makefiles: List the static libraries as normal imports instead of extra libs.
[wine] / dlls / rpcrt4 / rpc_message.c
1 /*
2  * RPC messages
3  *
4  * Copyright 2001-2002 Ove Kåven, TransGaming Technologies
5  * Copyright 2004 Filip Navara
6  * Copyright 2006 CodeWeavers
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public
10  * License as published by the Free Software Foundation; either
11  * version 2.1 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public
19  * License along with this library; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #include <stdarg.h>
24 #include <stdio.h>
25 #include <string.h>
26
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winuser.h"
31
32 #include "rpc.h"
33 #include "rpcndr.h"
34 #include "rpcdcep.h"
35
36 #include "wine/debug.h"
37
38 #include "rpc_binding.h"
39 #include "rpc_defs.h"
40 #include "rpc_message.h"
41 #include "ncastatus.h"
42
43 WINE_DEFAULT_DEBUG_CHANNEL(rpc);
44
45 /* note: the DCE/RPC spec says the alignment amount should be 4, but
46  * MS/RPC servers seem to always use 16 */
47 #define AUTH_ALIGNMENT 16
48
49 /* gets the amount needed to round a value up to the specified alignment */
50 #define ROUND_UP_AMOUNT(value, alignment) \
51     (((alignment) - (((value) % (alignment)))) % (alignment))
52 #define ROUND_UP(value, alignment) (((value) + ((alignment) - 1)) & ~((alignment)-1))
53
54 enum secure_packet_direction
55 {
56   SECURE_PACKET_SEND,
57   SECURE_PACKET_RECEIVE
58 };
59
60 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg);
61
62 static DWORD RPCRT4_GetHeaderSize(const RpcPktHdr *Header)
63 {
64   static const DWORD header_sizes[] = {
65     sizeof(Header->request), 0, sizeof(Header->response),
66     sizeof(Header->fault), 0, 0, 0, 0, 0, 0, 0, sizeof(Header->bind),
67     sizeof(Header->bind_ack), sizeof(Header->bind_nack),
68     0, 0, 0, 0, 0
69   };
70   ULONG ret = 0;
71   
72   if (Header->common.ptype < sizeof(header_sizes) / sizeof(header_sizes[0])) {
73     ret = header_sizes[Header->common.ptype];
74     if (ret == 0)
75       FIXME("unhandled packet type\n");
76     if (Header->common.flags & RPC_FLG_OBJECT_UUID)
77       ret += sizeof(UUID);
78   } else {
79     TRACE("invalid packet type\n");
80   }
81
82   return ret;
83 }
84
85 static int packet_has_body(const RpcPktHdr *Header)
86 {
87     return (Header->common.ptype == PKT_FAULT) ||
88            (Header->common.ptype == PKT_REQUEST) ||
89            (Header->common.ptype == PKT_RESPONSE);
90 }
91
92 static int packet_has_auth_verifier(const RpcPktHdr *Header)
93 {
94     return !(Header->common.ptype == PKT_BIND_NACK) &&
95            !(Header->common.ptype == PKT_SHUTDOWN);
96 }
97
98 static VOID RPCRT4_BuildCommonHeader(RpcPktHdr *Header, unsigned char PacketType,
99                               unsigned long DataRepresentation)
100 {
101   Header->common.rpc_ver = RPC_VER_MAJOR;
102   Header->common.rpc_ver_minor = RPC_VER_MINOR;
103   Header->common.ptype = PacketType;
104   Header->common.drep[0] = LOBYTE(LOWORD(DataRepresentation));
105   Header->common.drep[1] = HIBYTE(LOWORD(DataRepresentation));
106   Header->common.drep[2] = LOBYTE(HIWORD(DataRepresentation));
107   Header->common.drep[3] = HIBYTE(HIWORD(DataRepresentation));
108   Header->common.auth_len = 0;
109   Header->common.call_id = 1;
110   Header->common.flags = 0;
111   /* Flags and fragment length are computed in RPCRT4_Send. */
112 }                              
113
114 static RpcPktHdr *RPCRT4_BuildRequestHeader(unsigned long DataRepresentation,
115                                      unsigned long BufferLength,
116                                      unsigned short ProcNum,
117                                      UUID *ObjectUuid)
118 {
119   RpcPktHdr *header;
120   BOOL has_object;
121   RPC_STATUS status;
122
123   has_object = (ObjectUuid != NULL && !UuidIsNil(ObjectUuid, &status));
124   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
125                      sizeof(header->request) + (has_object ? sizeof(UUID) : 0));
126   if (header == NULL) {
127     return NULL;
128   }
129
130   RPCRT4_BuildCommonHeader(header, PKT_REQUEST, DataRepresentation);
131   header->common.frag_len = sizeof(header->request);
132   header->request.alloc_hint = BufferLength;
133   header->request.context_id = 0;
134   header->request.opnum = ProcNum;
135   if (has_object) {
136     header->common.flags |= RPC_FLG_OBJECT_UUID;
137     header->common.frag_len += sizeof(UUID);
138     memcpy(&header->request + 1, ObjectUuid, sizeof(UUID));
139   }
140
141   return header;
142 }
143
144 RpcPktHdr *RPCRT4_BuildResponseHeader(unsigned long DataRepresentation,
145                                       unsigned long BufferLength)
146 {
147   RpcPktHdr *header;
148
149   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->response));
150   if (header == NULL) {
151     return NULL;
152   }
153
154   RPCRT4_BuildCommonHeader(header, PKT_RESPONSE, DataRepresentation);
155   header->common.frag_len = sizeof(header->response);
156   header->response.alloc_hint = BufferLength;
157
158   return header;
159 }
160
161 RpcPktHdr *RPCRT4_BuildFaultHeader(unsigned long DataRepresentation,
162                                    RPC_STATUS Status)
163 {
164   RpcPktHdr *header;
165
166   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->fault));
167   if (header == NULL) {
168     return NULL;
169   }
170
171   RPCRT4_BuildCommonHeader(header, PKT_FAULT, DataRepresentation);
172   header->common.frag_len = sizeof(header->fault);
173   header->fault.status = Status;
174
175   return header;
176 }
177
178 RpcPktHdr *RPCRT4_BuildBindHeader(unsigned long DataRepresentation,
179                                   unsigned short MaxTransmissionSize,
180                                   unsigned short MaxReceiveSize,
181                                   unsigned long  AssocGroupId,
182                                   const RPC_SYNTAX_IDENTIFIER *AbstractId,
