1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
24  * Copyright 2023 RackTop Systems, Inc.
25  */
26 
27 #ifndef	_LIBMLRPC_H
28 #define	_LIBMLRPC_H
29 
30 #include <sys/types.h>
31 #include <sys/uio.h>
32 
33 #include <smb/wintypes.h>
34 #include <libmlrpc/ndr.h>
35 
36 #ifdef	__cplusplus
37 extern "C" {
38 #endif
39 
40 /*
41  * An MSRPC compatible implementation of OSF DCE RPC.  DCE RPC is derived
42  * from the Apollo Network Computing Architecture (NCA) RPC implementation.
43  *
44  * CAE Specification (1997)
45  * DCE 1.1: Remote Procedure Call
46  * Document Number: C706
47  * The Open Group
48  * ogspecs@opengroup.org
49  *
50  * This implementation is based on the DCE Remote Procedure Call spec with
51  * enhancements to support Unicode strings.  The diagram below shows the
52  * DCE RPC layers compared against ONC SUN RPC.
53  *
54  *	NDR RPC Layers		Sun RPC Layers		Remark
55  *	+---------------+	+---------------+	+---------------+
56  *	+---------------+	+---------------+
57  *	| Application	|	| Application	|	The application
58  *	+---------------+	+---------------+
59  *	| Hand coded    |	| RPCGEN gen'd  |	Where the real
60  *	| client/server |	| client/server |	work happens
61  *	| srvsvc.ndl	|	| *_svc.c *_clnt|
62  *	| srvsvc.c	|	|               |
63  *	+---------------+	+---------------+
64  *	| RPC Library	|	| RPC Library   |	Calls/Return
65  *	| ndr_*.c       |	|               |	Binding/PMAP
66  *	+---------------+	+---------------+
67  *	| RPC Protocol	|	| RPC Protocol  |	Headers, Auth,
68  *	| rpcpdu.ndl    |	|               |
69  *	+---------------+	+---------------+
70  *	| IDL gen'd	|	| RPCGEN gen'd  |	Aggregate
71  *	| NDR stubs	|	| XDR stubs     |	Composition
72  *	| *__ndr.c      |	| *_xdr.c       |
73  *	+---------------+	+---------------+
74  *	| NDR Represen	|	| XDR Represen  |	Byte order, padding
75  *	+---------------+	+---------------+
76  *	| Packet Heaps  |	| Network Conn  |	DCERPC does not talk
77  *	| ndo_*.c       |	| clnt_{tcp,udp}|	directly to network.
78  *	+---------------+	+---------------+
79  *
80  * There are two major differences between the DCE RPC and ONC RPC:
81  *
82  * 1. NDR RPC only generates or processes packets from buffers.  Other
83  *    layers must take care of packet transmission and reception.
84  *    The packet heaps are managed through a simple interface provided
85  *    by the Network Data Representation (NDR) module called ndr_stream_t.
86  *    ndo_*.c modules implement the different flavors (operations) of
87  *    packet heaps.
88  *
89  *    ONC RPC communicates directly with the network.  You have to do
90  *    something special for the RPC packet to be placed in a buffer
91  *    rather than sent to the wire.
92  *
93  * 2. NDR RPC uses application provided heaps to support operations.
94  *    A heap is a single, monolithic chunk of memory that NDR RPC manages
95  *    as it allocates.  When the operation and its result are done, the
96  *    heap is disposed of as a single item.  The transaction, which
97  *    is the anchor of most operations, contains the necessary book-
98  *    keeping for the heap.
99  *
100  *    ONC RPC uses malloc() liberally throughout its run-time system.
101  *    To free results, ONC RPC supports an XDR_FREE operation that
102  *    traverses data structures freeing memory as it goes, whether
103  *    it was malloc'd or not.
