wined3d: Remove some unnecessary casts in process_vertices_strided().
[wine] / dlls / rpcrt4 / rpc_message.c
1 /*
2  * RPC messages
3  *
4  * Copyright 2001-2002 Ove Kåven, TransGaming Technologies
5  * Copyright 2004 Filip Navara
6  * Copyright 2006 CodeWeavers
7  *
8  * This library is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public
10  * License as published by the Free Software Foundation; either
11  * version 2.1 of the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public
19  * License along with this library; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21  */
22
23 #include <stdarg.h>
24 #include <stdio.h>
25 #include <string.h>
26
27 #include "windef.h"
28 #include "winbase.h"
29 #include "winerror.h"
30 #include "winuser.h"
31
32 #include "rpc.h"
33 #include "rpcndr.h"
34 #include "rpcdcep.h"
35
36 #include "wine/debug.h"
37
38 #include "rpc_binding.h"
39 #include "rpc_defs.h"
40 #include "rpc_message.h"
41 #include "ncastatus.h"
42
43 WINE_DEFAULT_DEBUG_CHANNEL(rpc);
44
45 /* note: the DCE/RPC spec says the alignment amount should be 4, but
46  * MS/RPC servers seem to always use 16 */
47 #define AUTH_ALIGNMENT 16
48
49 /* gets the amount needed to round a value up to the specified alignment */
50 #define ROUND_UP_AMOUNT(value, alignment) \
51     (((alignment) - (((value) % (alignment)))) % (alignment))
52 #define ROUND_UP(value, alignment) (((value) + ((alignment) - 1)) & ~((alignment)-1))
53
54 enum secure_packet_direction
55 {
56   SECURE_PACKET_SEND,
57   SECURE_PACKET_RECEIVE
58 };
59
60 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg);
61
62 static DWORD RPCRT4_GetHeaderSize(const RpcPktHdr *Header)
63 {
64   static const DWORD header_sizes[] = {
65     sizeof(Header->request), 0, sizeof(Header->response),
66     sizeof(Header->fault), 0, 0, 0, 0, 0, 0, 0, sizeof(Header->bind),
67     sizeof(Header->bind_ack), sizeof(Header->bind_nack),
68     0, 0, 0, 0, 0
69   };
70   ULONG ret = 0;
71   
72   if (Header->common.ptype < sizeof(header_sizes) / sizeof(header_sizes[0])) {
73     ret = header_sizes[Header->common.ptype];
74     if (ret == 0)
75       FIXME("unhandled packet type\n");
76     if (Header->common.flags & RPC_FLG_OBJECT_UUID)
77       ret += sizeof(UUID);
78   } else {
79     TRACE("invalid packet type\n");
80   }
81
82   return ret;
83 }
84
85 static int packet_has_body(const RpcPktHdr *Header)
86 {
87     return (Header->common.ptype == PKT_FAULT) ||
88            (Header->common.ptype == PKT_REQUEST) ||
89            (Header->common.ptype == PKT_RESPONSE);
90 }
91
92 static int packet_has_auth_verifier(const RpcPktHdr *Header)
93 {
94     return !(Header->common.ptype == PKT_BIND_NACK) &&
95            !(Header->common.ptype == PKT_SHUTDOWN);
96 }
97
98 static VOID RPCRT4_BuildCommonHeader(RpcPktHdr *Header, unsigned char PacketType,
99                               unsigned long DataRepresentation)
100 {
101   Header->common.rpc_ver = RPC_VER_MAJOR;
102   Header->common.rpc_ver_minor = RPC_VER_MINOR;
103   Header->common.ptype = PacketType;
104   Header->common.drep[0] = LOBYTE(LOWORD(DataRepresentation));
105   Header->common.drep[1] = HIBYTE(LOWORD(DataRepresentation));
106   Header->common.drep[2] = LOBYTE(HIWORD(DataRepresentation));
107   Header->common.drep[3] = HIBYTE(HIWORD(DataRepresentation));
108   Header->common.auth_len = 0;
109   Header->common.call_id = 1;
110   Header->common.flags = 0;
111   /* Flags and fragment length are computed in RPCRT4_Send. */
112 }                              
113
114 static RpcPktHdr *RPCRT4_BuildRequestHeader(unsigned long DataRepresentation,
115                                      unsigned long BufferLength,
116                                      unsigned short ProcNum,
117                                      UUID *ObjectUuid)
118 {
119   RpcPktHdr *header;
120   BOOL has_object;
121   RPC_STATUS status;
122
123   has_object = (ObjectUuid != NULL && !UuidIsNil(ObjectUuid, &status));
124   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
125                      sizeof(header->request) + (has_object ? sizeof(UUID) : 0));
126   if (header == NULL) {
127     return NULL;
128   }
129
130   RPCRT4_BuildCommonHeader(header, PKT_REQUEST, DataRepresentation);
131   header->common.frag_len = sizeof(header->request);
132   header->request.alloc_hint = BufferLength;
133   header->request.context_id = 0;
134   header->request.opnum = ProcNum;
135   if (has_object) {
136     header->common.flags |= RPC_FLG_OBJECT_UUID;
137     header->common.frag_len += sizeof(UUID);
138     memcpy(&header->request + 1, ObjectUuid, sizeof(UUID));
139   }
140
141   return header;
142 }
143
144 RpcPktHdr *RPCRT4_BuildResponseHeader(unsigned long DataRepresentation,
145                                       unsigned long BufferLength)
146 {
147   RpcPktHdr *header;
148
149   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->response));
150   if (header == NULL) {
151     return NULL;
152   }
153
154   RPCRT4_BuildCommonHeader(header, PKT_RESPONSE, DataRepresentation);
155   header->common.frag_len = sizeof(header->response);
156   header->response.alloc_hint = BufferLength;
157
158   return header;
159 }
160
161 RpcPktHdr *RPCRT4_BuildFaultHeader(unsigned long DataRepresentation,
162                                    RPC_STATUS Status)
163 {
164   RpcPktHdr *header;
165
166   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->fault));
167   if (header == NULL) {
168     return NULL;
169   }
170
171   RPCRT4_BuildCommonHeader(header, PKT_FAULT, DataRepresentation);
172   header->common.frag_len = sizeof(header->fault);
173   header->fault.status = Status;
174
175   return header;
176 }
177
178 RpcPktHdr *RPCRT4_BuildBindHeader(unsigned long DataRepresentation,
179                                   unsigned short MaxTransmissionSize,
180                                   unsigned short MaxReceiveSize,
181                                   unsigned long  AssocGroupId,