183                                   const RPC_SYNTAX_IDENTIFIER *TransferId)
184 {
185   RpcPktHdr *header;
186
187   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind));
188   if (header == NULL) {
189     return NULL;
190   }
191
192   RPCRT4_BuildCommonHeader(header, PKT_BIND, DataRepresentation);
193   header->common.frag_len = sizeof(header->bind);
194   header->bind.max_tsize = MaxTransmissionSize;
195   header->bind.max_rsize = MaxReceiveSize;
196   header->bind.assoc_gid = AssocGroupId;
197   header->bind.num_elements = 1;
198   header->bind.num_syntaxes = 1;
199   header->bind.abstract = *AbstractId;
200   header->bind.transfer = *TransferId;
201
202   return header;
203 }
204
205 static RpcPktHdr *RPCRT4_BuildAuthHeader(unsigned long DataRepresentation)
206 {
207   RpcPktHdr *header;
208
209   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
210                      sizeof(header->common) + 12);
211   if (header == NULL)
212     return NULL;
213
214   RPCRT4_BuildCommonHeader(header, PKT_AUTH3, DataRepresentation);
215   header->common.frag_len = 0x14;
216   header->common.auth_len = 0;
217
218   return header;
219 }
220
221 RpcPktHdr *RPCRT4_BuildBindNackHeader(unsigned long DataRepresentation,
222                                       unsigned char RpcVersion,
223                                       unsigned char RpcVersionMinor)
224 {
225   RpcPktHdr *header;
226
227   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind_nack));
228   if (header == NULL) {
229     return NULL;
230   }
231
232   RPCRT4_BuildCommonHeader(header, PKT_BIND_NACK, DataRepresentation);
233   header->common.frag_len = sizeof(header->bind_nack);
234   header->bind_nack.reject_reason = REJECT_REASON_NOT_SPECIFIED;
235   header->bind_nack.protocols_count = 1;
236   header->bind_nack.protocols[0].rpc_ver = RpcVersion;
237   header->bind_nack.protocols[0].rpc_ver_minor = RpcVersionMinor;
238
239   return header;
240 }
241
242 RpcPktHdr *RPCRT4_BuildBindAckHeader(unsigned long DataRepresentation,
243                                      unsigned short MaxTransmissionSize,
244                                      unsigned short MaxReceiveSize,
245                                      unsigned long AssocGroupId,
246                                      LPCSTR ServerAddress,
247                                      unsigned long Result,
248                                      unsigned long Reason,
249                                      const RPC_SYNTAX_IDENTIFIER *TransferId)
250 {
251   RpcPktHdr *header;
252   unsigned long header_size;
253   RpcAddressString *server_address;
254   RpcResults *results;
255   RPC_SYNTAX_IDENTIFIER *transfer_id;
256
257   header_size = sizeof(header->bind_ack) +
258                 ROUND_UP(FIELD_OFFSET(RpcAddressString, string[strlen(ServerAddress) + 1]), 4) +
259                 sizeof(RpcResults) +
260                 sizeof(RPC_SYNTAX_IDENTIFIER);
261
262   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, header_size);
263   if (header == NULL) {
264     return NULL;
265   }
266
267   RPCRT4_BuildCommonHeader(header, PKT_BIND_ACK, DataRepresentation);
268   header->common.frag_len = header_size;
269   header->bind_ack.max_tsize = MaxTransmissionSize;
270   header->bind_ack.max_rsize = MaxReceiveSize;
271   header->bind_ack.assoc_gid = AssocGroupId;
272   server_address = (RpcAddressString*)(&header->bind_ack + 1);
273   server_address->length = strlen(ServerAddress) + 1;
274   strcpy(server_address->string, ServerAddress);
275   /* results is 4-byte aligned */
276   results = (RpcResults*)((ULONG_PTR)server_address + ROUND_UP(FIELD_OFFSET(RpcAddressString, string[server_address->length]), 4));
277   results->num_results = 1;
278   results->results[0].result = Result;
279   results->results[0].reason = Reason;
280   transfer_id = (RPC_SYNTAX_IDENTIFIER*)(results + 1);
281   *transfer_id = *TransferId;
282
283   return header;
284 }
285
286 VOID RPCRT4_FreeHeader(RpcPktHdr *Header)
287 {
288   HeapFree(GetProcessHeap(), 0, Header);
289 }
290
291 NCA_STATUS RPC2NCA_STATUS(RPC_STATUS status)
292 {
293     switch (status)
294     {
295     case ERROR_INVALID_HANDLE:              return NCA_S_FAULT_CONTEXT_MISMATCH;
296     case ERROR_OUTOFMEMORY:                 return NCA_S_FAULT_REMOTE_NO_MEMORY;
297     case RPC_S_NOT_LISTENING:               return NCA_S_SERVER_TOO_BUSY;
298     case RPC_S_UNKNOWN_IF:                  return NCA_S_UNK_IF;
299     case RPC_S_SERVER_TOO_BUSY:             return NCA_S_SERVER_TOO_BUSY;
300     case RPC_S_CALL_FAILED:                 return NCA_S_FAULT_UNSPEC;
301     case RPC_S_CALL_FAILED_DNE:             return NCA_S_MANAGER_NOT_ENTERED;
302     case RPC_S_PROTOCOL_ERROR:              return NCA_S_PROTO_ERROR;
303     case RPC_S_UNSUPPORTED_TYPE:            return NCA_S_UNSUPPORTED_TYPE;
304     case RPC_S_INVALID_TAG:                 return NCA_S_FAULT_INVALID_TAG;
305     case RPC_S_INVALID_BOUND:               return NCA_S_FAULT_INVALID_BOUND;
306     case RPC_S_PROCNUM_OUT_OF_RANGE:        return NCA_S_OP_RNG_ERROR;
307     case RPC_X_SS_HANDLES_MISMATCH:         return NCA_S_FAULT_CONTEXT_MISMATCH;
308     case RPC_S_CALL_CANCELLED:              return NCA_S_FAULT_CANCEL;
309     case RPC_S_COMM_FAILURE:                return NCA_S_COMM_FAILURE;
310     case RPC_X_WRONG_PIPE_ORDER:            return NCA_S_FAULT_PIPE_ORDER;
311     case RPC_X_PIPE_CLOSED:                 return NCA_S_FAULT_PIPE_CLOSED;
312     case RPC_X_PIPE_DISCIPLINE_ERROR:       return NCA_S_FAULT_PIPE_DISCIPLINE;
313     case RPC_X_PIPE_EMPTY:                  return NCA_S_FAULT_PIPE_EMPTY;
314     case STATUS_FLOAT_DIVIDE_BY_ZERO:       return NCA_S_FAULT_FP_DIV_ZERO;
315     case STATUS_FLOAT_INVALID_OPERATION:    return NCA_S_FAULT_FP_ERROR;
316     case STATUS_FLOAT_OVERFLOW:             return NCA_S_FAULT_FP_OVERFLOW;
317     case STATUS_FLOAT_UNDERFLOW:            return NCA_S_FAULT_FP_UNDERFLOW;