104  */
105 
106 /*
107  * Dispatch Return Code (DRC)
108  *
109  *	0x8000	15:01	Set to indicate a fault, clear indicates status
110  *	0x7F00	08:07	Status/Fault specific
111  *	0x00FF	00:08	PTYPE_... of PDU, 0xFF for header
112  */
113 #define	NDR_DRC_OK				0x0000
114 #define	NDR_DRC_MASK_FAULT			0x8000
115 #define	NDR_DRC_MASK_SPECIFIER			0xFF00
116 #define	NDR_DRC_MASK_PTYPE			0x00FF
117 
118 /* Fake PTYPE DRC discriminators */
119 #define	NDR_DRC_PTYPE_RPCHDR(DRC)		((DRC) | 0x00FF)
120 #define	NDR_DRC_PTYPE_API(DRC)			((DRC) | 0x00AA)
121 #define	NDR_DRC_PTYPE_SEC(DRC)			((DRC) | 0x00CC)
122 
123 /* DRC Recognizers */
124 #define	NDR_DRC_IS_OK(DRC)	(((DRC) & NDR_DRC_MASK_SPECIFIER) == 0)
125 #define	NDR_DRC_IS_FAULT(DRC)	(((DRC) & NDR_DRC_MASK_FAULT) != 0)
126 
127 /*
128  * (Un)Marshalling category specifiers
129  */
130 #define	NDR_DRC_FAULT_MODE_MISMATCH		0x8100
131 #define	NDR_DRC_RECEIVED			0x0200
132 #define	NDR_DRC_FAULT_RECEIVED_RUNT		0x8300
133 #define	NDR_DRC_FAULT_RECEIVED_MALFORMED	0x8400
134 #define	NDR_DRC_DECODED				0x0500
135 #define	NDR_DRC_FAULT_DECODE_FAILED		0x8600
136 #define	NDR_DRC_ENCODED				0x0700
137 #define	NDR_DRC_FAULT_ENCODE_FAILED		0x8800
138 #define	NDR_DRC_FAULT_ENCODE_TOO_BIG		0x8900
139 #define	NDR_DRC_SENT				0x0A00
140 #define	NDR_DRC_FAULT_SEND_FAILED		0x8B00
141 
142 /*
143  * Resource category specifier
144  */
145 #define	NDR_DRC_FAULT_RESOURCE_1		0x9100
146 #define	NDR_DRC_FAULT_RESOURCE_2		0x9200
147 
148 /*
149  * Parameters. Usually #define'd with useful alias
150  */
151 #define	NDR_DRC_FAULT_PARAM_0_INVALID		0xC000
152 #define	NDR_DRC_FAULT_PARAM_0_UNIMPLEMENTED	0xD000
153 #define	NDR_DRC_FAULT_PARAM_1_INVALID		0xC100
154 #define	NDR_DRC_FAULT_PARAM_1_UNIMPLEMENTED	0xD100
155 #define	NDR_DRC_FAULT_PARAM_2_INVALID		0xC200
156 #define	NDR_DRC_FAULT_PARAM_2_UNIMPLEMENTED	0xD200
157 #define	NDR_DRC_FAULT_PARAM_3_INVALID		0xC300
158 #define	NDR_DRC_FAULT_PARAM_3_UNIMPLEMENTED	0xD300
159 #define	NDR_DRC_FAULT_PARAM_4_INVALID		0xC400
160 #define	NDR_DRC_FAULT_PARAM_4_UNIMPLEMENTED	0xD400
161 #define	NDR_DRC_FAULT_PARAM_5_INVALID		0xC500
162 #define	NDR_DRC_FAULT_PARAM_5_UNIMPLEMENTED	0xD500
163 
164 #define	NDR_DRC_FAULT_OUT_OF_MEMORY		0xF000
165 
166 /* RPCHDR */
167 #define	NDR_DRC_FAULT_RPCHDR_MODE_MISMATCH	0x81FF
168 #define	NDR_DRC_FAULT_RPCHDR_RECEIVED_RUNT	0x83FF
169 #define	NDR_DRC_FAULT_RPCHDR_DECODE_FAILED	0x86FF
170 #define	NDR_DRC_FAULT_RPCHDR_PTYPE_INVALID	0xC0FF	/* PARAM_0_INVALID */
171 #define	NDR_DRC_FAULT_RPCHDR_PTYPE_UNIMPLEMENTED 0xD0FF	/* PARAM_0_UNIMP */
172 
173 /* Request */
174 #define	NDR_DRC_FAULT_REQUEST_PCONT_INVALID	0xC000	/* PARAM_0_INVALID */
175 #define	NDR_DRC_FAULT_REQUEST_OPNUM_INVALID	0xC100	/* PARAM_1_INVALID */
176 
177 /* Bind */
178 #define	NDR_DRC_BINDING_MADE			0x000B	/* OK */
179 #define	NDR_DRC_FAULT_BIND_PCONT_BUSY		0xC00B	/* PARAM_0_INVALID */