182                                   const RPC_SYNTAX_IDENTIFIER *AbstractId,
183                                   const RPC_SYNTAX_IDENTIFIER *TransferId)
184 {
185   RpcPktHdr *header;
186
187   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind));
188   if (header == NULL) {
189     return NULL;
190   }
191
192   RPCRT4_BuildCommonHeader(header, PKT_BIND, DataRepresentation);
193   header->common.frag_len = sizeof(header->bind);
194   header->bind.max_tsize = MaxTransmissionSize;
195   header->bind.max_rsize = MaxReceiveSize;
196   header->bind.assoc_gid = AssocGroupId;
197   header->bind.num_elements = 1;
198   header->bind.num_syntaxes = 1;
199   header->bind.abstract = *AbstractId;
200   header->bind.transfer = *TransferId;
201
202   return header;
203 }
204
205 static RpcPktHdr *RPCRT4_BuildAuthHeader(unsigned long DataRepresentation)
206 {
207   RpcPktHdr *header;
208
209   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
210                      sizeof(header->common) + 12);
211   if (header == NULL)
212     return NULL;
213
214   RPCRT4_BuildCommonHeader(header, PKT_AUTH3, DataRepresentation);
215   header->common.frag_len = 0x14;
216   header->common.auth_len = 0;
217
218   return header;
219 }
220
221 RpcPktHdr *RPCRT4_BuildBindNackHeader(unsigned long DataRepresentation,
222                                       unsigned char RpcVersion,
223                                       unsigned char RpcVersionMinor)
224 {
225   RpcPktHdr *header;
226
227   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(header->bind_nack));
228   if (header == NULL) {
229     return NULL;
230   }
231
232   RPCRT4_BuildCommonHeader(header, PKT_BIND_NACK, DataRepresentation);
233   header->common.frag_len = sizeof(header->bind_nack);
234   header->bind_nack.reject_reason = REJECT_REASON_NOT_SPECIFIED;
235   header->bind_nack.protocols_count = 1;
236   header->bind_nack.protocols[0].rpc_ver = RpcVersion;
237   header->bind_nack.protocols[0].rpc_ver_minor = RpcVersionMinor;
238
239   return header;
240 }
241
242 RpcPktHdr *RPCRT4_BuildBindAckHeader(unsigned long DataRepresentation,
243                                      unsigned short MaxTransmissionSize,
244                                      unsigned short MaxReceiveSize,
245                                      unsigned long AssocGroupId,
246                                      LPCSTR ServerAddress,
247                                      unsigned long Result,
248                                      unsigned long Reason,
249                                      const RPC_SYNTAX_IDENTIFIER *TransferId)
250 {
251   RpcPktHdr *header;
252   unsigned long header_size;
253   RpcAddressString *server_address;
254   RpcResults *results;
255   RPC_SYNTAX_IDENTIFIER *transfer_id;
256
257   header_size = sizeof(header->bind_ack) +
258                 ROUND_UP(FIELD_OFFSET(RpcAddressString, string[strlen(ServerAddress) + 1]), 4) +
259                 sizeof(RpcResults) +
260                 sizeof(RPC_SYNTAX_IDENTIFIER);
261
262   header = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, header_size);
263   if (header == NULL) {
264     return NULL;
265   }
266
267   RPCRT4_BuildCommonHeader(header, PKT_BIND_ACK, DataRepresentation);
268   header->common.frag_len = header_size;
269   header->bind_ack.max_tsize = MaxTransmissionSize;
270   header->bind_ack.max_rsize = MaxReceiveSize;
271   header->bind_ack.assoc_gid = AssocGroupId;
272   server_address = (RpcAddressString*)(&header->bind_ack + 1);
273   server_address->length = strlen(ServerAddress) + 1;
274   strcpy(server_address->string, ServerAddress);
275   /* results is 4-byte aligned */
276   results = (RpcResults*)((ULONG_PTR)server_address + ROUND_UP(FIELD_OFFSET(RpcAddressString, string[server_address->length]), 4));
277   results->num_results = 1;
278   results->results[0].result = Result;
279   results->results[0].reason = Reason;
280   transfer_id = (RPC_SYNTAX_IDENTIFIER*)(results + 1);
281   *transfer_id = *TransferId;
282
283   return header;
284 }
285
286 VOID RPCRT4_FreeHeader(RpcPktHdr *Header)
287 {
288   HeapFree(GetProcessHeap(), 0, Header);
289 }
290
291 NCA_STATUS RPC2NCA_STATUS(RPC_STATUS status)
292 {
293     switch (status)
294     {
295     case ERROR_INVALID_HANDLE:              return NCA_S_FAULT_CONTEXT_MISMATCH;
296     case ERROR_OUTOFMEMORY:                 return NCA_S_FAULT_REMOTE_NO_MEMORY;
297     case RPC_S_NOT_LISTENING:               return NCA_S_SERVER_TOO_BUSY;
298     case RPC_S_UNKNOWN_IF:                  return NCA_S_UNK_IF;
299     case RPC_S_SERVER_TOO_BUSY:             return NCA_S_SERVER_TOO_BUSY;
300     case RPC_S_CALL_FAILED:                 return NCA_S_FAULT_UNSPEC;
301     case RPC_S_CALL_FAILED_DNE:             return NCA_S_MANAGER_NOT_ENTERED;
302     case RPC_S_PROTOCOL_ERROR:              return NCA_S_PROTO_ERROR;
303     case RPC_S_UNSUPPORTED_TYPE:            return NCA_S_UNSUPPORTED_TYPE;
304     case RPC_S_INVALID_TAG:                 return NCA_S_FAULT_INVALID_TAG;
305     case RPC_S_INVALID_BOUND:               return NCA_S_FAULT_INVALID_BOUND;
306     case RPC_S_PROCNUM_OUT_OF_RANGE:        return NCA_S_OP_RNG_ERROR;
307     case RPC_X_SS_HANDLES_MISMATCH:         return NCA_S_FAULT_CONTEXT_MISMATCH;
308     case RPC_S_CALL_CANCELLED:              return NCA_S_FAULT_CANCEL;
309     case RPC_S_COMM_FAILURE:                return NCA_S_COMM_FAILURE;
310     case RPC_X_WRONG_PIPE_ORDER:            return NCA_S_FAULT_PIPE_ORDER;
311     case RPC_X_PIPE_CLOSED:                 return NCA_S_FAULT_PIPE_CLOSED;
312     case RPC_X_PIPE_DISCIPLINE_ERROR:       return NCA_S_FAULT_PIPE_DISCIPLINE;
313     case RPC_X_PIPE_EMPTY:                  return NCA_S_FAULT_PIPE_EMPTY;
314     case STATUS_FLOAT_DIVIDE_BY_ZERO:       return NCA_S_FAULT_FP_DIV_ZERO;
315     case STATUS_FLOAT_INVALID_OPERATION:    return NCA_S_FAULT_FP_ERROR;
316     case STATUS_FLOAT_OVERFLOW:             return NCA_S_FAULT_FP_OVERFLOW;
317     case STATUS_FLOAT_UNDERFLOW:            return NCA_S_FAULT_FP_UNDERFLOW;