318     case STATUS_INTEGER_DIVIDE_BY_ZERO:     return NCA_S_FAULT_INT_DIV_BY_ZERO;
319     case STATUS_INTEGER_OVERFLOW:           return NCA_S_FAULT_INT_OVERFLOW;
320     default:                                return status;
321     }
322 }
323
324 RPC_STATUS NCA2RPC_STATUS(NCA_STATUS status)
325 {
326     switch (status)
327     {
328     case NCA_S_COMM_FAILURE:            return RPC_S_COMM_FAILURE;
329     case NCA_S_OP_RNG_ERROR:            return RPC_S_PROCNUM_OUT_OF_RANGE;
330     case NCA_S_UNK_IF:                  return RPC_S_UNKNOWN_IF;
331     case NCA_S_YOU_CRASHED:             return RPC_S_CALL_FAILED;
332     case NCA_S_PROTO_ERROR:             return RPC_S_PROTOCOL_ERROR;
333     case NCA_S_OUT_ARGS_TOO_BIG:        return ERROR_NOT_ENOUGH_SERVER_MEMORY;
334     case NCA_S_SERVER_TOO_BUSY:         return RPC_S_SERVER_TOO_BUSY;
335     case NCA_S_UNSUPPORTED_TYPE:        return RPC_S_UNSUPPORTED_TYPE;
336     case NCA_S_FAULT_INT_DIV_BY_ZERO:   return RPC_S_ZERO_DIVIDE;
337     case NCA_S_FAULT_ADDR_ERROR:        return RPC_S_ADDRESS_ERROR;
338     case NCA_S_FAULT_FP_DIV_ZERO:       return RPC_S_FP_DIV_ZERO;
339     case NCA_S_FAULT_FP_UNDERFLOW:      return RPC_S_FP_UNDERFLOW;
340     case NCA_S_FAULT_FP_OVERFLOW:       return RPC_S_FP_OVERFLOW;
341     case NCA_S_FAULT_INVALID_TAG:       return RPC_S_INVALID_TAG;
342     case NCA_S_FAULT_INVALID_BOUND:     return RPC_S_INVALID_BOUND;
343     case NCA_S_RPC_VERSION_MISMATCH:    return RPC_S_PROTOCOL_ERROR;
344     case NCA_S_UNSPEC_REJECT:           return RPC_S_CALL_FAILED_DNE;
345     case NCA_S_BAD_ACTID:               return RPC_S_CALL_FAILED_DNE;
346     case NCA_S_WHO_ARE_YOU_FAILED:      return RPC_S_CALL_FAILED;
347     case NCA_S_MANAGER_NOT_ENTERED:     return RPC_S_CALL_FAILED_DNE;
348     case NCA_S_FAULT_CANCEL:            return RPC_S_CALL_CANCELLED;
349     case NCA_S_FAULT_ILL_INST:          return RPC_S_ADDRESS_ERROR;
350     case NCA_S_FAULT_FP_ERROR:          return RPC_S_FP_OVERFLOW;
351     case NCA_S_FAULT_INT_OVERFLOW:      return RPC_S_ADDRESS_ERROR;
352     case NCA_S_FAULT_UNSPEC:            return RPC_S_CALL_FAILED;
353     case NCA_S_FAULT_PIPE_EMPTY:        return RPC_X_PIPE_EMPTY;
354     case NCA_S_FAULT_PIPE_CLOSED:       return RPC_X_PIPE_CLOSED;
355     case NCA_S_FAULT_PIPE_ORDER:        return RPC_X_WRONG_PIPE_ORDER;
356     case NCA_S_FAULT_PIPE_DISCIPLINE:   return RPC_X_PIPE_DISCIPLINE_ERROR;
357     case NCA_S_FAULT_PIPE_COMM_ERROR:   return RPC_S_COMM_FAILURE;
358     case NCA_S_FAULT_PIPE_MEMORY:       return ERROR_OUTOFMEMORY;
359     case NCA_S_FAULT_CONTEXT_MISMATCH:  return ERROR_INVALID_HANDLE;
360     case NCA_S_FAULT_REMOTE_NO_MEMORY:  return ERROR_NOT_ENOUGH_SERVER_MEMORY;
361     default:                            return status;
362     }
363 }
364
365 static RPC_STATUS RPCRT4_SecurePacket(RpcConnection *Connection,
366     enum secure_packet_direction dir,
367     RpcPktHdr *hdr, unsigned int hdr_size,
368     unsigned char *stub_data, unsigned int stub_data_size,
369     RpcAuthVerifier *auth_hdr,
370     unsigned char *auth_value, unsigned int auth_value_size)
371 {
372     SecBufferDesc message;
373     SecBuffer buffers[4];
374     SECURITY_STATUS sec_status;
375
376     message.ulVersion = SECBUFFER_VERSION;
377     message.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
378     message.pBuffers = buffers;
379
380     buffers[0].cbBuffer = hdr_size;
381     buffers[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
382     buffers[0].pvBuffer = hdr;
383     buffers[1].cbBuffer = stub_data_size;
384     buffers[1].BufferType = SECBUFFER_DATA;
385     buffers[1].pvBuffer = stub_data;
386     buffers[2].cbBuffer = sizeof(*auth_hdr);
387     buffers[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
388     buffers[2].pvBuffer = auth_hdr;
389     buffers[3].cbBuffer = auth_value_size;
390     buffers[3].BufferType = SECBUFFER_TOKEN;
391     buffers[3].pvBuffer = auth_value;
392
393     if (dir == SECURE_PACKET_SEND)
394     {
395         if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
396         {
397             sec_status = EncryptMessage(&Connection->ctx, 0, &message, 0 /* FIXME */);
398             if (sec_status != SEC_E_OK)
399             {
400                 ERR("EncryptMessage failed with 0x%08x\n", sec_status);
401                 return RPC_S_SEC_PKG_ERROR;
402             }
403         }
404         else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
405         {
406             sec_status = MakeSignature(&Connection->ctx, 0, &message, 0 /* FIXME */);
407             if (sec_status != SEC_E_OK)
408             {
409                 ERR("MakeSignature failed with 0x%08x\n", sec_status);
410                 return RPC_S_SEC_PKG_ERROR;
411             }
412         }
413     }
414     else if (dir == SECURE_PACKET_RECEIVE)
415     {
416         if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
417         {
418             sec_status = DecryptMessage(&Connection->ctx, &message, 0 /* FIXME */, 0);
419             if (sec_status != SEC_E_OK)
420             {
421                 ERR("DecryptMessage failed with 0x%08x\n", sec_status);
422                 return RPC_S_SEC_PKG_ERROR;
423             }
424         }
425         else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
426         {
427             sec_status = VerifySignature(&Connection->ctx, &message, 0 /* FIXME */, NULL);
428             if (sec_status != SEC_E_OK)
429             {
430                 ERR("VerifySignature failed with 0x%08x\n", sec_status);
431                 return RPC_S_SEC_PKG_ERROR;
432             }
433         }
434     }
435
436     return RPC_S_OK;
437 }
438          
439 /***********************************************************************
440  *           RPCRT4_SendAuth (internal)
441  * 
442  * Transmit a packet with authorization data over connection in acceptable fragments.