180 #define	NDR_DRC_FAULT_BIND_UNKNOWN_SERVICE	0xC10B	/* PARAM_1_INVALID */
181 #define	NDR_DRC_FAULT_BIND_NO_SLOTS		0x910B	/* RESOURCE_1 */
182 
183 /* API */
184 #define	NDR_DRC_FAULT_API_SERVICE_INVALID	0xC0AA	/* PARAM_0_INVALID */
185 #define	NDR_DRC_FAULT_API_BIND_NO_SLOTS		0x91AA	/* RESOURCE_1 */
186 #define	NDR_DRC_FAULT_API_OPNUM_INVALID		0xC1AA	/* PARAM_1_INVALID */
187 
188 /* Secure RPC and SSPs */
189 #define	NDR_DRC_FAULT_SEC_TYPE_UNIMPLEMENTED	\
190     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_0_UNIMPLEMENTED)
191 #define	NDR_DRC_FAULT_SEC_LEVEL_UNIMPLEMENTED	\
192     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_1_UNIMPLEMENTED)
193 #define	NDR_DRC_FAULT_SEC_SSP_FAILED		\
194     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_RESOURCE_1)
195 #define	NDR_DRC_FAULT_SEC_ENCODE_TOO_BIG	\
196     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_ENCODE_TOO_BIG)
197 #define	NDR_DRC_FAULT_SEC_AUTH_LENGTH_INVALID	\
198     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_2_INVALID)
199 #define	NDR_DRC_FAULT_SEC_AUTH_TYPE_INVALID	\
200     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_0_INVALID)
201 #define	NDR_DRC_FAULT_SEC_AUTH_LEVEL_INVALID	\
202     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_1_INVALID)
203 #define	NDR_DRC_FAULT_SEC_OUT_OF_MEMORY		\
204     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_OUT_OF_MEMORY)
205 #define	NDR_DRC_FAULT_SEC_ENCODE_FAILED		\
206     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_ENCODE_FAILED)
207 #define	NDR_DRC_FAULT_SEC_META_INVALID		\
208     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_3_INVALID)
209 #define	NDR_DRC_FAULT_SEC_SEQNUM_INVALID	\
210     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_4_INVALID)
211 #define	NDR_DRC_FAULT_SEC_SIG_INVALID		\
212     NDR_DRC_PTYPE_SEC(NDR_DRC_FAULT_PARAM_5_INVALID)
213 
214 struct ndr_xa;
215 struct ndr_client;
216 
217 typedef struct ndr_stub_table {
218 	int		(*func)(void *, struct ndr_xa *);
219 	unsigned short	opnum;
220 } ndr_stub_table_t;
221 
222 typedef struct ndr_service {
223 	char		*name;
224 	char		*desc;
225 	char		*endpoint;
226 	char		*sec_addr_port;
227 	char		*abstract_syntax_uuid;
228 	int		abstract_syntax_version;
229 	char		*transfer_syntax_uuid;
230 	int		transfer_syntax_version;
231 	unsigned	bind_instance_size;
232 	int		(*bind_req)();
233 	int		(*unbind_and_close)();
234 	int		(*call_stub)(struct ndr_xa *);
235 	ndr_typeinfo_t	*interface_ti;
236 	ndr_stub_table_t *stub_table;
237 } ndr_service_t;
238 
239 /*
240  * The list of bindings is anchored at a connection.  Nothing in the
241  * RPC mechanism allocates them.  Binding elements which have service==0
242  * indicate free elements.  When a connection is instantiated, at least
243  * one free binding entry should also be established.  Something like
244  * this should suffice for most (all) situations:
245  *
246  *	struct connection {
247  *		....