318     case STATUS_INTEGER_DIVIDE_BY_ZERO:     return NCA_S_FAULT_INT_DIV_BY_ZERO;
319     case STATUS_INTEGER_OVERFLOW:           return NCA_S_FAULT_INT_OVERFLOW;
320     default:                                return status;
321     }
322 }
323
324 RPC_STATUS NCA2RPC_STATUS(NCA_STATUS status)
325 {
326     switch (status)
327     {
328     case NCA_S_COMM_FAILURE:            return RPC_S_COMM_FAILURE;
329     case NCA_S_OP_RNG_ERROR:            return RPC_S_PROCNUM_OUT_OF_RANGE;
330     case NCA_S_UNK_IF:                  return RPC_S_UNKNOWN_IF;
331     case NCA_S_YOU_CRASHED:             return RPC_S_CALL_FAILED;
332     case NCA_S_PROTO_ERROR:             return RPC_S_PROTOCOL_ERROR;
333     case NCA_S_OUT_ARGS_TOO_BIG:        return ERROR_NOT_ENOUGH_SERVER_MEMORY;
334     case NCA_S_SERVER_TOO_BUSY:         return RPC_S_SERVER_TOO_BUSY;
335     case NCA_S_UNSUPPORTED_TYPE:        return RPC_S_UNSUPPORTED_TYPE;
336     case NCA_S_FAULT_INT_DIV_BY_ZERO:   return RPC_S_ZERO_DIVIDE;
337     case NCA_S_FAULT_ADDR_ERROR:        return RPC_S_ADDRESS_ERROR;
338     case NCA_S_FAULT_FP_DIV_ZERO:       return RPC_S_FP_DIV_ZERO;
339     case NCA_S_FAULT_FP_UNDERFLOW:      return RPC_S_FP_UNDERFLOW;
340     case NCA_S_FAULT_FP_OVERFLOW:       return RPC_S_FP_OVERFLOW;
341     case NCA_S_FAULT_INVALID_TAG:       return RPC_S_INVALID_TAG;
342     case NCA_S_FAULT_INVALID_BOUND:     return RPC_S_INVALID_BOUND;
343     case NCA_S_RPC_VERSION_MISMATCH:    return RPC_S_PROTOCOL_ERROR;
344     case NCA_S_UNSPEC_REJECT:           return RPC_S_CALL_FAILED_DNE;
345     case NCA_S_BAD_ACTID:               return RPC_S_CALL_FAILED_DNE;
346     case NCA_S_WHO_ARE_YOU_FAILED:      return RPC_S_CALL_FAILED;
347     case NCA_S_MANAGER_NOT_ENTERED:     return RPC_S_CALL_FAILED_DNE;
348     case NCA_S_FAULT_CANCEL:            return RPC_S_CALL_CANCELLED;
349     case NCA_S_FAULT_ILL_INST:          return RPC_S_ADDRESS_ERROR;
350     case NCA_S_FAULT_FP_ERROR:          return RPC_S_FP_OVERFLOW;
351     case NCA_S_FAULT_INT_OVERFLOW:      return RPC_S_ADDRESS_ERROR;
352     case NCA_S_FAULT_UNSPEC:            return RPC_S_CALL_FAILED;
353     case NCA_S_FAULT_PIPE_EMPTY:        return RPC_X_PIPE_EMPTY;
354     case NCA_S_FAULT_PIPE_CLOSED:       return RPC_X_PIPE_CLOSED;
355     case NCA_S_FAULT_PIPE_ORDER:        return RPC_X_WRONG_PIPE_ORDER;
356     case NCA_S_FAULT_PIPE_DISCIPLINE:   return RPC_X_PIPE_DISCIPLINE_ERROR;
357     case NCA_S_FAULT_PIPE_COMM_ERROR:   return RPC_S_COMM_FAILURE;
358     case NCA_S_FAULT_PIPE_MEMORY:       return ERROR_OUTOFMEMORY;
359     case NCA_S_FAULT_CONTEXT_MISMATCH:  return ERROR_INVALID_HANDLE;
360     case NCA_S_FAULT_REMOTE_NO_MEMORY:  return ERROR_NOT_ENOUGH_SERVER_MEMORY;
361     default:                            return status;
362     }
363 }
364
365 static RPC_STATUS RPCRT4_SecurePacket(RpcConnection *Connection,
366     enum secure_packet_direction dir,
367     RpcPktHdr *hdr, unsigned int hdr_size,
368     unsigned char *stub_data, unsigned int stub_data_size,
369     RpcAuthVerifier *auth_hdr,
370     unsigned char *auth_value, unsigned int auth_value_size)
371 {
372     SecBufferDesc message;
373     SecBuffer buffers[4];
374     SECURITY_STATUS sec_status;
375
376     message.ulVersion = SECBUFFER_VERSION;
377     message.cBuffers = sizeof(buffers)/sizeof(buffers[0]);
378     message.pBuffers = buffers;
379
380     buffers[0].cbBuffer = hdr_size;
381     buffers[0].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
382     buffers[0].pvBuffer = hdr;
383     buffers[1].cbBuffer = stub_data_size;
384     buffers[1].BufferType = SECBUFFER_DATA;
385     buffers[1].pvBuffer = stub_data;
386     buffers[2].cbBuffer = sizeof(*auth_hdr);
387     buffers[2].BufferType = SECBUFFER_DATA|SECBUFFER_READONLY_WITH_CHECKSUM;
388     buffers[2].pvBuffer = auth_hdr;
389     buffers[3].cbBuffer = auth_value_size;
390     buffers[3].BufferType = SECBUFFER_TOKEN;
391     buffers[3].pvBuffer = auth_value;
392
393     if (dir == SECURE_PACKET_SEND)
394     {
395         if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
396         {
397             sec_status = EncryptMessage(&Connection->ctx, 0, &message, 0 /* FIXME */);
398             if (sec_status != SEC_E_OK)
399             {
400                 ERR("EncryptMessage failed with 0x%08x\n", sec_status);
401                 return RPC_S_SEC_PKG_ERROR;
402             }
403         }
404         else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
405         {
406             sec_status = MakeSignature(&Connection->ctx, 0, &message, 0 /* FIXME */);
407             if (sec_status != SEC_E_OK)
408             {
409                 ERR("MakeSignature failed with 0x%08x\n", sec_status);
410                 return RPC_S_SEC_PKG_ERROR;
411             }
412         }
413     }
414     else if (dir == SECURE_PACKET_RECEIVE)
415     {
416         if ((auth_hdr->auth_level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(hdr))
417         {
418             sec_status = DecryptMessage(&Connection->ctx, &message, 0 /* FIXME */, 0);
419             if (sec_status != SEC_E_OK)
420             {
421                 ERR("DecryptMessage failed with 0x%08x\n", sec_status);
422                 return RPC_S_SEC_PKG_ERROR;
423             }
424         }
425         else if (auth_hdr->auth_level != RPC_C_AUTHN_LEVEL_NONE)
426         {
427             sec_status = VerifySignature(&Connection->ctx, &message, 0 /* FIXME */, NULL);
428             if (sec_status != SEC_E_OK)
429             {
430                 ERR("VerifySignature failed with 0x%08x\n", sec_status);
431                 return RPC_S_SEC_PKG_ERROR;
432             }
433         }
434     }
435
436     return RPC_S_OK;
437 }
438          
439 /***********************************************************************
440  *           RPCRT4_SendWithAuth (internal)
441  * 
442  * Transmit a packet with authorization data over connection in acceptable fragments.