443  */
444 static RPC_STATUS RPCRT4_SendAuth(RpcConnection *Connection, RpcPktHdr *Header,
445                                   void *Buffer, unsigned int BufferLength,
446                                   const void *Auth, unsigned int AuthLength)
447 {
448   PUCHAR buffer_pos;
449   DWORD hdr_size;
450   LONG count;
451   unsigned char *pkt;
452   LONG alen;
453   RPC_STATUS status;
454
455   RPCRT4_SetThreadCurrentConnection(Connection);
456
457   buffer_pos = Buffer;
458   /* The packet building functions save the packet header size, so we can use it. */
459   hdr_size = Header->common.frag_len;
460   if (AuthLength)
461     Header->common.auth_len = AuthLength;
462   else if (Connection->AuthInfo && packet_has_auth_verifier(Header))
463   {
464     if ((Connection->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(Header))
465       Header->common.auth_len = Connection->encryption_auth_len;
466     else
467       Header->common.auth_len = Connection->signature_auth_len;
468   }
469   else
470     Header->common.auth_len = 0;
471   Header->common.flags |= RPC_FLG_FIRST;
472   Header->common.flags &= ~RPC_FLG_LAST;
473
474   alen = RPC_AUTH_VERIFIER_LEN(&Header->common);
475
476   while (!(Header->common.flags & RPC_FLG_LAST)) {
477     unsigned char auth_pad_len = Header->common.auth_len ? ROUND_UP_AMOUNT(BufferLength, AUTH_ALIGNMENT) : 0;
478     unsigned int pkt_size = BufferLength + hdr_size + alen + auth_pad_len;
479
480     /* decide if we need to split the packet into fragments */
481    if (pkt_size <= Connection->MaxTransmissionSize) {
482      Header->common.flags |= RPC_FLG_LAST;
483      Header->common.frag_len = pkt_size;
484     } else {
485       auth_pad_len = 0;
486       /* make sure packet payload will be a multiple of 16 */
487       Header->common.frag_len =
488         ((Connection->MaxTransmissionSize - hdr_size - alen) & ~(AUTH_ALIGNMENT-1)) +
489         hdr_size + alen;
490     }
491
492     pkt = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Header->common.frag_len);
493
494     memcpy(pkt, Header, hdr_size);
495
496     /* fragment consisted of header only and is the last one */
497     if (hdr_size == Header->common.frag_len)
498       goto write;
499
500     memcpy(pkt + hdr_size, buffer_pos, Header->common.frag_len - hdr_size - auth_pad_len - alen);
501
502     /* add the authorization info */
503     if (Connection->AuthInfo && packet_has_auth_verifier(Header))
504     {
505       RpcAuthVerifier *auth_hdr = (RpcAuthVerifier *)&pkt[Header->common.frag_len - alen];
506
507       auth_hdr->auth_type = Connection->AuthInfo->AuthnSvc;
508       auth_hdr->auth_level = Connection->AuthInfo->AuthnLevel;
509       auth_hdr->auth_pad_length = auth_pad_len;
510       auth_hdr->auth_reserved = 0;
511       /* a unique number... */
512       auth_hdr->auth_context_id = (unsigned long)Connection;
513
514       if (AuthLength)
515         memcpy(auth_hdr + 1, Auth, AuthLength);
516       else
517       {
518         status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_SEND,
519             (RpcPktHdr *)pkt, hdr_size,
520             pkt + hdr_size, Header->common.frag_len - hdr_size - alen,
521             auth_hdr,
522             (unsigned char *)(auth_hdr + 1), Header->common.auth_len);
523         if (status != RPC_S_OK)
524         {
525           HeapFree(GetProcessHeap(), 0, pkt);
526           RPCRT4_SetThreadCurrentConnection(NULL);
527           return status;
528         }
529       }
530     }
531
532 write:
533     count = rpcrt4_conn_write(Connection, pkt, Header->common.frag_len);
534     HeapFree(GetProcessHeap(), 0, pkt);
535     if (count<0) {
536       WARN("rpcrt4_conn_write failed (auth)\n");
537       RPCRT4_SetThreadCurrentConnection(NULL);
538       return RPC_S_CALL_FAILED;
539     }
540
541     buffer_pos += Header->common.frag_len - hdr_size - alen - auth_pad_len;
542     BufferLength -= Header->common.frag_len - hdr_size - alen - auth_pad_len;
543     Header->common.flags &= ~RPC_FLG_FIRST;
544   }
545
546   RPCRT4_SetThreadCurrentConnection(NULL);
547   return RPC_S_OK;
548 }
549
550 /***********************************************************************
551  *           RPCRT4_ClientAuthorize (internal)
552  *
553  * Authorize a client connection. A NULL in param signifies a new connection.
554  */
555 static RPC_STATUS RPCRT4_ClientAuthorize(RpcConnection *conn, SecBuffer *in,
556                                          SecBuffer *out)
557 {
558   SECURITY_STATUS r;
559   SecBufferDesc out_desc;
560   SecBufferDesc inp_desc;
561   SecPkgContext_Sizes secctx_sizes;
562   BOOL continue_needed;
563   ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
564                       ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE;
565
566   if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
567     context_req |= ISC_REQ_INTEGRITY;
568   else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
569     context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
570
571   out->BufferType = SECBUFFER_TOKEN;
572   out->cbBuffer = conn->AuthInfo->cbMaxToken;
573   out->pvBuffer = HeapAlloc(GetProcessHeap(), 0, out->cbBuffer);
574   if (!out->pvBuffer) return ERROR_OUTOFMEMORY;
575
576   out_desc.ulVersion = 0;
577   out_desc.cBuffers = 1;
578   out_desc.pBuffers = out;
579
580   inp_desc.cBuffers = 1;
581   inp_desc.pBuffers = in;
582   inp_desc.ulVersion = 0;
583
584   r = InitializeSecurityContextW(&conn->AuthInfo->cred, in ? &conn->ctx : NULL,
585         in ? NULL : conn->AuthInfo->server_principal_name, context_req, 0,
586         SECURITY_NETWORK_DREP, in ? &inp_desc : NULL, 0, &conn->ctx,
587         &out_desc, &conn->attr, &conn->exp);
588   if (FAILED(r))
589   {
590       WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
591       goto failed;
592   }
593
594   TRACE("r = 0x%08x, attr = 0x%08x\n", r, conn->attr);
595   continue_needed = ((r == SEC_I_CONTINUE_NEEDED) ||
596                      (r == SEC_I_COMPLETE_AND_CONTINUE));
597
598   if ((r == SEC_I_COMPLETE_NEEDED) || (r == SEC_I_COMPLETE_AND_CONTINUE))
599   {
600       TRACE("complete needed\n");
601       r = CompleteAuthToken(&conn->ctx, &out_desc);
602       if (FAILED(r))
603       {
604           WARN("CompleteAuthToken failed with error 0x%08x\n", r);
605           goto failed;
606       }
607   }
608
609   TRACE("cbBuffer = %ld\n", out->cbBuffer);
610
611   if (!continue_needed)
612   {
613       r = QueryContextAttributesA(&conn->ctx, SECPKG_ATTR_SIZES, &secctx_sizes);
614       if (FAILED(r))
615       {
616           WARN("QueryContextAttributes failed with error 0x%08x\n", r);
617           goto failed;
618       }
619       conn->signature_auth_len = secctx_sizes.cbMaxSignature;
620       conn->encryption_auth_len = secctx_sizes.cbSecurityTrailer;
621   }
622
623   return RPC_S_OK;
624
625 failed:
626   HeapFree(GetProcessHeap(), 0, out->pvBuffer);
627   out->pvBuffer = NULL;
628   return ERROR_ACCESS_DENIED; /* FIXME: is this correct? */
629 }
630
631 /***********************************************************************
632  *           RPCRT4_AuthorizeBinding (internal)
633  */
634 static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
635                                             BYTE *challenge, ULONG count)
636 {
637   SecBuffer inp, out;
638   RpcPktHdr *resp_hdr;
639   RPC_STATUS status;
640
641   TRACE("challenge %s, %d bytes\n", challenge, count);
642
643   inp.BufferType = SECBUFFER_TOKEN;
644   inp.pvBuffer = challenge;
645   inp.cbBuffer = count;
646
647   status = RPCRT4_ClientAuthorize(conn, &inp, &out);
648   if (status) return status;
649
650   resp_hdr = RPCRT4_BuildAuthHeader(NDR_LOCAL_DATA_REPRESENTATION);
651   if (!resp_hdr)
652     return E_OUTOFMEMORY;
653
654   status = RPCRT4_SendAuth(conn, resp_hdr, NULL, 0, out.pvBuffer, out.cbBuffer);
655
656   HeapFree(GetProcessHeap(), 0, out.pvBuffer);
657   RPCRT4_FreeHeader(resp_hdr);
658
659   return status;
660 }
661
662 /***********************************************************************
663  *           RPCRT4_Send (internal)
664  * 
665  * Transmit a packet over connection in acceptable fragments.