248  *		ndr_binding_t *binding_list_head;
249  *		ndr_binding_t binding_pool[N_BINDING_POOL];
250  *		....
251  *	};
252  *
253  *	init_connection(struct connection *conn) {
254  *		....
255  *		ndr_svc_binding_pool_init(&conn->binding_list_head,
256  *		    conn->binding_pool, N_BINDING_POOL);
257  */
258 typedef struct ndr_binding {
259 	struct ndr_binding	*next;
260 	ndr_p_context_id_t	p_cont_id;
261 	unsigned char		which_side;
262 	struct ndr_client	*clnt;
263 	ndr_service_t		*service;
264 	void			*instance_specific;
265 } ndr_binding_t;
266 
267 #define	NDR_BIND_SIDE_CLIENT	1
268 #define	NDR_BIND_SIDE_SERVER	2
269 
270 #define	NDR_BINDING_TO_SPECIFIC(BINDING, TYPE) \
271 	((TYPE *) (BINDING)->instance_specific)
272 
273 /*
274  * The binding list space must be provided by the application library
275  * for use by the underlying RPC library.  We need at least two binding
276  * slots per connection.
277  */
278 #define	NDR_N_BINDING_POOL	2
279 
280 typedef struct ndr_pipe {
281 	void			*np_listener;
282 	const char		*np_endpoint;
283 	struct smb_netuserinfo	*np_user;
284 	int			(*np_send)(struct ndr_pipe *, void *, size_t);
285 	int			(*np_recv)(struct ndr_pipe *, void *, size_t);
286 	int			np_fid;
287 	uint16_t		np_max_xmit_frag;
288 	uint16_t		np_max_recv_frag;
289 	ndr_binding_t		*np_binding;
290 	ndr_binding_t		np_binding_pool[NDR_N_BINDING_POOL];
291 } ndr_pipe_t;
292 
293 /*
294  * Number of bytes required to align SIZE on the next dword/4-byte
295  * boundary.
296  */
297 #define	NDR_ALIGN4(SIZE)	((4 - (SIZE)) & 3);
298 
299 /*
300  * DCE RPC strings (CAE section 14.3.4) are represented as varying or varying
301  * and conformant one-dimensional arrays. Characters can be single-byte
302  * or multi-byte as long as all characters conform to a fixed element size,
303  * i.e. UCS-2 is okay but UTF-8 is not a valid DCE RPC string format. The
304  * string is terminated by a null character of the appropriate element size.
305  *
306  * MSRPC strings should always be varying/conformant and not null terminated.
307  * This format uses the size_is, first_is and length_is attributes (CAE
308  * section 4.2.18).
309  *
310  *	typedef struct string {
311  *		DWORD size_is;
312  *		DWORD first_is;
313  *		DWORD length_is;
314  *		wchar_t string[ANY_SIZE_ARRAY];
315  *	} string_t;
316  *
317  * The size_is attribute is used to specify the number of data elements in
318  * each dimension of an array.
319  *
320  * The first_is attribute is used to define the lower bound for significant
321  * elements in each dimension of an array. For strings this is always 0.
322  *
323  * The length_is attribute is used to define the number of significant
324  * elements in each dimension of an array. For strings this is typically
325  * the same as size_is. Although it might be (size_is - 1) if the string
326  * is null terminated.
