPC_MESSAGE pMsg)
1132 {
1133   RPC_STATUS status;
1134   RPC_MESSAGE original_message;
1135
1136   TRACE("(%p)\n", pMsg);
1137
1138   original_message = *pMsg;
1139   status = I_RpcSend(pMsg);
1140   if (status == RPC_S_OK)
1141     status = I_RpcReceive(pMsg);
1142   /* free the buffer replaced by a new buffer in I_RpcReceive */
1143   if (status == RPC_S_OK)
1144     I_RpcFreeBuffer(&original_message);
1145   return status;
1146 }