666  */
667 RPC_STATUS RPCRT4_Send(RpcConnection *Connection, RpcPktHdr *Header,
668                        void *Buffer, unsigned int BufferLength)
669 {
670   RPC_STATUS r;
671   SecBuffer out;
672
673   if (!Connection->AuthInfo || SecIsValidHandle(&Connection->ctx))
674   {
675     return RPCRT4_SendAuth(Connection, Header, Buffer, BufferLength, NULL, 0);
676   }
677
678   /* tack on a negotiate packet */
679   r = RPCRT4_ClientAuthorize(Connection, NULL, &out);
680   if (r == RPC_S_OK)
681   {
682     r = RPCRT4_SendAuth(Connection, Header, Buffer, BufferLength, out.pvBuffer, out.cbBuffer);
683     HeapFree(GetProcessHeap(), 0, out.pvBuffer);
684   }
685
686   return r;
687 }
688
689 /* validates version and frag_len fields */
690 RPC_STATUS RPCRT4_ValidateCommonHeader(const RpcPktCommonHdr *hdr)
691 {
692   DWORD hdr_length;
693
694   /* verify if the header really makes sense */
695   if (hdr->rpc_ver != RPC_VER_MAJOR ||
696       hdr->rpc_ver_minor != RPC_VER_MINOR)
697   {
698     WARN("unhandled packet version\n");
699     return RPC_S_PROTOCOL_ERROR;
700   }
701
702   hdr_length = RPCRT4_GetHeaderSize((const RpcPktHdr*)hdr);
703   if (hdr_length == 0)
704   {
705     WARN("header length == 0\n");
706     return RPC_S_PROTOCOL_ERROR;
707   }
708
709   if (hdr->frag_len < hdr_length)
710   {
711     WARN("bad frag length %d\n", hdr->frag_len);
712     return RPC_S_PROTOCOL_ERROR;
713   }
714
715   return RPC_S_OK;
716 }
717
718 /***********************************************************************
719  *           RPCRT4_receive_fragment (internal)
720  * 
721  * Receive a fragment from a connection.
722  */
723 RPC_STATUS RPCRT4_receive_fragment(RpcConnection *Connection, RpcPktHdr **Header, void **Payload)
724 {
725   RPC_STATUS status;
726   DWORD hdr_length;
727   LONG dwRead;
728   RpcPktCommonHdr common_hdr;
729
730   *Header = NULL;
731   *Payload = NULL;
732
733   TRACE("(%p, %p, %p)\n", Connection, Header, Payload);
734
735   /* read packet common header */
736   dwRead = rpcrt4_conn_read(Connection, &common_hdr, sizeof(common_hdr));
737   if (dwRead != sizeof(common_hdr)) {
738     WARN("Short read of header, %d bytes\n", dwRead);
739     status = RPC_S_CALL_FAILED;
740     goto fail;
741   }
742
743   status = RPCRT4_ValidateCommonHeader(&common_hdr);
744   if (status != RPC_S_OK) goto fail;
745
746   hdr_length = RPCRT4_GetHeaderSize((RpcPktHdr*)&common_hdr);
747   if (hdr_length == 0) {
748     WARN("header length == 0\n");
749     status = RPC_S_PROTOCOL_ERROR;
750     goto fail;
751   }
752
753   *Header = HeapAlloc(GetProcessHeap(), 0, hdr_length);
754   memcpy(*Header, &common_hdr, sizeof(common_hdr));
755
756   /* read the rest of packet header */
757   dwRead = rpcrt4_conn_read(Connection, &(*Header)->common + 1, hdr_length - sizeof(common_hdr));
758   if (dwRead != hdr_length - sizeof(common_hdr)) {
759     WARN("bad header length, %d bytes, hdr_length %d\n", dwRead, hdr_length);
760     status = RPC_S_CALL_FAILED;
761     goto fail;
762   }
763
764   if (common_hdr.frag_len - hdr_length)
765   {
766     *Payload = HeapAlloc(GetProcessHeap(), 0, common_hdr.frag_len - hdr_length);
767     if (!*Payload)
768     {
769       status = RPC_S_OUT_OF_RESOURCES;
770       goto fail;
771     }
772
773     dwRead = rpcrt4_conn_read(Connection, *Payload, common_hdr.frag_len - hdr_length);
774     if (dwRead != common_hdr.frag_len - hdr_length)
775     {
776       WARN("bad data length, %d/%d\n", dwRead, common_hdr.frag_len - hdr_length);
777       status = RPC_S_CALL_FAILED;
778       goto fail;
779     }
780   }
781   else
782     *Payload = NULL;
783
784   /* success */
785   status = RPC_S_OK;
786
787 fail:
788   if (status != RPC_S_OK) {
789     RPCRT4_FreeHeader(*Header);
790     *Header = NULL;
791     HeapFree(GetProcessHeap(), 0, *Payload);
792     *Payload = NULL;
793   }
794   return status;
795 }
796
797 /***********************************************************************
798  *           RPCRT4_Receive (internal)
799  *
800  * Receive a packet from connection and merge the fragments.