327  *
328  *   4 bytes   4 bytes   4 bytes  2bytes 2bytes 2bytes 2bytes
329  * +---------+---------+---------+------+------+------+------+
330  * |size_is  |first_is |length_is| char | char | char | char |
331  * +---------+---------+---------+------+------+------+------+
332  *
333  * Unfortunately, not all MSRPC Unicode strings are null terminated, which
334  * means that the recipient has to manually null-terminate the string after
335  * it has been unmarshalled.  There may be a wide-char pad following a
336  * string, and it may sometimes contains zero, but it's not guaranteed.
337  *
338  * To deal with this, MSRPC sometimes uses an additional wrapper with two
339  * more fields, as shown below.
340  *	length: the array length in bytes excluding terminating null bytes
341  *	maxlen: the array length in bytes including null terminator bytes
342  *	LPTSTR: converted to a string_t by NDR
343  *
344  * typedef struct ms_string {
345  *		WORD length;
346  *		WORD maxlen;
347  *		LPTSTR str;
348  * } ms_string_t;
349  */
350 typedef struct ndr_mstring {
351 	uint16_t length;
352 	uint16_t allosize;
353 	LPTSTR str;
354 } ndr_mstring_t;
355 
356 /*
357  * A number of heap areas are used during marshalling and unmarshalling.
358  * Under some circumstances these areas can be discarded by the library
359  * code, i.e. on the server side before returning to the client and on
360  * completion of a client side bind.  In the case of a client side RPC
361  * call, these areas must be preserved after an RPC returns to give the
362  * caller time to take a copy of the data.  In this case the client must
363  * call ndr_clnt_free_heap to free the memory.
364  *
365  * The heap management data definition looks a bit like this:
366  *
367  * heap -> +---------------+     +------------+
368  *         | iovec[0].base | --> | data block |
369  *         | iovec[0].len  |     +------------+
370  *         +---------------+
371  *                ::
372  *                ::
373  * iov  -> +---------------+     +------------+
374  *         | iovec[n].base | --> | data block |
375  *         | iovec[n].len  |     +------------+
376  *         +---------------+     ^            ^
377  *                               |            |
378  *    next ----------------------+            |
379  *    top  -----------------------------------+
380  *
381  */
382 
383 /*
384  * Setting MAXIOV to 384 will use ((8 * 384) + 16) = 3088 bytes
385  * of the first heap block.
386  */
387 #define	NDR_HEAP_MAXIOV		384
388 #define	NDR_HEAP_BLKSZ		8192
389 
390 typedef struct ndr_heap {
391 	struct iovec iovec[NDR_HEAP_MAXIOV];
392 	struct iovec *iov;
393 	int iovcnt;
394 	char *top;
395 	char *next;
396 } ndr_heap_t;
397 
398 /*
399  * Alternate varying/conformant string definition
400  * - for non-null-terminated strings.
401  */
402 typedef struct ndr_vcs {
403 	/*
404 	 * size_is (actually a copy of length_is) will
405 	 * be inserted here by the marshalling library.
406 	 */
407 	uint32_t vc_first_is;
408 	uint32_t vc_length_is;
409 	uint16_t buffer[ANY_SIZE_ARRAY];
410 } ndr_vcs_t;
411 
412 typedef struct ndr_vcstr {
413 	uint16_t wclen;
414 	uint16_t wcsize;
415 	ndr_vcs_t *vcs;
416 } ndr_vcstr_t;
417 
418 typedef struct ndr_vcb {
419 	/*
420 	 * size_is (actually a copy of length_is) will
421 	 * be inserted here by the marshalling library.