443  */
444 static RPC_STATUS RPCRT4_SendWithAuth(RpcConnection *Connection, RpcPktHdr *Header,
445                                       void *Buffer, unsigned int BufferLength,
446                                       const void *Auth, unsigned int AuthLength)
447 {
448   PUCHAR buffer_pos;
449   DWORD hdr_size;
450   LONG count;
451   unsigned char *pkt;
452   LONG alen;
453   RPC_STATUS status;
454
455   RPCRT4_SetThreadCurrentConnection(Connection);
456
457   buffer_pos = Buffer;
458   /* The packet building functions save the packet header size, so we can use it. */
459   hdr_size = Header->common.frag_len;
460   if (AuthLength)
461     Header->common.auth_len = AuthLength;
462   else if (Connection->AuthInfo && packet_has_auth_verifier(Header))
463   {
464     if ((Connection->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY) && packet_has_body(Header))
465       Header->common.auth_len = Connection->encryption_auth_len;
466     else
467       Header->common.auth_len = Connection->signature_auth_len;
468   }
469   else
470     Header->common.auth_len = 0;
471   Header->common.flags |= RPC_FLG_FIRST;
472   Header->common.flags &= ~RPC_FLG_LAST;
473
474   alen = RPC_AUTH_VERIFIER_LEN(&Header->common);
475
476   while (!(Header->common.flags & RPC_FLG_LAST)) {
477     unsigned char auth_pad_len = Header->common.auth_len ? ROUND_UP_AMOUNT(BufferLength, AUTH_ALIGNMENT) : 0;
478     unsigned int pkt_size = BufferLength + hdr_size + alen + auth_pad_len;
479
480     /* decide if we need to split the packet into fragments */
481    if (pkt_size <= Connection->MaxTransmissionSize) {
482      Header->common.flags |= RPC_FLG_LAST;
483      Header->common.frag_len = pkt_size;
484     } else {
485       auth_pad_len = 0;
486       /* make sure packet payload will be a multiple of 16 */
487       Header->common.frag_len =
488         ((Connection->MaxTransmissionSize - hdr_size - alen) & ~(AUTH_ALIGNMENT-1)) +
489         hdr_size + alen;
490     }
491
492     pkt = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, Header->common.frag_len);
493
494     memcpy(pkt, Header, hdr_size);
495
496     /* fragment consisted of header only and is the last one */
497     if (hdr_size == Header->common.frag_len)
498       goto write;
499
500     memcpy(pkt + hdr_size, buffer_pos, Header->common.frag_len - hdr_size - auth_pad_len - alen);
501
502     /* add the authorization info */
503     if (Connection->AuthInfo && packet_has_auth_verifier(Header))
504     {
505       RpcAuthVerifier *auth_hdr = (RpcAuthVerifier *)&pkt[Header->common.frag_len - alen];
506
507       auth_hdr->auth_type = Connection->AuthInfo->AuthnSvc;
508       auth_hdr->auth_level = Connection->AuthInfo->AuthnLevel;
509       auth_hdr->auth_pad_length = auth_pad_len;
510       auth_hdr->auth_reserved = 0;
511       /* a unique number... */
512       auth_hdr->auth_context_id = (unsigned long)Connection;
513
514       if (AuthLength)
515         memcpy(auth_hdr + 1, Auth, AuthLength);
516       else
517       {
518         status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_SEND,
519             (RpcPktHdr *)pkt, hdr_size,
520             pkt + hdr_size, Header->common.frag_len - hdr_size - alen,
521             auth_hdr,
522             (unsigned char *)(auth_hdr + 1), Header->common.auth_len);
523         if (status != RPC_S_OK)
524         {
525           HeapFree(GetProcessHeap(), 0, pkt);
526           RPCRT4_SetThreadCurrentConnection(NULL);
527           return status;
528         }
529       }
530     }
531
532 write:
533     count = rpcrt4_conn_write(Connection, pkt, Header->common.frag_len);
534     HeapFree(GetProcessHeap(), 0, pkt);
535     if (count<0) {
536       WARN("rpcrt4_conn_write failed (auth)\n");
537       RPCRT4_SetThreadCurrentConnection(NULL);
538       return RPC_S_CALL_FAILED;
539     }
540
541     buffer_pos += Header->common.frag_len - hdr_size - alen - auth_pad_len;
542     BufferLength -= Header->common.frag_len - hdr_size - alen - auth_pad_len;
543     Header->common.flags &= ~RPC_FLG_FIRST;
544   }
545
546   RPCRT4_SetThreadCurrentConnection(NULL);
547   return RPC_S_OK;
548 }
549
550 /***********************************************************************
551  *           RPCRT4_ClientAuthorize (internal)
552  *
553  * Authorize a client connection. A NULL in param signifies a new connection.
554  */
555 static RPC_STATUS RPCRT4_ClientAuthorize(RpcConnection *conn, SecBuffer *in,
556                                          SecBuffer *out)
557 {
558   SECURITY_STATUS r;
559   SecBufferDesc out_desc;
560   SecBufferDesc inp_desc;
561   SecPkgContext_Sizes secctx_sizes;
562   BOOL continue_needed;
563   ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
564                       ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE;
565
566   if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
567     context_req |= ISC_REQ_INTEGRITY;
568   else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
569     context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
570
571   out->BufferType = SECBUFFER_TOKEN;
572   out->cbBuffer = conn->AuthInfo->cbMaxToken;
573   out->pvBuffer = HeapAlloc(GetProcessHeap(), 0, out->cbBuffer);
574   if (!out->pvBuffer) return ERROR_OUTOFMEMORY;
575
576   out_desc.ulVersion = 0;
577   out_desc.cBuffers = 1;
578   out_desc.pBuffers = out;
579
580   inp_desc.cBuffers = 1;
581   inp_desc.pBuffers = in;
582   inp_desc.ulVersion = 0;
583
584   r = InitializeSecurityContextW(&conn->AuthInfo->cred, in ? &conn->ctx : NULL,
585         in ? NULL : conn->AuthInfo->server_principal_name, context_req, 0,
586         SECURITY_NETWORK_DREP, in ? &inp_desc : NULL, 0, &conn->ctx,
587         &out_desc, &conn->attr, &conn->exp);
588   if (FAILED(r))
589   {
590       WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
591       goto failed;
592   }
593
594   TRACE("r = 0x%08x, attr = 0x%08x\n", r, conn->attr);
595   continue_needed = ((r == SEC_I_CONTINUE_NEEDED) ||
596                      (r == SEC_I_COMPLETE_AND_CONTINUE));
597
598   if ((r == SEC_I_COMPLETE_NEEDED) || (r == SEC_I_COMPLETE_AND_CONTINUE))
599   {
600       TRACE("complete needed\n");
601       r = CompleteAuthToken(&conn->ctx, &out_desc);
602       if (FAILED(r))
603       {
604           WARN("CompleteAuthToken failed with error 0x%08x\n", r);
605           goto failed;
606       }
607   }
608
609   TRACE("cbBuffer = %ld\n", out->cbBuffer);
610
611   if (!continue_needed)
612   {
613       r = QueryContextAttributesA(&conn->ctx, SECPKG_ATTR_SIZES, &secctx_sizes);
614       if (FAILED(r))
615       {
616           WARN("QueryContextAttributes failed with error 0x%08x\n", r);
617           goto failed;
618       }
619       conn->signature_auth_len = secctx_sizes.cbMaxSignature;
620       conn->encryption_auth_len = secctx_sizes.cbSecurityTrailer;
621   }
622
623   return RPC_S_OK;
624
625 failed:
626   HeapFree(GetProcessHeap(), 0, out->pvBuffer);
627   out->pvBuffer = NULL;
628   return ERROR_ACCESS_DENIED; /* FIXME: is this correct? */
629 }
630
631 /***********************************************************************
632  *           RPCRT4_AuthorizeBinding (internal)
633  */
634 RPC_STATUS RPCRT4_AuthorizeConnection(RpcConnection* conn, BYTE *challenge,
635                                       ULONG count)
636 {
637   SecBuffer inp, out;
638   RpcPktHdr *resp_hdr;
639   RPC_STATUS status;
640
641   TRACE("challenge %s, %d bytes\n", challenge, count);
642
643   inp.BufferType = SECBUFFER_TOKEN;
644   inp.pvBuffer = challenge;
645   inp.cbBuffer = count;
646
647   status = RPCRT4_ClientAuthorize(conn, &inp, &out);
648   if (status) return status;
649
650   resp_hdr = RPCRT4_BuildAuthHeader(NDR_LOCAL_DATA_REPRESENTATION);
651   if (!resp_hdr)
652     return E_OUTOFMEMORY;
653
654   status = RPCRT4_SendWithAuth(conn, resp_hdr, NULL, 0, out.pvBuffer, out.cbBuffer);
655
656   HeapFree(GetProcessHeap(), 0, out.pvBuffer);
657   RPCRT4_FreeHeader(resp_hdr);
658
659   return status;
660 }
661
662 /***********************************************************************
663  *           RPCRT4_Send (internal)
664  * 
665  * Transmit a packet over connection in acceptable fragments.