801  */
802 RPC_STATUS RPCRT4_Receive(RpcConnection *Connection, RpcPktHdr **Header,
803                           PRPC_MESSAGE pMsg)
804 {
805   RPC_STATUS status;
806   DWORD hdr_length;
807   unsigned short first_flag;
808   unsigned long data_length;
809   unsigned long buffer_length;
810   unsigned long auth_length;
811   unsigned char *auth_data = NULL;
812   RpcPktHdr *CurrentHeader = NULL;
813   void *payload = NULL;
814
815   *Header = NULL;
816   pMsg->Buffer = NULL;
817
818   TRACE("(%p, %p, %p)\n", Connection, Header, pMsg);
819
820   RPCRT4_SetThreadCurrentConnection(Connection);
821
822   status = RPCRT4_receive_fragment(Connection, Header, &payload);
823   if (status != RPC_S_OK) goto fail;
824
825   hdr_length = RPCRT4_GetHeaderSize(*Header);
826
827   /* read packet body */
828   switch ((*Header)->common.ptype) {
829   case PKT_RESPONSE:
830     pMsg->BufferLength = (*Header)->response.alloc_hint;
831     break;
832   case PKT_REQUEST:
833     pMsg->BufferLength = (*Header)->request.alloc_hint;
834     break;
835   default:
836     pMsg->BufferLength = (*Header)->common.frag_len - hdr_length - RPC_AUTH_VERIFIER_LEN(&(*Header)->common);
837   }
838
839   TRACE("buffer length = %u\n", pMsg->BufferLength);
840
841   pMsg->Buffer = I_RpcAllocate(pMsg->BufferLength);
842   if (!pMsg->Buffer)
843   {
844     status = ERROR_OUTOFMEMORY;
845     goto fail;
846   }
847
848   first_flag = RPC_FLG_FIRST;
849   auth_length = (*Header)->common.auth_len;
850   if (auth_length) {
851     auth_data = HeapAlloc(GetProcessHeap(), 0, RPC_AUTH_VERIFIER_LEN(&(*Header)->common));
852     if (!auth_data) {
853       status = RPC_S_OUT_OF_RESOURCES;
854       goto fail;
855     }
856   }
857   CurrentHeader = *Header;
858   buffer_length = 0;
859   while (TRUE)
860   {
861     unsigned int header_auth_len = RPC_AUTH_VERIFIER_LEN(&CurrentHeader->common);
862
863     /* verify header fields */
864
865     if ((CurrentHeader->common.frag_len < hdr_length) ||
866         (CurrentHeader->common.frag_len - hdr_length < header_auth_len)) {
867       WARN("frag_len %d too small for hdr_length %d and auth_len %d\n",
868         CurrentHeader->common.frag_len, hdr_length, CurrentHeader->common.auth_len);
869       status = RPC_S_PROTOCOL_ERROR;
870       goto fail;
871     }
872
873     if (CurrentHeader->common.auth_len != auth_length) {
874       WARN("auth_len header field changed from %ld to %d\n",
875         auth_length, CurrentHeader->common.auth_len);
876       status = RPC_S_PROTOCOL_ERROR;
877       goto fail;
878     }
879
880     if ((CurrentHeader->common.flags & RPC_FLG_FIRST) != first_flag) {
881       TRACE("invalid packet flags\n");
882       status = RPC_S_PROTOCOL_ERROR;
883       goto fail;
884     }
885
886     data_length = CurrentHeader->common.frag_len - hdr_length - header_auth_len;
887     if (data_length + buffer_length > pMsg->BufferLength) {
888       TRACE("allocation hint exceeded, new buffer length = %ld\n",
889         data_length + buffer_length);
890       pMsg->BufferLength = data_length + buffer_length;
891       status = I_RpcReAllocateBuffer(pMsg);
892       if (status != RPC_S_OK) goto fail;
893     }
894
895     memcpy((unsigned char *)pMsg->Buffer + buffer_length, payload, data_length);
896
897     if (header_auth_len) {
898       if (header_auth_len < sizeof(RpcAuthVerifier) ||
899           header_auth_len > RPC_AUTH_VERIFIER_LEN(&(*Header)->common)) {
900         WARN("bad auth verifier length %d\n", header_auth_len);
901         status = RPC_S_PROTOCOL_ERROR;
902         goto fail;
903       }
904
905       /* FIXME: we should accumulate authentication data for the bind,
906        * bind_ack, alter_context and alter_context_response if necessary.
907        * however, the details of how this is done is very sketchy in the
908        * DCE/RPC spec. for all other packet types that have authentication
909        * verifier data then it is just duplicated in all the fragments */
910       memcpy(auth_data, (unsigned char *)payload + data_length, header_auth_len);
911
912       /* these packets are handled specially, not by the generic SecurePacket
913        * function */
914       if (((*Header)->common.ptype != PKT_BIND) &&
915           ((*Header)->common.ptype != PKT_BIND_ACK) &&
916           ((*Header)->common.ptype != PKT_AUTH3))
917       {
918         status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_RECEIVE,
919             CurrentHeader, hdr_length,
920             (unsigned char *)pMsg->Buffer + buffer_length, data_length,
921             (RpcAuthVerifier *)auth_data,
922             auth_data + sizeof(RpcAuthVerifier),
923             header_auth_len - sizeof(RpcAuthVerifier));
924         if (status != RPC_S_OK) goto fail;
925       }
926     }
927
928     buffer_length += data_length;
929     if (!(CurrentHeader->common.flags & RPC_FLG_LAST)) {
930       TRACE("next header\n");
931
932       if (*Header != CurrentHeader)
933       {
934           RPCRT4_FreeHeader(CurrentHeader);
935           CurrentHeader = NULL;
936       }
937       HeapFree(GetProcessHeap(), 0, payload);
938       payload = NULL;
939
940       status = RPCRT4_receive_fragment(Connection, &CurrentHeader, &payload);
941       if (status != RPC_S_OK) goto fail;
942
943       first_flag = 0;
944     } else {
945       break;
946     }
947   }
948   pMsg->BufferLength = buffer_length;
949
950   /* respond to authorization request */
951   if ((*Header)->common.ptype == PKT_BIND_ACK && auth_length > sizeof(RpcAuthVerifier))
952   {
953     status = RPCRT_AuthorizeConnection(Connection,
954                                        auth_data + sizeof(RpcAuthVerifier),
955                                        auth_length);
956     if (status)
957         goto fail;
958   }
959
960   /* success */
961   status = RPC_S_OK;
962
963 fail:
964   RPCRT4_SetThreadCurrentConnection(NULL);
965   if (CurrentHeader != *Header)
966     RPCRT4_FreeHeader(CurrentHeader);
967   if (status != RPC_S_OK) {
968     I_RpcFree(pMsg->Buffer);
969     pMsg->Buffer = NULL;
970     RPCRT4_FreeHeader(*Header);
971     *Header = NULL;
972   }
973   HeapFree(GetProcessHeap(), 0, auth_data);
974   HeapFree(GetProcessHeap(), 0, payload);
975   return status;
976 }
977
978 /***********************************************************************
979  *           I_RpcNegotiateTransferSyntax [RPCRT4.@]
980  *
981  * Negotiates the transfer syntax used by a client connection by connecting
982  * to the server.
983  *
984  * PARAMS
985  *  pMsg   [I] RPC Message structure.
986  *  pAsync [I] Asynchronous state to set.
987  *
988  * RETURNS
989  *  Success: RPC_S_OK.
990  *  Failure: Any error code.