422 	 */
423 	uint32_t vc_first_is;
424 	uint32_t vc_length_is;
425 	uint8_t buffer[ANY_SIZE_ARRAY];
426 } ndr_vcb_t;
427 
428 typedef struct ndr_vcbuf {
429 	uint16_t len;
430 	uint16_t size;
431 	ndr_vcb_t *vcb;
432 } ndr_vcbuf_t;
433 
434 ndr_heap_t *ndr_heap_create(void);
435 void ndr_heap_destroy(ndr_heap_t *);
436 void *ndr_heap_dupmem(ndr_heap_t *, const void *, size_t);
437 void *ndr_heap_malloc(ndr_heap_t *, unsigned);
438 void *ndr_heap_strdup(ndr_heap_t *, const char *);
439 int ndr_heap_mstring(ndr_heap_t *, const char *, ndr_mstring_t *);
440 void ndr_heap_mkvcs(ndr_heap_t *, char *, ndr_vcstr_t *);
441 void ndr_heap_mkvcb(ndr_heap_t *, uint8_t *, uint32_t, ndr_vcbuf_t *);
442 int ndr_heap_used(ndr_heap_t *);
443 int ndr_heap_avail(ndr_heap_t *);
444 
445 #define	NDR_MALLOC(XA, SZ)	ndr_heap_malloc((XA)->heap, SZ)
446 #define	NDR_NEW(XA, T)		ndr_heap_malloc((XA)->heap, sizeof (T))
447 #define	NDR_NEWN(XA, T, N)	ndr_heap_malloc((XA)->heap, sizeof (T)*(N))
448 #define	NDR_STRDUP(XA, S)	ndr_heap_strdup((XA)->heap, (S))
449 #define	NDR_MSTRING(XA, S, OUT)	ndr_heap_mstring((XA)->heap, (S), (OUT))
450 #define	NDR_SIDDUP(XA, S)	ndr_heap_dupmem((XA)->heap, (S), smb_sid_len(S))
451 
452 typedef struct ndr_xa {
453 	unsigned short		ptype;		/* high bits special */
454 	unsigned short		opnum;
455 	ndr_stream_t		recv_nds;
456 	ndr_hdr_t		recv_hdr;
457 	ndr_sec_t		recv_auth;
458 	ndr_stream_t		send_nds;
459 	ndr_hdr_t		send_hdr;
460 	ndr_sec_t		send_auth;
461 	ndr_binding_t		*binding;	/* what we're using */
462 	ndr_binding_t		*binding_list;	/* from connection */
463 	ndr_heap_t		*heap;
464 	ndr_pipe_t		*pipe;
465 } ndr_xa_t;
466 
467 typedef struct ndr_auth_ops {
468 	int (*nao_init)(void *, ndr_xa_t *);
469 	int (*nao_recv)(void *, ndr_xa_t *);
470 	int (*nao_sign)(void *, ndr_xa_t *);
471 	int (*nao_verify)(void *, ndr_xa_t *, boolean_t);
472 	int (*nao_encrypt)(void *, ndr_xa_t *);
473 	int (*nao_decrypt)(void *, ndr_xa_t *, boolean_t);
474 } ndr_auth_ops_t;
475 
476 /*
477  * A client provides this structure during bind to indicate
478  * that the RPC runtime should use "Secure RPC" (RPC-level auth).
479  *
480  * Currently, only NETLOGON uses this, and only NETLOGON-based
481  * Integrity protection is supported.
482  */
483 typedef struct ndr_auth_ctx {
484 	ndr_auth_ops_t		auth_ops;
485 	void			*auth_ctx; /* SSP-specific context */
486 	uint32_t		auth_context_id;
487 	uint8_t			auth_type;
488 	uint8_t			auth_level;
489 	boolean_t		auth_verify_resp;
490 } ndr_auth_ctx_t;
491 
492 /*
493  * 20-byte opaque id used by various RPC services.