666  */
667 RPC_STATUS RPCRT4_Send(RpcConnection *Connection, RpcPktHdr *Header,
668                        void *Buffer, unsigned int BufferLength)
669 {
670   RPC_STATUS r;
671   SecBuffer out;
672
673   if (!Connection->AuthInfo || SecIsValidHandle(&Connection->ctx))
674   {
675     return RPCRT4_SendWithAuth(Connection, Header, Buffer, BufferLength, NULL, 0);
676   }
677
678   /* tack on a negotiate packet */
679   r = RPCRT4_ClientAuthorize(Connection, NULL, &out);
680   if (r == RPC_S_OK)
681   {
682     r = RPCRT4_SendWithAuth(Connection, Header, Buffer, BufferLength, out.pvBuffer, out.cbBuffer);
683     HeapFree(GetProcessHeap(), 0, out.pvBuffer);
684   }
685
686   return r;
687 }
688
689 /* validates version and frag_len fields */
690 RPC_STATUS RPCRT4_ValidateCommonHeader(const RpcPktCommonHdr *hdr)
691 {
692   DWORD hdr_length;
693
694   /* verify if the header really makes sense */
695   if (hdr->rpc_ver != RPC_VER_MAJOR ||
696       hdr->rpc_ver_minor != RPC_VER_MINOR)
697   {
698     WARN("unhandled packet version\n");
699     return RPC_S_PROTOCOL_ERROR;
700   }
701
702   hdr_length = RPCRT4_GetHeaderSize((const RpcPktHdr*)hdr);
703   if (hdr_length == 0)
704   {
705     WARN("header length == 0\n");
706     return RPC_S_PROTOCOL_ERROR;
707   }
708
709   if (hdr->frag_len < hdr_length)
710   {
711     WARN("bad frag length %d\n", hdr->frag_len);
712     return RPC_S_PROTOCOL_ERROR;
713   }
714
715   return RPC_S_OK;
716 }
717
718 /***********************************************************************
719  *           RPCRT4_receive_fragment (internal)
720  * 
721  * Receive a fragment from a connection.
722  */
723 RPC_STATUS RPCRT4_receive_fragment(RpcConnection *Connection, RpcPktHdr **Header, void **Payload)
724 {
725   RPC_STATUS status;
726   DWORD hdr_length;
727   LONG dwRead;
728   RpcPktCommonHdr common_hdr;
729
730   *Header = NULL;
731   *Payload = NULL;
732
733   TRACE("(%p, %p, %p)\n", Connection, Header, Payload);
734
735   /* read packet common header */
736   dwRead = rpcrt4_conn_read(Connection, &common_hdr, sizeof(common_hdr));
737   if (dwRead != sizeof(common_hdr)) {
738     WARN("Short read of header, %d bytes\n", dwRead);
739     status = RPC_S_CALL_FAILED;
740     goto fail;
741   }
742
743   status = RPCRT4_ValidateCommonHeader(&common_hdr);
744   if (status != RPC_S_OK) goto fail;
745
746   hdr_length = RPCRT4_GetHeaderSize((RpcPktHdr*)&common_hdr);
747   if (hdr_length == 0) {
748     WARN("header length == 0\n");
749     status = RPC_S_PROTOCOL_ERROR;
750     goto fail;
751   }
752
753   *Header = HeapAlloc(GetProcessHeap(), 0, hdr_length);
754   memcpy(*Header, &common_hdr, sizeof(common_hdr));
755
756   /* read the rest of packet header */
757   dwRead = rpcrt4_conn_read(Connection, &(*Header)->common + 1, hdr_length - sizeof(common_hdr));
758   if (dwRead != hdr_length - sizeof(common_hdr)) {
759     WARN("bad header length, %d bytes, hdr_length %d\n", dwRead, hdr_length);
760     status = RPC_S_CALL_FAILED;
761     goto fail;
762   }
763
764   if (common_hdr.frag_len - hdr_length)
765   {
766     *Payload = HeapAlloc(GetProcessHeap(), 0, common_hdr.frag_len - hdr_length);
767     if (!*Payload)
768     {
769       status = RPC_S_OUT_OF_RESOURCES;
770       goto fail;
771     }
772
773     dwRead = rpcrt4_conn_read(Connection, *Payload, common_hdr.frag_len - hdr_length);
774     if (dwRead != common_hdr.frag_len - hdr_length)
775     {
776       WARN("bad data length, %d/%d\n", dwRead, common_hdr.frag_len - hdr_length);
777       status = RPC_S_CALL_FAILED;
778       goto fail;
779     }
780   }
781   else
782     *Payload = NULL;
783
784   /* success */
785   status = RPC_S_OK;
786
787 fail:
788   if (status != RPC_S_OK) {
789     RPCRT4_FreeHeader(*Header);
790     *Header = NULL;
791     HeapFree(GetProcessHeap(), 0, *Payload);
792     *Payload = NULL;
793   }
794   return status;
795 }
796
797 /***********************************************************************
798  *           RPCRT4_ReceiveWithAuth (internal)
799  *
800  * Receive a packet from connection, merge the fragments and return the auth
801  * data.