991  */
992 RPC_STATUS WINAPI I_RpcNegotiateTransferSyntax(PRPC_MESSAGE pMsg)
993 {
994   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
995   RpcConnection* conn;
996   RPC_STATUS status = RPC_S_OK;
997
998   TRACE("(%p)\n", pMsg);
999
1000   if (!bind || bind->server)
1001     return RPC_S_INVALID_BINDING;
1002
1003   /* if we already have a connection, we don't need to negotiate again */
1004   if (!pMsg->ReservedForRuntime)
1005   {
1006     RPC_CLIENT_INTERFACE *cif = pMsg->RpcInterfaceInformation;
1007     if (!cif) return RPC_S_INTERFACE_NOT_FOUND;
1008
1009     if (!bind->Endpoint || !bind->Endpoint[0])
1010     {
1011       TRACE("automatically resolving partially bound binding\n");
1012       status = RpcEpResolveBinding(bind, cif);
1013       if (status != RPC_S_OK) return status;
1014     }
1015
1016     status = RPCRT4_OpenBinding(bind, &conn, &cif->TransferSyntax,
1017                                 &cif->InterfaceId);
1018
1019     if (status == RPC_S_OK)
1020     {
1021       pMsg->ReservedForRuntime = conn;
1022       RPCRT4_AddRefBinding(bind);
1023     }
1024   }
1025
1026   return status;
1027 }
1028
1029 /***********************************************************************
1030  *           I_RpcGetBuffer [RPCRT4.@]
1031  *
1032  * Allocates a buffer for use by I_RpcSend or I_RpcSendReceive and binds to the
1033  * server interface.
1034  *
1035  * PARAMS
1036  *  pMsg [I/O] RPC message information.
1037  *
1038  * RETURNS
1039  *  Success: RPC_S_OK.
1040  *  Failure: RPC_S_INVALID_BINDING if pMsg->Handle is invalid.
1041  *           RPC_S_SERVER_UNAVAILABLE if unable to connect to server.
1042  *           ERROR_OUTOFMEMORY if buffer allocation failed.
1043  *
1044  * NOTES
1045  *  The pMsg->BufferLength field determines the size of the buffer to allocate,
1046  *  in bytes.
1047  *
1048  *  Use I_RpcFreeBuffer() to unbind from the server and free the message buffer.
1049  *
1050  * SEE ALSO
1051  *  I_RpcFreeBuffer(), I_RpcSend(), I_RpcReceive(), I_RpcSendReceive().
1052  */
1053 RPC_STATUS WINAPI I_RpcGetBuffer(PRPC_MESSAGE pMsg)
1054 {
1055   RPC_STATUS status;
1056   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1057
1058   TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
1059
1060   if (!bind)
1061     return RPC_S_INVALID_BINDING;
1062
1063   pMsg->Buffer = I_RpcAllocate(pMsg->BufferLength);
1064   TRACE("Buffer=%p\n", pMsg->Buffer);
1065
1066   if (!pMsg->Buffer)
1067     return ERROR_OUTOFMEMORY;
1068
1069   if (!bind->server)
1070   {
1071     status = I_RpcNegotiateTransferSyntax(pMsg);
1072     if (status != RPC_S_OK)
1073       I_RpcFree(pMsg->Buffer);
1074   }
1075   else
1076     status = RPC_S_OK;
1077
1078   return status;
1079 }
1080
1081 /***********************************************************************
1082  *           I_RpcReAllocateBuffer (internal)
1083  */
1084 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg)
1085 {
1086   TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
1087   pMsg->Buffer = HeapReAlloc(GetProcessHeap(), 0, pMsg->Buffer, pMsg->BufferLength);
1088
1089   TRACE("Buffer=%p\n", pMsg->Buffer);
1090   return pMsg->Buffer ? RPC_S_OK : ERROR_OUTOFMEMORY;
1091 }
1092
1093 /***********************************************************************
1094  *           I_RpcFreeBuffer [RPCRT4.@]
1095  *
1096  * Frees a buffer allocated by I_RpcGetBuffer or I_RpcReceive and unbinds from
1097  * the server interface.
1098  *
1099  * PARAMS
1100  *  pMsg [I/O] RPC message information.
1101  *
1102  * RETURNS
1103  *  RPC_S_OK.
1104  *
1105  * SEE ALSO
1106  *  I_RpcGetBuffer(), I_RpcReceive().
1107  */
1108 RPC_STATUS WINAPI I_RpcFreeBuffer(PRPC_MESSAGE pMsg)
1109 {
1110   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1111
1112   TRACE("(%p) Buffer=%p\n", pMsg, pMsg->Buffer);
1113
1114   if (!bind) return RPC_S_INVALID_BINDING;
1115
1116   if (pMsg->ReservedForRuntime)
1117   {
1118     RpcConnection *conn = pMsg->ReservedForRuntime;
1119     RPCRT4_CloseBinding(bind, conn);
1120     RPCRT4_ReleaseBinding(bind);
1121     pMsg->ReservedForRuntime = NULL;
1122   }
1123   I_RpcFree(pMsg->Buffer);
1124   return RPC_S_OK;
1125 }
1126
1127 static void CALLBACK async_apc_notifier_proc(ULONG_PTR ulParam)
1128 {
1129     RPC_ASYNC_STATE *state = (RPC_ASYNC_STATE *)ulParam;
1130     state->u.APC.NotificationRoutine(state, NULL, state->Event);
1131 }
1132
1133 static DWORD WINAPI async_notifier_proc(LPVOID p)
1134 {
1135     RpcConnection *conn = p;
1136     RPC_ASYNC_STATE *state = conn->async_state;
1137
1138     if (state && conn->ops->wait_for_incoming_data(conn) != -1)
1139     {
1140         state->Event = RpcCallComplete;
1141         switch (state->NotificationType)
1142         {
1143         case RpcNotificationTypeEvent:
1144             TRACE("RpcNotificationTypeEvent %p\n", state->u.hEvent);
1145             SetEvent(state->u.hEvent);
1146             break;
1147         case RpcNotificationTypeApc:
1148             TRACE("RpcNotificationTypeApc %p\n", state->u.APC.hThread);
1149             QueueUserAPC(async_apc_notifier_proc, state->u.APC.hThread, (ULONG_PTR)state);
1150             break;
1151         case RpcNotificationTypeIoc:
1152             TRACE("RpcNotificationTypeIoc %p, 0x%x, 0x%lx, %p\n",
1153                 state->u.IOC.hIOPort, state->u.IOC.dwNumberOfBytesTransferred,
1154                 state->u.IOC.dwCompletionKey, state->u.IOC.lpOverlapped);
1155             PostQueuedCompletionStatus(state->u.IOC.hIOPort,
1156                 state->u.IOC.dwNumberOfBytesTransferred,
1157                 state->u.IOC.dwCompletionKey,
1158                 state->u.IOC.lpOverlapped);
1159             break;
1160         case RpcNotificationTypeHwnd:
1161             TRACE("RpcNotificationTypeHwnd %p 0x%x\n", state->u.HWND.hWnd,
1162                 state->u.HWND.Msg);
1163             PostMessageW(state->u.HWND.hWnd, state->u.HWND.Msg, 0, 0);
1164             break;
1165         case RpcNotificationTypeCallback:
1166             TRACE("RpcNotificationTypeCallback %p\n", state->u.NotificationRoutine);
1167             state->u.NotificationRoutine(state, NULL, state->Event);
1168             break;
1169         case RpcNotificationTypeNone:
1170             TRACE("RpcNotificationTypeNone\n");
1171             break;
1172         default:
1173             FIXME("unknown NotificationType: %d/0x%x\n", state->NotificationType, state->NotificationType);
1174             break;
1175         }
1176     }
1177
1178     return 0;
1179 }
1180
1181 /***********************************************************************
1182  *           I_RpcSend [RPCRT4.@]
1183  *
1184  * Sends a message to the server.