494  */
495 CONTEXT_HANDLE(ndr_hdid) ndr_hdid_t;
496 
497 typedef struct ndr_client {
498 	/* transport stuff (xa_* members) */
499 	int (*xa_init)(struct ndr_client *, ndr_xa_t *);
500 	int (*xa_exchange)(struct ndr_client *, ndr_xa_t *);
501 	int (*xa_read)(struct ndr_client *, ndr_xa_t *);
502 	void (*xa_preserve)(struct ndr_client *, ndr_xa_t *);
503 	void (*xa_destruct)(struct ndr_client *, ndr_xa_t *);
504 	void (*xa_release)(struct ndr_client *);
505 	void			*xa_private;
506 	int			xa_fd;
507 
508 	ndr_hdid_t		*handle;
509 	ndr_binding_t		*binding;
510 	ndr_binding_t		*binding_list;
511 	ndr_binding_t		binding_pool[NDR_N_BINDING_POOL];
512 
513 	boolean_t		nonull;
514 	boolean_t		heap_preserved;
515 	ndr_heap_t		*heap;
516 	ndr_stream_t		*recv_nds;
517 	ndr_stream_t		*send_nds;
518 
519 	uint32_t		next_call_id;
520 	unsigned		next_p_cont_id;
521 
522 	ndr_auth_ctx_t		auth_ctx;
523 } ndr_client_t;
524 
525 typedef struct ndr_handle {
526 	ndr_hdid_t		nh_id;
527 	struct ndr_handle	*nh_next;
528 	ndr_pipe_t		*nh_pipe;
529 	const ndr_service_t	*nh_svc;
530 	ndr_client_t		*nh_clnt;
531 	void			*nh_data;
532 	void			(*nh_data_free)(void *);
533 } ndr_handle_t;
534 
535 #define	NDR_PDU_SIZE_HINT_DEFAULT	(16*1024)
536 #define	NDR_BUF_MAGIC			0x4E425546	/* NBUF */
537 
538 typedef struct ndr_buf {
539 	uint32_t		nb_magic;
540 	ndr_stream_t		nb_nds;
541 	ndr_heap_t		*nb_heap;
542 	ndr_typeinfo_t		*nb_ti;
543 } ndr_buf_t;
544 
545 /* ndr_ops.c */
546 int nds_initialize(ndr_stream_t *, unsigned, int, ndr_heap_t *);
547 void nds_destruct(ndr_stream_t *);
548 void nds_show_state(ndr_stream_t *);
549 
550 /* ndr_client.c */
551 int ndr_clnt_bind(ndr_client_t *, ndr_service_t *, ndr_binding_t **);
552 int ndr_clnt_call(ndr_binding_t *, int, void *);
553 void ndr_clnt_free_heap(ndr_client_t *);
554 
555 /* ndr_marshal.c */
556 ndr_buf_t *ndr_buf_init(ndr_typeinfo_t *);
557 void ndr_buf_fini(ndr_buf_t *);
558 int ndr_buf_decode(ndr_buf_t *, unsigned, unsigned, const char *data, size_t,
559     void *);
560 int ndr_decode_call(ndr_xa_t *, void *);
561 int ndr_encode_return(ndr_xa_t *, void *);
562 int ndr_encode_call(ndr_xa_t *, void *);
563 int ndr_decode_return(ndr_xa_t *, void *);
564 int ndr_decode_pdu_hdr(ndr_xa_t *);
565 int ndr_encode_pdu_hdr(ndr_xa_t *);
566 void ndr_decode_frag_hdr(ndr_stream_t *, ndr_common_header_t *);
567 void ndr_remove_frag_hdr(ndr_stream_t *);
568 void ndr_show_hdr(ndr_common_header_t *);
569 unsigned ndr_bind_ack_hdr_size(ndr_xa_t *);
570 unsigned ndr_alter_context_rsp_hdr_size(void);
571 int ndr_decode_pdu_auth(ndr_xa_t *);
572 int ndr_encode_pdu_auth(ndr_xa_t *);
573 void ndr_show_auth(ndr_sec_t *);
574 
575 /*
576  * MS-RPCE "Secure RPC" (RPC-level auth).
577  * These call the functions in ndr_auth_ops_t, which should be
578  * GSSAPI (or equivalent) calls.