802  */
803 RPC_STATUS RPCRT4_ReceiveWithAuth(RpcConnection *Connection, RpcPktHdr **Header,
804                                   PRPC_MESSAGE pMsg,
805                                   unsigned char **auth_data_out,
806                                   unsigned long *auth_length_out)
807 {
808   RPC_STATUS status;
809   DWORD hdr_length;
810   unsigned short first_flag;
811   unsigned long data_length;
812   unsigned long buffer_length;
813   unsigned long auth_length = 0;
814   unsigned char *auth_data = NULL;
815   RpcPktHdr *CurrentHeader = NULL;
816   void *payload = NULL;
817
818   *Header = NULL;
819   pMsg->Buffer = NULL;
820
821   TRACE("(%p, %p, %p, %p)\n", Connection, Header, pMsg, auth_data_out);
822
823   RPCRT4_SetThreadCurrentConnection(Connection);
824
825   status = RPCRT4_receive_fragment(Connection, Header, &payload);
826   if (status != RPC_S_OK) goto fail;
827
828   hdr_length = RPCRT4_GetHeaderSize(*Header);
829
830   /* read packet body */
831   switch ((*Header)->common.ptype) {
832   case PKT_RESPONSE:
833     pMsg->BufferLength = (*Header)->response.alloc_hint;
834     break;
835   case PKT_REQUEST:
836     pMsg->BufferLength = (*Header)->request.alloc_hint;
837     break;
838   default:
839     pMsg->BufferLength = (*Header)->common.frag_len - hdr_length - RPC_AUTH_VERIFIER_LEN(&(*Header)->common);
840   }
841
842   TRACE("buffer length = %u\n", pMsg->BufferLength);
843
844   pMsg->Buffer = I_RpcAllocate(pMsg->BufferLength);
845   if (!pMsg->Buffer)
846   {
847     status = ERROR_OUTOFMEMORY;
848     goto fail;
849   }
850
851   first_flag = RPC_FLG_FIRST;
852   auth_length = (*Header)->common.auth_len;
853   if (auth_length) {
854     auth_data = HeapAlloc(GetProcessHeap(), 0, RPC_AUTH_VERIFIER_LEN(&(*Header)->common));
855     if (!auth_data) {
856       status = RPC_S_OUT_OF_RESOURCES;
857       goto fail;
858     }
859   }
860   CurrentHeader = *Header;
861   buffer_length = 0;
862   while (TRUE)
863   {
864     unsigned int header_auth_len = RPC_AUTH_VERIFIER_LEN(&CurrentHeader->common);
865
866     /* verify header fields */
867
868     if ((CurrentHeader->common.frag_len < hdr_length) ||
869         (CurrentHeader->common.frag_len - hdr_length < header_auth_len)) {
870       WARN("frag_len %d too small for hdr_length %d and auth_len %d\n",
871         CurrentHeader->common.frag_len, hdr_length, CurrentHeader->common.auth_len);
872       status = RPC_S_PROTOCOL_ERROR;
873       goto fail;
874     }
875
876     if (CurrentHeader->common.auth_len != auth_length) {
877       WARN("auth_len header field changed from %ld to %d\n",
878         auth_length, CurrentHeader->common.auth_len);
879       status = RPC_S_PROTOCOL_ERROR;
880       goto fail;
881     }
882
883     if ((CurrentHeader->common.flags & RPC_FLG_FIRST) != first_flag) {
884       TRACE("invalid packet flags\n");
885       status = RPC_S_PROTOCOL_ERROR;
886       goto fail;
887     }
888
889     data_length = CurrentHeader->common.frag_len - hdr_length - header_auth_len;
890     if (data_length + buffer_length > pMsg->BufferLength) {
891       TRACE("allocation hint exceeded, new buffer length = %ld\n",
892         data_length + buffer_length);
893       pMsg->BufferLength = data_length + buffer_length;
894       status = I_RpcReAllocateBuffer(pMsg);
895       if (status != RPC_S_OK) goto fail;
896     }
897
898     memcpy((unsigned char *)pMsg->Buffer + buffer_length, payload, data_length);
899
900     if (header_auth_len) {
901       if (header_auth_len < sizeof(RpcAuthVerifier) ||
902           header_auth_len > RPC_AUTH_VERIFIER_LEN(&(*Header)->common)) {
903         WARN("bad auth verifier length %d\n", header_auth_len);
904         status = RPC_S_PROTOCOL_ERROR;
905         goto fail;
906       }
907
908       /* FIXME: we should accumulate authentication data for the bind,
909        * bind_ack, alter_context and alter_context_response if necessary.
910        * however, the details of how this is done is very sketchy in the
911        * DCE/RPC spec. for all other packet types that have authentication
912        * verifier data then it is just duplicated in all the fragments */
913       memcpy(auth_data, (unsigned char *)payload + data_length, header_auth_len);
914
915       /* these packets are handled specially, not by the generic SecurePacket
916        * function */
917       if (!auth_data_out && SecIsValidHandle(&Connection->ctx))
918       {
919         status = RPCRT4_SecurePacket(Connection, SECURE_PACKET_RECEIVE,
920             CurrentHeader, hdr_length,
921             (unsigned char *)pMsg->Buffer + buffer_length, data_length,
922             (RpcAuthVerifier *)auth_data,
923             auth_data + sizeof(RpcAuthVerifier),
924             header_auth_len - sizeof(RpcAuthVerifier));
925         if (status != RPC_S_OK) goto fail;
926       }
927     }
928
929     buffer_length += data_length;
930     if (!(CurrentHeader->common.flags & RPC_FLG_LAST)) {
931       TRACE("next header\n");
932
933       if (*Header != CurrentHeader)
934       {
935           RPCRT4_FreeHeader(CurrentHeader);
936           CurrentHeader = NULL;
937       }
938       HeapFree(GetProcessHeap(), 0, payload);
939       payload = NULL;
940
941       status = RPCRT4_receive_fragment(Connection, &CurrentHeader, &payload);
942       if (status != RPC_S_OK) goto fail;
943
944       first_flag = 0;
945     } else {
946       break;
947     }
948   }
949   pMsg->BufferLength = buffer_length;
950
951   /* success */
952   status = RPC_S_OK;
953
954 fail:
955   RPCRT4_SetThreadCurrentConnection(NULL);
956   if (CurrentHeader != *Header)
957     RPCRT4_FreeHeader(CurrentHeader);
958   if (status != RPC_S_OK) {
959     I_RpcFree(pMsg->Buffer);
960     pMsg->Buffer = NULL;
961     RPCRT4_FreeHeader(*Header);
962     *Header = NULL;
963   }
964   if (auth_data_out && status == RPC_S_OK) {
965     *auth_length_out = auth_length;
966     *auth_data_out = auth_data;
967   }
968   else
969     HeapFree(GetProcessHeap(), 0, auth_data);
970   HeapFree(GetProcessHeap(), 0, payload);
971   return status;
972 }
973
974 /***********************************************************************
975  *           RPCRT4_Receive (internal)
976  *
977  * Receive a packet from connection and merge the fragments.
978  */
979 RPC_STATUS RPCRT4_Receive(RpcConnection *Connection, RpcPktHdr **Header,
980                           PRPC_MESSAGE pMsg)
981 {
982     return RPCRT4_ReceiveWithAuth(Connection, Header, pMsg, NULL, NULL);
983 }
984
985 /***********************************************************************
986  *           I_RpcNegotiateTransferSyntax [RPCRT4.@]
987  *
988  * Negotiates the transfer syntax used by a client connection by connecting
989  * to the server.
990  *
991  * PARAMS
992  *  pMsg   [I] RPC Message structure.
993  *  pAsync [I] Asynchronous state to set.
994  *
995  * RETURNS
996  *  Success: RPC_S_OK.
997  *  Failure: Any error code.