1185  *
1186  * PARAMS
1187  *  pMsg [I/O] RPC message information.
1188  *
1189  * RETURNS
1190  *  Unknown.
1191  *
1192  * NOTES
1193  *  The buffer must have been allocated with I_RpcGetBuffer().
1194  *
1195  * SEE ALSO
1196  *  I_RpcGetBuffer(), I_RpcReceive(), I_RpcSendReceive().
1197  */
1198 RPC_STATUS WINAPI I_RpcSend(PRPC_MESSAGE pMsg)
1199 {
1200   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1201   RpcConnection* conn;
1202   RPC_STATUS status;
1203   RpcPktHdr *hdr;
1204
1205   TRACE("(%p)\n", pMsg);
1206   if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1207
1208   conn = pMsg->ReservedForRuntime;
1209
1210   hdr = RPCRT4_BuildRequestHeader(pMsg->DataRepresentation,
1211                                   pMsg->BufferLength,
1212                                   pMsg->ProcNum & ~RPC_FLAGS_VALID_BIT,
1213                                   &bind->ObjectUuid);
1214   if (!hdr)
1215     return ERROR_OUTOFMEMORY;
1216   hdr->common.call_id = conn->NextCallId++;
1217
1218   status = RPCRT4_Send(conn, hdr, pMsg->Buffer, pMsg->BufferLength);
1219
1220   RPCRT4_FreeHeader(hdr);
1221
1222   if (status == RPC_S_OK && pMsg->RpcFlags & RPC_BUFFER_ASYNC)
1223   {
1224     if (!QueueUserWorkItem(async_notifier_proc, conn, WT_EXECUTEDEFAULT | WT_EXECUTELONGFUNCTION))
1225         status = RPC_S_OUT_OF_RESOURCES;
1226   }
1227
1228   return status;
1229 }
1230
1231 /* is this status something that the server can't recover from? */
1232 static inline BOOL is_hard_error(RPC_STATUS status)
1233 {
1234     switch (status)
1235     {
1236     case 0: /* user-defined fault */
1237     case ERROR_ACCESS_DENIED:
1238     case ERROR_INVALID_PARAMETER:
1239     case RPC_S_PROTOCOL_ERROR:
1240     case RPC_S_CALL_FAILED:
1241     case RPC_S_CALL_FAILED_DNE:
1242     case RPC_S_SEC_PKG_ERROR:
1243         return TRUE;
1244     default:
1245         return FALSE;
1246     }
1247 }
1248
1249 /***********************************************************************
1250  *           I_RpcReceive [RPCRT4.@]
1251  */
1252 RPC_STATUS WINAPI I_RpcReceive(PRPC_MESSAGE pMsg)
1253 {
1254   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1255   RPC_STATUS status;
1256   RpcPktHdr *hdr = NULL;
1257   RpcConnection *conn;
1258
1259   TRACE("(%p)\n", pMsg);
1260   if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1261
1262   conn = pMsg->ReservedForRuntime;
1263   status = RPCRT4_Receive(conn, &hdr, pMsg);
1264   if (status != RPC_S_OK) {
1265     WARN("receive failed with error %lx\n", status);
1266     goto fail;
1267   }
1268
1269   switch (hdr->common.ptype) {
1270   case PKT_RESPONSE:
1271     break;
1272   case PKT_FAULT:
1273     ERR ("we got fault packet with status 0x%lx\n", hdr->fault.status);
1274     status = NCA2RPC_STATUS(hdr->fault.status);
1275     if (is_hard_error(status))
1276         goto fail;
1277     break;
1278   default:
1279     WARN("bad packet type %d\n", hdr->common.ptype);
1280     status = RPC_S_PROTOCOL_ERROR;
1281     goto fail;
1282   }
1283
1284   /* success */
1285   RPCRT4_FreeHeader(hdr);
1286   return status;
1287
1288 fail:
1289   RPCRT4_FreeHeader(hdr);
1290   RPCRT4_DestroyConnection(conn);
1291   pMsg->ReservedForRuntime = NULL;
1292   return status;
1293 }
1294
1295 /***********************************************************************
1296  *           I_RpcSendReceive [RPCRT4.@]
1297  *
1298  * Sends a message to the server and receives the response.
1299  *
1300  * PARAMS
1301  *  pMsg [I/O] RPC message information.
1302  *
1303  * RETURNS
1304  *  Success: RPC_S_OK.
1305  *  Failure: Any error code.
1306  *
1307  * NOTES
1308  *  The buffer must have been allocated with I_RpcGetBuffer().
1309  *
1310  * SEE ALSO
1311  *  I_RpcGetBuffer(), I_RpcSend(), I_RpcReceive().
1312  */
1313 RPC_STATUS WINAPI I_RpcSendReceive(PRPC_MESSAGE pMsg)
1314 {
1315   RPC_STATUS status;
1316   void *original_buffer;
1317
1318   TRACE("(%p)\n", pMsg);
1319
1320   original_buffer = pMsg->Buffer;
1321   status = I_RpcSend(pMsg);
1322   if (status == RPC_S_OK)
1323     status = I_RpcReceive(pMsg);
1324   /* free the buffer replaced by a new buffer in I_RpcReceive */
1325   if (status == RPC_S_OK)
1326     I_RpcFree(original_buffer);
1327   return status;
1328 }
1329
1330 /***********************************************************************
1331  *           I_RpcAsyncSetHandle [RPCRT4.@]
1332  *
1333  * Sets the asynchronous state of the handle contained in the RPC message
1334  * structure.
1335  *
1336  * PARAMS
1337  *  pMsg   [I] RPC Message structure.
1338  *  pAsync [I] Asynchronous state to set.
1339  *
1340  * RETURNS
1341  *  Success: RPC_S_OK.
1342  *  Failure: Any error code.
1343  */
1344 RPC_STATUS WINAPI I_RpcAsyncSetHandle(PRPC_MESSAGE pMsg, PRPC_ASYNC_STATE pAsync)
1345 {
1346     RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1347     RpcConnection *conn;
1348
1349     TRACE("(%p, %p)\n", pMsg, pAsync);
1350
1351     if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1352
1353     conn = pMsg->ReservedForRuntime;
1354     conn->async_state = pAsync;
1355
1356     return RPC_S_OK;
1357 }
1358
1359 /***********************************************************************
1360  *           I_RpcAsyncAbortCall [RPCRT4.@]
1361  *
1362  * Aborts an asynchronous call.
1363  *
1364  * PARAMS
1365  *  pAsync        [I] Asynchronous state.
1366  *  ExceptionCode [I] Exception code.
1367  *
1368  * RETURNS
1369  *  Success: RPC_S_OK.
1370  *  Failure: Any error code.
1371  */
1372 RPC_STATUS WINAPI I_RpcAsyncAbortCall(PRPC_ASYNC_STATE pAsync, ULONG ExceptionCode)
1373 {
1374     FIXME("(%p, %d): stub\n", pAsync, ExceptionCode);
1375     return RPC_S_INVALID_ASYNC_HANDLE;
1376 }