579  */
580 int ndr_add_sec_context(ndr_auth_ctx_t *, ndr_xa_t *);
581 int ndr_recv_sec_context(ndr_auth_ctx_t *, ndr_xa_t *);
582 int ndr_add_auth(ndr_auth_ctx_t *, ndr_xa_t *);
583 int ndr_check_auth(ndr_auth_ctx_t *, ndr_xa_t *);
584 
585 /* ndr_server.c */
586 void ndr_pipe_worker(ndr_pipe_t *);
587 
588 int ndr_generic_call_stub(ndr_xa_t *);
589 
590 /* ndr_svc.c */
591 ndr_stub_table_t *ndr_svc_find_stub(ndr_service_t *, int);
592 ndr_service_t *ndr_svc_lookup_name(const char *);
593 ndr_service_t *ndr_svc_lookup_uuid(ndr_uuid_t *, int, ndr_uuid_t *, int);
594 int ndr_svc_register(ndr_service_t *);
595 void ndr_svc_unregister(ndr_service_t *);
596 void ndr_svc_binding_pool_init(ndr_binding_t **, ndr_binding_t pool[], int);
597 ndr_binding_t *ndr_svc_find_binding(ndr_xa_t *, ndr_p_context_id_t);
598 ndr_binding_t *ndr_svc_new_binding(ndr_xa_t *);
599 
600 int ndr_uuid_parse(char *, ndr_uuid_t *);
601 void ndr_uuid_unparse(ndr_uuid_t *, char *);
602 
603 ndr_hdid_t *ndr_hdalloc(const ndr_xa_t *, const void *);
604 void ndr_hdfree(const ndr_xa_t *, const ndr_hdid_t *);
605 ndr_handle_t *ndr_hdlookup(const ndr_xa_t *, const ndr_hdid_t *);
606 void ndr_hdclose(ndr_pipe_t *);
607 
608 ssize_t ndr_uiomove(caddr_t, size_t, enum uio_rw, struct uio *);
609 
610 /*
611  * An ndr_client_t is created while binding a client connection to hold
612  * the context for calls made using that connection.
613  *
614  * Handles are RPC call specific and we use an inheritance mechanism to
615  * ensure that each handle has a pointer to the client_t.  When the top
616  * level (bind) handle is released, we close the connection.
617  *
618  * There are some places in libmlsvc where the code assumes that the
619  * handle member is first in this struct. Careful!
620  *
621  * Note that this entire structure is bzero()'d once the ndr_client_t
622  * has been created.
623  */
624 typedef struct mlrpc_handle {
625 	ndr_hdid_t	handle;		/* keep first */
626 	ndr_client_t	*clnt;
627 } mlrpc_handle_t;
628 
629 int mlrpc_clh_create(mlrpc_handle_t *, void *);
630 uint32_t mlrpc_clh_set_auth(mlrpc_handle_t *, ndr_auth_ctx_t *);
631 uint32_t mlrpc_clh_bind(mlrpc_handle_t *, ndr_service_t *);
632 void mlrpc_clh_unbind(mlrpc_handle_t *);
633 void *mlrpc_clh_free(mlrpc_handle_t *);
634 
635 int ndr_rpc_call(mlrpc_handle_t *, int, void *);
636 int ndr_rpc_get_ssnkey(mlrpc_handle_t *, unsigned char *, size_t);
637 void *ndr_rpc_malloc(mlrpc_handle_t *, size_t);
638 ndr_heap_t *ndr_rpc_get_heap(mlrpc_handle_t *);
639 void ndr_rpc_release(mlrpc_handle_t *);
640 void ndr_rpc_set_nonull(mlrpc_handle_t *);
641 
642 boolean_t ndr_is_null_handle(mlrpc_handle_t *);
643 boolean_t ndr_is_bind_handle(mlrpc_handle_t *);
644 void ndr_inherit_handle(mlrpc_handle_t *, mlrpc_handle_t *);
645 
646 #ifdef	__cplusplus
647 }
648 #endif
649 
650 #endif	/* _LIBMLRPC_H */
651