998  */
999 RPC_STATUS WINAPI I_RpcNegotiateTransferSyntax(PRPC_MESSAGE pMsg)
1000 {
1001   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1002   RpcConnection* conn;
1003   RPC_STATUS status = RPC_S_OK;
1004
1005   TRACE("(%p)\n", pMsg);
1006
1007   if (!bind || bind->server)
1008   {
1009     ERR("no binding\n");
1010     return RPC_S_INVALID_BINDING;
1011   }
1012
1013   /* if we already have a connection, we don't need to negotiate again */
1014   if (!pMsg->ReservedForRuntime)
1015   {
1016     RPC_CLIENT_INTERFACE *cif = pMsg->RpcInterfaceInformation;
1017     if (!cif) return RPC_S_INTERFACE_NOT_FOUND;
1018
1019     if (!bind->Endpoint || !bind->Endpoint[0])
1020     {
1021       TRACE("automatically resolving partially bound binding\n");
1022       status = RpcEpResolveBinding(bind, cif);
1023       if (status != RPC_S_OK) return status;
1024     }
1025
1026     status = RPCRT4_OpenBinding(bind, &conn, &cif->TransferSyntax,
1027                                 &cif->InterfaceId);
1028
1029     if (status == RPC_S_OK)
1030     {
1031       pMsg->ReservedForRuntime = conn;
1032       RPCRT4_AddRefBinding(bind);
1033     }
1034   }
1035
1036   return status;
1037 }
1038
1039 /***********************************************************************
1040  *           I_RpcGetBuffer [RPCRT4.@]
1041  *
1042  * Allocates a buffer for use by I_RpcSend or I_RpcSendReceive and binds to the
1043  * server interface.
1044  *
1045  * PARAMS
1046  *  pMsg [I/O] RPC message information.
1047  *
1048  * RETURNS
1049  *  Success: RPC_S_OK.
1050  *  Failure: RPC_S_INVALID_BINDING if pMsg->Handle is invalid.
1051  *           RPC_S_SERVER_UNAVAILABLE if unable to connect to server.
1052  *           ERROR_OUTOFMEMORY if buffer allocation failed.
1053  *
1054  * NOTES
1055  *  The pMsg->BufferLength field determines the size of the buffer to allocate,
1056  *  in bytes.
1057  *
1058  *  Use I_RpcFreeBuffer() to unbind from the server and free the message buffer.
1059  *
1060  * SEE ALSO
1061  *  I_RpcFreeBuffer(), I_RpcSend(), I_RpcReceive(), I_RpcSendReceive().
1062  */
1063 RPC_STATUS WINAPI I_RpcGetBuffer(PRPC_MESSAGE pMsg)
1064 {
1065   RPC_STATUS status;
1066   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1067
1068   TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
1069
1070   if (!bind)
1071   {
1072     ERR("no binding\n");
1073     return RPC_S_INVALID_BINDING;
1074   }
1075
1076   pMsg->Buffer = I_RpcAllocate(pMsg->BufferLength);
1077   TRACE("Buffer=%p\n", pMsg->Buffer);
1078
1079   if (!pMsg->Buffer)
1080     return ERROR_OUTOFMEMORY;
1081
1082   if (!bind->server)
1083   {
1084     status = I_RpcNegotiateTransferSyntax(pMsg);
1085     if (status != RPC_S_OK)
1086       I_RpcFree(pMsg->Buffer);
1087   }
1088   else
1089     status = RPC_S_OK;
1090
1091   return status;
1092 }
1093
1094 /***********************************************************************
1095  *           I_RpcReAllocateBuffer (internal)
1096  */
1097 static RPC_STATUS I_RpcReAllocateBuffer(PRPC_MESSAGE pMsg)
1098 {
1099   TRACE("(%p): BufferLength=%d\n", pMsg, pMsg->BufferLength);
1100   pMsg->Buffer = HeapReAlloc(GetProcessHeap(), 0, pMsg->Buffer, pMsg->BufferLength);
1101
1102   TRACE("Buffer=%p\n", pMsg->Buffer);
1103   return pMsg->Buffer ? RPC_S_OK : ERROR_OUTOFMEMORY;
1104 }
1105
1106 /***********************************************************************
1107  *           I_RpcFreeBuffer [RPCRT4.@]
1108  *
1109  * Frees a buffer allocated by I_RpcGetBuffer or I_RpcReceive and unbinds from
1110  * the server interface.
1111  *
1112  * PARAMS
1113  *  pMsg [I/O] RPC message information.
1114  *
1115  * RETURNS
1116  *  RPC_S_OK.
1117  *
1118  * SEE ALSO
1119  *  I_RpcGetBuffer(), I_RpcReceive().
1120  */
1121 RPC_STATUS WINAPI I_RpcFreeBuffer(PRPC_MESSAGE pMsg)
1122 {
1123   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1124
1125   TRACE("(%p) Buffer=%p\n", pMsg, pMsg->Buffer);
1126
1127   if (!bind)
1128   {
1129     ERR("no binding\n");
1130     return RPC_S_INVALID_BINDING;
1131   }
1132
1133   if (pMsg->ReservedForRuntime)
1134   {
1135     RpcConnection *conn = pMsg->ReservedForRuntime;
1136     RPCRT4_CloseBinding(bind, conn);
1137     RPCRT4_ReleaseBinding(bind);
1138     pMsg->ReservedForRuntime = NULL;
1139   }
1140   I_RpcFree(pMsg->Buffer);
1141   return RPC_S_OK;
1142 }
1143
1144 static void CALLBACK async_apc_notifier_proc(ULONG_PTR ulParam)
1145 {
1146     RPC_ASYNC_STATE *state = (RPC_ASYNC_STATE *)ulParam;
1147     state->u.APC.NotificationRoutine(state, NULL, state->Event);
1148 }
1149
1150 static DWORD WINAPI async_notifier_proc(LPVOID p)
1151 {
1152     RpcConnection *conn = p;
1153     RPC_ASYNC_STATE *state = conn->async_state;
1154
1155     if (state && conn->ops->wait_for_incoming_data(conn) != -1)
1156     {
1157         state->Event = RpcCallComplete;
1158         switch (state->NotificationType)
1159         {
1160         case RpcNotificationTypeEvent:
1161             TRACE("RpcNotificationTypeEvent %p\n", state->u.hEvent);
1162             SetEvent(state->u.hEvent);
1163             break;
1164         case RpcNotificationTypeApc:
1165             TRACE("RpcNotificationTypeApc %p\n", state->u.APC.hThread);
1166             QueueUserAPC(async_apc_notifier_proc, state->u.APC.hThread, (ULONG_PTR)state);
1167             break;
1168         case RpcNotificationTypeIoc:
1169             TRACE("RpcNotificationTypeIoc %p, 0x%x, 0x%lx, %p\n",
1170                 state->u.IOC.hIOPort, state->u.IOC.dwNumberOfBytesTransferred,
1171                 state->u.IOC.dwCompletionKey, state->u.IOC.lpOverlapped);
1172             PostQueuedCompletionStatus(state->u.IOC.hIOPort,
1173                 state->u.IOC.dwNumberOfBytesTransferred,
1174                 state->u.IOC.dwCompletionKey,
1175                 state->u.IOC.lpOverlapped);
1176             break;
1177         case RpcNotificationTypeHwnd:
1178             TRACE("RpcNotificationTypeHwnd %p 0x%x\n", state->u.HWND.hWnd,
1179                 state->u.HWND.Msg);
1180             PostMessageW(state->u.HWND.hWnd, state->u.HWND.Msg, 0, 0);
1181             break;
1182         case RpcNotificationTypeCallback:
1183             TRACE("RpcNotificationTypeCallback %p\n", state->u.NotificationRoutine);
1184             state->u.NotificationRoutine(state, NULL, state->Event);
1185             break;
1186         case RpcNotificationTypeNone:
1187             TRACE("RpcNotificationTypeNone\n");
1188             break;
1189         default:
1190             FIXME("unknown NotificationType: %d/0x%x\n", state->NotificationType, state->NotificationType);
1191             break;
1192         }
1193     }
1194
1195     return 0;
1196 }
1197
1198 /***********************************************************************
1199  *           I_RpcSend [RPCRT4.@]
1200  *
1201  * Sends a message to the server.
1202  *
1203  * PARAMS
1204  *  pMsg [I/O] RPC message information.
1205  *
1206  * RETURNS
1207  *  Unknown.
1208  *
1209  * NOTES
1210  *  The buffer must have been allocated with I_RpcGetBuffer().
1211  *
1212  * SEE ALSO
1213  *  I_RpcGetBuffer(), I_RpcReceive(), I_RpcSendReceive().
1214  */
1215 RPC_STATUS WINAPI I_RpcSend(PRPC_MESSAGE pMsg)
1216 {
1217   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1218   RpcConnection* conn;
1219   RPC_STATUS status;
1220   RpcPktHdr *hdr;
1221
1222   TRACE("(%p)\n", pMsg);
1223   if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1224
1225   conn = pMsg->ReservedForRuntime;
1226
1227   hdr = RPCRT4_BuildRequestHeader(pMsg->DataRepresentation,
1228                                   pMsg->BufferLength,
1229                                   pMsg->ProcNum & ~RPC_FLAGS_VALID_BIT,
1230                                   &bind->ObjectUuid);
1231   if (!hdr)
1232     return ERROR_OUTOFMEMORY;
1233   hdr->common.call_id = conn->NextCallId++;
1234
1235   status = RPCRT4_Send(conn, hdr, pMsg->Buffer, pMsg->BufferLength);
1236
1237   RPCRT4_FreeHeader(hdr);
1238
1239   if (status == RPC_S_OK && pMsg->RpcFlags & RPC_BUFFER_ASYNC)
1240   {
1241     if (!QueueUserWorkItem(async_notifier_proc, conn, WT_EXECUTEDEFAULT | WT_EXECUTELONGFUNCTION))
1242         status = RPC_S_OUT_OF_RESOURCES;
1243   }
1244
1245   return status;
1246 }
1247
1248 /* is this status something that the server can't recover from? */
1249 static inline BOOL is_hard_error(RPC_STATUS status)
1250 {
1251     switch (status)
1252     {
1253     case 0: /* user-defined fault */
1254     case ERROR_ACCESS_DENIED:
1255     case ERROR_INVALID_PARAMETER:
1256     case RPC_S_PROTOCOL_ERROR:
1257     case RPC_S_CALL_FAILED:
1258     case RPC_S_CALL_FAILED_DNE:
1259     case RPC_S_SEC_PKG_ERROR:
1260         return TRUE;
1261     default:
1262         return FALSE;
1263     }
1264 }
1265
1266 /***********************************************************************
1267  *           I_RpcReceive [RPCRT4.@]
1268  */
1269 RPC_STATUS WINAPI I_RpcReceive(PRPC_MESSAGE pMsg)
1270 {
1271   RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1272   RPC_STATUS status;
1273   RpcPktHdr *hdr = NULL;
1274   RpcConnection *conn;
1275
1276   TRACE("(%p)\n", pMsg);
1277   if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1278
1279   conn = pMsg->ReservedForRuntime;
1280   status = RPCRT4_Receive(conn, &hdr, pMsg);
1281   if (status != RPC_S_OK) {
1282     WARN("receive failed with error %lx\n", status);
1283     goto fail;
1284   }
1285
1286   switch (hdr->common.ptype) {
1287   case PKT_RESPONSE:
1288     break;
1289   case PKT_FAULT:
1290     ERR ("we got fault packet with status 0x%lx\n", hdr->fault.status);
1291     status = NCA2RPC_STATUS(hdr->fault.status);
1292     if (is_hard_error(status))
1293         goto fail;
1294     break;
1295   default:
1296     WARN("bad packet type %d\n", hdr->common.ptype);
1297     status = RPC_S_PROTOCOL_ERROR;
1298     goto fail;
1299   }
1300
1301   /* success */
1302   RPCRT4_FreeHeader(hdr);
1303   return status;
1304
1305 fail:
1306   RPCRT4_FreeHeader(hdr);
1307   RPCRT4_DestroyConnection(conn);
1308   pMsg->ReservedForRuntime = NULL;
1309   return status;
1310 }
1311
1312 /***********************************************************************
1313  *           I_RpcSendReceive [RPCRT4.@]
1314  *
1315  * Sends a message to the server and receives the response.
1316  *
1317  * PARAMS
1318  *  pMsg [I/O] RPC message information.
1319  *
1320  * RETURNS
1321  *  Success: RPC_S_OK.
1322  *  Failure: Any error code.
1323  *
1324  * NOTES
1325  *  The buffer must have been allocated with I_RpcGetBuffer().
1326  *
1327  * SEE ALSO
1328  *  I_RpcGetBuffer(), I_RpcSend(), I_RpcReceive().
1329  */
1330 RPC_STATUS WINAPI I_RpcSendReceive(PRPC_MESSAGE pMsg)
1331 {
1332   RPC_STATUS status;
1333   void *original_buffer;
1334
1335   TRACE("(%p)\n", pMsg);
1336
1337   original_buffer = pMsg->Buffer;
1338   status = I_RpcSend(pMsg);
1339   if (status == RPC_S_OK)
1340     status = I_RpcReceive(pMsg);
1341   /* free the buffer replaced by a new buffer in I_RpcReceive */
1342   if (status == RPC_S_OK)
1343     I_RpcFree(original_buffer);
1344   return status;
1345 }
1346
1347 /***********************************************************************
1348  *           I_RpcAsyncSetHandle [RPCRT4.@]
1349  *
1350  * Sets the asynchronous state of the handle contained in the RPC message
1351  * structure.
1352  *
1353  * PARAMS
1354  *  pMsg   [I] RPC Message structure.
1355  *  pAsync [I] Asynchronous state to set.
1356  *
1357  * RETURNS
1358  *  Success: RPC_S_OK.
1359  *  Failure: Any error code.
1360  */
1361 RPC_STATUS WINAPI I_RpcAsyncSetHandle(PRPC_MESSAGE pMsg, PRPC_ASYNC_STATE pAsync)
1362 {
1363     RpcBinding* bind = (RpcBinding*)pMsg->Handle;
1364     RpcConnection *conn;
1365
1366     TRACE("(%p, %p)\n", pMsg, pAsync);
1367
1368     if (!bind || bind->server || !pMsg->ReservedForRuntime) return RPC_S_INVALID_BINDING;
1369
1370     conn = pMsg->ReservedForRuntime;
1371     conn->async_state = pAsync;
1372
1373     return RPC_S_OK;
1374 }
1375
1376 /***********************************************************************
1377  *           I_RpcAsyncAbortCall [RPCRT4.@]
1378  *
1379  * Aborts an asynchronous call.
1380  *
1381  * PARAMS
1382  *  pAsync        [I] Asynchronous state.
1383  *  ExceptionCode [I] Exception code.
1384  *
1385  * RETURNS
1386  *  Success: RPC_S_OK.
1387  *  Failure: Any error code.
1388  */
1389 RPC_STATUS WINAPI I_RpcAsyncAbortCall(PRPC_ASYNC_STATE pAsync, ULONG ExceptionCode)
1390 {
1391     FIXME("(%p, %d): stub\n", pAsync, ExceptionCode);
1392     return RPC_S_INVALID_ASYNC_HANDLE;
1393 }